Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
restore ICE watchpoint registers when the *last* software breakpoint is removed
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoint_count = 0;
65 arm7_9->sw_breakpoints_added = 0;
66 arm7_9->wp0_used = 0;
67 arm7_9->wp1_used = arm7_9->wp1_used_default;
68 arm7_9->wp_available = arm7_9->wp_available_max;
69
70 return jtag_execute_queue();
71 }
72
73 /**
74 * Assign a watchpoint to one of the two available hardware comparators in an
75 * ARM7 or ARM9 target.
76 *
77 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
78 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
79 */
80 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
81 {
82 if (!arm7_9->wp0_used)
83 {
84 arm7_9->wp0_used = 1;
85 breakpoint->set = 1;
86 arm7_9->wp_available--;
87 }
88 else if (!arm7_9->wp1_used)
89 {
90 arm7_9->wp1_used = 1;
91 breakpoint->set = 2;
92 arm7_9->wp_available--;
93 }
94 else
95 {
96 LOG_ERROR("BUG: no hardware comparator available");
97 }
98 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
99 breakpoint->unique_id,
100 breakpoint->address,
101 breakpoint->set );
102 }
103
104 /**
105 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
106 *
107 * @param arm7_9 Pointer to common struct for ARM7/9 targets
108 * @return Error codes if there is a problem finding a watchpoint or the result
109 * of executing the JTAG queue
110 */
111 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
112 {
113 if (arm7_9->sw_breakpoints_added)
114 {
115 return ERROR_OK;
116 }
117 if (arm7_9->wp_available < 1)
118 {
119 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
120 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
121 }
122 arm7_9->wp_available--;
123
124 /* pick a breakpoint unit */
125 if (!arm7_9->wp0_used)
126 {
127 arm7_9->sw_breakpoints_added = 1;
128 arm7_9->wp0_used = 3;
129 } else if (!arm7_9->wp1_used)
130 {
131 arm7_9->sw_breakpoints_added = 2;
132 arm7_9->wp1_used = 3;
133 }
134 else
135 {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1)
141 {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 }
148 else if (arm7_9->sw_breakpoints_added == 2)
149 {
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
155 }
156 else
157 {
158 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
159 return ERROR_FAIL;
160 }
161 LOG_DEBUG("SW BP using hw wp: %d",
162 arm7_9->sw_breakpoints_added );
163
164 return jtag_execute_queue();
165 }
166
167 /**
168 * Setup the common pieces for an ARM7/9 target after reset or on startup.
169 *
170 * @param target Pointer to an ARM7/9 target to setup
171 * @return Result of clearing the watchpoints on the target
172 */
173 int arm7_9_setup(target_t *target)
174 {
175 armv4_5_common_t *armv4_5 = target->arch_info;
176 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
177
178 return arm7_9_clear_watchpoints(arm7_9);
179 }
180
181 /**
182 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
183 * targets. A return of ERROR_OK signifies that the target is a valid target
184 * and that the pointers have been set properly.
185 *
186 * @param target Pointer to the target device to get the pointers from
187 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
188 * targets
189 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
190 * targets
191 * @return ERROR_OK if successful
192 */
193 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
194 {
195 armv4_5_common_t *armv4_5 = target->arch_info;
196 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
197
198 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
199 {
200 return -1;
201 }
202
203 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
204 {
205 return -1;
206 }
207
208 *armv4_5_p = armv4_5;
209 *arm7_9_p = arm7_9;
210
211 return ERROR_OK;
212 }
213
214 /**
215 * Set either a hardware or software breakpoint on an ARM7/9 target. The
216 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
217 * might have erased the values in Embedded ICE.
218 *
219 * @param target Pointer to the target device to set the breakpoints on
220 * @param breakpoint Pointer to the breakpoint to be set
221 * @return For hardware breakpoints, this is the result of executing the JTAG
222 * queue. For software breakpoints, this will be the status of the
223 * required memory reads and writes
224 */
225 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
226 {
227 armv4_5_common_t *armv4_5 = target->arch_info;
228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
229 int retval = ERROR_OK;
230
231 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
232 breakpoint->unique_id,
233 breakpoint->address );
234
235 if (target->state != TARGET_HALTED)
236 {
237 LOG_WARNING("target not halted");
238 return ERROR_TARGET_NOT_HALTED;
239 }
240
241 if (breakpoint->type == BKPT_HARD)
242 {
243 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
244 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
245
246 /* reassign a hw breakpoint */
247 if (breakpoint->set == 0)
248 {
249 arm7_9_assign_wp(arm7_9, breakpoint);
250 }
251
252 if (breakpoint->set == 1)
253 {
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
258 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
259 }
260 else if (breakpoint->set == 2)
261 {
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
266 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
267 }
268 else
269 {
270 LOG_ERROR("BUG: no hardware comparator available");
271 return ERROR_OK;
272 }
273
274 retval = jtag_execute_queue();
275 }
276 else if (breakpoint->type == BKPT_SOFT)
277 {
278 /* did we already set this breakpoint? */
279 if (breakpoint->set)
280 return ERROR_OK;
281
282 if (breakpoint->length == 4)
283 {
284 uint32_t verify = 0xffffffff;
285 /* keep the original instruction in target endianness */
286 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
287 {
288 return retval;
289 }
290 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
291 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
292 {
293 return retval;
294 }
295
296 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
297 {
298 return retval;
299 }
300 if (verify != arm7_9->arm_bkpt)
301 {
302 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
303 return ERROR_OK;
304 }
305 }
306 else
307 {
308 uint16_t verify = 0xffff;
309 /* keep the original instruction in target endianness */
310 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
311 {
312 return retval;
313 }
314 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
315 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
316 {
317 return retval;
318 }
319
320 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
321 {
322 return retval;
323 }
324 if (verify != arm7_9->thumb_bkpt)
325 {
326 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
327 return ERROR_OK;
328 }
329 }
330
331 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
332 return retval;
333
334 arm7_9->sw_breakpoint_count++;
335
336 breakpoint->set = 1;
337 }
338
339 return retval;
340 }
341
342 /**
343 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
344 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
345 * will be updated. Otherwise, the software breakpoint will be restored to its
346 * original instruction if it hasn't already been modified.
347 *
348 * @param target Pointer to ARM7/9 target to unset the breakpoint from
349 * @param breakpoint Pointer to breakpoint to be unset
350 * @return For hardware breakpoints, this is the result of executing the JTAG
351 * queue. For software breakpoints, this will be the status of the
352 * required memory reads and writes
353 */
354 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
355 {
356 int retval = ERROR_OK;
357
358 armv4_5_common_t *armv4_5 = target->arch_info;
359 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
360
361 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
362 breakpoint->unique_id,
363 breakpoint->address );
364
365 if (!breakpoint->set)
366 {
367 LOG_WARNING("breakpoint not set");
368 return ERROR_OK;
369 }
370
371 if (breakpoint->type == BKPT_HARD)
372 {
373 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
374 breakpoint->unique_id,
375 breakpoint->set );
376 if (breakpoint->set == 1)
377 {
378 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
379 arm7_9->wp0_used = 0;
380 arm7_9->wp_available++;
381 }
382 else if (breakpoint->set == 2)
383 {
384 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
385 arm7_9->wp1_used = 0;
386 arm7_9->wp_available++;
387 }
388 retval = jtag_execute_queue();
389 breakpoint->set = 0;
390 }
391 else
392 {
393 /* restore original instruction (kept in target endianness) */
394 if (breakpoint->length == 4)
395 {
396 uint32_t current_instr;
397 /* check that user program as not modified breakpoint instruction */
398 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
399 {
400 return retval;
401 }
402 if (current_instr == arm7_9->arm_bkpt)
403 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
404 {
405 return retval;
406 }
407 }
408 else
409 {
410 uint16_t current_instr;
411 /* check that user program as not modified breakpoint instruction */
412 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
413 {
414 return retval;
415 }
416 if (current_instr == arm7_9->thumb_bkpt)
417 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
418 {
419 return retval;
420 }
421 }
422
423 if (--arm7_9->sw_breakpoint_count==0)
424 {
425 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
426 if (arm7_9->sw_breakpoints_added == 1)
427 {
428 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
429 }
430 else if (arm7_9->sw_breakpoints_added == 2)
431 {
432 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
433 }
434 }
435
436 breakpoint->set = 0;
437 }
438
439 return retval;
440 }
441
442 /**
443 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
444 * dangling breakpoints and that the desired breakpoint can be added.
445 *
446 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
447 * @param breakpoint Pointer to the breakpoint to be added
448 * @return An error status if there is a problem adding the breakpoint or the
449 * result of setting the breakpoint
450 */
451 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
452 {
453 armv4_5_common_t *armv4_5 = target->arch_info;
454 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
455
456 if (target->state != TARGET_HALTED)
457 {
458 LOG_WARNING("target not halted");
459 return ERROR_TARGET_NOT_HALTED;
460 }
461
462 if (arm7_9->breakpoint_count == 0)
463 {
464 /* make sure we don't have any dangling breakpoints. This is vital upon
465 * GDB connect/disconnect
466 */
467 arm7_9_clear_watchpoints(arm7_9);
468 }
469
470 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
471 {
472 LOG_INFO("no watchpoint unit available for hardware breakpoint");
473 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
474 }
475
476 if ((breakpoint->length != 2) && (breakpoint->length != 4))
477 {
478 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
479 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
480 }
481
482 if (breakpoint->type == BKPT_HARD)
483 {
484 arm7_9_assign_wp(arm7_9, breakpoint);
485 }
486
487 arm7_9->breakpoint_count++;
488
489 return arm7_9_set_breakpoint(target, breakpoint);
490 }
491
492 /**
493 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
494 * dangling breakpoints and updates available watchpoints if it is a hardware
495 * breakpoint.
496 *
497 * @param target Pointer to the target to have a breakpoint removed
498 * @param breakpoint Pointer to the breakpoint to be removed
499 * @return Error status if there was a problem unsetting the breakpoint or the
500 * watchpoints could not be cleared
501 */
502 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
503 {
504 int retval = ERROR_OK;
505 armv4_5_common_t *armv4_5 = target->arch_info;
506 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
507
508 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
509 {
510 return retval;
511 }
512
513 if (breakpoint->type == BKPT_HARD)
514 arm7_9->wp_available++;
515
516 arm7_9->breakpoint_count--;
517 if (arm7_9->breakpoint_count == 0)
518 {
519 /* make sure we don't have any dangling breakpoints */
520 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
521 {
522 return retval;
523 }
524 }
525
526 return ERROR_OK;
527 }
528
529 /**
530 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
531 * considered a bug to call this function when there are no available watchpoint
532 * units.
533 *
534 * @param target Pointer to an ARM7/9 target to set a watchpoint on
535 * @param watchpoint Pointer to the watchpoint to be set
536 * @return Error status if watchpoint set fails or the result of executing the
537 * JTAG queue
538 */
539 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
540 {
541 int retval = ERROR_OK;
542 armv4_5_common_t *armv4_5 = target->arch_info;
543 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
544 int rw_mask = 1;
545 uint32_t mask;
546
547 mask = watchpoint->length - 1;
548
549 if (target->state != TARGET_HALTED)
550 {
551 LOG_WARNING("target not halted");
552 return ERROR_TARGET_NOT_HALTED;
553 }
554
555 if (watchpoint->rw == WPT_ACCESS)
556 rw_mask = 0;
557 else
558 rw_mask = 1;
559
560 if (!arm7_9->wp0_used)
561 {
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
564 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
565 if (watchpoint->mask != 0xffffffffu)
566 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
568 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
569
570 if ((retval = jtag_execute_queue()) != ERROR_OK)
571 {
572 return retval;
573 }
574 watchpoint->set = 1;
575 arm7_9->wp0_used = 2;
576 }
577 else if (!arm7_9->wp1_used)
578 {
579 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
581 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
582 if (watchpoint->mask != 0xffffffffu)
583 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
584 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
585 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
586
587 if ((retval = jtag_execute_queue()) != ERROR_OK)
588 {
589 return retval;
590 }
591 watchpoint->set = 2;
592 arm7_9->wp1_used = 2;
593 }
594 else
595 {
596 LOG_ERROR("BUG: no hardware comparator available");
597 return ERROR_OK;
598 }
599
600 return ERROR_OK;
601 }
602
603 /**
604 * Unset an existing watchpoint and clear the used watchpoint unit.
605 *
606 * @param target Pointer to the target to have the watchpoint removed
607 * @param watchpoint Pointer to the watchpoint to be removed
608 * @return Error status while trying to unset the watchpoint or the result of
609 * executing the JTAG queue
610 */
611 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
612 {
613 int retval = ERROR_OK;
614 armv4_5_common_t *armv4_5 = target->arch_info;
615 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
616
617 if (target->state != TARGET_HALTED)
618 {
619 LOG_WARNING("target not halted");
620 return ERROR_TARGET_NOT_HALTED;
621 }
622
623 if (!watchpoint->set)
624 {
625 LOG_WARNING("breakpoint not set");
626 return ERROR_OK;
627 }
628
629 if (watchpoint->set == 1)
630 {
631 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
632 if ((retval = jtag_execute_queue()) != ERROR_OK)
633 {
634 return retval;
635 }
636 arm7_9->wp0_used = 0;
637 }
638 else if (watchpoint->set == 2)
639 {
640 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
641 if ((retval = jtag_execute_queue()) != ERROR_OK)
642 {
643 return retval;
644 }
645 arm7_9->wp1_used = 0;
646 }
647 watchpoint->set = 0;
648
649 return ERROR_OK;
650 }
651
652 /**
653 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
654 * available, an error response is returned.
655 *
656 * @param target Pointer to the ARM7/9 target to add a watchpoint to
657 * @param watchpoint Pointer to the watchpoint to be added
658 * @return Error status while trying to add the watchpoint
659 */
660 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
661 {
662 armv4_5_common_t *armv4_5 = target->arch_info;
663 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
664
665 if (target->state != TARGET_HALTED)
666 {
667 LOG_WARNING("target not halted");
668 return ERROR_TARGET_NOT_HALTED;
669 }
670
671 if (arm7_9->wp_available < 1)
672 {
673 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
674 }
675
676 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
677 {
678 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
679 }
680
681 arm7_9->wp_available--;
682
683 return ERROR_OK;
684 }
685
686 /**
687 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
688 * the used watchpoint unit will be reopened.
689 *
690 * @param target Pointer to the target to remove a watchpoint from
691 * @param watchpoint Pointer to the watchpoint to be removed
692 * @return Result of trying to unset the watchpoint
693 */
694 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
695 {
696 int retval = ERROR_OK;
697 armv4_5_common_t *armv4_5 = target->arch_info;
698 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
699
700 if (watchpoint->set)
701 {
702 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
703 {
704 return retval;
705 }
706 }
707
708 arm7_9->wp_available++;
709
710 return ERROR_OK;
711 }
712
713 /**
714 * Restarts the target by sending a RESTART instruction and moving the JTAG
715 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
716 * asserted by the processor.
717 *
718 * @param target Pointer to target to issue commands to
719 * @return Error status if there is a timeout or a problem while executing the
720 * JTAG queue
721 */
722 int arm7_9_execute_sys_speed(struct target_s *target)
723 {
724 int retval;
725
726 armv4_5_common_t *armv4_5 = target->arch_info;
727 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
728 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
729 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
730
731 /* set RESTART instruction */
732 jtag_set_end_state(TAP_IDLE);
733 if (arm7_9->need_bypass_before_restart) {
734 arm7_9->need_bypass_before_restart = 0;
735 arm_jtag_set_instr(jtag_info, 0xf, NULL);
736 }
737 arm_jtag_set_instr(jtag_info, 0x4, NULL);
738
739 long long then = timeval_ms();
740 int timeout;
741 while (!(timeout = ((timeval_ms()-then) > 1000)))
742 {
743 /* read debug status register */
744 embeddedice_read_reg(dbg_stat);
745 if ((retval = jtag_execute_queue()) != ERROR_OK)
746 return retval;
747 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
748 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
749 break;
750 if (debug_level >= 3)
751 {
752 alive_sleep(100);
753 } else
754 {
755 keep_alive();
756 }
757 }
758 if (timeout)
759 {
760 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
761 return ERROR_TARGET_TIMEOUT;
762 }
763
764 return ERROR_OK;
765 }
766
767 /**
768 * Restarts the target by sending a RESTART instruction and moving the JTAG
769 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
770 * waiting until they are.
771 *
772 * @param target Pointer to the target to issue commands to
773 * @return Always ERROR_OK
774 */
775 int arm7_9_execute_fast_sys_speed(struct target_s *target)
776 {
777 static int set = 0;
778 static uint8_t check_value[4], check_mask[4];
779
780 armv4_5_common_t *armv4_5 = target->arch_info;
781 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
782 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
783 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
784
785 /* set RESTART instruction */
786 jtag_set_end_state(TAP_IDLE);
787 if (arm7_9->need_bypass_before_restart) {
788 arm7_9->need_bypass_before_restart = 0;
789 arm_jtag_set_instr(jtag_info, 0xf, NULL);
790 }
791 arm_jtag_set_instr(jtag_info, 0x4, NULL);
792
793 if (!set)
794 {
795 /* check for DBGACK and SYSCOMP set (others don't care) */
796
797 /* NB! These are constants that must be available until after next jtag_execute() and
798 * we evaluate the values upon first execution in lieu of setting up these constants
799 * during early setup.
800 * */
801 buf_set_u32(check_value, 0, 32, 0x9);
802 buf_set_u32(check_mask, 0, 32, 0x9);
803 set = 1;
804 }
805
806 /* read debug status register */
807 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
808
809 return ERROR_OK;
810 }
811
812 /**
813 * Get some data from the ARM7/9 target.
814 *
815 * @param target Pointer to the ARM7/9 target to read data from
816 * @param size The number of 32bit words to be read
817 * @param buffer Pointer to the buffer that will hold the data
818 * @return The result of receiving data from the Embedded ICE unit
819 */
820 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
821 {
822 armv4_5_common_t *armv4_5 = target->arch_info;
823 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
824 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
825 uint32_t *data;
826 int retval = ERROR_OK;
827 uint32_t i;
828
829 data = malloc(size * (sizeof(uint32_t)));
830
831 retval = embeddedice_receive(jtag_info, data, size);
832
833 /* return the 32-bit ints in the 8-bit array */
834 for (i = 0; i < size; i++)
835 {
836 h_u32_to_le(buffer + (i * 4), data[i]);
837 }
838
839 free(data);
840
841 return retval;
842 }
843
844 /**
845 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
846 * target is running and the DCC control register has the W bit high, this will
847 * execute the request on the target.
848 *
849 * @param priv Void pointer expected to be a target_t pointer
850 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
851 * from the Embedded ICE unit
852 */
853 int arm7_9_handle_target_request(void *priv)
854 {
855 int retval = ERROR_OK;
856 target_t *target = priv;
857 if (!target_was_examined(target))
858 return ERROR_OK;
859 armv4_5_common_t *armv4_5 = target->arch_info;
860 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
861 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
862 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
863
864 if (!target->dbg_msg_enabled)
865 return ERROR_OK;
866
867 if (target->state == TARGET_RUNNING)
868 {
869 /* read DCC control register */
870 embeddedice_read_reg(dcc_control);
871 if ((retval = jtag_execute_queue()) != ERROR_OK)
872 {
873 return retval;
874 }
875
876 /* check W bit */
877 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
878 {
879 uint32_t request;
880
881 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
882 {
883 return retval;
884 }
885 if ((retval = target_request(target, request)) != ERROR_OK)
886 {
887 return retval;
888 }
889 }
890 }
891
892 return ERROR_OK;
893 }
894
895 /**
896 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
897 * is manipulated to the right halted state based on its current state. This is
898 * what happens:
899 *
900 * <table>
901 * <tr><th > State</th><th > Action</th></tr>
902 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
903 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
904 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
905 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
906 * </table>
907 *
908 * If the target does not end up in the halted state, a warning is produced. If
909 * DBGACK is cleared, then the target is expected to either be running or
910 * running in debug.
911 *
912 * @param target Pointer to the ARM7/9 target to poll
913 * @return ERROR_OK or an error status if a command fails
914 */
915 int arm7_9_poll(target_t *target)
916 {
917 int retval;
918 armv4_5_common_t *armv4_5 = target->arch_info;
919 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
920 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
921
922 /* read debug status register */
923 embeddedice_read_reg(dbg_stat);
924 if ((retval = jtag_execute_queue()) != ERROR_OK)
925 {
926 return retval;
927 }
928
929 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
930 {
931 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
932 if (target->state == TARGET_UNKNOWN)
933 {
934 /* Starting OpenOCD with target in debug-halt */
935 target->state = TARGET_RUNNING;
936 LOG_DEBUG("DBGACK already set during server startup.");
937 }
938 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
939 {
940 int check_pc = 0;
941 if (target->state == TARGET_RESET)
942 {
943 if (target->reset_halt)
944 {
945 enum reset_types jtag_reset_config = jtag_get_reset_config();
946 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
947 {
948 check_pc = 1;
949 }
950 }
951 }
952
953 target->state = TARGET_HALTED;
954
955 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
956 return retval;
957
958 if (check_pc)
959 {
960 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
961 uint32_t t=*((uint32_t *)reg->value);
962 if (t != 0)
963 {
964 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
965 }
966 }
967
968 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
969 {
970 return retval;
971 }
972 }
973 if (target->state == TARGET_DEBUG_RUNNING)
974 {
975 target->state = TARGET_HALTED;
976 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
977 return retval;
978
979 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
980 {
981 return retval;
982 }
983 }
984 if (target->state != TARGET_HALTED)
985 {
986 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
987 }
988 }
989 else
990 {
991 if (target->state != TARGET_DEBUG_RUNNING)
992 target->state = TARGET_RUNNING;
993 }
994
995 return ERROR_OK;
996 }
997
998 /**
999 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
1000 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
1001 * affected) completely stop the JTAG clock while the core is held in reset
1002 * (SRST). It isn't possible to program the halt condition once reset is
1003 * asserted, hence a hook that allows the target to set up its reset-halt
1004 * condition is setup prior to asserting reset.
1005 *
1006 * @param target Pointer to an ARM7/9 target to assert reset on
1007 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
1008 */
1009 int arm7_9_assert_reset(target_t *target)
1010 {
1011 armv4_5_common_t *armv4_5 = target->arch_info;
1012 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1013 LOG_DEBUG("target->state: %s",
1014 target_state_name(target));
1015
1016 enum reset_types jtag_reset_config = jtag_get_reset_config();
1017 if (!(jtag_reset_config & RESET_HAS_SRST))
1018 {
1019 LOG_ERROR("Can't assert SRST");
1020 return ERROR_FAIL;
1021 }
1022
1023 if (target->reset_halt)
1024 {
1025 /*
1026 * Some targets do not support communication while SRST is asserted. We need to
1027 * set up the reset vector catch here.
1028 *
1029 * If TRST is asserted, then these settings will be reset anyway, so setting them
1030 * here is harmless.
1031 */
1032 if (arm7_9->has_vector_catch)
1033 {
1034 /* program vector catch register to catch reset vector */
1035 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1036
1037 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1038 jtag_add_runtest(1, jtag_get_end_state());
1039 }
1040 else
1041 {
1042 /* program watchpoint unit to match on reset vector address */
1043 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1044 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1045 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1046 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1047 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1048 }
1049 }
1050
1051 /* here we should issue an SRST only, but we may have to assert TRST as well */
1052 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1053 {
1054 jtag_add_reset(1, 1);
1055 } else
1056 {
1057 jtag_add_reset(0, 1);
1058 }
1059
1060 target->state = TARGET_RESET;
1061 jtag_add_sleep(50000);
1062
1063 armv4_5_invalidate_core_regs(target);
1064
1065 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1066 {
1067 /* debug entry was already prepared in arm7_9_assert_reset() */
1068 target->debug_reason = DBG_REASON_DBGRQ;
1069 }
1070
1071 return ERROR_OK;
1072 }
1073
1074 /**
1075 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1076 * and the target is being reset into a halt, a warning will be triggered
1077 * because it is not possible to reset into a halted mode in this case. The
1078 * target is halted using the target's functions.
1079 *
1080 * @param target Pointer to the target to have the reset deasserted
1081 * @return ERROR_OK or an error from polling or halting the target
1082 */
1083 int arm7_9_deassert_reset(target_t *target)
1084 {
1085 int retval = ERROR_OK;
1086 LOG_DEBUG("target->state: %s",
1087 target_state_name(target));
1088
1089 /* deassert reset lines */
1090 jtag_add_reset(0, 0);
1091
1092 enum reset_types jtag_reset_config = jtag_get_reset_config();
1093 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1094 {
1095 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1096 /* set up embedded ice registers again */
1097 if ((retval = target_examine_one(target)) != ERROR_OK)
1098 return retval;
1099
1100 if ((retval = target_poll(target)) != ERROR_OK)
1101 {
1102 return retval;
1103 }
1104
1105 if ((retval = target_halt(target)) != ERROR_OK)
1106 {
1107 return retval;
1108 }
1109
1110 }
1111 return retval;
1112 }
1113
1114 /**
1115 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1116 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1117 * vector catch was used, it is restored. Otherwise, the control value is
1118 * restored and the watchpoint unit is restored if it was in use.
1119 *
1120 * @param target Pointer to the ARM7/9 target to have halt cleared
1121 * @return Always ERROR_OK
1122 */
1123 int arm7_9_clear_halt(target_t *target)
1124 {
1125 armv4_5_common_t *armv4_5 = target->arch_info;
1126 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1127 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1128
1129 /* we used DBGRQ only if we didn't come out of reset */
1130 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1131 {
1132 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1133 */
1134 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1135 embeddedice_store_reg(dbg_ctrl);
1136 }
1137 else
1138 {
1139 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1140 {
1141 /* if we came out of reset, and vector catch is supported, we used
1142 * vector catch to enter debug state
1143 * restore the register in that case
1144 */
1145 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1146 }
1147 else
1148 {
1149 /* restore registers if watchpoint unit 0 was in use
1150 */
1151 if (arm7_9->wp0_used)
1152 {
1153 if (arm7_9->debug_entry_from_reset)
1154 {
1155 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1156 }
1157 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1158 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1159 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1160 }
1161 /* control value always has to be restored, as it was either disabled,
1162 * or enabled with possibly different bits
1163 */
1164 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1165 }
1166 }
1167
1168 return ERROR_OK;
1169 }
1170
1171 /**
1172 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1173 * and then there is a wait until the processor shows the halt. This wait can
1174 * timeout and results in an error being returned. The software reset involves
1175 * clearing the halt, updating the debug control register, changing to ARM mode,
1176 * reset of the program counter, and reset of all of the registers.
1177 *
1178 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1179 * @return Error status if any of the commands fail, otherwise ERROR_OK
1180 */
1181 int arm7_9_soft_reset_halt(struct target_s *target)
1182 {
1183 armv4_5_common_t *armv4_5 = target->arch_info;
1184 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1185 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1186 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1187 int i;
1188 int retval;
1189
1190 if ((retval = target_halt(target)) != ERROR_OK)
1191 return retval;
1192
1193 long long then = timeval_ms();
1194 int timeout;
1195 while (!(timeout = ((timeval_ms()-then) > 1000)))
1196 {
1197 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1198 break;
1199 embeddedice_read_reg(dbg_stat);
1200 if ((retval = jtag_execute_queue()) != ERROR_OK)
1201 return retval;
1202 if (debug_level >= 3)
1203 {
1204 alive_sleep(100);
1205 } else
1206 {
1207 keep_alive();
1208 }
1209 }
1210 if (timeout)
1211 {
1212 LOG_ERROR("Failed to halt CPU after 1 sec");
1213 return ERROR_TARGET_TIMEOUT;
1214 }
1215 target->state = TARGET_HALTED;
1216
1217 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1218 * ensure that DBGRQ is cleared
1219 */
1220 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1221 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1222 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1223 embeddedice_store_reg(dbg_ctrl);
1224
1225 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1226 {
1227 return retval;
1228 }
1229
1230 /* if the target is in Thumb state, change to ARM state */
1231 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1232 {
1233 uint32_t r0_thumb, pc_thumb;
1234 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1235 /* Entered debug from Thumb mode */
1236 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1237 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1238 }
1239
1240 /* all register content is now invalid */
1241 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1242 {
1243 return retval;
1244 }
1245
1246 /* SVC, ARM state, IRQ and FIQ disabled */
1247 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1248 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1249 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1250
1251 /* start fetching from 0x0 */
1252 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1253 armv4_5->core_cache->reg_list[15].dirty = 1;
1254 armv4_5->core_cache->reg_list[15].valid = 1;
1255
1256 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1257 armv4_5->core_state = ARMV4_5_STATE_ARM;
1258
1259 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1260 return ERROR_FAIL;
1261
1262 /* reset registers */
1263 for (i = 0; i <= 14; i++)
1264 {
1265 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1266 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1267 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1268 }
1269
1270 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1271 {
1272 return retval;
1273 }
1274
1275 return ERROR_OK;
1276 }
1277
1278 /**
1279 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1280 * line or by programming a watchpoint to trigger on any address. It is
1281 * considered a bug to call this function while the target is in the
1282 * TARGET_RESET state.
1283 *
1284 * @param target Pointer to the ARM7/9 target to be halted
1285 * @return Always ERROR_OK
1286 */
1287 int arm7_9_halt(target_t *target)
1288 {
1289 if (target->state == TARGET_RESET)
1290 {
1291 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1292 return ERROR_OK;
1293 }
1294
1295 armv4_5_common_t *armv4_5 = target->arch_info;
1296 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1297 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1298
1299 LOG_DEBUG("target->state: %s",
1300 target_state_name(target));
1301
1302 if (target->state == TARGET_HALTED)
1303 {
1304 LOG_DEBUG("target was already halted");
1305 return ERROR_OK;
1306 }
1307
1308 if (target->state == TARGET_UNKNOWN)
1309 {
1310 LOG_WARNING("target was in unknown state when halt was requested");
1311 }
1312
1313 if (arm7_9->use_dbgrq)
1314 {
1315 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1316 */
1317 if (arm7_9->set_special_dbgrq) {
1318 arm7_9->set_special_dbgrq(target);
1319 } else {
1320 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1321 embeddedice_store_reg(dbg_ctrl);
1322 }
1323 }
1324 else
1325 {
1326 /* program watchpoint unit to match on any address
1327 */
1328 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1329 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1330 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1331 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1332 }
1333
1334 target->debug_reason = DBG_REASON_DBGRQ;
1335
1336 return ERROR_OK;
1337 }
1338
1339 /**
1340 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1341 * ARM. The JTAG queue is then executed and the reason for debug entry is
1342 * examined. Once done, the target is verified to be halted and the processor
1343 * is forced into ARM mode. The core registers are saved for the current core
1344 * mode and the program counter (register 15) is updated as needed. The core
1345 * registers and CPSR and SPSR are saved for restoration later.
1346 *
1347 * @param target Pointer to target that is entering debug mode
1348 * @return Error code if anything fails, otherwise ERROR_OK
1349 */
1350 int arm7_9_debug_entry(target_t *target)
1351 {
1352 int i;
1353 uint32_t context[16];
1354 uint32_t* context_p[16];
1355 uint32_t r0_thumb, pc_thumb;
1356 uint32_t cpsr;
1357 int retval;
1358 /* get pointers to arch-specific information */
1359 armv4_5_common_t *armv4_5 = target->arch_info;
1360 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1361 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1362 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1363
1364 #ifdef _DEBUG_ARM7_9_
1365 LOG_DEBUG("-");
1366 #endif
1367
1368 if (arm7_9->pre_debug_entry)
1369 arm7_9->pre_debug_entry(target);
1370
1371 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1372 * ensure that DBGRQ is cleared
1373 */
1374 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1375 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1376 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1377 embeddedice_store_reg(dbg_ctrl);
1378
1379 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1380 {
1381 return retval;
1382 }
1383
1384 if ((retval = jtag_execute_queue()) != ERROR_OK)
1385 {
1386 return retval;
1387 }
1388
1389 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1390 return retval;
1391
1392
1393 if (target->state != TARGET_HALTED)
1394 {
1395 LOG_WARNING("target not halted");
1396 return ERROR_TARGET_NOT_HALTED;
1397 }
1398
1399 /* if the target is in Thumb state, change to ARM state */
1400 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1401 {
1402 LOG_DEBUG("target entered debug from Thumb state");
1403 /* Entered debug from Thumb mode */
1404 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1405 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1406 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1407 }
1408 else
1409 {
1410 LOG_DEBUG("target entered debug from ARM state");
1411 /* Entered debug from ARM mode */
1412 armv4_5->core_state = ARMV4_5_STATE_ARM;
1413 }
1414
1415 for (i = 0; i < 16; i++)
1416 context_p[i] = &context[i];
1417 /* save core registers (r0 - r15 of current core mode) */
1418 arm7_9->read_core_regs(target, 0xffff, context_p);
1419
1420 arm7_9->read_xpsr(target, &cpsr, 0);
1421
1422 if ((retval = jtag_execute_queue()) != ERROR_OK)
1423 return retval;
1424
1425 /* if the core has been executing in Thumb state, set the T bit */
1426 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1427 cpsr |= 0x20;
1428
1429 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1430 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1431 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1432
1433 armv4_5->core_mode = cpsr & 0x1f;
1434
1435 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1436 {
1437 target->state = TARGET_UNKNOWN;
1438 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1439 return ERROR_TARGET_FAILURE;
1440 }
1441
1442 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1443
1444 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1445 {
1446 LOG_DEBUG("thumb state, applying fixups");
1447 context[0] = r0_thumb;
1448 context[15] = pc_thumb;
1449 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1450 {
1451 /* adjust value stored by STM */
1452 context[15] -= 3 * 4;
1453 }
1454
1455 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1456 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1457 else
1458 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1459
1460 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1461 return ERROR_FAIL;
1462
1463 for (i = 0; i <= 15; i++)
1464 {
1465 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1466 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1467 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1468 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1469 }
1470
1471 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1472
1473 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1474 return ERROR_FAIL;
1475
1476 /* exceptions other than USR & SYS have a saved program status register */
1477 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1478 {
1479 uint32_t spsr;
1480 arm7_9->read_xpsr(target, &spsr, 1);
1481 if ((retval = jtag_execute_queue()) != ERROR_OK)
1482 {
1483 return retval;
1484 }
1485 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1486 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1487 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1488 }
1489
1490 /* r0 and r15 (pc) have to be restored later */
1491 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1492 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1493
1494 if ((retval = jtag_execute_queue()) != ERROR_OK)
1495 return retval;
1496
1497 if (arm7_9->post_debug_entry)
1498 arm7_9->post_debug_entry(target);
1499
1500 return ERROR_OK;
1501 }
1502
1503 /**
1504 * Validate the full context for an ARM7/9 target in all processor modes. If
1505 * there are any invalid registers for the target, they will all be read. This
1506 * includes the PSR.
1507 *
1508 * @param target Pointer to the ARM7/9 target to capture the full context from
1509 * @return Error if the target is not halted, has an invalid core mode, or if
1510 * the JTAG queue fails to execute
1511 */
1512 int arm7_9_full_context(target_t *target)
1513 {
1514 int i;
1515 int retval;
1516 armv4_5_common_t *armv4_5 = target->arch_info;
1517 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1518
1519 LOG_DEBUG("-");
1520
1521 if (target->state != TARGET_HALTED)
1522 {
1523 LOG_WARNING("target not halted");
1524 return ERROR_TARGET_NOT_HALTED;
1525 }
1526
1527 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1528 return ERROR_FAIL;
1529
1530 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1531 * SYS shares registers with User, so we don't touch SYS
1532 */
1533 for (i = 0; i < 6; i++)
1534 {
1535 uint32_t mask = 0;
1536 uint32_t* reg_p[16];
1537 int j;
1538 int valid = 1;
1539
1540 /* check if there are invalid registers in the current mode
1541 */
1542 for (j = 0; j <= 16; j++)
1543 {
1544 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1545 valid = 0;
1546 }
1547
1548 if (!valid)
1549 {
1550 uint32_t tmp_cpsr;
1551
1552 /* change processor mode (and mask T bit) */
1553 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1554 tmp_cpsr |= armv4_5_number_to_mode(i);
1555 tmp_cpsr &= ~0x20;
1556 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1557
1558 for (j = 0; j < 15; j++)
1559 {
1560 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1561 {
1562 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1563 mask |= 1 << j;
1564 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1565 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1566 }
1567 }
1568
1569 /* if only the PSR is invalid, mask is all zeroes */
1570 if (mask)
1571 arm7_9->read_core_regs(target, mask, reg_p);
1572
1573 /* check if the PSR has to be read */
1574 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1575 {
1576 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1577 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1578 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1579 }
1580 }
1581 }
1582
1583 /* restore processor mode (mask T bit) */
1584 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1585
1586 if ((retval = jtag_execute_queue()) != ERROR_OK)
1587 {
1588 return retval;
1589 }
1590 return ERROR_OK;
1591 }
1592
1593 /**
1594 * Restore the processor context on an ARM7/9 target. The full processor
1595 * context is analyzed to see if any of the registers are dirty on this end, but
1596 * have a valid new value. If this is the case, the processor is changed to the
1597 * appropriate mode and the new register values are written out to the
1598 * processor. If there happens to be a dirty register with an invalid value, an
1599 * error will be logged.
1600 *
1601 * @param target Pointer to the ARM7/9 target to have its context restored
1602 * @return Error status if the target is not halted or the core mode in the
1603 * armv4_5 struct is invalid.
1604 */
1605 int arm7_9_restore_context(target_t *target)
1606 {
1607 armv4_5_common_t *armv4_5 = target->arch_info;
1608 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1609 reg_t *reg;
1610 armv4_5_core_reg_t *reg_arch_info;
1611 enum armv4_5_mode current_mode = armv4_5->core_mode;
1612 int i, j;
1613 int dirty;
1614 int mode_change;
1615
1616 LOG_DEBUG("-");
1617
1618 if (target->state != TARGET_HALTED)
1619 {
1620 LOG_WARNING("target not halted");
1621 return ERROR_TARGET_NOT_HALTED;
1622 }
1623
1624 if (arm7_9->pre_restore_context)
1625 arm7_9->pre_restore_context(target);
1626
1627 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1628 return ERROR_FAIL;
1629
1630 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1631 * SYS shares registers with User, so we don't touch SYS
1632 */
1633 for (i = 0; i < 6; i++)
1634 {
1635 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1636 dirty = 0;
1637 mode_change = 0;
1638 /* check if there are dirty registers in the current mode
1639 */
1640 for (j = 0; j <= 16; j++)
1641 {
1642 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1643 reg_arch_info = reg->arch_info;
1644 if (reg->dirty == 1)
1645 {
1646 if (reg->valid == 1)
1647 {
1648 dirty = 1;
1649 LOG_DEBUG("examining dirty reg: %s", reg->name);
1650 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1651 && (reg_arch_info->mode != current_mode)
1652 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1653 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1654 {
1655 mode_change = 1;
1656 LOG_DEBUG("require mode change");
1657 }
1658 }
1659 else
1660 {
1661 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1662 }
1663 }
1664 }
1665
1666 if (dirty)
1667 {
1668 uint32_t mask = 0x0;
1669 int num_regs = 0;
1670 uint32_t regs[16];
1671
1672 if (mode_change)
1673 {
1674 uint32_t tmp_cpsr;
1675
1676 /* change processor mode (mask T bit) */
1677 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1678 tmp_cpsr |= armv4_5_number_to_mode(i);
1679 tmp_cpsr &= ~0x20;
1680 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1681 current_mode = armv4_5_number_to_mode(i);
1682 }
1683
1684 for (j = 0; j <= 14; j++)
1685 {
1686 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1687 reg_arch_info = reg->arch_info;
1688
1689
1690 if (reg->dirty == 1)
1691 {
1692 regs[j] = buf_get_u32(reg->value, 0, 32);
1693 mask |= 1 << j;
1694 num_regs++;
1695 reg->dirty = 0;
1696 reg->valid = 1;
1697 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1698 }
1699 }
1700
1701 if (mask)
1702 {
1703 arm7_9->write_core_regs(target, mask, regs);
1704 }
1705
1706 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1707 reg_arch_info = reg->arch_info;
1708 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1709 {
1710 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1711 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1712 }
1713 }
1714 }
1715
1716 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1717 {
1718 /* restore processor mode (mask T bit) */
1719 uint32_t tmp_cpsr;
1720
1721 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1722 tmp_cpsr |= armv4_5_number_to_mode(i);
1723 tmp_cpsr &= ~0x20;
1724 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1725 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1726 }
1727 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1728 {
1729 /* CPSR has been changed, full restore necessary (mask T bit) */
1730 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1731 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1732 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1733 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1734 }
1735
1736 /* restore PC */
1737 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1738 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1739 armv4_5->core_cache->reg_list[15].dirty = 0;
1740
1741 if (arm7_9->post_restore_context)
1742 arm7_9->post_restore_context(target);
1743
1744 return ERROR_OK;
1745 }
1746
1747 /**
1748 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1749 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1750 * restart.
1751 *
1752 * @param target Pointer to the ARM7/9 target to be restarted
1753 * @return Result of executing the JTAG queue
1754 */
1755 int arm7_9_restart_core(struct target_s *target)
1756 {
1757 armv4_5_common_t *armv4_5 = target->arch_info;
1758 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1759 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1760
1761 /* set RESTART instruction */
1762 jtag_set_end_state(TAP_IDLE);
1763 if (arm7_9->need_bypass_before_restart) {
1764 arm7_9->need_bypass_before_restart = 0;
1765 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1766 }
1767 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1768
1769 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1770 return jtag_execute_queue();
1771 }
1772
1773 /**
1774 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1775 * iterated through and are set on the target if they aren't already set.
1776 *
1777 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1778 */
1779 void arm7_9_enable_watchpoints(struct target_s *target)
1780 {
1781 watchpoint_t *watchpoint = target->watchpoints;
1782
1783 while (watchpoint)
1784 {
1785 if (watchpoint->set == 0)
1786 arm7_9_set_watchpoint(target, watchpoint);
1787 watchpoint = watchpoint->next;
1788 }
1789 }
1790
1791 /**
1792 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1793 * iterated through and are set on the target.
1794 *
1795 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1796 */
1797 void arm7_9_enable_breakpoints(struct target_s *target)
1798 {
1799 breakpoint_t *breakpoint = target->breakpoints;
1800
1801 /* set any pending breakpoints */
1802 while (breakpoint)
1803 {
1804 arm7_9_set_breakpoint(target, breakpoint);
1805 breakpoint = breakpoint->next;
1806 }
1807 }
1808
1809 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1810 {
1811 armv4_5_common_t *armv4_5 = target->arch_info;
1812 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1813 breakpoint_t *breakpoint = target->breakpoints;
1814 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1815 int err, retval = ERROR_OK;
1816
1817 LOG_DEBUG("-");
1818
1819 if (target->state != TARGET_HALTED)
1820 {
1821 LOG_WARNING("target not halted");
1822 return ERROR_TARGET_NOT_HALTED;
1823 }
1824
1825 if (!debug_execution)
1826 {
1827 target_free_all_working_areas(target);
1828 }
1829
1830 /* current = 1: continue on current pc, otherwise continue at <address> */
1831 if (!current)
1832 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1833
1834 uint32_t current_pc;
1835 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1836
1837 /* the front-end may request us not to handle breakpoints */
1838 if (handle_breakpoints)
1839 {
1840 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1841 {
1842 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1843 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1844 {
1845 return retval;
1846 }
1847
1848 /* calculate PC of next instruction */
1849 uint32_t next_pc;
1850 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1851 {
1852 uint32_t current_opcode;
1853 target_read_u32(target, current_pc, &current_opcode);
1854 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1855 return retval;
1856 }
1857
1858 LOG_DEBUG("enable single-step");
1859 arm7_9->enable_single_step(target, next_pc);
1860
1861 target->debug_reason = DBG_REASON_SINGLESTEP;
1862
1863 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1864 {
1865 return retval;
1866 }
1867
1868 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1869 arm7_9->branch_resume(target);
1870 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1871 {
1872 arm7_9->branch_resume_thumb(target);
1873 }
1874 else
1875 {
1876 LOG_ERROR("unhandled core state");
1877 return ERROR_FAIL;
1878 }
1879
1880 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1881 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1882 err = arm7_9_execute_sys_speed(target);
1883
1884 LOG_DEBUG("disable single-step");
1885 arm7_9->disable_single_step(target);
1886
1887 if (err != ERROR_OK)
1888 {
1889 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1890 {
1891 return retval;
1892 }
1893 target->state = TARGET_UNKNOWN;
1894 return err;
1895 }
1896
1897 arm7_9_debug_entry(target);
1898 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1899
1900 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1901 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1902 {
1903 return retval;
1904 }
1905 }
1906 }
1907
1908 /* enable any pending breakpoints and watchpoints */
1909 arm7_9_enable_breakpoints(target);
1910 arm7_9_enable_watchpoints(target);
1911
1912 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1913 {
1914 return retval;
1915 }
1916
1917 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1918 {
1919 arm7_9->branch_resume(target);
1920 }
1921 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1922 {
1923 arm7_9->branch_resume_thumb(target);
1924 }
1925 else
1926 {
1927 LOG_ERROR("unhandled core state");
1928 return ERROR_FAIL;
1929 }
1930
1931 /* deassert DBGACK and INTDIS */
1932 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1933 /* INTDIS only when we really resume, not during debug execution */
1934 if (!debug_execution)
1935 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1936 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1937
1938 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1939 {
1940 return retval;
1941 }
1942
1943 target->debug_reason = DBG_REASON_NOTHALTED;
1944
1945 if (!debug_execution)
1946 {
1947 /* registers are now invalid */
1948 armv4_5_invalidate_core_regs(target);
1949 target->state = TARGET_RUNNING;
1950 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1951 {
1952 return retval;
1953 }
1954 }
1955 else
1956 {
1957 target->state = TARGET_DEBUG_RUNNING;
1958 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1959 {
1960 return retval;
1961 }
1962 }
1963
1964 LOG_DEBUG("target resumed");
1965
1966 return ERROR_OK;
1967 }
1968
1969 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1970 {
1971 armv4_5_common_t *armv4_5 = target->arch_info;
1972 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1973
1974 uint32_t current_pc;
1975 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1976
1977 if (next_pc != current_pc)
1978 {
1979 /* setup an inverse breakpoint on the current PC
1980 * - comparator 1 matches the current address
1981 * - rangeout from comparator 1 is connected to comparator 0 rangein
1982 * - comparator 0 matches any address, as long as rangein is low */
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1990 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1991 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1992 }
1993 else
1994 {
1995 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1998 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1999 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2000 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2001 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2004 }
2005 }
2006
2007 void arm7_9_disable_eice_step(target_t *target)
2008 {
2009 armv4_5_common_t *armv4_5 = target->arch_info;
2010 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2011
2012 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2013 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2014 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2015 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2016 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2017 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2018 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2019 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2020 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2021 }
2022
2023 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2024 {
2025 armv4_5_common_t *armv4_5 = target->arch_info;
2026 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2027 breakpoint_t *breakpoint = NULL;
2028 int err, retval;
2029
2030 if (target->state != TARGET_HALTED)
2031 {
2032 LOG_WARNING("target not halted");
2033 return ERROR_TARGET_NOT_HALTED;
2034 }
2035
2036 /* current = 1: continue on current pc, otherwise continue at <address> */
2037 if (!current)
2038 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2039
2040 uint32_t current_pc;
2041 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2042
2043 /* the front-end may request us not to handle breakpoints */
2044 if (handle_breakpoints)
2045 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2046 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2047 {
2048 return retval;
2049 }
2050
2051 target->debug_reason = DBG_REASON_SINGLESTEP;
2052
2053 /* calculate PC of next instruction */
2054 uint32_t next_pc;
2055 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2056 {
2057 uint32_t current_opcode;
2058 target_read_u32(target, current_pc, &current_opcode);
2059 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2060 return retval;
2061 }
2062
2063 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2064 {
2065 return retval;
2066 }
2067
2068 arm7_9->enable_single_step(target, next_pc);
2069
2070 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2071 {
2072 arm7_9->branch_resume(target);
2073 }
2074 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2075 {
2076 arm7_9->branch_resume_thumb(target);
2077 }
2078 else
2079 {
2080 LOG_ERROR("unhandled core state");
2081 return ERROR_FAIL;
2082 }
2083
2084 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2085 {
2086 return retval;
2087 }
2088
2089 err = arm7_9_execute_sys_speed(target);
2090 arm7_9->disable_single_step(target);
2091
2092 /* registers are now invalid */
2093 armv4_5_invalidate_core_regs(target);
2094
2095 if (err != ERROR_OK)
2096 {
2097 target->state = TARGET_UNKNOWN;
2098 } else {
2099 arm7_9_debug_entry(target);
2100 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2101 {
2102 return retval;
2103 }
2104 LOG_DEBUG("target stepped");
2105 }
2106
2107 if (breakpoint)
2108 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2109 {
2110 return retval;
2111 }
2112
2113 return err;
2114 }
2115
2116 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2117 {
2118 uint32_t* reg_p[16];
2119 uint32_t value;
2120 int retval;
2121 armv4_5_common_t *armv4_5 = target->arch_info;
2122 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2123
2124 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2125 return ERROR_FAIL;
2126
2127 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2128
2129 if ((num < 0) || (num > 16))
2130 return ERROR_INVALID_ARGUMENTS;
2131
2132 if ((mode != ARMV4_5_MODE_ANY)
2133 && (mode != armv4_5->core_mode)
2134 && (reg_mode != ARMV4_5_MODE_ANY))
2135 {
2136 uint32_t tmp_cpsr;
2137
2138 /* change processor mode (mask T bit) */
2139 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2140 tmp_cpsr |= mode;
2141 tmp_cpsr &= ~0x20;
2142 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2143 }
2144
2145 if ((num >= 0) && (num <= 15))
2146 {
2147 /* read a normal core register */
2148 reg_p[num] = &value;
2149
2150 arm7_9->read_core_regs(target, 1 << num, reg_p);
2151 }
2152 else
2153 {
2154 /* read a program status register
2155 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2156 */
2157 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2158 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2159
2160 arm7_9->read_xpsr(target, &value, spsr);
2161 }
2162
2163 if ((retval = jtag_execute_queue()) != ERROR_OK)
2164 {
2165 return retval;
2166 }
2167
2168 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2169 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2170 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2171
2172 if ((mode != ARMV4_5_MODE_ANY)
2173 && (mode != armv4_5->core_mode)
2174 && (reg_mode != ARMV4_5_MODE_ANY)) {
2175 /* restore processor mode (mask T bit) */
2176 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2177 }
2178
2179 return ERROR_OK;
2180 }
2181
2182 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2183 {
2184 uint32_t reg[16];
2185 armv4_5_common_t *armv4_5 = target->arch_info;
2186 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2187
2188 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2189 return ERROR_FAIL;
2190
2191 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2192
2193 if ((num < 0) || (num > 16))
2194 return ERROR_INVALID_ARGUMENTS;
2195
2196 if ((mode != ARMV4_5_MODE_ANY)
2197 && (mode != armv4_5->core_mode)
2198 && (reg_mode != ARMV4_5_MODE_ANY)) {
2199 uint32_t tmp_cpsr;
2200
2201 /* change processor mode (mask T bit) */
2202 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2203 tmp_cpsr |= mode;
2204 tmp_cpsr &= ~0x20;
2205 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2206 }
2207
2208 if ((num >= 0) && (num <= 15))
2209 {
2210 /* write a normal core register */
2211 reg[num] = value;
2212
2213 arm7_9->write_core_regs(target, 1 << num, reg);
2214 }
2215 else
2216 {
2217 /* write a program status register
2218 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2219 */
2220 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2221 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2222
2223 /* if we're writing the CPSR, mask the T bit */
2224 if (!spsr)
2225 value &= ~0x20;
2226
2227 arm7_9->write_xpsr(target, value, spsr);
2228 }
2229
2230 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2232
2233 if ((mode != ARMV4_5_MODE_ANY)
2234 && (mode != armv4_5->core_mode)
2235 && (reg_mode != ARMV4_5_MODE_ANY)) {
2236 /* restore processor mode (mask T bit) */
2237 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2238 }
2239
2240 return jtag_execute_queue();
2241 }
2242
2243 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2244 {
2245 armv4_5_common_t *armv4_5 = target->arch_info;
2246 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2247
2248 uint32_t reg[16];
2249 uint32_t num_accesses = 0;
2250 int thisrun_accesses;
2251 int i;
2252 uint32_t cpsr;
2253 int retval;
2254 int last_reg = 0;
2255
2256 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2257
2258 if (target->state != TARGET_HALTED)
2259 {
2260 LOG_WARNING("target not halted");
2261 return ERROR_TARGET_NOT_HALTED;
2262 }
2263
2264 /* sanitize arguments */
2265 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2266 return ERROR_INVALID_ARGUMENTS;
2267
2268 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2269 return ERROR_TARGET_UNALIGNED_ACCESS;
2270
2271 /* load the base register with the address of the first word */
2272 reg[0] = address;
2273 arm7_9->write_core_regs(target, 0x1, reg);
2274
2275 int j = 0;
2276
2277 switch (size)
2278 {
2279 case 4:
2280 while (num_accesses < count)
2281 {
2282 uint32_t reg_list;
2283 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2284 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2285
2286 if (last_reg <= thisrun_accesses)
2287 last_reg = thisrun_accesses;
2288
2289 arm7_9->load_word_regs(target, reg_list);
2290
2291 /* fast memory reads are only safe when the target is running
2292 * from a sufficiently high clock (32 kHz is usually too slow)
2293 */
2294 if (arm7_9->fast_memory_access)
2295 retval = arm7_9_execute_fast_sys_speed(target);
2296 else
2297 retval = arm7_9_execute_sys_speed(target);
2298 if (retval != ERROR_OK)
2299 return retval;
2300
2301 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2302
2303 /* advance buffer, count number of accesses */
2304 buffer += thisrun_accesses * 4;
2305 num_accesses += thisrun_accesses;
2306
2307 if ((j++%1024) == 0)
2308 {
2309 keep_alive();
2310 }
2311 }
2312 break;
2313 case 2:
2314 while (num_accesses < count)
2315 {
2316 uint32_t reg_list;
2317 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2318 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2319
2320 for (i = 1; i <= thisrun_accesses; i++)
2321 {
2322 if (i > last_reg)
2323 last_reg = i;
2324 arm7_9->load_hword_reg(target, i);
2325 /* fast memory reads are only safe when the target is running
2326 * from a sufficiently high clock (32 kHz is usually too slow)
2327 */
2328 if (arm7_9->fast_memory_access)
2329 retval = arm7_9_execute_fast_sys_speed(target);
2330 else
2331 retval = arm7_9_execute_sys_speed(target);
2332 if (retval != ERROR_OK)
2333 {
2334 return retval;
2335 }
2336
2337 }
2338
2339 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2340
2341 /* advance buffer, count number of accesses */
2342 buffer += thisrun_accesses * 2;
2343 num_accesses += thisrun_accesses;
2344
2345 if ((j++%1024) == 0)
2346 {
2347 keep_alive();
2348 }
2349 }
2350 break;
2351 case 1:
2352 while (num_accesses < count)
2353 {
2354 uint32_t reg_list;
2355 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2356 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2357
2358 for (i = 1; i <= thisrun_accesses; i++)
2359 {
2360 if (i > last_reg)
2361 last_reg = i;
2362 arm7_9->load_byte_reg(target, i);
2363 /* fast memory reads are only safe when the target is running
2364 * from a sufficiently high clock (32 kHz is usually too slow)
2365 */
2366 if (arm7_9->fast_memory_access)
2367 retval = arm7_9_execute_fast_sys_speed(target);
2368 else
2369 retval = arm7_9_execute_sys_speed(target);
2370 if (retval != ERROR_OK)
2371 {
2372 return retval;
2373 }
2374 }
2375
2376 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2377
2378 /* advance buffer, count number of accesses */
2379 buffer += thisrun_accesses * 1;
2380 num_accesses += thisrun_accesses;
2381
2382 if ((j++%1024) == 0)
2383 {
2384 keep_alive();
2385 }
2386 }
2387 break;
2388 default:
2389 LOG_ERROR("BUG: we shouldn't get here");
2390 exit(-1);
2391 break;
2392 }
2393
2394 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2395 return ERROR_FAIL;
2396
2397 for (i = 0; i <= last_reg; i++)
2398 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2399
2400 arm7_9->read_xpsr(target, &cpsr, 0);
2401 if ((retval = jtag_execute_queue()) != ERROR_OK)
2402 {
2403 LOG_ERROR("JTAG error while reading cpsr");
2404 return ERROR_TARGET_DATA_ABORT;
2405 }
2406
2407 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2408 {
2409 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2410
2411 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2412
2413 return ERROR_TARGET_DATA_ABORT;
2414 }
2415
2416 return ERROR_OK;
2417 }
2418
2419 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2420 {
2421 armv4_5_common_t *armv4_5 = target->arch_info;
2422 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2423 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2424
2425 uint32_t reg[16];
2426 uint32_t num_accesses = 0;
2427 int thisrun_accesses;
2428 int i;
2429 uint32_t cpsr;
2430 int retval;
2431 int last_reg = 0;
2432
2433 #ifdef _DEBUG_ARM7_9_
2434 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2435 #endif
2436
2437 if (target->state != TARGET_HALTED)
2438 {
2439 LOG_WARNING("target not halted");
2440 return ERROR_TARGET_NOT_HALTED;
2441 }
2442
2443 /* sanitize arguments */
2444 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2445 return ERROR_INVALID_ARGUMENTS;
2446
2447 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2448 return ERROR_TARGET_UNALIGNED_ACCESS;
2449
2450 /* load the base register with the address of the first word */
2451 reg[0] = address;
2452 arm7_9->write_core_regs(target, 0x1, reg);
2453
2454 /* Clear DBGACK, to make sure memory fetches work as expected */
2455 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2456 embeddedice_store_reg(dbg_ctrl);
2457
2458 switch (size)
2459 {
2460 case 4:
2461 while (num_accesses < count)
2462 {
2463 uint32_t reg_list;
2464 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2465 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2466
2467 for (i = 1; i <= thisrun_accesses; i++)
2468 {
2469 if (i > last_reg)
2470 last_reg = i;
2471 reg[i] = target_buffer_get_u32(target, buffer);
2472 buffer += 4;
2473 }
2474
2475 arm7_9->write_core_regs(target, reg_list, reg);
2476
2477 arm7_9->store_word_regs(target, reg_list);
2478
2479 /* fast memory writes are only safe when the target is running
2480 * from a sufficiently high clock (32 kHz is usually too slow)
2481 */
2482 if (arm7_9->fast_memory_access)
2483 retval = arm7_9_execute_fast_sys_speed(target);
2484 else
2485 retval = arm7_9_execute_sys_speed(target);
2486 if (retval != ERROR_OK)
2487 {
2488 return retval;
2489 }
2490
2491 num_accesses += thisrun_accesses;
2492 }
2493 break;
2494 case 2:
2495 while (num_accesses < count)
2496 {
2497 uint32_t reg_list;
2498 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2499 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2500
2501 for (i = 1; i <= thisrun_accesses; i++)
2502 {
2503 if (i > last_reg)
2504 last_reg = i;
2505 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2506 buffer += 2;
2507 }
2508
2509 arm7_9->write_core_regs(target, reg_list, reg);
2510
2511 for (i = 1; i <= thisrun_accesses; i++)
2512 {
2513 arm7_9->store_hword_reg(target, i);
2514
2515 /* fast memory writes are only safe when the target is running
2516 * from a sufficiently high clock (32 kHz is usually too slow)
2517 */
2518 if (arm7_9->fast_memory_access)
2519 retval = arm7_9_execute_fast_sys_speed(target);
2520 else
2521 retval = arm7_9_execute_sys_speed(target);
2522 if (retval != ERROR_OK)
2523 {
2524 return retval;
2525 }
2526 }
2527
2528 num_accesses += thisrun_accesses;
2529 }
2530 break;
2531 case 1:
2532 while (num_accesses < count)
2533 {
2534 uint32_t reg_list;
2535 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2536 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2537
2538 for (i = 1; i <= thisrun_accesses; i++)
2539 {
2540 if (i > last_reg)
2541 last_reg = i;
2542 reg[i] = *buffer++ & 0xff;
2543 }
2544
2545 arm7_9->write_core_regs(target, reg_list, reg);
2546
2547 for (i = 1; i <= thisrun_accesses; i++)
2548 {
2549 arm7_9->store_byte_reg(target, i);
2550 /* fast memory writes are only safe when the target is running
2551 * from a sufficiently high clock (32 kHz is usually too slow)
2552 */
2553 if (arm7_9->fast_memory_access)
2554 retval = arm7_9_execute_fast_sys_speed(target);
2555 else
2556 retval = arm7_9_execute_sys_speed(target);
2557 if (retval != ERROR_OK)
2558 {
2559 return retval;
2560 }
2561
2562 }
2563
2564 num_accesses += thisrun_accesses;
2565 }
2566 break;
2567 default:
2568 LOG_ERROR("BUG: we shouldn't get here");
2569 exit(-1);
2570 break;
2571 }
2572
2573 /* Re-Set DBGACK */
2574 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2575 embeddedice_store_reg(dbg_ctrl);
2576
2577 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2578 return ERROR_FAIL;
2579
2580 for (i = 0; i <= last_reg; i++)
2581 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2582
2583 arm7_9->read_xpsr(target, &cpsr, 0);
2584 if ((retval = jtag_execute_queue()) != ERROR_OK)
2585 {
2586 LOG_ERROR("JTAG error while reading cpsr");
2587 return ERROR_TARGET_DATA_ABORT;
2588 }
2589
2590 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2591 {
2592 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2593
2594 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2595
2596 return ERROR_TARGET_DATA_ABORT;
2597 }
2598
2599 return ERROR_OK;
2600 }
2601
2602 static int dcc_count;
2603 static uint8_t *dcc_buffer;
2604
2605 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2606 {
2607 int retval = ERROR_OK;
2608 armv4_5_common_t *armv4_5 = target->arch_info;
2609 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2610
2611 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2612 return retval;
2613
2614 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2615 int count = dcc_count;
2616 uint8_t *buffer = dcc_buffer;
2617 if (count > 2)
2618 {
2619 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2620 * core function repeated. */
2621 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2622 buffer += 4;
2623
2624 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2625 uint8_t reg_addr = ice_reg->addr & 0x1f;
2626 jtag_tap_t *tap;
2627 tap = ice_reg->jtag_info->tap;
2628
2629 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2630 buffer += (count-2)*4;
2631
2632 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2633 } else
2634 {
2635 int i;
2636 for (i = 0; i < count; i++)
2637 {
2638 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2639 buffer += 4;
2640 }
2641 }
2642
2643 if ((retval = target_halt(target))!= ERROR_OK)
2644 {
2645 return retval;
2646 }
2647 return target_wait_state(target, TARGET_HALTED, 500);
2648 }
2649
2650 static const uint32_t dcc_code[] =
2651 {
2652 /* MRC TST BNE MRC STR B */
2653 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2654 };
2655
2656 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2657
2658 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2659 {
2660 int retval;
2661 armv4_5_common_t *armv4_5 = target->arch_info;
2662 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2663 int i;
2664
2665 if (!arm7_9->dcc_downloads)
2666 return target_write_memory(target, address, 4, count, buffer);
2667
2668 /* regrab previously allocated working_area, or allocate a new one */
2669 if (!arm7_9->dcc_working_area)
2670 {
2671 uint8_t dcc_code_buf[6 * 4];
2672
2673 /* make sure we have a working area */
2674 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2675 {
2676 LOG_INFO("no working area available, falling back to memory writes");
2677 return target_write_memory(target, address, 4, count, buffer);
2678 }
2679
2680 /* copy target instructions to target endianness */
2681 for (i = 0; i < 6; i++)
2682 {
2683 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2684 }
2685
2686 /* write DCC code to working area */
2687 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2688 {
2689 return retval;
2690 }
2691 }
2692
2693 armv4_5_algorithm_t armv4_5_info;
2694 reg_param_t reg_params[1];
2695
2696 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2697 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2698 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2699
2700 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2701
2702 buf_set_u32(reg_params[0].value, 0, 32, address);
2703
2704 dcc_count = count;
2705 dcc_buffer = buffer;
2706 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2707 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2708
2709 if (retval == ERROR_OK)
2710 {
2711 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2712 if (endaddress != (address + count*4))
2713 {
2714 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2715 retval = ERROR_FAIL;
2716 }
2717 }
2718
2719 destroy_reg_param(&reg_params[0]);
2720
2721 return retval;
2722 }
2723
2724 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2725 {
2726 working_area_t *crc_algorithm;
2727 armv4_5_algorithm_t armv4_5_info;
2728 reg_param_t reg_params[2];
2729 int retval;
2730
2731 uint32_t arm7_9_crc_code[] = {
2732 0xE1A02000, /* mov r2, r0 */
2733 0xE3E00000, /* mov r0, #0xffffffff */
2734 0xE1A03001, /* mov r3, r1 */
2735 0xE3A04000, /* mov r4, #0 */
2736 0xEA00000B, /* b ncomp */
2737 /* nbyte: */
2738 0xE7D21004, /* ldrb r1, [r2, r4] */
2739 0xE59F7030, /* ldr r7, CRC32XOR */
2740 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2741 0xE3A05000, /* mov r5, #0 */
2742 /* loop: */
2743 0xE3500000, /* cmp r0, #0 */
2744 0xE1A06080, /* mov r6, r0, asl #1 */
2745 0xE2855001, /* add r5, r5, #1 */
2746 0xE1A00006, /* mov r0, r6 */
2747 0xB0260007, /* eorlt r0, r6, r7 */
2748 0xE3550008, /* cmp r5, #8 */
2749 0x1AFFFFF8, /* bne loop */
2750 0xE2844001, /* add r4, r4, #1 */
2751 /* ncomp: */
2752 0xE1540003, /* cmp r4, r3 */
2753 0x1AFFFFF1, /* bne nbyte */
2754 /* end: */
2755 0xEAFFFFFE, /* b end */
2756 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2757 };
2758
2759 uint32_t i;
2760
2761 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2762 {
2763 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2764 }
2765
2766 /* convert flash writing code into a buffer in target endianness */
2767 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2768 {
2769 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2770 {
2771 return retval;
2772 }
2773 }
2774
2775 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2776 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2777 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2778
2779 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2780 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2781
2782 buf_set_u32(reg_params[0].value, 0, 32, address);
2783 buf_set_u32(reg_params[1].value, 0, 32, count);
2784
2785 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2786 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2787 {
2788 LOG_ERROR("error executing arm7_9 crc algorithm");
2789 destroy_reg_param(&reg_params[0]);
2790 destroy_reg_param(&reg_params[1]);
2791 target_free_working_area(target, crc_algorithm);
2792 return retval;
2793 }
2794
2795 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2796
2797 destroy_reg_param(&reg_params[0]);
2798 destroy_reg_param(&reg_params[1]);
2799
2800 target_free_working_area(target, crc_algorithm);
2801
2802 return ERROR_OK;
2803 }
2804
2805 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2806 {
2807 working_area_t *erase_check_algorithm;
2808 reg_param_t reg_params[3];
2809 armv4_5_algorithm_t armv4_5_info;
2810 int retval;
2811 uint32_t i;
2812
2813 uint32_t erase_check_code[] =
2814 {
2815 /* loop: */
2816 0xe4d03001, /* ldrb r3, [r0], #1 */
2817 0xe0022003, /* and r2, r2, r3 */
2818 0xe2511001, /* subs r1, r1, #1 */
2819 0x1afffffb, /* bne loop */
2820 /* end: */
2821 0xeafffffe /* b end */
2822 };
2823
2824 /* make sure we have a working area */
2825 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2826 {
2827 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2828 }
2829
2830 /* convert flash writing code into a buffer in target endianness */
2831 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2832 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2833 {
2834 return retval;
2835 }
2836
2837 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2838 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2839 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2840
2841 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2842 buf_set_u32(reg_params[0].value, 0, 32, address);
2843
2844 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2845 buf_set_u32(reg_params[1].value, 0, 32, count);
2846
2847 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2848 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2849
2850 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2851 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2852 {
2853 destroy_reg_param(&reg_params[0]);
2854 destroy_reg_param(&reg_params[1]);
2855 destroy_reg_param(&reg_params[2]);
2856 target_free_working_area(target, erase_check_algorithm);
2857 return 0;
2858 }
2859
2860 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2861
2862 destroy_reg_param(&reg_params[0]);
2863 destroy_reg_param(&reg_params[1]);
2864 destroy_reg_param(&reg_params[2]);
2865
2866 target_free_working_area(target, erase_check_algorithm);
2867
2868 return ERROR_OK;
2869 }
2870
2871 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2872 {
2873 command_t *arm7_9_cmd;
2874
2875 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2876
2877 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2878 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2879
2880 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2881
2882 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2883 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2884 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2885 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2886 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2887 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2888
2889 armv4_5_register_commands(cmd_ctx);
2890
2891 etm_register_commands(cmd_ctx);
2892
2893 return ERROR_OK;
2894 }
2895
2896 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2897 {
2898 uint32_t value;
2899 int spsr;
2900 int retval;
2901 target_t *target = get_current_target(cmd_ctx);
2902 armv4_5_common_t *armv4_5;
2903 arm7_9_common_t *arm7_9;
2904
2905 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2906 {
2907 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2908 return ERROR_OK;
2909 }
2910
2911 if (target->state != TARGET_HALTED)
2912 {
2913 command_print(cmd_ctx, "can't write registers while running");
2914 return ERROR_OK;
2915 }
2916
2917 if (argc < 2)
2918 {
2919 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2920 return ERROR_OK;
2921 }
2922
2923 value = strtoul(args[0], NULL, 0);
2924 spsr = strtol(args[1], NULL, 0);
2925
2926 /* if we're writing the CPSR, mask the T bit */
2927 if (!spsr)
2928 value &= ~0x20;
2929
2930 arm7_9->write_xpsr(target, value, spsr);
2931 if ((retval = jtag_execute_queue()) != ERROR_OK)
2932 {
2933 LOG_ERROR("JTAG error while writing to xpsr");
2934 return retval;
2935 }
2936
2937 return ERROR_OK;
2938 }
2939
2940 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2941 {
2942 uint32_t value;
2943 int rotate;
2944 int spsr;
2945 int retval;
2946 target_t *target = get_current_target(cmd_ctx);
2947 armv4_5_common_t *armv4_5;
2948 arm7_9_common_t *arm7_9;
2949
2950 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2951 {
2952 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2953 return ERROR_OK;
2954 }
2955
2956 if (target->state != TARGET_HALTED)
2957 {
2958 command_print(cmd_ctx, "can't write registers while running");
2959 return ERROR_OK;
2960 }
2961
2962 if (argc < 3)
2963 {
2964 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2965 return ERROR_OK;
2966 }
2967
2968 value = strtoul(args[0], NULL, 0);
2969 rotate = strtol(args[1], NULL, 0);
2970 spsr = strtol(args[2], NULL, 0);
2971
2972 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2973 if ((retval = jtag_execute_queue()) != ERROR_OK)
2974 {
2975 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2976 return retval;
2977 }
2978
2979 return ERROR_OK;
2980 }
2981
2982 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2983 {
2984 uint32_t value;
2985 uint32_t mode;
2986 int num;
2987 target_t *target = get_current_target(cmd_ctx);
2988 armv4_5_common_t *armv4_5;
2989 arm7_9_common_t *arm7_9;
2990
2991 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2992 {
2993 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2994 return ERROR_OK;
2995 }
2996
2997 if (target->state != TARGET_HALTED)
2998 {
2999 command_print(cmd_ctx, "can't write registers while running");
3000 return ERROR_OK;
3001 }
3002
3003 if (argc < 3)
3004 {
3005 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3006 return ERROR_OK;
3007 }
3008
3009 num = strtol(args[0], NULL, 0);
3010 mode = strtoul(args[1], NULL, 0);
3011 value = strtoul(args[2], NULL, 0);
3012
3013 return arm7_9_write_core_reg(target, num, mode, value);
3014 }
3015
3016 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3017 {
3018 target_t *target = get_current_target(cmd_ctx);
3019 armv4_5_common_t *armv4_5;
3020 arm7_9_common_t *arm7_9;
3021
3022 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3023 {
3024 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3025 return ERROR_OK;
3026 }
3027
3028 if (argc > 0)
3029 {
3030 if (strcmp("enable", args[0]) == 0)
3031 {
3032 arm7_9->use_dbgrq = 1;
3033 }
3034 else if (strcmp("disable", args[0]) == 0)
3035 {
3036 arm7_9->use_dbgrq = 0;
3037 }
3038 else
3039 {
3040 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3041 }
3042 }
3043
3044 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3045
3046 return ERROR_OK;
3047 }
3048
3049 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3050 {
3051 target_t *target = get_current_target(cmd_ctx);
3052 armv4_5_common_t *armv4_5;
3053 arm7_9_common_t *arm7_9;
3054
3055 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3056 {
3057 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3058 return ERROR_OK;
3059 }
3060
3061 if (argc > 0)
3062 {
3063 if (strcmp("enable", args[0]) == 0)
3064 {
3065 arm7_9->fast_memory_access = 1;
3066 }
3067 else if (strcmp("disable", args[0]) == 0)
3068 {
3069 arm7_9->fast_memory_access = 0;
3070 }
3071 else
3072 {
3073 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3074 }
3075 }
3076
3077 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3078
3079 return ERROR_OK;
3080 }
3081
3082 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3083 {
3084 target_t *target = get_current_target(cmd_ctx);
3085 armv4_5_common_t *armv4_5;
3086 arm7_9_common_t *arm7_9;
3087
3088 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3089 {
3090 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3091 return ERROR_OK;
3092 }
3093
3094 if (argc > 0)
3095 {
3096 if (strcmp("enable", args[0]) == 0)
3097 {
3098 arm7_9->dcc_downloads = 1;
3099 }
3100 else if (strcmp("disable", args[0]) == 0)
3101 {
3102 arm7_9->dcc_downloads = 0;
3103 }
3104 else
3105 {
3106 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3107 }
3108 }
3109
3110 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3111
3112 return ERROR_OK;
3113 }
3114
3115 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3116 {
3117 int retval = ERROR_OK;
3118 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3119
3120 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3121
3122 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3123 {
3124 return retval;
3125 }
3126
3127 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3128 arm7_9->wp_available_max = 2;
3129 arm7_9->sw_breakpoints_added = 0;
3130 arm7_9->sw_breakpoint_count = 0;
3131 arm7_9->breakpoint_count = 0;
3132 arm7_9->wp0_used = 0;
3133 arm7_9->wp1_used = 0;
3134 arm7_9->wp1_used_default = 0;
3135 arm7_9->use_dbgrq = 0;
3136
3137 arm7_9->etm_ctx = NULL;
3138 arm7_9->has_single_step = 0;
3139 arm7_9->has_monitor_mode = 0;
3140 arm7_9->has_vector_catch = 0;
3141
3142 arm7_9->debug_entry_from_reset = 0;
3143
3144 arm7_9->dcc_working_area = NULL;
3145
3146 arm7_9->fast_memory_access = fast_and_dangerous;
3147 arm7_9->dcc_downloads = fast_and_dangerous;
3148
3149 arm7_9->need_bypass_before_restart = 0;
3150
3151 armv4_5->arch_info = arm7_9;
3152 armv4_5->read_core_reg = arm7_9_read_core_reg;
3153 armv4_5->write_core_reg = arm7_9_write_core_reg;
3154 armv4_5->full_context = arm7_9_full_context;
3155
3156 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3157 {
3158 return retval;
3159 }
3160
3161 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3162 {
3163 return retval;
3164 }
3165
3166 return ERROR_OK;
3167 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)