1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
40 int arm7_9_debug_entry(target_t
*target
);
41 int arm7_9_enable_sw_bkpts(struct target_s
*target
);
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
48 int handle_arm7_9_dbgrq_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
51 int handle_arm7_9_etm_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
);
54 * Clear watchpoints for an ARM7/9 target.
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
59 static int arm7_9_clear_watchpoints(arm7_9_common_t
*arm7_9
)
61 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
62 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
63 arm7_9
->sw_breakpoints_added
= 0;
65 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
66 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
68 return jtag_execute_queue();
72 * Assign a watchpoint to one of the two available hardware comparators in an
73 * ARM7 or ARM9 target.
75 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
76 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 static void arm7_9_assign_wp(arm7_9_common_t
*arm7_9
, breakpoint_t
*breakpoint
)
80 if (!arm7_9
->wp0_used
)
84 arm7_9
->wp_available
--;
86 else if (!arm7_9
->wp1_used
)
90 arm7_9
->wp_available
--;
94 LOG_ERROR("BUG: no hardware comparator available");
99 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
101 * @param arm7_9 Pointer to common struct for ARM7/9 targets
102 * @return Error codes if there is a problem finding a watchpoint or the result
103 * of executing the JTAG queue
105 static int arm7_9_set_software_breakpoints(arm7_9_common_t
*arm7_9
)
107 if (arm7_9
->sw_breakpoints_added
)
111 if (arm7_9
->wp_available
< 1)
113 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
114 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
116 arm7_9
->wp_available
--;
118 /* pick a breakpoint unit */
119 if (!arm7_9
->wp0_used
)
121 arm7_9
->sw_breakpoints_added
=1;
122 arm7_9
->wp0_used
= 3;
123 } else if (!arm7_9
->wp1_used
)
125 arm7_9
->sw_breakpoints_added
=2;
126 arm7_9
->wp1_used
= 3;
130 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
134 if (arm7_9
->sw_breakpoints_added
==1)
136 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
137 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
138 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
139 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
140 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
142 else if (arm7_9
->sw_breakpoints_added
==2)
144 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
145 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
146 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
147 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
148 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
152 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
156 return jtag_execute_queue();
160 * Setup the common pieces for an ARM7/9 target after reset or on startup.
162 * @param target Pointer to an ARM7/9 target to setup
163 * @return Result of clearing the watchpoints on the target
165 int arm7_9_setup(target_t
*target
)
167 armv4_5_common_t
*armv4_5
= target
->arch_info
;
168 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
170 return arm7_9_clear_watchpoints(arm7_9
);
174 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
175 * targets. A return of ERROR_OK signifies that the target is a valid target
176 * and that the pointers have been set properly.
178 * @param target Pointer to the target device to get the pointers from
179 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
181 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
183 * @return ERROR_OK if successful
185 int arm7_9_get_arch_pointers(target_t
*target
, armv4_5_common_t
**armv4_5_p
, arm7_9_common_t
**arm7_9_p
)
187 armv4_5_common_t
*armv4_5
= target
->arch_info
;
188 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
190 if (armv4_5
->common_magic
!= ARMV4_5_COMMON_MAGIC
)
195 if (arm7_9
->common_magic
!= ARM7_9_COMMON_MAGIC
)
200 *armv4_5_p
= armv4_5
;
207 * Set either a hardware or software breakpoint on an ARM7/9 target. The
208 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
209 * might have erased the values in Embedded ICE.
211 * @param target Pointer to the target device to set the breakpoints on
212 * @param breakpoint Pointer to the breakpoint to be set
213 * @return For hardware breakpoints, this is the result of executing the JTAG
214 * queue. For software breakpoints, this will be the status of the
215 * required memory reads and writes
217 int arm7_9_set_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
219 armv4_5_common_t
*armv4_5
= target
->arch_info
;
220 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
223 if (target
->state
!= TARGET_HALTED
)
225 LOG_WARNING("target not halted");
226 return ERROR_TARGET_NOT_HALTED
;
229 if (breakpoint
->type
== BKPT_HARD
)
231 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
232 u32 mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
234 /* reassign a hw breakpoint */
235 if (breakpoint
->set
==0)
237 arm7_9_assign_wp(arm7_9
, breakpoint
);
240 if (breakpoint
->set
==1)
242 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
243 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
244 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
245 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
246 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
248 else if (breakpoint
->set
==2)
250 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
251 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
252 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
253 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
254 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
258 LOG_ERROR("BUG: no hardware comparator available");
262 retval
=jtag_execute_queue();
264 else if (breakpoint
->type
== BKPT_SOFT
)
266 if ((retval
=arm7_9_set_software_breakpoints(arm7_9
))!=ERROR_OK
)
269 /* did we already set this breakpoint? */
273 if (breakpoint
->length
== 4)
275 u32 verify
= 0xffffffff;
276 /* keep the original instruction in target endianness */
277 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
281 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
282 if ((retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
)) != ERROR_OK
)
287 if ((retval
= target_read_u32(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
291 if (verify
!= arm7_9
->arm_bkpt
)
293 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint
->address
);
300 /* keep the original instruction in target endianness */
301 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
305 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
306 if ((retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
)) != ERROR_OK
)
311 if ((retval
= target_read_u16(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
315 if (verify
!= arm7_9
->thumb_bkpt
)
317 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint
->address
);
328 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
329 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
330 * will be updated. Otherwise, the software breakpoint will be restored to its
331 * original instruction if it hasn't already been modified.
333 * @param target Pointer to ARM7/9 target to unset the breakpoint from
334 * @param breakpoint Pointer to breakpoint to be unset
335 * @return For hardware breakpoints, this is the result of executing the JTAG
336 * queue. For software breakpoints, this will be the status of the
337 * required memory reads and writes
339 int arm7_9_unset_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
341 int retval
= ERROR_OK
;
343 armv4_5_common_t
*armv4_5
= target
->arch_info
;
344 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
346 if (!breakpoint
->set
)
348 LOG_WARNING("breakpoint not set");
352 if (breakpoint
->type
== BKPT_HARD
)
354 if (breakpoint
->set
== 1)
356 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
357 arm7_9
->wp0_used
= 0;
358 arm7_9
->wp_available
++;
360 else if (breakpoint
->set
== 2)
362 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
363 arm7_9
->wp1_used
= 0;
364 arm7_9
->wp_available
++;
366 retval
= jtag_execute_queue();
371 /* restore original instruction (kept in target endianness) */
372 if (breakpoint
->length
== 4)
375 /* check that user program as not modified breakpoint instruction */
376 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, (u8
*)¤t_instr
)) != ERROR_OK
)
380 if (current_instr
==arm7_9
->arm_bkpt
)
381 if ((retval
= target_write_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
389 /* check that user program as not modified breakpoint instruction */
390 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, (u8
*)¤t_instr
)) != ERROR_OK
)
394 if (current_instr
==arm7_9
->thumb_bkpt
)
395 if ((retval
= target_write_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
407 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
408 * dangling breakpoints and that the desired breakpoint can be added.
410 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
411 * @param breakpoint Pointer to the breakpoint to be added
412 * @return An error status if there is a problem adding the breakpoint or the
413 * result of setting the breakpoint
415 int arm7_9_add_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
417 armv4_5_common_t
*armv4_5
= target
->arch_info
;
418 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
420 if (target
->state
!= TARGET_HALTED
)
422 LOG_WARNING("target not halted");
423 return ERROR_TARGET_NOT_HALTED
;
426 if (arm7_9
->breakpoint_count
==0)
428 /* make sure we don't have any dangling breakpoints. This is vital upon
429 * GDB connect/disconnect
431 arm7_9_clear_watchpoints(arm7_9
);
434 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1))
436 LOG_INFO("no watchpoint unit available for hardware breakpoint");
437 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
440 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4))
442 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
443 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
446 if (breakpoint
->type
== BKPT_HARD
)
448 arm7_9_assign_wp(arm7_9
, breakpoint
);
451 arm7_9
->breakpoint_count
++;
453 return arm7_9_set_breakpoint(target
, breakpoint
);
457 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
458 * dangling breakpoints and updates available watchpoints if it is a hardware
461 * @param target Pointer to the target to have a breakpoint removed
462 * @param breakpoint Pointer to the breakpoint to be removed
463 * @return Error status if there was a problem unsetting the breakpoint or the
464 * watchpoints could not be cleared
466 int arm7_9_remove_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
468 int retval
= ERROR_OK
;
469 armv4_5_common_t
*armv4_5
= target
->arch_info
;
470 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
472 if((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
477 if (breakpoint
->type
== BKPT_HARD
)
478 arm7_9
->wp_available
++;
480 arm7_9
->breakpoint_count
--;
481 if (arm7_9
->breakpoint_count
==0)
483 /* make sure we don't have any dangling breakpoints */
484 if((retval
= arm7_9_clear_watchpoints(arm7_9
)) != ERROR_OK
)
494 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
495 * considered a bug to call this function when there are no available watchpoint
498 * @param target Pointer to an ARM7/9 target to set a watchpoint on
499 * @param watchpoint Pointer to the watchpoint to be set
500 * @return Error status if watchpoint set fails or the result of executing the
503 int arm7_9_set_watchpoint(struct target_s
*target
, watchpoint_t
*watchpoint
)
505 int retval
= ERROR_OK
;
506 armv4_5_common_t
*armv4_5
= target
->arch_info
;
507 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
511 mask
= watchpoint
->length
- 1;
513 if (target
->state
!= TARGET_HALTED
)
515 LOG_WARNING("target not halted");
516 return ERROR_TARGET_NOT_HALTED
;
519 if (watchpoint
->rw
== WPT_ACCESS
)
524 if (!arm7_9
->wp0_used
)
526 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], watchpoint
->address
);
527 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
528 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], watchpoint
->mask
);
529 if( watchpoint
->mask
!= 0xffffffffu
)
530 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], watchpoint
->value
);
531 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
532 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
534 if((retval
= jtag_execute_queue()) != ERROR_OK
)
539 arm7_9
->wp0_used
= 2;
541 else if (!arm7_9
->wp1_used
)
543 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], watchpoint
->address
);
544 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
545 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], watchpoint
->mask
);
546 if( watchpoint
->mask
!= 0xffffffffu
)
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], watchpoint
->value
);
548 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
549 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
551 if((retval
= jtag_execute_queue()) != ERROR_OK
)
556 arm7_9
->wp1_used
= 2;
560 LOG_ERROR("BUG: no hardware comparator available");
568 * Unset an existing watchpoint and clear the used watchpoint unit.
570 * @param target Pointer to the target to have the watchpoint removed
571 * @param watchpoint Pointer to the watchpoint to be removed
572 * @return Error status while trying to unset the watchpoint or the result of
573 * executing the JTAG queue
575 int arm7_9_unset_watchpoint(struct target_s
*target
, watchpoint_t
*watchpoint
)
577 int retval
= ERROR_OK
;
578 armv4_5_common_t
*armv4_5
= target
->arch_info
;
579 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
581 if (target
->state
!= TARGET_HALTED
)
583 LOG_WARNING("target not halted");
584 return ERROR_TARGET_NOT_HALTED
;
587 if (!watchpoint
->set
)
589 LOG_WARNING("breakpoint not set");
593 if (watchpoint
->set
== 1)
595 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
596 if((retval
= jtag_execute_queue()) != ERROR_OK
)
600 arm7_9
->wp0_used
= 0;
602 else if (watchpoint
->set
== 2)
604 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
605 if((retval
= jtag_execute_queue()) != ERROR_OK
)
609 arm7_9
->wp1_used
= 0;
617 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
618 * available, an error response is returned.
620 * @param target Pointer to the ARM7/9 target to add a watchpoint to
621 * @param watchpoint Pointer to the watchpoint to be added
622 * @return Error status while trying to add the watchpoint
624 int arm7_9_add_watchpoint(struct target_s
*target
, watchpoint_t
*watchpoint
)
626 armv4_5_common_t
*armv4_5
= target
->arch_info
;
627 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
629 if (target
->state
!= TARGET_HALTED
)
631 LOG_WARNING("target not halted");
632 return ERROR_TARGET_NOT_HALTED
;
635 if (arm7_9
->wp_available
< 1)
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
640 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
642 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
645 arm7_9
->wp_available
--;
651 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
652 * the used watchpoint unit will be reopened.
654 * @param target Pointer to the target to remove a watchpoint from
655 * @param watchpoint Pointer to the watchpoint to be removed
656 * @return Result of trying to unset the watchpoint
658 int arm7_9_remove_watchpoint(struct target_s
*target
, watchpoint_t
*watchpoint
)
660 int retval
= ERROR_OK
;
661 armv4_5_common_t
*armv4_5
= target
->arch_info
;
662 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
666 if((retval
= arm7_9_unset_watchpoint(target
, watchpoint
)) != ERROR_OK
)
672 arm7_9
->wp_available
++;
678 * Restarts the target by sending a RESTART instruction and moving the JTAG
679 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
680 * asserted by the processor.
682 * @param target Pointer to target to issue commands to
683 * @return Error status if there is a timeout or a problem while executing the
686 int arm7_9_execute_sys_speed(struct target_s
*target
)
690 armv4_5_common_t
*armv4_5
= target
->arch_info
;
691 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
692 arm_jtag_t
*jtag_info
= &arm7_9
->jtag_info
;
693 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
695 /* set RESTART instruction */
696 jtag_add_end_state(TAP_IDLE
);
697 if (arm7_9
->need_bypass_before_restart
) {
698 arm7_9
->need_bypass_before_restart
= 0;
699 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
701 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
703 long long then
=timeval_ms();
705 while (!(timeout
=((timeval_ms()-then
)>1000)))
707 /* read debug status register */
708 embeddedice_read_reg(dbg_stat
);
709 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
711 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
712 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
724 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
725 return ERROR_TARGET_TIMEOUT
;
732 * Restarts the target by sending a RESTART instruction and moving the JTAG
733 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
734 * waiting until they are.
736 * @param target Pointer to the target to issue commands to
737 * @return Always ERROR_OK
739 int arm7_9_execute_fast_sys_speed(struct target_s
*target
)
742 static u8 check_value
[4], check_mask
[4];
744 armv4_5_common_t
*armv4_5
= target
->arch_info
;
745 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
746 arm_jtag_t
*jtag_info
= &arm7_9
->jtag_info
;
747 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
749 /* set RESTART instruction */
750 jtag_add_end_state(TAP_IDLE
);
751 if (arm7_9
->need_bypass_before_restart
) {
752 arm7_9
->need_bypass_before_restart
= 0;
753 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
755 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
759 /* check for DBGACK and SYSCOMP set (others don't care) */
761 /* NB! These are constants that must be available until after next jtag_execute() and
762 * we evaluate the values upon first execution in lieu of setting up these constants
763 * during early setup.
765 buf_set_u32(check_value
, 0, 32, 0x9);
766 buf_set_u32(check_mask
, 0, 32, 0x9);
770 /* read debug status register */
771 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
777 * Get some data from the ARM7/9 target.
779 * @param target Pointer to the ARM7/9 target to read data from
780 * @param size The number of 32bit words to be read
781 * @param buffer Pointer to the buffer that will hold the data
782 * @return The result of receiving data from the Embedded ICE unit
784 int arm7_9_target_request_data(target_t
*target
, u32 size
, u8
*buffer
)
786 armv4_5_common_t
*armv4_5
= target
->arch_info
;
787 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
788 arm_jtag_t
*jtag_info
= &arm7_9
->jtag_info
;
790 int retval
= ERROR_OK
;
793 data
= malloc(size
* (sizeof(u32
)));
795 retval
= embeddedice_receive(jtag_info
, data
, size
);
797 /* return the 32-bit ints in the 8-bit array */
798 for (i
= 0; i
< size
; i
++)
800 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
809 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
810 * target is running and the DCC control register has the W bit high, this will
811 * execute the request on the target.
813 * @param priv Void pointer expected to be a target_t pointer
814 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
815 * from the Embedded ICE unit
817 int arm7_9_handle_target_request(void *priv
)
819 int retval
= ERROR_OK
;
820 target_t
*target
= priv
;
821 if (!target_was_examined(target
))
823 armv4_5_common_t
*armv4_5
= target
->arch_info
;
824 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
825 arm_jtag_t
*jtag_info
= &arm7_9
->jtag_info
;
826 reg_t
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
828 if (!target
->dbg_msg_enabled
)
831 if (target
->state
== TARGET_RUNNING
)
833 /* read DCC control register */
834 embeddedice_read_reg(dcc_control
);
835 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
841 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1)
845 if ((retval
= embeddedice_receive(jtag_info
, &request
, 1)) != ERROR_OK
)
849 if ((retval
= target_request(target
, request
)) != ERROR_OK
)
860 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
861 * is manipulated to the right halted state based on its current state. This is
865 * <tr><th>State</th><th>Action</th></tr>
866 * <tr><td>TARGET_RUNNING | TARGET_RESET</td><td>Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
867 * <tr><td>TARGET_UNKNOWN</td><td>Warning is logged</td></tr>
868 * <tr><td>TARGET_DEBUG_RUNNING</td><td>Enters debug mode</td></tr>
869 * <tr><td>TARGET_HALTED</td><td>Nothing</td></tr>
872 * If the target does not end up in the halted state, a warning is produced. If
873 * DBGACK is cleared, then the target is expected to either be running or
876 * @param target Pointer to the ARM7/9 target to poll
877 * @return ERROR_OK or an error status if a command fails
879 int arm7_9_poll(target_t
*target
)
882 armv4_5_common_t
*armv4_5
= target
->arch_info
;
883 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
884 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
886 /* read debug status register */
887 embeddedice_read_reg(dbg_stat
);
888 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
893 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
895 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
896 if (target
->state
== TARGET_UNKNOWN
)
898 target
->state
= TARGET_RUNNING
;
899 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
901 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
))
904 if (target
->state
== TARGET_RESET
)
906 if (target
->reset_halt
)
908 if ((jtag_reset_config
& RESET_SRST_PULLS_TRST
)==0)
915 target
->state
= TARGET_HALTED
;
917 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
922 reg_t
*reg
= register_get_by_name(target
->reg_cache
, "pc", 1);
923 u32 t
=*((u32
*)reg
->value
);
926 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
930 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
935 if (target
->state
== TARGET_DEBUG_RUNNING
)
937 target
->state
= TARGET_HALTED
;
938 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
941 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
)) != ERROR_OK
)
946 if (target
->state
!= TARGET_HALTED
)
948 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target
->state
);
953 if (target
->state
!= TARGET_DEBUG_RUNNING
)
954 target
->state
= TARGET_RUNNING
;
961 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
962 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
963 * affected) completely stop the JTAG clock while the core is held in reset
964 * (SRST). It isn't possible to program the halt condition once reset is
965 * asserted, hence a hook that allows the target to set up its reset-halt
966 * condition is setup prior to asserting reset.
968 * @param target Pointer to an ARM7/9 target to assert reset on
969 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
971 int arm7_9_assert_reset(target_t
*target
)
973 armv4_5_common_t
*armv4_5
= target
->arch_info
;
974 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
975 LOG_DEBUG("target->state: %s",
976 Jim_Nvp_value2name_simple( nvp_target_state
,target
->state
)->name
);
978 if (!(jtag_reset_config
& RESET_HAS_SRST
))
980 LOG_ERROR("Can't assert SRST");
984 if (target
->reset_halt
)
987 * Some targets do not support communication while SRST is asserted. We need to
988 * set up the reset vector catch here.
990 * If TRST is asserted, then these settings will be reset anyway, so setting them
993 if (arm7_9
->has_vector_catch
)
995 /* program vector catch register to catch reset vector */
996 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
1000 /* program watchpoint unit to match on reset vector address */
1001 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
1002 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
1003 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1004 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1005 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1009 /* here we should issue an SRST only, but we may have to assert TRST as well */
1010 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
1012 jtag_add_reset(1, 1);
1015 jtag_add_reset(0, 1);
1018 target
->state
= TARGET_RESET
;
1019 jtag_add_sleep(50000);
1021 armv4_5_invalidate_core_regs(target
);
1023 if ((target
->reset_halt
)&&((jtag_reset_config
& RESET_SRST_PULLS_TRST
)==0))
1025 /* debug entry was already prepared in arm7_9_assert_reset() */
1026 target
->debug_reason
= DBG_REASON_DBGRQ
;
1033 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1034 * and the target is being reset into a halt, a warning will be triggered
1035 * because it is not possible to reset into a halted mode in this case. The
1036 * target is halted using the target's functions.
1038 * @param target Pointer to the target to have the reset deasserted
1039 * @return ERROR_OK or an error from polling or halting the target
1041 int arm7_9_deassert_reset(target_t
*target
)
1043 int retval
=ERROR_OK
;
1044 LOG_DEBUG("target->state: %s",
1045 Jim_Nvp_value2name_simple( nvp_target_state
,target
->state
)->name
);
1047 /* deassert reset lines */
1048 jtag_add_reset(0, 0);
1050 if (target
->reset_halt
&&(jtag_reset_config
& RESET_SRST_PULLS_TRST
)!=0)
1052 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1053 /* set up embedded ice registers again */
1054 if ((retval
=target
->type
->examine(target
))!=ERROR_OK
)
1057 if ((retval
=target_poll(target
))!=ERROR_OK
)
1062 if ((retval
=target_halt(target
))!=ERROR_OK
)
1072 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1073 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1074 * vector catch was used, it is restored. Otherwise, the control value is
1075 * restored and the watchpoint unit is restored if it was in use.
1077 * @param target Pointer to the ARM7/9 target to have halt cleared
1078 * @return Always ERROR_OK
1080 int arm7_9_clear_halt(target_t
*target
)
1082 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1083 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1084 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1086 /* we used DBGRQ only if we didn't come out of reset */
1087 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
)
1089 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1091 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1092 embeddedice_store_reg(dbg_ctrl
);
1096 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
)
1098 /* if we came out of reset, and vector catch is supported, we used
1099 * vector catch to enter debug state
1100 * restore the register in that case
1102 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1106 /* restore registers if watchpoint unit 0 was in use
1108 if (arm7_9
->wp0_used
)
1110 if (arm7_9
->debug_entry_from_reset
)
1112 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
]);
1114 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1115 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1116 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1118 /* control value always has to be restored, as it was either disabled,
1119 * or enabled with possibly different bits
1121 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1129 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1130 * and then there is a wait until the processor shows the halt. This wait can
1131 * timeout and results in an error being returned. The software reset involves
1132 * clearing the halt, updating the debug control register, changing to ARM mode,
1133 * reset of the program counter, and reset of all of the registers.
1135 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1136 * @return Error status if any of the commands fail, otherwise ERROR_OK
1138 int arm7_9_soft_reset_halt(struct target_s
*target
)
1140 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1141 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1142 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1143 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1147 if ((retval
=target_halt(target
))!=ERROR_OK
)
1150 long long then
=timeval_ms();
1152 while (!(timeout
=((timeval_ms()-then
)>1000)))
1154 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1156 embeddedice_read_reg(dbg_stat
);
1157 if ((retval
=jtag_execute_queue())!=ERROR_OK
)
1169 LOG_ERROR("Failed to halt CPU after 1 sec");
1170 return ERROR_TARGET_TIMEOUT
;
1172 target
->state
= TARGET_HALTED
;
1174 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1175 * ensure that DBGRQ is cleared
1177 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1178 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1179 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1180 embeddedice_store_reg(dbg_ctrl
);
1182 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1187 /* if the target is in Thumb state, change to ARM state */
1188 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1190 u32 r0_thumb
, pc_thumb
;
1191 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1192 /* Entered debug from Thumb mode */
1193 armv4_5
->core_state
= ARMV4_5_STATE_THUMB
;
1194 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1197 /* all register content is now invalid */
1198 if ((retval
= armv4_5_invalidate_core_regs(target
)) != ERROR_OK
)
1203 /* SVC, ARM state, IRQ and FIQ disabled */
1204 buf_set_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8, 0xd3);
1205 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
= 1;
1206 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].valid
= 1;
1208 /* start fetching from 0x0 */
1209 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, 0x0);
1210 armv4_5
->core_cache
->reg_list
[15].dirty
= 1;
1211 armv4_5
->core_cache
->reg_list
[15].valid
= 1;
1213 armv4_5
->core_mode
= ARMV4_5_MODE_SVC
;
1214 armv4_5
->core_state
= ARMV4_5_STATE_ARM
;
1216 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1219 /* reset registers */
1220 for (i
= 0; i
<= 14; i
++)
1222 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).value
, 0, 32, 0xffffffff);
1223 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= 1;
1224 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
= 1;
1227 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
1236 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1237 * line or by programming a watchpoint to trigger on any address. It is
1238 * considered a bug to call this function while the target is in the
1239 * TARGET_RESET state.
1241 * @param target Pointer to the ARM7/9 target to be halted
1242 * @return Always ERROR_OK
1244 int arm7_9_halt(target_t
*target
)
1246 if (target
->state
==TARGET_RESET
)
1248 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1252 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1253 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1254 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1256 LOG_DEBUG("target->state: %s",
1257 Jim_Nvp_value2name_simple( nvp_target_state
,target
->state
)->name
);
1259 if (target
->state
== TARGET_HALTED
)
1261 LOG_DEBUG("target was already halted");
1265 if (target
->state
== TARGET_UNKNOWN
)
1267 LOG_WARNING("target was in unknown state when halt was requested");
1270 if (arm7_9
->use_dbgrq
)
1272 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1274 if (arm7_9
->set_special_dbgrq
) {
1275 arm7_9
->set_special_dbgrq(target
);
1277 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1278 embeddedice_store_reg(dbg_ctrl
);
1283 /* program watchpoint unit to match on any address
1285 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1286 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1287 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1288 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1291 target
->debug_reason
= DBG_REASON_DBGRQ
;
1297 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1298 * ARM. The JTAG queue is then executed and the reason for debug entry is
1299 * examined. Once done, the target is verified to be halted and the processor
1300 * is forced into ARM mode. The core registers are saved for the current core
1301 * mode and the program counter (register 15) is updated as needed. The core
1302 * registers and CPSR and SPSR are saved for restoration later.
1304 * @param target Pointer to target that is entering debug mode
1305 * @return Error code if anything fails, otherwise ERROR_OK
1307 int arm7_9_debug_entry(target_t
*target
)
1312 u32 r0_thumb
, pc_thumb
;
1315 /* get pointers to arch-specific information */
1316 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1317 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1318 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1319 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1321 #ifdef _DEBUG_ARM7_9_
1325 if (arm7_9
->pre_debug_entry
)
1326 arm7_9
->pre_debug_entry(target
);
1328 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1329 * ensure that DBGRQ is cleared
1331 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1332 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1333 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1334 embeddedice_store_reg(dbg_ctrl
);
1336 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1341 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1346 if ((retval
= arm7_9
->examine_debug_reason(target
)) != ERROR_OK
)
1350 if (target
->state
!= TARGET_HALTED
)
1352 LOG_WARNING("target not halted");
1353 return ERROR_TARGET_NOT_HALTED
;
1356 /* if the target is in Thumb state, change to ARM state */
1357 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1359 LOG_DEBUG("target entered debug from Thumb state");
1360 /* Entered debug from Thumb mode */
1361 armv4_5
->core_state
= ARMV4_5_STATE_THUMB
;
1362 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1363 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb
, pc_thumb
);
1367 LOG_DEBUG("target entered debug from ARM state");
1368 /* Entered debug from ARM mode */
1369 armv4_5
->core_state
= ARMV4_5_STATE_ARM
;
1372 for (i
= 0; i
< 16; i
++)
1373 context_p
[i
] = &context
[i
];
1374 /* save core registers (r0 - r15 of current core mode) */
1375 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1377 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1379 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1382 /* if the core has been executing in Thumb state, set the T bit */
1383 if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1386 buf_set_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 32, cpsr
);
1387 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
= 0;
1388 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].valid
= 1;
1390 armv4_5
->core_mode
= cpsr
& 0x1f;
1392 if (armv4_5_mode_to_number(armv4_5
->core_mode
) == -1)
1394 target
->state
= TARGET_UNKNOWN
;
1395 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1396 return ERROR_TARGET_FAILURE
;
1399 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings
[armv4_5_mode_to_number(armv4_5
->core_mode
)]);
1401 if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1403 LOG_DEBUG("thumb state, applying fixups");
1404 context
[0] = r0_thumb
;
1405 context
[15] = pc_thumb
;
1406 } else if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
1408 /* adjust value stored by STM */
1409 context
[15] -= 3 * 4;
1412 if ((target
->debug_reason
== DBG_REASON_BREAKPOINT
)
1413 || (target
->debug_reason
== DBG_REASON_SINGLESTEP
)
1414 || (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
1415 || (target
->debug_reason
== DBG_REASON_WPTANDBKPT
)
1416 || ((target
->debug_reason
== DBG_REASON_DBGRQ
) && (arm7_9
->use_dbgrq
== 0)))
1417 context
[15] -= 3 * ((armv4_5
->core_state
== ARMV4_5_STATE_ARM
) ? 4 : 2);
1418 else if (target
->debug_reason
== DBG_REASON_DBGRQ
)
1419 context
[15] -= arm7_9
->dbgreq_adjust_pc
* ((armv4_5
->core_state
== ARMV4_5_STATE_ARM
) ? 4 : 2);
1422 LOG_ERROR("unknown debug reason: %i", target
->debug_reason
);
1425 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1428 for (i
=0; i
<=15; i
++)
1430 LOG_DEBUG("r%i: 0x%8.8x", i
, context
[i
]);
1431 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).value
, 0, 32, context
[i
]);
1432 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= 0;
1433 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
= 1;
1436 LOG_DEBUG("entered debug state at PC 0x%x", context
[15]);
1438 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1441 /* exceptions other than USR & SYS have a saved program status register */
1442 if ((armv4_5
->core_mode
!= ARMV4_5_MODE_USR
) && (armv4_5
->core_mode
!= ARMV4_5_MODE_SYS
))
1445 arm7_9
->read_xpsr(target
, &spsr
, 1);
1446 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1450 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 16).value
, 0, 32, spsr
);
1451 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 16).dirty
= 0;
1452 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 16).valid
= 1;
1455 /* r0 and r15 (pc) have to be restored later */
1456 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 0).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 0).valid
;
1457 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 15).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 15).valid
;
1459 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1462 if (arm7_9
->post_debug_entry
)
1463 arm7_9
->post_debug_entry(target
);
1469 * Validate the full context for an ARM7/9 target in all processor modes. If
1470 * there are any invalid registers for the target, they will all be read. This
1473 * @param target Pointer to the ARM7/9 target to capture the full context from
1474 * @return Error if the target is not halted, has an invalid core mode, or if
1475 * the JTAG queue fails to execute
1477 int arm7_9_full_context(target_t
*target
)
1481 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1482 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1486 if (target
->state
!= TARGET_HALTED
)
1488 LOG_WARNING("target not halted");
1489 return ERROR_TARGET_NOT_HALTED
;
1492 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1495 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1496 * SYS shares registers with User, so we don't touch SYS
1498 for (i
= 0; i
< 6; i
++)
1505 /* check if there are invalid registers in the current mode
1507 for (j
= 0; j
<= 16; j
++)
1509 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1517 /* change processor mode (and mask T bit) */
1518 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
1519 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1521 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1523 for (j
= 0; j
< 15; j
++)
1525 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1527 reg_p
[j
] = (u32
*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).value
;
1529 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
= 1;
1530 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).dirty
= 0;
1534 /* if only the PSR is invalid, mask is all zeroes */
1536 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1538 /* check if the PSR has to be read */
1539 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
== 0)
1541 arm7_9
->read_xpsr(target
, (u32
*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).value
, 1);
1542 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
= 1;
1543 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).dirty
= 0;
1548 /* restore processor mode (mask T bit) */
1549 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
1551 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1559 * Restore the processor context on an ARM7/9 target. The full processor
1560 * context is analyzed to see if any of the registers are dirty on this end, but
1561 * have a valid new value. If this is the case, the processor is changed to the
1562 * appropriate mode and the new register values are written out to the
1563 * processor. If there happens to be a dirty register with an invalid value, an
1564 * error will be logged.
1566 * @param target Pointer to the ARM7/9 target to have its context restored
1567 * @return Error status if the target is not halted or the core mode in the
1568 * armv4_5 struct is invalid.
1570 int arm7_9_restore_context(target_t
*target
)
1572 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1573 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1575 armv4_5_core_reg_t
*reg_arch_info
;
1576 enum armv4_5_mode current_mode
= armv4_5
->core_mode
;
1583 if (target
->state
!= TARGET_HALTED
)
1585 LOG_WARNING("target not halted");
1586 return ERROR_TARGET_NOT_HALTED
;
1589 if (arm7_9
->pre_restore_context
)
1590 arm7_9
->pre_restore_context(target
);
1592 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1595 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1596 * SYS shares registers with User, so we don't touch SYS
1598 for (i
= 0; i
< 6; i
++)
1600 LOG_DEBUG("examining %s mode", armv4_5_mode_strings
[i
]);
1603 /* check if there are dirty registers in the current mode
1605 for (j
= 0; j
<= 16; j
++)
1607 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1608 reg_arch_info
= reg
->arch_info
;
1609 if (reg
->dirty
== 1)
1611 if (reg
->valid
== 1)
1614 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1615 if ((reg_arch_info
->mode
!= ARMV4_5_MODE_ANY
)
1616 && (reg_arch_info
->mode
!= current_mode
)
1617 && !((reg_arch_info
->mode
== ARMV4_5_MODE_USR
) && (armv4_5
->core_mode
== ARMV4_5_MODE_SYS
))
1618 && !((reg_arch_info
->mode
== ARMV4_5_MODE_SYS
) && (armv4_5
->core_mode
== ARMV4_5_MODE_USR
)))
1621 LOG_DEBUG("require mode change");
1626 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg
->name
);
1641 /* change processor mode (mask T bit) */
1642 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
1643 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1645 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1646 current_mode
= armv4_5_number_to_mode(i
);
1649 for (j
= 0; j
<= 14; j
++)
1651 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1652 reg_arch_info
= reg
->arch_info
;
1655 if (reg
->dirty
== 1)
1657 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1662 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j
, armv4_5_mode_strings
[i
], regs
[j
]);
1668 arm7_9
->write_core_regs(target
, mask
, regs
);
1671 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16);
1672 reg_arch_info
= reg
->arch_info
;
1673 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARMV4_5_MODE_ANY
))
1675 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i
, buf_get_u32(reg
->value
, 0, 32));
1676 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1681 if ((armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
== 0) && (armv4_5
->core_mode
!= current_mode
))
1683 /* restore processor mode (mask T bit) */
1686 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
1687 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1689 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr
);
1690 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1692 else if (armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
== 1)
1694 /* CPSR has been changed, full restore necessary (mask T bit) */
1695 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 32));
1696 arm7_9
->write_xpsr(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 32) & ~0x20, 0);
1697 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
= 0;
1698 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].valid
= 1;
1702 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1703 arm7_9
->write_pc(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1704 armv4_5
->core_cache
->reg_list
[15].dirty
= 0;
1706 if (arm7_9
->post_restore_context
)
1707 arm7_9
->post_restore_context(target
);
1713 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1714 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1717 * @param target Pointer to the ARM7/9 target to be restarted
1718 * @return Result of executing the JTAG queue
1720 int arm7_9_restart_core(struct target_s
*target
)
1722 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1723 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1724 arm_jtag_t
*jtag_info
= &arm7_9
->jtag_info
;
1726 /* set RESTART instruction */
1727 jtag_add_end_state(TAP_IDLE
);
1728 if (arm7_9
->need_bypass_before_restart
) {
1729 arm7_9
->need_bypass_before_restart
= 0;
1730 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
1732 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
1734 jtag_add_runtest(1, TAP_IDLE
);
1735 return jtag_execute_queue();
1739 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1740 * iterated through and are set on the target if they aren't already set.
1742 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1744 void arm7_9_enable_watchpoints(struct target_s
*target
)
1746 watchpoint_t
*watchpoint
= target
->watchpoints
;
1750 if (watchpoint
->set
== 0)
1751 arm7_9_set_watchpoint(target
, watchpoint
);
1752 watchpoint
= watchpoint
->next
;
1757 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1758 * iterated through and are set on the target.
1760 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1762 void arm7_9_enable_breakpoints(struct target_s
*target
)
1764 breakpoint_t
*breakpoint
= target
->breakpoints
;
1766 /* set any pending breakpoints */
1769 arm7_9_set_breakpoint(target
, breakpoint
);
1770 breakpoint
= breakpoint
->next
;
1774 int arm7_9_resume(struct target_s
*target
, int current
, u32 address
, int handle_breakpoints
, int debug_execution
)
1776 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1777 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1778 breakpoint_t
*breakpoint
= target
->breakpoints
;
1779 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1780 int err
, retval
= ERROR_OK
;
1784 if (target
->state
!= TARGET_HALTED
)
1786 LOG_WARNING("target not halted");
1787 return ERROR_TARGET_NOT_HALTED
;
1790 if (!debug_execution
)
1792 target_free_all_working_areas(target
);
1795 /* current = 1: continue on current pc, otherwise continue at <address> */
1797 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
1800 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1802 /* the front-end may request us not to handle breakpoints */
1803 if (handle_breakpoints
)
1805 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
1807 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint
->address
);
1808 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1813 /* calculate PC of next instruction */
1815 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
1818 target_read_u32(target
, current_pc
, ¤t_opcode
);
1819 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode
);
1823 LOG_DEBUG("enable single-step");
1824 arm7_9
->enable_single_step(target
, next_pc
);
1826 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1828 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1833 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
1834 arm7_9
->branch_resume(target
);
1835 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1837 arm7_9
->branch_resume_thumb(target
);
1841 LOG_ERROR("unhandled core state");
1845 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1846 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1847 err
= arm7_9_execute_sys_speed(target
);
1849 LOG_DEBUG("disable single-step");
1850 arm7_9
->disable_single_step(target
);
1852 if (err
!= ERROR_OK
)
1854 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1858 target
->state
= TARGET_UNKNOWN
;
1862 arm7_9_debug_entry(target
);
1863 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1865 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint
->address
);
1866 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1873 /* enable any pending breakpoints and watchpoints */
1874 arm7_9_enable_breakpoints(target
);
1875 arm7_9_enable_watchpoints(target
);
1877 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1882 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
1884 arm7_9
->branch_resume(target
);
1886 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1888 arm7_9
->branch_resume_thumb(target
);
1892 LOG_ERROR("unhandled core state");
1896 /* deassert DBGACK and INTDIS */
1897 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1898 /* INTDIS only when we really resume, not during debug execution */
1899 if (!debug_execution
)
1900 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1901 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1903 if ((retval
= arm7_9_restart_core(target
)) != ERROR_OK
)
1908 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1910 if (!debug_execution
)
1912 /* registers are now invalid */
1913 armv4_5_invalidate_core_regs(target
);
1914 target
->state
= TARGET_RUNNING
;
1915 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
1922 target
->state
= TARGET_DEBUG_RUNNING
;
1923 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
)) != ERROR_OK
)
1929 LOG_DEBUG("target resumed");
1934 void arm7_9_enable_eice_step(target_t
*target
, u32 next_pc
)
1936 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1937 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1940 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1942 if(next_pc
!= current_pc
)
1944 /* setup an inverse breakpoint on the current PC
1945 * - comparator 1 matches the current address
1946 * - rangeout from comparator 1 is connected to comparator 0 rangein
1947 * - comparator 0 matches any address, as long as rangein is low */
1948 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1949 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1950 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1951 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~(EICE_W_CTRL_RANGE
|EICE_W_CTRL_nOPC
) & 0xff);
1952 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], current_pc
);
1953 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1954 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1956 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1960 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1961 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1962 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1963 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1964 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1965 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1966 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1967 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1968 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1972 void arm7_9_disable_eice_step(target_t
*target
)
1974 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1975 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1977 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1978 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1979 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1980 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1981 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1982 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1983 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1984 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1985 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1988 int arm7_9_step(struct target_s
*target
, int current
, u32 address
, int handle_breakpoints
)
1990 armv4_5_common_t
*armv4_5
= target
->arch_info
;
1991 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
1992 breakpoint_t
*breakpoint
= NULL
;
1995 if (target
->state
!= TARGET_HALTED
)
1997 LOG_WARNING("target not halted");
1998 return ERROR_TARGET_NOT_HALTED
;
2001 /* current = 1: continue on current pc, otherwise continue at <address> */
2003 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
2006 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
2008 /* the front-end may request us not to handle breakpoints */
2009 if (handle_breakpoints
)
2010 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
2011 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2016 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
2018 /* calculate PC of next instruction */
2020 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
2023 target_read_u32(target
, current_pc
, ¤t_opcode
);
2024 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode
);
2028 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
2033 arm7_9
->enable_single_step(target
, next_pc
);
2035 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
2037 arm7_9
->branch_resume(target
);
2039 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
2041 arm7_9
->branch_resume_thumb(target
);
2045 LOG_ERROR("unhandled core state");
2049 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
2054 err
= arm7_9_execute_sys_speed(target
);
2055 arm7_9
->disable_single_step(target
);
2057 /* registers are now invalid */
2058 armv4_5_invalidate_core_regs(target
);
2060 if (err
!= ERROR_OK
)
2062 target
->state
= TARGET_UNKNOWN
;
2064 arm7_9_debug_entry(target
);
2065 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
2069 LOG_DEBUG("target stepped");
2073 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2081 int arm7_9_read_core_reg(struct target_s
*target
, int num
, enum armv4_5_mode mode
)
2086 armv4_5_common_t
*armv4_5
= target
->arch_info
;
2087 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
2089 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2092 enum armv4_5_mode reg_mode
= ((armv4_5_core_reg_t
*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
)->mode
;
2094 if ((num
< 0) || (num
> 16))
2095 return ERROR_INVALID_ARGUMENTS
;
2097 if ((mode
!= ARMV4_5_MODE_ANY
)
2098 && (mode
!= armv4_5
->core_mode
)
2099 && (reg_mode
!= ARMV4_5_MODE_ANY
))
2103 /* change processor mode (mask T bit) */
2104 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
2107 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2110 if ((num
>= 0) && (num
<= 15))
2112 /* read a normal core register */
2113 reg_p
[num
] = &value
;
2115 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2119 /* read a program status register
2120 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2122 armv4_5_core_reg_t
*arch_info
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
;
2123 int spsr
= (arch_info
->mode
== ARMV4_5_MODE_ANY
) ? 0 : 1;
2125 arm7_9
->read_xpsr(target
, &value
, spsr
);
2128 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2133 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).valid
= 1;
2134 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).dirty
= 0;
2135 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).value
, 0, 32, value
);
2137 if ((mode
!= ARMV4_5_MODE_ANY
)
2138 && (mode
!= armv4_5
->core_mode
)
2139 && (reg_mode
!= ARMV4_5_MODE_ANY
)) {
2140 /* restore processor mode (mask T bit) */
2141 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2147 int arm7_9_write_core_reg(struct target_s
*target
, int num
, enum armv4_5_mode mode
, u32 value
)
2150 armv4_5_common_t
*armv4_5
= target
->arch_info
;
2151 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
2153 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2156 enum armv4_5_mode reg_mode
= ((armv4_5_core_reg_t
*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
)->mode
;
2158 if ((num
< 0) || (num
> 16))
2159 return ERROR_INVALID_ARGUMENTS
;
2161 if ((mode
!= ARMV4_5_MODE_ANY
)
2162 && (mode
!= armv4_5
->core_mode
)
2163 && (reg_mode
!= ARMV4_5_MODE_ANY
)) {
2166 /* change processor mode (mask T bit) */
2167 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
2170 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2173 if ((num
>= 0) && (num
<= 15))
2175 /* write a normal core register */
2178 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2182 /* write a program status register
2183 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2185 armv4_5_core_reg_t
*arch_info
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
;
2186 int spsr
= (arch_info
->mode
== ARMV4_5_MODE_ANY
) ? 0 : 1;
2188 /* if we're writing the CPSR, mask the T bit */
2192 arm7_9
->write_xpsr(target
, value
, spsr
);
2195 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).valid
= 1;
2196 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).dirty
= 0;
2198 if ((mode
!= ARMV4_5_MODE_ANY
)
2199 && (mode
!= armv4_5
->core_mode
)
2200 && (reg_mode
!= ARMV4_5_MODE_ANY
)) {
2201 /* restore processor mode (mask T bit) */
2202 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2205 return jtag_execute_queue();
2208 int arm7_9_read_memory(struct target_s
*target
, u32 address
, u32 size
, u32 count
, u8
*buffer
)
2210 armv4_5_common_t
*armv4_5
= target
->arch_info
;
2211 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
2214 u32 num_accesses
= 0;
2215 int thisrun_accesses
;
2221 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2223 if (target
->state
!= TARGET_HALTED
)
2225 LOG_WARNING("target not halted");
2226 return ERROR_TARGET_NOT_HALTED
;
2229 /* sanitize arguments */
2230 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2231 return ERROR_INVALID_ARGUMENTS
;
2233 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2234 return ERROR_TARGET_UNALIGNED_ACCESS
;
2236 /* load the base register with the address of the first word */
2238 arm7_9
->write_core_regs(target
, 0x1, reg
);
2245 while (num_accesses
< count
)
2248 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2249 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2251 if (last_reg
<= thisrun_accesses
)
2252 last_reg
= thisrun_accesses
;
2254 arm7_9
->load_word_regs(target
, reg_list
);
2256 /* fast memory reads are only safe when the target is running
2257 * from a sufficiently high clock (32 kHz is usually too slow)
2259 if (arm7_9
->fast_memory_access
)
2260 retval
= arm7_9_execute_fast_sys_speed(target
);
2262 retval
= arm7_9_execute_sys_speed(target
);
2263 if (retval
!= ERROR_OK
)
2266 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2268 /* advance buffer, count number of accesses */
2269 buffer
+= thisrun_accesses
* 4;
2270 num_accesses
+= thisrun_accesses
;
2279 while (num_accesses
< count
)
2282 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2283 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2285 for (i
= 1; i
<= thisrun_accesses
; i
++)
2289 arm7_9
->load_hword_reg(target
, i
);
2290 /* fast memory reads are only safe when the target is running
2291 * from a sufficiently high clock (32 kHz is usually too slow)
2293 if (arm7_9
->fast_memory_access
)
2294 retval
= arm7_9_execute_fast_sys_speed(target
);
2296 retval
= arm7_9_execute_sys_speed(target
);
2297 if(retval
!= ERROR_OK
)
2304 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2306 /* advance buffer, count number of accesses */
2307 buffer
+= thisrun_accesses
* 2;
2308 num_accesses
+= thisrun_accesses
;
2317 while (num_accesses
< count
)
2320 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2321 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2323 for (i
= 1; i
<= thisrun_accesses
; i
++)
2327 arm7_9
->load_byte_reg(target
, i
);
2328 /* fast memory reads are only safe when the target is running
2329 * from a sufficiently high clock (32 kHz is usually too slow)
2331 if (arm7_9
->fast_memory_access
)
2332 retval
= arm7_9_execute_fast_sys_speed(target
);
2334 retval
= arm7_9_execute_sys_speed(target
);
2335 if(retval
!= ERROR_OK
)
2341 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2343 /* advance buffer, count number of accesses */
2344 buffer
+= thisrun_accesses
* 1;
2345 num_accesses
+= thisrun_accesses
;
2354 LOG_ERROR("BUG: we shouldn't get here");
2359 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2362 for (i
=0; i
<=last_reg
; i
++)
2363 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
;
2365 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2366 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2368 LOG_ERROR("JTAG error while reading cpsr");
2369 return ERROR_TARGET_DATA_ABORT
;
2372 if (((cpsr
& 0x1f) == ARMV4_5_MODE_ABT
) && (armv4_5
->core_mode
!= ARMV4_5_MODE_ABT
))
2374 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address
, size
, count
);
2376 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2378 return ERROR_TARGET_DATA_ABORT
;
2384 int arm7_9_write_memory(struct target_s
*target
, u32 address
, u32 size
, u32 count
, u8
*buffer
)
2386 armv4_5_common_t
*armv4_5
= target
->arch_info
;
2387 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
2388 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2391 u32 num_accesses
= 0;
2392 int thisrun_accesses
;
2398 #ifdef _DEBUG_ARM7_9_
2399 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2402 if (target
->state
!= TARGET_HALTED
)
2404 LOG_WARNING("target not halted");
2405 return ERROR_TARGET_NOT_HALTED
;
2408 /* sanitize arguments */
2409 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2410 return ERROR_INVALID_ARGUMENTS
;
2412 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2413 return ERROR_TARGET_UNALIGNED_ACCESS
;
2415 /* load the base register with the address of the first word */
2417 arm7_9
->write_core_regs(target
, 0x1, reg
);
2419 /* Clear DBGACK, to make sure memory fetches work as expected */
2420 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2421 embeddedice_store_reg(dbg_ctrl
);
2426 while (num_accesses
< count
)
2429 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2430 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2432 for (i
= 1; i
<= thisrun_accesses
; i
++)
2436 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2440 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2442 arm7_9
->store_word_regs(target
, reg_list
);
2444 /* fast memory writes are only safe when the target is running
2445 * from a sufficiently high clock (32 kHz is usually too slow)
2447 if (arm7_9
->fast_memory_access
)
2448 retval
= arm7_9_execute_fast_sys_speed(target
);
2450 retval
= arm7_9_execute_sys_speed(target
);
2451 if(retval
!= ERROR_OK
)
2456 num_accesses
+= thisrun_accesses
;
2460 while (num_accesses
< count
)
2463 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2464 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2466 for (i
= 1; i
<= thisrun_accesses
; i
++)
2470 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2474 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2476 for (i
= 1; i
<= thisrun_accesses
; i
++)
2478 arm7_9
->store_hword_reg(target
, i
);
2480 /* fast memory writes are only safe when the target is running
2481 * from a sufficiently high clock (32 kHz is usually too slow)
2483 if (arm7_9
->fast_memory_access
)
2484 retval
= arm7_9_execute_fast_sys_speed(target
);
2486 retval
= arm7_9_execute_sys_speed(target
);
2487 if(retval
!= ERROR_OK
)
2493 num_accesses
+= thisrun_accesses
;
2497 while (num_accesses
< count
)
2500 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2501 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2503 for (i
= 1; i
<= thisrun_accesses
; i
++)
2507 reg
[i
] = *buffer
++ & 0xff;
2510 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2512 for (i
= 1; i
<= thisrun_accesses
; i
++)
2514 arm7_9
->store_byte_reg(target
, i
);
2515 /* fast memory writes are only safe when the target is running
2516 * from a sufficiently high clock (32 kHz is usually too slow)
2518 if (arm7_9
->fast_memory_access
)
2519 retval
= arm7_9_execute_fast_sys_speed(target
);
2521 retval
= arm7_9_execute_sys_speed(target
);
2522 if(retval
!= ERROR_OK
)
2529 num_accesses
+= thisrun_accesses
;
2533 LOG_ERROR("BUG: we shouldn't get here");
2539 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2540 embeddedice_store_reg(dbg_ctrl
);
2542 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2545 for (i
=0; i
<=last_reg
; i
++)
2546 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
;
2548 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2549 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2551 LOG_ERROR("JTAG error while reading cpsr");
2552 return ERROR_TARGET_DATA_ABORT
;
2555 if (((cpsr
& 0x1f) == ARMV4_5_MODE_ABT
) && (armv4_5
->core_mode
!= ARMV4_5_MODE_ABT
))
2557 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address
, size
, count
);
2559 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2561 return ERROR_TARGET_DATA_ABORT
;
2567 static int dcc_count
;
2568 static u8
*dcc_buffer
;
2570 static int arm7_9_dcc_completion(struct target_s
*target
, u32 exit_point
, int timeout_ms
, void *arch_info
)
2572 int retval
= ERROR_OK
;
2573 armv4_5_common_t
*armv4_5
= target
->arch_info
;
2574 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
2576 if ((retval
=target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500))!=ERROR_OK
)
2579 int little
=target
->endianness
==TARGET_LITTLE_ENDIAN
;
2580 int count
=dcc_count
;
2581 u8
*buffer
=dcc_buffer
;
2584 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2585 * core function repeated. */
2586 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2589 embeddedice_reg_t
*ice_reg
= arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2590 u8 reg_addr
= ice_reg
->addr
& 0x1f;
2592 tap
= ice_reg
->jtag_info
->tap
;
2594 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2595 buffer
+= (count
-2)*4;
2597 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2601 for (i
= 0; i
< count
; i
++)
2603 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2608 if((retval
= target_halt(target
))!= ERROR_OK
)
2612 return target_wait_state(target
, TARGET_HALTED
, 500);
2615 static const u32 dcc_code
[] =
2617 /* MRC TST BNE MRC STR B */
2618 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2621 int armv4_5_run_algorithm_inner(struct target_s
*target
, int num_mem_params
, mem_param_t
*mem_params
, int num_reg_params
, reg_param_t
*reg_params
, u32 entry_point
, u32 exit_point
, int timeout_ms
, void *arch_info
, int (*run_it
)(struct target_s
*target
, u32 exit_point
, int timeout_ms
, void *arch_info
));
2623 int arm7_9_bulk_write_memory(target_t
*target
, u32 address
, u32 count
, u8
*buffer
)
2626 armv4_5_common_t
*armv4_5
= target
->arch_info
;
2627 arm7_9_common_t
*arm7_9
= armv4_5
->arch_info
;
2630 if (!arm7_9
->dcc_downloads
)
2631 return target_write_memory(target
, address
, 4, count
, buffer
);
2633 /* regrab previously allocated working_area, or allocate a new one */
2634 if (!arm7_9
->dcc_working_area
)
2636 u8 dcc_code_buf
[6 * 4];
2638 /* make sure we have a working area */
2639 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
)
2641 LOG_INFO("no working area available, falling back to memory writes");
2642 return target_write_memory(target
, address
, 4, count
, buffer
);
2645 /* copy target instructions to target endianness */
2646 for (i
= 0; i
< 6; i
++)
2648 target_buffer_set_u32(target
, dcc_code_buf
+ i
*4, dcc_code
[i
]);
2651 /* write DCC code to working area */
2652 if ((retval
= target_write_memory(target
, arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
)) != ERROR_OK
)
2658 armv4_5_algorithm_t armv4_5_info
;
2659 reg_param_t reg_params
[1];
2661 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
2662 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
2663 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
2665 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2667 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2671 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2672 arm7_9
->dcc_working_area
->address
, arm7_9
->dcc_working_area
->address
+6*4, 20*1000, &armv4_5_info
, arm7_9_dcc_completion
);
2674 if (retval
==ERROR_OK
)
2676 u32 endaddress
=buf_get_u32(reg_params
[0].value
, 0, 32);
2677 if (endaddress
!=(address
+count
*4))
2679 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address
+count
*4), endaddress
);
2684 destroy_reg_param(®_params
[0]);
2689 int arm7_9_checksum_memory(struct target_s
*target
, u32 address
, u32 count
, u32
* checksum
)
2691 working_area_t
*crc_algorithm
;
2692 armv4_5_algorithm_t armv4_5_info
;
2693 reg_param_t reg_params
[2];
2696 u32 arm7_9_crc_code
[] = {
2697 0xE1A02000, /* mov r2, r0 */
2698 0xE3E00000, /* mov r0, #0xffffffff */
2699 0xE1A03001, /* mov r3, r1 */
2700 0xE3A04000, /* mov r4, #0 */
2701 0xEA00000B, /* b ncomp */
2703 0xE7D21004, /* ldrb r1, [r2, r4] */
2704 0xE59F7030, /* ldr r7, CRC32XOR */
2705 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2706 0xE3A05000, /* mov r5, #0 */
2708 0xE3500000, /* cmp r0, #0 */
2709 0xE1A06080, /* mov r6, r0, asl #1 */
2710 0xE2855001, /* add r5, r5, #1 */
2711 0xE1A00006, /* mov r0, r6 */
2712 0xB0260007, /* eorlt r0, r6, r7 */
2713 0xE3550008, /* cmp r5, #8 */
2714 0x1AFFFFF8, /* bne loop */
2715 0xE2844001, /* add r4, r4, #1 */
2717 0xE1540003, /* cmp r4, r3 */
2718 0x1AFFFFF1, /* bne nbyte */
2720 0xEAFFFFFE, /* b end */
2721 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2726 if (target_alloc_working_area(target
, sizeof(arm7_9_crc_code
), &crc_algorithm
) != ERROR_OK
)
2728 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2731 /* convert flash writing code into a buffer in target endianness */
2732 for (i
= 0; i
< (sizeof(arm7_9_crc_code
)/sizeof(u32
)); i
++)
2734 if ((retval
=target_write_u32(target
, crc_algorithm
->address
+ i
*sizeof(u32
), arm7_9_crc_code
[i
]))!=ERROR_OK
)
2740 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
2741 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
2742 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
2744 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2745 init_reg_param(®_params
[1], "r1", 32, PARAM_OUT
);
2747 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2748 buf_set_u32(reg_params
[1].value
, 0, 32, count
);
2750 if ((retval
= target_run_algorithm(target
, 0, NULL
, 2, reg_params
,
2751 crc_algorithm
->address
, crc_algorithm
->address
+ (sizeof(arm7_9_crc_code
) - 8), 20000, &armv4_5_info
)) != ERROR_OK
)
2753 LOG_ERROR("error executing arm7_9 crc algorithm");
2754 destroy_reg_param(®_params
[0]);
2755 destroy_reg_param(®_params
[1]);
2756 target_free_working_area(target
, crc_algorithm
);
2760 *checksum
= buf_get_u32(reg_params
[0].value
, 0, 32);
2762 destroy_reg_param(®_params
[0]);
2763 destroy_reg_param(®_params
[1]);
2765 target_free_working_area(target
, crc_algorithm
);
2770 int arm7_9_blank_check_memory(struct target_s
*target
, u32 address
, u32 count
, u32
* blank
)
2772 working_area_t
*erase_check_algorithm
;
2773 reg_param_t reg_params
[3];
2774 armv4_5_algorithm_t armv4_5_info
;
2778 u32 erase_check_code
[] =
2781 0xe4d03001, /* ldrb r3, [r0], #1 */
2782 0xe0022003, /* and r2, r2, r3 */
2783 0xe2511001, /* subs r1, r1, #1 */
2784 0x1afffffb, /* bne loop */
2786 0xeafffffe /* b end */
2789 /* make sure we have a working area */
2790 if (target_alloc_working_area(target
, sizeof(erase_check_code
), &erase_check_algorithm
) != ERROR_OK
)
2792 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2795 /* convert flash writing code into a buffer in target endianness */
2796 for (i
= 0; i
< (sizeof(erase_check_code
)/sizeof(u32
)); i
++)
2797 if ((retval
= target_write_u32(target
, erase_check_algorithm
->address
+ i
*sizeof(u32
), erase_check_code
[i
])) != ERROR_OK
)
2802 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
2803 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
2804 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
2806 init_reg_param(®_params
[0], "r0", 32, PARAM_OUT
);
2807 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2809 init_reg_param(®_params
[1], "r1", 32, PARAM_OUT
);
2810 buf_set_u32(reg_params
[1].value
, 0, 32, count
);
2812 init_reg_param(®_params
[2], "r2", 32, PARAM_IN_OUT
);
2813 buf_set_u32(reg_params
[2].value
, 0, 32, 0xff);
2815 if ((retval
= target_run_algorithm(target
, 0, NULL
, 3, reg_params
,
2816 erase_check_algorithm
->address
, erase_check_algorithm
->address
+ (sizeof(erase_check_code
) - 4), 10000, &armv4_5_info
)) != ERROR_OK
)
2818 destroy_reg_param(®_params
[0]);
2819 destroy_reg_param(®_params
[1]);
2820 destroy_reg_param(®_params
[2]);
2821 target_free_working_area(target
, erase_check_algorithm
);
2825 *blank
= buf_get_u32(reg_params
[2].value
, 0, 32);
2827 destroy_reg_param(®_params
[0]);
2828 destroy_reg_param(®_params
[1]);
2829 destroy_reg_param(®_params
[2]);
2831 target_free_working_area(target
, erase_check_algorithm
);
2836 int arm7_9_register_commands(struct command_context_s
*cmd_ctx
)
2838 command_t
*arm7_9_cmd
;
2840 arm7_9_cmd
= register_command(cmd_ctx
, NULL
, "arm7_9", NULL
, COMMAND_ANY
, "arm7/9 specific commands");
2842 register_command(cmd_ctx
, arm7_9_cmd
, "write_xpsr", handle_arm7_9_write_xpsr_command
, COMMAND_EXEC
, "write program status register <value> <not cpsr|spsr>");
2843 register_command(cmd_ctx
, arm7_9_cmd
, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command
, COMMAND_EXEC
, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2845 register_command(cmd_ctx
, arm7_9_cmd
, "write_core_reg", handle_arm7_9_write_core_reg_command
, COMMAND_EXEC
, "write core register <num> <mode> <value>");
2847 register_command(cmd_ctx
, arm7_9_cmd
, "dbgrq", handle_arm7_9_dbgrq_command
,
2848 COMMAND_ANY
, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2849 register_command(cmd_ctx
, arm7_9_cmd
, "fast_memory_access", handle_arm7_9_fast_memory_access_command
,
2850 COMMAND_ANY
, "use fast memory accesses instead of slower but potentially safer accesses <enable|disable>");
2851 register_command(cmd_ctx
, arm7_9_cmd
, "dcc_downloads", handle_arm7_9_dcc_downloads_command
,
2852 COMMAND_ANY
, "use DCC downloads for larger memory writes <enable|disable>");
2854 armv4_5_register_commands(cmd_ctx
);
2856 etm_register_commands(cmd_ctx
);
2861 int handle_arm7_9_write_xpsr_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
)
2866 target_t
*target
= get_current_target(cmd_ctx
);
2867 armv4_5_common_t
*armv4_5
;
2868 arm7_9_common_t
*arm7_9
;
2870 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2872 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2876 if (target
->state
!= TARGET_HALTED
)
2878 command_print(cmd_ctx
, "can't write registers while running");
2884 command_print(cmd_ctx
, "usage: write_xpsr <value> <not cpsr|spsr>");
2888 value
= strtoul(args
[0], NULL
, 0);
2889 spsr
= strtol(args
[1], NULL
, 0);
2891 /* if we're writing the CPSR, mask the T bit */
2895 arm7_9
->write_xpsr(target
, value
, spsr
);
2896 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2898 LOG_ERROR("JTAG error while writing to xpsr");
2905 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
)
2911 target_t
*target
= get_current_target(cmd_ctx
);
2912 armv4_5_common_t
*armv4_5
;
2913 arm7_9_common_t
*arm7_9
;
2915 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2917 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2921 if (target
->state
!= TARGET_HALTED
)
2923 command_print(cmd_ctx
, "can't write registers while running");
2929 command_print(cmd_ctx
, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2933 value
= strtoul(args
[0], NULL
, 0);
2934 rotate
= strtol(args
[1], NULL
, 0);
2935 spsr
= strtol(args
[2], NULL
, 0);
2937 arm7_9
->write_xpsr_im8(target
, value
, rotate
, spsr
);
2938 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2940 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2947 int handle_arm7_9_write_core_reg_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
)
2952 target_t
*target
= get_current_target(cmd_ctx
);
2953 armv4_5_common_t
*armv4_5
;
2954 arm7_9_common_t
*arm7_9
;
2956 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2958 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2962 if (target
->state
!= TARGET_HALTED
)
2964 command_print(cmd_ctx
, "can't write registers while running");
2970 command_print(cmd_ctx
, "usage: write_core_reg <num> <mode> <value>");
2974 num
= strtol(args
[0], NULL
, 0);
2975 mode
= strtoul(args
[1], NULL
, 0);
2976 value
= strtoul(args
[2], NULL
, 0);
2978 return arm7_9_write_core_reg(target
, num
, mode
, value
);
2981 int handle_arm7_9_dbgrq_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
)
2983 target_t
*target
= get_current_target(cmd_ctx
);
2984 armv4_5_common_t
*armv4_5
;
2985 arm7_9_common_t
*arm7_9
;
2987 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2989 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2995 if (strcmp("enable", args
[0]) == 0)
2997 arm7_9
->use_dbgrq
= 1;
2999 else if (strcmp("disable", args
[0]) == 0)
3001 arm7_9
->use_dbgrq
= 0;
3005 command_print(cmd_ctx
, "usage: arm7_9 dbgrq <enable|disable>");
3009 command_print(cmd_ctx
, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
3014 int handle_arm7_9_fast_memory_access_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
)
3016 target_t
*target
= get_current_target(cmd_ctx
);
3017 armv4_5_common_t
*armv4_5
;
3018 arm7_9_common_t
*arm7_9
;
3020 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
3022 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
3028 if (strcmp("enable", args
[0]) == 0)
3030 arm7_9
->fast_memory_access
= 1;
3032 else if (strcmp("disable", args
[0]) == 0)
3034 arm7_9
->fast_memory_access
= 0;
3038 command_print(cmd_ctx
, "usage: arm7_9 fast_memory_access <enable|disable>");
3042 command_print(cmd_ctx
, "fast memory access is %s", (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
3047 int handle_arm7_9_dcc_downloads_command(struct command_context_s
*cmd_ctx
, char *cmd
, char **args
, int argc
)
3049 target_t
*target
= get_current_target(cmd_ctx
);
3050 armv4_5_common_t
*armv4_5
;
3051 arm7_9_common_t
*arm7_9
;
3053 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
3055 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
3061 if (strcmp("enable", args
[0]) == 0)
3063 arm7_9
->dcc_downloads
= 1;
3065 else if (strcmp("disable", args
[0]) == 0)
3067 arm7_9
->dcc_downloads
= 0;
3071 command_print(cmd_ctx
, "usage: arm7_9 dcc_downloads <enable|disable>");
3075 command_print(cmd_ctx
, "dcc downloads are %s", (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
3080 int arm7_9_init_arch_info(target_t
*target
, arm7_9_common_t
*arm7_9
)
3082 int retval
= ERROR_OK
;
3083 armv4_5_common_t
*armv4_5
= &arm7_9
->armv4_5_common
;
3085 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
3087 if((retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
)) != ERROR_OK
)
3092 arm7_9
->wp_available
= 0; /* this is set up in arm7_9_clear_watchpoints() */
3093 arm7_9
->wp_available_max
= 2;
3094 arm7_9
->sw_breakpoints_added
= 0;
3095 arm7_9
->breakpoint_count
= 0;
3096 arm7_9
->wp0_used
= 0;
3097 arm7_9
->wp1_used
= 0;
3098 arm7_9
->wp1_used_default
= 0;
3099 arm7_9
->use_dbgrq
= 0;
3101 arm7_9
->etm_ctx
= NULL
;
3102 arm7_9
->has_single_step
= 0;
3103 arm7_9
->has_monitor_mode
= 0;
3104 arm7_9
->has_vector_catch
= 0;
3106 arm7_9
->debug_entry_from_reset
= 0;
3108 arm7_9
->dcc_working_area
= NULL
;
3110 arm7_9
->fast_memory_access
= fast_and_dangerous
;
3111 arm7_9
->dcc_downloads
= fast_and_dangerous
;
3113 arm7_9
->need_bypass_before_restart
= 0;
3115 armv4_5
->arch_info
= arm7_9
;
3116 armv4_5
->read_core_reg
= arm7_9_read_core_reg
;
3117 armv4_5
->write_core_reg
= arm7_9_write_core_reg
;
3118 armv4_5
->full_context
= arm7_9_full_context
;
3120 if((retval
= armv4_5_init_arch_info(target
, armv4_5
)) != ERROR_OK
)
3125 if((retval
= target_register_timer_callback(arm7_9_handle_target_request
, 1, 1, target
)) != ERROR_OK
)
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)