Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
finish removing deprecated/obsolete commands
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41
42 /* command handler forward declarations */
43 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
44 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51
52 /**
53 * Clear watchpoints for an ARM7/9 target.
54 *
55 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
56 * @return JTAG error status after executing queue
57 */
58 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
59 {
60 LOG_DEBUG("-");
61 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
63 arm7_9->sw_breakpoint_count = 0;
64 arm7_9->sw_breakpoints_added = 0;
65 arm7_9->wp0_used = 0;
66 arm7_9->wp1_used = arm7_9->wp1_used_default;
67 arm7_9->wp_available = arm7_9->wp_available_max;
68
69 return jtag_execute_queue();
70 }
71
72 /**
73 * Assign a watchpoint to one of the two available hardware comparators in an
74 * ARM7 or ARM9 target.
75 *
76 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
77 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 */
79 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
80 {
81 if (!arm7_9->wp0_used)
82 {
83 arm7_9->wp0_used = 1;
84 breakpoint->set = 1;
85 arm7_9->wp_available--;
86 }
87 else if (!arm7_9->wp1_used)
88 {
89 arm7_9->wp1_used = 1;
90 breakpoint->set = 2;
91 arm7_9->wp_available--;
92 }
93 else
94 {
95 LOG_ERROR("BUG: no hardware comparator available");
96 }
97 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
98 breakpoint->unique_id,
99 breakpoint->address,
100 breakpoint->set );
101 }
102
103 /**
104 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
105 *
106 * @param arm7_9 Pointer to common struct for ARM7/9 targets
107 * @return Error codes if there is a problem finding a watchpoint or the result
108 * of executing the JTAG queue
109 */
110 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
111 {
112 if (arm7_9->sw_breakpoints_added)
113 {
114 return ERROR_OK;
115 }
116 if (arm7_9->wp_available < 1)
117 {
118 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
119 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
120 }
121 arm7_9->wp_available--;
122
123 /* pick a breakpoint unit */
124 if (!arm7_9->wp0_used)
125 {
126 arm7_9->sw_breakpoints_added = 1;
127 arm7_9->wp0_used = 3;
128 } else if (!arm7_9->wp1_used)
129 {
130 arm7_9->sw_breakpoints_added = 2;
131 arm7_9->wp1_used = 3;
132 }
133 else
134 {
135 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
136 return ERROR_FAIL;
137 }
138
139 if (arm7_9->sw_breakpoints_added == 1)
140 {
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
146 }
147 else if (arm7_9->sw_breakpoints_added == 2)
148 {
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
154 }
155 else
156 {
157 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
158 return ERROR_FAIL;
159 }
160 LOG_DEBUG("SW BP using hw wp: %d",
161 arm7_9->sw_breakpoints_added );
162
163 return jtag_execute_queue();
164 }
165
166 /**
167 * Setup the common pieces for an ARM7/9 target after reset or on startup.
168 *
169 * @param target Pointer to an ARM7/9 target to setup
170 * @return Result of clearing the watchpoints on the target
171 */
172 int arm7_9_setup(target_t *target)
173 {
174 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
175
176 return arm7_9_clear_watchpoints(arm7_9);
177 }
178
179 /**
180 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
181 * targets. A return of ERROR_OK signifies that the target is a valid target
182 * and that the pointers have been set properly.
183 *
184 * @param target Pointer to the target device to get the pointers from
185 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
186 * targets
187 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
188 * targets
189 * @return ERROR_OK if successful
190 */
191 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
192 {
193 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
194 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
195
196 /* FIXME stop using this routine; just target_to_arm7_9() and
197 * verify the resulting pointer using a replacement routine
198 * that emits a usage message.
199 */
200 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
201 return ERROR_TARGET_INVALID;
202
203 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
204 return ERROR_TARGET_INVALID;
205
206 *armv4_5_p = armv4_5;
207 *arm7_9_p = arm7_9;
208
209 return ERROR_OK;
210 }
211
212 /**
213 * Set either a hardware or software breakpoint on an ARM7/9 target. The
214 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
215 * might have erased the values in Embedded ICE.
216 *
217 * @param target Pointer to the target device to set the breakpoints on
218 * @param breakpoint Pointer to the breakpoint to be set
219 * @return For hardware breakpoints, this is the result of executing the JTAG
220 * queue. For software breakpoints, this will be the status of the
221 * required memory reads and writes
222 */
223 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
224 {
225 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
226 int retval = ERROR_OK;
227
228 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
229 breakpoint->unique_id,
230 breakpoint->address,
231 breakpoint->type);
232
233 if (target->state != TARGET_HALTED)
234 {
235 LOG_WARNING("target not halted");
236 return ERROR_TARGET_NOT_HALTED;
237 }
238
239 if (breakpoint->type == BKPT_HARD)
240 {
241 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
242 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
243
244 /* reassign a hw breakpoint */
245 if (breakpoint->set == 0)
246 {
247 arm7_9_assign_wp(arm7_9, breakpoint);
248 }
249
250 if (breakpoint->set == 1)
251 {
252 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
257 }
258 else if (breakpoint->set == 2)
259 {
260 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
261 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
265 }
266 else
267 {
268 LOG_ERROR("BUG: no hardware comparator available");
269 return ERROR_OK;
270 }
271
272 retval = jtag_execute_queue();
273 }
274 else if (breakpoint->type == BKPT_SOFT)
275 {
276 /* did we already set this breakpoint? */
277 if (breakpoint->set)
278 return ERROR_OK;
279
280 if (breakpoint->length == 4)
281 {
282 uint32_t verify = 0xffffffff;
283 /* keep the original instruction in target endianness */
284 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
285 {
286 return retval;
287 }
288 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
289 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
290 {
291 return retval;
292 }
293
294 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
295 {
296 return retval;
297 }
298 if (verify != arm7_9->arm_bkpt)
299 {
300 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
301 return ERROR_OK;
302 }
303 }
304 else
305 {
306 uint16_t verify = 0xffff;
307 /* keep the original instruction in target endianness */
308 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
309 {
310 return retval;
311 }
312 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
313 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
314 {
315 return retval;
316 }
317
318 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
319 {
320 return retval;
321 }
322 if (verify != arm7_9->thumb_bkpt)
323 {
324 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
325 return ERROR_OK;
326 }
327 }
328
329 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
330 return retval;
331
332 arm7_9->sw_breakpoint_count++;
333
334 breakpoint->set = 1;
335 }
336
337 return retval;
338 }
339
340 /**
341 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
342 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
343 * will be updated. Otherwise, the software breakpoint will be restored to its
344 * original instruction if it hasn't already been modified.
345 *
346 * @param target Pointer to ARM7/9 target to unset the breakpoint from
347 * @param breakpoint Pointer to breakpoint to be unset
348 * @return For hardware breakpoints, this is the result of executing the JTAG
349 * queue. For software breakpoints, this will be the status of the
350 * required memory reads and writes
351 */
352 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
353 {
354 int retval = ERROR_OK;
355 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
356
357 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
358 breakpoint->unique_id,
359 breakpoint->address );
360
361 if (!breakpoint->set)
362 {
363 LOG_WARNING("breakpoint not set");
364 return ERROR_OK;
365 }
366
367 if (breakpoint->type == BKPT_HARD)
368 {
369 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
370 breakpoint->unique_id,
371 breakpoint->set );
372 if (breakpoint->set == 1)
373 {
374 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
375 arm7_9->wp0_used = 0;
376 arm7_9->wp_available++;
377 }
378 else if (breakpoint->set == 2)
379 {
380 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
381 arm7_9->wp1_used = 0;
382 arm7_9->wp_available++;
383 }
384 retval = jtag_execute_queue();
385 breakpoint->set = 0;
386 }
387 else
388 {
389 /* restore original instruction (kept in target endianness) */
390 if (breakpoint->length == 4)
391 {
392 uint32_t current_instr;
393 /* check that user program as not modified breakpoint instruction */
394 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
395 {
396 return retval;
397 }
398 if (current_instr == arm7_9->arm_bkpt)
399 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 }
404 else
405 {
406 uint16_t current_instr;
407 /* check that user program as not modified breakpoint instruction */
408 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
409 {
410 return retval;
411 }
412 if (current_instr == arm7_9->thumb_bkpt)
413 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 }
418
419 if (--arm7_9->sw_breakpoint_count==0)
420 {
421 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
422 if (arm7_9->sw_breakpoints_added == 1)
423 {
424 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
425 }
426 else if (arm7_9->sw_breakpoints_added == 2)
427 {
428 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
429 }
430 }
431
432 breakpoint->set = 0;
433 }
434
435 return retval;
436 }
437
438 /**
439 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
440 * dangling breakpoints and that the desired breakpoint can be added.
441 *
442 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
443 * @param breakpoint Pointer to the breakpoint to be added
444 * @return An error status if there is a problem adding the breakpoint or the
445 * result of setting the breakpoint
446 */
447 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
448 {
449 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
450
451 if (target->state != TARGET_HALTED)
452 {
453 LOG_WARNING("target not halted");
454 return ERROR_TARGET_NOT_HALTED;
455 }
456
457 if (arm7_9->breakpoint_count == 0)
458 {
459 /* make sure we don't have any dangling breakpoints. This is vital upon
460 * GDB connect/disconnect
461 */
462 arm7_9_clear_watchpoints(arm7_9);
463 }
464
465 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
466 {
467 LOG_INFO("no watchpoint unit available for hardware breakpoint");
468 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
469 }
470
471 if ((breakpoint->length != 2) && (breakpoint->length != 4))
472 {
473 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
474 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
475 }
476
477 if (breakpoint->type == BKPT_HARD)
478 {
479 arm7_9_assign_wp(arm7_9, breakpoint);
480 }
481
482 arm7_9->breakpoint_count++;
483
484 return arm7_9_set_breakpoint(target, breakpoint);
485 }
486
487 /**
488 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
489 * dangling breakpoints and updates available watchpoints if it is a hardware
490 * breakpoint.
491 *
492 * @param target Pointer to the target to have a breakpoint removed
493 * @param breakpoint Pointer to the breakpoint to be removed
494 * @return Error status if there was a problem unsetting the breakpoint or the
495 * watchpoints could not be cleared
496 */
497 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
498 {
499 int retval = ERROR_OK;
500 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
501
502 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
503 {
504 return retval;
505 }
506
507 if (breakpoint->type == BKPT_HARD)
508 arm7_9->wp_available++;
509
510 arm7_9->breakpoint_count--;
511 if (arm7_9->breakpoint_count == 0)
512 {
513 /* make sure we don't have any dangling breakpoints */
514 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
515 {
516 return retval;
517 }
518 }
519
520 return ERROR_OK;
521 }
522
523 /**
524 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
525 * considered a bug to call this function when there are no available watchpoint
526 * units.
527 *
528 * @param target Pointer to an ARM7/9 target to set a watchpoint on
529 * @param watchpoint Pointer to the watchpoint to be set
530 * @return Error status if watchpoint set fails or the result of executing the
531 * JTAG queue
532 */
533 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
534 {
535 int retval = ERROR_OK;
536 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
537 int rw_mask = 1;
538 uint32_t mask;
539
540 mask = watchpoint->length - 1;
541
542 if (target->state != TARGET_HALTED)
543 {
544 LOG_WARNING("target not halted");
545 return ERROR_TARGET_NOT_HALTED;
546 }
547
548 if (watchpoint->rw == WPT_ACCESS)
549 rw_mask = 0;
550 else
551 rw_mask = 1;
552
553 if (!arm7_9->wp0_used)
554 {
555 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
556 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
557 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
558 if (watchpoint->mask != 0xffffffffu)
559 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
560 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
561 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
562
563 if ((retval = jtag_execute_queue()) != ERROR_OK)
564 {
565 return retval;
566 }
567 watchpoint->set = 1;
568 arm7_9->wp0_used = 2;
569 }
570 else if (!arm7_9->wp1_used)
571 {
572 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
573 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
574 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
575 if (watchpoint->mask != 0xffffffffu)
576 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
577 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
578 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
579
580 if ((retval = jtag_execute_queue()) != ERROR_OK)
581 {
582 return retval;
583 }
584 watchpoint->set = 2;
585 arm7_9->wp1_used = 2;
586 }
587 else
588 {
589 LOG_ERROR("BUG: no hardware comparator available");
590 return ERROR_OK;
591 }
592
593 return ERROR_OK;
594 }
595
596 /**
597 * Unset an existing watchpoint and clear the used watchpoint unit.
598 *
599 * @param target Pointer to the target to have the watchpoint removed
600 * @param watchpoint Pointer to the watchpoint to be removed
601 * @return Error status while trying to unset the watchpoint or the result of
602 * executing the JTAG queue
603 */
604 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
605 {
606 int retval = ERROR_OK;
607 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
608
609 if (target->state != TARGET_HALTED)
610 {
611 LOG_WARNING("target not halted");
612 return ERROR_TARGET_NOT_HALTED;
613 }
614
615 if (!watchpoint->set)
616 {
617 LOG_WARNING("breakpoint not set");
618 return ERROR_OK;
619 }
620
621 if (watchpoint->set == 1)
622 {
623 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
624 if ((retval = jtag_execute_queue()) != ERROR_OK)
625 {
626 return retval;
627 }
628 arm7_9->wp0_used = 0;
629 }
630 else if (watchpoint->set == 2)
631 {
632 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
633 if ((retval = jtag_execute_queue()) != ERROR_OK)
634 {
635 return retval;
636 }
637 arm7_9->wp1_used = 0;
638 }
639 watchpoint->set = 0;
640
641 return ERROR_OK;
642 }
643
644 /**
645 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
646 * available, an error response is returned.
647 *
648 * @param target Pointer to the ARM7/9 target to add a watchpoint to
649 * @param watchpoint Pointer to the watchpoint to be added
650 * @return Error status while trying to add the watchpoint
651 */
652 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
653 {
654 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
655
656 if (target->state != TARGET_HALTED)
657 {
658 LOG_WARNING("target not halted");
659 return ERROR_TARGET_NOT_HALTED;
660 }
661
662 if (arm7_9->wp_available < 1)
663 {
664 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
665 }
666
667 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
668 {
669 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
670 }
671
672 arm7_9->wp_available--;
673
674 return ERROR_OK;
675 }
676
677 /**
678 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
679 * the used watchpoint unit will be reopened.
680 *
681 * @param target Pointer to the target to remove a watchpoint from
682 * @param watchpoint Pointer to the watchpoint to be removed
683 * @return Result of trying to unset the watchpoint
684 */
685 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
686 {
687 int retval = ERROR_OK;
688 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
689
690 if (watchpoint->set)
691 {
692 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
693 {
694 return retval;
695 }
696 }
697
698 arm7_9->wp_available++;
699
700 return ERROR_OK;
701 }
702
703 /**
704 * Restarts the target by sending a RESTART instruction and moving the JTAG
705 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
706 * asserted by the processor.
707 *
708 * @param target Pointer to target to issue commands to
709 * @return Error status if there is a timeout or a problem while executing the
710 * JTAG queue
711 */
712 int arm7_9_execute_sys_speed(struct target_s *target)
713 {
714 int retval;
715 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
716 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
717 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
718
719 /* set RESTART instruction */
720 jtag_set_end_state(TAP_IDLE);
721 if (arm7_9->need_bypass_before_restart) {
722 arm7_9->need_bypass_before_restart = 0;
723 arm_jtag_set_instr(jtag_info, 0xf, NULL);
724 }
725 arm_jtag_set_instr(jtag_info, 0x4, NULL);
726
727 long long then = timeval_ms();
728 int timeout;
729 while (!(timeout = ((timeval_ms()-then) > 1000)))
730 {
731 /* read debug status register */
732 embeddedice_read_reg(dbg_stat);
733 if ((retval = jtag_execute_queue()) != ERROR_OK)
734 return retval;
735 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
736 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
737 break;
738 if (debug_level >= 3)
739 {
740 alive_sleep(100);
741 } else
742 {
743 keep_alive();
744 }
745 }
746 if (timeout)
747 {
748 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
749 return ERROR_TARGET_TIMEOUT;
750 }
751
752 return ERROR_OK;
753 }
754
755 /**
756 * Restarts the target by sending a RESTART instruction and moving the JTAG
757 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
758 * waiting until they are.
759 *
760 * @param target Pointer to the target to issue commands to
761 * @return Always ERROR_OK
762 */
763 int arm7_9_execute_fast_sys_speed(struct target_s *target)
764 {
765 static int set = 0;
766 static uint8_t check_value[4], check_mask[4];
767
768 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
769 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
770 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
771
772 /* set RESTART instruction */
773 jtag_set_end_state(TAP_IDLE);
774 if (arm7_9->need_bypass_before_restart) {
775 arm7_9->need_bypass_before_restart = 0;
776 arm_jtag_set_instr(jtag_info, 0xf, NULL);
777 }
778 arm_jtag_set_instr(jtag_info, 0x4, NULL);
779
780 if (!set)
781 {
782 /* check for DBGACK and SYSCOMP set (others don't care) */
783
784 /* NB! These are constants that must be available until after next jtag_execute() and
785 * we evaluate the values upon first execution in lieu of setting up these constants
786 * during early setup.
787 * */
788 buf_set_u32(check_value, 0, 32, 0x9);
789 buf_set_u32(check_mask, 0, 32, 0x9);
790 set = 1;
791 }
792
793 /* read debug status register */
794 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
795
796 return ERROR_OK;
797 }
798
799 /**
800 * Get some data from the ARM7/9 target.
801 *
802 * @param target Pointer to the ARM7/9 target to read data from
803 * @param size The number of 32bit words to be read
804 * @param buffer Pointer to the buffer that will hold the data
805 * @return The result of receiving data from the Embedded ICE unit
806 */
807 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
808 {
809 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
810 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
811 uint32_t *data;
812 int retval = ERROR_OK;
813 uint32_t i;
814
815 data = malloc(size * (sizeof(uint32_t)));
816
817 retval = embeddedice_receive(jtag_info, data, size);
818
819 /* return the 32-bit ints in the 8-bit array */
820 for (i = 0; i < size; i++)
821 {
822 h_u32_to_le(buffer + (i * 4), data[i]);
823 }
824
825 free(data);
826
827 return retval;
828 }
829
830 /**
831 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
832 * target is running and the DCC control register has the W bit high, this will
833 * execute the request on the target.
834 *
835 * @param priv Void pointer expected to be a target_t pointer
836 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
837 * from the Embedded ICE unit
838 */
839 int arm7_9_handle_target_request(void *priv)
840 {
841 int retval = ERROR_OK;
842 target_t *target = priv;
843 if (!target_was_examined(target))
844 return ERROR_OK;
845 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
846 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
847 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
848
849 if (!target->dbg_msg_enabled)
850 return ERROR_OK;
851
852 if (target->state == TARGET_RUNNING)
853 {
854 /* read DCC control register */
855 embeddedice_read_reg(dcc_control);
856 if ((retval = jtag_execute_queue()) != ERROR_OK)
857 {
858 return retval;
859 }
860
861 /* check W bit */
862 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
863 {
864 uint32_t request;
865
866 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
867 {
868 return retval;
869 }
870 if ((retval = target_request(target, request)) != ERROR_OK)
871 {
872 return retval;
873 }
874 }
875 }
876
877 return ERROR_OK;
878 }
879
880 /**
881 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
882 * is manipulated to the right halted state based on its current state. This is
883 * what happens:
884 *
885 * <table>
886 * <tr><th > State</th><th > Action</th></tr>
887 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
888 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
889 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
890 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
891 * </table>
892 *
893 * If the target does not end up in the halted state, a warning is produced. If
894 * DBGACK is cleared, then the target is expected to either be running or
895 * running in debug.
896 *
897 * @param target Pointer to the ARM7/9 target to poll
898 * @return ERROR_OK or an error status if a command fails
899 */
900 int arm7_9_poll(target_t *target)
901 {
902 int retval;
903 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
904 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
905
906 /* read debug status register */
907 embeddedice_read_reg(dbg_stat);
908 if ((retval = jtag_execute_queue()) != ERROR_OK)
909 {
910 return retval;
911 }
912
913 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
914 {
915 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
916 if (target->state == TARGET_UNKNOWN)
917 {
918 /* Starting OpenOCD with target in debug-halt */
919 target->state = TARGET_RUNNING;
920 LOG_DEBUG("DBGACK already set during server startup.");
921 }
922 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
923 {
924 int check_pc = 0;
925 if (target->state == TARGET_RESET)
926 {
927 if (target->reset_halt)
928 {
929 enum reset_types jtag_reset_config = jtag_get_reset_config();
930 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
931 {
932 check_pc = 1;
933 }
934 }
935 }
936
937 target->state = TARGET_HALTED;
938
939 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
940 return retval;
941
942 if (check_pc)
943 {
944 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
945 uint32_t t=*((uint32_t *)reg->value);
946 if (t != 0)
947 {
948 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
949 }
950 }
951
952 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
953 {
954 return retval;
955 }
956 }
957 if (target->state == TARGET_DEBUG_RUNNING)
958 {
959 target->state = TARGET_HALTED;
960 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
961 return retval;
962
963 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
964 {
965 return retval;
966 }
967 }
968 if (target->state != TARGET_HALTED)
969 {
970 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
971 }
972 }
973 else
974 {
975 if (target->state != TARGET_DEBUG_RUNNING)
976 target->state = TARGET_RUNNING;
977 }
978
979 return ERROR_OK;
980 }
981
982 /**
983 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
984 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
985 * affected) completely stop the JTAG clock while the core is held in reset
986 * (SRST). It isn't possible to program the halt condition once reset is
987 * asserted, hence a hook that allows the target to set up its reset-halt
988 * condition is setup prior to asserting reset.
989 *
990 * @param target Pointer to an ARM7/9 target to assert reset on
991 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
992 */
993 int arm7_9_assert_reset(target_t *target)
994 {
995 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
996
997 LOG_DEBUG("target->state: %s",
998 target_state_name(target));
999
1000 enum reset_types jtag_reset_config = jtag_get_reset_config();
1001 if (!(jtag_reset_config & RESET_HAS_SRST))
1002 {
1003 LOG_ERROR("Can't assert SRST");
1004 return ERROR_FAIL;
1005 }
1006
1007 /* At this point trst has been asserted/deasserted once. We would
1008 * like to program EmbeddedICE while SRST is asserted, instead of
1009 * depending on SRST to leave that module alone. However, many CPUs
1010 * gate the JTAG clock while SRST is asserted; or JTAG may need
1011 * clock stability guarantees (adaptive clocking might help).
1012 *
1013 * So we assume JTAG access during SRST is off the menu unless it's
1014 * been specifically enabled.
1015 */
1016 bool srst_asserted = false;
1017
1018 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
1019 && (jtag_reset_config & RESET_SRST_NO_GATING))
1020 {
1021 jtag_add_reset(0, 1);
1022 srst_asserted = true;
1023 }
1024
1025 if (target->reset_halt)
1026 {
1027 /*
1028 * Some targets do not support communication while SRST is asserted. We need to
1029 * set up the reset vector catch here.
1030 *
1031 * If TRST is asserted, then these settings will be reset anyway, so setting them
1032 * here is harmless.
1033 */
1034 if (arm7_9->has_vector_catch)
1035 {
1036 /* program vector catch register to catch reset vector */
1037 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1038
1039 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1040 jtag_add_runtest(1, jtag_get_end_state());
1041 }
1042 else
1043 {
1044 /* program watchpoint unit to match on reset vector address */
1045 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1046 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1047 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1048 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1049 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1050 }
1051 }
1052
1053 /* here we should issue an SRST only, but we may have to assert TRST as well */
1054 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1055 {
1056 jtag_add_reset(1, 1);
1057 } else if (!srst_asserted)
1058 {
1059 jtag_add_reset(0, 1);
1060 }
1061
1062 target->state = TARGET_RESET;
1063 jtag_add_sleep(50000);
1064
1065 armv4_5_invalidate_core_regs(target);
1066
1067 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1068 {
1069 /* debug entry was already prepared in arm7_9_assert_reset() */
1070 target->debug_reason = DBG_REASON_DBGRQ;
1071 }
1072
1073 return ERROR_OK;
1074 }
1075
1076 /**
1077 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1078 * and the target is being reset into a halt, a warning will be triggered
1079 * because it is not possible to reset into a halted mode in this case. The
1080 * target is halted using the target's functions.
1081 *
1082 * @param target Pointer to the target to have the reset deasserted
1083 * @return ERROR_OK or an error from polling or halting the target
1084 */
1085 int arm7_9_deassert_reset(target_t *target)
1086 {
1087 int retval = ERROR_OK;
1088 LOG_DEBUG("target->state: %s",
1089 target_state_name(target));
1090
1091 /* deassert reset lines */
1092 jtag_add_reset(0, 0);
1093
1094 enum reset_types jtag_reset_config = jtag_get_reset_config();
1095 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1096 {
1097 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1098 /* set up embedded ice registers again */
1099 if ((retval = target_examine_one(target)) != ERROR_OK)
1100 return retval;
1101
1102 if ((retval = target_poll(target)) != ERROR_OK)
1103 {
1104 return retval;
1105 }
1106
1107 if ((retval = target_halt(target)) != ERROR_OK)
1108 {
1109 return retval;
1110 }
1111
1112 }
1113 return retval;
1114 }
1115
1116 /**
1117 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1118 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1119 * vector catch was used, it is restored. Otherwise, the control value is
1120 * restored and the watchpoint unit is restored if it was in use.
1121 *
1122 * @param target Pointer to the ARM7/9 target to have halt cleared
1123 * @return Always ERROR_OK
1124 */
1125 int arm7_9_clear_halt(target_t *target)
1126 {
1127 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1128 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1129
1130 /* we used DBGRQ only if we didn't come out of reset */
1131 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1132 {
1133 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1134 */
1135 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1136 embeddedice_store_reg(dbg_ctrl);
1137 }
1138 else
1139 {
1140 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1141 {
1142 /* if we came out of reset, and vector catch is supported, we used
1143 * vector catch to enter debug state
1144 * restore the register in that case
1145 */
1146 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1147 }
1148 else
1149 {
1150 /* restore registers if watchpoint unit 0 was in use
1151 */
1152 if (arm7_9->wp0_used)
1153 {
1154 if (arm7_9->debug_entry_from_reset)
1155 {
1156 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1157 }
1158 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1159 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1160 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1161 }
1162 /* control value always has to be restored, as it was either disabled,
1163 * or enabled with possibly different bits
1164 */
1165 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1166 }
1167 }
1168
1169 return ERROR_OK;
1170 }
1171
1172 /**
1173 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1174 * and then there is a wait until the processor shows the halt. This wait can
1175 * timeout and results in an error being returned. The software reset involves
1176 * clearing the halt, updating the debug control register, changing to ARM mode,
1177 * reset of the program counter, and reset of all of the registers.
1178 *
1179 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1180 * @return Error status if any of the commands fail, otherwise ERROR_OK
1181 */
1182 int arm7_9_soft_reset_halt(struct target_s *target)
1183 {
1184 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1185 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1186 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1187 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1188 int i;
1189 int retval;
1190
1191 /* FIX!!! replace some of this code with tcl commands
1192 *
1193 * halt # the halt command is synchronous
1194 * armv4_5 core_state arm
1195 *
1196 */
1197
1198 if ((retval = target_halt(target)) != ERROR_OK)
1199 return retval;
1200
1201 long long then = timeval_ms();
1202 int timeout;
1203 while (!(timeout = ((timeval_ms()-then) > 1000)))
1204 {
1205 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1206 break;
1207 embeddedice_read_reg(dbg_stat);
1208 if ((retval = jtag_execute_queue()) != ERROR_OK)
1209 return retval;
1210 if (debug_level >= 3)
1211 {
1212 alive_sleep(100);
1213 } else
1214 {
1215 keep_alive();
1216 }
1217 }
1218 if (timeout)
1219 {
1220 LOG_ERROR("Failed to halt CPU after 1 sec");
1221 return ERROR_TARGET_TIMEOUT;
1222 }
1223 target->state = TARGET_HALTED;
1224
1225 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1226 * ensure that DBGRQ is cleared
1227 */
1228 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1229 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1230 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1231 embeddedice_store_reg(dbg_ctrl);
1232
1233 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1234 {
1235 return retval;
1236 }
1237
1238 /* if the target is in Thumb state, change to ARM state */
1239 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1240 {
1241 uint32_t r0_thumb, pc_thumb;
1242 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1243 /* Entered debug from Thumb mode */
1244 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1245 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1246 }
1247
1248 /* all register content is now invalid */
1249 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1250 {
1251 return retval;
1252 }
1253
1254 /* SVC, ARM state, IRQ and FIQ disabled */
1255 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1256 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1257 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1258
1259 /* start fetching from 0x0 */
1260 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1261 armv4_5->core_cache->reg_list[15].dirty = 1;
1262 armv4_5->core_cache->reg_list[15].valid = 1;
1263
1264 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1265 armv4_5->core_state = ARMV4_5_STATE_ARM;
1266
1267 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1268 return ERROR_FAIL;
1269
1270 /* reset registers */
1271 for (i = 0; i <= 14; i++)
1272 {
1273 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1274 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1275 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1276 }
1277
1278 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1279 {
1280 return retval;
1281 }
1282
1283 return ERROR_OK;
1284 }
1285
1286 /**
1287 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1288 * line or by programming a watchpoint to trigger on any address. It is
1289 * considered a bug to call this function while the target is in the
1290 * TARGET_RESET state.
1291 *
1292 * @param target Pointer to the ARM7/9 target to be halted
1293 * @return Always ERROR_OK
1294 */
1295 int arm7_9_halt(target_t *target)
1296 {
1297 if (target->state == TARGET_RESET)
1298 {
1299 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1300 return ERROR_OK;
1301 }
1302
1303 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1304 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1305
1306 LOG_DEBUG("target->state: %s",
1307 target_state_name(target));
1308
1309 if (target->state == TARGET_HALTED)
1310 {
1311 LOG_DEBUG("target was already halted");
1312 return ERROR_OK;
1313 }
1314
1315 if (target->state == TARGET_UNKNOWN)
1316 {
1317 LOG_WARNING("target was in unknown state when halt was requested");
1318 }
1319
1320 if (arm7_9->use_dbgrq)
1321 {
1322 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1323 */
1324 if (arm7_9->set_special_dbgrq) {
1325 arm7_9->set_special_dbgrq(target);
1326 } else {
1327 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1328 embeddedice_store_reg(dbg_ctrl);
1329 }
1330 }
1331 else
1332 {
1333 /* program watchpoint unit to match on any address
1334 */
1335 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1336 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1337 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1338 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1339 }
1340
1341 target->debug_reason = DBG_REASON_DBGRQ;
1342
1343 return ERROR_OK;
1344 }
1345
1346 /**
1347 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1348 * ARM. The JTAG queue is then executed and the reason for debug entry is
1349 * examined. Once done, the target is verified to be halted and the processor
1350 * is forced into ARM mode. The core registers are saved for the current core
1351 * mode and the program counter (register 15) is updated as needed. The core
1352 * registers and CPSR and SPSR are saved for restoration later.
1353 *
1354 * @param target Pointer to target that is entering debug mode
1355 * @return Error code if anything fails, otherwise ERROR_OK
1356 */
1357 int arm7_9_debug_entry(target_t *target)
1358 {
1359 int i;
1360 uint32_t context[16];
1361 uint32_t* context_p[16];
1362 uint32_t r0_thumb, pc_thumb;
1363 uint32_t cpsr;
1364 int retval;
1365 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1366 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1367 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1368 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1369
1370 #ifdef _DEBUG_ARM7_9_
1371 LOG_DEBUG("-");
1372 #endif
1373
1374 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1375 * ensure that DBGRQ is cleared
1376 */
1377 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1378 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1379 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1380 embeddedice_store_reg(dbg_ctrl);
1381
1382 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1383 {
1384 return retval;
1385 }
1386
1387 if ((retval = jtag_execute_queue()) != ERROR_OK)
1388 {
1389 return retval;
1390 }
1391
1392 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1393 return retval;
1394
1395
1396 if (target->state != TARGET_HALTED)
1397 {
1398 LOG_WARNING("target not halted");
1399 return ERROR_TARGET_NOT_HALTED;
1400 }
1401
1402 /* if the target is in Thumb state, change to ARM state */
1403 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1404 {
1405 LOG_DEBUG("target entered debug from Thumb state");
1406 /* Entered debug from Thumb mode */
1407 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1408 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1409 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1410 }
1411 else
1412 {
1413 LOG_DEBUG("target entered debug from ARM state");
1414 /* Entered debug from ARM mode */
1415 armv4_5->core_state = ARMV4_5_STATE_ARM;
1416 }
1417
1418 for (i = 0; i < 16; i++)
1419 context_p[i] = &context[i];
1420 /* save core registers (r0 - r15 of current core mode) */
1421 arm7_9->read_core_regs(target, 0xffff, context_p);
1422
1423 arm7_9->read_xpsr(target, &cpsr, 0);
1424
1425 if ((retval = jtag_execute_queue()) != ERROR_OK)
1426 return retval;
1427
1428 /* if the core has been executing in Thumb state, set the T bit */
1429 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1430 cpsr |= 0x20;
1431
1432 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1433 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1434 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1435
1436 armv4_5->core_mode = cpsr & 0x1f;
1437
1438 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1439 {
1440 target->state = TARGET_UNKNOWN;
1441 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1442 return ERROR_TARGET_FAILURE;
1443 }
1444
1445 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1446
1447 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1448 {
1449 LOG_DEBUG("thumb state, applying fixups");
1450 context[0] = r0_thumb;
1451 context[15] = pc_thumb;
1452 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1453 {
1454 /* adjust value stored by STM */
1455 context[15] -= 3 * 4;
1456 }
1457
1458 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1459 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1460 else
1461 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1462
1463 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1464 return ERROR_FAIL;
1465
1466 for (i = 0; i <= 15; i++)
1467 {
1468 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1469 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1470 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1471 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1472 }
1473
1474 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1475
1476 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1477 return ERROR_FAIL;
1478
1479 /* exceptions other than USR & SYS have a saved program status register */
1480 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1481 {
1482 uint32_t spsr;
1483 arm7_9->read_xpsr(target, &spsr, 1);
1484 if ((retval = jtag_execute_queue()) != ERROR_OK)
1485 {
1486 return retval;
1487 }
1488 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1489 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1490 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1491 }
1492
1493 /* r0 and r15 (pc) have to be restored later */
1494 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1495 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1496
1497 if ((retval = jtag_execute_queue()) != ERROR_OK)
1498 return retval;
1499
1500 if (arm7_9->post_debug_entry)
1501 arm7_9->post_debug_entry(target);
1502
1503 return ERROR_OK;
1504 }
1505
1506 /**
1507 * Validate the full context for an ARM7/9 target in all processor modes. If
1508 * there are any invalid registers for the target, they will all be read. This
1509 * includes the PSR.
1510 *
1511 * @param target Pointer to the ARM7/9 target to capture the full context from
1512 * @return Error if the target is not halted, has an invalid core mode, or if
1513 * the JTAG queue fails to execute
1514 */
1515 int arm7_9_full_context(target_t *target)
1516 {
1517 int i;
1518 int retval;
1519 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1520 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1521
1522 LOG_DEBUG("-");
1523
1524 if (target->state != TARGET_HALTED)
1525 {
1526 LOG_WARNING("target not halted");
1527 return ERROR_TARGET_NOT_HALTED;
1528 }
1529
1530 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1531 return ERROR_FAIL;
1532
1533 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1534 * SYS shares registers with User, so we don't touch SYS
1535 */
1536 for (i = 0; i < 6; i++)
1537 {
1538 uint32_t mask = 0;
1539 uint32_t* reg_p[16];
1540 int j;
1541 int valid = 1;
1542
1543 /* check if there are invalid registers in the current mode
1544 */
1545 for (j = 0; j <= 16; j++)
1546 {
1547 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1548 valid = 0;
1549 }
1550
1551 if (!valid)
1552 {
1553 uint32_t tmp_cpsr;
1554
1555 /* change processor mode (and mask T bit) */
1556 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1557 tmp_cpsr |= armv4_5_number_to_mode(i);
1558 tmp_cpsr &= ~0x20;
1559 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1560
1561 for (j = 0; j < 15; j++)
1562 {
1563 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1564 {
1565 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1566 mask |= 1 << j;
1567 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1568 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1569 }
1570 }
1571
1572 /* if only the PSR is invalid, mask is all zeroes */
1573 if (mask)
1574 arm7_9->read_core_regs(target, mask, reg_p);
1575
1576 /* check if the PSR has to be read */
1577 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1578 {
1579 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1580 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1581 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1582 }
1583 }
1584 }
1585
1586 /* restore processor mode (mask T bit) */
1587 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1588
1589 if ((retval = jtag_execute_queue()) != ERROR_OK)
1590 {
1591 return retval;
1592 }
1593 return ERROR_OK;
1594 }
1595
1596 /**
1597 * Restore the processor context on an ARM7/9 target. The full processor
1598 * context is analyzed to see if any of the registers are dirty on this end, but
1599 * have a valid new value. If this is the case, the processor is changed to the
1600 * appropriate mode and the new register values are written out to the
1601 * processor. If there happens to be a dirty register with an invalid value, an
1602 * error will be logged.
1603 *
1604 * @param target Pointer to the ARM7/9 target to have its context restored
1605 * @return Error status if the target is not halted or the core mode in the
1606 * armv4_5 struct is invalid.
1607 */
1608 int arm7_9_restore_context(target_t *target)
1609 {
1610 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1611 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1612 reg_t *reg;
1613 armv4_5_core_reg_t *reg_arch_info;
1614 enum armv4_5_mode current_mode = armv4_5->core_mode;
1615 int i, j;
1616 int dirty;
1617 int mode_change;
1618
1619 LOG_DEBUG("-");
1620
1621 if (target->state != TARGET_HALTED)
1622 {
1623 LOG_WARNING("target not halted");
1624 return ERROR_TARGET_NOT_HALTED;
1625 }
1626
1627 if (arm7_9->pre_restore_context)
1628 arm7_9->pre_restore_context(target);
1629
1630 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1631 return ERROR_FAIL;
1632
1633 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1634 * SYS shares registers with User, so we don't touch SYS
1635 */
1636 for (i = 0; i < 6; i++)
1637 {
1638 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1639 dirty = 0;
1640 mode_change = 0;
1641 /* check if there are dirty registers in the current mode
1642 */
1643 for (j = 0; j <= 16; j++)
1644 {
1645 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1646 reg_arch_info = reg->arch_info;
1647 if (reg->dirty == 1)
1648 {
1649 if (reg->valid == 1)
1650 {
1651 dirty = 1;
1652 LOG_DEBUG("examining dirty reg: %s", reg->name);
1653 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1654 && (reg_arch_info->mode != current_mode)
1655 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1656 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1657 {
1658 mode_change = 1;
1659 LOG_DEBUG("require mode change");
1660 }
1661 }
1662 else
1663 {
1664 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1665 }
1666 }
1667 }
1668
1669 if (dirty)
1670 {
1671 uint32_t mask = 0x0;
1672 int num_regs = 0;
1673 uint32_t regs[16];
1674
1675 if (mode_change)
1676 {
1677 uint32_t tmp_cpsr;
1678
1679 /* change processor mode (mask T bit) */
1680 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1681 tmp_cpsr |= armv4_5_number_to_mode(i);
1682 tmp_cpsr &= ~0x20;
1683 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1684 current_mode = armv4_5_number_to_mode(i);
1685 }
1686
1687 for (j = 0; j <= 14; j++)
1688 {
1689 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1690 reg_arch_info = reg->arch_info;
1691
1692
1693 if (reg->dirty == 1)
1694 {
1695 regs[j] = buf_get_u32(reg->value, 0, 32);
1696 mask |= 1 << j;
1697 num_regs++;
1698 reg->dirty = 0;
1699 reg->valid = 1;
1700 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1701 }
1702 }
1703
1704 if (mask)
1705 {
1706 arm7_9->write_core_regs(target, mask, regs);
1707 }
1708
1709 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1710 reg_arch_info = reg->arch_info;
1711 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1712 {
1713 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1714 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1715 }
1716 }
1717 }
1718
1719 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1720 {
1721 /* restore processor mode (mask T bit) */
1722 uint32_t tmp_cpsr;
1723
1724 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1725 tmp_cpsr |= armv4_5_number_to_mode(i);
1726 tmp_cpsr &= ~0x20;
1727 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1728 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1729 }
1730 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1731 {
1732 /* CPSR has been changed, full restore necessary (mask T bit) */
1733 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1734 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1735 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1736 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1737 }
1738
1739 /* restore PC */
1740 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1741 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1742 armv4_5->core_cache->reg_list[15].dirty = 0;
1743
1744 if (arm7_9->post_restore_context)
1745 arm7_9->post_restore_context(target);
1746
1747 return ERROR_OK;
1748 }
1749
1750 /**
1751 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1752 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1753 * restart.
1754 *
1755 * @param target Pointer to the ARM7/9 target to be restarted
1756 * @return Result of executing the JTAG queue
1757 */
1758 int arm7_9_restart_core(struct target_s *target)
1759 {
1760 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1761 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1762
1763 /* set RESTART instruction */
1764 jtag_set_end_state(TAP_IDLE);
1765 if (arm7_9->need_bypass_before_restart) {
1766 arm7_9->need_bypass_before_restart = 0;
1767 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1768 }
1769 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1770
1771 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1772 return jtag_execute_queue();
1773 }
1774
1775 /**
1776 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1777 * iterated through and are set on the target if they aren't already set.
1778 *
1779 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1780 */
1781 void arm7_9_enable_watchpoints(struct target_s *target)
1782 {
1783 watchpoint_t *watchpoint = target->watchpoints;
1784
1785 while (watchpoint)
1786 {
1787 if (watchpoint->set == 0)
1788 arm7_9_set_watchpoint(target, watchpoint);
1789 watchpoint = watchpoint->next;
1790 }
1791 }
1792
1793 /**
1794 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1795 * iterated through and are set on the target.
1796 *
1797 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1798 */
1799 void arm7_9_enable_breakpoints(struct target_s *target)
1800 {
1801 breakpoint_t *breakpoint = target->breakpoints;
1802
1803 /* set any pending breakpoints */
1804 while (breakpoint)
1805 {
1806 arm7_9_set_breakpoint(target, breakpoint);
1807 breakpoint = breakpoint->next;
1808 }
1809 }
1810
1811 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1812 {
1813 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1814 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1815 breakpoint_t *breakpoint = target->breakpoints;
1816 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1817 int err, retval = ERROR_OK;
1818
1819 LOG_DEBUG("-");
1820
1821 if (target->state != TARGET_HALTED)
1822 {
1823 LOG_WARNING("target not halted");
1824 return ERROR_TARGET_NOT_HALTED;
1825 }
1826
1827 if (!debug_execution)
1828 {
1829 target_free_all_working_areas(target);
1830 }
1831
1832 /* current = 1: continue on current pc, otherwise continue at <address> */
1833 if (!current)
1834 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1835
1836 uint32_t current_pc;
1837 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1838
1839 /* the front-end may request us not to handle breakpoints */
1840 if (handle_breakpoints)
1841 {
1842 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1843 {
1844 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1845 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1846 {
1847 return retval;
1848 }
1849
1850 /* calculate PC of next instruction */
1851 uint32_t next_pc;
1852 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1853 {
1854 uint32_t current_opcode;
1855 target_read_u32(target, current_pc, &current_opcode);
1856 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1857 return retval;
1858 }
1859
1860 LOG_DEBUG("enable single-step");
1861 arm7_9->enable_single_step(target, next_pc);
1862
1863 target->debug_reason = DBG_REASON_SINGLESTEP;
1864
1865 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1866 {
1867 return retval;
1868 }
1869
1870 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1871 arm7_9->branch_resume(target);
1872 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1873 {
1874 arm7_9->branch_resume_thumb(target);
1875 }
1876 else
1877 {
1878 LOG_ERROR("unhandled core state");
1879 return ERROR_FAIL;
1880 }
1881
1882 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1883 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1884 err = arm7_9_execute_sys_speed(target);
1885
1886 LOG_DEBUG("disable single-step");
1887 arm7_9->disable_single_step(target);
1888
1889 if (err != ERROR_OK)
1890 {
1891 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1892 {
1893 return retval;
1894 }
1895 target->state = TARGET_UNKNOWN;
1896 return err;
1897 }
1898
1899 arm7_9_debug_entry(target);
1900 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1901
1902 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1903 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1904 {
1905 return retval;
1906 }
1907 }
1908 }
1909
1910 /* enable any pending breakpoints and watchpoints */
1911 arm7_9_enable_breakpoints(target);
1912 arm7_9_enable_watchpoints(target);
1913
1914 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1915 {
1916 return retval;
1917 }
1918
1919 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1920 {
1921 arm7_9->branch_resume(target);
1922 }
1923 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1924 {
1925 arm7_9->branch_resume_thumb(target);
1926 }
1927 else
1928 {
1929 LOG_ERROR("unhandled core state");
1930 return ERROR_FAIL;
1931 }
1932
1933 /* deassert DBGACK and INTDIS */
1934 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1935 /* INTDIS only when we really resume, not during debug execution */
1936 if (!debug_execution)
1937 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1938 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1939
1940 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1941 {
1942 return retval;
1943 }
1944
1945 target->debug_reason = DBG_REASON_NOTHALTED;
1946
1947 if (!debug_execution)
1948 {
1949 /* registers are now invalid */
1950 armv4_5_invalidate_core_regs(target);
1951 target->state = TARGET_RUNNING;
1952 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1953 {
1954 return retval;
1955 }
1956 }
1957 else
1958 {
1959 target->state = TARGET_DEBUG_RUNNING;
1960 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1961 {
1962 return retval;
1963 }
1964 }
1965
1966 LOG_DEBUG("target resumed");
1967
1968 return ERROR_OK;
1969 }
1970
1971 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1972 {
1973 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1974 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1975 uint32_t current_pc;
1976 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1977
1978 if (next_pc != current_pc)
1979 {
1980 /* setup an inverse breakpoint on the current PC
1981 * - comparator 1 matches the current address
1982 * - rangeout from comparator 1 is connected to comparator 0 rangein
1983 * - comparator 0 matches any address, as long as rangein is low */
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1990 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1991 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1992 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1993 }
1994 else
1995 {
1996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1998 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1999 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
2000 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2001 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2005 }
2006 }
2007
2008 void arm7_9_disable_eice_step(target_t *target)
2009 {
2010 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2011
2012 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2013 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2014 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2015 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2016 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2017 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2018 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2019 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2020 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2021 }
2022
2023 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2024 {
2025 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2026 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2027 breakpoint_t *breakpoint = NULL;
2028 int err, retval;
2029
2030 if (target->state != TARGET_HALTED)
2031 {
2032 LOG_WARNING("target not halted");
2033 return ERROR_TARGET_NOT_HALTED;
2034 }
2035
2036 /* current = 1: continue on current pc, otherwise continue at <address> */
2037 if (!current)
2038 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2039
2040 uint32_t current_pc;
2041 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2042
2043 /* the front-end may request us not to handle breakpoints */
2044 if (handle_breakpoints)
2045 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2046 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2047 {
2048 return retval;
2049 }
2050
2051 target->debug_reason = DBG_REASON_SINGLESTEP;
2052
2053 /* calculate PC of next instruction */
2054 uint32_t next_pc;
2055 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2056 {
2057 uint32_t current_opcode;
2058 target_read_u32(target, current_pc, &current_opcode);
2059 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2060 return retval;
2061 }
2062
2063 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2064 {
2065 return retval;
2066 }
2067
2068 arm7_9->enable_single_step(target, next_pc);
2069
2070 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2071 {
2072 arm7_9->branch_resume(target);
2073 }
2074 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2075 {
2076 arm7_9->branch_resume_thumb(target);
2077 }
2078 else
2079 {
2080 LOG_ERROR("unhandled core state");
2081 return ERROR_FAIL;
2082 }
2083
2084 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2085 {
2086 return retval;
2087 }
2088
2089 err = arm7_9_execute_sys_speed(target);
2090 arm7_9->disable_single_step(target);
2091
2092 /* registers are now invalid */
2093 armv4_5_invalidate_core_regs(target);
2094
2095 if (err != ERROR_OK)
2096 {
2097 target->state = TARGET_UNKNOWN;
2098 } else {
2099 arm7_9_debug_entry(target);
2100 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2101 {
2102 return retval;
2103 }
2104 LOG_DEBUG("target stepped");
2105 }
2106
2107 if (breakpoint)
2108 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2109 {
2110 return retval;
2111 }
2112
2113 return err;
2114 }
2115
2116 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2117 {
2118 uint32_t* reg_p[16];
2119 uint32_t value;
2120 int retval;
2121 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2122 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2123
2124 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2125 return ERROR_FAIL;
2126
2127 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2128
2129 if ((num < 0) || (num > 16))
2130 return ERROR_INVALID_ARGUMENTS;
2131
2132 if ((mode != ARMV4_5_MODE_ANY)
2133 && (mode != armv4_5->core_mode)
2134 && (reg_mode != ARMV4_5_MODE_ANY))
2135 {
2136 uint32_t tmp_cpsr;
2137
2138 /* change processor mode (mask T bit) */
2139 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2140 tmp_cpsr |= mode;
2141 tmp_cpsr &= ~0x20;
2142 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2143 }
2144
2145 if ((num >= 0) && (num <= 15))
2146 {
2147 /* read a normal core register */
2148 reg_p[num] = &value;
2149
2150 arm7_9->read_core_regs(target, 1 << num, reg_p);
2151 }
2152 else
2153 {
2154 /* read a program status register
2155 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2156 */
2157 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2158 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2159
2160 arm7_9->read_xpsr(target, &value, spsr);
2161 }
2162
2163 if ((retval = jtag_execute_queue()) != ERROR_OK)
2164 {
2165 return retval;
2166 }
2167
2168 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2169 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2170 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2171
2172 if ((mode != ARMV4_5_MODE_ANY)
2173 && (mode != armv4_5->core_mode)
2174 && (reg_mode != ARMV4_5_MODE_ANY)) {
2175 /* restore processor mode (mask T bit) */
2176 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2177 }
2178
2179 return ERROR_OK;
2180 }
2181
2182 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2183 {
2184 uint32_t reg[16];
2185 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2186 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2187
2188 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2189 return ERROR_FAIL;
2190
2191 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2192
2193 if ((num < 0) || (num > 16))
2194 return ERROR_INVALID_ARGUMENTS;
2195
2196 if ((mode != ARMV4_5_MODE_ANY)
2197 && (mode != armv4_5->core_mode)
2198 && (reg_mode != ARMV4_5_MODE_ANY)) {
2199 uint32_t tmp_cpsr;
2200
2201 /* change processor mode (mask T bit) */
2202 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2203 tmp_cpsr |= mode;
2204 tmp_cpsr &= ~0x20;
2205 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2206 }
2207
2208 if ((num >= 0) && (num <= 15))
2209 {
2210 /* write a normal core register */
2211 reg[num] = value;
2212
2213 arm7_9->write_core_regs(target, 1 << num, reg);
2214 }
2215 else
2216 {
2217 /* write a program status register
2218 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2219 */
2220 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2221 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2222
2223 /* if we're writing the CPSR, mask the T bit */
2224 if (!spsr)
2225 value &= ~0x20;
2226
2227 arm7_9->write_xpsr(target, value, spsr);
2228 }
2229
2230 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2232
2233 if ((mode != ARMV4_5_MODE_ANY)
2234 && (mode != armv4_5->core_mode)
2235 && (reg_mode != ARMV4_5_MODE_ANY)) {
2236 /* restore processor mode (mask T bit) */
2237 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2238 }
2239
2240 return jtag_execute_queue();
2241 }
2242
2243 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2244 {
2245 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2246 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2247 uint32_t reg[16];
2248 uint32_t num_accesses = 0;
2249 int thisrun_accesses;
2250 int i;
2251 uint32_t cpsr;
2252 int retval;
2253 int last_reg = 0;
2254
2255 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2256
2257 if (target->state != TARGET_HALTED)
2258 {
2259 LOG_WARNING("target not halted");
2260 return ERROR_TARGET_NOT_HALTED;
2261 }
2262
2263 /* sanitize arguments */
2264 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2265 return ERROR_INVALID_ARGUMENTS;
2266
2267 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2268 return ERROR_TARGET_UNALIGNED_ACCESS;
2269
2270 /* load the base register with the address of the first word */
2271 reg[0] = address;
2272 arm7_9->write_core_regs(target, 0x1, reg);
2273
2274 int j = 0;
2275
2276 switch (size)
2277 {
2278 case 4:
2279 while (num_accesses < count)
2280 {
2281 uint32_t reg_list;
2282 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2283 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2284
2285 if (last_reg <= thisrun_accesses)
2286 last_reg = thisrun_accesses;
2287
2288 arm7_9->load_word_regs(target, reg_list);
2289
2290 /* fast memory reads are only safe when the target is running
2291 * from a sufficiently high clock (32 kHz is usually too slow)
2292 */
2293 if (arm7_9->fast_memory_access)
2294 retval = arm7_9_execute_fast_sys_speed(target);
2295 else
2296 retval = arm7_9_execute_sys_speed(target);
2297 if (retval != ERROR_OK)
2298 return retval;
2299
2300 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2301
2302 /* advance buffer, count number of accesses */
2303 buffer += thisrun_accesses * 4;
2304 num_accesses += thisrun_accesses;
2305
2306 if ((j++%1024) == 0)
2307 {
2308 keep_alive();
2309 }
2310 }
2311 break;
2312 case 2:
2313 while (num_accesses < count)
2314 {
2315 uint32_t reg_list;
2316 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2317 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2318
2319 for (i = 1; i <= thisrun_accesses; i++)
2320 {
2321 if (i > last_reg)
2322 last_reg = i;
2323 arm7_9->load_hword_reg(target, i);
2324 /* fast memory reads are only safe when the target is running
2325 * from a sufficiently high clock (32 kHz is usually too slow)
2326 */
2327 if (arm7_9->fast_memory_access)
2328 retval = arm7_9_execute_fast_sys_speed(target);
2329 else
2330 retval = arm7_9_execute_sys_speed(target);
2331 if (retval != ERROR_OK)
2332 {
2333 return retval;
2334 }
2335
2336 }
2337
2338 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2339
2340 /* advance buffer, count number of accesses */
2341 buffer += thisrun_accesses * 2;
2342 num_accesses += thisrun_accesses;
2343
2344 if ((j++%1024) == 0)
2345 {
2346 keep_alive();
2347 }
2348 }
2349 break;
2350 case 1:
2351 while (num_accesses < count)
2352 {
2353 uint32_t reg_list;
2354 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2355 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2356
2357 for (i = 1; i <= thisrun_accesses; i++)
2358 {
2359 if (i > last_reg)
2360 last_reg = i;
2361 arm7_9->load_byte_reg(target, i);
2362 /* fast memory reads are only safe when the target is running
2363 * from a sufficiently high clock (32 kHz is usually too slow)
2364 */
2365 if (arm7_9->fast_memory_access)
2366 retval = arm7_9_execute_fast_sys_speed(target);
2367 else
2368 retval = arm7_9_execute_sys_speed(target);
2369 if (retval != ERROR_OK)
2370 {
2371 return retval;
2372 }
2373 }
2374
2375 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2376
2377 /* advance buffer, count number of accesses */
2378 buffer += thisrun_accesses * 1;
2379 num_accesses += thisrun_accesses;
2380
2381 if ((j++%1024) == 0)
2382 {
2383 keep_alive();
2384 }
2385 }
2386 break;
2387 default:
2388 LOG_ERROR("BUG: we shouldn't get here");
2389 exit(-1);
2390 break;
2391 }
2392
2393 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2394 return ERROR_FAIL;
2395
2396 for (i = 0; i <= last_reg; i++)
2397 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2398
2399 arm7_9->read_xpsr(target, &cpsr, 0);
2400 if ((retval = jtag_execute_queue()) != ERROR_OK)
2401 {
2402 LOG_ERROR("JTAG error while reading cpsr");
2403 return ERROR_TARGET_DATA_ABORT;
2404 }
2405
2406 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2407 {
2408 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2409
2410 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2411
2412 return ERROR_TARGET_DATA_ABORT;
2413 }
2414
2415 return ERROR_OK;
2416 }
2417
2418 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2419 {
2420 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2421 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2422 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2423
2424 uint32_t reg[16];
2425 uint32_t num_accesses = 0;
2426 int thisrun_accesses;
2427 int i;
2428 uint32_t cpsr;
2429 int retval;
2430 int last_reg = 0;
2431
2432 #ifdef _DEBUG_ARM7_9_
2433 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2434 #endif
2435
2436 if (target->state != TARGET_HALTED)
2437 {
2438 LOG_WARNING("target not halted");
2439 return ERROR_TARGET_NOT_HALTED;
2440 }
2441
2442 /* sanitize arguments */
2443 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2444 return ERROR_INVALID_ARGUMENTS;
2445
2446 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2447 return ERROR_TARGET_UNALIGNED_ACCESS;
2448
2449 /* load the base register with the address of the first word */
2450 reg[0] = address;
2451 arm7_9->write_core_regs(target, 0x1, reg);
2452
2453 /* Clear DBGACK, to make sure memory fetches work as expected */
2454 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2455 embeddedice_store_reg(dbg_ctrl);
2456
2457 switch (size)
2458 {
2459 case 4:
2460 while (num_accesses < count)
2461 {
2462 uint32_t reg_list;
2463 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2464 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2465
2466 for (i = 1; i <= thisrun_accesses; i++)
2467 {
2468 if (i > last_reg)
2469 last_reg = i;
2470 reg[i] = target_buffer_get_u32(target, buffer);
2471 buffer += 4;
2472 }
2473
2474 arm7_9->write_core_regs(target, reg_list, reg);
2475
2476 arm7_9->store_word_regs(target, reg_list);
2477
2478 /* fast memory writes are only safe when the target is running
2479 * from a sufficiently high clock (32 kHz is usually too slow)
2480 */
2481 if (arm7_9->fast_memory_access)
2482 retval = arm7_9_execute_fast_sys_speed(target);
2483 else
2484 retval = arm7_9_execute_sys_speed(target);
2485 if (retval != ERROR_OK)
2486 {
2487 return retval;
2488 }
2489
2490 num_accesses += thisrun_accesses;
2491 }
2492 break;
2493 case 2:
2494 while (num_accesses < count)
2495 {
2496 uint32_t reg_list;
2497 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2498 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2499
2500 for (i = 1; i <= thisrun_accesses; i++)
2501 {
2502 if (i > last_reg)
2503 last_reg = i;
2504 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2505 buffer += 2;
2506 }
2507
2508 arm7_9->write_core_regs(target, reg_list, reg);
2509
2510 for (i = 1; i <= thisrun_accesses; i++)
2511 {
2512 arm7_9->store_hword_reg(target, i);
2513
2514 /* fast memory writes are only safe when the target is running
2515 * from a sufficiently high clock (32 kHz is usually too slow)
2516 */
2517 if (arm7_9->fast_memory_access)
2518 retval = arm7_9_execute_fast_sys_speed(target);
2519 else
2520 retval = arm7_9_execute_sys_speed(target);
2521 if (retval != ERROR_OK)
2522 {
2523 return retval;
2524 }
2525 }
2526
2527 num_accesses += thisrun_accesses;
2528 }
2529 break;
2530 case 1:
2531 while (num_accesses < count)
2532 {
2533 uint32_t reg_list;
2534 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2535 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2536
2537 for (i = 1; i <= thisrun_accesses; i++)
2538 {
2539 if (i > last_reg)
2540 last_reg = i;
2541 reg[i] = *buffer++ & 0xff;
2542 }
2543
2544 arm7_9->write_core_regs(target, reg_list, reg);
2545
2546 for (i = 1; i <= thisrun_accesses; i++)
2547 {
2548 arm7_9->store_byte_reg(target, i);
2549 /* fast memory writes are only safe when the target is running
2550 * from a sufficiently high clock (32 kHz is usually too slow)
2551 */
2552 if (arm7_9->fast_memory_access)
2553 retval = arm7_9_execute_fast_sys_speed(target);
2554 else
2555 retval = arm7_9_execute_sys_speed(target);
2556 if (retval != ERROR_OK)
2557 {
2558 return retval;
2559 }
2560
2561 }
2562
2563 num_accesses += thisrun_accesses;
2564 }
2565 break;
2566 default:
2567 LOG_ERROR("BUG: we shouldn't get here");
2568 exit(-1);
2569 break;
2570 }
2571
2572 /* Re-Set DBGACK */
2573 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2574 embeddedice_store_reg(dbg_ctrl);
2575
2576 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2577 return ERROR_FAIL;
2578
2579 for (i = 0; i <= last_reg; i++)
2580 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2581
2582 arm7_9->read_xpsr(target, &cpsr, 0);
2583 if ((retval = jtag_execute_queue()) != ERROR_OK)
2584 {
2585 LOG_ERROR("JTAG error while reading cpsr");
2586 return ERROR_TARGET_DATA_ABORT;
2587 }
2588
2589 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2590 {
2591 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2592
2593 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2594
2595 return ERROR_TARGET_DATA_ABORT;
2596 }
2597
2598 return ERROR_OK;
2599 }
2600
2601 static int dcc_count;
2602 static uint8_t *dcc_buffer;
2603
2604 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2605 {
2606 int retval = ERROR_OK;
2607 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2608
2609 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2610 return retval;
2611
2612 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2613 int count = dcc_count;
2614 uint8_t *buffer = dcc_buffer;
2615 if (count > 2)
2616 {
2617 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2618 * core function repeated. */
2619 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2620 buffer += 4;
2621
2622 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2623 uint8_t reg_addr = ice_reg->addr & 0x1f;
2624 jtag_tap_t *tap;
2625 tap = ice_reg->jtag_info->tap;
2626
2627 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2628 buffer += (count-2)*4;
2629
2630 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2631 } else
2632 {
2633 int i;
2634 for (i = 0; i < count; i++)
2635 {
2636 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2637 buffer += 4;
2638 }
2639 }
2640
2641 if ((retval = target_halt(target))!= ERROR_OK)
2642 {
2643 return retval;
2644 }
2645 return target_wait_state(target, TARGET_HALTED, 500);
2646 }
2647
2648 static const uint32_t dcc_code[] =
2649 {
2650 /* r0 == input, points to memory buffer
2651 * r1 == scratch
2652 */
2653
2654 /* spin until DCC control (c0) reports data arrived */
2655 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2656 0xe3110001, /* tst r1, #1 */
2657 0x0afffffc, /* bne w */
2658
2659 /* read word from DCC (c1), write to memory */
2660 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2661 0xe4801004, /* str r1, [r0], #4 */
2662
2663 /* repeat */
2664 0xeafffff9 /* b w */
2665 };
2666
2667 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2668
2669 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2670 {
2671 int retval;
2672 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2673 int i;
2674
2675 if (!arm7_9->dcc_downloads)
2676 return target_write_memory(target, address, 4, count, buffer);
2677
2678 /* regrab previously allocated working_area, or allocate a new one */
2679 if (!arm7_9->dcc_working_area)
2680 {
2681 uint8_t dcc_code_buf[6 * 4];
2682
2683 /* make sure we have a working area */
2684 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2685 {
2686 LOG_INFO("no working area available, falling back to memory writes");
2687 return target_write_memory(target, address, 4, count, buffer);
2688 }
2689
2690 /* copy target instructions to target endianness */
2691 for (i = 0; i < 6; i++)
2692 {
2693 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2694 }
2695
2696 /* write DCC code to working area */
2697 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2698 {
2699 return retval;
2700 }
2701 }
2702
2703 armv4_5_algorithm_t armv4_5_info;
2704 reg_param_t reg_params[1];
2705
2706 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2707 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2708 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2709
2710 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2711
2712 buf_set_u32(reg_params[0].value, 0, 32, address);
2713
2714 dcc_count = count;
2715 dcc_buffer = buffer;
2716 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2717 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2718
2719 if (retval == ERROR_OK)
2720 {
2721 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2722 if (endaddress != (address + count*4))
2723 {
2724 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2725 retval = ERROR_FAIL;
2726 }
2727 }
2728
2729 destroy_reg_param(&reg_params[0]);
2730
2731 return retval;
2732 }
2733
2734 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2735 {
2736 working_area_t *crc_algorithm;
2737 armv4_5_algorithm_t armv4_5_info;
2738 reg_param_t reg_params[2];
2739 int retval;
2740
2741 static const uint32_t arm7_9_crc_code[] = {
2742 0xE1A02000, /* mov r2, r0 */
2743 0xE3E00000, /* mov r0, #0xffffffff */
2744 0xE1A03001, /* mov r3, r1 */
2745 0xE3A04000, /* mov r4, #0 */
2746 0xEA00000B, /* b ncomp */
2747 /* nbyte: */
2748 0xE7D21004, /* ldrb r1, [r2, r4] */
2749 0xE59F7030, /* ldr r7, CRC32XOR */
2750 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2751 0xE3A05000, /* mov r5, #0 */
2752 /* loop: */
2753 0xE3500000, /* cmp r0, #0 */
2754 0xE1A06080, /* mov r6, r0, asl #1 */
2755 0xE2855001, /* add r5, r5, #1 */
2756 0xE1A00006, /* mov r0, r6 */
2757 0xB0260007, /* eorlt r0, r6, r7 */
2758 0xE3550008, /* cmp r5, #8 */
2759 0x1AFFFFF8, /* bne loop */
2760 0xE2844001, /* add r4, r4, #1 */
2761 /* ncomp: */
2762 0xE1540003, /* cmp r4, r3 */
2763 0x1AFFFFF1, /* bne nbyte */
2764 /* end: */
2765 0xEAFFFFFE, /* b end */
2766 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2767 };
2768
2769 uint32_t i;
2770
2771 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2772 {
2773 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2774 }
2775
2776 /* convert flash writing code into a buffer in target endianness */
2777 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2778 {
2779 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2780 {
2781 return retval;
2782 }
2783 }
2784
2785 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2786 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2787 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2788
2789 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2790 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2791
2792 buf_set_u32(reg_params[0].value, 0, 32, address);
2793 buf_set_u32(reg_params[1].value, 0, 32, count);
2794
2795 /* 20 second timeout/megabyte */
2796 int timeout = 20000 * (1 + (count / (1024*1024)));
2797
2798 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2799 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2800 {
2801 LOG_ERROR("error executing arm7_9 crc algorithm");
2802 destroy_reg_param(&reg_params[0]);
2803 destroy_reg_param(&reg_params[1]);
2804 target_free_working_area(target, crc_algorithm);
2805 return retval;
2806 }
2807
2808 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2809
2810 destroy_reg_param(&reg_params[0]);
2811 destroy_reg_param(&reg_params[1]);
2812
2813 target_free_working_area(target, crc_algorithm);
2814
2815 return ERROR_OK;
2816 }
2817
2818 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2819 {
2820 working_area_t *erase_check_algorithm;
2821 reg_param_t reg_params[3];
2822 armv4_5_algorithm_t armv4_5_info;
2823 int retval;
2824 uint32_t i;
2825
2826 static const uint32_t erase_check_code[] =
2827 {
2828 /* loop: */
2829 0xe4d03001, /* ldrb r3, [r0], #1 */
2830 0xe0022003, /* and r2, r2, r3 */
2831 0xe2511001, /* subs r1, r1, #1 */
2832 0x1afffffb, /* bne loop */
2833 /* end: */
2834 0xeafffffe /* b end */
2835 };
2836
2837 /* make sure we have a working area */
2838 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2839 {
2840 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2841 }
2842
2843 /* convert flash writing code into a buffer in target endianness */
2844 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2845 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2846 {
2847 return retval;
2848 }
2849
2850 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2851 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2852 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2853
2854 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2855 buf_set_u32(reg_params[0].value, 0, 32, address);
2856
2857 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2858 buf_set_u32(reg_params[1].value, 0, 32, count);
2859
2860 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2861 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2862
2863 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2864 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2865 {
2866 destroy_reg_param(&reg_params[0]);
2867 destroy_reg_param(&reg_params[1]);
2868 destroy_reg_param(&reg_params[2]);
2869 target_free_working_area(target, erase_check_algorithm);
2870 return 0;
2871 }
2872
2873 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2874
2875 destroy_reg_param(&reg_params[0]);
2876 destroy_reg_param(&reg_params[1]);
2877 destroy_reg_param(&reg_params[2]);
2878
2879 target_free_working_area(target, erase_check_algorithm);
2880
2881 return ERROR_OK;
2882 }
2883
2884 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2885 {
2886 command_t *arm7_9_cmd;
2887
2888 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2889
2890 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2891 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2892
2893 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2894
2895 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2896 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2897 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2898 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2899 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2900 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2901
2902 armv4_5_register_commands(cmd_ctx);
2903
2904 etm_register_commands(cmd_ctx);
2905
2906 return ERROR_OK;
2907 }
2908
2909 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2910 {
2911 uint32_t value;
2912 int spsr;
2913 int retval;
2914 target_t *target = get_current_target(cmd_ctx);
2915 armv4_5_common_t *armv4_5;
2916 arm7_9_common_t *arm7_9;
2917
2918 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2919 {
2920 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2921 return ERROR_OK;
2922 }
2923
2924 if (target->state != TARGET_HALTED)
2925 {
2926 command_print(cmd_ctx, "can't write registers while running");
2927 return ERROR_OK;
2928 }
2929
2930 if (argc < 2)
2931 {
2932 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2933 return ERROR_OK;
2934 }
2935
2936 COMMAND_PARSE_NUMBER(u32, args[0], value);
2937 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2938
2939 /* if we're writing the CPSR, mask the T bit */
2940 if (!spsr)
2941 value &= ~0x20;
2942
2943 arm7_9->write_xpsr(target, value, spsr);
2944 if ((retval = jtag_execute_queue()) != ERROR_OK)
2945 {
2946 LOG_ERROR("JTAG error while writing to xpsr");
2947 return retval;
2948 }
2949
2950 return ERROR_OK;
2951 }
2952
2953 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2954 {
2955 uint32_t value;
2956 int rotate;
2957 int spsr;
2958 int retval;
2959 target_t *target = get_current_target(cmd_ctx);
2960 armv4_5_common_t *armv4_5;
2961 arm7_9_common_t *arm7_9;
2962
2963 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2964 {
2965 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2966 return ERROR_OK;
2967 }
2968
2969 if (target->state != TARGET_HALTED)
2970 {
2971 command_print(cmd_ctx, "can't write registers while running");
2972 return ERROR_OK;
2973 }
2974
2975 if (argc < 3)
2976 {
2977 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2978 return ERROR_OK;
2979 }
2980
2981 COMMAND_PARSE_NUMBER(u32, args[0], value);
2982 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2983 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2984
2985 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2986 if ((retval = jtag_execute_queue()) != ERROR_OK)
2987 {
2988 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2989 return retval;
2990 }
2991
2992 return ERROR_OK;
2993 }
2994
2995 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2996 {
2997 uint32_t value;
2998 uint32_t mode;
2999 int num;
3000 target_t *target = get_current_target(cmd_ctx);
3001 armv4_5_common_t *armv4_5;
3002 arm7_9_common_t *arm7_9;
3003
3004 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3005 {
3006 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3007 return ERROR_OK;
3008 }
3009
3010 if (target->state != TARGET_HALTED)
3011 {
3012 command_print(cmd_ctx, "can't write registers while running");
3013 return ERROR_OK;
3014 }
3015
3016 if (argc < 3)
3017 {
3018 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3019 return ERROR_OK;
3020 }
3021
3022 COMMAND_PARSE_NUMBER(int, args[0], num);
3023 COMMAND_PARSE_NUMBER(u32, args[1], mode);
3024 COMMAND_PARSE_NUMBER(u32, args[2], value);
3025
3026 return arm7_9_write_core_reg(target, num, mode, value);
3027 }
3028
3029 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3030 {
3031 target_t *target = get_current_target(cmd_ctx);
3032 armv4_5_common_t *armv4_5;
3033 arm7_9_common_t *arm7_9;
3034
3035 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3036 {
3037 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3038 return ERROR_OK;
3039 }
3040
3041 if (argc > 0)
3042 {
3043 if (strcmp("enable", args[0]) == 0)
3044 {
3045 arm7_9->use_dbgrq = 1;
3046 }
3047 else if (strcmp("disable", args[0]) == 0)
3048 {
3049 arm7_9->use_dbgrq = 0;
3050 }
3051 else
3052 {
3053 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3054 }
3055 }
3056
3057 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3058
3059 return ERROR_OK;
3060 }
3061
3062 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3063 {
3064 target_t *target = get_current_target(cmd_ctx);
3065 armv4_5_common_t *armv4_5;
3066 arm7_9_common_t *arm7_9;
3067
3068 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3069 {
3070 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3071 return ERROR_OK;
3072 }
3073
3074 if (argc > 0)
3075 {
3076 if (strcmp("enable", args[0]) == 0)
3077 {
3078 arm7_9->fast_memory_access = 1;
3079 }
3080 else if (strcmp("disable", args[0]) == 0)
3081 {
3082 arm7_9->fast_memory_access = 0;
3083 }
3084 else
3085 {
3086 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3087 }
3088 }
3089
3090 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3091
3092 return ERROR_OK;
3093 }
3094
3095 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3096 {
3097 target_t *target = get_current_target(cmd_ctx);
3098 armv4_5_common_t *armv4_5;
3099 arm7_9_common_t *arm7_9;
3100
3101 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3102 {
3103 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3104 return ERROR_OK;
3105 }
3106
3107 if (argc > 0)
3108 {
3109 if (strcmp("enable", args[0]) == 0)
3110 {
3111 arm7_9->dcc_downloads = 1;
3112 }
3113 else if (strcmp("disable", args[0]) == 0)
3114 {
3115 arm7_9->dcc_downloads = 0;
3116 }
3117 else
3118 {
3119 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3120 }
3121 }
3122
3123 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3124
3125 return ERROR_OK;
3126 }
3127
3128 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3129 {
3130 int retval = ERROR_OK;
3131 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3132
3133 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3134
3135 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3136 {
3137 return retval;
3138 }
3139
3140 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3141 arm7_9->wp_available_max = 2;
3142 arm7_9->sw_breakpoints_added = 0;
3143 arm7_9->sw_breakpoint_count = 0;
3144 arm7_9->breakpoint_count = 0;
3145 arm7_9->wp0_used = 0;
3146 arm7_9->wp1_used = 0;
3147 arm7_9->wp1_used_default = 0;
3148 arm7_9->use_dbgrq = 0;
3149
3150 arm7_9->etm_ctx = NULL;
3151 arm7_9->has_single_step = 0;
3152 arm7_9->has_monitor_mode = 0;
3153 arm7_9->has_vector_catch = 0;
3154
3155 arm7_9->debug_entry_from_reset = 0;
3156
3157 arm7_9->dcc_working_area = NULL;
3158
3159 arm7_9->fast_memory_access = fast_and_dangerous;
3160 arm7_9->dcc_downloads = fast_and_dangerous;
3161
3162 arm7_9->need_bypass_before_restart = 0;
3163
3164 armv4_5->arch_info = arm7_9;
3165 armv4_5->read_core_reg = arm7_9_read_core_reg;
3166 armv4_5->write_core_reg = arm7_9_write_core_reg;
3167 armv4_5->full_context = arm7_9_full_context;
3168
3169 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3170 {
3171 return retval;
3172 }
3173
3174 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3175 {
3176 return retval;
3177 }
3178
3179 return ERROR_OK;
3180 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)