1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * Copyright (C) 2009 by David Brownell *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
30 ***************************************************************************/
36 #include "breakpoints.h"
37 #include "embeddedice.h"
38 #include "target_request.h"
40 #include <helper/time_support.h>
41 #include "arm_simulator.h"
42 #include "arm_semihosting.h"
43 #include "algorithm.h"
49 * Hold common code supporting the ARM7 and ARM9 core generations.
51 * While the ARM core implementations evolved substantially during these
52 * two generations, they look quite similar from the JTAG perspective.
53 * Both have similar debug facilities, based on the same two scan chains
54 * providing access to the core and to an EmbeddedICE module. Both can
55 * support similar ETM and ETB modules, for tracing. And both expose
56 * what could be viewed as "ARM Classic", with multiple processor modes,
57 * shadowed registers, and support for the Thumb instruction set.
59 * Processor differences include things like presence or absence of MMU
60 * and cache, pipeline sizes, use of a modified Harvard Architecure
61 * (with separate instruction and data busses from the CPU), support
62 * for cpu clock gating during idle, and more.
65 static int arm7_9_debug_entry(struct target
*target
);
68 * Clear watchpoints for an ARM7/9 target.
70 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
71 * @return JTAG error status after executing queue
73 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
76 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
77 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
78 arm7_9
->sw_breakpoint_count
= 0;
79 arm7_9
->sw_breakpoints_added
= 0;
81 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
82 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
84 return jtag_execute_queue();
88 * Assign a watchpoint to one of the two available hardware comparators in an
89 * ARM7 or ARM9 target.
91 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
92 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
94 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
96 if (!arm7_9
->wp0_used
) {
99 arm7_9
->wp_available
--;
100 } else if (!arm7_9
->wp1_used
) {
101 arm7_9
->wp1_used
= 1;
103 arm7_9
->wp_available
--;
105 LOG_ERROR("BUG: no hardware comparator available");
106 LOG_DEBUG("BPID: %d (0x%08" PRIx32
") using hw wp: %d",
107 breakpoint
->unique_id
,
113 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
115 * @param arm7_9 Pointer to common struct for ARM7/9 targets
116 * @return Error codes if there is a problem finding a watchpoint or the result
117 * of executing the JTAG queue
119 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
121 if (arm7_9
->sw_breakpoints_added
)
123 if (arm7_9
->wp_available
< 1) {
124 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
127 arm7_9
->wp_available
--;
129 /* pick a breakpoint unit */
130 if (!arm7_9
->wp0_used
) {
131 arm7_9
->sw_breakpoints_added
= 1;
132 arm7_9
->wp0_used
= 3;
133 } else if (!arm7_9
->wp1_used
) {
134 arm7_9
->sw_breakpoints_added
= 2;
135 arm7_9
->wp1_used
= 3;
137 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
141 if (arm7_9
->sw_breakpoints_added
== 1) {
142 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
143 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
144 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
145 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
146 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
147 } else if (arm7_9
->sw_breakpoints_added
== 2) {
148 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
149 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
150 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
151 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
152 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
154 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
157 LOG_DEBUG("SW BP using hw wp: %d",
158 arm7_9
->sw_breakpoints_added
);
160 return jtag_execute_queue();
164 * Setup the common pieces for an ARM7/9 target after reset or on startup.
166 * @param target Pointer to an ARM7/9 target to setup
167 * @return Result of clearing the watchpoints on the target
169 static int arm7_9_setup(struct target
*target
)
171 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
173 return arm7_9_clear_watchpoints(arm7_9
);
177 * Set either a hardware or software breakpoint on an ARM7/9 target. The
178 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
179 * might have erased the values in Embedded ICE.
181 * @param target Pointer to the target device to set the breakpoints on
182 * @param breakpoint Pointer to the breakpoint to be set
183 * @return For hardware breakpoints, this is the result of executing the JTAG
184 * queue. For software breakpoints, this will be the status of the
185 * required memory reads and writes
187 static int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
189 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
190 int retval
= ERROR_OK
;
192 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
", Type: %d",
193 breakpoint
->unique_id
,
197 if (target
->state
!= TARGET_HALTED
) {
198 LOG_WARNING("target not halted");
199 return ERROR_TARGET_NOT_HALTED
;
202 if (breakpoint
->type
== BKPT_HARD
) {
203 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
204 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
206 /* reassign a hw breakpoint */
207 if (breakpoint
->set
== 0)
208 arm7_9_assign_wp(arm7_9
, breakpoint
);
210 if (breakpoint
->set
== 1) {
211 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
212 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
213 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
214 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
215 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
216 } else if (breakpoint
->set
== 2) {
217 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
218 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
219 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
220 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
221 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
223 LOG_ERROR("BUG: no hardware comparator available");
227 retval
= jtag_execute_queue();
228 } else if (breakpoint
->type
== BKPT_SOFT
) {
229 /* did we already set this breakpoint? */
233 if (breakpoint
->length
== 4) {
234 uint32_t verify
= 0xffffffff;
235 /* keep the original instruction in target endianness */
236 retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
237 if (retval
!= ERROR_OK
)
239 /* write the breakpoint instruction in target
240 * endianness (arm7_9->arm_bkpt is host endian) */
241 retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
);
242 if (retval
!= ERROR_OK
)
245 retval
= target_read_u32(target
, breakpoint
->address
, &verify
);
246 if (retval
!= ERROR_OK
)
248 if (verify
!= arm7_9
->arm_bkpt
) {
249 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
250 " - check that memory is read/writable", breakpoint
->address
);
254 uint16_t verify
= 0xffff;
255 /* keep the original instruction in target endianness */
256 retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
257 if (retval
!= ERROR_OK
)
259 /* write the breakpoint instruction in target
260 * endianness (arm7_9->thumb_bkpt is host endian) */
261 retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
);
262 if (retval
!= ERROR_OK
)
265 retval
= target_read_u16(target
, breakpoint
->address
, &verify
);
266 if (retval
!= ERROR_OK
)
268 if (verify
!= arm7_9
->thumb_bkpt
) {
269 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
270 " - check that memory is read/writable", breakpoint
->address
);
275 retval
= arm7_9_set_software_breakpoints(arm7_9
);
276 if (retval
!= ERROR_OK
)
279 arm7_9
->sw_breakpoint_count
++;
288 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
289 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
290 * will be updated. Otherwise, the software breakpoint will be restored to its
291 * original instruction if it hasn't already been modified.
293 * @param target Pointer to ARM7/9 target to unset the breakpoint from
294 * @param breakpoint Pointer to breakpoint to be unset
295 * @return For hardware breakpoints, this is the result of executing the JTAG
296 * queue. For software breakpoints, this will be the status of the
297 * required memory reads and writes
299 static int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
301 int retval
= ERROR_OK
;
302 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
304 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
,
305 breakpoint
->unique_id
,
306 breakpoint
->address
);
308 if (!breakpoint
->set
) {
309 LOG_WARNING("breakpoint not set");
313 if (breakpoint
->type
== BKPT_HARD
) {
314 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
315 breakpoint
->unique_id
,
317 if (breakpoint
->set
== 1) {
318 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
319 arm7_9
->wp0_used
= 0;
320 arm7_9
->wp_available
++;
321 } else if (breakpoint
->set
== 2) {
322 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
323 arm7_9
->wp1_used
= 0;
324 arm7_9
->wp_available
++;
326 retval
= jtag_execute_queue();
329 /* restore original instruction (kept in target endianness) */
330 if (breakpoint
->length
== 4) {
331 uint32_t current_instr
;
332 /* check that user program as not modified breakpoint instruction */
333 retval
= target_read_memory(target
,
334 breakpoint
->address
, 4, 1, (uint8_t *)¤t_instr
);
335 if (retval
!= ERROR_OK
)
337 current_instr
= target_buffer_get_u32(target
, (uint8_t *)¤t_instr
);
338 if (current_instr
== arm7_9
->arm_bkpt
) {
339 retval
= target_write_memory(target
,
340 breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
341 if (retval
!= ERROR_OK
)
346 uint16_t current_instr
;
347 /* check that user program as not modified breakpoint instruction */
348 retval
= target_read_memory(target
,
349 breakpoint
->address
, 2, 1, (uint8_t *)¤t_instr
);
350 if (retval
!= ERROR_OK
)
352 current_instr
= target_buffer_get_u16(target
, (uint8_t *)¤t_instr
);
353 if (current_instr
== arm7_9
->thumb_bkpt
)
354 retval
= target_write_memory(target
,
355 breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
356 if (retval
!= ERROR_OK
)
361 if (--arm7_9
->sw_breakpoint_count
== 0) {
362 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
364 if (arm7_9
->sw_breakpoints_added
== 1)
365 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
366 EICE_W0_CONTROL_VALUE
], 0);
367 else if (arm7_9
->sw_breakpoints_added
== 2)
368 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
369 EICE_W1_CONTROL_VALUE
], 0);
379 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
380 * dangling breakpoints and that the desired breakpoint can be added.
382 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
383 * @param breakpoint Pointer to the breakpoint to be added
384 * @return An error status if there is a problem adding the breakpoint or the
385 * result of setting the breakpoint
387 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
389 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
391 if (arm7_9
->breakpoint_count
== 0) {
392 /* make sure we don't have any dangling breakpoints. This is vital upon
393 * GDB connect/disconnect
395 arm7_9_clear_watchpoints(arm7_9
);
398 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1)) {
399 LOG_INFO("no watchpoint unit available for hardware breakpoint");
400 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
403 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4)) {
404 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
405 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
408 if (breakpoint
->type
== BKPT_HARD
)
409 arm7_9_assign_wp(arm7_9
, breakpoint
);
411 arm7_9
->breakpoint_count
++;
413 return arm7_9_set_breakpoint(target
, breakpoint
);
417 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
418 * dangling breakpoints and updates available watchpoints if it is a hardware
421 * @param target Pointer to the target to have a breakpoint removed
422 * @param breakpoint Pointer to the breakpoint to be removed
423 * @return Error status if there was a problem unsetting the breakpoint or the
424 * watchpoints could not be cleared
426 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
428 int retval
= ERROR_OK
;
429 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
431 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
432 if (retval
!= ERROR_OK
)
435 if (breakpoint
->type
== BKPT_HARD
)
436 arm7_9
->wp_available
++;
438 arm7_9
->breakpoint_count
--;
439 if (arm7_9
->breakpoint_count
== 0) {
440 /* make sure we don't have any dangling breakpoints */
441 retval
= arm7_9_clear_watchpoints(arm7_9
);
442 if (retval
!= ERROR_OK
)
450 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
451 * considered a bug to call this function when there are no available watchpoint
454 * @param target Pointer to an ARM7/9 target to set a watchpoint on
455 * @param watchpoint Pointer to the watchpoint to be set
456 * @return Error status if watchpoint set fails or the result of executing the
459 static int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
461 int retval
= ERROR_OK
;
462 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
466 mask
= watchpoint
->length
- 1;
468 if (target
->state
!= TARGET_HALTED
) {
469 LOG_WARNING("target not halted");
470 return ERROR_TARGET_NOT_HALTED
;
473 if (watchpoint
->rw
== WPT_ACCESS
)
478 if (!arm7_9
->wp0_used
) {
479 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
],
480 watchpoint
->address
);
481 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
482 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
],
484 if (watchpoint
->mask
!= 0xffffffffu
)
485 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
],
487 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
488 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
489 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
490 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
492 retval
= jtag_execute_queue();
493 if (retval
!= ERROR_OK
)
496 arm7_9
->wp0_used
= 2;
497 } else if (!arm7_9
->wp1_used
) {
498 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
499 watchpoint
->address
);
500 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
501 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
],
503 if (watchpoint
->mask
!= 0xffffffffu
)
504 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
],
506 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
507 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
508 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
509 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
511 retval
= jtag_execute_queue();
512 if (retval
!= ERROR_OK
)
515 arm7_9
->wp1_used
= 2;
517 LOG_ERROR("BUG: no hardware comparator available");
525 * Unset an existing watchpoint and clear the used watchpoint unit.
527 * @param target Pointer to the target to have the watchpoint removed
528 * @param watchpoint Pointer to the watchpoint to be removed
529 * @return Error status while trying to unset the watchpoint or the result of
530 * executing the JTAG queue
532 static int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
534 int retval
= ERROR_OK
;
535 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
537 if (target
->state
!= TARGET_HALTED
) {
538 LOG_WARNING("target not halted");
539 return ERROR_TARGET_NOT_HALTED
;
542 if (!watchpoint
->set
) {
543 LOG_WARNING("breakpoint not set");
547 if (watchpoint
->set
== 1) {
548 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
549 retval
= jtag_execute_queue();
550 if (retval
!= ERROR_OK
)
552 arm7_9
->wp0_used
= 0;
553 } else if (watchpoint
->set
== 2) {
554 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
555 retval
= jtag_execute_queue();
556 if (retval
!= ERROR_OK
)
558 arm7_9
->wp1_used
= 0;
566 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
567 * available, an error response is returned.
569 * @param target Pointer to the ARM7/9 target to add a watchpoint to
570 * @param watchpoint Pointer to the watchpoint to be added
571 * @return Error status while trying to add the watchpoint
573 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
575 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
577 if (arm7_9
->wp_available
< 1)
578 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
580 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
581 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
583 arm7_9
->wp_available
--;
589 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
590 * the used watchpoint unit will be reopened.
592 * @param target Pointer to the target to remove a watchpoint from
593 * @param watchpoint Pointer to the watchpoint to be removed
594 * @return Result of trying to unset the watchpoint
596 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
598 int retval
= ERROR_OK
;
599 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
601 if (watchpoint
->set
) {
602 retval
= arm7_9_unset_watchpoint(target
, watchpoint
);
603 if (retval
!= ERROR_OK
)
607 arm7_9
->wp_available
++;
613 * Restarts the target by sending a RESTART instruction and moving the JTAG
614 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
615 * asserted by the processor.
617 * @param target Pointer to target to issue commands to
618 * @return Error status if there is a timeout or a problem while executing the
621 int arm7_9_execute_sys_speed(struct target
*target
)
624 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
625 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
626 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
628 /* set RESTART instruction */
629 if (arm7_9
->need_bypass_before_restart
) {
630 arm7_9
->need_bypass_before_restart
= 0;
631 retval
= arm_jtag_set_instr(jtag_info
, 0xf, NULL
, TAP_IDLE
);
632 if (retval
!= ERROR_OK
)
635 retval
= arm_jtag_set_instr(jtag_info
, 0x4, NULL
, TAP_IDLE
);
636 if (retval
!= ERROR_OK
)
639 long long then
= timeval_ms();
641 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
642 /* read debug status register */
643 embeddedice_read_reg(dbg_stat
);
644 retval
= jtag_execute_queue();
645 if (retval
!= ERROR_OK
)
647 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
648 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
650 if (debug_level
>= 3)
656 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"",
657 buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
658 return ERROR_TARGET_TIMEOUT
;
665 * Restarts the target by sending a RESTART instruction and moving the JTAG
666 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
667 * waiting until they are.
669 * @param target Pointer to the target to issue commands to
670 * @return Always ERROR_OK
672 static int arm7_9_execute_fast_sys_speed(struct target
*target
)
675 static uint8_t check_value
[4], check_mask
[4];
677 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
678 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
679 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
682 /* set RESTART instruction */
683 if (arm7_9
->need_bypass_before_restart
) {
684 arm7_9
->need_bypass_before_restart
= 0;
685 retval
= arm_jtag_set_instr(jtag_info
, 0xf, NULL
, TAP_IDLE
);
686 if (retval
!= ERROR_OK
)
689 retval
= arm_jtag_set_instr(jtag_info
, 0x4, NULL
, TAP_IDLE
);
690 if (retval
!= ERROR_OK
)
694 /* check for DBGACK and SYSCOMP set (others don't care) */
696 /* NB! These are constants that must be available until after next jtag_execute() and
697 * we evaluate the values upon first execution in lieu of setting up these constants
698 * during early setup.
700 buf_set_u32(check_value
, 0, 32, 0x9);
701 buf_set_u32(check_mask
, 0, 32, 0x9);
705 /* read debug status register */
706 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
712 * Get some data from the ARM7/9 target.
714 * @param target Pointer to the ARM7/9 target to read data from
715 * @param size The number of 32bit words to be read
716 * @param buffer Pointer to the buffer that will hold the data
717 * @return The result of receiving data from the Embedded ICE unit
719 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
721 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
722 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
724 int retval
= ERROR_OK
;
727 data
= malloc(size
* (sizeof(uint32_t)));
729 retval
= embeddedice_receive(jtag_info
, data
, size
);
731 /* return the 32-bit ints in the 8-bit array */
732 for (i
= 0; i
< size
; i
++)
733 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
741 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
742 * target is running and the DCC control register has the W bit high, this will
743 * execute the request on the target.
745 * @param priv Void pointer expected to be a struct target pointer
746 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
747 * from the Embedded ICE unit
749 static int arm7_9_handle_target_request(void *priv
)
751 int retval
= ERROR_OK
;
752 struct target
*target
= priv
;
753 if (!target_was_examined(target
))
755 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
756 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
757 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
759 if (!target
->dbg_msg_enabled
)
762 if (target
->state
== TARGET_RUNNING
) {
763 /* read DCC control register */
764 embeddedice_read_reg(dcc_control
);
765 retval
= jtag_execute_queue();
766 if (retval
!= ERROR_OK
)
770 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1) {
773 retval
= embeddedice_receive(jtag_info
, &request
, 1);
774 if (retval
!= ERROR_OK
)
776 retval
= target_request(target
, request
);
777 if (retval
!= ERROR_OK
)
786 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
787 * is manipulated to the right halted state based on its current state. This is
791 * <tr><th > State</th><th > Action</th></tr>
792 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
793 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
794 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
795 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
796 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
799 * If the target does not end up in the halted state, a warning is produced. If
800 * DBGACK is cleared, then the target is expected to either be running or
803 * @param target Pointer to the ARM7/9 target to poll
804 * @return ERROR_OK or an error status if a command fails
806 int arm7_9_poll(struct target
*target
)
809 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
810 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
812 /* read debug status register */
813 embeddedice_read_reg(dbg_stat
);
814 retval
= jtag_execute_queue();
815 if (retval
!= ERROR_OK
)
818 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)) {
819 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
820 if (target
->state
== TARGET_UNKNOWN
) {
821 /* Starting OpenOCD with target in debug-halt */
822 target
->state
= TARGET_RUNNING
;
823 LOG_DEBUG("DBGACK already set during server startup.");
825 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
)) {
826 target
->state
= TARGET_HALTED
;
828 retval
= arm7_9_debug_entry(target
);
829 if (retval
!= ERROR_OK
)
832 if (arm_semihosting(target
, &retval
) != 0)
835 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
836 if (retval
!= ERROR_OK
)
839 if (target
->state
== TARGET_DEBUG_RUNNING
) {
840 target
->state
= TARGET_HALTED
;
841 retval
= arm7_9_debug_entry(target
);
842 if (retval
!= ERROR_OK
)
845 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
846 if (retval
!= ERROR_OK
)
849 if (target
->state
!= TARGET_HALTED
)
851 "DBGACK set, but the target did not end up in the halted state %d",
854 if (target
->state
!= TARGET_DEBUG_RUNNING
)
855 target
->state
= TARGET_RUNNING
;
862 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
863 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
864 * affected) completely stop the JTAG clock while the core is held in reset
865 * (SRST). It isn't possible to program the halt condition once reset is
866 * asserted, hence a hook that allows the target to set up its reset-halt
867 * condition is setup prior to asserting reset.
869 * @param target Pointer to an ARM7/9 target to assert reset on
870 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
872 int arm7_9_assert_reset(struct target
*target
)
874 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
875 enum reset_types jtag_reset_config
= jtag_get_reset_config();
876 bool use_event
= false;
878 LOG_DEBUG("target->state: %s", target_state_name(target
));
880 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
882 else if (!(jtag_reset_config
& RESET_HAS_SRST
)) {
883 LOG_ERROR("%s: how to reset?", target_name(target
));
887 /* At this point trst has been asserted/deasserted once. We would
888 * like to program EmbeddedICE while SRST is asserted, instead of
889 * depending on SRST to leave that module alone. However, many CPUs
890 * gate the JTAG clock while SRST is asserted; or JTAG may need
891 * clock stability guarantees (adaptive clocking might help).
893 * So we assume JTAG access during SRST is off the menu unless it's
894 * been specifically enabled.
896 bool srst_asserted
= false;
898 if (!use_event
&& !(jtag_reset_config
& RESET_SRST_PULLS_TRST
)
899 && (jtag_reset_config
& RESET_SRST_NO_GATING
)) {
900 jtag_add_reset(0, 1);
901 srst_asserted
= true;
904 if (target
->reset_halt
) {
906 * For targets that don't support communication while SRST is
907 * asserted, we need to set up the reset vector catch first.
909 * When we use TRST+SRST and that's equivalent to a power-up
910 * reset, these settings may well be reset anyway; so setting
911 * them here won't matter.
913 if (arm7_9
->has_vector_catch
) {
914 /* program vector catch register to catch reset */
915 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
917 /* extra runtest added as issues were found with
918 * certain ARM9 cores (maybe more) - AT91SAM9260
921 jtag_add_runtest(1, TAP_IDLE
);
923 /* program watchpoint unit to match on reset vector
926 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
927 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
928 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
929 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
930 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
935 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
937 /* If we use SRST ... we'd like to issue just SRST, but the
938 * board or chip may be set up so we have to assert TRST as
939 * well. On some chips that combination is equivalent to a
940 * power-up reset, and generally clobbers EICE state.
942 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
943 jtag_add_reset(1, 1);
944 else if (!srst_asserted
)
945 jtag_add_reset(0, 1);
946 jtag_add_sleep(50000);
949 target
->state
= TARGET_RESET
;
950 register_cache_invalidate(arm7_9
->arm
.core_cache
);
952 /* REVISIT why isn't standard debug entry logic sufficient?? */
953 if (target
->reset_halt
&& (!(jtag_reset_config
& RESET_SRST_PULLS_TRST
) || use_event
)) {
954 /* debug entry was prepared above */
955 target
->debug_reason
= DBG_REASON_DBGRQ
;
962 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
963 * and the target is being reset into a halt, a warning will be triggered
964 * because it is not possible to reset into a halted mode in this case. The
965 * target is halted using the target's functions.
967 * @param target Pointer to the target to have the reset deasserted
968 * @return ERROR_OK or an error from polling or halting the target
970 int arm7_9_deassert_reset(struct target
*target
)
972 int retval
= ERROR_OK
;
973 LOG_DEBUG("target->state: %s", target_state_name(target
));
975 /* deassert reset lines */
976 jtag_add_reset(0, 0);
978 /* In case polling is disabled, we need to examine the
979 * target and poll here for this target to work correctly.
981 * Otherwise, e.g. halt will fail afterwards with bogus
982 * error messages as halt will believe that reset is
985 retval
= target_examine_one(target
);
986 if (retval
!= ERROR_OK
)
989 retval
= target_poll(target
);
990 if (retval
!= ERROR_OK
)
993 enum reset_types jtag_reset_config
= jtag_get_reset_config();
994 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0) {
996 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
997 retval
= target_halt(target
);
998 if (retval
!= ERROR_OK
)
1005 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1006 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1007 * vector catch was used, it is restored. Otherwise, the control value is
1008 * restored and the watchpoint unit is restored if it was in use.
1010 * @param target Pointer to the ARM7/9 target to have halt cleared
1011 * @return Always ERROR_OK
1013 static int arm7_9_clear_halt(struct target
*target
)
1015 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1016 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1018 /* we used DBGRQ only if we didn't come out of reset */
1019 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
) {
1020 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1022 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1023 embeddedice_store_reg(dbg_ctrl
);
1025 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
) {
1026 /* if we came out of reset, and vector catch is supported, we used
1027 * vector catch to enter debug state
1028 * restore the register in that case
1030 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1032 /* restore registers if watchpoint unit 0 was in use
1034 if (arm7_9
->wp0_used
) {
1035 if (arm7_9
->debug_entry_from_reset
)
1036 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1037 EICE_W0_ADDR_VALUE
]);
1038 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1039 EICE_W0_ADDR_MASK
]);
1040 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1041 EICE_W0_DATA_MASK
]);
1042 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1043 EICE_W0_CONTROL_MASK
]);
1045 /* control value always has to be restored, as it was either disabled,
1046 * or enabled with possibly different bits
1048 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1056 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1057 * and then there is a wait until the processor shows the halt. This wait can
1058 * timeout and results in an error being returned. The software reset involves
1059 * clearing the halt, updating the debug control register, changing to ARM mode,
1060 * reset of the program counter, and reset of all of the registers.
1062 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1063 * @return Error status if any of the commands fail, otherwise ERROR_OK
1065 int arm7_9_soft_reset_halt(struct target
*target
)
1067 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1068 struct arm
*arm
= &arm7_9
->arm
;
1069 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1070 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1074 /* FIX!!! replace some of this code with tcl commands
1076 * halt # the halt command is synchronous
1077 * armv4_5 core_state arm
1081 retval
= target_halt(target
);
1082 if (retval
!= ERROR_OK
)
1085 long long then
= timeval_ms();
1087 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
1088 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1090 embeddedice_read_reg(dbg_stat
);
1091 retval
= jtag_execute_queue();
1092 if (retval
!= ERROR_OK
)
1094 if (debug_level
>= 3)
1100 LOG_ERROR("Failed to halt CPU after 1 sec");
1101 return ERROR_TARGET_TIMEOUT
;
1103 target
->state
= TARGET_HALTED
;
1105 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1106 * ensure that DBGRQ is cleared
1108 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1109 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1110 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1111 embeddedice_store_reg(dbg_ctrl
);
1113 retval
= arm7_9_clear_halt(target
);
1114 if (retval
!= ERROR_OK
)
1117 /* if the target is in Thumb state, change to ARM state */
1118 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1119 uint32_t r0_thumb
, pc_thumb
;
1120 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1121 /* Entered debug from Thumb mode */
1122 arm
->core_state
= ARM_STATE_THUMB
;
1123 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1126 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1128 /* all register content is now invalid */
1129 register_cache_invalidate(arm
->core_cache
);
1131 /* SVC, ARM state, IRQ and FIQ disabled */
1134 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
1137 arm_set_cpsr(arm
, cpsr
);
1138 arm
->cpsr
->dirty
= 1;
1140 /* start fetching from 0x0 */
1141 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
1145 /* reset registers */
1146 for (i
= 0; i
<= 14; i
++) {
1147 struct reg
*r
= arm_reg_current(arm
, i
);
1149 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1154 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1155 if (retval
!= ERROR_OK
)
1162 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1163 * line or by programming a watchpoint to trigger on any address. It is
1164 * considered a bug to call this function while the target is in the
1165 * TARGET_RESET state.
1167 * @param target Pointer to the ARM7/9 target to be halted
1168 * @return Always ERROR_OK
1170 int arm7_9_halt(struct target
*target
)
1172 if (target
->state
== TARGET_RESET
) {
1174 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1178 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1179 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1181 LOG_DEBUG("target->state: %s",
1182 target_state_name(target
));
1184 if (target
->state
== TARGET_HALTED
) {
1185 LOG_DEBUG("target was already halted");
1189 if (target
->state
== TARGET_UNKNOWN
)
1190 LOG_WARNING("target was in unknown state when halt was requested");
1192 if (arm7_9
->use_dbgrq
) {
1193 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1195 if (arm7_9
->set_special_dbgrq
)
1196 arm7_9
->set_special_dbgrq(target
);
1198 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1199 embeddedice_store_reg(dbg_ctrl
);
1202 /* program watchpoint unit to match on any address
1204 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1205 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1206 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1207 EICE_W_CTRL_ENABLE
);
1208 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1209 ~EICE_W_CTRL_nOPC
& 0xff);
1212 target
->debug_reason
= DBG_REASON_DBGRQ
;
1218 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1219 * ARM. The JTAG queue is then executed and the reason for debug entry is
1220 * examined. Once done, the target is verified to be halted and the processor
1221 * is forced into ARM mode. The core registers are saved for the current core
1222 * mode and the program counter (register 15) is updated as needed. The core
1223 * registers and CPSR and SPSR are saved for restoration later.
1225 * @param target Pointer to target that is entering debug mode
1226 * @return Error code if anything fails, otherwise ERROR_OK
1228 static int arm7_9_debug_entry(struct target
*target
)
1231 uint32_t context
[16];
1232 uint32_t *context_p
[16];
1233 uint32_t r0_thumb
, pc_thumb
;
1234 uint32_t cpsr
, cpsr_mask
= 0;
1236 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1237 struct arm
*arm
= &arm7_9
->arm
;
1238 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1239 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1241 #ifdef _DEBUG_ARM7_9_
1245 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1246 * ensure that DBGRQ is cleared
1248 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1249 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1250 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1251 embeddedice_store_reg(dbg_ctrl
);
1253 retval
= arm7_9_clear_halt(target
);
1254 if (retval
!= ERROR_OK
)
1257 retval
= jtag_execute_queue();
1258 if (retval
!= ERROR_OK
)
1261 retval
= arm7_9
->examine_debug_reason(target
);
1262 if (retval
!= ERROR_OK
)
1265 if (target
->state
!= TARGET_HALTED
) {
1266 LOG_WARNING("target not halted");
1267 return ERROR_TARGET_NOT_HALTED
;
1270 /* if the target is in Thumb state, change to ARM state */
1271 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1272 LOG_DEBUG("target entered debug from Thumb state");
1273 /* Entered debug from Thumb mode */
1274 arm
->core_state
= ARM_STATE_THUMB
;
1276 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1277 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1278 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1279 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1280 /* \todo Get some vaguely correct handling of Jazelle, if
1281 * anyone ever uses it and full info becomes available.
1282 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1283 * B.7.3 for the reverse. That'd be the bare minimum...
1285 LOG_DEBUG("target entered debug from Jazelle state");
1286 arm
->core_state
= ARM_STATE_JAZELLE
;
1287 cpsr_mask
= 1 << 24;
1288 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1290 LOG_DEBUG("target entered debug from ARM state");
1291 /* Entered debug from ARM mode */
1292 arm
->core_state
= ARM_STATE_ARM
;
1295 for (i
= 0; i
< 16; i
++)
1296 context_p
[i
] = &context
[i
];
1297 /* save core registers (r0 - r15 of current core mode) */
1298 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1300 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1302 retval
= jtag_execute_queue();
1303 if (retval
!= ERROR_OK
)
1306 /* Sync our CPSR copy with J or T bits EICE reported, but
1307 * which we then erased by putting the core into ARM mode.
1309 arm_set_cpsr(arm
, cpsr
| cpsr_mask
);
1311 if (!is_arm_mode(arm
->core_mode
)) {
1312 target
->state
= TARGET_UNKNOWN
;
1313 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1314 return ERROR_TARGET_FAILURE
;
1317 LOG_DEBUG("target entered debug state in %s mode",
1318 arm_mode_name(arm
->core_mode
));
1320 if (arm
->core_state
== ARM_STATE_THUMB
) {
1321 LOG_DEBUG("thumb state, applying fixups");
1322 context
[0] = r0_thumb
;
1323 context
[15] = pc_thumb
;
1324 } else if (arm
->core_state
== ARM_STATE_ARM
) {
1325 /* adjust value stored by STM */
1326 context
[15] -= 3 * 4;
1329 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1330 context
[15] -= 3 * ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1332 context
[15] -= arm7_9
->dbgreq_adjust_pc
*
1333 ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1335 for (i
= 0; i
<= 15; i
++) {
1336 struct reg
*r
= arm_reg_current(arm
, i
);
1338 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1340 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1341 /* r0 and r15 (pc) have to be restored later */
1342 r
->dirty
= (i
== 0) || (i
== 15);
1346 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1348 /* exceptions other than USR & SYS have a saved program status register */
1351 arm7_9
->read_xpsr(target
, &spsr
, 1);
1352 retval
= jtag_execute_queue();
1353 if (retval
!= ERROR_OK
)
1355 buf_set_u32(arm
->spsr
->value
, 0, 32, spsr
);
1356 arm
->spsr
->dirty
= 0;
1357 arm
->spsr
->valid
= 1;
1360 retval
= jtag_execute_queue();
1361 if (retval
!= ERROR_OK
)
1364 if (arm7_9
->post_debug_entry
) {
1365 retval
= arm7_9
->post_debug_entry(target
);
1366 if (retval
!= ERROR_OK
)
1374 * Validate the full context for an ARM7/9 target in all processor modes. If
1375 * there are any invalid registers for the target, they will all be read. This
1378 * @param target Pointer to the ARM7/9 target to capture the full context from
1379 * @return Error if the target is not halted, has an invalid core mode, or if
1380 * the JTAG queue fails to execute
1382 static int arm7_9_full_context(struct target
*target
)
1386 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1387 struct arm
*arm
= &arm7_9
->arm
;
1391 if (target
->state
!= TARGET_HALTED
) {
1392 LOG_WARNING("target not halted");
1393 return ERROR_TARGET_NOT_HALTED
;
1396 if (!is_arm_mode(arm
->core_mode
)) {
1397 LOG_ERROR("not a valid arm core mode - communication failure?");
1401 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1402 * SYS shares registers with User, so we don't touch SYS
1404 for (i
= 0; i
< 6; i
++) {
1406 uint32_t *reg_p
[16];
1410 /* check if there are invalid registers in the current mode
1412 for (j
= 0; j
<= 16; j
++) {
1413 if (ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1420 /* change processor mode (and mask T bit) */
1421 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8)
1423 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1425 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1427 for (j
= 0; j
< 15; j
++) {
1428 if (ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1429 armv4_5_number_to_mode(i
), j
).valid
== 0) {
1430 reg_p
[j
] = (uint32_t *)ARMV4_5_CORE_REG_MODE(
1432 armv4_5_number_to_mode(i
),
1435 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1436 armv4_5_number_to_mode(i
),
1438 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1439 armv4_5_number_to_mode(i
),
1444 /* if only the PSR is invalid, mask is all zeroes */
1446 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1448 /* check if the PSR has to be read */
1449 if (ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1451 arm7_9
->read_xpsr(target
,
1452 (uint32_t *)ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1453 armv4_5_number_to_mode(i
), 16).value
, 1);
1454 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1456 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1462 /* restore processor mode (mask T bit) */
1463 arm7_9
->write_xpsr_im8(target
,
1464 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
1466 retval
= jtag_execute_queue();
1467 if (retval
!= ERROR_OK
)
1473 * Restore the processor context on an ARM7/9 target. The full processor
1474 * context is analyzed to see if any of the registers are dirty on this end, but
1475 * have a valid new value. If this is the case, the processor is changed to the
1476 * appropriate mode and the new register values are written out to the
1477 * processor. If there happens to be a dirty register with an invalid value, an
1478 * error will be logged.
1480 * @param target Pointer to the ARM7/9 target to have its context restored
1481 * @return Error status if the target is not halted or the core mode in the
1482 * armv4_5 struct is invalid.
1484 static int arm7_9_restore_context(struct target
*target
)
1486 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1487 struct arm
*arm
= &arm7_9
->arm
;
1489 enum arm_mode current_mode
= arm
->core_mode
;
1496 if (target
->state
!= TARGET_HALTED
) {
1497 LOG_WARNING("target not halted");
1498 return ERROR_TARGET_NOT_HALTED
;
1501 if (arm7_9
->pre_restore_context
)
1502 arm7_9
->pre_restore_context(target
);
1504 if (!is_arm_mode(arm
->core_mode
)) {
1505 LOG_ERROR("not a valid arm core mode - communication failure?");
1509 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1510 * SYS shares registers with User, so we don't touch SYS
1512 for (i
= 0; i
< 6; i
++) {
1513 LOG_DEBUG("examining %s mode",
1514 arm_mode_name(arm
->core_mode
));
1517 /* check if there are dirty registers in the current mode
1519 for (j
= 0; j
<= 16; j
++) {
1520 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
);
1521 if (reg
->dirty
== 1) {
1522 if (reg
->valid
== 1) {
1524 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1525 struct arm_reg
*reg_arch_info
;
1526 reg_arch_info
= reg
->arch_info
;
1527 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1528 && (reg_arch_info
->mode
!= current_mode
)
1529 && !((reg_arch_info
->mode
== ARM_MODE_USR
)
1530 && (arm
->core_mode
== ARM_MODE_SYS
))
1531 && !((reg_arch_info
->mode
== ARM_MODE_SYS
)
1532 && (arm
->core_mode
== ARM_MODE_USR
))) {
1534 LOG_DEBUG("require mode change");
1537 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1543 uint32_t mask
= 0x0;
1550 /* change processor mode (mask T bit) */
1551 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
,
1553 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1555 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1556 current_mode
= armv4_5_number_to_mode(i
);
1559 for (j
= 0; j
<= 14; j
++) {
1560 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1561 armv4_5_number_to_mode(i
),
1564 if (reg
->dirty
== 1) {
1565 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1570 LOG_DEBUG("writing register %i mode %s "
1571 "with value 0x%8.8" PRIx32
, j
,
1572 arm_mode_name(arm
->core_mode
),
1578 arm7_9
->write_core_regs(target
, mask
, regs
);
1581 &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(
1583 struct arm_reg
*reg_arch_info
;
1584 reg_arch_info
= reg
->arch_info
;
1585 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
)) {
1586 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"",
1588 buf_get_u32(reg
->value
, 0, 32));
1589 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1594 if (!arm
->cpsr
->dirty
&& (arm
->core_mode
!= current_mode
)) {
1595 /* restore processor mode (mask T bit) */
1598 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
1599 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1601 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1602 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1604 } else if (arm
->cpsr
->dirty
) {
1605 /* CPSR has been changed, full restore necessary (mask T bit) */
1606 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1607 buf_get_u32(arm
->cpsr
->value
, 0, 32));
1608 arm7_9
->write_xpsr(target
,
1609 buf_get_u32(arm
->cpsr
->value
, 0, 32)
1611 arm
->cpsr
->dirty
= 0;
1612 arm
->cpsr
->valid
= 1;
1616 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
,
1617 buf_get_u32(arm
->pc
->value
, 0, 32));
1618 arm7_9
->write_pc(target
, buf_get_u32(arm
->pc
->value
, 0, 32));
1625 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1626 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1629 * @param target Pointer to the ARM7/9 target to be restarted
1630 * @return Result of executing the JTAG queue
1632 static int arm7_9_restart_core(struct target
*target
)
1634 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1635 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1638 /* set RESTART instruction */
1639 if (arm7_9
->need_bypass_before_restart
) {
1640 arm7_9
->need_bypass_before_restart
= 0;
1642 retval
= arm_jtag_set_instr(jtag_info
, 0xf, NULL
, TAP_IDLE
);
1643 if (retval
!= ERROR_OK
)
1646 retval
= arm_jtag_set_instr(jtag_info
, 0x4, NULL
, TAP_IDLE
);
1647 if (retval
!= ERROR_OK
)
1650 jtag_add_runtest(1, TAP_IDLE
);
1651 return jtag_execute_queue();
1655 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1656 * iterated through and are set on the target if they aren't already set.
1658 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1660 static void arm7_9_enable_watchpoints(struct target
*target
)
1662 struct watchpoint
*watchpoint
= target
->watchpoints
;
1664 while (watchpoint
) {
1665 if (watchpoint
->set
== 0)
1666 arm7_9_set_watchpoint(target
, watchpoint
);
1667 watchpoint
= watchpoint
->next
;
1672 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1673 * iterated through and are set on the target.
1675 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1677 static void arm7_9_enable_breakpoints(struct target
*target
)
1679 struct breakpoint
*breakpoint
= target
->breakpoints
;
1681 /* set any pending breakpoints */
1682 while (breakpoint
) {
1683 arm7_9_set_breakpoint(target
, breakpoint
);
1684 breakpoint
= breakpoint
->next
;
1688 int arm7_9_resume(struct target
*target
,
1691 int handle_breakpoints
,
1692 int debug_execution
)
1694 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1695 struct arm
*arm
= &arm7_9
->arm
;
1696 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1697 int err
, retval
= ERROR_OK
;
1701 if (target
->state
!= TARGET_HALTED
) {
1702 LOG_WARNING("target not halted");
1703 return ERROR_TARGET_NOT_HALTED
;
1706 if (!debug_execution
)
1707 target_free_all_working_areas(target
);
1709 /* current = 1: continue on current pc, otherwise continue at <address> */
1711 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1713 uint32_t current_pc
;
1714 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1716 /* the front-end may request us not to handle breakpoints */
1717 if (handle_breakpoints
) {
1718 struct breakpoint
*breakpoint
;
1719 breakpoint
= breakpoint_find(target
,
1720 buf_get_u32(arm
->pc
->value
, 0, 32));
1721 if (breakpoint
!= NULL
) {
1722 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32
" (id: %d)",
1723 breakpoint
->address
,
1724 breakpoint
->unique_id
);
1725 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1726 if (retval
!= ERROR_OK
)
1729 /* calculate PC of next instruction */
1731 retval
= arm_simulate_step(target
, &next_pc
);
1732 if (retval
!= ERROR_OK
) {
1733 uint32_t current_opcode
;
1734 target_read_u32(target
, current_pc
, ¤t_opcode
);
1736 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1741 LOG_DEBUG("enable single-step");
1742 arm7_9
->enable_single_step(target
, next_pc
);
1744 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1746 retval
= arm7_9_restore_context(target
);
1747 if (retval
!= ERROR_OK
)
1750 if (arm
->core_state
== ARM_STATE_ARM
)
1751 arm7_9
->branch_resume(target
);
1752 else if (arm
->core_state
== ARM_STATE_THUMB
)
1753 arm7_9
->branch_resume_thumb(target
);
1755 LOG_ERROR("unhandled core state");
1759 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1760 embeddedice_write_reg(dbg_ctrl
,
1761 buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1762 err
= arm7_9_execute_sys_speed(target
);
1764 LOG_DEBUG("disable single-step");
1765 arm7_9
->disable_single_step(target
);
1767 if (err
!= ERROR_OK
) {
1768 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1769 if (retval
!= ERROR_OK
)
1771 target
->state
= TARGET_UNKNOWN
;
1775 retval
= arm7_9_debug_entry(target
);
1776 if (retval
!= ERROR_OK
)
1778 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
,
1779 buf_get_u32(arm
->pc
->value
, 0, 32));
1781 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32
"", breakpoint
->address
);
1782 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1783 if (retval
!= ERROR_OK
)
1788 /* enable any pending breakpoints and watchpoints */
1789 arm7_9_enable_breakpoints(target
);
1790 arm7_9_enable_watchpoints(target
);
1792 retval
= arm7_9_restore_context(target
);
1793 if (retval
!= ERROR_OK
)
1796 if (arm
->core_state
== ARM_STATE_ARM
)
1797 arm7_9
->branch_resume(target
);
1798 else if (arm
->core_state
== ARM_STATE_THUMB
)
1799 arm7_9
->branch_resume_thumb(target
);
1801 LOG_ERROR("unhandled core state");
1805 /* deassert DBGACK and INTDIS */
1806 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1807 /* INTDIS only when we really resume, not during debug execution */
1808 if (!debug_execution
)
1809 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1810 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1812 retval
= arm7_9_restart_core(target
);
1813 if (retval
!= ERROR_OK
)
1816 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1818 if (!debug_execution
) {
1819 /* registers are now invalid */
1820 register_cache_invalidate(arm
->core_cache
);
1821 target
->state
= TARGET_RUNNING
;
1822 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1823 if (retval
!= ERROR_OK
)
1826 target
->state
= TARGET_DEBUG_RUNNING
;
1827 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1828 if (retval
!= ERROR_OK
)
1832 LOG_DEBUG("target resumed");
1837 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1839 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1840 struct arm
*arm
= &arm7_9
->arm
;
1841 uint32_t current_pc
;
1842 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1844 if (next_pc
!= current_pc
) {
1845 /* setup an inverse breakpoint on the current PC
1846 * - comparator 1 matches the current address
1847 * - rangeout from comparator 1 is connected to comparator 0 rangein
1848 * - comparator 0 matches any address, as long as rangein is low */
1849 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1850 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1851 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1852 EICE_W_CTRL_ENABLE
);
1853 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1854 ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1855 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
1857 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1858 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1859 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1860 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1861 ~EICE_W_CTRL_nOPC
& 0xff);
1863 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1864 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1865 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1866 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1867 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1868 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1869 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1870 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
1871 EICE_W_CTRL_ENABLE
);
1872 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1873 ~EICE_W_CTRL_nOPC
& 0xff);
1877 void arm7_9_disable_eice_step(struct target
*target
)
1879 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1881 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1882 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1883 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1884 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1885 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1886 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1887 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1888 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1889 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1892 int arm7_9_step(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
)
1894 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1895 struct arm
*arm
= &arm7_9
->arm
;
1896 struct breakpoint
*breakpoint
= NULL
;
1899 if (target
->state
!= TARGET_HALTED
) {
1900 LOG_WARNING("target not halted");
1901 return ERROR_TARGET_NOT_HALTED
;
1904 /* current = 1: continue on current pc, otherwise continue at <address> */
1906 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1908 uint32_t current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1910 /* the front-end may request us not to handle breakpoints */
1911 if (handle_breakpoints
)
1912 breakpoint
= breakpoint_find(target
, current_pc
);
1913 if (breakpoint
!= NULL
) {
1914 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1915 if (retval
!= ERROR_OK
)
1919 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1921 /* calculate PC of next instruction */
1923 retval
= arm_simulate_step(target
, &next_pc
);
1924 if (retval
!= ERROR_OK
) {
1925 uint32_t current_opcode
;
1926 target_read_u32(target
, current_pc
, ¤t_opcode
);
1928 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1933 retval
= arm7_9_restore_context(target
);
1934 if (retval
!= ERROR_OK
)
1937 arm7_9
->enable_single_step(target
, next_pc
);
1939 if (arm
->core_state
== ARM_STATE_ARM
)
1940 arm7_9
->branch_resume(target
);
1941 else if (arm
->core_state
== ARM_STATE_THUMB
)
1942 arm7_9
->branch_resume_thumb(target
);
1944 LOG_ERROR("unhandled core state");
1948 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1949 if (retval
!= ERROR_OK
)
1952 err
= arm7_9_execute_sys_speed(target
);
1953 arm7_9
->disable_single_step(target
);
1955 /* registers are now invalid */
1956 register_cache_invalidate(arm
->core_cache
);
1958 if (err
!= ERROR_OK
)
1959 target
->state
= TARGET_UNKNOWN
;
1961 retval
= arm7_9_debug_entry(target
);
1962 if (retval
!= ERROR_OK
)
1964 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1965 if (retval
!= ERROR_OK
)
1967 LOG_DEBUG("target stepped");
1971 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1972 if (retval
!= ERROR_OK
)
1979 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
1980 int num
, enum arm_mode mode
)
1982 uint32_t *reg_p
[16];
1984 struct arm_reg
*areg
= r
->arch_info
;
1985 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1986 struct arm
*arm
= &arm7_9
->arm
;
1988 if (!is_arm_mode(arm
->core_mode
))
1990 if ((num
< 0) || (num
> 16))
1991 return ERROR_COMMAND_SYNTAX_ERROR
;
1993 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
1994 && (areg
->mode
!= ARM_MODE_ANY
)) {
1997 /* change processor mode (mask T bit) */
1998 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2001 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2005 if ((num
>= 0) && (num
<= 15)) {
2006 /* read a normal core register */
2007 reg_p
[num
] = &value
;
2009 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2011 /* read a program status register
2012 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2014 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2017 retval
= jtag_execute_queue();
2018 if (retval
!= ERROR_OK
)
2023 buf_set_u32(r
->value
, 0, 32, value
);
2025 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2026 && (areg
->mode
!= ARM_MODE_ANY
)) {
2027 /* restore processor mode (mask T bit) */
2028 arm7_9
->write_xpsr_im8(target
,
2029 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2035 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2036 int num
, enum arm_mode mode
, uint32_t value
)
2039 struct arm_reg
*areg
= r
->arch_info
;
2040 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2041 struct arm
*arm
= &arm7_9
->arm
;
2043 if (!is_arm_mode(arm
->core_mode
))
2045 if ((num
< 0) || (num
> 16))
2046 return ERROR_COMMAND_SYNTAX_ERROR
;
2048 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2049 && (areg
->mode
!= ARM_MODE_ANY
)) {
2052 /* change processor mode (mask T bit) */
2053 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2056 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2059 if ((num
>= 0) && (num
<= 15)) {
2060 /* write a normal core register */
2063 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2065 /* write a program status register
2066 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2068 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2070 /* if we're writing the CPSR, mask the T bit */
2074 arm7_9
->write_xpsr(target
, value
, spsr
);
2080 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2081 && (areg
->mode
!= ARM_MODE_ANY
)) {
2082 /* restore processor mode (mask T bit) */
2083 arm7_9
->write_xpsr_im8(target
,
2084 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2087 return jtag_execute_queue();
2090 int arm7_9_read_memory(struct target
*target
,
2096 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2097 struct arm
*arm
= &arm7_9
->arm
;
2099 uint32_t num_accesses
= 0;
2100 int thisrun_accesses
;
2106 LOG_DEBUG("address: 0x%8.8" PRIx32
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"",
2107 address
, size
, count
);
2109 if (target
->state
!= TARGET_HALTED
) {
2110 LOG_WARNING("target not halted");
2111 return ERROR_TARGET_NOT_HALTED
;
2114 /* sanitize arguments */
2115 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2116 return ERROR_COMMAND_SYNTAX_ERROR
;
2118 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2119 return ERROR_TARGET_UNALIGNED_ACCESS
;
2121 /* load the base register with the address of the first word */
2123 arm7_9
->write_core_regs(target
, 0x1, reg
);
2129 while (num_accesses
< count
) {
2132 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2133 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2135 if (last_reg
<= thisrun_accesses
)
2136 last_reg
= thisrun_accesses
;
2138 arm7_9
->load_word_regs(target
, reg_list
);
2140 /* fast memory reads are only safe when the target is running
2141 * from a sufficiently high clock (32 kHz is usually too slow)
2143 if (arm7_9
->fast_memory_access
)
2144 retval
= arm7_9_execute_fast_sys_speed(target
);
2146 retval
= arm7_9_execute_sys_speed(target
);
2147 if (retval
!= ERROR_OK
)
2150 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2152 /* advance buffer, count number of accesses */
2153 buffer
+= thisrun_accesses
* 4;
2154 num_accesses
+= thisrun_accesses
;
2156 if ((j
++%1024) == 0)
2161 while (num_accesses
< count
) {
2164 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2165 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2167 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2170 arm7_9
->load_hword_reg(target
, i
);
2171 /* fast memory reads are only safe when the target is running
2172 * from a sufficiently high clock (32 kHz is usually too slow)
2174 if (arm7_9
->fast_memory_access
)
2175 retval
= arm7_9_execute_fast_sys_speed(target
);
2177 retval
= arm7_9_execute_sys_speed(target
);
2178 if (retval
!= ERROR_OK
)
2183 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2185 /* advance buffer, count number of accesses */
2186 buffer
+= thisrun_accesses
* 2;
2187 num_accesses
+= thisrun_accesses
;
2189 if ((j
++%1024) == 0)
2194 while (num_accesses
< count
) {
2197 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2198 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2200 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2203 arm7_9
->load_byte_reg(target
, i
);
2204 /* fast memory reads are only safe when the target is running
2205 * from a sufficiently high clock (32 kHz is usually too slow)
2207 if (arm7_9
->fast_memory_access
)
2208 retval
= arm7_9_execute_fast_sys_speed(target
);
2210 retval
= arm7_9_execute_sys_speed(target
);
2211 if (retval
!= ERROR_OK
)
2215 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2217 /* advance buffer, count number of accesses */
2218 buffer
+= thisrun_accesses
* 1;
2219 num_accesses
+= thisrun_accesses
;
2221 if ((j
++%1024) == 0)
2227 if (!is_arm_mode(arm
->core_mode
))
2230 for (i
= 0; i
<= last_reg
; i
++) {
2231 struct reg
*r
= arm_reg_current(arm
, i
);
2232 r
->dirty
= r
->valid
;
2235 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2236 retval
= jtag_execute_queue();
2237 if (retval
!= ERROR_OK
) {
2238 LOG_ERROR("JTAG error while reading cpsr");
2239 return ERROR_TARGET_DATA_ABORT
;
2242 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2244 "memory read caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2249 arm7_9
->write_xpsr_im8(target
,
2250 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2253 return ERROR_TARGET_DATA_ABORT
;
2259 int arm7_9_write_memory(struct target
*target
,
2263 const uint8_t *buffer
)
2265 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2266 struct arm
*arm
= &arm7_9
->arm
;
2267 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2270 uint32_t num_accesses
= 0;
2271 int thisrun_accesses
;
2277 #ifdef _DEBUG_ARM7_9_
2278 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2281 if (target
->state
!= TARGET_HALTED
) {
2282 LOG_WARNING("target not halted");
2283 return ERROR_TARGET_NOT_HALTED
;
2286 /* sanitize arguments */
2287 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2288 return ERROR_COMMAND_SYNTAX_ERROR
;
2290 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2291 return ERROR_TARGET_UNALIGNED_ACCESS
;
2293 /* load the base register with the address of the first word */
2295 arm7_9
->write_core_regs(target
, 0x1, reg
);
2297 /* Clear DBGACK, to make sure memory fetches work as expected */
2298 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2299 embeddedice_store_reg(dbg_ctrl
);
2303 while (num_accesses
< count
) {
2306 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2307 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2309 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2312 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2316 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2318 arm7_9
->store_word_regs(target
, reg_list
);
2320 /* fast memory writes are only safe when the target is running
2321 * from a sufficiently high clock (32 kHz is usually too slow)
2323 if (arm7_9
->fast_memory_access
)
2324 retval
= arm7_9_execute_fast_sys_speed(target
);
2326 retval
= arm7_9_execute_sys_speed(target
);
2329 * if memory writes are made when the clock is running slow
2330 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2331 * processor operations after a "reset halt" or "reset init",
2332 * need to immediately stroke the keep alive or will end up with
2333 * gdb "keep alive not sent error message" problem.
2339 if (retval
!= ERROR_OK
)
2342 num_accesses
+= thisrun_accesses
;
2346 while (num_accesses
< count
) {
2349 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2350 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2352 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2355 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2359 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2361 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2362 arm7_9
->store_hword_reg(target
, i
);
2364 /* fast memory writes are only safe when the target is running
2365 * from a sufficiently high clock (32 kHz is usually too slow)
2367 if (arm7_9
->fast_memory_access
)
2368 retval
= arm7_9_execute_fast_sys_speed(target
);
2370 retval
= arm7_9_execute_sys_speed(target
);
2373 * if memory writes are made when the clock is running slow
2374 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2375 * processor operations after a "reset halt" or "reset init",
2376 * need to immediately stroke the keep alive or will end up with
2377 * gdb "keep alive not sent error message" problem.
2383 if (retval
!= ERROR_OK
)
2387 num_accesses
+= thisrun_accesses
;
2391 while (num_accesses
< count
) {
2394 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2395 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2397 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2400 reg
[i
] = *buffer
++ & 0xff;
2403 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2405 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2406 arm7_9
->store_byte_reg(target
, i
);
2407 /* fast memory writes are only safe when the target is running
2408 * from a sufficiently high clock (32 kHz is usually too slow)
2410 if (arm7_9
->fast_memory_access
)
2411 retval
= arm7_9_execute_fast_sys_speed(target
);
2413 retval
= arm7_9_execute_sys_speed(target
);
2416 * if memory writes are made when the clock is running slow
2417 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2418 * processor operations after a "reset halt" or "reset init",
2419 * need to immediately stroke the keep alive or will end up with
2420 * gdb "keep alive not sent error message" problem.
2426 if (retval
!= ERROR_OK
)
2431 num_accesses
+= thisrun_accesses
;
2437 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2438 embeddedice_store_reg(dbg_ctrl
);
2440 if (!is_arm_mode(arm
->core_mode
))
2443 for (i
= 0; i
<= last_reg
; i
++) {
2444 struct reg
*r
= arm_reg_current(arm
, i
);
2445 r
->dirty
= r
->valid
;
2448 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2449 retval
= jtag_execute_queue();
2450 if (retval
!= ERROR_OK
) {
2451 LOG_ERROR("JTAG error while reading cpsr");
2452 return ERROR_TARGET_DATA_ABORT
;
2455 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2457 "memory write caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2462 arm7_9
->write_xpsr_im8(target
,
2463 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2466 return ERROR_TARGET_DATA_ABORT
;
2472 static int dcc_count
;
2473 static const uint8_t *dcc_buffer
;
2475 static int arm7_9_dcc_completion(struct target
*target
,
2476 uint32_t exit_point
,
2480 int retval
= ERROR_OK
;
2481 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2483 retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500);
2484 if (retval
!= ERROR_OK
)
2487 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2488 int count
= dcc_count
;
2489 const uint8_t *buffer
= dcc_buffer
;
2491 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2492 * core function repeated. */
2493 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2494 fast_target_buffer_get_u32(buffer
, little
));
2497 struct embeddedice_reg
*ice_reg
=
2498 arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2499 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2500 struct jtag_tap
*tap
;
2501 tap
= ice_reg
->jtag_info
->tap
;
2503 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2504 buffer
+= (count
-2)*4;
2506 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2507 fast_target_buffer_get_u32(buffer
, little
));
2510 for (i
= 0; i
< count
; i
++) {
2511 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2512 fast_target_buffer_get_u32(buffer
, little
));
2517 retval
= target_halt(target
);
2518 if (retval
!= ERROR_OK
)
2520 return target_wait_state(target
, TARGET_HALTED
, 500);
2523 static const uint32_t dcc_code
[] = {
2524 /* r0 == input, points to memory buffer
2528 /* spin until DCC control (c0) reports data arrived */
2529 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2530 0xe3110001, /* tst r1, #1 */
2531 0x0afffffc, /* bne w */
2533 /* read word from DCC (c1), write to memory */
2534 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2535 0xe4801004, /* str r1, [r0], #4 */
2538 0xeafffff9 /* b w */
2541 int arm7_9_bulk_write_memory(struct target
*target
,
2544 const uint8_t *buffer
)
2547 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2550 if (!arm7_9
->dcc_downloads
)
2551 return target_write_memory(target
, address
, 4, count
, buffer
);
2553 /* regrab previously allocated working_area, or allocate a new one */
2554 if (!arm7_9
->dcc_working_area
) {
2555 uint8_t dcc_code_buf
[6 * 4];
2557 /* make sure we have a working area */
2558 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
) {
2559 LOG_INFO("no working area available, falling back to memory writes");
2560 return target_write_memory(target
, address
, 4, count
, buffer
);
2563 /* copy target instructions to target endianness */
2564 for (i
= 0; i
< 6; i
++)
2565 target_buffer_set_u32(target
, dcc_code_buf
+ i
*4, dcc_code
[i
]);
2567 /* write DCC code to working area */
2568 retval
= target_write_memory(target
,
2569 arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
);
2570 if (retval
!= ERROR_OK
)
2574 struct arm_algorithm arm_algo
;
2575 struct reg_param reg_params
[1];
2577 arm_algo
.common_magic
= ARM_COMMON_MAGIC
;
2578 arm_algo
.core_mode
= ARM_MODE_SVC
;
2579 arm_algo
.core_state
= ARM_STATE_ARM
;
2581 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2583 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2586 dcc_buffer
= buffer
;
2587 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2588 arm7_9
->dcc_working_area
->address
,
2589 arm7_9
->dcc_working_area
->address
+ 6*4,
2590 20*1000, &arm_algo
, arm7_9_dcc_completion
);
2592 if (retval
== ERROR_OK
) {
2593 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2594 if (endaddress
!= (address
+ count
*4)) {
2596 "DCC write failed, expected end address 0x%08" PRIx32
" got 0x%0" PRIx32
"",
2597 (address
+ count
*4),
2599 retval
= ERROR_FAIL
;
2603 destroy_reg_param(®_params
[0]);
2609 * Perform per-target setup that requires JTAG access.
2611 int arm7_9_examine(struct target
*target
)
2613 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2616 if (!target_was_examined(target
)) {
2617 struct reg_cache
*t
, **cache_p
;
2619 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2623 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2625 arm7_9
->eice_cache
= (*cache_p
);
2627 if (arm7_9
->arm
.etm
)
2628 (*cache_p
)->next
= etm_build_reg_cache(target
,
2632 target_set_examined(target
);
2635 retval
= embeddedice_setup(target
);
2636 if (retval
== ERROR_OK
)
2637 retval
= arm7_9_setup(target
);
2638 if (retval
== ERROR_OK
&& arm7_9
->arm
.etm
)
2639 retval
= etm_setup(target
);
2644 int arm7_9_check_reset(struct target
*target
)
2646 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2648 if (get_target_reset_nag() && !arm7_9
->dcc_downloads
)
2650 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2652 if (get_target_reset_nag() && (target
->working_area_size
== 0))
2653 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2655 if (get_target_reset_nag() && !arm7_9
->fast_memory_access
)
2657 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2662 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in
,
2663 jtag_callback_data_t i_size
, jtag_callback_data_t i_be
,
2664 jtag_callback_data_t i_flip
)
2666 uint8_t *in
= (uint8_t *)pu8_in
;
2667 int size
= (int)i_size
;
2669 int flip
= (int)i_flip
;
2674 readback
= le_to_h_u32(in
);
2676 readback
= flip_u32(readback
, 32);
2678 h_u32_to_be(in
, readback
);
2680 h_u32_to_le(in
, readback
);
2683 readback
= le_to_h_u16(in
);
2685 readback
= flip_u32(readback
, 16);
2687 h_u16_to_be(in
, readback
& 0xffff);
2689 h_u16_to_le(in
, readback
& 0xffff);
2694 readback
= flip_u32(readback
, 8);
2695 *in
= readback
& 0xff;
2702 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2704 struct target
*target
= get_current_target(CMD_CTX
);
2705 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2707 if (!is_arm7_9(arm7_9
)) {
2708 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2709 return ERROR_TARGET_INVALID
;
2713 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->use_dbgrq
);
2715 command_print(CMD_CTX
,
2716 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2717 (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2722 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2724 struct target
*target
= get_current_target(CMD_CTX
);
2725 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2727 if (!is_arm7_9(arm7_9
)) {
2728 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2729 return ERROR_TARGET_INVALID
;
2733 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2735 command_print(CMD_CTX
,
2736 "fast memory access is %s",
2737 (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2742 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2744 struct target
*target
= get_current_target(CMD_CTX
);
2745 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2747 if (!is_arm7_9(arm7_9
)) {
2748 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2749 return ERROR_TARGET_INVALID
;
2753 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2755 command_print(CMD_CTX
,
2756 "dcc downloads are %s",
2757 (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2762 static int arm7_9_setup_semihosting(struct target
*target
, int enable
)
2764 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2766 if (!is_arm7_9(arm7_9
)) {
2767 LOG_USER("current target isn't an ARM7/ARM9 target");
2768 return ERROR_TARGET_INVALID
;
2771 if (arm7_9
->has_vector_catch
) {
2772 struct reg
*vector_catch
= &arm7_9
->eice_cache
2773 ->reg_list
[EICE_VEC_CATCH
];
2775 if (!vector_catch
->valid
)
2776 embeddedice_read_reg(vector_catch
);
2777 buf_set_u32(vector_catch
->value
, 2, 1, enable
);
2778 embeddedice_store_reg(vector_catch
);
2780 /* TODO: allow optional high vectors and/or BKPT_HARD */
2782 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2784 breakpoint_remove(target
, 8);
2790 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2792 int retval
= ERROR_OK
;
2793 struct arm
*arm
= &arm7_9
->arm
;
2795 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2797 retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
);
2798 if (retval
!= ERROR_OK
)
2801 /* caller must have allocated via calloc(), so everything's zeroed */
2803 arm7_9
->wp_available_max
= 2;
2805 arm7_9
->fast_memory_access
= false;
2806 arm7_9
->dcc_downloads
= false;
2808 arm
->arch_info
= arm7_9
;
2809 arm
->core_type
= ARM_MODE_ANY
;
2810 arm
->read_core_reg
= arm7_9_read_core_reg
;
2811 arm
->write_core_reg
= arm7_9_write_core_reg
;
2812 arm
->full_context
= arm7_9_full_context
;
2813 arm
->setup_semihosting
= arm7_9_setup_semihosting
;
2815 retval
= arm_init_arch_info(target
, arm
);
2816 if (retval
!= ERROR_OK
)
2819 return target_register_timer_callback(arm7_9_handle_target_request
,
2823 static const struct command_registration arm7_9_any_command_handlers
[] = {
2826 .handler
= handle_arm7_9_dbgrq_command
,
2827 .mode
= COMMAND_ANY
,
2828 .usage
= "['enable'|'disable']",
2829 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2830 "for target halt requests",
2833 "fast_memory_access",
2834 .handler
= handle_arm7_9_fast_memory_access_command
,
2835 .mode
= COMMAND_ANY
,
2836 .usage
= "['enable'|'disable']",
2837 .help
= "use fast memory accesses instead of slower "
2838 "but potentially safer accesses",
2842 .handler
= handle_arm7_9_dcc_downloads_command
,
2843 .mode
= COMMAND_ANY
,
2844 .usage
= "['enable'|'disable']",
2845 .help
= "use DCC downloads for larger memory writes",
2847 COMMAND_REGISTRATION_DONE
2849 const struct command_registration arm7_9_command_handlers
[] = {
2851 .chain
= arm_command_handlers
,
2854 .chain
= etm_command_handlers
,
2858 .mode
= COMMAND_ANY
,
2859 .help
= "arm7/9 specific commands",
2861 .chain
= arm7_9_any_command_handlers
,
2863 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)