Code Review / openocd.git / blob
? search:


01b7aee808b931d8482fe958a1e4a4b0f8877c5b
[openocd.git] / src / target / cortex_a8.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2006 by Magnus Lundin *
6 * lundin@mlu.mine.nu *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 * *
29 * Cortex-A8(tm) TRM, ARM DDI 0344H *
30 * *
31 ***************************************************************************/
32 #ifdef HAVE_CONFIG_H
33 #include "config.h"
34 #endif
35
36 #include "breakpoints.h"
37 #include "cortex_a8.h"
38 #include "register.h"
39 #include "target_request.h"
40 #include "target_type.h"
41
42 static int cortex_a8_poll(struct target *target);
43 static int cortex_a8_debug_entry(struct target *target);
44 static int cortex_a8_restore_context(struct target *target);
45 static int cortex_a8_set_breakpoint(struct target *target,
46 struct breakpoint *breakpoint, uint8_t matchmode);
47 static int cortex_a8_unset_breakpoint(struct target *target,
48 struct breakpoint *breakpoint);
49 static int cortex_a8_dap_read_coreregister_u32(struct target *target,
50 uint32_t *value, int regnum);
51 static int cortex_a8_dap_write_coreregister_u32(struct target *target,
52 uint32_t value, int regnum);
53 /*
54 * FIXME do topology discovery using the ROM; don't
55 * assume this is an OMAP3.
56 */
57 #define swjdp_memoryap 0
58 #define swjdp_debugap 1
59 #define OMAP3530_DEBUG_BASE 0x54011000
60
61 /*
62 * Cortex-A8 Basic debug access, very low level assumes state is saved
63 */
64 static int cortex_a8_init_debug_access(struct target *target)
65 {
66 struct armv7a_common *armv7a = target_to_armv7a(target);
67 struct swjdp_common *swjdp = &armv7a->swjdp_info;
68
69 int retval;
70 uint32_t dummy;
71
72 LOG_DEBUG(" ");
73
74 /* Unlocking the debug registers for modification */
75 /* The debugport might be uninitialised so try twice */
76 retval = mem_ap_write_atomic_u32(swjdp, armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
77 if (retval != ERROR_OK)
78 mem_ap_write_atomic_u32(swjdp, armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
79 /* Clear Sticky Power Down status Bit in PRSR to enable access to
80 the registers in the Core Power Domain */
81 retval = mem_ap_read_atomic_u32(swjdp, armv7a->debug_base + CPUDBG_PRSR, &dummy);
82 /* Enabling of instruction execution in debug mode is done in debug_entry code */
83
84 /* Resync breakpoint registers */
85
86 /* Since this is likley called from init or reset, update targtet state information*/
87 cortex_a8_poll(target);
88
89 return retval;
90 }
91
92 int cortex_a8_exec_opcode(struct target *target, uint32_t opcode)
93 {
94 uint32_t dscr;
95 int retval;
96 struct armv7a_common *armv7a = target_to_armv7a(target);
97 struct swjdp_common *swjdp = &armv7a->swjdp_info;
98
99 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
100 do
101 {
102 retval = mem_ap_read_atomic_u32(swjdp,
103 armv7a->debug_base + CPUDBG_DSCR, &dscr);
104 if (retval != ERROR_OK)
105 {
106 LOG_ERROR("Could not read DSCR register, opcode = 0x%08" PRIx32, opcode);
107 return retval;
108 }
109 }
110 while ((dscr & (1 << DSCR_INSTR_COMP)) == 0); /* Wait for InstrCompl bit to be set */
111
112 mem_ap_write_u32(swjdp, armv7a->debug_base + CPUDBG_ITR, opcode);
113
114 do
115 {
116 retval = mem_ap_read_atomic_u32(swjdp,
117 armv7a->debug_base + CPUDBG_DSCR, &dscr);
118 if (retval != ERROR_OK)
119 {
120 LOG_ERROR("Could not read DSCR register");
121 return retval;
122 }
123 }
124 while ((dscr & (1 << DSCR_INSTR_COMP)) == 0); /* Wait for InstrCompl bit to be set */
125
126 return retval;
127 }
128
129 /**************************************************************************
130 Read core register with very few exec_opcode, fast but needs work_area.
131 This can cause problems with MMU active.
132 **************************************************************************/
133 static int cortex_a8_read_regs_through_mem(struct target *target, uint32_t address,
134 uint32_t * regfile)
135 {
136 int retval = ERROR_OK;
137 struct armv7a_common *armv7a = target_to_armv7a(target);
138 struct swjdp_common *swjdp = &armv7a->swjdp_info;
139
140 cortex_a8_dap_read_coreregister_u32(target, regfile, 0);
141 cortex_a8_dap_write_coreregister_u32(target, address, 0);
142 cortex_a8_exec_opcode(target, ARMV4_5_STMIA(0, 0xFFFE, 0, 0));
143 dap_ap_select(swjdp, swjdp_memoryap);
144 mem_ap_read_buf_u32(swjdp, (uint8_t *)(&regfile[1]), 4*15, address);
145 dap_ap_select(swjdp, swjdp_debugap);
146
147 return retval;
148 }
149
150 static int cortex_a8_read_cp(struct target *target, uint32_t *value, uint8_t CP,
151 uint8_t op1, uint8_t CRn, uint8_t CRm, uint8_t op2)
152 {
153 int retval;
154 struct armv7a_common *armv7a = target_to_armv7a(target);
155 struct swjdp_common *swjdp = &armv7a->swjdp_info;
156
157 cortex_a8_exec_opcode(target, ARMV4_5_MRC(CP, op1, 0, CRn, CRm, op2));
158 /* Move R0 to DTRTX */
159 cortex_a8_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
160
161 /* Read DCCTX */
162 retval = mem_ap_read_atomic_u32(swjdp,
163 armv7a->debug_base + CPUDBG_DTRTX, value);
164
165 return retval;
166 }
167
168 static int cortex_a8_write_cp(struct target *target, uint32_t value,
169 uint8_t CP, uint8_t op1, uint8_t CRn, uint8_t CRm, uint8_t op2)
170 {
171 int retval;
172 uint32_t dscr;
173 struct armv7a_common *armv7a = target_to_armv7a(target);
174 struct swjdp_common *swjdp = &armv7a->swjdp_info;
175
176 LOG_DEBUG("CP%i, CRn %i, value 0x%08" PRIx32, CP, CRn, value);
177
178 /* Check that DCCRX is not full */
179 retval = mem_ap_read_atomic_u32(swjdp,
180 armv7a->debug_base + CPUDBG_DSCR, &dscr);
181 if (dscr & (1 << DSCR_DTR_RX_FULL))
182 {
183 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
184 /* Clear DCCRX with MCR(p14, 0, Rd, c0, c5, 0), opcode 0xEE000E15 */
185 cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0));
186 }
187
188 retval = mem_ap_write_u32(swjdp,
189 armv7a->debug_base + CPUDBG_DTRRX, value);
190 /* Move DTRRX to r0 */
191 cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0));
192
193 cortex_a8_exec_opcode(target, ARMV4_5_MCR(CP, op1, 0, CRn, CRm, op2));
194 return retval;
195 }
196
197 static int cortex_a8_read_cp15(struct target *target, uint32_t op1, uint32_t op2,
198 uint32_t CRn, uint32_t CRm, uint32_t *value)
199 {
200 return cortex_a8_read_cp(target, value, 15, op1, CRn, CRm, op2);
201 }
202
203 static int cortex_a8_write_cp15(struct target *target, uint32_t op1, uint32_t op2,
204 uint32_t CRn, uint32_t CRm, uint32_t value)
205 {
206 return cortex_a8_write_cp(target, value, 15, op1, CRn, CRm, op2);
207 }
208
209 static int cortex_a8_mrc(struct target *target, int cpnum, uint32_t op1, uint32_t op2, uint32_t CRn, uint32_t CRm, uint32_t *value)
210 {
211 if (cpnum!=15)
212 {
213 LOG_ERROR("Only cp15 is supported");
214 return ERROR_FAIL;
215 }
216 return cortex_a8_read_cp15(target, op1, op2, CRn, CRm, value);
217 }
218
219 static int cortex_a8_mcr(struct target *target, int cpnum, uint32_t op1, uint32_t op2, uint32_t CRn, uint32_t CRm, uint32_t value)
220 {
221 if (cpnum!=15)
222 {
223 LOG_ERROR("Only cp15 is supported");
224 return ERROR_FAIL;
225 }
226 return cortex_a8_write_cp15(target, op1, op2, CRn, CRm, value);
227 }
228
229
230
231 static int cortex_a8_dap_read_coreregister_u32(struct target *target,
232 uint32_t *value, int regnum)
233 {
234 int retval = ERROR_OK;
235 uint8_t reg = regnum&0xFF;
236 uint32_t dscr;
237 struct armv7a_common *armv7a = target_to_armv7a(target);
238 struct swjdp_common *swjdp = &armv7a->swjdp_info;
239
240 if (reg > 17)
241 return retval;
242
243 if (reg < 15)
244 {
245 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
246 cortex_a8_exec_opcode(target, ARMV4_5_MCR(14, 0, reg, 0, 5, 0));
247 }
248 else if (reg == 15)
249 {
250 /* "MOV r0, r15"; then move r0 to DCCTX */
251 cortex_a8_exec_opcode(target, 0xE1A0000F);
252 cortex_a8_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
253 }
254 else
255 {
256 /* "MRS r0, CPSR" or "MRS r0, SPSR"
257 * then move r0 to DCCTX
258 */
259 cortex_a8_exec_opcode(target, ARMV4_5_MRS(0, reg & 1));
260 cortex_a8_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
261 }
262
263 /* Read DTRRTX */
264 do
265 {
266 retval = mem_ap_read_atomic_u32(swjdp,
267 armv7a->debug_base + CPUDBG_DSCR, &dscr);
268 }
269 while ((dscr & (1 << DSCR_DTR_TX_FULL)) == 0); /* Wait for DTRRXfull */
270
271 retval = mem_ap_read_atomic_u32(swjdp,
272 armv7a->debug_base + CPUDBG_DTRTX, value);
273 LOG_DEBUG("read DCC 0x%08" PRIx32, *value);
274
275 return retval;
276 }
277
278 static int cortex_a8_dap_write_coreregister_u32(struct target *target,
279 uint32_t value, int regnum)
280 {
281 int retval = ERROR_OK;
282 uint8_t Rd = regnum&0xFF;
283 uint32_t dscr;
284 struct armv7a_common *armv7a = target_to_armv7a(target);
285 struct swjdp_common *swjdp = &armv7a->swjdp_info;
286
287 LOG_DEBUG("register %i, value 0x%08" PRIx32, regnum, value);
288
289 /* Check that DCCRX is not full */
290 retval = mem_ap_read_atomic_u32(swjdp,
291 armv7a->debug_base + CPUDBG_DSCR, &dscr);
292 if (dscr & (1 << DSCR_DTR_RX_FULL))
293 {
294 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
295 /* Clear DCCRX with MCR(p14, 0, Rd, c0, c5, 0), opcode 0xEE000E15 */
296 cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0));
297 }
298
299 if (Rd > 17)
300 return retval;
301
302 /* Write to DCCRX */
303 LOG_DEBUG("write DCC 0x%08" PRIx32, value);
304 retval = mem_ap_write_u32(swjdp,
305 armv7a->debug_base + CPUDBG_DTRRX, value);
306
307 if (Rd < 15)
308 {
309 /* DCCRX to Rn, "MCR p14, 0, Rn, c0, c5, 0", 0xEE00nE15 */
310 cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, Rd, 0, 5, 0));
311 }
312 else if (Rd == 15)
313 {
314 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15
315 * then "mov r15, r0"
316 */
317 cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0));
318 cortex_a8_exec_opcode(target, 0xE1A0F000);
319 }
320 else
321 {
322 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15
323 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
324 */
325 cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0));
326 cortex_a8_exec_opcode(target, ARMV4_5_MSR_GP(0, 0xF, Rd & 1));
327
328 /* "Prefetch flush" after modifying execution status in CPSR */
329 if (Rd == 16)
330 cortex_a8_exec_opcode(target,
331 ARMV4_5_MCR(15, 0, 0, 7, 5, 4));
332 }
333
334 return retval;
335 }
336
337 /* Write to memory mapped registers directly with no cache or mmu handling */
338 static int cortex_a8_dap_write_memap_register_u32(struct target *target, uint32_t address, uint32_t value)
339 {
340 int retval;
341 struct armv7a_common *armv7a = target_to_armv7a(target);
342 struct swjdp_common *swjdp = &armv7a->swjdp_info;
343
344 retval = mem_ap_write_atomic_u32(swjdp, address, value);
345
346 return retval;
347 }
348
349 /*
350 * Cortex-A8 Run control
351 */
352
353 static int cortex_a8_poll(struct target *target)
354 {
355 int retval = ERROR_OK;
356 uint32_t dscr;
357 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
358 struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
359 struct swjdp_common *swjdp = &armv7a->swjdp_info;
360 enum target_state prev_target_state = target->state;
361 uint8_t saved_apsel = dap_ap_get_select(swjdp);
362
363 dap_ap_select(swjdp, swjdp_debugap);
364 retval = mem_ap_read_atomic_u32(swjdp,
365 armv7a->debug_base + CPUDBG_DSCR, &dscr);
366 if (retval != ERROR_OK)
367 {
368 dap_ap_select(swjdp, saved_apsel);
369 return retval;
370 }
371 cortex_a8->cpudbg_dscr = dscr;
372
373 if ((dscr & 0x3) == 0x3)
374 {
375 if (prev_target_state != TARGET_HALTED)
376 {
377 /* We have a halting debug event */
378 LOG_DEBUG("Target halted");
379 target->state = TARGET_HALTED;
380 if ((prev_target_state == TARGET_RUNNING)
381 || (prev_target_state == TARGET_RESET))
382 {
383 retval = cortex_a8_debug_entry(target);
384 if (retval != ERROR_OK)
385 return retval;
386
387 target_call_event_callbacks(target,
388 TARGET_EVENT_HALTED);
389 }
390 if (prev_target_state == TARGET_DEBUG_RUNNING)
391 {
392 LOG_DEBUG(" ");
393
394 retval = cortex_a8_debug_entry(target);
395 if (retval != ERROR_OK)
396 return retval;
397
398 target_call_event_callbacks(target,
399 TARGET_EVENT_DEBUG_HALTED);
400 }
401 }
402 }
403 else if ((dscr & 0x3) == 0x2)
404 {
405 target->state = TARGET_RUNNING;
406 }
407 else
408 {
409 LOG_DEBUG("Unknown target state dscr = 0x%08" PRIx32, dscr);
410 target->state = TARGET_UNKNOWN;
411 }
412
413 dap_ap_select(swjdp, saved_apsel);
414
415 return retval;
416 }
417
418 static int cortex_a8_halt(struct target *target)
419 {
420 int retval = ERROR_OK;
421 uint32_t dscr;
422 struct armv7a_common *armv7a = target_to_armv7a(target);
423 struct swjdp_common *swjdp = &armv7a->swjdp_info;
424 uint8_t saved_apsel = dap_ap_get_select(swjdp);
425 dap_ap_select(swjdp, swjdp_debugap);
426
427 /*
428 * Tell the core to be halted by writing DRCR with 0x1
429 * and then wait for the core to be halted.
430 */
431 retval = mem_ap_write_atomic_u32(swjdp,
432 armv7a->debug_base + CPUDBG_DRCR, 0x1);
433
434 /*
435 * enter halting debug mode
436 */
437 mem_ap_read_atomic_u32(swjdp, armv7a->debug_base + CPUDBG_DSCR, &dscr);
438 retval = mem_ap_write_atomic_u32(swjdp,
439 armv7a->debug_base + CPUDBG_DSCR, dscr | (1 << DSCR_HALT_DBG_MODE));
440
441 if (retval != ERROR_OK)
442 goto out;
443
444 do {
445 mem_ap_read_atomic_u32(swjdp,
446 armv7a->debug_base + CPUDBG_DSCR, &dscr);
447 } while ((dscr & (1 << DSCR_CORE_HALTED)) == 0);
448
449 target->debug_reason = DBG_REASON_DBGRQ;
450
451 out:
452 dap_ap_select(swjdp, saved_apsel);
453 return retval;
454 }
455
456 static int cortex_a8_resume(struct target *target, int current,
457 uint32_t address, int handle_breakpoints, int debug_execution)
458 {
459 struct armv7a_common *armv7a = target_to_armv7a(target);
460 struct armv4_5_common_s *armv4_5 = &armv7a->armv4_5_common;
461 struct swjdp_common *swjdp = &armv7a->swjdp_info;
462
463 // struct breakpoint *breakpoint = NULL;
464 uint32_t resume_pc, dscr;
465
466 uint8_t saved_apsel = dap_ap_get_select(swjdp);
467 dap_ap_select(swjdp, swjdp_debugap);
468
469 if (!debug_execution)
470 {
471 target_free_all_working_areas(target);
472 // cortex_m3_enable_breakpoints(target);
473 // cortex_m3_enable_watchpoints(target);
474 }
475
476 #if 0
477 if (debug_execution)
478 {
479 /* Disable interrupts */
480 /* We disable interrupts in the PRIMASK register instead of
481 * masking with C_MASKINTS,
482 * This is probably the same issue as Cortex-M3 Errata 377493:
483 * C_MASKINTS in parallel with disabled interrupts can cause
484 * local faults to not be taken. */
485 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
486 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
487 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
488
489 /* Make sure we are in Thumb mode */
490 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
491 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32) | (1 << 24));
492 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
493 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
494 }
495 #endif
496
497 /* current = 1: continue on current pc, otherwise continue at <address> */
498 resume_pc = buf_get_u32(
499 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
500 armv4_5->core_mode, 15).value,
501 0, 32);
502 if (!current)
503 resume_pc = address;
504
505 /* Make sure that the Armv7 gdb thumb fixups does not
506 * kill the return address
507 */
508 switch (armv4_5->core_state)
509 {
510 case ARMV4_5_STATE_ARM:
511 resume_pc &= 0xFFFFFFFC;
512 break;
513 case ARMV4_5_STATE_THUMB:
514 case ARM_STATE_THUMB_EE:
515 /* When the return address is loaded into PC
516 * bit 0 must be 1 to stay in Thumb state
517 */
518 resume_pc |= 0x1;
519 break;
520 case ARMV4_5_STATE_JAZELLE:
521 LOG_ERROR("How do I resume into Jazelle state??");
522 return ERROR_FAIL;
523 }
524 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
525 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
526 armv4_5->core_mode, 15).value,
527 0, 32, resume_pc);
528 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
529 armv4_5->core_mode, 15).dirty = 1;
530 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
531 armv4_5->core_mode, 15).valid = 1;
532
533 cortex_a8_restore_context(target);
534 // arm7_9_restore_context(target); TODO Context is currently NOT Properly restored
535 #if 0
536 /* the front-end may request us not to handle breakpoints */
537 if (handle_breakpoints)
538 {
539 /* Single step past breakpoint at current address */
540 if ((breakpoint = breakpoint_find(target, resume_pc)))
541 {
542 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
543 cortex_m3_unset_breakpoint(target, breakpoint);
544 cortex_m3_single_step_core(target);
545 cortex_m3_set_breakpoint(target, breakpoint);
546 }
547 }
548
549 #endif
550 /* Restart core and wait for it to be started */
551 mem_ap_write_atomic_u32(swjdp, armv7a->debug_base + CPUDBG_DRCR, 0x2);
552
553 do {
554 mem_ap_read_atomic_u32(swjdp,
555 armv7a->debug_base + CPUDBG_DSCR, &dscr);
556 } while ((dscr & (1 << DSCR_CORE_RESTARTED)) == 0);
557
558 target->debug_reason = DBG_REASON_NOTHALTED;
559 target->state = TARGET_RUNNING;
560
561 /* registers are now invalid */
562 register_cache_invalidate(armv4_5->core_cache);
563
564 if (!debug_execution)
565 {
566 target->state = TARGET_RUNNING;
567 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
568 LOG_DEBUG("target resumed at 0x%" PRIx32, resume_pc);
569 }
570 else
571 {
572 target->state = TARGET_DEBUG_RUNNING;
573 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
574 LOG_DEBUG("target debug resumed at 0x%" PRIx32, resume_pc);
575 }
576
577 dap_ap_select(swjdp, saved_apsel);
578
579 return ERROR_OK;
580 }
581
582 static int cortex_a8_debug_entry(struct target *target)
583 {
584 int i;
585 uint32_t regfile[16], pc, cpsr, dscr;
586 int retval = ERROR_OK;
587 struct working_area *regfile_working_area = NULL;
588 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
589 struct armv7a_common *armv7a = target_to_armv7a(target);
590 struct armv4_5_common_s *armv4_5 = &armv7a->armv4_5_common;
591 struct swjdp_common *swjdp = &armv7a->swjdp_info;
592 struct reg *reg;
593
594 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a8->cpudbg_dscr);
595
596 /* Enable the ITR execution once we are in debug mode */
597 mem_ap_read_atomic_u32(swjdp,
598 armv7a->debug_base + CPUDBG_DSCR, &dscr);
599 dscr |= (1 << DSCR_EXT_INT_EN);
600 retval = mem_ap_write_atomic_u32(swjdp,
601 armv7a->debug_base + CPUDBG_DSCR, dscr);
602
603 /* Examine debug reason */
604 switch ((cortex_a8->cpudbg_dscr >> 2)&0xF)
605 {
606 case 0:
607 case 4:
608 target->debug_reason = DBG_REASON_DBGRQ;
609 break;
610 case 1:
611 case 3:
612 target->debug_reason = DBG_REASON_BREAKPOINT;
613 break;
614 case 10:
615 target->debug_reason = DBG_REASON_WATCHPOINT;
616 break;
617 default:
618 target->debug_reason = DBG_REASON_UNDEFINED;
619 break;
620 }
621
622 /* Examine target state and mode */
623 if (cortex_a8->fast_reg_read)
624 target_alloc_working_area(target, 64, &regfile_working_area);
625
626 /* First load register acessible through core debug port*/
627 if (!regfile_working_area)
628 {
629 /* FIXME we don't actually need all these registers;
630 * reading them slows us down. Just R0, PC, CPSR...
631 */
632 for (i = 0; i <= 15; i++)
633 cortex_a8_dap_read_coreregister_u32(target,
634 &regfile[i], i);
635 }
636 else
637 {
638 dap_ap_select(swjdp, swjdp_memoryap);
639 cortex_a8_read_regs_through_mem(target,
640 regfile_working_area->address, regfile);
641 dap_ap_select(swjdp, swjdp_memoryap);
642 target_free_working_area(target, regfile_working_area);
643 }
644
645 /* read Current PSR */
646 cortex_a8_dap_read_coreregister_u32(target, &cpsr, 16);
647 pc = regfile[15];
648 dap_ap_select(swjdp, swjdp_debugap);
649 LOG_DEBUG("cpsr: %8.8" PRIx32, cpsr);
650
651 armv4_5->core_mode = cpsr & 0x1F;
652
653 i = (cpsr >> 5) & 1; /* T */
654 i |= (cpsr >> 23) & 1; /* J << 1 */
655 switch (i) {
656 case 0: /* J = 0, T = 0 */
657 armv4_5->core_state = ARMV4_5_STATE_ARM;
658 break;
659 case 1: /* J = 0, T = 1 */
660 armv4_5->core_state = ARMV4_5_STATE_THUMB;
661 break;
662 case 2: /* J = 1, T = 0 */
663 LOG_WARNING("Jazelle state -- not handled");
664 armv4_5->core_state = ARMV4_5_STATE_JAZELLE;
665 break;
666 case 3: /* J = 1, T = 1 */
667 /* ThumbEE is very much like Thumb, but some of the
668 * instructions are different. Single stepping and
669 * breakpoints need updating...
670 */
671 LOG_WARNING("ThumbEE -- incomplete support");
672 armv4_5->core_state = ARM_STATE_THUMB_EE;
673 break;
674 }
675
676 /* update cache */
677 reg = armv4_5->core_cache->reg_list + ARMV4_5_CPSR;
678 buf_set_u32(reg->value, 0, 32, cpsr);
679 reg->valid = 1;
680 reg->dirty = 0;
681
682 for (i = 0; i <= ARM_PC; i++)
683 {
684 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
685 armv4_5->core_mode, i);
686
687 buf_set_u32(reg->value, 0, 32, regfile[i]);
688 reg->valid = 1;
689 reg->dirty = 0;
690 }
691
692 /* Fixup PC Resume Address */
693 if (cpsr & (1 << 5))
694 {
695 // T bit set for Thumb or ThumbEE state
696 regfile[ARM_PC] -= 4;
697 }
698 else
699 {
700 // ARM state
701 regfile[ARM_PC] -= 8;
702 }
703 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
704 armv4_5->core_mode, ARM_PC).value,
705 0, 32, regfile[ARM_PC]);
706
707 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0)
708 .dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
709 armv4_5->core_mode, 0).valid;
710 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15)
711 .dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
712 armv4_5->core_mode, 15).valid;
713
714 #if 0
715 /* TODO, Move this */
716 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
717 cortex_a8_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
718 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
719
720 cortex_a8_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
721 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
722
723 cortex_a8_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
724 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
725 #endif
726
727 /* Are we in an exception handler */
728 // armv4_5->exception_number = 0;
729 if (armv7a->post_debug_entry)
730 armv7a->post_debug_entry(target);
731
732
733
734 return retval;
735
736 }
737
738 static void cortex_a8_post_debug_entry(struct target *target)
739 {
740 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
741 struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
742
743 // cortex_a8_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
744 /* examine cp15 control reg */
745 armv7a->read_cp15(target, 0, 0, 1, 0, &cortex_a8->cp15_control_reg);
746 jtag_execute_queue();
747 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a8->cp15_control_reg);
748
749 if (armv7a->armv4_5_mmu.armv4_5_cache.ctype == -1)
750 {
751 uint32_t cache_type_reg;
752 /* identify caches */
753 armv7a->read_cp15(target, 0, 1, 0, 0, &cache_type_reg);
754 jtag_execute_queue();
755 /* FIXME the armv4_4 cache info DOES NOT APPLY to Cortex-A8 */
756 armv4_5_identify_cache(cache_type_reg,
757 &armv7a->armv4_5_mmu.armv4_5_cache);
758 }
759
760 armv7a->armv4_5_mmu.mmu_enabled =
761 (cortex_a8->cp15_control_reg & 0x1U) ? 1 : 0;
762 armv7a->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
763 (cortex_a8->cp15_control_reg & 0x4U) ? 1 : 0;
764 armv7a->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
765 (cortex_a8->cp15_control_reg & 0x1000U) ? 1 : 0;
766
767
768 }
769
770 static int cortex_a8_step(struct target *target, int current, uint32_t address,
771 int handle_breakpoints)
772 {
773 struct armv7a_common *armv7a = target_to_armv7a(target);
774 struct armv4_5_common_s *armv4_5 = &armv7a->armv4_5_common;
775 struct breakpoint *breakpoint = NULL;
776 struct breakpoint stepbreakpoint;
777
778 int timeout = 100;
779
780 if (target->state != TARGET_HALTED)
781 {
782 LOG_WARNING("target not halted");
783 return ERROR_TARGET_NOT_HALTED;
784 }
785
786 /* current = 1: continue on current pc, otherwise continue at <address> */
787 if (!current)
788 {
789 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
790 armv4_5->core_mode, ARM_PC).value,
791 0, 32, address);
792 }
793 else
794 {
795 address = buf_get_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
796 armv4_5->core_mode, ARM_PC).value,
797 0, 32);
798 }
799
800 /* The front-end may request us not to handle breakpoints.
801 * But since Cortex-A8 uses breakpoint for single step,
802 * we MUST handle breakpoints.
803 */
804 handle_breakpoints = 1;
805 if (handle_breakpoints) {
806 breakpoint = breakpoint_find(target,
807 buf_get_u32(ARMV4_5_CORE_REG_MODE(
808 armv4_5->core_cache,
809 armv4_5->core_mode, 15).value,
810 0, 32));
811 if (breakpoint)
812 cortex_a8_unset_breakpoint(target, breakpoint);
813 }
814
815 /* Setup single step breakpoint */
816 stepbreakpoint.address = address;
817 stepbreakpoint.length = (armv4_5->core_state == ARMV4_5_STATE_THUMB)
818 ? 2 : 4;
819 stepbreakpoint.type = BKPT_HARD;
820 stepbreakpoint.set = 0;
821
822 /* Break on IVA mismatch */
823 cortex_a8_set_breakpoint(target, &stepbreakpoint, 0x04);
824
825 target->debug_reason = DBG_REASON_SINGLESTEP;
826
827 cortex_a8_resume(target, 1, address, 0, 0);
828
829 while (target->state != TARGET_HALTED)
830 {
831 cortex_a8_poll(target);
832 if (--timeout == 0)
833 {
834 LOG_WARNING("timeout waiting for target halt");
835 break;
836 }
837 }
838
839 cortex_a8_unset_breakpoint(target, &stepbreakpoint);
840 if (timeout > 0) target->debug_reason = DBG_REASON_BREAKPOINT;
841
842 if (breakpoint)
843 cortex_a8_set_breakpoint(target, breakpoint, 0);
844
845 if (target->state != TARGET_HALTED)
846 LOG_DEBUG("target stepped");
847
848 return ERROR_OK;
849 }
850
851 static int cortex_a8_restore_context(struct target *target)
852 {
853 int i;
854 uint32_t value;
855 struct armv7a_common *armv7a = target_to_armv7a(target);
856 struct armv4_5_common_s *armv4_5 = &armv7a->armv4_5_common;
857
858 LOG_DEBUG(" ");
859
860 if (armv7a->pre_restore_context)
861 armv7a->pre_restore_context(target);
862
863 for (i = 15; i >= 0; i--)
864 {
865 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
866 armv4_5->core_mode, i).dirty)
867 {
868 value = buf_get_u32(ARMV4_5_CORE_REG_MODE(
869 armv4_5->core_cache,
870 armv4_5->core_mode, i).value,
871 0, 32);
872 /* TODO Check return values */
873 cortex_a8_dap_write_coreregister_u32(target, value, i);
874 }
875 }
876
877 if (armv7a->post_restore_context)
878 armv7a->post_restore_context(target);
879
880 return ERROR_OK;
881 }
882
883
884 #if 0
885 /*
886 * Cortex-A8 Core register functions
887 */
888 static int cortex_a8_load_core_reg_u32(struct target *target, int num,
889 armv4_5_mode_t mode, uint32_t * value)
890 {
891 int retval;
892 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
893
894 if ((num <= ARM_CPSR))
895 {
896 /* read a normal core register */
897 retval = cortex_a8_dap_read_coreregister_u32(target, value, num);
898
899 if (retval != ERROR_OK)
900 {
901 LOG_ERROR("JTAG failure %i", retval);
902 return ERROR_JTAG_DEVICE_ERROR;
903 }
904 LOG_DEBUG("load from core reg %i value 0x%" PRIx32, num, *value);
905 }
906 else
907 {
908 return ERROR_INVALID_ARGUMENTS;
909 }
910
911 /* Register other than r0 - r14 uses r0 for access */
912 if (num > 14)
913 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
914 armv4_5->core_mode, 0).dirty =
915 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
916 armv4_5->core_mode, 0).valid;
917 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
918 armv4_5->core_mode, 15).dirty =
919 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
920 armv4_5->core_mode, 15).valid;
921
922 return ERROR_OK;
923 }
924
925 static int cortex_a8_store_core_reg_u32(struct target *target, int num,
926 armv4_5_mode_t mode, uint32_t value)
927 {
928 int retval;
929 // uint32_t reg;
930 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
931
932 #ifdef ARMV7_GDB_HACKS
933 /* If the LR register is being modified, make sure it will put us
934 * in "thumb" mode, or an INVSTATE exception will occur. This is a
935 * hack to deal with the fact that gdb will sometimes "forge"
936 * return addresses, and doesn't set the LSB correctly (i.e., when
937 * printing expressions containing function calls, it sets LR=0.) */
938
939 if (num == 14)
940 value |= 0x01;
941 #endif
942
943 if ((num <= ARM_CPSR))
944 {
945 retval = cortex_a8_dap_write_coreregister_u32(target, value, num);
946 if (retval != ERROR_OK)
947 {
948 LOG_ERROR("JTAG failure %i", retval);
949 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
950 armv4_5->core_mode, num).dirty =
951 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
952 armv4_5->core_mode, num).valid;
953 return ERROR_JTAG_DEVICE_ERROR;
954 }
955 LOG_DEBUG("write core reg %i value 0x%" PRIx32, num, value);
956 }
957 else
958 {
959 return ERROR_INVALID_ARGUMENTS;
960 }
961
962 return ERROR_OK;
963 }
964 #endif
965
966
967 static int cortex_a8_write_core_reg(struct target *target, int num,
968 enum armv4_5_mode mode, uint32_t value);
969
970 static int cortex_a8_read_core_reg(struct target *target, int num,
971 enum armv4_5_mode mode)
972 {
973 uint32_t value;
974 int retval;
975 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
976 struct reg_cache *cache = armv4_5->core_cache;
977 uint32_t cpsr = 0;
978 unsigned cookie = num;
979
980 /* avoid some needless mode changes
981 * FIXME move some of these to shared ARM code...
982 */
983 if (mode != armv4_5->core_mode) {
984 if ((armv4_5->core_mode == ARMV4_5_MODE_SYS)
985 && (mode == ARMV4_5_MODE_USR))
986 mode = ARMV4_5_MODE_ANY;
987 else if ((mode != ARMV4_5_MODE_FIQ) && (num <= 12))
988 mode = ARMV4_5_MODE_ANY;
989
990 if (mode != ARMV4_5_MODE_ANY) {
991 cpsr = buf_get_u32(cache ->reg_list[ARMV4_5_CPSR]
992 .value, 0, 32);
993 cortex_a8_write_core_reg(target, 16,
994 ARMV4_5_MODE_ANY, mode);
995 }
996 }
997
998 if (num == 16) {
999 switch (mode) {
1000 case ARMV4_5_MODE_USR:
1001 case ARMV4_5_MODE_SYS:
1002 case ARMV4_5_MODE_ANY:
1003 /* CPSR */
1004 break;
1005 default:
1006 /* SPSR */
1007 cookie++;
1008 break;
1009 }
1010 }
1011
1012 cortex_a8_dap_read_coreregister_u32(target, &value, cookie);
1013 retval = jtag_execute_queue();
1014 if (retval == ERROR_OK) {
1015 struct reg *r = &ARMV4_5_CORE_REG_MODE(cache, mode, num);
1016
1017 r->valid = 1;
1018 r->dirty = 0;
1019 buf_set_u32(r->value, 0, 32, value);
1020 }
1021
1022 if (cpsr)
1023 cortex_a8_write_core_reg(target, 16, ARMV4_5_MODE_ANY, cpsr);
1024 return retval;
1025 }
1026
1027 static int cortex_a8_write_core_reg(struct target *target, int num,
1028 enum armv4_5_mode mode, uint32_t value)
1029 {
1030 int retval;
1031 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
1032 struct reg_cache *cache = armv4_5->core_cache;
1033 uint32_t cpsr = 0;
1034 unsigned cookie = num;
1035
1036 /* avoid some needless mode changes
1037 * FIXME move some of these to shared ARM code...
1038 */
1039 if (mode != armv4_5->core_mode) {
1040 if ((armv4_5->core_mode == ARMV4_5_MODE_SYS)
1041 && (mode == ARMV4_5_MODE_USR))
1042 mode = ARMV4_5_MODE_ANY;
1043 else if ((mode != ARMV4_5_MODE_FIQ) && (num <= 12))
1044 mode = ARMV4_5_MODE_ANY;
1045
1046 if (mode != ARMV4_5_MODE_ANY) {
1047 cpsr = buf_get_u32(cache ->reg_list[ARMV4_5_CPSR]
1048 .value, 0, 32);
1049 cortex_a8_write_core_reg(target, 16,
1050 ARMV4_5_MODE_ANY, mode);
1051 }
1052 }
1053
1054
1055 if (num == 16) {
1056 switch (mode) {
1057 case ARMV4_5_MODE_USR:
1058 case ARMV4_5_MODE_SYS:
1059 case ARMV4_5_MODE_ANY:
1060 /* CPSR */
1061 break;
1062 default:
1063 /* SPSR */
1064 cookie++;
1065 break;
1066 }
1067 }
1068
1069 cortex_a8_dap_write_coreregister_u32(target, value, cookie);
1070 if ((retval = jtag_execute_queue()) == ERROR_OK) {
1071 struct reg *r = &ARMV4_5_CORE_REG_MODE(cache, mode, num);
1072
1073 buf_set_u32(r->value, 0, 32, value);
1074 r->valid = 1;
1075 r->dirty = 0;
1076 }
1077
1078 if (cpsr)
1079 cortex_a8_write_core_reg(target, 16, ARMV4_5_MODE_ANY, cpsr);
1080 return retval;
1081 }
1082
1083
1084 /*
1085 * Cortex-A8 Breakpoint and watchpoint fuctions
1086 */
1087
1088 /* Setup hardware Breakpoint Register Pair */
1089 static int cortex_a8_set_breakpoint(struct target *target,
1090 struct breakpoint *breakpoint, uint8_t matchmode)
1091 {
1092 int retval;
1093 int brp_i=0;
1094 uint32_t control;
1095 uint8_t byte_addr_select = 0x0F;
1096 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1097 struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1098 struct cortex_a8_brp * brp_list = cortex_a8->brp_list;
1099
1100 if (breakpoint->set)
1101 {
1102 LOG_WARNING("breakpoint already set");
1103 return ERROR_OK;
1104 }
1105
1106 if (breakpoint->type == BKPT_HARD)
1107 {
1108 while (brp_list[brp_i].used && (brp_i < cortex_a8->brp_num))
1109 brp_i++ ;
1110 if (brp_i >= cortex_a8->brp_num)
1111 {
1112 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1113 return ERROR_FAIL;
1114 }
1115 breakpoint->set = brp_i + 1;
1116 if (breakpoint->length == 2)
1117 {
1118 byte_addr_select = (3 << (breakpoint->address & 0x02));
1119 }
1120 control = ((matchmode & 0x7) << 20)
1121 | (byte_addr_select << 5)
1122 | (3 << 1) | 1;
1123 brp_list[brp_i].used = 1;
1124 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1125 brp_list[brp_i].control = control;
1126 cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1127 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1128 brp_list[brp_i].value);
1129 cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1130 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1131 brp_list[brp_i].control);
1132 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1133 brp_list[brp_i].control,
1134 brp_list[brp_i].value);
1135 }
1136 else if (breakpoint->type == BKPT_SOFT)
1137 {
1138 uint8_t code[4];
1139 if (breakpoint->length == 2)
1140 {
1141 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1142 }
1143 else
1144 {
1145 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1146 }
1147 retval = target->type->read_memory(target,
1148 breakpoint->address & 0xFFFFFFFE,
1149 breakpoint->length, 1,
1150 breakpoint->orig_instr);
1151 if (retval != ERROR_OK)
1152 return retval;
1153 retval = target->type->write_memory(target,
1154 breakpoint->address & 0xFFFFFFFE,
1155 breakpoint->length, 1, code);
1156 if (retval != ERROR_OK)
1157 return retval;
1158 breakpoint->set = 0x11; /* Any nice value but 0 */
1159 }
1160
1161 return ERROR_OK;
1162 }
1163
1164 static int cortex_a8_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1165 {
1166 int retval;
1167 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1168 struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1169 struct cortex_a8_brp * brp_list = cortex_a8->brp_list;
1170
1171 if (!breakpoint->set)
1172 {
1173 LOG_WARNING("breakpoint not set");
1174 return ERROR_OK;
1175 }
1176
1177 if (breakpoint->type == BKPT_HARD)
1178 {
1179 int brp_i = breakpoint->set - 1;
1180 if ((brp_i < 0) || (brp_i >= cortex_a8->brp_num))
1181 {
1182 LOG_DEBUG("Invalid BRP number in breakpoint");
1183 return ERROR_OK;
1184 }
1185 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1186 brp_list[brp_i].control, brp_list[brp_i].value);
1187 brp_list[brp_i].used = 0;
1188 brp_list[brp_i].value = 0;
1189 brp_list[brp_i].control = 0;
1190 cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1191 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1192 brp_list[brp_i].control);
1193 cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1194 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1195 brp_list[brp_i].value);
1196 }
1197 else
1198 {
1199 /* restore original instruction (kept in target endianness) */
1200 if (breakpoint->length == 4)
1201 {
1202 retval = target->type->write_memory(target,
1203 breakpoint->address & 0xFFFFFFFE,
1204 4, 1, breakpoint->orig_instr);
1205 if (retval != ERROR_OK)
1206 return retval;
1207 }
1208 else
1209 {
1210 retval = target->type->write_memory(target,
1211 breakpoint->address & 0xFFFFFFFE,
1212 2, 1, breakpoint->orig_instr);
1213 if (retval != ERROR_OK)
1214 return retval;
1215 }
1216 }
1217 breakpoint->set = 0;
1218
1219 return ERROR_OK;
1220 }
1221
1222 int cortex_a8_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
1223 {
1224 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1225
1226 if ((breakpoint->type == BKPT_HARD) && (cortex_a8->brp_num_available < 1))
1227 {
1228 LOG_INFO("no hardware breakpoint available");
1229 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1230 }
1231
1232 if (breakpoint->type == BKPT_HARD)
1233 cortex_a8->brp_num_available--;
1234 cortex_a8_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1235
1236 return ERROR_OK;
1237 }
1238
1239 static int cortex_a8_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1240 {
1241 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1242
1243 #if 0
1244 /* It is perfectly possible to remove brakpoints while the taget is running */
1245 if (target->state != TARGET_HALTED)
1246 {
1247 LOG_WARNING("target not halted");
1248 return ERROR_TARGET_NOT_HALTED;
1249 }
1250 #endif
1251
1252 if (breakpoint->set)
1253 {
1254 cortex_a8_unset_breakpoint(target, breakpoint);
1255 if (breakpoint->type == BKPT_HARD)
1256 cortex_a8->brp_num_available++ ;
1257 }
1258
1259
1260 return ERROR_OK;
1261 }
1262
1263
1264
1265 /*
1266 * Cortex-A8 Reset fuctions
1267 */
1268
1269 static int cortex_a8_assert_reset(struct target *target)
1270 {
1271 struct armv7a_common *armv7a = target_to_armv7a(target);
1272
1273 LOG_DEBUG(" ");
1274
1275 /* registers are now invalid */
1276 register_cache_invalidate(armv7a->armv4_5_common.core_cache);
1277
1278 target->state = TARGET_RESET;
1279
1280 return ERROR_OK;
1281 }
1282
1283 static int cortex_a8_deassert_reset(struct target *target)
1284 {
1285
1286 LOG_DEBUG(" ");
1287
1288 if (target->reset_halt)
1289 {
1290 int retval;
1291 if ((retval = target_halt(target)) != ERROR_OK)
1292 return retval;
1293 }
1294
1295 return ERROR_OK;
1296 }
1297
1298 /*
1299 * Cortex-A8 Memory access
1300 *
1301 * This is same Cortex M3 but we must also use the correct
1302 * ap number for every access.
1303 */
1304
1305 static int cortex_a8_read_memory(struct target *target, uint32_t address,
1306 uint32_t size, uint32_t count, uint8_t *buffer)
1307 {
1308 struct armv7a_common *armv7a = target_to_armv7a(target);
1309 struct swjdp_common *swjdp = &armv7a->swjdp_info;
1310 int retval = ERROR_INVALID_ARGUMENTS;
1311
1312 /* cortex_a8 handles unaligned memory access */
1313
1314 // ??? dap_ap_select(swjdp, swjdp_memoryap);
1315
1316 if (count && buffer) {
1317 switch (size) {
1318 case 4:
1319 retval = mem_ap_read_buf_u32(swjdp, buffer, 4 * count, address);
1320 break;
1321 case 2:
1322 retval = mem_ap_read_buf_u16(swjdp, buffer, 2 * count, address);
1323 break;
1324 case 1:
1325 retval = mem_ap_read_buf_u8(swjdp, buffer, count, address);
1326 break;
1327 }
1328 }
1329
1330 return retval;
1331 }
1332
1333 int cortex_a8_write_memory(struct target *target, uint32_t address,
1334 uint32_t size, uint32_t count, uint8_t *buffer)
1335 {
1336 struct armv7a_common *armv7a = target_to_armv7a(target);
1337 struct swjdp_common *swjdp = &armv7a->swjdp_info;
1338 int retval = ERROR_INVALID_ARGUMENTS;
1339
1340 // ??? dap_ap_select(swjdp, swjdp_memoryap);
1341
1342 if (count && buffer) {
1343 switch (size) {
1344 case 4:
1345 retval = mem_ap_write_buf_u32(swjdp, buffer, 4 * count, address);
1346 break;
1347 case 2:
1348 retval = mem_ap_write_buf_u16(swjdp, buffer, 2 * count, address);
1349 break;
1350 case 1:
1351 retval = mem_ap_write_buf_u8(swjdp, buffer, count, address);
1352 break;
1353 }
1354 }
1355
1356 if (retval == ERROR_OK && target->state == TARGET_HALTED)
1357 {
1358 /* The Cache handling will NOT work with MMU active, the wrong addresses will be invalidated */
1359 /* invalidate I-Cache */
1360 if (armv7a->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
1361 {
1362 /* Invalidate ICache single entry with MVA, repeat this for all cache
1363 lines in the address range, Cortex-A8 has fixed 64 byte line length */
1364 /* Invalidate Cache single entry with MVA to PoU */
1365 for (uint32_t cacheline=address; cacheline<address+size*count; cacheline+=64)
1366 armv7a->write_cp15(target, 0, 1, 7, 5, cacheline); /* I-Cache to PoU */
1367 }
1368 /* invalidate D-Cache */
1369 if (armv7a->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
1370 {
1371 /* Invalidate Cache single entry with MVA to PoC */
1372 for (uint32_t cacheline=address; cacheline<address+size*count; cacheline+=64)
1373 armv7a->write_cp15(target, 0, 1, 7, 6, cacheline); /* U/D cache to PoC */
1374 }
1375 }
1376
1377 return retval;
1378 }
1379
1380 static int cortex_a8_bulk_write_memory(struct target *target, uint32_t address,
1381 uint32_t count, uint8_t *buffer)
1382 {
1383 return cortex_a8_write_memory(target, address, 4, count, buffer);
1384 }
1385
1386
1387 static int cortex_a8_dcc_read(struct swjdp_common *swjdp, uint8_t *value, uint8_t *ctrl)
1388 {
1389 #if 0
1390 u16 dcrdr;
1391
1392 mem_ap_read_buf_u16(swjdp, (uint8_t*)&dcrdr, 1, DCB_DCRDR);
1393 *ctrl = (uint8_t)dcrdr;
1394 *value = (uint8_t)(dcrdr >> 8);
1395
1396 LOG_DEBUG("data 0x%x ctrl 0x%x", *value, *ctrl);
1397
1398 /* write ack back to software dcc register
1399 * signify we have read data */
1400 if (dcrdr & (1 << 0))
1401 {
1402 dcrdr = 0;
1403 mem_ap_write_buf_u16(swjdp, (uint8_t*)&dcrdr, 1, DCB_DCRDR);
1404 }
1405 #endif
1406 return ERROR_OK;
1407 }
1408
1409
1410 static int cortex_a8_handle_target_request(void *priv)
1411 {
1412 struct target *target = priv;
1413 struct armv7a_common *armv7a = target_to_armv7a(target);
1414 struct swjdp_common *swjdp = &armv7a->swjdp_info;
1415
1416 if (!target_was_examined(target))
1417 return ERROR_OK;
1418 if (!target->dbg_msg_enabled)
1419 return ERROR_OK;
1420
1421 if (target->state == TARGET_RUNNING)
1422 {
1423 uint8_t data = 0;
1424 uint8_t ctrl = 0;
1425
1426 cortex_a8_dcc_read(swjdp, &data, &ctrl);
1427
1428 /* check if we have data */
1429 if (ctrl & (1 << 0))
1430 {
1431 uint32_t request;
1432
1433 /* we assume target is quick enough */
1434 request = data;
1435 cortex_a8_dcc_read(swjdp, &data, &ctrl);
1436 request |= (data << 8);
1437 cortex_a8_dcc_read(swjdp, &data, &ctrl);
1438 request |= (data << 16);
1439 cortex_a8_dcc_read(swjdp, &data, &ctrl);
1440 request |= (data << 24);
1441 target_request(target, request);
1442 }
1443 }
1444
1445 return ERROR_OK;
1446 }
1447
1448 /*
1449 * Cortex-A8 target information and configuration
1450 */
1451
1452 static int cortex_a8_examine_first(struct target *target)
1453 {
1454 struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1455 struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1456 struct swjdp_common *swjdp = &armv7a->swjdp_info;
1457 int i;
1458 int retval = ERROR_OK;
1459 uint32_t didr, ctypr, ttypr, cpuid;
1460
1461 LOG_DEBUG("TODO");
1462
1463 /* Here we shall insert a proper ROM Table scan */
1464 armv7a->debug_base = OMAP3530_DEBUG_BASE;
1465
1466 /* We do one extra read to ensure DAP is configured,
1467 * we call ahbap_debugport_init(swjdp) instead
1468 */
1469 ahbap_debugport_init(swjdp);
1470 mem_ap_read_atomic_u32(swjdp, armv7a->debug_base + CPUDBG_CPUID, &cpuid);
1471 if ((retval = mem_ap_read_atomic_u32(swjdp,
1472 armv7a->debug_base + CPUDBG_CPUID, &cpuid)) != ERROR_OK)
1473 {
1474 LOG_DEBUG("Examine failed");
1475 return retval;
1476 }
1477
1478 if ((retval = mem_ap_read_atomic_u32(swjdp,
1479 armv7a->debug_base + CPUDBG_CTYPR, &ctypr)) != ERROR_OK)
1480 {
1481 LOG_DEBUG("Examine failed");
1482 return retval;
1483 }
1484
1485 if ((retval = mem_ap_read_atomic_u32(swjdp,
1486 armv7a->debug_base + CPUDBG_TTYPR, &ttypr)) != ERROR_OK)
1487 {
1488 LOG_DEBUG("Examine failed");
1489 return retval;
1490 }
1491
1492 if ((retval = mem_ap_read_atomic_u32(swjdp,
1493 armv7a->debug_base + CPUDBG_DIDR, &didr)) != ERROR_OK)
1494 {
1495 LOG_DEBUG("Examine failed");
1496 return retval;
1497 }
1498
1499 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
1500 LOG_DEBUG("ctypr = 0x%08" PRIx32, ctypr);
1501 LOG_DEBUG("ttypr = 0x%08" PRIx32, ttypr);
1502 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
1503
1504 /* Setup Breakpoint Register Pairs */
1505 cortex_a8->brp_num = ((didr >> 24) & 0x0F) + 1;
1506 cortex_a8->brp_num_context = ((didr >> 20) & 0x0F) + 1;
1507 cortex_a8->brp_num_available = cortex_a8->brp_num;
1508 cortex_a8->brp_list = calloc(cortex_a8->brp_num, sizeof(struct cortex_a8_brp));
1509 // cortex_a8->brb_enabled = ????;
1510 for (i = 0; i < cortex_a8->brp_num; i++)
1511 {
1512 cortex_a8->brp_list[i].used = 0;
1513 if (i < (cortex_a8->brp_num-cortex_a8->brp_num_context))
1514 cortex_a8->brp_list[i].type = BRP_NORMAL;
1515 else
1516 cortex_a8->brp_list[i].type = BRP_CONTEXT;
1517 cortex_a8->brp_list[i].value = 0;
1518 cortex_a8->brp_list[i].control = 0;
1519 cortex_a8->brp_list[i].BRPn = i;
1520 }
1521
1522 /* Setup Watchpoint Register Pairs */
1523 cortex_a8->wrp_num = ((didr >> 28) & 0x0F) + 1;
1524 cortex_a8->wrp_num_available = cortex_a8->wrp_num;
1525 cortex_a8->wrp_list = calloc(cortex_a8->wrp_num, sizeof(struct cortex_a8_wrp));
1526 for (i = 0; i < cortex_a8->wrp_num; i++)
1527 {
1528 cortex_a8->wrp_list[i].used = 0;
1529 cortex_a8->wrp_list[i].type = 0;
1530 cortex_a8->wrp_list[i].value = 0;
1531 cortex_a8->wrp_list[i].control = 0;
1532 cortex_a8->wrp_list[i].WRPn = i;
1533 }
1534 LOG_DEBUG("Configured %i hw breakpoint pairs and %i hw watchpoint pairs",
1535 cortex_a8->brp_num , cortex_a8->wrp_num);
1536
1537 target_set_examined(target);
1538 return ERROR_OK;
1539 }
1540
1541 static int cortex_a8_examine(struct target *target)
1542 {
1543 int retval = ERROR_OK;
1544
1545 /* don't re-probe hardware after each reset */
1546 if (!target_was_examined(target))
1547 retval = cortex_a8_examine_first(target);
1548
1549 /* Configure core debug access */
1550 if (retval == ERROR_OK)
1551 retval = cortex_a8_init_debug_access(target);
1552
1553 return retval;
1554 }
1555
1556 /*
1557 * Cortex-A8 target creation and initialization
1558 */
1559
1560 static void cortex_a8_build_reg_cache(struct target *target)
1561 {
1562 struct reg_cache **cache_p = register_get_last_cache_p(&target->reg_cache);
1563 struct armv4_5_common_s *armv4_5 = target_to_armv4_5(target);
1564
1565 armv4_5->core_type = ARM_MODE_MON;
1566
1567 (*cache_p) = armv4_5_build_reg_cache(target, armv4_5);
1568 armv4_5->core_cache = (*cache_p);
1569 }
1570
1571
1572 static int cortex_a8_init_target(struct command_context *cmd_ctx,
1573 struct target *target)
1574 {
1575 cortex_a8_build_reg_cache(target);
1576 return ERROR_OK;
1577 }
1578
1579 int cortex_a8_init_arch_info(struct target *target,
1580 struct cortex_a8_common *cortex_a8, struct jtag_tap *tap)
1581 {
1582 struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1583 struct arm *armv4_5 = &armv7a->armv4_5_common;
1584 struct swjdp_common *swjdp = &armv7a->swjdp_info;
1585
1586 /* Setup struct cortex_a8_common */
1587 cortex_a8->common_magic = CORTEX_A8_COMMON_MAGIC;
1588 armv4_5->arch_info = armv7a;
1589
1590 /* prepare JTAG information for the new target */
1591 cortex_a8->jtag_info.tap = tap;
1592 cortex_a8->jtag_info.scann_size = 4;
1593 LOG_DEBUG(" ");
1594 swjdp->dp_select_value = -1;
1595 swjdp->ap_csw_value = -1;
1596 swjdp->ap_tar_value = -1;
1597 swjdp->jtag_info = &cortex_a8->jtag_info;
1598 swjdp->memaccess_tck = 80;
1599
1600 /* Number of bits for tar autoincrement, impl. dep. at least 10 */
1601 swjdp->tar_autoincr_block = (1 << 10);
1602
1603 cortex_a8->fast_reg_read = 0;
1604
1605
1606 /* register arch-specific functions */
1607 armv7a->examine_debug_reason = NULL;
1608
1609 armv7a->post_debug_entry = cortex_a8_post_debug_entry;
1610
1611 armv7a->pre_restore_context = NULL;
1612 armv7a->post_restore_context = NULL;
1613 armv7a->armv4_5_mmu.armv4_5_cache.ctype = -1;
1614 // armv7a->armv4_5_mmu.get_ttb = armv7a_get_ttb;
1615 armv7a->armv4_5_mmu.read_memory = cortex_a8_read_memory;
1616 armv7a->armv4_5_mmu.write_memory = cortex_a8_write_memory;
1617 // armv7a->armv4_5_mmu.disable_mmu_caches = armv7a_disable_mmu_caches;
1618 // armv7a->armv4_5_mmu.enable_mmu_caches = armv7a_enable_mmu_caches;
1619 armv7a->armv4_5_mmu.has_tiny_pages = 1;
1620 armv7a->armv4_5_mmu.mmu_enabled = 0;
1621 armv7a->read_cp15 = cortex_a8_read_cp15;
1622 armv7a->write_cp15 = cortex_a8_write_cp15;
1623
1624
1625 // arm7_9->handle_target_request = cortex_a8_handle_target_request;
1626
1627 armv4_5->read_core_reg = cortex_a8_read_core_reg;
1628 armv4_5->write_core_reg = cortex_a8_write_core_reg;
1629
1630 /* REVISIT v7a setup should be in a v7a-specific routine */
1631 armv4_5_init_arch_info(target, armv4_5);
1632 armv7a->common_magic = ARMV7_COMMON_MAGIC;
1633
1634 target_register_timer_callback(cortex_a8_handle_target_request, 1, 1, target);
1635
1636 return ERROR_OK;
1637 }
1638
1639 static int cortex_a8_target_create(struct target *target, Jim_Interp *interp)
1640 {
1641 struct cortex_a8_common *cortex_a8 = calloc(1, sizeof(struct cortex_a8_common));
1642
1643 cortex_a8_init_arch_info(target, cortex_a8, target->tap);
1644
1645 return ERROR_OK;
1646 }
1647
1648 COMMAND_HANDLER(cortex_a8_handle_cache_info_command)
1649 {
1650 struct target *target = get_current_target(CMD_CTX);
1651 struct armv7a_common *armv7a = target_to_armv7a(target);
1652
1653 return armv4_5_handle_cache_info_command(CMD_CTX,
1654 &armv7a->armv4_5_mmu.armv4_5_cache);
1655 }
1656
1657
1658 COMMAND_HANDLER(cortex_a8_handle_dbginit_command)
1659 {
1660 struct target *target = get_current_target(CMD_CTX);
1661
1662 cortex_a8_init_debug_access(target);
1663
1664 return ERROR_OK;
1665 }
1666
1667
1668 static int cortex_a8_register_commands(struct command_context *cmd_ctx)
1669 {
1670 struct command *cortex_a8_cmd;
1671 int retval = ERROR_OK;
1672
1673 armv4_5_register_commands(cmd_ctx);
1674 armv7a_register_commands(cmd_ctx);
1675
1676 cortex_a8_cmd = register_command(cmd_ctx, NULL, "cortex_a8",
1677 NULL, COMMAND_ANY,
1678 "cortex_a8 specific commands");
1679
1680 register_command(cmd_ctx, cortex_a8_cmd, "cache_info",
1681 cortex_a8_handle_cache_info_command, COMMAND_EXEC,
1682 "display information about target caches");
1683
1684 register_command(cmd_ctx, cortex_a8_cmd, "dbginit",
1685 cortex_a8_handle_dbginit_command, COMMAND_EXEC,
1686 "Initialize core debug");
1687
1688 return retval;
1689 }
1690
1691 struct target_type cortexa8_target = {
1692 .name = "cortex_a8",
1693
1694 .poll = cortex_a8_poll,
1695 .arch_state = armv7a_arch_state,
1696
1697 .target_request_data = NULL,
1698
1699 .halt = cortex_a8_halt,
1700 .resume = cortex_a8_resume,
1701 .step = cortex_a8_step,
1702
1703 .assert_reset = cortex_a8_assert_reset,
1704 .deassert_reset = cortex_a8_deassert_reset,
1705 .soft_reset_halt = NULL,
1706
1707 .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
1708
1709 .read_memory = cortex_a8_read_memory,
1710 .write_memory = cortex_a8_write_memory,
1711 .bulk_write_memory = cortex_a8_bulk_write_memory,
1712
1713 .checksum_memory = arm_checksum_memory,
1714 .blank_check_memory = arm_blank_check_memory,
1715
1716 .run_algorithm = armv4_5_run_algorithm,
1717
1718 .add_breakpoint = cortex_a8_add_breakpoint,
1719 .remove_breakpoint = cortex_a8_remove_breakpoint,
1720 .add_watchpoint = NULL,
1721 .remove_watchpoint = NULL,
1722
1723 .register_commands = cortex_a8_register_commands,
1724 .target_create = cortex_a8_target_create,
1725 .init_target = cortex_a8_init_target,
1726 .examine = cortex_a8_examine,
1727 .mrc = cortex_a8_mrc,
1728 .mcr = cortex_a8_mcr,
1729 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)