Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM: add is_arm_mode()
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include "time_support.h"
26 #include "target_type.h"
27 #include "register.h"
28
29
30 /*
31 * For information about the ARM920T, see ARM DDI 0151C especially
32 * Chapter 9 about debug support, which shows how to manipulate each
33 * of the different scan chains:
34 *
35 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
36 * 1 ... debugging; watchpoint and breakpoint status, etc; also
37 * MMU and cache access in conjunction with scan chain 15
38 * 2 ... EmbeddedICE
39 * 3 ... external boundary scan (SoC-specific, unused here)
40 * 4 ... access to cache tag RAM
41 * 6 ... ETM9
42 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
43 * "interpreted" works with a few actual MRC/MCR instructions
44 * "physical" provides register-like behaviors.
45 *
46 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
47 */
48
49 #if 0
50 #define _DEBUG_INSTRUCTION_EXECUTION_
51 #endif
52
53 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
54
55 static int arm920t_read_cp15_physical(struct target *target,
56 int reg_addr, uint32_t *value)
57 {
58 struct arm920t_common *arm920t = target_to_arm920(target);
59 struct arm_jtag *jtag_info;
60 struct scan_field fields[4];
61 uint8_t access_type_buf = 1;
62 uint8_t reg_addr_buf = reg_addr & 0x3f;
63 uint8_t nr_w_buf = 0;
64
65 jtag_info = &arm920t->arm7_9_common.jtag_info;
66
67 jtag_set_end_state(TAP_IDLE);
68 arm_jtag_scann(jtag_info, 0xf);
69 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
70
71 fields[0].tap = jtag_info->tap;
72 fields[0].num_bits = 1;
73 fields[0].out_value = &access_type_buf;
74 fields[0].in_value = NULL;
75
76 fields[1].tap = jtag_info->tap;
77 fields[1].num_bits = 32;
78 fields[1].out_value = NULL;
79 fields[1].in_value = NULL;
80
81 fields[2].tap = jtag_info->tap;
82 fields[2].num_bits = 6;
83 fields[2].out_value = &reg_addr_buf;
84 fields[2].in_value = NULL;
85
86 fields[3].tap = jtag_info->tap;
87 fields[3].num_bits = 1;
88 fields[3].out_value = &nr_w_buf;
89 fields[3].in_value = NULL;
90
91 jtag_add_dr_scan(4, fields, jtag_get_end_state());
92
93 fields[1].in_value = (uint8_t *)value;
94
95 jtag_add_dr_scan(4, fields, jtag_get_end_state());
96
97 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
98
99 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
100 jtag_execute_queue();
101 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
102 #endif
103
104 return ERROR_OK;
105 }
106
107 static int arm920t_write_cp15_physical(struct target *target,
108 int reg_addr, uint32_t value)
109 {
110 struct arm920t_common *arm920t = target_to_arm920(target);
111 struct arm_jtag *jtag_info;
112 struct scan_field fields[4];
113 uint8_t access_type_buf = 1;
114 uint8_t reg_addr_buf = reg_addr & 0x3f;
115 uint8_t nr_w_buf = 1;
116 uint8_t value_buf[4];
117
118 jtag_info = &arm920t->arm7_9_common.jtag_info;
119
120 buf_set_u32(value_buf, 0, 32, value);
121
122 jtag_set_end_state(TAP_IDLE);
123 arm_jtag_scann(jtag_info, 0xf);
124 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
125
126 fields[0].tap = jtag_info->tap;
127 fields[0].num_bits = 1;
128 fields[0].out_value = &access_type_buf;
129 fields[0].in_value = NULL;
130
131 fields[1].tap = jtag_info->tap;
132 fields[1].num_bits = 32;
133 fields[1].out_value = value_buf;
134 fields[1].in_value = NULL;
135
136 fields[2].tap = jtag_info->tap;
137 fields[2].num_bits = 6;
138 fields[2].out_value = &reg_addr_buf;
139 fields[2].in_value = NULL;
140
141 fields[3].tap = jtag_info->tap;
142 fields[3].num_bits = 1;
143 fields[3].out_value = &nr_w_buf;
144 fields[3].in_value = NULL;
145
146 jtag_add_dr_scan(4, fields, jtag_get_end_state());
147
148 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
149 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
150 #endif
151
152 return ERROR_OK;
153 }
154
155 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
156 uint32_t arm_opcode)
157 {
158 int retval;
159 struct arm920t_common *arm920t = target_to_arm920(target);
160 struct arm_jtag *jtag_info;
161 struct scan_field fields[4];
162 uint8_t access_type_buf = 0; /* interpreted access */
163 uint8_t reg_addr_buf = 0x0;
164 uint8_t nr_w_buf = 0;
165 uint8_t cp15_opcode_buf[4];
166
167 jtag_info = &arm920t->arm7_9_common.jtag_info;
168
169 jtag_set_end_state(TAP_IDLE);
170 arm_jtag_scann(jtag_info, 0xf);
171 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
172
173 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
174
175 fields[0].tap = jtag_info->tap;
176 fields[0].num_bits = 1;
177 fields[0].out_value = &access_type_buf;
178 fields[0].in_value = NULL;
179
180 fields[1].tap = jtag_info->tap;
181 fields[1].num_bits = 32;
182 fields[1].out_value = cp15_opcode_buf;
183 fields[1].in_value = NULL;
184
185 fields[2].tap = jtag_info->tap;
186 fields[2].num_bits = 6;
187 fields[2].out_value = &reg_addr_buf;
188 fields[2].in_value = NULL;
189
190 fields[3].tap = jtag_info->tap;
191 fields[3].num_bits = 1;
192 fields[3].out_value = &nr_w_buf;
193 fields[3].in_value = NULL;
194
195 jtag_add_dr_scan(4, fields, jtag_get_end_state());
196
197 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
198 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
199 retval = arm7_9_execute_sys_speed(target);
200 if (retval != ERROR_OK)
201 return retval;
202
203 if ((retval = jtag_execute_queue()) != ERROR_OK)
204 {
205 LOG_ERROR("failed executing JTAG queue");
206 return retval;
207 }
208
209 return ERROR_OK;
210 }
211
212 static int arm920t_read_cp15_interpreted(struct target *target,
213 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
214 {
215 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
216 uint32_t* regs_p[1];
217 uint32_t regs[2];
218 uint32_t cp15c15 = 0x0;
219
220 /* load address into R1 */
221 regs[1] = address;
222 arm9tdmi_write_core_regs(target, 0x2, regs);
223
224 /* read-modify-write CP15 test state register
225 * to enable interpreted access mode */
226 arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
227 jtag_execute_queue();
228 cp15c15 |= 1; /* set interpret mode */
229 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
230
231 /* execute CP15 instruction and ARM load (reading from coprocessor) */
232 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
233
234 /* disable interpreted access mode */
235 cp15c15 &= ~1U; /* clear interpret mode */
236 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
237
238 /* retrieve value from R0 */
239 regs_p[0] = value;
240 arm9tdmi_read_core_regs(target, 0x1, regs_p);
241 jtag_execute_queue();
242
243 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
244 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x", cp15_opcode, address, *value);
245 #endif
246
247 if (!is_arm_mode(armv4_5->core_mode))
248 return ERROR_FAIL;
249
250 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = 1;
251 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = 1;
252
253 return ERROR_OK;
254 }
255
256 static
257 int arm920t_write_cp15_interpreted(struct target *target,
258 uint32_t cp15_opcode, uint32_t value, uint32_t address)
259 {
260 uint32_t cp15c15 = 0x0;
261 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
262 uint32_t regs[2];
263
264 /* load value, address into R0, R1 */
265 regs[0] = value;
266 regs[1] = address;
267 arm9tdmi_write_core_regs(target, 0x3, regs);
268
269 /* read-modify-write CP15 test state register
270 * to enable interpreted access mode */
271 arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
272 jtag_execute_queue();
273 cp15c15 |= 1; /* set interpret mode */
274 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
275
276 /* execute CP15 instruction and ARM store (writing to coprocessor) */
277 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
278
279 /* disable interpreted access mode */
280 cp15c15 &= ~1U; /* set interpret mode */
281 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
282
283 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
284 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x", cp15_opcode, value, address);
285 #endif
286
287 if (!is_arm_mode(armv4_5->core_mode))
288 return ERROR_FAIL;
289
290 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = 1;
291 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = 1;
292
293 return ERROR_OK;
294 }
295
296 // EXPORTED to FA256
297 uint32_t arm920t_get_ttb(struct target *target)
298 {
299 int retval;
300 uint32_t ttb = 0x0;
301
302 if ((retval = arm920t_read_cp15_interpreted(target, 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
303 return retval;
304
305 return ttb;
306 }
307
308 // EXPORTED to FA256
309 void arm920t_disable_mmu_caches(struct target *target, int mmu, int d_u_cache, int i_cache)
310 {
311 uint32_t cp15_control;
312
313 /* read cp15 control register */
314 arm920t_read_cp15_physical(target, 0x2, &cp15_control);
315 jtag_execute_queue();
316
317 if (mmu)
318 cp15_control &= ~0x1U;
319
320 if (d_u_cache)
321 cp15_control &= ~0x4U;
322
323 if (i_cache)
324 cp15_control &= ~0x1000U;
325
326 arm920t_write_cp15_physical(target, 0x2, cp15_control);
327 }
328
329 // EXPORTED to FA256
330 void arm920t_enable_mmu_caches(struct target *target, int mmu, int d_u_cache, int i_cache)
331 {
332 uint32_t cp15_control;
333
334 /* read cp15 control register */
335 arm920t_read_cp15_physical(target, 0x2, &cp15_control);
336 jtag_execute_queue();
337
338 if (mmu)
339 cp15_control |= 0x1U;
340
341 if (d_u_cache)
342 cp15_control |= 0x4U;
343
344 if (i_cache)
345 cp15_control |= 0x1000U;
346
347 arm920t_write_cp15_physical(target, 0x2, cp15_control);
348 }
349
350 // EXPORTED to FA256
351 void arm920t_post_debug_entry(struct target *target)
352 {
353 uint32_t cp15c15;
354 struct arm920t_common *arm920t = target_to_arm920(target);
355
356 /* examine cp15 control reg */
357 arm920t_read_cp15_physical(target, 0x2, &arm920t->cp15_control_reg);
358 jtag_execute_queue();
359 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32 "", arm920t->cp15_control_reg);
360
361 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
362 {
363 uint32_t cache_type_reg;
364 /* identify caches */
365 arm920t_read_cp15_physical(target, 0x1, &cache_type_reg);
366 jtag_execute_queue();
367 armv4_5_identify_cache(cache_type_reg, &arm920t->armv4_5_mmu.armv4_5_cache);
368 }
369
370 arm920t->armv4_5_mmu.mmu_enabled = (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
371 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
372 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
373
374 /* save i/d fault status and address register */
375 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
376 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
377 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
378 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
379
380 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32 "",
381 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
382
383 if (arm920t->preserve_cache)
384 {
385 /* read-modify-write CP15 test state register
386 * to disable I/D-cache linefills */
387 arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
388 jtag_execute_queue();
389 cp15c15 |= 0x600;
390 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
391 }
392 }
393
394 // EXPORTED to FA256
395 void arm920t_pre_restore_context(struct target *target)
396 {
397 uint32_t cp15c15;
398 struct arm920t_common *arm920t = target_to_arm920(target);
399
400 /* restore i/d fault status and address register */
401 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
402 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
403 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
404 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
405
406 /* read-modify-write CP15 test state register
407 * to reenable I/D-cache linefills */
408 if (arm920t->preserve_cache)
409 {
410 arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
411 jtag_execute_queue();
412 cp15c15 &= ~0x600U;
413 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
414 }
415 }
416
417 static const char arm920_not[] = "target is not an ARM920";
418
419 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
420 struct arm920t_common *arm920t)
421 {
422 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
423 command_print(cmd_ctx, arm920_not);
424 return ERROR_TARGET_INVALID;
425 }
426
427 return ERROR_OK;
428 }
429
430 /** Logs summary of ARM920 state for a halted target. */
431 int arm920t_arch_state(struct target *target)
432 {
433 static const char *state[] =
434 {
435 "disabled", "enabled"
436 };
437
438 struct arm920t_common *arm920t = target_to_arm920(target);
439 struct armv4_5_common_s *armv4_5;
440
441 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
442 {
443 LOG_ERROR("BUG: %s", arm920_not);
444 return ERROR_TARGET_INVALID;
445 }
446
447 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
448
449 LOG_USER("target halted in %s state due to %s, current mode: %s\n"
450 "cpsr: 0x%8.8" PRIx32 " pc: 0x%8.8" PRIx32 "\n"
451 "MMU: %s, D-Cache: %s, I-Cache: %s",
452 armv4_5_state_strings[armv4_5->core_state],
453 Jim_Nvp_value2name_simple(nvp_target_debug_reason, target->debug_reason)->name,
454 arm_mode_name(armv4_5->core_mode),
455 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32),
456 buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32),
457 state[arm920t->armv4_5_mmu.mmu_enabled],
458 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
459 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
460
461 return ERROR_OK;
462 }
463
464 static int arm920_mmu(struct target *target, int *enabled)
465 {
466 if (target->state != TARGET_HALTED) {
467 LOG_ERROR("%s: target not halted", __func__);
468 return ERROR_TARGET_INVALID;
469 }
470
471 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
472 return ERROR_OK;
473 }
474
475 static int arm920_virt2phys(struct target *target,
476 uint32_t virt, uint32_t *phys)
477 {
478 /** @todo Implement this! */
479 LOG_ERROR("%s: not implemented", __func__);
480 return ERROR_FAIL;
481 }
482
483 /** Reads a buffer, in the specified word size, with current MMU settings. */
484 int arm920t_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
485 {
486 int retval;
487
488 retval = arm7_9_read_memory(target, address, size, count, buffer);
489
490 return retval;
491 }
492
493
494 static int arm920t_read_phys_memory(struct target *target,
495 uint32_t address, uint32_t size,
496 uint32_t count, uint8_t *buffer)
497 {
498 struct arm920t_common *arm920t = target_to_arm920(target);
499
500 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
501 address, size, count, buffer);
502 }
503
504 static int arm920t_write_phys_memory(struct target *target,
505 uint32_t address, uint32_t size,
506 uint32_t count, uint8_t *buffer)
507 {
508 struct arm920t_common *arm920t = target_to_arm920(target);
509
510 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
511 address, size, count, buffer);
512 }
513
514
515 /** Writes a buffer, in the specified word size, with current MMU settings. */
516 int arm920t_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
517 {
518 int retval;
519
520 if ((retval = arm7_9_write_memory(target, address, size, count, buffer)) != ERROR_OK)
521 return retval;
522
523 /* This fn is used to write breakpoints, so we need to make sure
524 * that the data cache is flushed and the instruction cache is
525 * invalidated
526 */
527 if (((size == 4) || (size == 2)) && (count == 1))
528 {
529 struct arm920t_common *arm920t = target_to_arm920(target);
530
531 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
532 {
533 LOG_DEBUG("D-Cache enabled, flush and invalidate cache line");
534 /* MCR p15,0,Rd,c7,c10,2 */
535 retval = arm920t_write_cp15_interpreted(target, 0xee070f5e, 0x0, address);
536 if (retval != ERROR_OK)
537 return retval;
538 }
539
540 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
541 {
542 LOG_DEBUG("I-Cache enabled, invalidating affected I-Cache line");
543 retval = arm920t_write_cp15_interpreted(target, 0xee070f35, 0x0, address);
544 if (retval != ERROR_OK)
545 return retval;
546 }
547 }
548
549 return retval;
550 }
551
552 // EXPORTED to FA256
553 int arm920t_soft_reset_halt(struct target *target)
554 {
555 int retval = ERROR_OK;
556 struct arm920t_common *arm920t = target_to_arm920(target);
557 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
558 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
559 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
560
561 if ((retval = target_halt(target)) != ERROR_OK)
562 {
563 return retval;
564 }
565
566 long long then = timeval_ms();
567 int timeout;
568 while (!(timeout = ((timeval_ms()-then) > 1000)))
569 {
570 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0)
571 {
572 embeddedice_read_reg(dbg_stat);
573 if ((retval = jtag_execute_queue()) != ERROR_OK)
574 {
575 return retval;
576 }
577 } else
578 {
579 break;
580 }
581 if (debug_level >= 3)
582 {
583 /* do not eat all CPU, time out after 1 se*/
584 alive_sleep(100);
585 } else
586 {
587 keep_alive();
588 }
589 }
590 if (timeout)
591 {
592 LOG_ERROR("Failed to halt CPU after 1 sec");
593 return ERROR_TARGET_TIMEOUT;
594 }
595
596 target->state = TARGET_HALTED;
597
598 /* SVC, ARM state, IRQ and FIQ disabled */
599 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
600 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
601 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
602
603 /* start fetching from 0x0 */
604 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
605 armv4_5->core_cache->reg_list[15].dirty = 1;
606 armv4_5->core_cache->reg_list[15].valid = 1;
607
608 armv4_5->core_mode = ARMV4_5_MODE_SVC;
609 armv4_5->core_state = ARMV4_5_STATE_ARM;
610
611 arm920t_disable_mmu_caches(target, 1, 1, 1);
612 arm920t->armv4_5_mmu.mmu_enabled = 0;
613 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
614 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
615
616 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
617 {
618 return retval;
619 }
620
621 return ERROR_OK;
622 }
623
624 int arm920t_init_arch_info(struct target *target, struct arm920t_common *arm920t, struct jtag_tap *tap)
625 {
626 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
627
628 /* initialize arm7/arm9 specific info (including armv4_5) */
629 arm9tdmi_init_arch_info(target, arm7_9, tap);
630
631 arm920t->common_magic = ARM920T_COMMON_MAGIC;
632
633 arm7_9->post_debug_entry = arm920t_post_debug_entry;
634 arm7_9->pre_restore_context = arm920t_pre_restore_context;
635
636 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
637 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
638 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
639 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
640 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
641 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
642 arm920t->armv4_5_mmu.has_tiny_pages = 1;
643 arm920t->armv4_5_mmu.mmu_enabled = 0;
644
645 /* disabling linefills leads to lockups, so keep them enabled for now
646 * this doesn't affect correctness, but might affect timing issues, if
647 * important data is evicted from the cache during the debug session
648 * */
649 arm920t->preserve_cache = 0;
650
651 /* override hw single-step capability from ARM9TDMI */
652 arm7_9->has_single_step = 1;
653
654 return ERROR_OK;
655 }
656
657 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
658 {
659 struct arm920t_common *arm920t = calloc(1,sizeof(struct arm920t_common));
660
661 return arm920t_init_arch_info(target, arm920t, target->tap);
662 }
663
664 COMMAND_HANDLER(arm920t_handle_read_cache_command)
665 {
666 int retval = ERROR_OK;
667 struct target *target = get_current_target(CMD_CTX);
668 struct arm920t_common *arm920t = target_to_arm920(target);
669 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
670 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
671 uint32_t cp15c15;
672 uint32_t cp15_ctrl, cp15_ctrl_saved;
673 uint32_t regs[16];
674 uint32_t *regs_p[16];
675 uint32_t C15_C_D_Ind, C15_C_I_Ind;
676 int i;
677 FILE *output;
678 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
679 int segment, index;
680
681 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
682 if (retval != ERROR_OK)
683 return retval;
684
685 if (CMD_ARGC != 1)
686 {
687 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
688 return ERROR_OK;
689 }
690
691 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
692 {
693 LOG_DEBUG("error opening cache content file");
694 return ERROR_OK;
695 }
696
697 for (i = 0; i < 16; i++)
698 regs_p[i] = &regs[i];
699
700 /* disable MMU and Caches */
701 arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), &cp15_ctrl);
702 if ((retval = jtag_execute_queue()) != ERROR_OK)
703 {
704 return retval;
705 }
706 cp15_ctrl_saved = cp15_ctrl;
707 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
708 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl);
709
710 /* read CP15 test state register */
711 arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), &cp15c15);
712 jtag_execute_queue();
713
714 /* read DCache content */
715 fprintf(output, "DCache:\n");
716
717 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
718 for (segment = 0; segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets; segment++)
719 {
720 fprintf(output, "\nsegment: %i\n----------", segment);
721
722 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
723 regs[0] = 0x0 | (segment << 5);
724 arm9tdmi_write_core_regs(target, 0x1, regs);
725
726 /* set interpret mode */
727 cp15c15 |= 0x1;
728 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
729
730 /* D CAM Read, loads current victim into C15.C.D.Ind */
731 arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
732
733 /* read current victim */
734 arm920t_read_cp15_physical(target, 0x3d, &C15_C_D_Ind);
735
736 /* clear interpret mode */
737 cp15c15 &= ~0x1;
738 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
739
740 for (index = 0; index < 64; index++)
741 {
742 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
743 regs[0] = 0x0 | (segment << 5) | (index << 26);
744 arm9tdmi_write_core_regs(target, 0x1, regs);
745
746 /* set interpret mode */
747 cp15c15 |= 0x1;
748 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
749
750 /* Write DCache victim */
751 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
752
753 /* Read D RAM */
754 arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,10,2), ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
755
756 /* Read D CAM */
757 arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(9, 0));
758
759 /* clear interpret mode */
760 cp15c15 &= ~0x1;
761 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
762
763 /* read D RAM and CAM content */
764 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
765 if ((retval = jtag_execute_queue()) != ERROR_OK)
766 {
767 return retval;
768 }
769
770 d_cache[segment][index].cam = regs[9];
771
772 /* mask LFSR[6] */
773 regs[9] &= 0xfffffffe;
774 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8" PRIx32 ", content (%s):\n", segment, index, regs[9], (regs[9] & 0x10) ? "valid" : "invalid");
775
776 for (i = 1; i < 9; i++)
777 {
778 d_cache[segment][index].data[i] = regs[i];
779 fprintf(output, "%i: 0x%8.8" PRIx32 "\n", i-1, regs[i]);
780 }
781
782 }
783
784 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
785 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
786 arm9tdmi_write_core_regs(target, 0x1, regs);
787
788 /* set interpret mode */
789 cp15c15 |= 0x1;
790 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
791
792 /* Write DCache victim */
793 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
794
795 /* clear interpret mode */
796 cp15c15 &= ~0x1;
797 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
798 }
799
800 /* read ICache content */
801 fprintf(output, "ICache:\n");
802
803 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
804 for (segment = 0; segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets; segment++)
805 {
806 fprintf(output, "segment: %i\n----------", segment);
807
808 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
809 regs[0] = 0x0 | (segment << 5);
810 arm9tdmi_write_core_regs(target, 0x1, regs);
811
812 /* set interpret mode */
813 cp15c15 |= 0x1;
814 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
815
816 /* I CAM Read, loads current victim into C15.C.I.Ind */
817 arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
818
819 /* read current victim */
820 arm920t_read_cp15_physical(target, 0x3b, &C15_C_I_Ind);
821
822 /* clear interpret mode */
823 cp15c15 &= ~0x1;
824 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
825
826 for (index = 0; index < 64; index++)
827 {
828 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
829 regs[0] = 0x0 | (segment << 5) | (index << 26);
830 arm9tdmi_write_core_regs(target, 0x1, regs);
831
832 /* set interpret mode */
833 cp15c15 |= 0x1;
834 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
835
836 /* Write ICache victim */
837 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
838
839 /* Read I RAM */
840 arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,9,2), ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
841
842 /* Read I CAM */
843 arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(9, 0));
844
845 /* clear interpret mode */
846 cp15c15 &= ~0x1;
847 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
848
849 /* read I RAM and CAM content */
850 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
851 if ((retval = jtag_execute_queue()) != ERROR_OK)
852 {
853 return retval;
854 }
855
856 i_cache[segment][index].cam = regs[9];
857
858 /* mask LFSR[6] */
859 regs[9] &= 0xfffffffe;
860 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8" PRIx32 ", content (%s):\n", segment, index, regs[9], (regs[9] & 0x10) ? "valid" : "invalid");
861
862 for (i = 1; i < 9; i++)
863 {
864 i_cache[segment][index].data[i] = regs[i];
865 fprintf(output, "%i: 0x%8.8" PRIx32 "\n", i-1, regs[i]);
866 }
867 }
868
869 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
870 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
871 arm9tdmi_write_core_regs(target, 0x1, regs);
872
873 /* set interpret mode */
874 cp15c15 |= 0x1;
875 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
876
877 /* Write ICache victim */
878 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
879
880 /* clear interpret mode */
881 cp15c15 &= ~0x1;
882 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
883 }
884
885 /* restore CP15 MMU and Cache settings */
886 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl_saved);
887
888 command_print(CMD_CTX, "cache content successfully output to %s", CMD_ARGV[0]);
889
890 fclose(output);
891
892 if (!is_arm_mode(armv4_5->core_mode))
893 return ERROR_FAIL;
894
895 /* mark registers dirty. */
896 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
897 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).valid;
898 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).valid;
899 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).valid;
900 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).valid;
901 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).valid;
902 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).valid;
903 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).valid;
904 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).valid;
905 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).valid;
906
907 return ERROR_OK;
908 }
909
910 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
911 {
912 int retval = ERROR_OK;
913 struct target *target = get_current_target(CMD_CTX);
914 struct arm920t_common *arm920t = target_to_arm920(target);
915 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
916 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
917 uint32_t cp15c15;
918 uint32_t cp15_ctrl, cp15_ctrl_saved;
919 uint32_t regs[16];
920 uint32_t *regs_p[16];
921 int i;
922 FILE *output;
923 uint32_t Dlockdown, Ilockdown;
924 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
925 int victim;
926
927 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
928 if (retval != ERROR_OK)
929 return retval;
930
931 if (CMD_ARGC != 1)
932 {
933 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
934 return ERROR_OK;
935 }
936
937 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
938 {
939 LOG_DEBUG("error opening mmu content file");
940 return ERROR_OK;
941 }
942
943 for (i = 0; i < 16; i++)
944 regs_p[i] = &regs[i];
945
946 /* disable MMU and Caches */
947 arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), &cp15_ctrl);
948 if ((retval = jtag_execute_queue()) != ERROR_OK)
949 {
950 return retval;
951 }
952 cp15_ctrl_saved = cp15_ctrl;
953 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
954 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl);
955
956 /* read CP15 test state register */
957 arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), &cp15c15);
958 if ((retval = jtag_execute_queue()) != ERROR_OK)
959 {
960 return retval;
961 }
962
963 /* prepare reading D TLB content
964 * */
965
966 /* set interpret mode */
967 cp15c15 |= 0x1;
968 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
969
970 /* Read D TLB lockdown */
971 arm920t_execute_cp15(target, ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
972
973 /* clear interpret mode */
974 cp15c15 &= ~0x1;
975 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
976
977 /* read D TLB lockdown stored to r1 */
978 arm9tdmi_read_core_regs(target, 0x2, regs_p);
979 if ((retval = jtag_execute_queue()) != ERROR_OK)
980 {
981 return retval;
982 }
983 Dlockdown = regs[1];
984
985 for (victim = 0; victim < 64; victim += 8)
986 {
987 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
988 * base remains unchanged, victim goes through entries 0 to 63 */
989 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
990 arm9tdmi_write_core_regs(target, 0x2, regs);
991
992 /* set interpret mode */
993 cp15c15 |= 0x1;
994 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
995
996 /* Write D TLB lockdown */
997 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
998
999 /* Read D TLB CAM */
1000 arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,6,4), ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1001
1002 /* clear interpret mode */
1003 cp15c15 &= ~0x1;
1004 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
1005
1006 /* read D TLB CAM content stored to r2-r9 */
1007 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1008 if ((retval = jtag_execute_queue()) != ERROR_OK)
1009 {
1010 return retval;
1011 }
1012
1013 for (i = 0; i < 8; i++)
1014 d_tlb[victim + i].cam = regs[i + 2];
1015 }
1016
1017 for (victim = 0; victim < 64; victim++)
1018 {
1019 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1020 * base remains unchanged, victim goes through entries 0 to 63 */
1021 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1022 arm9tdmi_write_core_regs(target, 0x2, regs);
1023
1024 /* set interpret mode */
1025 cp15c15 |= 0x1;
1026 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
1027
1028 /* Write D TLB lockdown */
1029 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1030
1031 /* Read D TLB RAM1 */
1032 arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1033
1034 /* Read D TLB RAM2 */
1035 arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1036
1037 /* clear interpret mode */
1038 cp15c15 &= ~0x1;
1039 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
1040
1041 /* read D TLB RAM content stored to r2 and r3 */
1042 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1043 if ((retval = jtag_execute_queue()) != ERROR_OK)
1044 {
1045 return retval;
1046 }
1047
1048 d_tlb[victim].ram1 = regs[2];
1049 d_tlb[victim].ram2 = regs[3];
1050 }
1051
1052 /* restore D TLB lockdown */
1053 regs[1] = Dlockdown;
1054 arm9tdmi_write_core_regs(target, 0x2, regs);
1055
1056 /* Write D TLB lockdown */
1057 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1058
1059 /* prepare reading I TLB content
1060 * */
1061
1062 /* set interpret mode */
1063 cp15c15 |= 0x1;
1064 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
1065
1066 /* Read I TLB lockdown */
1067 arm920t_execute_cp15(target, ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1068
1069 /* clear interpret mode */
1070 cp15c15 &= ~0x1;
1071 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
1072
1073 /* read I TLB lockdown stored to r1 */
1074 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1075 if ((retval = jtag_execute_queue()) != ERROR_OK)
1076 {
1077 return retval;
1078 }
1079 Ilockdown = regs[1];
1080
1081 for (victim = 0; victim < 64; victim += 8)
1082 {
1083 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1084 * base remains unchanged, victim goes through entries 0 to 63 */
1085 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1086 arm9tdmi_write_core_regs(target, 0x2, regs);
1087
1088 /* set interpret mode */
1089 cp15c15 |= 0x1;
1090 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
1091
1092 /* Write I TLB lockdown */
1093 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1094
1095 /* Read I TLB CAM */
1096 arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,5,4), ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1097
1098 /* clear interpret mode */
1099 cp15c15 &= ~0x1;
1100 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
1101
1102 /* read I TLB CAM content stored to r2-r9 */
1103 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1104 if ((retval = jtag_execute_queue()) != ERROR_OK)
1105 {
1106 return retval;
1107 }
1108
1109 for (i = 0; i < 8; i++)
1110 i_tlb[i + victim].cam = regs[i + 2];
1111 }
1112
1113 for (victim = 0; victim < 64; victim++)
1114 {
1115 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1116 * base remains unchanged, victim goes through entries 0 to 63 */
1117 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1118 arm9tdmi_write_core_regs(target, 0x2, regs);
1119
1120 /* set interpret mode */
1121 cp15c15 |= 0x1;
1122 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
1123
1124 /* Write I TLB lockdown */
1125 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1126
1127 /* Read I TLB RAM1 */
1128 arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1129
1130 /* Read I TLB RAM2 */
1131 arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1132
1133 /* clear interpret mode */
1134 cp15c15 &= ~0x1;
1135 arm920t_write_cp15_physical(target, 0x1e, cp15c15);
1136
1137 /* read I TLB RAM content stored to r2 and r3 */
1138 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1139 if ((retval = jtag_execute_queue()) != ERROR_OK)
1140 {
1141 return retval;
1142 }
1143
1144 i_tlb[victim].ram1 = regs[2];
1145 i_tlb[victim].ram2 = regs[3];
1146 }
1147
1148 /* restore I TLB lockdown */
1149 regs[1] = Ilockdown;
1150 arm9tdmi_write_core_regs(target, 0x2, regs);
1151
1152 /* Write I TLB lockdown */
1153 arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1154
1155 /* restore CP15 MMU and Cache settings */
1156 arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl_saved);
1157
1158 /* output data to file */
1159 fprintf(output, "D TLB content:\n");
1160 for (i = 0; i < 64; i++)
1161 {
1162 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " %s\n", i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2, (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1163 }
1164
1165 fprintf(output, "\n\nI TLB content:\n");
1166 for (i = 0; i < 64; i++)
1167 {
1168 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " %s\n", i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2, (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1169 }
1170
1171 command_print(CMD_CTX, "mmu content successfully output to %s", CMD_ARGV[0]);
1172
1173 fclose(output);
1174
1175 if (!is_arm_mode(armv4_5->core_mode))
1176 return ERROR_FAIL;
1177
1178 /* mark registers dirty */
1179 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1180 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).valid;
1181 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).valid;
1182 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).valid;
1183 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).valid;
1184 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).valid;
1185 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).valid;
1186 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).valid;
1187 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).valid;
1188 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).valid;
1189
1190 return ERROR_OK;
1191 }
1192
1193 COMMAND_HANDLER(arm920t_handle_cp15_command)
1194 {
1195 int retval;
1196 struct target *target = get_current_target(CMD_CTX);
1197 struct arm920t_common *arm920t = target_to_arm920(target);
1198
1199 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1200 if (retval != ERROR_OK)
1201 return retval;
1202
1203 if (target->state != TARGET_HALTED)
1204 {
1205 command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
1206 return ERROR_OK;
1207 }
1208
1209 /* one or more argument, access a single register (write if second argument is given */
1210 if (CMD_ARGC >= 1)
1211 {
1212 int address;
1213 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1214
1215 if (CMD_ARGC == 1)
1216 {
1217 uint32_t value;
1218 if ((retval = arm920t_read_cp15_physical(target, address, &value)) != ERROR_OK)
1219 {
1220 command_print(CMD_CTX, "couldn't access reg %i", address);
1221 return ERROR_OK;
1222 }
1223 if ((retval = jtag_execute_queue()) != ERROR_OK)
1224 {
1225 return retval;
1226 }
1227
1228 command_print(CMD_CTX, "%i: %8.8" PRIx32 "", address, value);
1229 }
1230 else if (CMD_ARGC == 2)
1231 {
1232 uint32_t value;
1233 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1234 if ((retval = arm920t_write_cp15_physical(target, address, value)) != ERROR_OK)
1235 {
1236 command_print(CMD_CTX, "couldn't access reg %i", address);
1237 return ERROR_OK;
1238 }
1239 command_print(CMD_CTX, "%i: %8.8" PRIx32 "", address, value);
1240 }
1241 }
1242
1243 return ERROR_OK;
1244 }
1245
1246 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1247 {
1248 int retval;
1249 struct target *target = get_current_target(CMD_CTX);
1250 struct arm920t_common *arm920t = target_to_arm920(target);
1251
1252 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1253 if (retval != ERROR_OK)
1254 return retval;
1255
1256
1257 if (target->state != TARGET_HALTED)
1258 {
1259 command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
1260 return ERROR_OK;
1261 }
1262
1263 /* one or more argument, access a single register (write if second argument is given */
1264 if (CMD_ARGC >= 1)
1265 {
1266 uint32_t opcode;
1267 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1268
1269 if (CMD_ARGC == 1)
1270 {
1271 uint32_t value;
1272 if ((retval = arm920t_read_cp15_interpreted(target, opcode, 0x0, &value)) != ERROR_OK)
1273 {
1274 command_print(CMD_CTX, "couldn't execute %8.8" PRIx32 "", opcode);
1275 return ERROR_OK;
1276 }
1277
1278 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32 "", opcode, value);
1279 }
1280 else if (CMD_ARGC == 2)
1281 {
1282 uint32_t value;
1283 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1284 if ((retval = arm920t_write_cp15_interpreted(target, opcode, value, 0)) != ERROR_OK)
1285 {
1286 command_print(CMD_CTX, "couldn't execute %8.8" PRIx32 "", opcode);
1287 return ERROR_OK;
1288 }
1289 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32 "", opcode, value);
1290 }
1291 else if (CMD_ARGC == 3)
1292 {
1293 uint32_t value;
1294 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1295 uint32_t address;
1296 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1297 if ((retval = arm920t_write_cp15_interpreted(target, opcode, value, address)) != ERROR_OK)
1298 {
1299 command_print(CMD_CTX, "couldn't execute %8.8" PRIx32 "", opcode);
1300 return ERROR_OK;
1301 }
1302 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32 " %8.8" PRIx32 "", opcode, value, address);
1303 }
1304 }
1305 else
1306 {
1307 command_print(CMD_CTX, "usage: arm920t cp15i <opcode> [value] [address]");
1308 }
1309
1310 return ERROR_OK;
1311 }
1312
1313 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1314 {
1315 int retval;
1316 struct target *target = get_current_target(CMD_CTX);
1317 struct arm920t_common *arm920t = target_to_arm920(target);
1318
1319 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1320 if (retval != ERROR_OK)
1321 return retval;
1322
1323 return armv4_5_handle_cache_info_command(CMD_CTX, &arm920t->armv4_5_mmu.armv4_5_cache);
1324 }
1325
1326
1327 static int arm920t_mrc(struct target *target, int cpnum, uint32_t op1, uint32_t op2, uint32_t CRn, uint32_t CRm, uint32_t *value)
1328 {
1329 if (cpnum!=15)
1330 {
1331 LOG_ERROR("Only cp15 is supported");
1332 return ERROR_FAIL;
1333 }
1334
1335 return arm920t_read_cp15_interpreted(target, mrc_opcode(cpnum, op1, op2, CRn, CRm), 0, value);
1336 }
1337
1338 static int arm920t_mcr(struct target *target, int cpnum, uint32_t op1, uint32_t op2, uint32_t CRn, uint32_t CRm, uint32_t value)
1339 {
1340 if (cpnum!=15)
1341 {
1342 LOG_ERROR("Only cp15 is supported");
1343 return ERROR_FAIL;
1344 }
1345
1346 return arm920t_write_cp15_interpreted(target, mrc_opcode(cpnum, op1, op2, CRn, CRm), 0, value);
1347 }
1348
1349 /** Registers commands to access coprocessor, cache, and MMU resources. */
1350 int arm920t_register_commands(struct command_context *cmd_ctx)
1351 {
1352 int retval;
1353 struct command *arm920t_cmd;
1354
1355 retval = arm9tdmi_register_commands(cmd_ctx);
1356
1357 arm920t_cmd = register_command(cmd_ctx, NULL, "arm920t",
1358 NULL, COMMAND_ANY,
1359 "arm920t specific commands");
1360
1361 register_command(cmd_ctx, arm920t_cmd, "cp15",
1362 arm920t_handle_cp15_command, COMMAND_EXEC,
1363 "display/modify cp15 register <num> [value]");
1364 register_command(cmd_ctx, arm920t_cmd, "cp15i",
1365 arm920t_handle_cp15i_command, COMMAND_EXEC,
1366 "display/modify cp15 (interpreted access) "
1367 "<opcode> [value] [address]");
1368 register_command(cmd_ctx, arm920t_cmd, "cache_info",
1369 arm920t_handle_cache_info_command, COMMAND_EXEC,
1370 "display information about target caches");
1371 register_command(cmd_ctx, arm920t_cmd, "read_cache",
1372 arm920t_handle_read_cache_command, COMMAND_EXEC,
1373 "display I/D cache content");
1374 register_command(cmd_ctx, arm920t_cmd, "read_mmu",
1375 arm920t_handle_read_mmu_command, COMMAND_EXEC,
1376 "display I/D mmu content");
1377
1378 return retval;
1379 }
1380
1381 /** Holds methods for ARM920 targets. */
1382 struct target_type arm920t_target =
1383 {
1384 .name = "arm920t",
1385
1386 .poll = arm7_9_poll,
1387 .arch_state = arm920t_arch_state,
1388
1389 .target_request_data = arm7_9_target_request_data,
1390
1391 .halt = arm7_9_halt,
1392 .resume = arm7_9_resume,
1393 .step = arm7_9_step,
1394
1395 .assert_reset = arm7_9_assert_reset,
1396 .deassert_reset = arm7_9_deassert_reset,
1397 .soft_reset_halt = arm920t_soft_reset_halt,
1398
1399 .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
1400
1401 .read_memory = arm920t_read_memory,
1402 .write_memory = arm920t_write_memory,
1403 .read_phys_memory = arm920t_read_phys_memory,
1404 .write_phys_memory = arm920t_write_phys_memory,
1405 .mmu = arm920_mmu,
1406 .virt2phys = arm920_virt2phys,
1407
1408 .bulk_write_memory = arm7_9_bulk_write_memory,
1409
1410 .checksum_memory = arm_checksum_memory,
1411 .blank_check_memory = arm_blank_check_memory,
1412
1413 .run_algorithm = armv4_5_run_algorithm,
1414
1415 .add_breakpoint = arm7_9_add_breakpoint,
1416 .remove_breakpoint = arm7_9_remove_breakpoint,
1417 .add_watchpoint = arm7_9_add_watchpoint,
1418 .remove_watchpoint = arm7_9_remove_watchpoint,
1419
1420 .register_commands = arm920t_register_commands,
1421 .target_create = arm920t_target_create,
1422 .init_target = arm9tdmi_init_target,
1423 .examine = arm7_9_examine,
1424 .mrc = arm920t_mrc,
1425 .mcr = arm920t_mcr,
1426 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)