Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Submitted by Dean Glazeski <dnglaze@gmail.com>:
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
63 arm7_9->sw_breakpoints_added = 0;
64 arm7_9->wp0_used = 0;
65 arm7_9->wp1_used = arm7_9->wp1_used_default;
66 arm7_9->wp_available = arm7_9->wp_available_max;
67
68 return jtag_execute_queue();
69 }
70
71 /**
72 * Assign a watchpoint to one of the two available hardware comparators in an
73 * ARM7 or ARM9 target.
74 *
75 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
76 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
77 */
78 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
79 {
80 if (!arm7_9->wp0_used)
81 {
82 arm7_9->wp0_used = 1;
83 breakpoint->set = 1;
84 arm7_9->wp_available--;
85 }
86 else if (!arm7_9->wp1_used)
87 {
88 arm7_9->wp1_used = 1;
89 breakpoint->set = 2;
90 arm7_9->wp_available--;
91 }
92 else
93 {
94 LOG_ERROR("BUG: no hardware comparator available");
95 }
96 }
97
98 /**
99 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
100 *
101 * @param arm7_9 Pointer to common struct for ARM7/9 targets
102 * @return Error codes if there is a problem finding a watchpoint or the result
103 * of executing the JTAG queue
104 */
105 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
106 {
107 if (arm7_9->sw_breakpoints_added)
108 {
109 return ERROR_OK;
110 }
111 if (arm7_9->wp_available < 1)
112 {
113 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
114 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
115 }
116 arm7_9->wp_available--;
117
118 /* pick a breakpoint unit */
119 if (!arm7_9->wp0_used)
120 {
121 arm7_9->sw_breakpoints_added=1;
122 arm7_9->wp0_used = 3;
123 } else if (!arm7_9->wp1_used)
124 {
125 arm7_9->sw_breakpoints_added=2;
126 arm7_9->wp1_used = 3;
127 }
128 else
129 {
130 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
131 return ERROR_FAIL;
132 }
133
134 if (arm7_9->sw_breakpoints_added==1)
135 {
136 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
137 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
138 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
141 }
142 else if (arm7_9->sw_breakpoints_added==2)
143 {
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
149 }
150 else
151 {
152 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
153 return ERROR_FAIL;
154 }
155
156 return jtag_execute_queue();
157 }
158
159 /**
160 * Setup the common pieces for an ARM7/9 target after reset or on startup.
161 *
162 * @param target Pointer to an ARM7/9 target to setup
163 * @return Result of clearing the watchpoints on the target
164 */
165 int arm7_9_setup(target_t *target)
166 {
167 armv4_5_common_t *armv4_5 = target->arch_info;
168 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
169
170 return arm7_9_clear_watchpoints(arm7_9);
171 }
172
173 /**
174 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
175 * targets. A return of ERROR_OK signifies that the target is a valid target
176 * and that the pointers have been set properly.
177 *
178 * @param target Pointer to the target device to get the pointers from
179 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
180 * targets
181 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
182 * targets
183 * @return ERROR_OK if successful
184 */
185 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
186 {
187 armv4_5_common_t *armv4_5 = target->arch_info;
188 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
189
190 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
191 {
192 return -1;
193 }
194
195 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
196 {
197 return -1;
198 }
199
200 *armv4_5_p = armv4_5;
201 *arm7_9_p = arm7_9;
202
203 return ERROR_OK;
204 }
205
206 /**
207 * Set either a hardware or software breakpoint on an ARM7/9 target. The
208 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
209 * might have erased the values in Embedded ICE.
210 *
211 * @param target Pointer to the target device to set the breakpoints on
212 * @param breakpoint Pointer to the breakpoint to be set
213 * @return For hardware breakpoints, this is the result of executing the JTAG
214 * queue. For software breakpoints, this will be the status of the
215 * required memory reads and writes
216 */
217 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
218 {
219 armv4_5_common_t *armv4_5 = target->arch_info;
220 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
221 int retval=ERROR_OK;
222
223 if (target->state != TARGET_HALTED)
224 {
225 LOG_WARNING("target not halted");
226 return ERROR_TARGET_NOT_HALTED;
227 }
228
229 if (breakpoint->type == BKPT_HARD)
230 {
231 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
232 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
233
234 /* reassign a hw breakpoint */
235 if (breakpoint->set==0)
236 {
237 arm7_9_assign_wp(arm7_9, breakpoint);
238 }
239
240 if (breakpoint->set==1)
241 {
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
245 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
246 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
247 }
248 else if (breakpoint->set==2)
249 {
250 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
251 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
252 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
255 }
256 else
257 {
258 LOG_ERROR("BUG: no hardware comparator available");
259 return ERROR_OK;
260 }
261
262 retval=jtag_execute_queue();
263 }
264 else if (breakpoint->type == BKPT_SOFT)
265 {
266 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
267 return retval;
268
269 /* did we already set this breakpoint? */
270 if (breakpoint->set)
271 return ERROR_OK;
272
273 if (breakpoint->length == 4)
274 {
275 u32 verify = 0xffffffff;
276 /* keep the original instruction in target endianness */
277 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
278 {
279 return retval;
280 }
281 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
282 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
283 {
284 return retval;
285 }
286
287 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
288 {
289 return retval;
290 }
291 if (verify != arm7_9->arm_bkpt)
292 {
293 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
294 return ERROR_OK;
295 }
296 }
297 else
298 {
299 u16 verify = 0xffff;
300 /* keep the original instruction in target endianness */
301 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
302 {
303 return retval;
304 }
305 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
306 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
307 {
308 return retval;
309 }
310
311 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
312 {
313 return retval;
314 }
315 if (verify != arm7_9->thumb_bkpt)
316 {
317 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
318 return ERROR_OK;
319 }
320 }
321 breakpoint->set = 1;
322 }
323
324 return retval;
325 }
326
327 /**
328 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
329 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
330 * will be updated. Otherwise, the software breakpoint will be restored to its
331 * original instruction if it hasn't already been modified.
332 *
333 * @param target Pointer to ARM7/9 target to unset the breakpoint from
334 * @param breakpoint Pointer to breakpoint to be unset
335 * @return For hardware breakpoints, this is the result of executing the JTAG
336 * queue. For software breakpoints, this will be the status of the
337 * required memory reads and writes
338 */
339 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
340 {
341 int retval = ERROR_OK;
342
343 armv4_5_common_t *armv4_5 = target->arch_info;
344 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
345
346 if (!breakpoint->set)
347 {
348 LOG_WARNING("breakpoint not set");
349 return ERROR_OK;
350 }
351
352 if (breakpoint->type == BKPT_HARD)
353 {
354 if (breakpoint->set == 1)
355 {
356 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
357 arm7_9->wp0_used = 0;
358 arm7_9->wp_available++;
359 }
360 else if (breakpoint->set == 2)
361 {
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
363 arm7_9->wp1_used = 0;
364 arm7_9->wp_available++;
365 }
366 retval = jtag_execute_queue();
367 breakpoint->set = 0;
368 }
369 else
370 {
371 /* restore original instruction (kept in target endianness) */
372 if (breakpoint->length == 4)
373 {
374 u32 current_instr;
375 /* check that user program as not modified breakpoint instruction */
376 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)&current_instr)) != ERROR_OK)
377 {
378 return retval;
379 }
380 if (current_instr==arm7_9->arm_bkpt)
381 if ((retval = target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
382 {
383 return retval;
384 }
385 }
386 else
387 {
388 u16 current_instr;
389 /* check that user program as not modified breakpoint instruction */
390 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)&current_instr)) != ERROR_OK)
391 {
392 return retval;
393 }
394 if (current_instr==arm7_9->thumb_bkpt)
395 if ((retval = target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
396 {
397 return retval;
398 }
399 }
400 breakpoint->set = 0;
401 }
402
403 return retval;
404 }
405
406 /**
407 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
408 * dangling breakpoints and that the desired breakpoint can be added.
409 *
410 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
411 * @param breakpoint Pointer to the breakpoint to be added
412 * @return An error status if there is a problem adding the breakpoint or the
413 * result of setting the breakpoint
414 */
415 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
416 {
417 armv4_5_common_t *armv4_5 = target->arch_info;
418 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
419
420 if (target->state != TARGET_HALTED)
421 {
422 LOG_WARNING("target not halted");
423 return ERROR_TARGET_NOT_HALTED;
424 }
425
426 if (arm7_9->breakpoint_count==0)
427 {
428 /* make sure we don't have any dangling breakpoints. This is vital upon
429 * GDB connect/disconnect
430 */
431 arm7_9_clear_watchpoints(arm7_9);
432 }
433
434 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
435 {
436 LOG_INFO("no watchpoint unit available for hardware breakpoint");
437 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
438 }
439
440 if ((breakpoint->length != 2) && (breakpoint->length != 4))
441 {
442 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
443 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
444 }
445
446 if (breakpoint->type == BKPT_HARD)
447 {
448 arm7_9_assign_wp(arm7_9, breakpoint);
449 }
450
451 arm7_9->breakpoint_count++;
452
453 return arm7_9_set_breakpoint(target, breakpoint);
454 }
455
456 /**
457 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
458 * dangling breakpoints and updates available watchpoints if it is a hardware
459 * breakpoint.
460 *
461 * @param target Pointer to the target to have a breakpoint removed
462 * @param breakpoint Pointer to the breakpoint to be removed
463 * @return Error status if there was a problem unsetting the breakpoint or the
464 * watchpoints could not be cleared
465 */
466 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
467 {
468 int retval = ERROR_OK;
469 armv4_5_common_t *armv4_5 = target->arch_info;
470 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
471
472 if((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
473 {
474 return retval;
475 }
476
477 if (breakpoint->type == BKPT_HARD)
478 arm7_9->wp_available++;
479
480 arm7_9->breakpoint_count--;
481 if (arm7_9->breakpoint_count==0)
482 {
483 /* make sure we don't have any dangling breakpoints */
484 if((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
485 {
486 return retval;
487 }
488 }
489
490 return ERROR_OK;
491 }
492
493 /**
494 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
495 * considered a bug to call this function when there are no available watchpoint
496 * units.
497 *
498 * @param target Pointer to an ARM7/9 target to set a watchpoint on
499 * @param watchpoint Pointer to the watchpoint to be set
500 * @return Error status if watchpoint set fails or the result of executing the
501 * JTAG queue
502 */
503 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
504 {
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
508 int rw_mask = 1;
509 u32 mask;
510
511 mask = watchpoint->length - 1;
512
513 if (target->state != TARGET_HALTED)
514 {
515 LOG_WARNING("target not halted");
516 return ERROR_TARGET_NOT_HALTED;
517 }
518
519 if (watchpoint->rw == WPT_ACCESS)
520 rw_mask = 0;
521 else
522 rw_mask = 1;
523
524 if (!arm7_9->wp0_used)
525 {
526 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
527 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
528 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
529 if( watchpoint->mask != 0xffffffffu )
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
532 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
533
534 if((retval = jtag_execute_queue()) != ERROR_OK)
535 {
536 return retval;
537 }
538 watchpoint->set = 1;
539 arm7_9->wp0_used = 2;
540 }
541 else if (!arm7_9->wp1_used)
542 {
543 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
546 if( watchpoint->mask != 0xffffffffu )
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
550
551 if((retval = jtag_execute_queue()) != ERROR_OK)
552 {
553 return retval;
554 }
555 watchpoint->set = 2;
556 arm7_9->wp1_used = 2;
557 }
558 else
559 {
560 LOG_ERROR("BUG: no hardware comparator available");
561 return ERROR_OK;
562 }
563
564 return ERROR_OK;
565 }
566
567 /**
568 * Unset an existing watchpoint and clear the used watchpoint unit.
569 *
570 * @param target Pointer to the target to have the watchpoint removed
571 * @param watchpoint Pointer to the watchpoint to be removed
572 * @return Error status while trying to unset the watchpoint or the result of
573 * executing the JTAG queue
574 */
575 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
576 {
577 int retval = ERROR_OK;
578 armv4_5_common_t *armv4_5 = target->arch_info;
579 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
580
581 if (target->state != TARGET_HALTED)
582 {
583 LOG_WARNING("target not halted");
584 return ERROR_TARGET_NOT_HALTED;
585 }
586
587 if (!watchpoint->set)
588 {
589 LOG_WARNING("breakpoint not set");
590 return ERROR_OK;
591 }
592
593 if (watchpoint->set == 1)
594 {
595 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
596 if((retval = jtag_execute_queue()) != ERROR_OK)
597 {
598 return retval;
599 }
600 arm7_9->wp0_used = 0;
601 }
602 else if (watchpoint->set == 2)
603 {
604 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
605 if((retval = jtag_execute_queue()) != ERROR_OK)
606 {
607 return retval;
608 }
609 arm7_9->wp1_used = 0;
610 }
611 watchpoint->set = 0;
612
613 return ERROR_OK;
614 }
615
616 /**
617 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
618 * available, an error response is returned.
619 *
620 * @param target Pointer to the ARM7/9 target to add a watchpoint to
621 * @param watchpoint Pointer to the watchpoint to be added
622 * @return Error status while trying to add the watchpoint
623 */
624 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
625 {
626 armv4_5_common_t *armv4_5 = target->arch_info;
627 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
628
629 if (target->state != TARGET_HALTED)
630 {
631 LOG_WARNING("target not halted");
632 return ERROR_TARGET_NOT_HALTED;
633 }
634
635 if (arm7_9->wp_available < 1)
636 {
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
638 }
639
640 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
641 {
642 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
643 }
644
645 arm7_9->wp_available--;
646
647 return ERROR_OK;
648 }
649
650 /**
651 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
652 * the used watchpoint unit will be reopened.
653 *
654 * @param target Pointer to the target to remove a watchpoint from
655 * @param watchpoint Pointer to the watchpoint to be removed
656 * @return Result of trying to unset the watchpoint
657 */
658 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
659 {
660 int retval = ERROR_OK;
661 armv4_5_common_t *armv4_5 = target->arch_info;
662 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
663
664 if (watchpoint->set)
665 {
666 if((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
667 {
668 return retval;
669 }
670 }
671
672 arm7_9->wp_available++;
673
674 return ERROR_OK;
675 }
676
677 /**
678 * Restarts the target by sending a RESTART instruction and moving the JTAG
679 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
680 * asserted by the processor.
681 *
682 * @param target Pointer to target to issue commands to
683 * @return Error status if there is a timeout or a problem while executing the
684 * JTAG queue
685 */
686 int arm7_9_execute_sys_speed(struct target_s *target)
687 {
688 int retval;
689
690 armv4_5_common_t *armv4_5 = target->arch_info;
691 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
692 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
693 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
694
695 /* set RESTART instruction */
696 jtag_add_end_state(TAP_IDLE);
697 if (arm7_9->need_bypass_before_restart) {
698 arm7_9->need_bypass_before_restart = 0;
699 arm_jtag_set_instr(jtag_info, 0xf, NULL);
700 }
701 arm_jtag_set_instr(jtag_info, 0x4, NULL);
702
703 long long then=timeval_ms();
704 int timeout;
705 while (!(timeout=((timeval_ms()-then)>1000)))
706 {
707 /* read debug status register */
708 embeddedice_read_reg(dbg_stat);
709 if ((retval = jtag_execute_queue()) != ERROR_OK)
710 return retval;
711 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
712 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
713 break;
714 if (debug_level>=3)
715 {
716 alive_sleep(100);
717 } else
718 {
719 keep_alive();
720 }
721 }
722 if (timeout)
723 {
724 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
725 return ERROR_TARGET_TIMEOUT;
726 }
727
728 return ERROR_OK;
729 }
730
731 /**
732 * Restarts the target by sending a RESTART instruction and moving the JTAG
733 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
734 * waiting until they are.
735 *
736 * @param target Pointer to the target to issue commands to
737 * @return Always ERROR_OK
738 */
739 int arm7_9_execute_fast_sys_speed(struct target_s *target)
740 {
741 static int set=0;
742 static u8 check_value[4], check_mask[4];
743
744 armv4_5_common_t *armv4_5 = target->arch_info;
745 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
746 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
747 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
748
749 /* set RESTART instruction */
750 jtag_add_end_state(TAP_IDLE);
751 if (arm7_9->need_bypass_before_restart) {
752 arm7_9->need_bypass_before_restart = 0;
753 arm_jtag_set_instr(jtag_info, 0xf, NULL);
754 }
755 arm_jtag_set_instr(jtag_info, 0x4, NULL);
756
757 if (!set)
758 {
759 /* check for DBGACK and SYSCOMP set (others don't care) */
760
761 /* NB! These are constants that must be available until after next jtag_execute() and
762 * we evaluate the values upon first execution in lieu of setting up these constants
763 * during early setup.
764 * */
765 buf_set_u32(check_value, 0, 32, 0x9);
766 buf_set_u32(check_mask, 0, 32, 0x9);
767 set=1;
768 }
769
770 /* read debug status register */
771 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
772
773 return ERROR_OK;
774 }
775
776 /**
777 * Get some data from the ARM7/9 target.
778 *
779 * @param target Pointer to the ARM7/9 target to read data from
780 * @param size The number of 32bit words to be read
781 * @param buffer Pointer to the buffer that will hold the data
782 * @return The result of receiving data from the Embedded ICE unit
783 */
784 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
785 {
786 armv4_5_common_t *armv4_5 = target->arch_info;
787 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
788 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
789 u32 *data;
790 int retval = ERROR_OK;
791 u32 i;
792
793 data = malloc(size * (sizeof(u32)));
794
795 retval = embeddedice_receive(jtag_info, data, size);
796
797 /* return the 32-bit ints in the 8-bit array */
798 for (i = 0; i < size; i++)
799 {
800 h_u32_to_le(buffer + (i * 4), data[i]);
801 }
802
803 free(data);
804
805 return retval;
806 }
807
808 /**
809 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
810 * target is running and the DCC control register has the W bit high, this will
811 * execute the request on the target.
812 *
813 * @param priv Void pointer expected to be a target_t pointer
814 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
815 * from the Embedded ICE unit
816 */
817 int arm7_9_handle_target_request(void *priv)
818 {
819 int retval = ERROR_OK;
820 target_t *target = priv;
821 if (!target->type->examined)
822 return ERROR_OK;
823 armv4_5_common_t *armv4_5 = target->arch_info;
824 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
825 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
826 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
827
828 if (!target->dbg_msg_enabled)
829 return ERROR_OK;
830
831 if (target->state == TARGET_RUNNING)
832 {
833 /* read DCC control register */
834 embeddedice_read_reg(dcc_control);
835 if ((retval = jtag_execute_queue()) != ERROR_OK)
836 {
837 return retval;
838 }
839
840 /* check W bit */
841 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
842 {
843 u32 request;
844
845 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
846 {
847 return retval;
848 }
849 if ((retval = target_request(target, request)) != ERROR_OK)
850 {
851 return retval;
852 }
853 }
854 }
855
856 return ERROR_OK;
857 }
858
859 /**
860 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
861 * is manipulated to the right halted state based on its current state. This is
862 * what happens:
863 *
864 * <table>
865 * <tr><th>State</th><th>Action</th></tr>
866 * <tr><td>TARGET_RUNNING | TARGET_RESET</td><td>Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
867 * <tr><td>TARGET_UNKNOWN</td><td>Warning is logged</td></tr>
868 * <tr><td>TARGET_DEBUG_RUNNING</td><td>Enters debug mode</td></tr>
869 * <tr><td>TARGET_HALTED</td><td>Nothing</td></tr>
870 * </table>
871 *
872 * If the target does not end up in the halted state, a warning is produced. If
873 * DBGACK is cleared, then the target is expected to either be running or
874 * running in debug.
875 *
876 * @param target Pointer to the ARM7/9 target to poll
877 * @return ERROR_OK or an error status if a command fails
878 */
879 int arm7_9_poll(target_t *target)
880 {
881 int retval;
882 armv4_5_common_t *armv4_5 = target->arch_info;
883 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
884 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
885
886 /* read debug status register */
887 embeddedice_read_reg(dbg_stat);
888 if ((retval = jtag_execute_queue()) != ERROR_OK)
889 {
890 return retval;
891 }
892
893 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
894 {
895 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
896 if (target->state == TARGET_UNKNOWN)
897 {
898 target->state = TARGET_RUNNING;
899 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
900 }
901 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
902 {
903 int check_pc=0;
904 if (target->state == TARGET_RESET)
905 {
906 if (target->reset_halt)
907 {
908 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
909 {
910 check_pc = 1;
911 }
912 }
913 }
914
915 target->state = TARGET_HALTED;
916
917 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
918 return retval;
919
920 if (check_pc)
921 {
922 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
923 u32 t=*((u32 *)reg->value);
924 if (t!=0)
925 {
926 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
927 }
928 }
929
930 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
931 {
932 return retval;
933 }
934 }
935 if (target->state == TARGET_DEBUG_RUNNING)
936 {
937 target->state = TARGET_HALTED;
938 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
939 return retval;
940
941 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
942 {
943 return retval;
944 }
945 }
946 if (target->state != TARGET_HALTED)
947 {
948 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
949 }
950 }
951 else
952 {
953 if (target->state != TARGET_DEBUG_RUNNING)
954 target->state = TARGET_RUNNING;
955 }
956
957 return ERROR_OK;
958 }
959
960 /**
961 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
962 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
963 * affected) completely stop the JTAG clock while the core is held in reset
964 * (SRST). It isn't possible to program the halt condition once reset is
965 * asserted, hence a hook that allows the target to set up its reset-halt
966 * condition is setup prior to asserting reset.
967 *
968 * @param target Pointer to an ARM7/9 target to assert reset on
969 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
970 */
971 int arm7_9_assert_reset(target_t *target)
972 {
973 armv4_5_common_t *armv4_5 = target->arch_info;
974 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
975 LOG_DEBUG("target->state: %s",
976 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
977
978 if (!(jtag_reset_config & RESET_HAS_SRST))
979 {
980 LOG_ERROR("Can't assert SRST");
981 return ERROR_FAIL;
982 }
983
984 if (target->reset_halt)
985 {
986 /*
987 * Some targets do not support communication while SRST is asserted. We need to
988 * set up the reset vector catch here.
989 *
990 * If TRST is asserted, then these settings will be reset anyway, so setting them
991 * here is harmless.
992 */
993 if (arm7_9->has_vector_catch)
994 {
995 /* program vector catch register to catch reset vector */
996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
997 }
998 else
999 {
1000 /* program watchpoint unit to match on reset vector address */
1001 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1006 }
1007 }
1008
1009 /* here we should issue an SRST only, but we may have to assert TRST as well */
1010 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1011 {
1012 jtag_add_reset(1, 1);
1013 } else
1014 {
1015 jtag_add_reset(0, 1);
1016 }
1017
1018 target->state = TARGET_RESET;
1019 jtag_add_sleep(50000);
1020
1021 armv4_5_invalidate_core_regs(target);
1022
1023 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
1024 {
1025 /* debug entry was already prepared in arm7_9_assert_reset() */
1026 target->debug_reason = DBG_REASON_DBGRQ;
1027 }
1028
1029 return ERROR_OK;
1030 }
1031
1032 /**
1033 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1034 * and the target is being reset into a halt, a warning will be triggered
1035 * because it is not possible to reset into a halted mode in this case. The
1036 * target is halted using the target's functions.
1037 *
1038 * @param target Pointer to the target to have the reset deasserted
1039 * @return ERROR_OK or an error from polling or halting the target
1040 */
1041 int arm7_9_deassert_reset(target_t *target)
1042 {
1043 int retval=ERROR_OK;
1044 LOG_DEBUG("target->state: %s",
1045 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1046
1047 /* deassert reset lines */
1048 jtag_add_reset(0, 0);
1049
1050 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
1051 {
1052 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1053 /* set up embedded ice registers again */
1054 if ((retval=target->type->examine(target))!=ERROR_OK)
1055 return retval;
1056
1057 if ((retval=target_poll(target))!=ERROR_OK)
1058 {
1059 return retval;
1060 }
1061
1062 if ((retval=target_halt(target))!=ERROR_OK)
1063 {
1064 return retval;
1065 }
1066
1067 }
1068 return retval;
1069 }
1070
1071 /**
1072 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1073 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1074 * vector catch was used, it is restored. Otherwise, the control value is
1075 * restored and the watchpoint unit is restored if it was in use.
1076 *
1077 * @param target Pointer to the ARM7/9 target to have halt cleared
1078 * @return Always ERROR_OK
1079 */
1080 int arm7_9_clear_halt(target_t *target)
1081 {
1082 armv4_5_common_t *armv4_5 = target->arch_info;
1083 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1084 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1085
1086 /* we used DBGRQ only if we didn't come out of reset */
1087 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1088 {
1089 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1090 */
1091 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1092 embeddedice_store_reg(dbg_ctrl);
1093 }
1094 else
1095 {
1096 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1097 {
1098 /* if we came out of reset, and vector catch is supported, we used
1099 * vector catch to enter debug state
1100 * restore the register in that case
1101 */
1102 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1103 }
1104 else
1105 {
1106 /* restore registers if watchpoint unit 0 was in use
1107 */
1108 if (arm7_9->wp0_used)
1109 {
1110 if (arm7_9->debug_entry_from_reset)
1111 {
1112 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1113 }
1114 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1115 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1116 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1117 }
1118 /* control value always has to be restored, as it was either disabled,
1119 * or enabled with possibly different bits
1120 */
1121 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1122 }
1123 }
1124
1125 return ERROR_OK;
1126 }
1127
1128 /**
1129 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1130 * and then there is a wait until the processor shows the halt. This wait can
1131 * timeout and results in an error being returned. The software reset involves
1132 * clearing the halt, updating the debug control register, changing to ARM mode,
1133 * reset of the program counter, and reset of all of the registers.
1134 *
1135 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1136 * @return Error status if any of the commands fail, otherwise ERROR_OK
1137 */
1138 int arm7_9_soft_reset_halt(struct target_s *target)
1139 {
1140 armv4_5_common_t *armv4_5 = target->arch_info;
1141 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1142 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1143 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1144 int i;
1145 int retval;
1146
1147 if ((retval=target_halt(target))!=ERROR_OK)
1148 return retval;
1149
1150 long long then=timeval_ms();
1151 int timeout;
1152 while (!(timeout=((timeval_ms()-then)>1000)))
1153 {
1154 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1155 break;
1156 embeddedice_read_reg(dbg_stat);
1157 if ((retval=jtag_execute_queue())!=ERROR_OK)
1158 return retval;
1159 if (debug_level>=3)
1160 {
1161 alive_sleep(100);
1162 } else
1163 {
1164 keep_alive();
1165 }
1166 }
1167 if (timeout)
1168 {
1169 LOG_ERROR("Failed to halt CPU after 1 sec");
1170 return ERROR_TARGET_TIMEOUT;
1171 }
1172 target->state = TARGET_HALTED;
1173
1174 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1175 * ensure that DBGRQ is cleared
1176 */
1177 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1178 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1179 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1180 embeddedice_store_reg(dbg_ctrl);
1181
1182 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1183 {
1184 return retval;
1185 }
1186
1187 /* if the target is in Thumb state, change to ARM state */
1188 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1189 {
1190 u32 r0_thumb, pc_thumb;
1191 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1192 /* Entered debug from Thumb mode */
1193 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1194 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1195 }
1196
1197 /* all register content is now invalid */
1198 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1199 {
1200 return retval;
1201 }
1202
1203 /* SVC, ARM state, IRQ and FIQ disabled */
1204 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1205 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1206 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1207
1208 /* start fetching from 0x0 */
1209 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1210 armv4_5->core_cache->reg_list[15].dirty = 1;
1211 armv4_5->core_cache->reg_list[15].valid = 1;
1212
1213 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1214 armv4_5->core_state = ARMV4_5_STATE_ARM;
1215
1216 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1217 return ERROR_FAIL;
1218
1219 /* reset registers */
1220 for (i = 0; i <= 14; i++)
1221 {
1222 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1223 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1224 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1225 }
1226
1227 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1228 {
1229 return retval;
1230 }
1231
1232 return ERROR_OK;
1233 }
1234
1235 /**
1236 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1237 * line or by programming a watchpoint to trigger on any address. It is
1238 * considered a bug to call this function while the target is in the
1239 * TARGET_RESET state.
1240 *
1241 * @param target Pointer to the ARM7/9 target to be halted
1242 * @return Always ERROR_OK
1243 */
1244 int arm7_9_halt(target_t *target)
1245 {
1246 if (target->state==TARGET_RESET)
1247 {
1248 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1249 return ERROR_OK;
1250 }
1251
1252 armv4_5_common_t *armv4_5 = target->arch_info;
1253 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1254 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1255
1256 LOG_DEBUG("target->state: %s",
1257 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1258
1259 if (target->state == TARGET_HALTED)
1260 {
1261 LOG_DEBUG("target was already halted");
1262 return ERROR_OK;
1263 }
1264
1265 if (target->state == TARGET_UNKNOWN)
1266 {
1267 LOG_WARNING("target was in unknown state when halt was requested");
1268 }
1269
1270 if (arm7_9->use_dbgrq)
1271 {
1272 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1273 */
1274 if (arm7_9->set_special_dbgrq) {
1275 arm7_9->set_special_dbgrq(target);
1276 } else {
1277 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1278 embeddedice_store_reg(dbg_ctrl);
1279 }
1280 }
1281 else
1282 {
1283 /* program watchpoint unit to match on any address
1284 */
1285 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1286 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1287 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1288 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1289 }
1290
1291 target->debug_reason = DBG_REASON_DBGRQ;
1292
1293 return ERROR_OK;
1294 }
1295
1296 /**
1297 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1298 * ARM. The JTAG queue is then executed and the reason for debug entry is
1299 * examined. Once done, the target is verified to be halted and the processor
1300 * is forced into ARM mode. The core registers are saved for the current core
1301 * mode and the program counter (register 15) is updated as needed. The core
1302 * registers and CPSR and SPSR are saved for restoration later.
1303 *
1304 * @param target Pointer to target that is entering debug mode
1305 * @return Error code if anything fails, otherwise ERROR_OK
1306 */
1307 int arm7_9_debug_entry(target_t *target)
1308 {
1309 int i;
1310 u32 context[16];
1311 u32* context_p[16];
1312 u32 r0_thumb, pc_thumb;
1313 u32 cpsr;
1314 int retval;
1315 /* get pointers to arch-specific information */
1316 armv4_5_common_t *armv4_5 = target->arch_info;
1317 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1318 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1319 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1320
1321 #ifdef _DEBUG_ARM7_9_
1322 LOG_DEBUG("-");
1323 #endif
1324
1325 if (arm7_9->pre_debug_entry)
1326 arm7_9->pre_debug_entry(target);
1327
1328 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1329 * ensure that DBGRQ is cleared
1330 */
1331 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1332 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1333 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1334 embeddedice_store_reg(dbg_ctrl);
1335
1336 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1337 {
1338 return retval;
1339 }
1340
1341 if ((retval = jtag_execute_queue()) != ERROR_OK)
1342 {
1343 return retval;
1344 }
1345
1346 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1347 return retval;
1348
1349
1350 if (target->state != TARGET_HALTED)
1351 {
1352 LOG_WARNING("target not halted");
1353 return ERROR_TARGET_NOT_HALTED;
1354 }
1355
1356 /* if the target is in Thumb state, change to ARM state */
1357 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1358 {
1359 LOG_DEBUG("target entered debug from Thumb state");
1360 /* Entered debug from Thumb mode */
1361 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1362 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1363 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1364 }
1365 else
1366 {
1367 LOG_DEBUG("target entered debug from ARM state");
1368 /* Entered debug from ARM mode */
1369 armv4_5->core_state = ARMV4_5_STATE_ARM;
1370 }
1371
1372 for (i = 0; i < 16; i++)
1373 context_p[i] = &context[i];
1374 /* save core registers (r0 - r15 of current core mode) */
1375 arm7_9->read_core_regs(target, 0xffff, context_p);
1376
1377 arm7_9->read_xpsr(target, &cpsr, 0);
1378
1379 if ((retval = jtag_execute_queue()) != ERROR_OK)
1380 return retval;
1381
1382 /* if the core has been executing in Thumb state, set the T bit */
1383 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1384 cpsr |= 0x20;
1385
1386 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1387 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1388 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1389
1390 armv4_5->core_mode = cpsr & 0x1f;
1391
1392 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1393 {
1394 target->state = TARGET_UNKNOWN;
1395 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1396 return ERROR_TARGET_FAILURE;
1397 }
1398
1399 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1400
1401 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1402 {
1403 LOG_DEBUG("thumb state, applying fixups");
1404 context[0] = r0_thumb;
1405 context[15] = pc_thumb;
1406 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1407 {
1408 /* adjust value stored by STM */
1409 context[15] -= 3 * 4;
1410 }
1411
1412 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1413 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1414 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1415 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1416 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1417 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1418 else if (target->debug_reason == DBG_REASON_DBGRQ)
1419 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1420 else
1421 {
1422 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1423 }
1424
1425 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1426 return ERROR_FAIL;
1427
1428 for (i=0; i<=15; i++)
1429 {
1430 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1431 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1432 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1433 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1434 }
1435
1436 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1437
1438 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1439 return ERROR_FAIL;
1440
1441 /* exceptions other than USR & SYS have a saved program status register */
1442 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1443 {
1444 u32 spsr;
1445 arm7_9->read_xpsr(target, &spsr, 1);
1446 if ((retval = jtag_execute_queue()) != ERROR_OK)
1447 {
1448 return retval;
1449 }
1450 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1451 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1452 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1453 }
1454
1455 /* r0 and r15 (pc) have to be restored later */
1456 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1457 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1458
1459 if ((retval = jtag_execute_queue()) != ERROR_OK)
1460 return retval;
1461
1462 if (arm7_9->post_debug_entry)
1463 arm7_9->post_debug_entry(target);
1464
1465 return ERROR_OK;
1466 }
1467
1468 /**
1469 * Validate the full context for an ARM7/9 target in all processor modes. If
1470 * there are any invalid registers for the target, they will all be read. This
1471 * includes the PSR.
1472 *
1473 * @param target Pointer to the ARM7/9 target to capture the full context from
1474 * @return Error if the target is not halted, has an invalid core mode, or if
1475 * the JTAG queue fails to execute
1476 */
1477 int arm7_9_full_context(target_t *target)
1478 {
1479 int i;
1480 int retval;
1481 armv4_5_common_t *armv4_5 = target->arch_info;
1482 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1483
1484 LOG_DEBUG("-");
1485
1486 if (target->state != TARGET_HALTED)
1487 {
1488 LOG_WARNING("target not halted");
1489 return ERROR_TARGET_NOT_HALTED;
1490 }
1491
1492 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1493 return ERROR_FAIL;
1494
1495 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1496 * SYS shares registers with User, so we don't touch SYS
1497 */
1498 for (i = 0; i < 6; i++)
1499 {
1500 u32 mask = 0;
1501 u32* reg_p[16];
1502 int j;
1503 int valid = 1;
1504
1505 /* check if there are invalid registers in the current mode
1506 */
1507 for (j = 0; j <= 16; j++)
1508 {
1509 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1510 valid = 0;
1511 }
1512
1513 if (!valid)
1514 {
1515 u32 tmp_cpsr;
1516
1517 /* change processor mode (and mask T bit) */
1518 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1519 tmp_cpsr |= armv4_5_number_to_mode(i);
1520 tmp_cpsr &= ~0x20;
1521 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1522
1523 for (j = 0; j < 15; j++)
1524 {
1525 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1526 {
1527 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1528 mask |= 1 << j;
1529 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1530 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1531 }
1532 }
1533
1534 /* if only the PSR is invalid, mask is all zeroes */
1535 if (mask)
1536 arm7_9->read_core_regs(target, mask, reg_p);
1537
1538 /* check if the PSR has to be read */
1539 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1540 {
1541 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1542 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1543 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1544 }
1545 }
1546 }
1547
1548 /* restore processor mode (mask T bit) */
1549 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1550
1551 if ((retval = jtag_execute_queue()) != ERROR_OK)
1552 {
1553 return retval;
1554 }
1555 return ERROR_OK;
1556 }
1557
1558 /**
1559 * Restore the processor context on an ARM7/9 target. The full processor
1560 * context is analyzed to see if any of the registers are dirty on this end, but
1561 * have a valid new value. If this is the case, the processor is changed to the
1562 * appropriate mode and the new register values are written out to the
1563 * processor. If there happens to be a dirty register with an invalid value, an
1564 * error will be logged.
1565 *
1566 * @param target Pointer to the ARM7/9 target to have its context restored
1567 * @return Error status if the target is not halted or the core mode in the
1568 * armv4_5 struct is invalid.
1569 */
1570 int arm7_9_restore_context(target_t *target)
1571 {
1572 armv4_5_common_t *armv4_5 = target->arch_info;
1573 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1574 reg_t *reg;
1575 armv4_5_core_reg_t *reg_arch_info;
1576 enum armv4_5_mode current_mode = armv4_5->core_mode;
1577 int i, j;
1578 int dirty;
1579 int mode_change;
1580
1581 LOG_DEBUG("-");
1582
1583 if (target->state != TARGET_HALTED)
1584 {
1585 LOG_WARNING("target not halted");
1586 return ERROR_TARGET_NOT_HALTED;
1587 }
1588
1589 if (arm7_9->pre_restore_context)
1590 arm7_9->pre_restore_context(target);
1591
1592 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1593 return ERROR_FAIL;
1594
1595 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1596 * SYS shares registers with User, so we don't touch SYS
1597 */
1598 for (i = 0; i < 6; i++)
1599 {
1600 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1601 dirty = 0;
1602 mode_change = 0;
1603 /* check if there are dirty registers in the current mode
1604 */
1605 for (j = 0; j <= 16; j++)
1606 {
1607 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1608 reg_arch_info = reg->arch_info;
1609 if (reg->dirty == 1)
1610 {
1611 if (reg->valid == 1)
1612 {
1613 dirty = 1;
1614 LOG_DEBUG("examining dirty reg: %s", reg->name);
1615 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1616 && (reg_arch_info->mode != current_mode)
1617 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1618 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1619 {
1620 mode_change = 1;
1621 LOG_DEBUG("require mode change");
1622 }
1623 }
1624 else
1625 {
1626 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1627 }
1628 }
1629 }
1630
1631 if (dirty)
1632 {
1633 u32 mask = 0x0;
1634 int num_regs = 0;
1635 u32 regs[16];
1636
1637 if (mode_change)
1638 {
1639 u32 tmp_cpsr;
1640
1641 /* change processor mode (mask T bit) */
1642 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1643 tmp_cpsr |= armv4_5_number_to_mode(i);
1644 tmp_cpsr &= ~0x20;
1645 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1646 current_mode = armv4_5_number_to_mode(i);
1647 }
1648
1649 for (j = 0; j <= 14; j++)
1650 {
1651 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1652 reg_arch_info = reg->arch_info;
1653
1654
1655 if (reg->dirty == 1)
1656 {
1657 regs[j] = buf_get_u32(reg->value, 0, 32);
1658 mask |= 1 << j;
1659 num_regs++;
1660 reg->dirty = 0;
1661 reg->valid = 1;
1662 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1663 }
1664 }
1665
1666 if (mask)
1667 {
1668 arm7_9->write_core_regs(target, mask, regs);
1669 }
1670
1671 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1672 reg_arch_info = reg->arch_info;
1673 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1674 {
1675 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1676 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1677 }
1678 }
1679 }
1680
1681 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1682 {
1683 /* restore processor mode (mask T bit) */
1684 u32 tmp_cpsr;
1685
1686 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1687 tmp_cpsr |= armv4_5_number_to_mode(i);
1688 tmp_cpsr &= ~0x20;
1689 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1690 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1691 }
1692 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1693 {
1694 /* CPSR has been changed, full restore necessary (mask T bit) */
1695 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1696 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1697 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1698 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1699 }
1700
1701 /* restore PC */
1702 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1703 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1704 armv4_5->core_cache->reg_list[15].dirty = 0;
1705
1706 if (arm7_9->post_restore_context)
1707 arm7_9->post_restore_context(target);
1708
1709 return ERROR_OK;
1710 }
1711
1712 /**
1713 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1714 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1715 * restart.
1716 *
1717 * @param target Pointer to the ARM7/9 target to be restarted
1718 * @return Result of executing the JTAG queue
1719 */
1720 int arm7_9_restart_core(struct target_s *target)
1721 {
1722 armv4_5_common_t *armv4_5 = target->arch_info;
1723 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1724 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1725
1726 /* set RESTART instruction */
1727 jtag_add_end_state(TAP_IDLE);
1728 if (arm7_9->need_bypass_before_restart) {
1729 arm7_9->need_bypass_before_restart = 0;
1730 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1731 }
1732 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1733
1734 jtag_add_runtest(1, TAP_IDLE);
1735 return jtag_execute_queue();
1736 }
1737
1738 /**
1739 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1740 * iterated through and are set on the target if they aren't already set.
1741 *
1742 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1743 */
1744 void arm7_9_enable_watchpoints(struct target_s *target)
1745 {
1746 watchpoint_t *watchpoint = target->watchpoints;
1747
1748 while (watchpoint)
1749 {
1750 if (watchpoint->set == 0)
1751 arm7_9_set_watchpoint(target, watchpoint);
1752 watchpoint = watchpoint->next;
1753 }
1754 }
1755
1756 /**
1757 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1758 * iterated through and are set on the target.
1759 *
1760 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1761 */
1762 void arm7_9_enable_breakpoints(struct target_s *target)
1763 {
1764 breakpoint_t *breakpoint = target->breakpoints;
1765
1766 /* set any pending breakpoints */
1767 while (breakpoint)
1768 {
1769 arm7_9_set_breakpoint(target, breakpoint);
1770 breakpoint = breakpoint->next;
1771 }
1772 }
1773
1774 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1775 {
1776 armv4_5_common_t *armv4_5 = target->arch_info;
1777 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1778 breakpoint_t *breakpoint = target->breakpoints;
1779 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1780 int err, retval = ERROR_OK;
1781
1782 LOG_DEBUG("-");
1783
1784 if (target->state != TARGET_HALTED)
1785 {
1786 LOG_WARNING("target not halted");
1787 return ERROR_TARGET_NOT_HALTED;
1788 }
1789
1790 if (!debug_execution)
1791 {
1792 target_free_all_working_areas(target);
1793 }
1794
1795 /* current = 1: continue on current pc, otherwise continue at <address> */
1796 if (!current)
1797 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1798
1799 u32 current_pc;
1800 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1801
1802 /* the front-end may request us not to handle breakpoints */
1803 if (handle_breakpoints)
1804 {
1805 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1806 {
1807 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1808 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1809 {
1810 return retval;
1811 }
1812
1813 /* calculate PC of next instruction */
1814 u32 next_pc;
1815 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1816 {
1817 u32 current_opcode;
1818 target_read_u32(target, current_pc, &current_opcode);
1819 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
1820 return retval;
1821 }
1822
1823 LOG_DEBUG("enable single-step");
1824 arm7_9->enable_single_step(target, next_pc);
1825
1826 target->debug_reason = DBG_REASON_SINGLESTEP;
1827
1828 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1829 {
1830 return retval;
1831 }
1832
1833 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1834 arm7_9->branch_resume(target);
1835 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1836 {
1837 arm7_9->branch_resume_thumb(target);
1838 }
1839 else
1840 {
1841 LOG_ERROR("unhandled core state");
1842 return ERROR_FAIL;
1843 }
1844
1845 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1846 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1847 err = arm7_9_execute_sys_speed(target);
1848
1849 LOG_DEBUG("disable single-step");
1850 arm7_9->disable_single_step(target);
1851
1852 if (err != ERROR_OK)
1853 {
1854 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1855 {
1856 return retval;
1857 }
1858 target->state = TARGET_UNKNOWN;
1859 return err;
1860 }
1861
1862 arm7_9_debug_entry(target);
1863 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1864
1865 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1866 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1867 {
1868 return retval;
1869 }
1870 }
1871 }
1872
1873 /* enable any pending breakpoints and watchpoints */
1874 arm7_9_enable_breakpoints(target);
1875 arm7_9_enable_watchpoints(target);
1876
1877 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1878 {
1879 return retval;
1880 }
1881
1882 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1883 {
1884 arm7_9->branch_resume(target);
1885 }
1886 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1887 {
1888 arm7_9->branch_resume_thumb(target);
1889 }
1890 else
1891 {
1892 LOG_ERROR("unhandled core state");
1893 return ERROR_FAIL;
1894 }
1895
1896 /* deassert DBGACK and INTDIS */
1897 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1898 /* INTDIS only when we really resume, not during debug execution */
1899 if (!debug_execution)
1900 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1901 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1902
1903 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1904 {
1905 return retval;
1906 }
1907
1908 target->debug_reason = DBG_REASON_NOTHALTED;
1909
1910 if (!debug_execution)
1911 {
1912 /* registers are now invalid */
1913 armv4_5_invalidate_core_regs(target);
1914 target->state = TARGET_RUNNING;
1915 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1916 {
1917 return retval;
1918 }
1919 }
1920 else
1921 {
1922 target->state = TARGET_DEBUG_RUNNING;
1923 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1924 {
1925 return retval;
1926 }
1927 }
1928
1929 LOG_DEBUG("target resumed");
1930
1931 return ERROR_OK;
1932 }
1933
1934 void arm7_9_enable_eice_step(target_t *target, u32 next_pc)
1935 {
1936 armv4_5_common_t *armv4_5 = target->arch_info;
1937 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1938
1939 u32 current_pc;
1940 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1941
1942 if(next_pc != current_pc)
1943 {
1944 /* setup an inverse breakpoint on the current PC
1945 * - comparator 1 matches the current address
1946 * - rangeout from comparator 1 is connected to comparator 0 rangein
1947 * - comparator 0 matches any address, as long as rangein is low */
1948 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1949 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1950 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1951 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1952 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1957 }
1958 else
1959 {
1960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1962 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1969 }
1970 }
1971
1972 void arm7_9_disable_eice_step(target_t *target)
1973 {
1974 armv4_5_common_t *armv4_5 = target->arch_info;
1975 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1976
1977 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1978 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1979 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1980 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1981 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1982 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1983 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1984 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1985 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1986 }
1987
1988 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1989 {
1990 armv4_5_common_t *armv4_5 = target->arch_info;
1991 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1992 breakpoint_t *breakpoint = NULL;
1993 int err, retval;
1994
1995 if (target->state != TARGET_HALTED)
1996 {
1997 LOG_WARNING("target not halted");
1998 return ERROR_TARGET_NOT_HALTED;
1999 }
2000
2001 /* current = 1: continue on current pc, otherwise continue at <address> */
2002 if (!current)
2003 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2004
2005 u32 current_pc;
2006 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2007
2008 /* the front-end may request us not to handle breakpoints */
2009 if (handle_breakpoints)
2010 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2011 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2012 {
2013 return retval;
2014 }
2015
2016 target->debug_reason = DBG_REASON_SINGLESTEP;
2017
2018 /* calculate PC of next instruction */
2019 u32 next_pc;
2020 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2021 {
2022 u32 current_opcode;
2023 target_read_u32(target, current_pc, &current_opcode);
2024 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
2025 return retval;
2026 }
2027
2028 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2029 {
2030 return retval;
2031 }
2032
2033 arm7_9->enable_single_step(target, next_pc);
2034
2035 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2036 {
2037 arm7_9->branch_resume(target);
2038 }
2039 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2040 {
2041 arm7_9->branch_resume_thumb(target);
2042 }
2043 else
2044 {
2045 LOG_ERROR("unhandled core state");
2046 return ERROR_FAIL;
2047 }
2048
2049 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2050 {
2051 return retval;
2052 }
2053
2054 err = arm7_9_execute_sys_speed(target);
2055 arm7_9->disable_single_step(target);
2056
2057 /* registers are now invalid */
2058 armv4_5_invalidate_core_regs(target);
2059
2060 if (err != ERROR_OK)
2061 {
2062 target->state = TARGET_UNKNOWN;
2063 } else {
2064 arm7_9_debug_entry(target);
2065 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2066 {
2067 return retval;
2068 }
2069 LOG_DEBUG("target stepped");
2070 }
2071
2072 if (breakpoint)
2073 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2074 {
2075 return retval;
2076 }
2077
2078 return err;
2079 }
2080
2081 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2082 {
2083 u32* reg_p[16];
2084 u32 value;
2085 int retval;
2086 armv4_5_common_t *armv4_5 = target->arch_info;
2087 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2088
2089 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2090 return ERROR_FAIL;
2091
2092 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2093
2094 if ((num < 0) || (num > 16))
2095 return ERROR_INVALID_ARGUMENTS;
2096
2097 if ((mode != ARMV4_5_MODE_ANY)
2098 && (mode != armv4_5->core_mode)
2099 && (reg_mode != ARMV4_5_MODE_ANY))
2100 {
2101 u32 tmp_cpsr;
2102
2103 /* change processor mode (mask T bit) */
2104 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2105 tmp_cpsr |= mode;
2106 tmp_cpsr &= ~0x20;
2107 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2108 }
2109
2110 if ((num >= 0) && (num <= 15))
2111 {
2112 /* read a normal core register */
2113 reg_p[num] = &value;
2114
2115 arm7_9->read_core_regs(target, 1 << num, reg_p);
2116 }
2117 else
2118 {
2119 /* read a program status register
2120 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2121 */
2122 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2123 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2124
2125 arm7_9->read_xpsr(target, &value, spsr);
2126 }
2127
2128 if ((retval = jtag_execute_queue()) != ERROR_OK)
2129 {
2130 return retval;
2131 }
2132
2133 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2134 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2135 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2136
2137 if ((mode != ARMV4_5_MODE_ANY)
2138 && (mode != armv4_5->core_mode)
2139 && (reg_mode != ARMV4_5_MODE_ANY)) {
2140 /* restore processor mode (mask T bit) */
2141 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2142 }
2143
2144 return ERROR_OK;
2145 }
2146
2147 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
2148 {
2149 u32 reg[16];
2150 armv4_5_common_t *armv4_5 = target->arch_info;
2151 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2152
2153 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2154 return ERROR_FAIL;
2155
2156 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2157
2158 if ((num < 0) || (num > 16))
2159 return ERROR_INVALID_ARGUMENTS;
2160
2161 if ((mode != ARMV4_5_MODE_ANY)
2162 && (mode != armv4_5->core_mode)
2163 && (reg_mode != ARMV4_5_MODE_ANY)) {
2164 u32 tmp_cpsr;
2165
2166 /* change processor mode (mask T bit) */
2167 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2168 tmp_cpsr |= mode;
2169 tmp_cpsr &= ~0x20;
2170 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2171 }
2172
2173 if ((num >= 0) && (num <= 15))
2174 {
2175 /* write a normal core register */
2176 reg[num] = value;
2177
2178 arm7_9->write_core_regs(target, 1 << num, reg);
2179 }
2180 else
2181 {
2182 /* write a program status register
2183 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2184 */
2185 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2186 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2187
2188 /* if we're writing the CPSR, mask the T bit */
2189 if (!spsr)
2190 value &= ~0x20;
2191
2192 arm7_9->write_xpsr(target, value, spsr);
2193 }
2194
2195 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2196 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2197
2198 if ((mode != ARMV4_5_MODE_ANY)
2199 && (mode != armv4_5->core_mode)
2200 && (reg_mode != ARMV4_5_MODE_ANY)) {
2201 /* restore processor mode (mask T bit) */
2202 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2203 }
2204
2205 return jtag_execute_queue();
2206 }
2207
2208 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2209 {
2210 armv4_5_common_t *armv4_5 = target->arch_info;
2211 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2212
2213 u32 reg[16];
2214 u32 num_accesses = 0;
2215 int thisrun_accesses;
2216 int i;
2217 u32 cpsr;
2218 int retval;
2219 int last_reg = 0;
2220
2221 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2222
2223 if (target->state != TARGET_HALTED)
2224 {
2225 LOG_WARNING("target not halted");
2226 return ERROR_TARGET_NOT_HALTED;
2227 }
2228
2229 /* sanitize arguments */
2230 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2231 return ERROR_INVALID_ARGUMENTS;
2232
2233 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2234 return ERROR_TARGET_UNALIGNED_ACCESS;
2235
2236 /* load the base register with the address of the first word */
2237 reg[0] = address;
2238 arm7_9->write_core_regs(target, 0x1, reg);
2239
2240 int j=0;
2241
2242 switch (size)
2243 {
2244 case 4:
2245 while (num_accesses < count)
2246 {
2247 u32 reg_list;
2248 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2249 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2250
2251 if (last_reg <= thisrun_accesses)
2252 last_reg = thisrun_accesses;
2253
2254 arm7_9->load_word_regs(target, reg_list);
2255
2256 /* fast memory reads are only safe when the target is running
2257 * from a sufficiently high clock (32 kHz is usually too slow)
2258 */
2259 if (arm7_9->fast_memory_access)
2260 retval = arm7_9_execute_fast_sys_speed(target);
2261 else
2262 retval = arm7_9_execute_sys_speed(target);
2263 if (retval != ERROR_OK)
2264 return retval;
2265
2266 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2267
2268 /* advance buffer, count number of accesses */
2269 buffer += thisrun_accesses * 4;
2270 num_accesses += thisrun_accesses;
2271
2272 if ((j++%1024)==0)
2273 {
2274 keep_alive();
2275 }
2276 }
2277 break;
2278 case 2:
2279 while (num_accesses < count)
2280 {
2281 u32 reg_list;
2282 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2283 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2284
2285 for (i = 1; i <= thisrun_accesses; i++)
2286 {
2287 if (i > last_reg)
2288 last_reg = i;
2289 arm7_9->load_hword_reg(target, i);
2290 /* fast memory reads are only safe when the target is running
2291 * from a sufficiently high clock (32 kHz is usually too slow)
2292 */
2293 if (arm7_9->fast_memory_access)
2294 retval = arm7_9_execute_fast_sys_speed(target);
2295 else
2296 retval = arm7_9_execute_sys_speed(target);
2297 if(retval != ERROR_OK)
2298 {
2299 return retval;
2300 }
2301
2302 }
2303
2304 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2305
2306 /* advance buffer, count number of accesses */
2307 buffer += thisrun_accesses * 2;
2308 num_accesses += thisrun_accesses;
2309
2310 if ((j++%1024)==0)
2311 {
2312 keep_alive();
2313 }
2314 }
2315 break;
2316 case 1:
2317 while (num_accesses < count)
2318 {
2319 u32 reg_list;
2320 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2321 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2322
2323 for (i = 1; i <= thisrun_accesses; i++)
2324 {
2325 if (i > last_reg)
2326 last_reg = i;
2327 arm7_9->load_byte_reg(target, i);
2328 /* fast memory reads are only safe when the target is running
2329 * from a sufficiently high clock (32 kHz is usually too slow)
2330 */
2331 if (arm7_9->fast_memory_access)
2332 retval = arm7_9_execute_fast_sys_speed(target);
2333 else
2334 retval = arm7_9_execute_sys_speed(target);
2335 if(retval != ERROR_OK)
2336 {
2337 return retval;
2338 }
2339 }
2340
2341 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2342
2343 /* advance buffer, count number of accesses */
2344 buffer += thisrun_accesses * 1;
2345 num_accesses += thisrun_accesses;
2346
2347 if ((j++%1024)==0)
2348 {
2349 keep_alive();
2350 }
2351 }
2352 break;
2353 default:
2354 LOG_ERROR("BUG: we shouldn't get here");
2355 exit(-1);
2356 break;
2357 }
2358
2359 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2360 return ERROR_FAIL;
2361
2362 for (i=0; i<=last_reg; i++)
2363 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2364
2365 arm7_9->read_xpsr(target, &cpsr, 0);
2366 if ((retval = jtag_execute_queue()) != ERROR_OK)
2367 {
2368 LOG_ERROR("JTAG error while reading cpsr");
2369 return ERROR_TARGET_DATA_ABORT;
2370 }
2371
2372 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2373 {
2374 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2375
2376 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2377
2378 return ERROR_TARGET_DATA_ABORT;
2379 }
2380
2381 return ERROR_OK;
2382 }
2383
2384 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2385 {
2386 armv4_5_common_t *armv4_5 = target->arch_info;
2387 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2388 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2389
2390 u32 reg[16];
2391 u32 num_accesses = 0;
2392 int thisrun_accesses;
2393 int i;
2394 u32 cpsr;
2395 int retval;
2396 int last_reg = 0;
2397
2398 #ifdef _DEBUG_ARM7_9_
2399 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2400 #endif
2401
2402 if (target->state != TARGET_HALTED)
2403 {
2404 LOG_WARNING("target not halted");
2405 return ERROR_TARGET_NOT_HALTED;
2406 }
2407
2408 /* sanitize arguments */
2409 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2410 return ERROR_INVALID_ARGUMENTS;
2411
2412 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2413 return ERROR_TARGET_UNALIGNED_ACCESS;
2414
2415 /* load the base register with the address of the first word */
2416 reg[0] = address;
2417 arm7_9->write_core_regs(target, 0x1, reg);
2418
2419 /* Clear DBGACK, to make sure memory fetches work as expected */
2420 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2421 embeddedice_store_reg(dbg_ctrl);
2422
2423 switch (size)
2424 {
2425 case 4:
2426 while (num_accesses < count)
2427 {
2428 u32 reg_list;
2429 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2430 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2431
2432 for (i = 1; i <= thisrun_accesses; i++)
2433 {
2434 if (i > last_reg)
2435 last_reg = i;
2436 reg[i] = target_buffer_get_u32(target, buffer);
2437 buffer += 4;
2438 }
2439
2440 arm7_9->write_core_regs(target, reg_list, reg);
2441
2442 arm7_9->store_word_regs(target, reg_list);
2443
2444 /* fast memory writes are only safe when the target is running
2445 * from a sufficiently high clock (32 kHz is usually too slow)
2446 */
2447 if (arm7_9->fast_memory_access)
2448 retval = arm7_9_execute_fast_sys_speed(target);
2449 else
2450 retval = arm7_9_execute_sys_speed(target);
2451 if(retval != ERROR_OK)
2452 {
2453 return retval;
2454 }
2455
2456 num_accesses += thisrun_accesses;
2457 }
2458 break;
2459 case 2:
2460 while (num_accesses < count)
2461 {
2462 u32 reg_list;
2463 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2464 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2465
2466 for (i = 1; i <= thisrun_accesses; i++)
2467 {
2468 if (i > last_reg)
2469 last_reg = i;
2470 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2471 buffer += 2;
2472 }
2473
2474 arm7_9->write_core_regs(target, reg_list, reg);
2475
2476 for (i = 1; i <= thisrun_accesses; i++)
2477 {
2478 arm7_9->store_hword_reg(target, i);
2479
2480 /* fast memory writes are only safe when the target is running
2481 * from a sufficiently high clock (32 kHz is usually too slow)
2482 */
2483 if (arm7_9->fast_memory_access)
2484 retval = arm7_9_execute_fast_sys_speed(target);
2485 else
2486 retval = arm7_9_execute_sys_speed(target);
2487 if(retval != ERROR_OK)
2488 {
2489 return retval;
2490 }
2491 }
2492
2493 num_accesses += thisrun_accesses;
2494 }
2495 break;
2496 case 1:
2497 while (num_accesses < count)
2498 {
2499 u32 reg_list;
2500 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2501 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2502
2503 for (i = 1; i <= thisrun_accesses; i++)
2504 {
2505 if (i > last_reg)
2506 last_reg = i;
2507 reg[i] = *buffer++ & 0xff;
2508 }
2509
2510 arm7_9->write_core_regs(target, reg_list, reg);
2511
2512 for (i = 1; i <= thisrun_accesses; i++)
2513 {
2514 arm7_9->store_byte_reg(target, i);
2515 /* fast memory writes are only safe when the target is running
2516 * from a sufficiently high clock (32 kHz is usually too slow)
2517 */
2518 if (arm7_9->fast_memory_access)
2519 retval = arm7_9_execute_fast_sys_speed(target);
2520 else
2521 retval = arm7_9_execute_sys_speed(target);
2522 if(retval != ERROR_OK)
2523 {
2524 return retval;
2525 }
2526
2527 }
2528
2529 num_accesses += thisrun_accesses;
2530 }
2531 break;
2532 default:
2533 LOG_ERROR("BUG: we shouldn't get here");
2534 exit(-1);
2535 break;
2536 }
2537
2538 /* Re-Set DBGACK */
2539 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2540 embeddedice_store_reg(dbg_ctrl);
2541
2542 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2543 return ERROR_FAIL;
2544
2545 for (i=0; i<=last_reg; i++)
2546 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2547
2548 arm7_9->read_xpsr(target, &cpsr, 0);
2549 if ((retval = jtag_execute_queue()) != ERROR_OK)
2550 {
2551 LOG_ERROR("JTAG error while reading cpsr");
2552 return ERROR_TARGET_DATA_ABORT;
2553 }
2554
2555 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2556 {
2557 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2558
2559 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2560
2561 return ERROR_TARGET_DATA_ABORT;
2562 }
2563
2564 return ERROR_OK;
2565 }
2566
2567 static int dcc_count;
2568 static u8 *dcc_buffer;
2569
2570 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2571 {
2572 int retval = ERROR_OK;
2573 armv4_5_common_t *armv4_5 = target->arch_info;
2574 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2575
2576 if ((retval=target_wait_state(target, TARGET_DEBUG_RUNNING, 500))!=ERROR_OK)
2577 return retval;
2578
2579 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2580 int count=dcc_count;
2581 u8 *buffer=dcc_buffer;
2582 if (count>2)
2583 {
2584 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2585 * core function repeated. */
2586 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2587 buffer+=4;
2588
2589 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2590 u8 reg_addr = ice_reg->addr & 0x1f;
2591 jtag_tap_t *tap;
2592 tap = ice_reg->jtag_info->tap;
2593
2594 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2595 buffer += (count-2)*4;
2596
2597 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2598 } else
2599 {
2600 int i;
2601 for (i = 0; i < count; i++)
2602 {
2603 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2604 buffer += 4;
2605 }
2606 }
2607
2608 if((retval = target_halt(target))!= ERROR_OK)
2609 {
2610 return retval;
2611 }
2612 return target_wait_state(target, TARGET_HALTED, 500);
2613 }
2614
2615 static const u32 dcc_code[] =
2616 {
2617 /* MRC TST BNE MRC STR B */
2618 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2619 };
2620
2621 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2622
2623 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2624 {
2625 int retval;
2626 armv4_5_common_t *armv4_5 = target->arch_info;
2627 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2628 int i;
2629
2630 if (!arm7_9->dcc_downloads)
2631 return target->type->write_memory(target, address, 4, count, buffer);
2632
2633 /* regrab previously allocated working_area, or allocate a new one */
2634 if (!arm7_9->dcc_working_area)
2635 {
2636 u8 dcc_code_buf[6 * 4];
2637
2638 /* make sure we have a working area */
2639 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2640 {
2641 LOG_INFO("no working area available, falling back to memory writes");
2642 return target->type->write_memory(target, address, 4, count, buffer);
2643 }
2644
2645 /* copy target instructions to target endianness */
2646 for (i = 0; i < 6; i++)
2647 {
2648 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2649 }
2650
2651 /* write DCC code to working area */
2652 if ((retval = target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2653 {
2654 return retval;
2655 }
2656 }
2657
2658 armv4_5_algorithm_t armv4_5_info;
2659 reg_param_t reg_params[1];
2660
2661 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2662 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2663 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2664
2665 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2666
2667 buf_set_u32(reg_params[0].value, 0, 32, address);
2668
2669 dcc_count=count;
2670 dcc_buffer=buffer;
2671 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2672 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2673
2674 if (retval==ERROR_OK)
2675 {
2676 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2677 if (endaddress!=(address+count*4))
2678 {
2679 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2680 retval=ERROR_FAIL;
2681 }
2682 }
2683
2684 destroy_reg_param(&reg_params[0]);
2685
2686 return retval;
2687 }
2688
2689 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2690 {
2691 working_area_t *crc_algorithm;
2692 armv4_5_algorithm_t armv4_5_info;
2693 reg_param_t reg_params[2];
2694 int retval;
2695
2696 u32 arm7_9_crc_code[] = {
2697 0xE1A02000, /* mov r2, r0 */
2698 0xE3E00000, /* mov r0, #0xffffffff */
2699 0xE1A03001, /* mov r3, r1 */
2700 0xE3A04000, /* mov r4, #0 */
2701 0xEA00000B, /* b ncomp */
2702 /* nbyte: */
2703 0xE7D21004, /* ldrb r1, [r2, r4] */
2704 0xE59F7030, /* ldr r7, CRC32XOR */
2705 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2706 0xE3A05000, /* mov r5, #0 */
2707 /* loop: */
2708 0xE3500000, /* cmp r0, #0 */
2709 0xE1A06080, /* mov r6, r0, asl #1 */
2710 0xE2855001, /* add r5, r5, #1 */
2711 0xE1A00006, /* mov r0, r6 */
2712 0xB0260007, /* eorlt r0, r6, r7 */
2713 0xE3550008, /* cmp r5, #8 */
2714 0x1AFFFFF8, /* bne loop */
2715 0xE2844001, /* add r4, r4, #1 */
2716 /* ncomp: */
2717 0xE1540003, /* cmp r4, r3 */
2718 0x1AFFFFF1, /* bne nbyte */
2719 /* end: */
2720 0xEAFFFFFE, /* b end */
2721 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2722 };
2723
2724 u32 i;
2725
2726 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2727 {
2728 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2729 }
2730
2731 /* convert flash writing code into a buffer in target endianness */
2732 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2733 {
2734 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2735 {
2736 return retval;
2737 }
2738 }
2739
2740 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2741 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2742 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2743
2744 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2745 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2746
2747 buf_set_u32(reg_params[0].value, 0, 32, address);
2748 buf_set_u32(reg_params[1].value, 0, 32, count);
2749
2750 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2751 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2752 {
2753 LOG_ERROR("error executing arm7_9 crc algorithm");
2754 destroy_reg_param(&reg_params[0]);
2755 destroy_reg_param(&reg_params[1]);
2756 target_free_working_area(target, crc_algorithm);
2757 return retval;
2758 }
2759
2760 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2761
2762 destroy_reg_param(&reg_params[0]);
2763 destroy_reg_param(&reg_params[1]);
2764
2765 target_free_working_area(target, crc_algorithm);
2766
2767 return ERROR_OK;
2768 }
2769
2770 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2771 {
2772 working_area_t *erase_check_algorithm;
2773 reg_param_t reg_params[3];
2774 armv4_5_algorithm_t armv4_5_info;
2775 int retval;
2776 u32 i;
2777
2778 u32 erase_check_code[] =
2779 {
2780 /* loop: */
2781 0xe4d03001, /* ldrb r3, [r0], #1 */
2782 0xe0022003, /* and r2, r2, r3 */
2783 0xe2511001, /* subs r1, r1, #1 */
2784 0x1afffffb, /* bne loop */
2785 /* end: */
2786 0xeafffffe /* b end */
2787 };
2788
2789 /* make sure we have a working area */
2790 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2791 {
2792 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2793 }
2794
2795 /* convert flash writing code into a buffer in target endianness */
2796 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2797 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i])) != ERROR_OK)
2798 {
2799 return retval;
2800 }
2801
2802 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2803 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2804 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2805
2806 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2807 buf_set_u32(reg_params[0].value, 0, 32, address);
2808
2809 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2810 buf_set_u32(reg_params[1].value, 0, 32, count);
2811
2812 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2813 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2814
2815 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2816 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2817 {
2818 destroy_reg_param(&reg_params[0]);
2819 destroy_reg_param(&reg_params[1]);
2820 destroy_reg_param(&reg_params[2]);
2821 target_free_working_area(target, erase_check_algorithm);
2822 return 0;
2823 }
2824
2825 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2826
2827 destroy_reg_param(&reg_params[0]);
2828 destroy_reg_param(&reg_params[1]);
2829 destroy_reg_param(&reg_params[2]);
2830
2831 target_free_working_area(target, erase_check_algorithm);
2832
2833 return ERROR_OK;
2834 }
2835
2836 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2837 {
2838 command_t *arm7_9_cmd;
2839
2840 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2841
2842 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2843 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2844
2845 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2846
2847 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2848 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2849 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2850 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable|disable>");
2851 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2852 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2853
2854 armv4_5_register_commands(cmd_ctx);
2855
2856 etm_register_commands(cmd_ctx);
2857
2858 return ERROR_OK;
2859 }
2860
2861 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2862 {
2863 u32 value;
2864 int spsr;
2865 int retval;
2866 target_t *target = get_current_target(cmd_ctx);
2867 armv4_5_common_t *armv4_5;
2868 arm7_9_common_t *arm7_9;
2869
2870 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2871 {
2872 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2873 return ERROR_OK;
2874 }
2875
2876 if (target->state != TARGET_HALTED)
2877 {
2878 command_print(cmd_ctx, "can't write registers while running");
2879 return ERROR_OK;
2880 }
2881
2882 if (argc < 2)
2883 {
2884 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2885 return ERROR_OK;
2886 }
2887
2888 value = strtoul(args[0], NULL, 0);
2889 spsr = strtol(args[1], NULL, 0);
2890
2891 /* if we're writing the CPSR, mask the T bit */
2892 if (!spsr)
2893 value &= ~0x20;
2894
2895 arm7_9->write_xpsr(target, value, spsr);
2896 if ((retval = jtag_execute_queue()) != ERROR_OK)
2897 {
2898 LOG_ERROR("JTAG error while writing to xpsr");
2899 return retval;
2900 }
2901
2902 return ERROR_OK;
2903 }
2904
2905 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2906 {
2907 u32 value;
2908 int rotate;
2909 int spsr;
2910 int retval;
2911 target_t *target = get_current_target(cmd_ctx);
2912 armv4_5_common_t *armv4_5;
2913 arm7_9_common_t *arm7_9;
2914
2915 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2916 {
2917 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2918 return ERROR_OK;
2919 }
2920
2921 if (target->state != TARGET_HALTED)
2922 {
2923 command_print(cmd_ctx, "can't write registers while running");
2924 return ERROR_OK;
2925 }
2926
2927 if (argc < 3)
2928 {
2929 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2930 return ERROR_OK;
2931 }
2932
2933 value = strtoul(args[0], NULL, 0);
2934 rotate = strtol(args[1], NULL, 0);
2935 spsr = strtol(args[2], NULL, 0);
2936
2937 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2938 if ((retval = jtag_execute_queue()) != ERROR_OK)
2939 {
2940 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2941 return retval;
2942 }
2943
2944 return ERROR_OK;
2945 }
2946
2947 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2948 {
2949 u32 value;
2950 u32 mode;
2951 int num;
2952 target_t *target = get_current_target(cmd_ctx);
2953 armv4_5_common_t *armv4_5;
2954 arm7_9_common_t *arm7_9;
2955
2956 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2957 {
2958 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2959 return ERROR_OK;
2960 }
2961
2962 if (target->state != TARGET_HALTED)
2963 {
2964 command_print(cmd_ctx, "can't write registers while running");
2965 return ERROR_OK;
2966 }
2967
2968 if (argc < 3)
2969 {
2970 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2971 return ERROR_OK;
2972 }
2973
2974 num = strtol(args[0], NULL, 0);
2975 mode = strtoul(args[1], NULL, 0);
2976 value = strtoul(args[2], NULL, 0);
2977
2978 return arm7_9_write_core_reg(target, num, mode, value);
2979 }
2980
2981 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2982 {
2983 target_t *target = get_current_target(cmd_ctx);
2984 armv4_5_common_t *armv4_5;
2985 arm7_9_common_t *arm7_9;
2986
2987 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2988 {
2989 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2990 return ERROR_OK;
2991 }
2992
2993 if (argc > 0)
2994 {
2995 if (strcmp("enable", args[0]) == 0)
2996 {
2997 arm7_9->use_dbgrq = 1;
2998 }
2999 else if (strcmp("disable", args[0]) == 0)
3000 {
3001 arm7_9->use_dbgrq = 0;
3002 }
3003 else
3004 {
3005 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
3006 }
3007 }
3008
3009 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3010
3011 return ERROR_OK;
3012 }
3013
3014 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3015 {
3016 target_t *target = get_current_target(cmd_ctx);
3017 armv4_5_common_t *armv4_5;
3018 arm7_9_common_t *arm7_9;
3019
3020 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3021 {
3022 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3023 return ERROR_OK;
3024 }
3025
3026 if (argc > 0)
3027 {
3028 if (strcmp("enable", args[0]) == 0)
3029 {
3030 arm7_9->fast_memory_access = 1;
3031 }
3032 else if (strcmp("disable", args[0]) == 0)
3033 {
3034 arm7_9->fast_memory_access = 0;
3035 }
3036 else
3037 {
3038 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
3039 }
3040 }
3041
3042 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3043
3044 return ERROR_OK;
3045 }
3046
3047 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3048 {
3049 target_t *target = get_current_target(cmd_ctx);
3050 armv4_5_common_t *armv4_5;
3051 arm7_9_common_t *arm7_9;
3052
3053 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3054 {
3055 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3056 return ERROR_OK;
3057 }
3058
3059 if (argc > 0)
3060 {
3061 if (strcmp("enable", args[0]) == 0)
3062 {
3063 arm7_9->dcc_downloads = 1;
3064 }
3065 else if (strcmp("disable", args[0]) == 0)
3066 {
3067 arm7_9->dcc_downloads = 0;
3068 }
3069 else
3070 {
3071 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
3072 }
3073 }
3074
3075 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3076
3077 return ERROR_OK;
3078 }
3079
3080 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3081 {
3082 int retval = ERROR_OK;
3083 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3084
3085 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3086
3087 if((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3088 {
3089 return retval;
3090 }
3091
3092 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3093 arm7_9->wp_available_max = 2;
3094 arm7_9->sw_breakpoints_added = 0;
3095 arm7_9->breakpoint_count = 0;
3096 arm7_9->wp0_used = 0;
3097 arm7_9->wp1_used = 0;
3098 arm7_9->wp1_used_default = 0;
3099 arm7_9->use_dbgrq = 0;
3100
3101 arm7_9->etm_ctx = NULL;
3102 arm7_9->has_single_step = 0;
3103 arm7_9->has_monitor_mode = 0;
3104 arm7_9->has_vector_catch = 0;
3105
3106 arm7_9->debug_entry_from_reset = 0;
3107
3108 arm7_9->dcc_working_area = NULL;
3109
3110 arm7_9->fast_memory_access = fast_and_dangerous;
3111 arm7_9->dcc_downloads = fast_and_dangerous;
3112
3113 arm7_9->need_bypass_before_restart = 0;
3114
3115 armv4_5->arch_info = arm7_9;
3116 armv4_5->read_core_reg = arm7_9_read_core_reg;
3117 armv4_5->write_core_reg = arm7_9_write_core_reg;
3118 armv4_5->full_context = arm7_9_full_context;
3119
3120 if((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3121 {
3122 return retval;
3123 }
3124
3125 if((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3126 {
3127 return retval;
3128 }
3129
3130 return ERROR_OK;
3131 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)