1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * Copyright (C) 2009 by David Brownell *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
28 ***************************************************************************/
34 #include "breakpoints.h"
35 #include "embeddedice.h"
36 #include "target_request.h"
38 #include <helper/time_support.h>
39 #include "arm_simulator.h"
40 #include "arm_semihosting.h"
41 #include "algorithm.h"
47 * Hold common code supporting the ARM7 and ARM9 core generations.
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
63 static int arm7_9_debug_entry(struct target
*target
);
66 * Clear watchpoints for an ARM7/9 target.
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
71 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
74 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
75 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
76 arm7_9
->sw_breakpoint_count
= 0;
77 arm7_9
->sw_breakpoints_added
= 0;
79 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
80 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
82 return jtag_execute_queue();
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
92 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
94 if (!arm7_9
->wp0_used
) {
97 arm7_9
->wp_available
--;
98 } else if (!arm7_9
->wp1_used
) {
101 arm7_9
->wp_available
--;
103 LOG_ERROR("BUG: no hardware comparator available");
105 LOG_DEBUG("BPID: %" PRId32
" (0x%08" TARGET_PRIxADDR
") using hw wp: %d",
106 breakpoint
->unique_id
,
112 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
114 * @param arm7_9 Pointer to common struct for ARM7/9 targets
115 * @return Error codes if there is a problem finding a watchpoint or the result
116 * of executing the JTAG queue
118 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
120 if (arm7_9
->sw_breakpoints_added
)
122 if (arm7_9
->wp_available
< 1) {
123 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
124 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
126 arm7_9
->wp_available
--;
128 /* pick a breakpoint unit */
129 if (!arm7_9
->wp0_used
) {
130 arm7_9
->sw_breakpoints_added
= 1;
131 arm7_9
->wp0_used
= 3;
132 } else if (!arm7_9
->wp1_used
) {
133 arm7_9
->sw_breakpoints_added
= 2;
134 arm7_9
->wp1_used
= 3;
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
140 if (arm7_9
->sw_breakpoints_added
== 1) {
141 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
142 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
143 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
144 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
145 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
146 } else if (arm7_9
->sw_breakpoints_added
== 2) {
147 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
148 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
149 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
150 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
151 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
153 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
156 LOG_DEBUG("SW BP using hw wp: %d",
157 arm7_9
->sw_breakpoints_added
);
159 return jtag_execute_queue();
163 * Setup the common pieces for an ARM7/9 target after reset or on startup.
165 * @param target Pointer to an ARM7/9 target to setup
166 * @return Result of clearing the watchpoints on the target
168 static int arm7_9_setup(struct target
*target
)
170 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
172 return arm7_9_clear_watchpoints(arm7_9
);
176 * Set either a hardware or software breakpoint on an ARM7/9 target. The
177 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
178 * might have erased the values in Embedded ICE.
180 * @param target Pointer to the target device to set the breakpoints on
181 * @param breakpoint Pointer to the breakpoint to be set
182 * @return For hardware breakpoints, this is the result of executing the JTAG
183 * queue. For software breakpoints, this will be the status of the
184 * required memory reads and writes
186 static int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
188 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
189 int retval
= ERROR_OK
;
191 LOG_DEBUG("BPID: %" PRId32
", Address: 0x%08" TARGET_PRIxADDR
", Type: %d",
192 breakpoint
->unique_id
,
196 if (target
->state
!= TARGET_HALTED
) {
197 LOG_WARNING("target not halted");
198 return ERROR_TARGET_NOT_HALTED
;
201 if (breakpoint
->type
== BKPT_HARD
) {
202 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
203 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
205 /* reassign a hw breakpoint */
206 if (breakpoint
->set
== 0)
207 arm7_9_assign_wp(arm7_9
, breakpoint
);
209 if (breakpoint
->set
== 1) {
210 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
211 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
212 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
213 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
214 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
215 } else if (breakpoint
->set
== 2) {
216 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
217 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
218 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
219 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
220 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
222 LOG_ERROR("BUG: no hardware comparator available");
226 retval
= jtag_execute_queue();
227 } else if (breakpoint
->type
== BKPT_SOFT
) {
228 /* did we already set this breakpoint? */
232 if (breakpoint
->length
== 4) {
233 uint32_t verify
= 0xffffffff;
234 /* keep the original instruction in target endianness */
235 retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
236 if (retval
!= ERROR_OK
)
238 /* write the breakpoint instruction in target
239 * endianness (arm7_9->arm_bkpt is host endian) */
240 retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
);
241 if (retval
!= ERROR_OK
)
244 retval
= target_read_u32(target
, breakpoint
->address
, &verify
);
245 if (retval
!= ERROR_OK
)
247 if (verify
!= arm7_9
->arm_bkpt
) {
248 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" TARGET_PRIxADDR
249 " - check that memory is read/writable", breakpoint
->address
);
253 uint16_t verify
= 0xffff;
254 /* keep the original instruction in target endianness */
255 retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
256 if (retval
!= ERROR_OK
)
258 /* write the breakpoint instruction in target
259 * endianness (arm7_9->thumb_bkpt is host endian) */
260 retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
);
261 if (retval
!= ERROR_OK
)
264 retval
= target_read_u16(target
, breakpoint
->address
, &verify
);
265 if (retval
!= ERROR_OK
)
267 if (verify
!= arm7_9
->thumb_bkpt
) {
268 LOG_ERROR("Unable to set thumb software breakpoint at address %08" TARGET_PRIxADDR
269 " - check that memory is read/writable", breakpoint
->address
);
274 retval
= arm7_9_set_software_breakpoints(arm7_9
);
275 if (retval
!= ERROR_OK
)
278 arm7_9
->sw_breakpoint_count
++;
287 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
288 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
289 * will be updated. Otherwise, the software breakpoint will be restored to its
290 * original instruction if it hasn't already been modified.
292 * @param target Pointer to ARM7/9 target to unset the breakpoint from
293 * @param breakpoint Pointer to breakpoint to be unset
294 * @return For hardware breakpoints, this is the result of executing the JTAG
295 * queue. For software breakpoints, this will be the status of the
296 * required memory reads and writes
298 static int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
300 int retval
= ERROR_OK
;
301 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
303 LOG_DEBUG("BPID: %" PRId32
", Address: 0x%08" TARGET_PRIxADDR
,
304 breakpoint
->unique_id
,
305 breakpoint
->address
);
307 if (!breakpoint
->set
) {
308 LOG_WARNING("breakpoint not set");
312 if (breakpoint
->type
== BKPT_HARD
) {
313 LOG_DEBUG("BPID: %" PRId32
" Releasing hw wp: %d",
314 breakpoint
->unique_id
,
316 if (breakpoint
->set
== 1) {
317 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
318 arm7_9
->wp0_used
= 0;
319 arm7_9
->wp_available
++;
320 } else if (breakpoint
->set
== 2) {
321 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
322 arm7_9
->wp1_used
= 0;
323 arm7_9
->wp_available
++;
325 retval
= jtag_execute_queue();
328 /* restore original instruction (kept in target endianness) */
329 if (breakpoint
->length
== 4) {
330 uint32_t current_instr
;
331 /* check that user program as not modified breakpoint instruction */
332 retval
= target_read_memory(target
,
333 breakpoint
->address
, 4, 1, (uint8_t *)¤t_instr
);
334 if (retval
!= ERROR_OK
)
336 current_instr
= target_buffer_get_u32(target
, (uint8_t *)¤t_instr
);
337 if (current_instr
== arm7_9
->arm_bkpt
) {
338 retval
= target_write_memory(target
,
339 breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
340 if (retval
!= ERROR_OK
)
345 uint16_t current_instr
;
346 /* check that user program as not modified breakpoint instruction */
347 retval
= target_read_memory(target
,
348 breakpoint
->address
, 2, 1, (uint8_t *)¤t_instr
);
349 if (retval
!= ERROR_OK
)
351 current_instr
= target_buffer_get_u16(target
, (uint8_t *)¤t_instr
);
352 if (current_instr
== arm7_9
->thumb_bkpt
) {
353 retval
= target_write_memory(target
,
354 breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
355 if (retval
!= ERROR_OK
)
360 if (--arm7_9
->sw_breakpoint_count
== 0) {
361 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
363 if (arm7_9
->sw_breakpoints_added
== 1)
364 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
365 EICE_W0_CONTROL_VALUE
], 0);
366 else if (arm7_9
->sw_breakpoints_added
== 2)
367 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
368 EICE_W1_CONTROL_VALUE
], 0);
378 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
379 * dangling breakpoints and that the desired breakpoint can be added.
381 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
382 * @param breakpoint Pointer to the breakpoint to be added
383 * @return An error status if there is a problem adding the breakpoint or the
384 * result of setting the breakpoint
386 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
388 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
390 if (arm7_9
->breakpoint_count
== 0) {
391 /* make sure we don't have any dangling breakpoints. This is vital upon
392 * GDB connect/disconnect
394 arm7_9_clear_watchpoints(arm7_9
);
397 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1)) {
398 LOG_INFO("no watchpoint unit available for hardware breakpoint");
399 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
402 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4)) {
403 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
404 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
407 if (breakpoint
->type
== BKPT_HARD
)
408 arm7_9_assign_wp(arm7_9
, breakpoint
);
410 arm7_9
->breakpoint_count
++;
412 return arm7_9_set_breakpoint(target
, breakpoint
);
416 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
417 * dangling breakpoints and updates available watchpoints if it is a hardware
420 * @param target Pointer to the target to have a breakpoint removed
421 * @param breakpoint Pointer to the breakpoint to be removed
422 * @return Error status if there was a problem unsetting the breakpoint or the
423 * watchpoints could not be cleared
425 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
427 int retval
= ERROR_OK
;
428 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
430 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
431 if (retval
!= ERROR_OK
)
434 if (breakpoint
->type
== BKPT_HARD
)
435 arm7_9
->wp_available
++;
437 arm7_9
->breakpoint_count
--;
438 if (arm7_9
->breakpoint_count
== 0) {
439 /* make sure we don't have any dangling breakpoints */
440 retval
= arm7_9_clear_watchpoints(arm7_9
);
441 if (retval
!= ERROR_OK
)
449 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
450 * considered a bug to call this function when there are no available watchpoint
453 * @param target Pointer to an ARM7/9 target to set a watchpoint on
454 * @param watchpoint Pointer to the watchpoint to be set
455 * @return Error status if watchpoint set fails or the result of executing the
458 static int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
460 int retval
= ERROR_OK
;
461 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
465 mask
= watchpoint
->length
- 1;
467 if (target
->state
!= TARGET_HALTED
) {
468 LOG_WARNING("target not halted");
469 return ERROR_TARGET_NOT_HALTED
;
472 if (watchpoint
->rw
== WPT_ACCESS
)
477 if (!arm7_9
->wp0_used
) {
478 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
],
479 watchpoint
->address
);
480 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
481 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
],
483 if (watchpoint
->mask
!= 0xffffffffu
)
484 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
],
486 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
487 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
488 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
489 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
491 retval
= jtag_execute_queue();
492 if (retval
!= ERROR_OK
)
495 arm7_9
->wp0_used
= 2;
496 } else if (!arm7_9
->wp1_used
) {
497 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
498 watchpoint
->address
);
499 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
500 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
],
502 if (watchpoint
->mask
!= 0xffffffffu
)
503 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
],
505 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
506 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
507 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
508 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
510 retval
= jtag_execute_queue();
511 if (retval
!= ERROR_OK
)
514 arm7_9
->wp1_used
= 2;
516 LOG_ERROR("BUG: no hardware comparator available");
524 * Unset an existing watchpoint and clear the used watchpoint unit.
526 * @param target Pointer to the target to have the watchpoint removed
527 * @param watchpoint Pointer to the watchpoint to be removed
528 * @return Error status while trying to unset the watchpoint or the result of
529 * executing the JTAG queue
531 static int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
533 int retval
= ERROR_OK
;
534 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
536 if (target
->state
!= TARGET_HALTED
) {
537 LOG_WARNING("target not halted");
538 return ERROR_TARGET_NOT_HALTED
;
541 if (!watchpoint
->set
) {
542 LOG_WARNING("breakpoint not set");
546 if (watchpoint
->set
== 1) {
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
548 retval
= jtag_execute_queue();
549 if (retval
!= ERROR_OK
)
551 arm7_9
->wp0_used
= 0;
552 } else if (watchpoint
->set
== 2) {
553 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
554 retval
= jtag_execute_queue();
555 if (retval
!= ERROR_OK
)
557 arm7_9
->wp1_used
= 0;
565 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
566 * available, an error response is returned.
568 * @param target Pointer to the ARM7/9 target to add a watchpoint to
569 * @param watchpoint Pointer to the watchpoint to be added
570 * @return Error status while trying to add the watchpoint
572 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
574 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
576 if (arm7_9
->wp_available
< 1)
577 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
579 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
580 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
582 arm7_9
->wp_available
--;
588 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
589 * the used watchpoint unit will be reopened.
591 * @param target Pointer to the target to remove a watchpoint from
592 * @param watchpoint Pointer to the watchpoint to be removed
593 * @return Result of trying to unset the watchpoint
595 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
597 int retval
= ERROR_OK
;
598 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
600 if (watchpoint
->set
) {
601 retval
= arm7_9_unset_watchpoint(target
, watchpoint
);
602 if (retval
!= ERROR_OK
)
606 arm7_9
->wp_available
++;
612 * Restarts the target by sending a RESTART instruction and moving the JTAG
613 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
614 * asserted by the processor.
616 * @param target Pointer to target to issue commands to
617 * @return Error status if there is a timeout or a problem while executing the
620 int arm7_9_execute_sys_speed(struct target
*target
)
623 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
624 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
625 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
627 /* set RESTART instruction */
628 if (arm7_9
->need_bypass_before_restart
) {
629 arm7_9
->need_bypass_before_restart
= 0;
630 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
631 if (retval
!= ERROR_OK
)
634 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
635 if (retval
!= ERROR_OK
)
638 int64_t then
= timeval_ms();
640 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
641 /* read debug status register */
642 embeddedice_read_reg(dbg_stat
);
643 retval
= jtag_execute_queue();
644 if (retval
!= ERROR_OK
)
646 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
647 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
649 if (debug_level
>= 3)
655 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"",
656 buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
657 return ERROR_TARGET_TIMEOUT
;
664 * Restarts the target by sending a RESTART instruction and moving the JTAG
665 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
666 * waiting until they are.
668 * @param target Pointer to the target to issue commands to
669 * @return Always ERROR_OK
671 static int arm7_9_execute_fast_sys_speed(struct target
*target
)
674 static uint8_t check_value
[4], check_mask
[4];
676 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
677 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
678 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
681 /* set RESTART instruction */
682 if (arm7_9
->need_bypass_before_restart
) {
683 arm7_9
->need_bypass_before_restart
= 0;
684 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
685 if (retval
!= ERROR_OK
)
688 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
689 if (retval
!= ERROR_OK
)
693 /* check for DBGACK and SYSCOMP set (others don't care) */
695 /* NB! These are constants that must be available until after next jtag_execute() and
696 * we evaluate the values upon first execution in lieu of setting up these constants
697 * during early setup.
699 buf_set_u32(check_value
, 0, 32, 0x9);
700 buf_set_u32(check_mask
, 0, 32, 0x9);
704 /* read debug status register */
705 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
711 * Get some data from the ARM7/9 target.
713 * @param target Pointer to the ARM7/9 target to read data from
714 * @param size The number of 32bit words to be read
715 * @param buffer Pointer to the buffer that will hold the data
716 * @return The result of receiving data from the Embedded ICE unit
718 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
720 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
721 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
723 int retval
= ERROR_OK
;
726 data
= malloc(size
* (sizeof(uint32_t)));
728 retval
= embeddedice_receive(jtag_info
, data
, size
);
730 /* return the 32-bit ints in the 8-bit array */
731 for (i
= 0; i
< size
; i
++)
732 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
740 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
741 * target is running and the DCC control register has the W bit high, this will
742 * execute the request on the target.
744 * @param priv Void pointer expected to be a struct target pointer
745 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
746 * from the Embedded ICE unit
748 static int arm7_9_handle_target_request(void *priv
)
750 int retval
= ERROR_OK
;
751 struct target
*target
= priv
;
752 if (!target_was_examined(target
))
754 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
755 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
756 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
758 if (!target
->dbg_msg_enabled
)
761 if (target
->state
== TARGET_RUNNING
) {
762 /* read DCC control register */
763 embeddedice_read_reg(dcc_control
);
764 retval
= jtag_execute_queue();
765 if (retval
!= ERROR_OK
)
769 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1) {
772 retval
= embeddedice_receive(jtag_info
, &request
, 1);
773 if (retval
!= ERROR_OK
)
775 retval
= target_request(target
, request
);
776 if (retval
!= ERROR_OK
)
785 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
786 * is manipulated to the right halted state based on its current state. This is
790 * <tr><th > State</th><th > Action</th></tr>
791 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
792 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
793 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
794 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
795 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
798 * If the target does not end up in the halted state, a warning is produced. If
799 * DBGACK is cleared, then the target is expected to either be running or
802 * @param target Pointer to the ARM7/9 target to poll
803 * @return ERROR_OK or an error status if a command fails
805 int arm7_9_poll(struct target
*target
)
808 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
809 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
811 /* read debug status register */
812 embeddedice_read_reg(dbg_stat
);
813 retval
= jtag_execute_queue();
814 if (retval
!= ERROR_OK
)
817 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)) {
818 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
819 if (target
->state
== TARGET_UNKNOWN
) {
820 /* Starting OpenOCD with target in debug-halt */
821 target
->state
= TARGET_RUNNING
;
822 LOG_DEBUG("DBGACK already set during server startup.");
824 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
)) {
825 target
->state
= TARGET_HALTED
;
827 retval
= arm7_9_debug_entry(target
);
828 if (retval
!= ERROR_OK
)
831 if (arm_semihosting(target
, &retval
) != 0)
834 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
835 if (retval
!= ERROR_OK
)
838 if (target
->state
== TARGET_DEBUG_RUNNING
) {
839 target
->state
= TARGET_HALTED
;
840 retval
= arm7_9_debug_entry(target
);
841 if (retval
!= ERROR_OK
)
844 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
845 if (retval
!= ERROR_OK
)
848 if (target
->state
!= TARGET_HALTED
)
850 "DBGACK set, but the target did not end up in the halted state %d",
853 if (target
->state
!= TARGET_DEBUG_RUNNING
)
854 target
->state
= TARGET_RUNNING
;
861 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
862 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
863 * affected) completely stop the JTAG clock while the core is held in reset
864 * (SRST). It isn't possible to program the halt condition once reset is
865 * asserted, hence a hook that allows the target to set up its reset-halt
866 * condition is setup prior to asserting reset.
868 * @param target Pointer to an ARM7/9 target to assert reset on
869 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
871 int arm7_9_assert_reset(struct target
*target
)
873 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
874 enum reset_types jtag_reset_config
= jtag_get_reset_config();
875 bool use_event
= false;
877 /* TODO: apply hw reset signal in not examined state */
878 if (!(target_was_examined(target
))) {
879 LOG_WARNING("Reset is not asserted because the target is not examined.");
880 LOG_WARNING("Use a reset button or power cycle the target.");
881 return ERROR_TARGET_NOT_EXAMINED
;
884 LOG_DEBUG("target->state: %s", target_state_name(target
));
886 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
888 else if (!(jtag_reset_config
& RESET_HAS_SRST
)) {
889 LOG_ERROR("%s: how to reset?", target_name(target
));
893 /* At this point trst has been asserted/deasserted once. We would
894 * like to program EmbeddedICE while SRST is asserted, instead of
895 * depending on SRST to leave that module alone. However, many CPUs
896 * gate the JTAG clock while SRST is asserted; or JTAG may need
897 * clock stability guarantees (adaptive clocking might help).
899 * So we assume JTAG access during SRST is off the menu unless it's
900 * been specifically enabled.
902 bool srst_asserted
= false;
904 if (!use_event
&& !(jtag_reset_config
& RESET_SRST_PULLS_TRST
)
905 && (jtag_reset_config
& RESET_SRST_NO_GATING
)) {
906 jtag_add_reset(0, 1);
907 srst_asserted
= true;
910 if (target
->reset_halt
) {
912 * For targets that don't support communication while SRST is
913 * asserted, we need to set up the reset vector catch first.
915 * When we use TRST+SRST and that's equivalent to a power-up
916 * reset, these settings may well be reset anyway; so setting
917 * them here won't matter.
919 if (arm7_9
->has_vector_catch
) {
920 /* program vector catch register to catch reset */
921 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
923 /* extra runtest added as issues were found with
924 * certain ARM9 cores (maybe more) - AT91SAM9260
927 jtag_add_runtest(1, TAP_IDLE
);
929 /* program watchpoint unit to match on reset vector
932 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
933 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
934 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
935 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
936 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
941 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
943 /* If we use SRST ... we'd like to issue just SRST, but the
944 * board or chip may be set up so we have to assert TRST as
945 * well. On some chips that combination is equivalent to a
946 * power-up reset, and generally clobbers EICE state.
948 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
949 jtag_add_reset(1, 1);
950 else if (!srst_asserted
)
951 jtag_add_reset(0, 1);
952 jtag_add_sleep(50000);
955 target
->state
= TARGET_RESET
;
956 register_cache_invalidate(arm7_9
->arm
.core_cache
);
958 /* REVISIT why isn't standard debug entry logic sufficient?? */
959 if (target
->reset_halt
&& (!(jtag_reset_config
& RESET_SRST_PULLS_TRST
) || use_event
)) {
960 /* debug entry was prepared above */
961 target
->debug_reason
= DBG_REASON_DBGRQ
;
968 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
969 * and the target is being reset into a halt, a warning will be triggered
970 * because it is not possible to reset into a halted mode in this case. The
971 * target is halted using the target's functions.
973 * @param target Pointer to the target to have the reset deasserted
974 * @return ERROR_OK or an error from polling or halting the target
976 int arm7_9_deassert_reset(struct target
*target
)
978 int retval
= ERROR_OK
;
979 LOG_DEBUG("target->state: %s", target_state_name(target
));
981 /* deassert reset lines */
982 jtag_add_reset(0, 0);
984 /* In case polling is disabled, we need to examine the
985 * target and poll here for this target to work correctly.
987 * Otherwise, e.g. halt will fail afterwards with bogus
988 * error messages as halt will believe that reset is
991 retval
= target_examine_one(target
);
992 if (retval
!= ERROR_OK
)
995 retval
= target_poll(target
);
996 if (retval
!= ERROR_OK
)
999 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1000 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0) {
1002 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1003 retval
= target_halt(target
);
1004 if (retval
!= ERROR_OK
)
1011 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1012 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1013 * vector catch was used, it is restored. Otherwise, the control value is
1014 * restored and the watchpoint unit is restored if it was in use.
1016 * @param target Pointer to the ARM7/9 target to have halt cleared
1017 * @return Always ERROR_OK
1019 static int arm7_9_clear_halt(struct target
*target
)
1021 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1022 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1024 /* we used DBGRQ only if we didn't come out of reset */
1025 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
) {
1026 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1028 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1029 embeddedice_store_reg(dbg_ctrl
);
1031 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
) {
1032 /* if we came out of reset, and vector catch is supported, we used
1033 * vector catch to enter debug state
1034 * restore the register in that case
1036 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1038 /* restore registers if watchpoint unit 0 was in use
1040 if (arm7_9
->wp0_used
) {
1041 if (arm7_9
->debug_entry_from_reset
)
1042 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1043 EICE_W0_ADDR_VALUE
]);
1044 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1045 EICE_W0_ADDR_MASK
]);
1046 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1047 EICE_W0_DATA_MASK
]);
1048 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1049 EICE_W0_CONTROL_MASK
]);
1051 /* control value always has to be restored, as it was either disabled,
1052 * or enabled with possibly different bits
1054 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1062 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1063 * and then there is a wait until the processor shows the halt. This wait can
1064 * timeout and results in an error being returned. The software reset involves
1065 * clearing the halt, updating the debug control register, changing to ARM mode,
1066 * reset of the program counter, and reset of all of the registers.
1068 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1069 * @return Error status if any of the commands fail, otherwise ERROR_OK
1071 int arm7_9_soft_reset_halt(struct target
*target
)
1073 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1074 struct arm
*arm
= &arm7_9
->arm
;
1075 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1076 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1080 /* FIX!!! replace some of this code with tcl commands
1082 * halt # the halt command is synchronous
1083 * armv4_5 core_state arm
1087 retval
= target_halt(target
);
1088 if (retval
!= ERROR_OK
)
1091 long long then
= timeval_ms();
1093 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
1094 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1096 embeddedice_read_reg(dbg_stat
);
1097 retval
= jtag_execute_queue();
1098 if (retval
!= ERROR_OK
)
1100 if (debug_level
>= 3)
1106 LOG_ERROR("Failed to halt CPU after 1 sec");
1107 return ERROR_TARGET_TIMEOUT
;
1109 target
->state
= TARGET_HALTED
;
1111 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1112 * ensure that DBGRQ is cleared
1114 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1115 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1116 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1117 embeddedice_store_reg(dbg_ctrl
);
1119 retval
= arm7_9_clear_halt(target
);
1120 if (retval
!= ERROR_OK
)
1123 /* if the target is in Thumb state, change to ARM state */
1124 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1125 uint32_t r0_thumb
, pc_thumb
;
1126 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1127 /* Entered debug from Thumb mode */
1128 arm
->core_state
= ARM_STATE_THUMB
;
1129 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1132 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1134 /* all register content is now invalid */
1135 register_cache_invalidate(arm
->core_cache
);
1137 /* SVC, ARM state, IRQ and FIQ disabled */
1140 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
1143 arm_set_cpsr(arm
, cpsr
);
1144 arm
->cpsr
->dirty
= true;
1146 /* start fetching from 0x0 */
1147 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
1148 arm
->pc
->dirty
= true;
1149 arm
->pc
->valid
= true;
1151 /* reset registers */
1152 for (i
= 0; i
<= 14; i
++) {
1153 struct reg
*r
= arm_reg_current(arm
, i
);
1155 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1160 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1161 if (retval
!= ERROR_OK
)
1168 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1169 * line or by programming a watchpoint to trigger on any address. It is
1170 * considered a bug to call this function while the target is in the
1171 * TARGET_RESET state.
1173 * @param target Pointer to the ARM7/9 target to be halted
1174 * @return Always ERROR_OK
1176 int arm7_9_halt(struct target
*target
)
1178 if (target
->state
== TARGET_RESET
) {
1180 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1184 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1185 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1187 LOG_DEBUG("target->state: %s",
1188 target_state_name(target
));
1190 if (target
->state
== TARGET_HALTED
) {
1191 LOG_DEBUG("target was already halted");
1195 if (target
->state
== TARGET_UNKNOWN
)
1196 LOG_WARNING("target was in unknown state when halt was requested");
1198 if (arm7_9
->use_dbgrq
) {
1199 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1201 if (arm7_9
->set_special_dbgrq
)
1202 arm7_9
->set_special_dbgrq(target
);
1204 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1205 embeddedice_store_reg(dbg_ctrl
);
1208 /* program watchpoint unit to match on any address
1210 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1211 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1212 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1213 EICE_W_CTRL_ENABLE
);
1214 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1215 ~EICE_W_CTRL_nOPC
& 0xff);
1218 target
->debug_reason
= DBG_REASON_DBGRQ
;
1224 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1225 * ARM. The JTAG queue is then executed and the reason for debug entry is
1226 * examined. Once done, the target is verified to be halted and the processor
1227 * is forced into ARM mode. The core registers are saved for the current core
1228 * mode and the program counter (register 15) is updated as needed. The core
1229 * registers and CPSR and SPSR are saved for restoration later.
1231 * @param target Pointer to target that is entering debug mode
1232 * @return Error code if anything fails, otherwise ERROR_OK
1234 static int arm7_9_debug_entry(struct target
*target
)
1237 uint32_t context
[16];
1238 uint32_t *context_p
[16];
1239 uint32_t r0_thumb
, pc_thumb
;
1240 uint32_t cpsr
, cpsr_mask
= 0;
1242 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1243 struct arm
*arm
= &arm7_9
->arm
;
1244 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1245 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1247 #ifdef _DEBUG_ARM7_9_
1251 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1252 * ensure that DBGRQ is cleared
1254 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1255 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1256 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1257 embeddedice_store_reg(dbg_ctrl
);
1259 retval
= arm7_9_clear_halt(target
);
1260 if (retval
!= ERROR_OK
)
1263 retval
= jtag_execute_queue();
1264 if (retval
!= ERROR_OK
)
1267 retval
= arm7_9
->examine_debug_reason(target
);
1268 if (retval
!= ERROR_OK
)
1271 if (target
->state
!= TARGET_HALTED
) {
1272 LOG_WARNING("target not halted");
1273 return ERROR_TARGET_NOT_HALTED
;
1276 /* if the target is in Thumb state, change to ARM state */
1277 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1278 LOG_DEBUG("target entered debug from Thumb state");
1279 /* Entered debug from Thumb mode */
1280 arm
->core_state
= ARM_STATE_THUMB
;
1282 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1283 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1284 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1285 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1286 /* \todo Get some vaguely correct handling of Jazelle, if
1287 * anyone ever uses it and full info becomes available.
1288 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1289 * B.7.3 for the reverse. That'd be the bare minimum...
1291 LOG_DEBUG("target entered debug from Jazelle state");
1292 arm
->core_state
= ARM_STATE_JAZELLE
;
1293 cpsr_mask
= 1 << 24;
1294 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1296 LOG_DEBUG("target entered debug from ARM state");
1297 /* Entered debug from ARM mode */
1298 arm
->core_state
= ARM_STATE_ARM
;
1301 for (i
= 0; i
< 16; i
++)
1302 context_p
[i
] = &context
[i
];
1303 /* save core registers (r0 - r15 of current core mode) */
1304 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1306 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1308 retval
= jtag_execute_queue();
1309 if (retval
!= ERROR_OK
)
1312 /* Sync our CPSR copy with J or T bits EICE reported, but
1313 * which we then erased by putting the core into ARM mode.
1315 arm_set_cpsr(arm
, cpsr
| cpsr_mask
);
1317 if (!is_arm_mode(arm
->core_mode
)) {
1318 target
->state
= TARGET_UNKNOWN
;
1319 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1320 return ERROR_TARGET_FAILURE
;
1323 LOG_DEBUG("target entered debug state in %s mode",
1324 arm_mode_name(arm
->core_mode
));
1326 if (arm
->core_state
== ARM_STATE_THUMB
) {
1327 LOG_DEBUG("thumb state, applying fixups");
1328 context
[0] = r0_thumb
;
1329 context
[15] = pc_thumb
;
1330 } else if (arm
->core_state
== ARM_STATE_ARM
) {
1331 /* adjust value stored by STM */
1332 context
[15] -= 3 * 4;
1335 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1336 context
[15] -= 3 * ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1338 context
[15] -= arm7_9
->dbgreq_adjust_pc
*
1339 ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1341 for (i
= 0; i
<= 15; i
++) {
1342 struct reg
*r
= arm_reg_current(arm
, i
);
1344 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1346 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1347 /* r0 and r15 (pc) have to be restored later */
1348 r
->dirty
= (i
== 0) || (i
== 15);
1352 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1354 /* exceptions other than USR & SYS have a saved program status register */
1357 arm7_9
->read_xpsr(target
, &spsr
, 1);
1358 retval
= jtag_execute_queue();
1359 if (retval
!= ERROR_OK
)
1361 buf_set_u32(arm
->spsr
->value
, 0, 32, spsr
);
1362 arm
->spsr
->dirty
= false;
1363 arm
->spsr
->valid
= true;
1366 retval
= jtag_execute_queue();
1367 if (retval
!= ERROR_OK
)
1370 if (arm7_9
->post_debug_entry
) {
1371 retval
= arm7_9
->post_debug_entry(target
);
1372 if (retval
!= ERROR_OK
)
1380 * Validate the full context for an ARM7/9 target in all processor modes. If
1381 * there are any invalid registers for the target, they will all be read. This
1384 * @param target Pointer to the ARM7/9 target to capture the full context from
1385 * @return Error if the target is not halted, has an invalid core mode, or if
1386 * the JTAG queue fails to execute
1388 static int arm7_9_full_context(struct target
*target
)
1392 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1393 struct arm
*arm
= &arm7_9
->arm
;
1397 if (target
->state
!= TARGET_HALTED
) {
1398 LOG_WARNING("target not halted");
1399 return ERROR_TARGET_NOT_HALTED
;
1402 if (!is_arm_mode(arm
->core_mode
)) {
1403 LOG_ERROR("not a valid arm core mode - communication failure?");
1407 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1408 * SYS shares registers with User, so we don't touch SYS
1410 for (i
= 0; i
< 6; i
++) {
1412 uint32_t *reg_p
[16];
1416 /* check if there are invalid registers in the current mode
1418 for (j
= 0; j
<= 16; j
++) {
1419 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
)
1426 /* change processor mode (and mask T bit) */
1427 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8)
1429 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1431 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1433 for (j
= 0; j
< 15; j
++) {
1434 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1435 armv4_5_number_to_mode(i
), j
).valid
) {
1436 reg_p
[j
] = (uint32_t *)ARMV4_5_CORE_REG_MODE(
1438 armv4_5_number_to_mode(i
),
1441 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1442 armv4_5_number_to_mode(i
),
1444 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1445 armv4_5_number_to_mode(i
),
1450 /* if only the PSR is invalid, mask is all zeroes */
1452 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1454 /* check if the PSR has to be read */
1455 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1457 arm7_9
->read_xpsr(target
,
1458 (uint32_t *)ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1459 armv4_5_number_to_mode(i
), 16).value
, 1);
1460 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1462 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1468 /* restore processor mode (mask T bit) */
1469 arm7_9
->write_xpsr_im8(target
,
1470 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
1472 retval
= jtag_execute_queue();
1473 if (retval
!= ERROR_OK
)
1479 * Restore the processor context on an ARM7/9 target. The full processor
1480 * context is analyzed to see if any of the registers are dirty on this end, but
1481 * have a valid new value. If this is the case, the processor is changed to the
1482 * appropriate mode and the new register values are written out to the
1483 * processor. If there happens to be a dirty register with an invalid value, an
1484 * error will be logged.
1486 * @param target Pointer to the ARM7/9 target to have its context restored
1487 * @return Error status if the target is not halted or the core mode in the
1488 * armv4_5 struct is invalid.
1490 static int arm7_9_restore_context(struct target
*target
)
1492 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1493 struct arm
*arm
= &arm7_9
->arm
;
1495 enum arm_mode current_mode
= arm
->core_mode
;
1502 if (target
->state
!= TARGET_HALTED
) {
1503 LOG_WARNING("target not halted");
1504 return ERROR_TARGET_NOT_HALTED
;
1507 if (arm7_9
->pre_restore_context
)
1508 arm7_9
->pre_restore_context(target
);
1510 if (!is_arm_mode(arm
->core_mode
)) {
1511 LOG_ERROR("not a valid arm core mode - communication failure?");
1515 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1516 * SYS shares registers with User, so we don't touch SYS
1518 for (i
= 0; i
< 6; i
++) {
1519 LOG_DEBUG("examining %s mode",
1520 arm_mode_name(arm
->core_mode
));
1523 /* check if there are dirty registers in the current mode
1525 for (j
= 0; j
<= 16; j
++) {
1526 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
);
1530 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1531 struct arm_reg
*reg_arch_info
;
1532 reg_arch_info
= reg
->arch_info
;
1533 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1534 && (reg_arch_info
->mode
!= current_mode
)
1535 && !((reg_arch_info
->mode
== ARM_MODE_USR
)
1536 && (arm
->core_mode
== ARM_MODE_SYS
))
1537 && !((reg_arch_info
->mode
== ARM_MODE_SYS
)
1538 && (arm
->core_mode
== ARM_MODE_USR
))) {
1540 LOG_DEBUG("require mode change");
1543 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1549 uint32_t mask
= 0x0;
1556 /* change processor mode (mask T bit) */
1557 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
,
1559 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1561 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1562 current_mode
= armv4_5_number_to_mode(i
);
1565 for (j
= 0; j
<= 14; j
++) {
1566 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1567 armv4_5_number_to_mode(i
),
1571 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1576 LOG_DEBUG("writing register %i mode %s "
1577 "with value 0x%8.8" PRIx32
, j
,
1578 arm_mode_name(arm
->core_mode
),
1584 arm7_9
->write_core_regs(target
, mask
, regs
);
1587 &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(
1589 struct arm_reg
*reg_arch_info
;
1590 reg_arch_info
= reg
->arch_info
;
1591 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
)) {
1592 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"",
1594 buf_get_u32(reg
->value
, 0, 32));
1595 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1600 if (!arm
->cpsr
->dirty
&& (arm
->core_mode
!= current_mode
)) {
1601 /* restore processor mode (mask T bit) */
1604 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
1605 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1607 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1608 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1610 } else if (arm
->cpsr
->dirty
) {
1611 /* CPSR has been changed, full restore necessary (mask T bit) */
1612 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1613 buf_get_u32(arm
->cpsr
->value
, 0, 32));
1614 arm7_9
->write_xpsr(target
,
1615 buf_get_u32(arm
->cpsr
->value
, 0, 32)
1617 arm
->cpsr
->dirty
= false;
1618 arm
->cpsr
->valid
= true;
1622 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
,
1623 buf_get_u32(arm
->pc
->value
, 0, 32));
1624 arm7_9
->write_pc(target
, buf_get_u32(arm
->pc
->value
, 0, 32));
1625 arm
->pc
->dirty
= false;
1631 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1632 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1635 * @param target Pointer to the ARM7/9 target to be restarted
1636 * @return Result of executing the JTAG queue
1638 static int arm7_9_restart_core(struct target
*target
)
1640 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1641 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1644 /* set RESTART instruction */
1645 if (arm7_9
->need_bypass_before_restart
) {
1646 arm7_9
->need_bypass_before_restart
= 0;
1648 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
1649 if (retval
!= ERROR_OK
)
1652 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
1653 if (retval
!= ERROR_OK
)
1656 jtag_add_runtest(1, TAP_IDLE
);
1657 return jtag_execute_queue();
1661 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1662 * iterated through and are set on the target if they aren't already set.
1664 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1666 static void arm7_9_enable_watchpoints(struct target
*target
)
1668 struct watchpoint
*watchpoint
= target
->watchpoints
;
1670 while (watchpoint
) {
1671 if (watchpoint
->set
== 0)
1672 arm7_9_set_watchpoint(target
, watchpoint
);
1673 watchpoint
= watchpoint
->next
;
1678 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1679 * iterated through and are set on the target.
1681 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1683 static void arm7_9_enable_breakpoints(struct target
*target
)
1685 struct breakpoint
*breakpoint
= target
->breakpoints
;
1687 /* set any pending breakpoints */
1688 while (breakpoint
) {
1689 arm7_9_set_breakpoint(target
, breakpoint
);
1690 breakpoint
= breakpoint
->next
;
1694 int arm7_9_resume(struct target
*target
,
1696 target_addr_t address
,
1697 int handle_breakpoints
,
1698 int debug_execution
)
1700 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1701 struct arm
*arm
= &arm7_9
->arm
;
1702 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1703 int err
, retval
= ERROR_OK
;
1707 if (target
->state
!= TARGET_HALTED
) {
1708 LOG_WARNING("target not halted");
1709 return ERROR_TARGET_NOT_HALTED
;
1712 if (!debug_execution
)
1713 target_free_all_working_areas(target
);
1715 /* current = 1: continue on current pc, otherwise continue at <address> */
1717 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1719 uint32_t current_pc
;
1720 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1722 /* the front-end may request us not to handle breakpoints */
1723 if (handle_breakpoints
) {
1724 struct breakpoint
*breakpoint
;
1725 breakpoint
= breakpoint_find(target
,
1726 buf_get_u32(arm
->pc
->value
, 0, 32));
1727 if (breakpoint
!= NULL
) {
1728 LOG_DEBUG("unset breakpoint at 0x%8.8" TARGET_PRIxADDR
" (id: %" PRId32
,
1729 breakpoint
->address
,
1730 breakpoint
->unique_id
);
1731 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1732 if (retval
!= ERROR_OK
)
1735 /* calculate PC of next instruction */
1737 retval
= arm_simulate_step(target
, &next_pc
);
1738 if (retval
!= ERROR_OK
) {
1739 uint32_t current_opcode
;
1740 target_read_u32(target
, current_pc
, ¤t_opcode
);
1742 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1747 LOG_DEBUG("enable single-step");
1748 arm7_9
->enable_single_step(target
, next_pc
);
1750 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1752 retval
= arm7_9_restore_context(target
);
1753 if (retval
!= ERROR_OK
)
1756 if (arm
->core_state
== ARM_STATE_ARM
)
1757 arm7_9
->branch_resume(target
);
1758 else if (arm
->core_state
== ARM_STATE_THUMB
)
1759 arm7_9
->branch_resume_thumb(target
);
1761 LOG_ERROR("unhandled core state");
1765 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1766 embeddedice_write_reg(dbg_ctrl
,
1767 buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1768 err
= arm7_9_execute_sys_speed(target
);
1770 LOG_DEBUG("disable single-step");
1771 arm7_9
->disable_single_step(target
);
1773 if (err
!= ERROR_OK
) {
1774 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1775 if (retval
!= ERROR_OK
)
1777 target
->state
= TARGET_UNKNOWN
;
1781 retval
= arm7_9_debug_entry(target
);
1782 if (retval
!= ERROR_OK
)
1784 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
,
1785 buf_get_u32(arm
->pc
->value
, 0, 32));
1787 LOG_DEBUG("set breakpoint at 0x%8.8" TARGET_PRIxADDR
"", breakpoint
->address
);
1788 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1789 if (retval
!= ERROR_OK
)
1794 /* enable any pending breakpoints and watchpoints */
1795 arm7_9_enable_breakpoints(target
);
1796 arm7_9_enable_watchpoints(target
);
1798 retval
= arm7_9_restore_context(target
);
1799 if (retval
!= ERROR_OK
)
1802 if (arm
->core_state
== ARM_STATE_ARM
)
1803 arm7_9
->branch_resume(target
);
1804 else if (arm
->core_state
== ARM_STATE_THUMB
)
1805 arm7_9
->branch_resume_thumb(target
);
1807 LOG_ERROR("unhandled core state");
1811 /* deassert DBGACK and INTDIS */
1812 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1813 /* INTDIS only when we really resume, not during debug execution */
1814 if (!debug_execution
)
1815 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1816 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1818 retval
= arm7_9_restart_core(target
);
1819 if (retval
!= ERROR_OK
)
1822 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1824 if (!debug_execution
) {
1825 /* registers are now invalid */
1826 register_cache_invalidate(arm
->core_cache
);
1827 target
->state
= TARGET_RUNNING
;
1828 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1829 if (retval
!= ERROR_OK
)
1832 target
->state
= TARGET_DEBUG_RUNNING
;
1833 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1834 if (retval
!= ERROR_OK
)
1838 LOG_DEBUG("target resumed");
1843 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1845 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1846 struct arm
*arm
= &arm7_9
->arm
;
1847 uint32_t current_pc
;
1848 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1850 if (next_pc
!= current_pc
) {
1851 /* setup an inverse breakpoint on the current PC
1852 * - comparator 1 matches the current address
1853 * - rangeout from comparator 1 is connected to comparator 0 rangein
1854 * - comparator 0 matches any address, as long as rangein is low */
1855 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1856 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1857 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1858 EICE_W_CTRL_ENABLE
);
1859 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1860 ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1861 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
1863 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1864 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1865 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1866 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1867 ~EICE_W_CTRL_nOPC
& 0xff);
1869 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1870 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1871 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1872 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1873 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1874 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1875 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1876 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
1877 EICE_W_CTRL_ENABLE
);
1878 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1879 ~EICE_W_CTRL_nOPC
& 0xff);
1883 void arm7_9_disable_eice_step(struct target
*target
)
1885 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1887 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1888 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1889 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1890 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1891 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1892 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1893 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1894 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1895 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1898 int arm7_9_step(struct target
*target
, int current
, target_addr_t address
, int handle_breakpoints
)
1900 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1901 struct arm
*arm
= &arm7_9
->arm
;
1902 struct breakpoint
*breakpoint
= NULL
;
1905 if (target
->state
!= TARGET_HALTED
) {
1906 LOG_WARNING("target not halted");
1907 return ERROR_TARGET_NOT_HALTED
;
1910 /* current = 1: continue on current pc, otherwise continue at <address> */
1912 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1914 uint32_t current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1916 /* the front-end may request us not to handle breakpoints */
1917 if (handle_breakpoints
)
1918 breakpoint
= breakpoint_find(target
, current_pc
);
1919 if (breakpoint
!= NULL
) {
1920 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1921 if (retval
!= ERROR_OK
)
1925 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1927 /* calculate PC of next instruction */
1929 retval
= arm_simulate_step(target
, &next_pc
);
1930 if (retval
!= ERROR_OK
) {
1931 uint32_t current_opcode
;
1932 target_read_u32(target
, current_pc
, ¤t_opcode
);
1934 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1939 retval
= arm7_9_restore_context(target
);
1940 if (retval
!= ERROR_OK
)
1943 arm7_9
->enable_single_step(target
, next_pc
);
1945 if (arm
->core_state
== ARM_STATE_ARM
)
1946 arm7_9
->branch_resume(target
);
1947 else if (arm
->core_state
== ARM_STATE_THUMB
)
1948 arm7_9
->branch_resume_thumb(target
);
1950 LOG_ERROR("unhandled core state");
1954 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1955 if (retval
!= ERROR_OK
)
1958 err
= arm7_9_execute_sys_speed(target
);
1959 arm7_9
->disable_single_step(target
);
1961 /* registers are now invalid */
1962 register_cache_invalidate(arm
->core_cache
);
1964 if (err
!= ERROR_OK
)
1965 target
->state
= TARGET_UNKNOWN
;
1967 retval
= arm7_9_debug_entry(target
);
1968 if (retval
!= ERROR_OK
)
1970 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1971 if (retval
!= ERROR_OK
)
1973 LOG_DEBUG("target stepped");
1977 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1978 if (retval
!= ERROR_OK
)
1985 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
1986 int num
, enum arm_mode mode
)
1988 uint32_t *reg_p
[16];
1990 struct arm_reg
*areg
= r
->arch_info
;
1991 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1992 struct arm
*arm
= &arm7_9
->arm
;
1994 if (!is_arm_mode(arm
->core_mode
))
1996 if ((num
< 0) || (num
> 16))
1997 return ERROR_COMMAND_SYNTAX_ERROR
;
1999 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2000 && (areg
->mode
!= ARM_MODE_ANY
)) {
2003 /* change processor mode (mask T bit) */
2004 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2007 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2011 if ((num
>= 0) && (num
<= 15)) {
2012 /* read a normal core register */
2013 reg_p
[num
] = &value
;
2015 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2017 /* read a program status register
2018 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2020 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2023 retval
= jtag_execute_queue();
2024 if (retval
!= ERROR_OK
)
2029 buf_set_u32(r
->value
, 0, 32, value
);
2031 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2032 && (areg
->mode
!= ARM_MODE_ANY
)) {
2033 /* restore processor mode (mask T bit) */
2034 arm7_9
->write_xpsr_im8(target
,
2035 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2041 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2042 int num
, enum arm_mode mode
, uint8_t *value
)
2045 struct arm_reg
*areg
= r
->arch_info
;
2046 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2047 struct arm
*arm
= &arm7_9
->arm
;
2049 if (!is_arm_mode(arm
->core_mode
))
2051 if ((num
< 0) || (num
> 16))
2052 return ERROR_COMMAND_SYNTAX_ERROR
;
2054 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2055 && (areg
->mode
!= ARM_MODE_ANY
)) {
2058 /* change processor mode (mask T bit) */
2059 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2062 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2065 if ((num
>= 0) && (num
<= 15)) {
2066 /* write a normal core register */
2067 reg
[num
] = buf_get_u32(value
, 0, 32);
2069 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2071 /* write a program status register
2072 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2074 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2076 uint32_t t
= buf_get_u32(value
, 0, 32);
2077 /* if we're writing the CPSR, mask the T bit */
2081 arm7_9
->write_xpsr(target
, t
, spsr
);
2087 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2088 && (areg
->mode
!= ARM_MODE_ANY
)) {
2089 /* restore processor mode (mask T bit) */
2090 arm7_9
->write_xpsr_im8(target
,
2091 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2094 return jtag_execute_queue();
2097 int arm7_9_read_memory(struct target
*target
,
2098 target_addr_t address
,
2103 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2104 struct arm
*arm
= &arm7_9
->arm
;
2106 uint32_t num_accesses
= 0;
2107 int thisrun_accesses
;
2113 LOG_DEBUG("address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"",
2114 address
, size
, count
);
2116 if (target
->state
!= TARGET_HALTED
) {
2117 LOG_WARNING("target not halted");
2118 return ERROR_TARGET_NOT_HALTED
;
2121 /* sanitize arguments */
2122 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2123 return ERROR_COMMAND_SYNTAX_ERROR
;
2125 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2126 return ERROR_TARGET_UNALIGNED_ACCESS
;
2128 /* load the base register with the address of the first word */
2130 arm7_9
->write_core_regs(target
, 0x1, reg
);
2136 while (num_accesses
< count
) {
2139 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2140 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2142 if (last_reg
<= thisrun_accesses
)
2143 last_reg
= thisrun_accesses
;
2145 arm7_9
->load_word_regs(target
, reg_list
);
2147 /* fast memory reads are only safe when the target is running
2148 * from a sufficiently high clock (32 kHz is usually too slow)
2150 if (arm7_9
->fast_memory_access
)
2151 retval
= arm7_9_execute_fast_sys_speed(target
);
2153 retval
= arm7_9_execute_sys_speed(target
);
2154 if (retval
!= ERROR_OK
)
2157 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2159 /* advance buffer, count number of accesses */
2160 buffer
+= thisrun_accesses
* 4;
2161 num_accesses
+= thisrun_accesses
;
2163 if ((j
++%1024) == 0)
2168 while (num_accesses
< count
) {
2171 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2172 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2174 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2177 arm7_9
->load_hword_reg(target
, i
);
2178 /* fast memory reads are only safe when the target is running
2179 * from a sufficiently high clock (32 kHz is usually too slow)
2181 if (arm7_9
->fast_memory_access
)
2182 retval
= arm7_9_execute_fast_sys_speed(target
);
2184 retval
= arm7_9_execute_sys_speed(target
);
2185 if (retval
!= ERROR_OK
)
2190 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2192 /* advance buffer, count number of accesses */
2193 buffer
+= thisrun_accesses
* 2;
2194 num_accesses
+= thisrun_accesses
;
2196 if ((j
++%1024) == 0)
2201 while (num_accesses
< count
) {
2204 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2205 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2207 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2210 arm7_9
->load_byte_reg(target
, i
);
2211 /* fast memory reads are only safe when the target is running
2212 * from a sufficiently high clock (32 kHz is usually too slow)
2214 if (arm7_9
->fast_memory_access
)
2215 retval
= arm7_9_execute_fast_sys_speed(target
);
2217 retval
= arm7_9_execute_sys_speed(target
);
2218 if (retval
!= ERROR_OK
)
2222 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2224 /* advance buffer, count number of accesses */
2225 buffer
+= thisrun_accesses
* 1;
2226 num_accesses
+= thisrun_accesses
;
2228 if ((j
++%1024) == 0)
2234 if (!is_arm_mode(arm
->core_mode
))
2237 for (i
= 0; i
<= last_reg
; i
++) {
2238 struct reg
*r
= arm_reg_current(arm
, i
);
2239 r
->dirty
= r
->valid
;
2242 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2243 retval
= jtag_execute_queue();
2244 if (retval
!= ERROR_OK
) {
2245 LOG_ERROR("JTAG error while reading cpsr");
2246 return ERROR_TARGET_DATA_ABORT
;
2249 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2251 "memory read caused data abort "
2252 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2257 arm7_9
->write_xpsr_im8(target
,
2258 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2261 return ERROR_TARGET_DATA_ABORT
;
2267 int arm7_9_write_memory(struct target
*target
,
2268 target_addr_t address
,
2271 const uint8_t *buffer
)
2273 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2274 struct arm
*arm
= &arm7_9
->arm
;
2275 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2278 uint32_t num_accesses
= 0;
2279 int thisrun_accesses
;
2285 #ifdef _DEBUG_ARM7_9_
2286 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2289 if (target
->state
!= TARGET_HALTED
) {
2290 LOG_WARNING("target not halted");
2291 return ERROR_TARGET_NOT_HALTED
;
2294 /* sanitize arguments */
2295 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2296 return ERROR_COMMAND_SYNTAX_ERROR
;
2298 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2299 return ERROR_TARGET_UNALIGNED_ACCESS
;
2301 /* load the base register with the address of the first word */
2303 arm7_9
->write_core_regs(target
, 0x1, reg
);
2305 /* Clear DBGACK, to make sure memory fetches work as expected */
2306 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2307 embeddedice_store_reg(dbg_ctrl
);
2311 while (num_accesses
< count
) {
2314 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2315 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2317 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2320 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2324 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2326 arm7_9
->store_word_regs(target
, reg_list
);
2328 /* fast memory writes are only safe when the target is running
2329 * from a sufficiently high clock (32 kHz is usually too slow)
2331 if (arm7_9
->fast_memory_access
)
2332 retval
= arm7_9_execute_fast_sys_speed(target
);
2334 retval
= arm7_9_execute_sys_speed(target
);
2337 * if memory writes are made when the clock is running slow
2338 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2339 * processor operations after a "reset halt" or "reset init",
2340 * need to immediately stroke the keep alive or will end up with
2341 * gdb "keep alive not sent error message" problem.
2347 if (retval
!= ERROR_OK
)
2350 num_accesses
+= thisrun_accesses
;
2354 while (num_accesses
< count
) {
2357 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2358 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2360 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2363 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2367 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2369 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2370 arm7_9
->store_hword_reg(target
, i
);
2372 /* fast memory writes are only safe when the target is running
2373 * from a sufficiently high clock (32 kHz is usually too slow)
2375 if (arm7_9
->fast_memory_access
)
2376 retval
= arm7_9_execute_fast_sys_speed(target
);
2378 retval
= arm7_9_execute_sys_speed(target
);
2381 * if memory writes are made when the clock is running slow
2382 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2383 * processor operations after a "reset halt" or "reset init",
2384 * need to immediately stroke the keep alive or will end up with
2385 * gdb "keep alive not sent error message" problem.
2391 if (retval
!= ERROR_OK
)
2395 num_accesses
+= thisrun_accesses
;
2399 while (num_accesses
< count
) {
2402 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2403 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2405 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2408 reg
[i
] = *buffer
++ & 0xff;
2411 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2413 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2414 arm7_9
->store_byte_reg(target
, i
);
2415 /* fast memory writes are only safe when the target is running
2416 * from a sufficiently high clock (32 kHz is usually too slow)
2418 if (arm7_9
->fast_memory_access
)
2419 retval
= arm7_9_execute_fast_sys_speed(target
);
2421 retval
= arm7_9_execute_sys_speed(target
);
2424 * if memory writes are made when the clock is running slow
2425 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2426 * processor operations after a "reset halt" or "reset init",
2427 * need to immediately stroke the keep alive or will end up with
2428 * gdb "keep alive not sent error message" problem.
2434 if (retval
!= ERROR_OK
)
2439 num_accesses
+= thisrun_accesses
;
2445 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2446 embeddedice_store_reg(dbg_ctrl
);
2448 if (!is_arm_mode(arm
->core_mode
))
2451 for (i
= 0; i
<= last_reg
; i
++) {
2452 struct reg
*r
= arm_reg_current(arm
, i
);
2453 r
->dirty
= r
->valid
;
2456 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2457 retval
= jtag_execute_queue();
2458 if (retval
!= ERROR_OK
) {
2459 LOG_ERROR("JTAG error while reading cpsr");
2460 return ERROR_TARGET_DATA_ABORT
;
2463 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2465 "memory write caused data abort "
2466 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2471 arm7_9
->write_xpsr_im8(target
,
2472 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2475 return ERROR_TARGET_DATA_ABORT
;
2481 int arm7_9_write_memory_opt(struct target
*target
,
2482 target_addr_t address
,
2485 const uint8_t *buffer
)
2487 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2490 if (size
== 4 && count
> 32 && arm7_9
->bulk_write_memory
) {
2491 /* Attempt to do a bulk write */
2492 retval
= arm7_9
->bulk_write_memory(target
, address
, count
, buffer
);
2494 if (retval
== ERROR_OK
)
2498 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2501 int arm7_9_write_memory_no_opt(struct target
*target
,
2505 const uint8_t *buffer
)
2507 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2509 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2512 static int dcc_count
;
2513 static const uint8_t *dcc_buffer
;
2515 static int arm7_9_dcc_completion(struct target
*target
,
2516 uint32_t exit_point
,
2520 int retval
= ERROR_OK
;
2521 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2523 retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500);
2524 if (retval
!= ERROR_OK
)
2527 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2528 int count
= dcc_count
;
2529 const uint8_t *buffer
= dcc_buffer
;
2531 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2532 * core function repeated. */
2533 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2534 fast_target_buffer_get_u32(buffer
, little
));
2537 struct embeddedice_reg
*ice_reg
=
2538 arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2539 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2540 struct jtag_tap
*tap
;
2541 tap
= ice_reg
->jtag_info
->tap
;
2543 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2544 buffer
+= (count
-2)*4;
2546 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2547 fast_target_buffer_get_u32(buffer
, little
));
2550 for (i
= 0; i
< count
; i
++) {
2551 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2552 fast_target_buffer_get_u32(buffer
, little
));
2557 retval
= target_halt(target
);
2558 if (retval
!= ERROR_OK
)
2560 return target_wait_state(target
, TARGET_HALTED
, 500);
2563 static const uint32_t dcc_code
[] = {
2564 /* r0 == input, points to memory buffer
2568 /* spin until DCC control (c0) reports data arrived */
2569 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2570 0xe3110001, /* tst r1, #1 */
2571 0x0afffffc, /* bne w */
2573 /* read word from DCC (c1), write to memory */
2574 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2575 0xe4801004, /* str r1, [r0], #4 */
2578 0xeafffff9 /* b w */
2581 int arm7_9_bulk_write_memory(struct target
*target
,
2582 target_addr_t address
,
2584 const uint8_t *buffer
)
2587 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2589 if (address
% 4 != 0)
2590 return ERROR_TARGET_UNALIGNED_ACCESS
;
2592 if (!arm7_9
->dcc_downloads
)
2593 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2595 /* regrab previously allocated working_area, or allocate a new one */
2596 if (!arm7_9
->dcc_working_area
) {
2597 uint8_t dcc_code_buf
[6 * 4];
2599 /* make sure we have a working area */
2600 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
) {
2601 LOG_INFO("no working area available, falling back to memory writes");
2602 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2605 /* copy target instructions to target endianness */
2606 target_buffer_set_u32_array(target
, dcc_code_buf
, ARRAY_SIZE(dcc_code
), dcc_code
);
2608 /* write DCC code to working area, using the non-optimized
2609 * memory write to avoid ending up here again */
2610 retval
= arm7_9_write_memory_no_opt(target
,
2611 arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
);
2612 if (retval
!= ERROR_OK
)
2616 struct arm_algorithm arm_algo
;
2617 struct reg_param reg_params
[1];
2619 arm_algo
.common_magic
= ARM_COMMON_MAGIC
;
2620 arm_algo
.core_mode
= ARM_MODE_SVC
;
2621 arm_algo
.core_state
= ARM_STATE_ARM
;
2623 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2625 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2628 dcc_buffer
= buffer
;
2629 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2630 arm7_9
->dcc_working_area
->address
,
2631 arm7_9
->dcc_working_area
->address
+ 6*4,
2632 20*1000, &arm_algo
, arm7_9_dcc_completion
);
2634 if (retval
== ERROR_OK
) {
2635 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2636 if (endaddress
!= (address
+ count
*4)) {
2638 "DCC write failed, expected end address 0x%08" TARGET_PRIxADDR
" got 0x%0" PRIx32
"",
2639 (address
+ count
*4),
2641 retval
= ERROR_FAIL
;
2645 destroy_reg_param(®_params
[0]);
2651 * Perform per-target setup that requires JTAG access.
2653 int arm7_9_examine(struct target
*target
)
2655 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2658 if (!target_was_examined(target
)) {
2659 struct reg_cache
*t
, **cache_p
;
2661 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2665 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2667 arm7_9
->eice_cache
= (*cache_p
);
2669 if (arm7_9
->arm
.etm
)
2670 (*cache_p
)->next
= etm_build_reg_cache(target
,
2674 target_set_examined(target
);
2677 retval
= embeddedice_setup(target
);
2678 if (retval
== ERROR_OK
)
2679 retval
= arm7_9_setup(target
);
2680 if (retval
== ERROR_OK
&& arm7_9
->arm
.etm
)
2681 retval
= etm_setup(target
);
2686 int arm7_9_check_reset(struct target
*target
)
2688 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2690 if (get_target_reset_nag() && !arm7_9
->dcc_downloads
)
2692 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2694 if (get_target_reset_nag() && (target
->working_area_size
== 0))
2695 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2697 if (get_target_reset_nag() && !arm7_9
->fast_memory_access
)
2699 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2704 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in
,
2705 jtag_callback_data_t i_size
, jtag_callback_data_t i_be
,
2706 jtag_callback_data_t i_flip
)
2708 uint8_t *in
= (uint8_t *)pu8_in
;
2709 int size
= (int)i_size
;
2711 int flip
= (int)i_flip
;
2716 readback
= le_to_h_u32(in
);
2718 readback
= flip_u32(readback
, 32);
2720 h_u32_to_be(in
, readback
);
2722 h_u32_to_le(in
, readback
);
2725 readback
= le_to_h_u16(in
);
2727 readback
= flip_u32(readback
, 16);
2729 h_u16_to_be(in
, readback
& 0xffff);
2731 h_u16_to_le(in
, readback
& 0xffff);
2736 readback
= flip_u32(readback
, 8);
2737 *in
= readback
& 0xff;
2744 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2746 struct target
*target
= get_current_target(CMD_CTX
);
2747 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2749 if (!is_arm7_9(arm7_9
)) {
2750 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2751 return ERROR_TARGET_INVALID
;
2755 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->use_dbgrq
);
2758 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2759 (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2764 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2766 struct target
*target
= get_current_target(CMD_CTX
);
2767 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2769 if (!is_arm7_9(arm7_9
)) {
2770 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2771 return ERROR_TARGET_INVALID
;
2775 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2778 "fast memory access is %s",
2779 (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2784 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2786 struct target
*target
= get_current_target(CMD_CTX
);
2787 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2789 if (!is_arm7_9(arm7_9
)) {
2790 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2791 return ERROR_TARGET_INVALID
;
2795 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2798 "dcc downloads are %s",
2799 (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2804 static int arm7_9_setup_semihosting(struct target
*target
, int enable
)
2806 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2808 if (!is_arm7_9(arm7_9
)) {
2809 LOG_USER("current target isn't an ARM7/ARM9 target");
2810 return ERROR_TARGET_INVALID
;
2813 if (arm7_9
->has_vector_catch
) {
2814 struct reg
*vector_catch
= &arm7_9
->eice_cache
2815 ->reg_list
[EICE_VEC_CATCH
];
2817 if (!vector_catch
->valid
)
2818 embeddedice_read_reg(vector_catch
);
2819 buf_set_u32(vector_catch
->value
, 2, 1, enable
);
2820 embeddedice_store_reg(vector_catch
);
2822 /* TODO: allow optional high vectors and/or BKPT_HARD */
2824 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2826 breakpoint_remove(target
, 8);
2832 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2834 int retval
= ERROR_OK
;
2835 struct arm
*arm
= &arm7_9
->arm
;
2837 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2839 retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
);
2840 if (retval
!= ERROR_OK
)
2843 /* caller must have allocated via calloc(), so everything's zeroed */
2845 arm7_9
->wp_available_max
= 2;
2847 arm7_9
->fast_memory_access
= false;
2848 arm7_9
->dcc_downloads
= false;
2850 arm
->arch_info
= arm7_9
;
2851 arm
->core_type
= ARM_CORE_TYPE_STD
;
2852 arm
->read_core_reg
= arm7_9_read_core_reg
;
2853 arm
->write_core_reg
= arm7_9_write_core_reg
;
2854 arm
->full_context
= arm7_9_full_context
;
2855 arm
->setup_semihosting
= arm7_9_setup_semihosting
;
2857 retval
= arm_init_arch_info(target
, arm
);
2858 if (retval
!= ERROR_OK
)
2861 return target_register_timer_callback(arm7_9_handle_target_request
,
2862 1, TARGET_TIMER_TYPE_PERIODIC
, target
);
2865 static const struct command_registration arm7_9_any_command_handlers
[] = {
2868 .handler
= handle_arm7_9_dbgrq_command
,
2869 .mode
= COMMAND_ANY
,
2870 .usage
= "['enable'|'disable']",
2871 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2872 "for target halt requests",
2875 .name
= "fast_memory_access",
2876 .handler
= handle_arm7_9_fast_memory_access_command
,
2877 .mode
= COMMAND_ANY
,
2878 .usage
= "['enable'|'disable']",
2879 .help
= "use fast memory accesses instead of slower "
2880 "but potentially safer accesses",
2883 .name
= "dcc_downloads",
2884 .handler
= handle_arm7_9_dcc_downloads_command
,
2885 .mode
= COMMAND_ANY
,
2886 .usage
= "['enable'|'disable']",
2887 .help
= "use DCC downloads for larger memory writes",
2889 COMMAND_REGISTRATION_DONE
2891 const struct command_registration arm7_9_command_handlers
[] = {
2893 .chain
= arm_command_handlers
,
2896 .chain
= etm_command_handlers
,
2900 .mode
= COMMAND_ANY
,
2901 .help
= "arm7/9 specific commands",
2903 .chain
= arm7_9_any_command_handlers
,
2905 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)