1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm11_dbgtap.h"
34 #include "arm_simulator.h"
35 #include <helper/time_support.h>
36 #include "target_type.h"
37 #include "algorithm.h"
39 #include "arm_opcodes.h"
43 #define _DEBUG_INSTRUCTION_EXECUTION_
47 /* FIXME none of these flags should be global to all ARM11 cores!
48 * Most of them shouldn't exist at all, once the code works...
50 static bool arm11_config_memwrite_burst
= true;
51 static bool arm11_config_memwrite_error_fatal
= true;
52 static uint32_t arm11_vcr
= 0;
53 static bool arm11_config_step_irq_enable
= false;
54 static bool arm11_config_hardware_step
= false;
56 static int arm11_step(struct target
*target
, int current
,
57 uint32_t address
, int handle_breakpoints
);
60 /** Check and if necessary take control of the system
62 * \param arm11 Target state variable.
64 static int arm11_check_init(struct arm11_common
*arm11
)
66 CHECK_RETVAL(arm11_read_DSCR(arm11
));
67 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
69 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
))
71 LOG_DEBUG("Bringing target into debug mode");
73 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
74 arm11_write_DSCR(arm11
, arm11
->dscr
);
76 /* add further reset initialization here */
78 arm11
->simulate_reset_on_next_halt
= true;
80 if (arm11
->dscr
& DSCR_CORE_HALTED
)
82 /** \todo TODO: this needs further scrutiny because
83 * arm11_debug_entry() never gets called. (WHY NOT?)
84 * As a result we don't read the actual register states from
88 arm11
->arm
.target
->state
= TARGET_HALTED
;
89 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
93 arm11
->arm
.target
->state
= TARGET_RUNNING
;
94 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
97 arm11_sc7_clear_vbw(arm11
);
104 * Save processor state. This is called after a HALT instruction
105 * succeeds, and on other occasions the processor enters debug mode
106 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
108 static int arm11_debug_entry(struct arm11_common
*arm11
)
112 arm11
->arm
.target
->state
= TARGET_HALTED
;
113 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
115 /* REVISIT entire cache should already be invalid !!! */
116 register_cache_invalidate(arm11
->arm
.core_cache
);
118 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
120 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
121 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
122 if (arm11
->is_wdtr_saved
)
124 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
126 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
128 struct scan_field chain5_fields
[3];
130 arm11_setup_field(arm11
, 32, NULL
,
131 &arm11
->saved_wdtr
, chain5_fields
+ 0);
132 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
133 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
135 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
139 /* DSCR: set the Execute ARM instruction enable bit.
141 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
142 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
143 * for executing instructions via ITR.
145 arm11_write_DSCR(arm11
, DSCR_ITR_EN
| arm11
->dscr
);
149 Before executing any instruction in debug state you have to drain the write buffer.
150 This ensures that no imprecise Data Aborts can return at a later point:*/
152 /** \todo TODO: Test drain write buffer. */
157 /* MRC p14,0,R0,c5,c10,0 */
158 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
160 /* mcr 15, 0, r0, cr7, cr10, {4} */
161 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
163 uint32_t dscr
= arm11_read_DSCR(arm11
);
165 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
167 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
)
169 arm11_run_instr_no_data1(arm11
, 0xe320f000);
171 dscr
= arm11_read_DSCR(arm11
);
173 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
182 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
183 * CPSR and PC after the rDTR stuff. We do it all at once.
185 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
186 if (retval
!= ERROR_OK
)
187 LOG_ERROR("DPM REG READ -- fail %d", retval
);
189 retval
= arm11_run_instr_data_prepare(arm11
);
190 if (retval
!= ERROR_OK
)
193 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
194 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
195 if (arm11
->is_rdtr_saved
)
197 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
198 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
199 0xEE100E15, &arm11
->saved_rdtr
);
200 if (retval
!= ERROR_OK
)
204 /* REVISIT Now that we've saved core state, there's may also
205 * be MMU and cache state to care about ...
208 if (arm11
->simulate_reset_on_next_halt
)
210 arm11
->simulate_reset_on_next_halt
= false;
212 LOG_DEBUG("Reset c1 Control Register");
214 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
216 /* MCR p15,0,R0,c1,c0,0 */
217 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
218 if (retval
!= ERROR_OK
)
223 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
226 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
227 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
228 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
230 if (retval
!= ERROR_OK
)
232 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
236 retval
= arm11_run_instr_data_finish(arm11
);
237 if (retval
!= ERROR_OK
)
244 * Restore processor state. This is called in preparation for
245 * the RESTART function.
247 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
251 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
253 /* NOTE: the ARM1136 TRM suggests restoring all registers
254 * except R0/PC/CPSR right now. Instead, we do them all
255 * at once, just a bit later on.
258 /* REVISIT once we start caring about MMU and cache state,
259 * address it here ...
262 /* spec says clear wDTR and rDTR; we assume they are clear as
263 otherwise our programming would be sloppy */
265 CHECK_RETVAL(arm11_read_DSCR(arm11
));
267 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
))
270 The wDTR/rDTR two registers that are used to send/receive data to/from
271 the core in tandem with corresponding instruction codes that are
272 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
273 registers hold data that was written by one side (CPU or JTAG) and not
274 read out by the other side.
276 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
277 (unsigned) arm11
->dscr
);
282 /* maybe restore original wDTR */
283 if (arm11
->is_wdtr_saved
)
285 retval
= arm11_run_instr_data_prepare(arm11
);
286 if (retval
!= ERROR_OK
)
289 /* MCR p14,0,R0,c0,c5,0 */
290 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
291 0xee000e15, arm11
->saved_wdtr
);
292 if (retval
!= ERROR_OK
)
295 retval
= arm11_run_instr_data_finish(arm11
);
296 if (retval
!= ERROR_OK
)
300 /* restore CPSR, PC, and R0 ... after flushing any modified
303 retval
= arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
);
305 retval
= arm11_bpwp_flush(arm11
);
307 register_cache_invalidate(arm11
->arm
.core_cache
);
310 arm11_write_DSCR(arm11
, arm11
->dscr
);
312 /* maybe restore rDTR */
313 if (arm11
->is_rdtr_saved
)
315 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
317 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
319 struct scan_field chain5_fields
[3];
321 uint8_t Ready
= 0; /* ignored */
322 uint8_t Valid
= 0; /* ignored */
324 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
325 NULL
, chain5_fields
+ 0);
326 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
327 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
329 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
332 /* now processor is ready to RESTART */
337 /* poll current target status */
338 static int arm11_poll(struct target
*target
)
341 struct arm11_common
*arm11
= target_to_arm11(target
);
343 CHECK_RETVAL(arm11_check_init(arm11
));
345 if (arm11
->dscr
& DSCR_CORE_HALTED
)
347 if (target
->state
!= TARGET_HALTED
)
349 enum target_state old_state
= target
->state
;
351 LOG_DEBUG("enter TARGET_HALTED");
352 retval
= arm11_debug_entry(arm11
);
353 if (retval
!= ERROR_OK
)
356 target_call_event_callbacks(target
,
357 (old_state
== TARGET_DEBUG_RUNNING
)
358 ? TARGET_EVENT_DEBUG_HALTED
359 : TARGET_EVENT_HALTED
);
364 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
)
366 LOG_DEBUG("enter TARGET_RUNNING");
367 target
->state
= TARGET_RUNNING
;
368 target
->debug_reason
= DBG_REASON_NOTHALTED
;
374 /* architecture specific status reply */
375 static int arm11_arch_state(struct target
*target
)
377 struct arm11_common
*arm11
= target_to_arm11(target
);
380 retval
= arm_arch_state(target
);
382 /* REVISIT also display ARM11-specific MMU and cache status ... */
384 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
385 LOG_USER("Watchpoint triggered at PC %#08x",
386 (unsigned) arm11
->dpm
.wp_pc
);
391 /* target request support */
392 static int arm11_target_request_data(struct target
*target
,
393 uint32_t size
, uint8_t *buffer
)
395 LOG_WARNING("Not implemented: %s", __func__
);
400 /* target execution control */
401 static int arm11_halt(struct target
*target
)
403 struct arm11_common
*arm11
= target_to_arm11(target
);
405 LOG_DEBUG("target->state: %s",
406 target_state_name(target
));
408 if (target
->state
== TARGET_UNKNOWN
)
410 arm11
->simulate_reset_on_next_halt
= true;
413 if (target
->state
== TARGET_HALTED
)
415 LOG_DEBUG("target was already halted");
419 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
421 CHECK_RETVAL(jtag_execute_queue());
427 CHECK_RETVAL(arm11_read_DSCR(arm11
));
429 if (arm11
->dscr
& DSCR_CORE_HALTED
)
440 if ((timeval_ms()-then
) > 1000)
442 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
449 enum target_state old_state
= target
->state
;
451 arm11_debug_entry(arm11
);
454 target_call_event_callbacks(target
,
455 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
461 arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
463 void *value
= arm11
->arm
.core_cache
->reg_list
[15].value
;
466 buf_set_u32(value
, 0, 32, address
);
468 address
= buf_get_u32(value
, 0, 32);
473 static int arm11_resume(struct target
*target
, int current
,
474 uint32_t address
, int handle_breakpoints
, int debug_execution
)
476 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
477 // current, address, handle_breakpoints, debug_execution);
479 struct arm11_common
*arm11
= target_to_arm11(target
);
481 LOG_DEBUG("target->state: %s",
482 target_state_name(target
));
485 if (target
->state
!= TARGET_HALTED
)
487 LOG_ERROR("Target not halted");
488 return ERROR_TARGET_NOT_HALTED
;
491 address
= arm11_nextpc(arm11
, current
, address
);
493 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
495 /* clear breakpoints/watchpoints and VCR*/
496 arm11_sc7_clear_vbw(arm11
);
498 if (!debug_execution
)
499 target_free_all_working_areas(target
);
501 /* Set up breakpoints */
502 if (handle_breakpoints
)
504 /* check if one matches PC and step over it if necessary */
506 struct breakpoint
* bp
;
508 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
510 if (bp
->address
== address
)
512 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
513 arm11_step(target
, 1, 0, 0);
518 /* set all breakpoints */
520 unsigned brp_num
= 0;
522 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
524 struct arm11_sc7_action brp
[2];
527 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
528 brp
[0].value
= bp
->address
;
530 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
531 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
533 arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
));
535 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
542 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
545 arm11_leave_debug_state(arm11
, handle_breakpoints
);
547 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
549 CHECK_RETVAL(jtag_execute_queue());
554 CHECK_RETVAL(arm11_read_DSCR(arm11
));
556 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
558 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
569 if ((timeval_ms()-then
) > 1000)
571 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
578 target
->debug_reason
= DBG_REASON_NOTHALTED
;
579 if (!debug_execution
)
580 target
->state
= TARGET_RUNNING
;
582 target
->state
= TARGET_DEBUG_RUNNING
;
583 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
588 static int arm11_step(struct target
*target
, int current
,
589 uint32_t address
, int handle_breakpoints
)
591 LOG_DEBUG("target->state: %s",
592 target_state_name(target
));
594 if (target
->state
!= TARGET_HALTED
)
596 LOG_WARNING("target was not halted");
597 return ERROR_TARGET_NOT_HALTED
;
600 struct arm11_common
*arm11
= target_to_arm11(target
);
602 address
= arm11_nextpc(arm11
, current
, address
);
604 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
607 /** \todo TODO: Thumb not supported here */
609 uint32_t next_instruction
;
611 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
614 if ((next_instruction
& 0xFFF00070) == 0xe1200070)
616 address
= arm11_nextpc(arm11
, 0, address
+ 4);
617 LOG_DEBUG("Skipping BKPT");
619 /* skip over Wait for interrupt / Standby */
620 /* mcr 15, 0, r?, cr7, cr0, {4} */
621 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90)
623 address
= arm11_nextpc(arm11
, 0, address
+ 4);
624 LOG_DEBUG("Skipping WFI");
626 /* ignore B to self */
627 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
629 LOG_DEBUG("Not stepping jump to self");
633 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
636 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
637 * the VCR might be something worth looking into. */
640 /* Set up breakpoint for stepping */
642 struct arm11_sc7_action brp
[2];
645 brp
[0].address
= ARM11_SC7_BVR0
;
647 brp
[1].address
= ARM11_SC7_BCR0
;
649 if (arm11_config_hardware_step
)
651 /* Hardware single stepping ("instruction address
652 * mismatch") is used if enabled. It's not quite
653 * exactly "run one instruction"; "branch to here"
654 * loops won't break, neither will some other cases,
655 * but it's probably the best default.
657 * Hardware single stepping isn't supported on v6
658 * debug modules. ARM1176 and v7 can support it...
660 * FIXME Thumb stepping likely needs to use 0x03
661 * or 0xc0 byte masks, not 0x0f.
663 brp
[0].value
= address
;
664 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
665 | (0 << 14) | (0 << 16) | (0 << 20)
669 /* Sets a breakpoint on the next PC, as calculated
670 * by instruction set simulation.
672 * REVISIT stepping Thumb on ARM1156 requires Thumb2
673 * support from the simulator.
678 retval
= arm_simulate_step(target
, &next_pc
);
679 if (retval
!= ERROR_OK
)
682 brp
[0].value
= next_pc
;
683 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
684 | (0 << 14) | (0 << 16) | (0 << 20)
688 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
693 if (arm11_config_step_irq_enable
)
694 /* this disable should be redundant ... */
695 arm11
->dscr
&= ~DSCR_INT_DIS
;
697 arm11
->dscr
|= DSCR_INT_DIS
;
700 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
702 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
704 CHECK_RETVAL(jtag_execute_queue());
711 const uint32_t mask
= DSCR_CORE_RESTARTED
714 CHECK_RETVAL(arm11_read_DSCR(arm11
));
715 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
717 if ((arm11
->dscr
& mask
) == mask
)
727 if ((timeval_ms()-then
) > 1000)
729 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
736 /* clear breakpoint */
737 arm11_sc7_clear_vbw(arm11
);
740 CHECK_RETVAL(arm11_debug_entry(arm11
));
742 /* restore default state */
743 arm11
->dscr
&= ~DSCR_INT_DIS
;
747 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
749 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
754 static int arm11_assert_reset(struct target
*target
)
756 struct arm11_common
*arm11
= target_to_arm11(target
);
758 /* optionally catch reset vector */
759 if (target
->reset_halt
&& !(arm11_vcr
& 1))
760 arm11_sc7_set_vcr(arm11
, arm11_vcr
| 1);
762 /* Issue some kind of warm reset. */
763 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
)) {
764 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
765 } else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
766 /* REVISIT handle "pulls" cases, if there's
767 * hardware that needs them to work.
769 jtag_add_reset(0, 1);
771 LOG_ERROR("%s: how to reset?", target_name(target
));
775 /* registers are now invalid */
776 register_cache_invalidate(arm11
->arm
.core_cache
);
778 target
->state
= TARGET_RESET
;
784 * - There is another bug in the arm11 core. (iMX31 specific again?)
785 * When you generate an access to external logic (for example DDR
786 * controller via AHB bus) and that block is not configured (perhaps
787 * it is still held in reset), that transaction will never complete.
788 * This will hang arm11 core but it will also hang JTAG controller.
789 * Nothing short of srst assertion will bring it out of this.
792 static int arm11_deassert_reset(struct target
*target
)
794 struct arm11_common
*arm11
= target_to_arm11(target
);
797 /* be certain SRST is off */
798 jtag_add_reset(0, 0);
800 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
801 * at least DSCR. OMAP24xx doesn't show that problem, though
802 * SRST-only reset seems to be problematic for other reasons.
803 * (Secure boot sequences being one likelihood!)
807 retval
= arm11_poll(target
);
809 if (target
->reset_halt
) {
810 if (target
->state
!= TARGET_HALTED
) {
811 LOG_WARNING("%s: ran after reset and before halt ...",
812 target_name(target
));
813 if ((retval
= target_halt(target
)) != ERROR_OK
)
818 /* maybe restore vector catch config */
819 if (target
->reset_halt
&& !(arm11_vcr
& 1))
820 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
825 static int arm11_soft_reset_halt(struct target
*target
)
827 LOG_WARNING("Not implemented: %s", __func__
);
832 /* target memory access
833 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
834 * count: number of items of <size>
836 * arm11_config_memrw_no_increment - in the future we may want to be able
837 * to read/write a range of data to a "port". a "port" is an action on
838 * read memory address for some peripheral.
840 static int arm11_read_memory_inner(struct target
*target
,
841 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
842 bool arm11_config_memrw_no_increment
)
844 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
847 if (target
->state
!= TARGET_HALTED
)
849 LOG_WARNING("target was not halted");
850 return ERROR_TARGET_NOT_HALTED
;
853 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
855 struct arm11_common
*arm11
= target_to_arm11(target
);
857 retval
= arm11_run_instr_data_prepare(arm11
);
858 if (retval
!= ERROR_OK
)
861 /* MRC p14,0,r0,c0,c5,0 */
862 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
863 if (retval
!= ERROR_OK
)
869 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
871 for (size_t i
= 0; i
< count
; i
++)
873 /* ldrb r1, [r0], #1 */
875 arm11_run_instr_no_data1(arm11
,
876 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000);
879 /* MCR p14,0,R1,c0,c5,0 */
880 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
889 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
891 for (size_t i
= 0; i
< count
; i
++)
893 /* ldrh r1, [r0], #2 */
894 arm11_run_instr_no_data1(arm11
,
895 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0);
899 /* MCR p14,0,R1,c0,c5,0 */
900 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
902 uint16_t svalue
= res
;
903 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
911 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
912 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
913 uint32_t *words
= (uint32_t *)buffer
;
915 /* LDC p14,c5,[R0],#4 */
916 /* LDC p14,c5,[R0] */
917 arm11_run_instr_data_from_core(arm11
, instr
, words
, count
);
922 return arm11_run_instr_data_finish(arm11
);
925 static int arm11_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
927 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
931 * no_increment - in the future we may want to be able
932 * to read/write a range of data to a "port". a "port" is an action on
933 * read memory address for some peripheral.
935 static int arm11_write_memory_inner(struct target
*target
,
936 uint32_t address
, uint32_t size
,
937 uint32_t count
, uint8_t *buffer
,
942 if (target
->state
!= TARGET_HALTED
)
944 LOG_WARNING("target was not halted");
945 return ERROR_TARGET_NOT_HALTED
;
948 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
950 struct arm11_common
*arm11
= target_to_arm11(target
);
952 retval
= arm11_run_instr_data_prepare(arm11
);
953 if (retval
!= ERROR_OK
)
956 /* MRC p14,0,r0,c0,c5,0 */
957 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
958 if (retval
!= ERROR_OK
)
961 /* burst writes are not used for single words as those may well be
962 * reset init script writes.
964 * The other advantage is that as burst writes are default, we'll
965 * now exercise both burst and non-burst code paths with the
966 * default settings, increasing code coverage.
968 bool burst
= arm11_config_memwrite_burst
&& (count
> 1);
974 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
976 for (size_t i
= 0; i
< count
; i
++)
978 /* MRC p14,0,r1,c0,c5,0 */
979 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
980 if (retval
!= ERROR_OK
)
983 /* strb r1, [r0], #1 */
985 retval
= arm11_run_instr_no_data1(arm11
,
989 if (retval
!= ERROR_OK
)
998 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
1000 for (size_t i
= 0; i
< count
; i
++)
1003 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
1005 /* MRC p14,0,r1,c0,c5,0 */
1006 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
1007 if (retval
!= ERROR_OK
)
1010 /* strh r1, [r0], #2 */
1012 retval
= arm11_run_instr_no_data1(arm11
,
1016 if (retval
!= ERROR_OK
)
1024 /* increment: STC p14,c5,[R0],#4 */
1025 /* no increment: STC p14,c5,[R0]*/
1026 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
1028 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1029 uint32_t *words
= (uint32_t*)buffer
;
1031 /* "burst" here just means trusting each instruction executes
1032 * fully before we run the next one: per-word roundtrips, to
1033 * check the Ready flag, are not used.
1036 retval
= arm11_run_instr_data_to_core(arm11
,
1037 instr
, words
, count
);
1039 retval
= arm11_run_instr_data_to_core_noack(arm11
,
1040 instr
, words
, count
);
1041 if (retval
!= ERROR_OK
)
1048 /* r0 verification */
1053 /* MCR p14,0,R0,c0,c5,0 */
1054 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1055 if (retval
!= ERROR_OK
)
1058 if (address
+ size
* count
!= r0
)
1060 LOG_ERROR("Data transfer failed. Expected end "
1061 "address 0x%08x, got 0x%08x",
1062 (unsigned) (address
+ size
* count
),
1066 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1068 if (arm11_config_memwrite_error_fatal
)
1073 return arm11_run_instr_data_finish(arm11
);
1076 static int arm11_write_memory(struct target
*target
,
1077 uint32_t address
, uint32_t size
,
1078 uint32_t count
, uint8_t *buffer
)
1080 /* pointer increment matters only for multi-unit writes ...
1081 * not e.g. to a "reset the chip" controller.
1083 return arm11_write_memory_inner(target
, address
, size
,
1084 count
, buffer
, count
== 1);
1087 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1088 static int arm11_bulk_write_memory(struct target
*target
,
1089 uint32_t address
, uint32_t count
, uint8_t *buffer
)
1091 if (target
->state
!= TARGET_HALTED
)
1093 LOG_WARNING("target was not halted");
1094 return ERROR_TARGET_NOT_HALTED
;
1097 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1100 /* target break-/watchpoint control
1101 * rw: 0 = write, 1 = read, 2 = access
1103 static int arm11_add_breakpoint(struct target
*target
,
1104 struct breakpoint
*breakpoint
)
1106 struct arm11_common
*arm11
= target_to_arm11(target
);
1109 if (breakpoint
->type
== BKPT_SOFT
)
1111 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1112 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1116 if (!arm11
->free_brps
)
1118 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1119 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1122 if (breakpoint
->length
!= 4)
1124 LOG_DEBUG("only breakpoints of four bytes length supported");
1125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1133 static int arm11_remove_breakpoint(struct target
*target
,
1134 struct breakpoint
*breakpoint
)
1136 struct arm11_common
*arm11
= target_to_arm11(target
);
1143 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1145 struct arm11_common
*arm11
;
1147 if (target
->tap
== NULL
)
1150 if (target
->tap
->ir_length
!= 5)
1152 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1153 return ERROR_COMMAND_SYNTAX_ERROR
;
1156 arm11
= calloc(1, sizeof *arm11
);
1160 arm_init_arch_info(target
, &arm11
->arm
);
1162 arm11
->jtag_info
.tap
= target
->tap
;
1163 arm11
->jtag_info
.scann_size
= 5;
1164 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1165 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1166 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1171 static int arm11_init_target(struct command_context
*cmd_ctx
,
1172 struct target
*target
)
1174 /* Initialize anything we can set up without talking to the target */
1178 /* talk to the target and set things up */
1179 static int arm11_examine(struct target
*target
)
1183 struct arm11_common
*arm11
= target_to_arm11(target
);
1184 uint32_t didr
, device_id
;
1185 uint8_t implementor
;
1187 /* FIXME split into do-first-time and do-every-time logic ... */
1191 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1193 struct scan_field idcode_field
;
1195 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1197 arm11_add_dr_scan_vc(1, &idcode_field
, TAP_DRPAUSE
);
1201 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1203 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1205 struct scan_field chain0_fields
[2];
1207 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1208 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1210 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields
), chain0_fields
, TAP_IDLE
);
1212 CHECK_RETVAL(jtag_execute_queue());
1214 /* assume the manufacturer id is ok; check the part # */
1215 switch ((device_id
>> 12) & 0xFFFF)
1221 type
= "ARM11 MPCore";
1227 arm11
->arm
.core_type
= ARM_MODE_MON
;
1231 LOG_ERROR("unexpected ARM11 ID code");
1234 LOG_INFO("found %s", type
);
1236 /* unlikely this could ever fail, but ... */
1237 switch ((didr
>> 16) & 0x0F) {
1238 case ARM11_DEBUG_V6
:
1239 case ARM11_DEBUG_V61
: /* supports security extensions */
1242 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1246 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1248 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1249 arm11
->free_brps
= arm11
->brp
;
1251 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1252 device_id
, implementor
, didr
);
1254 /* as a side-effect this reads DSCR and thus
1255 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1256 * as suggested by the spec.
1259 retval
= arm11_check_init(arm11
);
1260 if (retval
!= ERROR_OK
)
1263 /* Build register cache "late", after target_init(), since we
1264 * want to know if this core supports Secure Monitor mode.
1266 if (!target_was_examined(target
))
1267 retval
= arm11_dpm_init(arm11
, didr
);
1269 /* ETM on ARM11 still uses original scanchain 6 access mode */
1270 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1271 *register_get_last_cache_p(&target
->reg_cache
) =
1272 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1274 retval
= etm_setup(target
);
1277 target_set_examined(target
);
1283 /* FIXME all these BOOL_WRAPPER things should be modifying
1284 * per-instance state, not shared state; ditto the vector
1285 * catch register support. Scan chains with multiple cores
1286 * should be able to say "work with this core like this,
1287 * that core like that". Example, ARM11 MPCore ...
1290 #define ARM11_BOOL_WRAPPER(name, print_name) \
1291 COMMAND_HANDLER(arm11_handle_bool_##name) \
1293 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1294 &arm11_config_##name, print_name); \
1297 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1298 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1299 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1300 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1302 COMMAND_HANDLER(arm11_handle_vcr
)
1308 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11_vcr
);
1311 return ERROR_COMMAND_SYNTAX_ERROR
;
1314 LOG_INFO("VCR 0x%08" PRIx32
"", arm11_vcr
);
1318 static const struct command_registration arm11_mw_command_handlers
[] = {
1321 .handler
= &arm11_handle_bool_memwrite_burst
,
1322 .mode
= COMMAND_ANY
,
1323 .help
= "Enable/Disable potentially risky fast burst mode"
1324 " (default: enabled)",
1327 .name
= "error_fatal",
1328 .handler
= &arm11_handle_bool_memwrite_error_fatal
,
1329 .mode
= COMMAND_ANY
,
1330 .help
= "Terminate program if transfer error was found"
1331 " (default: enabled)",
1333 COMMAND_REGISTRATION_DONE
1335 static const struct command_registration arm11_any_command_handlers
[] = {
1337 /* "hardware_step" is only here to check if the default
1338 * simulate + breakpoint implementation is broken.
1339 * TEMPORARY! NOT DOCUMENTED! */
1340 .name
= "hardware_step",
1341 .handler
= &arm11_handle_bool_hardware_step
,
1342 .mode
= COMMAND_ANY
,
1343 .help
= "DEBUG ONLY - Hardware single stepping"
1344 " (default: disabled)",
1345 .usage
= "(enable|disable)",
1349 .mode
= COMMAND_ANY
,
1350 .help
= "memwrite command group",
1351 .chain
= arm11_mw_command_handlers
,
1354 .name
= "step_irq_enable",
1355 .handler
= &arm11_handle_bool_step_irq_enable
,
1356 .mode
= COMMAND_ANY
,
1357 .help
= "Enable interrupts while stepping"
1358 " (default: disabled)",
1362 .handler
= &arm11_handle_vcr
,
1363 .mode
= COMMAND_ANY
,
1364 .help
= "Control (Interrupt) Vector Catch Register",
1366 COMMAND_REGISTRATION_DONE
1368 static const struct command_registration arm11_command_handlers
[] = {
1370 .chain
= arm_command_handlers
,
1373 .chain
= etm_command_handlers
,
1377 .mode
= COMMAND_ANY
,
1378 .help
= "ARM11 command group",
1379 .chain
= arm11_any_command_handlers
,
1381 COMMAND_REGISTRATION_DONE
1384 /** Holds methods for ARM11xx targets. */
1385 struct target_type arm11_target
= {
1389 .arch_state
= arm11_arch_state
,
1391 .target_request_data
= arm11_target_request_data
,
1394 .resume
= arm11_resume
,
1397 .assert_reset
= arm11_assert_reset
,
1398 .deassert_reset
= arm11_deassert_reset
,
1399 .soft_reset_halt
= arm11_soft_reset_halt
,
1401 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1403 .read_memory
= arm11_read_memory
,
1404 .write_memory
= arm11_write_memory
,
1406 .bulk_write_memory
= arm11_bulk_write_memory
,
1408 .checksum_memory
= arm_checksum_memory
,
1409 .blank_check_memory
= arm_blank_check_memory
,
1411 .add_breakpoint
= arm11_add_breakpoint
,
1412 .remove_breakpoint
= arm11_remove_breakpoint
,
1414 .run_algorithm
= armv4_5_run_algorithm
,
1416 .commands
= arm11_command_handlers
,
1417 .target_create
= arm11_target_create
,
1418 .init_target
= arm11_init_target
,
1419 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)