1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 /***************************************************************************
4 * Copyright (C) 2008 digenius technology GmbH. *
7 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
9 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
11 * Copyright (C) 2009 David Brownell *
12 ***************************************************************************/
19 #include "breakpoints.h"
20 #include "arm11_dbgtap.h"
21 #include "arm_simulator.h"
22 #include <helper/time_support.h>
23 #include "target_type.h"
24 #include "algorithm.h"
26 #include "arm_opcodes.h"
29 #define _DEBUG_INSTRUCTION_EXECUTION_
33 static int arm11_step(struct target
*target
, int current
,
34 target_addr_t address
, int handle_breakpoints
);
37 /** Check and if necessary take control of the system
39 * \param arm11 Target state variable.
41 static int arm11_check_init(struct arm11_common
*arm11
)
43 CHECK_RETVAL(arm11_read_dscr(arm11
));
45 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
)) {
46 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
47 LOG_DEBUG("Bringing target into debug mode");
49 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
50 CHECK_RETVAL(arm11_write_dscr(arm11
, arm11
->dscr
));
52 /* add further reset initialization here */
54 arm11
->simulate_reset_on_next_halt
= true;
56 if (arm11
->dscr
& DSCR_CORE_HALTED
) {
57 /** \todo TODO: this needs further scrutiny because
58 * arm11_debug_entry() never gets called. (WHY NOT?)
59 * As a result we don't read the actual register states from
63 arm11
->arm
.target
->state
= TARGET_HALTED
;
64 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
66 arm11
->arm
.target
->state
= TARGET_RUNNING
;
67 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
70 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
77 * Save processor state. This is called after a HALT instruction
78 * succeeds, and on other occasions the processor enters debug mode
79 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
81 static int arm11_debug_entry(struct arm11_common
*arm11
)
85 arm11
->arm
.target
->state
= TARGET_HALTED
;
86 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
88 /* REVISIT entire cache should already be invalid !!! */
89 register_cache_invalidate(arm11
->arm
.core_cache
);
91 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
93 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
94 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
95 if (arm11
->is_wdtr_saved
) {
96 arm11_add_debug_scan_n(arm11
, 0x05, ARM11_TAP_DEFAULT
);
98 arm11_add_ir(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
100 struct scan_field chain5_fields
[3];
102 arm11_setup_field(arm11
, 32, NULL
,
103 &arm11
->saved_wdtr
, chain5_fields
+ 0);
104 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
105 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
107 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
108 chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
112 /* DSCR: set the Execute ARM instruction enable bit.
114 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
115 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
116 * for executing instructions via ITR.
118 CHECK_RETVAL(arm11_write_dscr(arm11
, DSCR_ITR_EN
| arm11
->dscr
));
122 Before executing any instruction in debug state you have to drain the write buffer.
123 This ensures that no imprecise Data Aborts can return at a later point:*/
125 /** \todo TODO: Test drain write buffer. */
129 /* MRC p14,0,R0,c5,c10,0 */
130 /* arm11_run_instr_no_data1(arm11, / *0xee150e1a* /0xe320f000); */
132 /* mcr 15, 0, r0, cr7, cr10, {4} */
133 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
135 uint32_t dscr
= arm11_read_dscr(arm11
);
137 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
139 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
) {
140 arm11_run_instr_no_data1(arm11
, 0xe320f000);
142 dscr
= arm11_read_dscr(arm11
);
144 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
153 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
154 * CPSR and PC after the rDTR stuff. We do it all at once.
156 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
157 if (retval
!= ERROR_OK
)
158 LOG_ERROR("DPM REG READ -- fail");
160 retval
= arm11_run_instr_data_prepare(arm11
);
161 if (retval
!= ERROR_OK
)
164 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
165 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
166 if (arm11
->is_rdtr_saved
) {
167 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
168 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
169 0xEE100E15, &arm11
->saved_rdtr
);
170 if (retval
!= ERROR_OK
)
174 /* REVISIT Now that we've saved core state, there's may also
175 * be MMU and cache state to care about ...
178 if (arm11
->simulate_reset_on_next_halt
) {
179 arm11
->simulate_reset_on_next_halt
= false;
181 LOG_DEBUG("Reset c1 Control Register");
183 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
185 /* MCR p15,0,R0,c1,c0,0 */
186 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
187 if (retval
!= ERROR_OK
)
192 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
195 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
196 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
197 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
199 if (retval
!= ERROR_OK
)
201 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
205 retval
= arm11_run_instr_data_finish(arm11
);
206 if (retval
!= ERROR_OK
)
213 * Restore processor state. This is called in preparation for
214 * the RESTART function.
216 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
220 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
222 /* NOTE: the ARM1136 TRM suggests restoring all registers
223 * except R0/PC/CPSR right now. Instead, we do them all
224 * at once, just a bit later on.
227 /* REVISIT once we start caring about MMU and cache state,
228 * address it here ...
231 /* spec says clear wDTR and rDTR; we assume they are clear as
232 otherwise our programming would be sloppy */
234 CHECK_RETVAL(arm11_read_dscr(arm11
));
236 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
)) {
238 The wDTR/rDTR two registers that are used to send/receive data to/from
239 the core in tandem with corresponding instruction codes that are
240 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
241 registers hold data that was written by one side (CPU or JTAG) and not
242 read out by the other side.
244 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
245 (unsigned) arm11
->dscr
);
250 /* maybe restore original wDTR */
251 if (arm11
->is_wdtr_saved
) {
252 retval
= arm11_run_instr_data_prepare(arm11
);
253 if (retval
!= ERROR_OK
)
256 /* MCR p14,0,R0,c0,c5,0 */
257 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
258 0xee000e15, arm11
->saved_wdtr
);
259 if (retval
!= ERROR_OK
)
262 retval
= arm11_run_instr_data_finish(arm11
);
263 if (retval
!= ERROR_OK
)
267 /* restore CPSR, PC, and R0 ... after flushing any modified
270 CHECK_RETVAL(arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
));
272 CHECK_RETVAL(arm11_bpwp_flush(arm11
));
274 register_cache_invalidate(arm11
->arm
.core_cache
);
277 CHECK_RETVAL(arm11_write_dscr(arm11
, arm11
->dscr
));
279 /* maybe restore rDTR */
280 if (arm11
->is_rdtr_saved
) {
281 arm11_add_debug_scan_n(arm11
, 0x05, ARM11_TAP_DEFAULT
);
283 arm11_add_ir(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
285 struct scan_field chain5_fields
[3];
287 uint8_t ready
= 0; /* ignored */
288 uint8_t valid
= 0; /* ignored */
290 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
291 NULL
, chain5_fields
+ 0);
292 arm11_setup_field(arm11
, 1, &ready
, NULL
, chain5_fields
+ 1);
293 arm11_setup_field(arm11
, 1, &valid
, NULL
, chain5_fields
+ 2);
295 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
296 chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
299 /* now processor is ready to RESTART */
304 /* poll current target status */
305 static int arm11_poll(struct target
*target
)
308 struct arm11_common
*arm11
= target_to_arm11(target
);
310 CHECK_RETVAL(arm11_check_init(arm11
));
312 if (arm11
->dscr
& DSCR_CORE_HALTED
) {
313 if (target
->state
!= TARGET_HALTED
) {
314 enum target_state old_state
= target
->state
;
316 LOG_DEBUG("enter TARGET_HALTED");
317 retval
= arm11_debug_entry(arm11
);
318 if (retval
!= ERROR_OK
)
321 target_call_event_callbacks(target
,
322 (old_state
== TARGET_DEBUG_RUNNING
)
323 ? TARGET_EVENT_DEBUG_HALTED
324 : TARGET_EVENT_HALTED
);
327 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
) {
328 LOG_DEBUG("enter TARGET_RUNNING");
329 target
->state
= TARGET_RUNNING
;
330 target
->debug_reason
= DBG_REASON_NOTHALTED
;
336 /* architecture specific status reply */
337 static int arm11_arch_state(struct target
*target
)
339 struct arm11_common
*arm11
= target_to_arm11(target
);
342 retval
= arm_arch_state(target
);
344 /* REVISIT also display ARM11-specific MMU and cache status ... */
346 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
347 LOG_USER("Watchpoint triggered at PC " TARGET_ADDR_FMT
, arm11
->dpm
.wp_addr
);
352 /* target execution control */
353 static int arm11_halt(struct target
*target
)
355 struct arm11_common
*arm11
= target_to_arm11(target
);
357 LOG_DEBUG("target->state: %s",
358 target_state_name(target
));
360 if (target
->state
== TARGET_UNKNOWN
)
361 arm11
->simulate_reset_on_next_halt
= true;
363 if (target
->state
== TARGET_HALTED
) {
364 LOG_DEBUG("target was already halted");
368 arm11_add_ir(arm11
, ARM11_HALT
, TAP_IDLE
);
370 CHECK_RETVAL(jtag_execute_queue());
375 CHECK_RETVAL(arm11_read_dscr(arm11
));
377 if (arm11
->dscr
& DSCR_CORE_HALTED
)
385 if ((timeval_ms()-then
) > 1000) {
386 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
393 enum target_state old_state
= target
->state
;
395 CHECK_RETVAL(arm11_debug_entry(arm11
));
398 target_call_event_callbacks(target
,
400 TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
405 static uint32_t arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
407 void *value
= arm11
->arm
.pc
->value
;
409 /* use the current program counter */
411 address
= buf_get_u32(value
, 0, 32);
413 /* Make sure that the gdb thumb fixup does not
414 * kill the return address
416 switch (arm11
->arm
.core_state
) {
418 address
&= 0xFFFFFFFC;
420 case ARM_STATE_THUMB
:
421 /* When the return address is loaded into PC
422 * bit 0 must be 1 to stay in Thumb state
427 /* catch-all for JAZELLE and THUMB_EE */
432 buf_set_u32(value
, 0, 32, address
);
433 arm11
->arm
.pc
->dirty
= true;
434 arm11
->arm
.pc
->valid
= true;
439 static int arm11_resume(struct target
*target
, int current
,
440 target_addr_t address
, int handle_breakpoints
, int debug_execution
)
442 /* LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d", */
443 /* current, address, handle_breakpoints, debug_execution); */
445 struct arm11_common
*arm11
= target_to_arm11(target
);
447 LOG_DEBUG("target->state: %s",
448 target_state_name(target
));
451 if (target
->state
!= TARGET_HALTED
) {
452 LOG_ERROR("Target not halted");
453 return ERROR_TARGET_NOT_HALTED
;
456 address
= arm11_nextpc(arm11
, current
, address
);
458 LOG_DEBUG("RESUME PC %08" TARGET_PRIxADDR
"%s", address
, !current
? "!" : "");
460 /* clear breakpoints/watchpoints and VCR*/
461 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
463 if (!debug_execution
)
464 target_free_all_working_areas(target
);
466 /* Should we skip over breakpoints matching the PC? */
467 if (handle_breakpoints
) {
468 struct breakpoint
*bp
;
470 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
) {
471 if (bp
->address
== address
) {
472 LOG_DEBUG("must step over %08" TARGET_PRIxADDR
"", bp
->address
);
473 arm11_step(target
, 1, 0, 0);
479 /* activate all breakpoints */
481 struct breakpoint
*bp
;
482 unsigned brp_num
= 0;
484 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
) {
485 struct arm11_sc7_action brp
[2];
488 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
489 brp
[0].value
= bp
->address
;
491 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
494 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
496 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
498 LOG_DEBUG("Add BP %d at %08" TARGET_PRIxADDR
, brp_num
,
505 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
));
508 /* activate all watchpoints and breakpoints */
509 CHECK_RETVAL(arm11_leave_debug_state(arm11
, true));
511 arm11_add_ir(arm11
, ARM11_RESTART
, TAP_IDLE
);
513 CHECK_RETVAL(jtag_execute_queue());
517 CHECK_RETVAL(arm11_read_dscr(arm11
));
519 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
521 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
529 if ((timeval_ms()-then
) > 1000) {
530 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
537 target
->debug_reason
= DBG_REASON_NOTHALTED
;
538 if (!debug_execution
)
539 target
->state
= TARGET_RUNNING
;
541 target
->state
= TARGET_DEBUG_RUNNING
;
542 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
547 static int arm11_step(struct target
*target
, int current
,
548 target_addr_t address
, int handle_breakpoints
)
550 LOG_DEBUG("target->state: %s",
551 target_state_name(target
));
553 if (target
->state
!= TARGET_HALTED
) {
554 LOG_WARNING("target was not halted");
555 return ERROR_TARGET_NOT_HALTED
;
558 struct arm11_common
*arm11
= target_to_arm11(target
);
560 address
= arm11_nextpc(arm11
, current
, address
);
562 LOG_DEBUG("STEP PC %08" TARGET_PRIxADDR
"%s", address
, !current
? "!" : "");
565 /** \todo TODO: Thumb not supported here */
567 uint32_t next_instruction
;
569 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
572 if ((next_instruction
& 0xFFF00070) == 0xe1200070) {
573 address
= arm11_nextpc(arm11
, 0, address
+ 4);
574 LOG_DEBUG("Skipping BKPT %08" TARGET_PRIxADDR
, address
);
576 /* skip over Wait for interrupt / Standby
577 * mcr 15, 0, r?, cr7, cr0, {4} */
578 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90) {
579 address
= arm11_nextpc(arm11
, 0, address
+ 4);
580 LOG_DEBUG("Skipping WFI %08" TARGET_PRIxADDR
, address
);
582 /* ignore B to self */
583 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
584 LOG_DEBUG("Not stepping jump to self");
586 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
589 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
590 * the VCR might be something worth looking into. */
593 /* Set up breakpoint for stepping */
595 struct arm11_sc7_action brp
[2];
598 brp
[0].address
= ARM11_SC7_BVR0
;
600 brp
[1].address
= ARM11_SC7_BCR0
;
602 if (arm11
->hardware_step
) {
603 /* Hardware single stepping ("instruction address
604 * mismatch") is used if enabled. It's not quite
605 * exactly "run one instruction"; "branch to here"
606 * loops won't break, neither will some other cases,
607 * but it's probably the best default.
609 * Hardware single stepping isn't supported on v6
610 * debug modules. ARM1176 and v7 can support it...
612 * FIXME Thumb stepping likely needs to use 0x03
613 * or 0xc0 byte masks, not 0x0f.
615 brp
[0].value
= address
;
616 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
617 | (0 << 14) | (0 << 16) | (0 << 20)
620 /* Sets a breakpoint on the next PC, as calculated
621 * by instruction set simulation.
623 * REVISIT stepping Thumb on ARM1156 requires Thumb2
624 * support from the simulator.
629 retval
= arm_simulate_step(target
, &next_pc
);
630 if (retval
!= ERROR_OK
)
633 brp
[0].value
= next_pc
;
634 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
635 | (0 << 14) | (0 << 16) | (0 << 20)
639 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
644 if (arm11
->step_irq_enable
)
645 /* this disable should be redundant ... */
646 arm11
->dscr
&= ~DSCR_INT_DIS
;
648 arm11
->dscr
|= DSCR_INT_DIS
;
651 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
653 arm11_add_ir(arm11
, ARM11_RESTART
, TAP_IDLE
);
655 CHECK_RETVAL(jtag_execute_queue());
661 const uint32_t mask
= DSCR_CORE_RESTARTED
664 CHECK_RETVAL(arm11_read_dscr(arm11
));
665 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
667 if ((arm11
->dscr
& mask
) == mask
)
674 if ((timeval_ms()-then
) > 1000) {
676 "Timeout (1000ms) waiting for instructions to complete");
683 /* clear breakpoint */
684 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
687 CHECK_RETVAL(arm11_debug_entry(arm11
));
689 /* restore default state */
690 arm11
->dscr
&= ~DSCR_INT_DIS
;
694 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
696 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
701 static int arm11_assert_reset(struct target
*target
)
703 struct arm11_common
*arm11
= target_to_arm11(target
);
705 if (!(target_was_examined(target
))) {
706 if (jtag_get_reset_config() & RESET_HAS_SRST
)
707 jtag_add_reset(0, 1);
709 LOG_WARNING("Reset is not asserted because the target is not examined.");
710 LOG_WARNING("Use a reset button or power cycle the target.");
711 return ERROR_TARGET_NOT_EXAMINED
;
715 /* optionally catch reset vector */
716 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
717 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
| 1));
719 /* Issue some kind of warm reset. */
720 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
721 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
722 else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
723 /* REVISIT handle "pulls" cases, if there's
724 * hardware that needs them to work.
726 jtag_add_reset(0, 1);
728 LOG_ERROR("%s: how to reset?", target_name(target
));
733 /* registers are now invalid */
734 register_cache_invalidate(arm11
->arm
.core_cache
);
736 target
->state
= TARGET_RESET
;
742 * - There is another bug in the arm11 core. (iMX31 specific again?)
743 * When you generate an access to external logic (for example DDR
744 * controller via AHB bus) and that block is not configured (perhaps
745 * it is still held in reset), that transaction will never complete.
746 * This will hang arm11 core but it will also hang JTAG controller.
747 * Nothing short of srst assertion will bring it out of this.
750 static int arm11_deassert_reset(struct target
*target
)
752 struct arm11_common
*arm11
= target_to_arm11(target
);
755 /* be certain SRST is off */
756 jtag_add_reset(0, 0);
758 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
759 * at least DSCR. OMAP24xx doesn't show that problem, though
760 * SRST-only reset seems to be problematic for other reasons.
761 * (Secure boot sequences being one likelihood!)
765 CHECK_RETVAL(arm11_poll(target
));
767 if (target
->reset_halt
) {
768 if (target
->state
!= TARGET_HALTED
) {
769 LOG_WARNING("%s: ran after reset and before halt ...",
770 target_name(target
));
771 retval
= target_halt(target
);
772 if (retval
!= ERROR_OK
)
777 /* maybe restore vector catch config */
778 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
779 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
));
784 /* target memory access
785 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
786 * count: number of items of <size>
788 * arm11_config_memrw_no_increment - in the future we may want to be able
789 * to read/write a range of data to a "port". a "port" is an action on
790 * read memory address for some peripheral.
792 static int arm11_read_memory_inner(struct target
*target
,
793 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
794 bool arm11_config_memrw_no_increment
)
796 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment
800 if (target
->state
!= TARGET_HALTED
) {
801 LOG_WARNING("target was not halted");
802 return ERROR_TARGET_NOT_HALTED
;
805 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"",
810 struct arm11_common
*arm11
= target_to_arm11(target
);
812 retval
= arm11_run_instr_data_prepare(arm11
);
813 if (retval
!= ERROR_OK
)
816 /* MRC p14,0,r0,c0,c5,0 */
817 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
818 if (retval
!= ERROR_OK
)
823 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
825 for (size_t i
= 0; i
< count
; i
++) {
826 /* ldrb r1, [r0], #1 */
828 CHECK_RETVAL(arm11_run_instr_no_data1(arm11
,
829 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000));
832 /* MCR p14,0,R1,c0,c5,0 */
833 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1));
842 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
844 for (size_t i
= 0; i
< count
; i
++) {
845 /* ldrh r1, [r0], #2 */
846 CHECK_RETVAL(arm11_run_instr_no_data1(arm11
,
847 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0));
851 /* MCR p14,0,R1,c0,c5,0 */
852 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1));
854 uint16_t svalue
= res
;
855 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
863 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
864 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
865 uint32_t *words
= (uint32_t *)(void *)buffer
;
867 /* LDC p14,c5,[R0],#4 */
868 /* LDC p14,c5,[R0] */
869 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, instr
, words
, count
));
874 return arm11_run_instr_data_finish(arm11
);
877 static int arm11_read_memory(struct target
*target
,
878 target_addr_t address
,
883 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
887 * no_increment - in the future we may want to be able
888 * to read/write a range of data to a "port". a "port" is an action on
889 * read memory address for some peripheral.
891 static int arm11_write_memory_inner(struct target
*target
,
892 uint32_t address
, uint32_t size
,
893 uint32_t count
, const uint8_t *buffer
,
898 if (target
->state
!= TARGET_HALTED
) {
899 LOG_WARNING("target was not halted");
900 return ERROR_TARGET_NOT_HALTED
;
903 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"",
908 struct arm11_common
*arm11
= target_to_arm11(target
);
910 retval
= arm11_run_instr_data_prepare(arm11
);
911 if (retval
!= ERROR_OK
)
914 /* load r0 with buffer address
915 * MRC p14,0,r0,c0,c5,0 */
916 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
917 if (retval
!= ERROR_OK
)
920 /* burst writes are not used for single words as those may well be
921 * reset init script writes.
923 * The other advantage is that as burst writes are default, we'll
924 * now exercise both burst and non-burst code paths with the
925 * default settings, increasing code coverage.
927 bool burst
= arm11
->memwrite_burst
&& (count
> 1);
932 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
934 for (size_t i
= 0; i
< count
; i
++) {
935 /* load r1 from DCC with byte data */
936 /* MRC p14,0,r1,c0,c5,0 */
937 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
938 if (retval
!= ERROR_OK
)
941 /* write r1 to memory */
942 /* strb r1, [r0], #1 */
944 retval
= arm11_run_instr_no_data1(arm11
,
945 !no_increment
? 0xe4c01001 : 0xe5c01000);
946 if (retval
!= ERROR_OK
)
955 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
957 for (size_t i
= 0; i
< count
; i
++) {
959 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
961 /* load r1 from DCC with halfword data */
962 /* MRC p14,0,r1,c0,c5,0 */
963 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
964 if (retval
!= ERROR_OK
)
967 /* write r1 to memory */
968 /* strh r1, [r0], #2 */
970 retval
= arm11_run_instr_no_data1(arm11
,
971 !no_increment
? 0xe0c010b2 : 0xe1c010b0);
972 if (retval
!= ERROR_OK
)
980 /* stream word data through DCC directly to memory */
981 /* increment: STC p14,c5,[R0],#4 */
982 /* no increment: STC p14,c5,[R0]*/
983 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
985 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
986 uint32_t *words
= (uint32_t *)(void *)buffer
;
988 /* "burst" here just means trusting each instruction executes
989 * fully before we run the next one: per-word roundtrips, to
990 * check the Ready flag, are not used.
993 retval
= arm11_run_instr_data_to_core(arm11
,
994 instr
, words
, count
);
996 retval
= arm11_run_instr_data_to_core_noack(arm11
,
997 instr
, words
, count
);
998 if (retval
!= ERROR_OK
)
1005 /* r0 verification */
1006 if (!no_increment
) {
1009 /* MCR p14,0,R0,c0,c5,0 */
1010 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1011 if (retval
!= ERROR_OK
)
1014 if (address
+ size
* count
!= r0
) {
1015 LOG_ERROR("Data transfer failed. Expected end "
1016 "address 0x%08x, got 0x%08x",
1017 (unsigned) (address
+ size
* count
),
1022 "use 'arm11 memwrite burst disable' to disable fast burst mode");
1025 if (arm11
->memwrite_error_fatal
)
1030 return arm11_run_instr_data_finish(arm11
);
1033 static int arm11_write_memory(struct target
*target
,
1034 target_addr_t address
, uint32_t size
,
1035 uint32_t count
, const uint8_t *buffer
)
1037 /* pointer increment matters only for multi-unit writes ...
1038 * not e.g. to a "reset the chip" controller.
1040 return arm11_write_memory_inner(target
, address
, size
,
1041 count
, buffer
, count
== 1);
1044 /* target break-/watchpoint control
1045 * rw: 0 = write, 1 = read, 2 = access
1047 static int arm11_add_breakpoint(struct target
*target
,
1048 struct breakpoint
*breakpoint
)
1050 struct arm11_common
*arm11
= target_to_arm11(target
);
1053 if (breakpoint
->type
== BKPT_SOFT
) {
1054 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1055 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1059 if (!arm11
->free_brps
) {
1060 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1061 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1064 if (breakpoint
->length
!= 4) {
1065 LOG_DEBUG("only breakpoints of four bytes length supported");
1066 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1074 static int arm11_remove_breakpoint(struct target
*target
,
1075 struct breakpoint
*breakpoint
)
1077 struct arm11_common
*arm11
= target_to_arm11(target
);
1084 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1086 struct arm11_common
*arm11
;
1091 if (target
->tap
->ir_length
!= 5) {
1092 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1093 return ERROR_COMMAND_SYNTAX_ERROR
;
1096 arm11
= calloc(1, sizeof(*arm11
));
1100 arm11
->arm
.core_type
= ARM_CORE_TYPE_STD
;
1101 arm_init_arch_info(target
, &arm11
->arm
);
1103 arm11
->jtag_info
.tap
= target
->tap
;
1104 arm11
->jtag_info
.scann_size
= 5;
1105 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1106 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1107 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1109 arm11
->memwrite_burst
= true;
1110 arm11
->memwrite_error_fatal
= true;
1115 static int arm11_init_target(struct command_context
*cmd_ctx
,
1116 struct target
*target
)
1118 /* Initialize anything we can set up without talking to the target */
1122 static void arm11_deinit_target(struct target
*target
)
1124 struct arm11_common
*arm11
= target_to_arm11(target
);
1126 arm11_dpm_deinit(arm11
);
1130 /* talk to the target and set things up */
1131 static int arm11_examine(struct target
*target
)
1135 struct arm11_common
*arm11
= target_to_arm11(target
);
1136 uint32_t didr
, device_id
;
1137 uint8_t implementor
;
1139 /* FIXME split into do-first-time and do-every-time logic ... */
1143 arm11_add_ir(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1145 struct scan_field idcode_field
;
1147 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1149 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, 1, &idcode_field
, TAP_DRPAUSE
);
1153 arm11_add_debug_scan_n(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1155 arm11_add_ir(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1157 struct scan_field chain0_fields
[2];
1159 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1160 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1162 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
1163 chain0_fields
), chain0_fields
, TAP_IDLE
);
1165 CHECK_RETVAL(jtag_execute_queue());
1167 /* assume the manufacturer id is ok; check the part # */
1168 switch ((device_id
>> 12) & 0xFFFF) {
1173 type
= "ARM11 MPCore";
1179 arm11
->arm
.core_type
= ARM_CORE_TYPE_SEC_EXT
;
1180 /* NOTE: could default arm11->hardware_step to true */
1184 LOG_ERROR("unexpected ARM11 ID code");
1187 LOG_INFO("found %s", type
);
1189 /* unlikely this could ever fail, but ... */
1190 switch ((didr
>> 16) & 0x0F) {
1191 case ARM11_DEBUG_V6
:
1192 case ARM11_DEBUG_V61
: /* supports security extensions */
1195 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1199 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1201 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1202 arm11
->free_brps
= arm11
->brp
;
1204 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1205 device_id
, implementor
, didr
);
1207 /* Build register cache "late", after target_init(), since we
1208 * want to know if this core supports Secure Monitor mode.
1210 if (!target_was_examined(target
))
1211 CHECK_RETVAL(arm11_dpm_init(arm11
, didr
));
1213 /* as a side-effect this reads DSCR and thus
1214 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1215 * as suggested by the spec.
1218 retval
= arm11_check_init(arm11
);
1219 if (retval
!= ERROR_OK
)
1222 /* ETM on ARM11 still uses original scanchain 6 access mode */
1223 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1224 *register_get_last_cache_p(&target
->reg_cache
) =
1225 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1227 CHECK_RETVAL(etm_setup(target
));
1230 target_set_examined(target
);
1235 #define ARM11_BOOL_WRAPPER(name, print_name) \
1236 COMMAND_HANDLER(arm11_handle_bool_ ## name) \
1238 struct target *target = get_current_target(CMD_CTX); \
1239 struct arm11_common *arm11 = target_to_arm11(target); \
1241 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1242 &arm11->name, print_name); \
1245 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1246 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1247 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1248 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1250 /* REVISIT handle the VCR bits like other ARMs: use symbols for
1251 * input and output values.
1254 COMMAND_HANDLER(arm11_handle_vcr
)
1256 struct target
*target
= get_current_target(CMD_CTX
);
1257 struct arm11_common
*arm11
= target_to_arm11(target
);
1263 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11
->vcr
);
1266 return ERROR_COMMAND_SYNTAX_ERROR
;
1269 LOG_INFO("VCR 0x%08" PRIx32
"", arm11
->vcr
);
1273 static const struct command_registration arm11_mw_command_handlers
[] = {
1276 .handler
= arm11_handle_bool_memwrite_burst
,
1277 .mode
= COMMAND_ANY
,
1278 .help
= "Display or modify flag controlling potentially "
1279 "risky fast burst mode (default: enabled)",
1280 .usage
= "['enable'|'disable']",
1283 .name
= "error_fatal",
1284 .handler
= arm11_handle_bool_memwrite_error_fatal
,
1285 .mode
= COMMAND_ANY
,
1286 .help
= "Display or modify flag controlling transfer "
1287 "termination on transfer errors"
1288 " (default: enabled)",
1289 .usage
= "['enable'|'disable']",
1291 COMMAND_REGISTRATION_DONE
1293 static const struct command_registration arm11_any_command_handlers
[] = {
1295 /* "hardware_step" is only here to check if the default
1296 * simulate + breakpoint implementation is broken.
1297 * TEMPORARY! NOT DOCUMENTED! */
1298 .name
= "hardware_step",
1299 .handler
= arm11_handle_bool_hardware_step
,
1300 .mode
= COMMAND_ANY
,
1301 .help
= "DEBUG ONLY - Hardware single stepping"
1302 " (default: disabled)",
1303 .usage
= "['enable'|'disable']",
1307 .mode
= COMMAND_ANY
,
1308 .help
= "memwrite command group",
1310 .chain
= arm11_mw_command_handlers
,
1313 .name
= "step_irq_enable",
1314 .handler
= arm11_handle_bool_step_irq_enable
,
1315 .mode
= COMMAND_ANY
,
1316 .help
= "Display or modify flag controlling interrupt "
1317 "enable while stepping (default: disabled)",
1318 .usage
= "['enable'|'disable']",
1322 .handler
= arm11_handle_vcr
,
1323 .mode
= COMMAND_ANY
,
1324 .help
= "Display or modify Vector Catch Register",
1327 COMMAND_REGISTRATION_DONE
1330 static const struct command_registration arm11_command_handlers
[] = {
1332 .chain
= arm_command_handlers
,
1335 .chain
= etm_command_handlers
,
1339 .mode
= COMMAND_ANY
,
1340 .help
= "ARM11 command group",
1342 .chain
= arm11_any_command_handlers
,
1344 COMMAND_REGISTRATION_DONE
1347 /** Holds methods for ARM11xx targets. */
1348 struct target_type arm11_target
= {
1352 .arch_state
= arm11_arch_state
,
1355 .resume
= arm11_resume
,
1358 .assert_reset
= arm11_assert_reset
,
1359 .deassert_reset
= arm11_deassert_reset
,
1361 .get_gdb_arch
= arm_get_gdb_arch
,
1362 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1364 .read_memory
= arm11_read_memory
,
1365 .write_memory
= arm11_write_memory
,
1367 .checksum_memory
= arm_checksum_memory
,
1368 .blank_check_memory
= arm_blank_check_memory
,
1370 .add_breakpoint
= arm11_add_breakpoint
,
1371 .remove_breakpoint
= arm11_remove_breakpoint
,
1373 .run_algorithm
= armv4_5_run_algorithm
,
1375 .commands
= arm11_command_handlers
,
1376 .target_create
= arm11_target_create
,
1377 .init_target
= arm11_init_target
,
1378 .deinit_target
= arm11_deinit_target
,
1379 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)