1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include <helper/time_support.h>
34 #include "target_type.h"
35 #include "algorithm.h"
37 #include "arm_opcodes.h"
41 #define _DEBUG_INSTRUCTION_EXECUTION_
45 /* FIXME none of these flags should be global to all ARM11 cores!
46 * Most of them shouldn't exist at all, once the code works...
48 static bool arm11_config_memwrite_burst
= true;
49 static bool arm11_config_memwrite_error_fatal
= true;
50 static uint32_t arm11_vcr
= 0;
51 static bool arm11_config_step_irq_enable
= false;
52 static bool arm11_config_hardware_step
= false;
54 static int arm11_step(struct target
*target
, int current
,
55 uint32_t address
, int handle_breakpoints
);
58 /** Check and if necessary take control of the system
60 * \param arm11 Target state variable.
62 static int arm11_check_init(struct arm11_common
*arm11
)
64 CHECK_RETVAL(arm11_read_DSCR(arm11
));
65 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
67 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
))
69 LOG_DEBUG("Bringing target into debug mode");
71 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
72 arm11_write_DSCR(arm11
, arm11
->dscr
);
74 /* add further reset initialization here */
76 arm11
->simulate_reset_on_next_halt
= true;
78 if (arm11
->dscr
& DSCR_CORE_HALTED
)
80 /** \todo TODO: this needs further scrutiny because
81 * arm11_debug_entry() never gets called. (WHY NOT?)
82 * As a result we don't read the actual register states from
86 arm11
->arm
.target
->state
= TARGET_HALTED
;
87 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
91 arm11
->arm
.target
->state
= TARGET_RUNNING
;
92 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
95 arm11_sc7_clear_vbw(arm11
);
102 * Save processor state. This is called after a HALT instruction
103 * succeeds, and on other occasions the processor enters debug mode
104 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
106 static int arm11_debug_entry(struct arm11_common
*arm11
)
110 arm11
->arm
.target
->state
= TARGET_HALTED
;
111 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
113 /* REVISIT entire cache should already be invalid !!! */
114 register_cache_invalidate(arm11
->arm
.core_cache
);
116 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
118 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
119 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
120 if (arm11
->is_wdtr_saved
)
122 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
124 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
126 struct scan_field chain5_fields
[3];
128 arm11_setup_field(arm11
, 32, NULL
,
129 &arm11
->saved_wdtr
, chain5_fields
+ 0);
130 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
131 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
133 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
137 /* DSCR: set the Execute ARM instruction enable bit.
139 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
140 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
141 * for executing instructions via ITR.
143 arm11_write_DSCR(arm11
, DSCR_ITR_EN
| arm11
->dscr
);
147 Before executing any instruction in debug state you have to drain the write buffer.
148 This ensures that no imprecise Data Aborts can return at a later point:*/
150 /** \todo TODO: Test drain write buffer. */
155 /* MRC p14,0,R0,c5,c10,0 */
156 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
158 /* mcr 15, 0, r0, cr7, cr10, {4} */
159 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
161 uint32_t dscr
= arm11_read_DSCR(arm11
);
163 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
165 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
)
167 arm11_run_instr_no_data1(arm11
, 0xe320f000);
169 dscr
= arm11_read_DSCR(arm11
);
171 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
180 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
181 * CPSR and PC after the rDTR stuff. We do it all at once.
183 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
184 if (retval
!= ERROR_OK
)
185 LOG_ERROR("DPM REG READ -- fail %d", retval
);
187 retval
= arm11_run_instr_data_prepare(arm11
);
188 if (retval
!= ERROR_OK
)
191 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
192 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
193 if (arm11
->is_rdtr_saved
)
195 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
196 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
197 0xEE100E15, &arm11
->saved_rdtr
);
198 if (retval
!= ERROR_OK
)
202 /* REVISIT Now that we've saved core state, there's may also
203 * be MMU and cache state to care about ...
206 if (arm11
->simulate_reset_on_next_halt
)
208 arm11
->simulate_reset_on_next_halt
= false;
210 LOG_DEBUG("Reset c1 Control Register");
212 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
214 /* MCR p15,0,R0,c1,c0,0 */
215 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
216 if (retval
!= ERROR_OK
)
221 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
224 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
225 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
226 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
228 if (retval
!= ERROR_OK
)
230 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
234 retval
= arm11_run_instr_data_finish(arm11
);
235 if (retval
!= ERROR_OK
)
242 * Restore processor state. This is called in preparation for
243 * the RESTART function.
245 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
249 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
251 /* NOTE: the ARM1136 TRM suggests restoring all registers
252 * except R0/PC/CPSR right now. Instead, we do them all
253 * at once, just a bit later on.
256 /* REVISIT once we start caring about MMU and cache state,
257 * address it here ...
260 /* spec says clear wDTR and rDTR; we assume they are clear as
261 otherwise our programming would be sloppy */
263 CHECK_RETVAL(arm11_read_DSCR(arm11
));
265 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
))
268 The wDTR/rDTR two registers that are used to send/receive data to/from
269 the core in tandem with corresponding instruction codes that are
270 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
271 registers hold data that was written by one side (CPU or JTAG) and not
272 read out by the other side.
274 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
275 (unsigned) arm11
->dscr
);
280 /* maybe restore original wDTR */
281 if (arm11
->is_wdtr_saved
)
283 retval
= arm11_run_instr_data_prepare(arm11
);
284 if (retval
!= ERROR_OK
)
287 /* MCR p14,0,R0,c0,c5,0 */
288 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
289 0xee000e15, arm11
->saved_wdtr
);
290 if (retval
!= ERROR_OK
)
293 retval
= arm11_run_instr_data_finish(arm11
);
294 if (retval
!= ERROR_OK
)
298 /* restore CPSR, PC, and R0 ... after flushing any modified
301 retval
= arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
);
303 retval
= arm11_bpwp_flush(arm11
);
305 register_cache_invalidate(arm11
->arm
.core_cache
);
308 arm11_write_DSCR(arm11
, arm11
->dscr
);
310 /* maybe restore rDTR */
311 if (arm11
->is_rdtr_saved
)
313 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
315 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
317 struct scan_field chain5_fields
[3];
319 uint8_t Ready
= 0; /* ignored */
320 uint8_t Valid
= 0; /* ignored */
322 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
323 NULL
, chain5_fields
+ 0);
324 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
325 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
327 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
330 /* now processor is ready to RESTART */
335 /* poll current target status */
336 static int arm11_poll(struct target
*target
)
339 struct arm11_common
*arm11
= target_to_arm11(target
);
341 CHECK_RETVAL(arm11_check_init(arm11
));
343 if (arm11
->dscr
& DSCR_CORE_HALTED
)
345 if (target
->state
!= TARGET_HALTED
)
347 enum target_state old_state
= target
->state
;
349 LOG_DEBUG("enter TARGET_HALTED");
350 retval
= arm11_debug_entry(arm11
);
351 if (retval
!= ERROR_OK
)
354 target_call_event_callbacks(target
,
355 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
);
360 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
)
362 LOG_DEBUG("enter TARGET_RUNNING");
363 target
->state
= TARGET_RUNNING
;
364 target
->debug_reason
= DBG_REASON_NOTHALTED
;
370 /* architecture specific status reply */
371 static int arm11_arch_state(struct target
*target
)
373 struct arm11_common
*arm11
= target_to_arm11(target
);
376 retval
= armv4_5_arch_state(target
);
378 /* REVISIT also display ARM11-specific MMU and cache status ... */
380 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
381 LOG_USER("Watchpoint triggered at PC %#08x",
382 (unsigned) arm11
->dpm
.wp_pc
);
387 /* target request support */
388 static int arm11_target_request_data(struct target
*target
,
389 uint32_t size
, uint8_t *buffer
)
391 LOG_WARNING("Not implemented: %s", __func__
);
396 /* target execution control */
397 static int arm11_halt(struct target
*target
)
399 struct arm11_common
*arm11
= target_to_arm11(target
);
401 LOG_DEBUG("target->state: %s",
402 target_state_name(target
));
404 if (target
->state
== TARGET_UNKNOWN
)
406 arm11
->simulate_reset_on_next_halt
= true;
409 if (target
->state
== TARGET_HALTED
)
411 LOG_DEBUG("target was already halted");
415 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
417 CHECK_RETVAL(jtag_execute_queue());
423 CHECK_RETVAL(arm11_read_DSCR(arm11
));
425 if (arm11
->dscr
& DSCR_CORE_HALTED
)
436 if ((timeval_ms()-then
) > 1000)
438 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
445 enum target_state old_state
= target
->state
;
447 arm11_debug_entry(arm11
);
450 target_call_event_callbacks(target
,
451 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
457 arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
459 void *value
= arm11
->arm
.core_cache
->reg_list
[15].value
;
462 buf_set_u32(value
, 0, 32, address
);
464 address
= buf_get_u32(value
, 0, 32);
469 static int arm11_resume(struct target
*target
, int current
,
470 uint32_t address
, int handle_breakpoints
, int debug_execution
)
472 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
473 // current, address, handle_breakpoints, debug_execution);
475 struct arm11_common
*arm11
= target_to_arm11(target
);
477 LOG_DEBUG("target->state: %s",
478 target_state_name(target
));
481 if (target
->state
!= TARGET_HALTED
)
483 LOG_ERROR("Target not halted");
484 return ERROR_TARGET_NOT_HALTED
;
487 address
= arm11_nextpc(arm11
, current
, address
);
489 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
491 /* clear breakpoints/watchpoints and VCR*/
492 arm11_sc7_clear_vbw(arm11
);
494 if (!debug_execution
)
495 target_free_all_working_areas(target
);
497 /* Set up breakpoints */
498 if (handle_breakpoints
)
500 /* check if one matches PC and step over it if necessary */
502 struct breakpoint
* bp
;
504 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
506 if (bp
->address
== address
)
508 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
509 arm11_step(target
, 1, 0, 0);
514 /* set all breakpoints */
516 unsigned brp_num
= 0;
518 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
520 struct arm11_sc7_action brp
[2];
523 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
524 brp
[0].value
= bp
->address
;
526 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
527 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
529 arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
));
531 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
538 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
541 arm11_leave_debug_state(arm11
, handle_breakpoints
);
543 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
545 CHECK_RETVAL(jtag_execute_queue());
550 CHECK_RETVAL(arm11_read_DSCR(arm11
));
552 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
554 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
565 if ((timeval_ms()-then
) > 1000)
567 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
574 target
->debug_reason
= DBG_REASON_NOTHALTED
;
575 if (!debug_execution
)
576 target
->state
= TARGET_RUNNING
;
578 target
->state
= TARGET_DEBUG_RUNNING
;
579 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
584 static int arm11_step(struct target
*target
, int current
,
585 uint32_t address
, int handle_breakpoints
)
587 LOG_DEBUG("target->state: %s",
588 target_state_name(target
));
590 if (target
->state
!= TARGET_HALTED
)
592 LOG_WARNING("target was not halted");
593 return ERROR_TARGET_NOT_HALTED
;
596 struct arm11_common
*arm11
= target_to_arm11(target
);
598 address
= arm11_nextpc(arm11
, current
, address
);
600 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
603 /** \todo TODO: Thumb not supported here */
605 uint32_t next_instruction
;
607 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
610 if ((next_instruction
& 0xFFF00070) == 0xe1200070)
612 address
= arm11_nextpc(arm11
, 0, address
+ 4);
613 LOG_DEBUG("Skipping BKPT");
615 /* skip over Wait for interrupt / Standby */
616 /* mcr 15, 0, r?, cr7, cr0, {4} */
617 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90)
619 address
= arm11_nextpc(arm11
, 0, address
+ 4);
620 LOG_DEBUG("Skipping WFI");
622 /* ignore B to self */
623 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
625 LOG_DEBUG("Not stepping jump to self");
629 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
632 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
633 * the VCR might be something worth looking into. */
636 /* Set up breakpoint for stepping */
638 struct arm11_sc7_action brp
[2];
641 brp
[0].address
= ARM11_SC7_BVR0
;
643 brp
[1].address
= ARM11_SC7_BCR0
;
645 if (arm11_config_hardware_step
)
647 /* Hardware single stepping ("instruction address
648 * mismatch") is used if enabled. It's not quite
649 * exactly "run one instruction"; "branch to here"
650 * loops won't break, neither will some other cases,
651 * but it's probably the best default.
653 * Hardware single stepping isn't supported on v6
654 * debug modules. ARM1176 and v7 can support it...
656 * FIXME Thumb stepping likely needs to use 0x03
657 * or 0xc0 byte masks, not 0x0f.
659 brp
[0].value
= address
;
660 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
661 | (0 << 14) | (0 << 16) | (0 << 20)
665 /* Sets a breakpoint on the next PC, as calculated
666 * by instruction set simulation.
668 * REVISIT stepping Thumb on ARM1156 requires Thumb2
669 * support from the simulator.
674 retval
= arm_simulate_step(target
, &next_pc
);
675 if (retval
!= ERROR_OK
)
678 brp
[0].value
= next_pc
;
679 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
680 | (0 << 14) | (0 << 16) | (0 << 20)
684 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
689 if (arm11_config_step_irq_enable
)
690 /* this disable should be redundant ... */
691 arm11
->dscr
&= ~DSCR_INT_DIS
;
693 arm11
->dscr
|= DSCR_INT_DIS
;
696 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
698 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
700 CHECK_RETVAL(jtag_execute_queue());
707 const uint32_t mask
= DSCR_CORE_RESTARTED
710 CHECK_RETVAL(arm11_read_DSCR(arm11
));
711 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
713 if ((arm11
->dscr
& mask
) == mask
)
723 if ((timeval_ms()-then
) > 1000)
725 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
732 /* clear breakpoint */
733 arm11_sc7_clear_vbw(arm11
);
736 CHECK_RETVAL(arm11_debug_entry(arm11
));
738 /* restore default state */
739 arm11
->dscr
&= ~DSCR_INT_DIS
;
743 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
745 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
750 static int arm11_assert_reset(struct target
*target
)
753 struct arm11_common
*arm11
= target_to_arm11(target
);
755 retval
= arm11_check_init(arm11
);
756 if (retval
!= ERROR_OK
)
759 target
->state
= TARGET_UNKNOWN
;
761 /* we would very much like to reset into the halted, state,
762 * but resetting and halting is second best... */
763 if (target
->reset_halt
)
765 CHECK_RETVAL(target_halt(target
));
769 /* srst is funny. We can not do *anything* else while it's asserted
770 * and it has unkonwn side effects. Make sure no other code runs
773 * Code below assumes srst:
775 * - Causes power-on-reset (but of what parts of the system?). Bug
778 * - Messes us TAP state without asserting trst.
780 * - There is another bug in the arm11 core. When you generate an access to
781 * external logic (for example ddr controller via AHB bus) and that block
782 * is not configured (perhaps it is still held in reset), that transaction
783 * will never complete. This will hang arm11 core but it will also hang
784 * JTAG controller. Nothing, short of srst assertion will bring it out of
789 * - What should the PC be after an srst reset when starting in the halted
793 jtag_add_reset(0, 1);
794 jtag_add_reset(0, 0);
796 /* How long do we have to wait? */
797 jtag_add_sleep(5000);
799 /* un-mess up TAP state */
802 retval
= jtag_execute_queue();
803 if (retval
!= ERROR_OK
)
811 static int arm11_deassert_reset(struct target
*target
)
816 static int arm11_soft_reset_halt(struct target
*target
)
818 LOG_WARNING("Not implemented: %s", __func__
);
823 /* target memory access
824 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
825 * count: number of items of <size>
827 * arm11_config_memrw_no_increment - in the future we may want to be able
828 * to read/write a range of data to a "port". a "port" is an action on
829 * read memory address for some peripheral.
831 static int arm11_read_memory_inner(struct target
*target
,
832 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
833 bool arm11_config_memrw_no_increment
)
835 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
838 if (target
->state
!= TARGET_HALTED
)
840 LOG_WARNING("target was not halted");
841 return ERROR_TARGET_NOT_HALTED
;
844 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
846 struct arm11_common
*arm11
= target_to_arm11(target
);
848 retval
= arm11_run_instr_data_prepare(arm11
);
849 if (retval
!= ERROR_OK
)
852 /* MRC p14,0,r0,c0,c5,0 */
853 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
854 if (retval
!= ERROR_OK
)
860 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
862 for (size_t i
= 0; i
< count
; i
++)
864 /* ldrb r1, [r0], #1 */
866 arm11_run_instr_no_data1(arm11
,
867 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000);
870 /* MCR p14,0,R1,c0,c5,0 */
871 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
880 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
882 for (size_t i
= 0; i
< count
; i
++)
884 /* ldrh r1, [r0], #2 */
885 arm11_run_instr_no_data1(arm11
,
886 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0);
890 /* MCR p14,0,R1,c0,c5,0 */
891 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
893 uint16_t svalue
= res
;
894 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
902 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
903 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
904 uint32_t *words
= (uint32_t *)buffer
;
906 /* LDC p14,c5,[R0],#4 */
907 /* LDC p14,c5,[R0] */
908 arm11_run_instr_data_from_core(arm11
, instr
, words
, count
);
913 return arm11_run_instr_data_finish(arm11
);
916 static int arm11_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
918 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
922 * no_increment - in the future we may want to be able
923 * to read/write a range of data to a "port". a "port" is an action on
924 * read memory address for some peripheral.
926 static int arm11_write_memory_inner(struct target
*target
,
927 uint32_t address
, uint32_t size
,
928 uint32_t count
, uint8_t *buffer
,
933 if (target
->state
!= TARGET_HALTED
)
935 LOG_WARNING("target was not halted");
936 return ERROR_TARGET_NOT_HALTED
;
939 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
941 struct arm11_common
*arm11
= target_to_arm11(target
);
943 retval
= arm11_run_instr_data_prepare(arm11
);
944 if (retval
!= ERROR_OK
)
947 /* MRC p14,0,r0,c0,c5,0 */
948 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
949 if (retval
!= ERROR_OK
)
952 /* burst writes are not used for single words as those may well be
953 * reset init script writes.
955 * The other advantage is that as burst writes are default, we'll
956 * now exercise both burst and non-burst code paths with the
957 * default settings, increasing code coverage.
959 bool burst
= arm11_config_memwrite_burst
&& (count
> 1);
965 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
967 for (size_t i
= 0; i
< count
; i
++)
969 /* MRC p14,0,r1,c0,c5,0 */
970 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
971 if (retval
!= ERROR_OK
)
974 /* strb r1, [r0], #1 */
976 retval
= arm11_run_instr_no_data1(arm11
,
980 if (retval
!= ERROR_OK
)
989 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
991 for (size_t i
= 0; i
< count
; i
++)
994 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
996 /* MRC p14,0,r1,c0,c5,0 */
997 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
998 if (retval
!= ERROR_OK
)
1001 /* strh r1, [r0], #2 */
1003 retval
= arm11_run_instr_no_data1(arm11
,
1007 if (retval
!= ERROR_OK
)
1015 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
1017 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1018 uint32_t *words
= (uint32_t*)buffer
;
1022 /* STC p14,c5,[R0],#4 */
1023 /* STC p14,c5,[R0]*/
1024 retval
= arm11_run_instr_data_to_core(arm11
, instr
, words
, count
);
1025 if (retval
!= ERROR_OK
)
1030 /* STC p14,c5,[R0],#4 */
1031 /* STC p14,c5,[R0]*/
1032 retval
= arm11_run_instr_data_to_core_noack(arm11
, instr
, words
, count
);
1033 if (retval
!= ERROR_OK
)
1041 /* r0 verification */
1046 /* MCR p14,0,R0,c0,c5,0 */
1047 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1048 if (retval
!= ERROR_OK
)
1051 if (address
+ size
* count
!= r0
)
1053 LOG_ERROR("Data transfer failed. Expected end "
1054 "address 0x%08x, got 0x%08x",
1055 (unsigned) (address
+ size
* count
),
1059 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1061 if (arm11_config_memwrite_error_fatal
)
1066 return arm11_run_instr_data_finish(arm11
);
1069 static int arm11_write_memory(struct target
*target
,
1070 uint32_t address
, uint32_t size
,
1071 uint32_t count
, uint8_t *buffer
)
1073 /* pointer increment matters only for multi-unit writes ...
1074 * not e.g. to a "reset the chip" controller.
1076 return arm11_write_memory_inner(target
, address
, size
,
1077 count
, buffer
, count
== 1);
1080 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1081 static int arm11_bulk_write_memory(struct target
*target
,
1082 uint32_t address
, uint32_t count
, uint8_t *buffer
)
1084 if (target
->state
!= TARGET_HALTED
)
1086 LOG_WARNING("target was not halted");
1087 return ERROR_TARGET_NOT_HALTED
;
1090 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1093 /* target break-/watchpoint control
1094 * rw: 0 = write, 1 = read, 2 = access
1096 static int arm11_add_breakpoint(struct target
*target
,
1097 struct breakpoint
*breakpoint
)
1099 struct arm11_common
*arm11
= target_to_arm11(target
);
1102 if (breakpoint
->type
== BKPT_SOFT
)
1104 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1105 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1109 if (!arm11
->free_brps
)
1111 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1112 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1115 if (breakpoint
->length
!= 4)
1117 LOG_DEBUG("only breakpoints of four bytes length supported");
1118 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1126 static int arm11_remove_breakpoint(struct target
*target
,
1127 struct breakpoint
*breakpoint
)
1129 struct arm11_common
*arm11
= target_to_arm11(target
);
1136 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1138 struct arm11_common
*arm11
;
1140 if (target
->tap
== NULL
)
1143 if (target
->tap
->ir_length
!= 5)
1145 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1146 return ERROR_COMMAND_SYNTAX_ERROR
;
1149 arm11
= calloc(1, sizeof *arm11
);
1153 armv4_5_init_arch_info(target
, &arm11
->arm
);
1155 arm11
->jtag_info
.tap
= target
->tap
;
1156 arm11
->jtag_info
.scann_size
= 5;
1157 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1158 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1159 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1164 static int arm11_init_target(struct command_context
*cmd_ctx
,
1165 struct target
*target
)
1167 /* Initialize anything we can set up without talking to the target */
1171 /* talk to the target and set things up */
1172 static int arm11_examine(struct target
*target
)
1176 struct arm11_common
*arm11
= target_to_arm11(target
);
1177 uint32_t didr
, device_id
;
1178 uint8_t implementor
;
1180 /* FIXME split into do-first-time and do-every-time logic ... */
1184 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1186 struct scan_field idcode_field
;
1188 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1190 arm11_add_dr_scan_vc(1, &idcode_field
, TAP_DRPAUSE
);
1194 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1196 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1198 struct scan_field chain0_fields
[2];
1200 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1201 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1203 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields
), chain0_fields
, TAP_IDLE
);
1205 CHECK_RETVAL(jtag_execute_queue());
1207 switch (device_id
& 0x0FFFF000)
1216 arm11
->arm
.core_type
= ARM_MODE_MON
;
1220 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1223 LOG_INFO("found %s", type
);
1225 /* unlikely this could ever fail, but ... */
1226 switch ((didr
>> 16) & 0x0F) {
1227 case ARM11_DEBUG_V6
:
1228 case ARM11_DEBUG_V61
: /* supports security extensions */
1231 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1235 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1237 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1238 arm11
->free_brps
= arm11
->brp
;
1240 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1241 device_id
, implementor
, didr
);
1243 /* as a side-effect this reads DSCR and thus
1244 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1245 * as suggested by the spec.
1248 retval
= arm11_check_init(arm11
);
1249 if (retval
!= ERROR_OK
)
1252 /* Build register cache "late", after target_init(), since we
1253 * want to know if this core supports Secure Monitor mode.
1255 if (!target_was_examined(target
))
1256 retval
= arm11_dpm_init(arm11
, didr
);
1258 /* ETM on ARM11 still uses original scanchain 6 access mode */
1259 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1260 *register_get_last_cache_p(&target
->reg_cache
) =
1261 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1263 retval
= etm_setup(target
);
1266 target_set_examined(target
);
1272 /* FIXME all these BOOL_WRAPPER things should be modifying
1273 * per-instance state, not shared state; ditto the vector
1274 * catch register support. Scan chains with multiple cores
1275 * should be able to say "work with this core like this,
1276 * that core like that". Example, ARM11 MPCore ...
1279 #define ARM11_BOOL_WRAPPER(name, print_name) \
1280 COMMAND_HANDLER(arm11_handle_bool_##name) \
1282 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1283 &arm11_config_##name, print_name); \
1286 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1287 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1288 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1289 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1291 COMMAND_HANDLER(arm11_handle_vcr
)
1297 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11_vcr
);
1300 return ERROR_COMMAND_SYNTAX_ERROR
;
1303 LOG_INFO("VCR 0x%08" PRIx32
"", arm11_vcr
);
1307 static const struct command_registration arm11_mw_command_handlers
[] = {
1310 .handler
= &arm11_handle_bool_memwrite_burst
,
1311 .mode
= COMMAND_ANY
,
1312 .help
= "Enable/Disable non-standard but fast burst mode"
1313 " (default: enabled)",
1316 .name
= "error_fatal",
1317 .handler
= &arm11_handle_bool_memwrite_error_fatal
,
1318 .mode
= COMMAND_ANY
,
1319 .help
= "Terminate program if transfer error was found"
1320 " (default: enabled)",
1322 COMMAND_REGISTRATION_DONE
1324 static const struct command_registration arm11_any_command_handlers
[] = {
1326 /* "hardware_step" is only here to check if the default
1327 * simulate + breakpoint implementation is broken.
1328 * TEMPORARY! NOT DOCUMENTED! */
1329 .name
= "hardware_step",
1330 .handler
= &arm11_handle_bool_hardware_step
,
1331 .mode
= COMMAND_ANY
,
1332 .help
= "DEBUG ONLY - Hardware single stepping"
1333 " (default: disabled)",
1334 .usage
= "(enable|disable)",
1338 .mode
= COMMAND_ANY
,
1339 .help
= "memwrite command group",
1340 .chain
= arm11_mw_command_handlers
,
1343 .name
= "step_irq_enable",
1344 .handler
= &arm11_handle_bool_step_irq_enable
,
1345 .mode
= COMMAND_ANY
,
1346 .help
= "Enable interrupts while stepping"
1347 " (default: disabled)",
1351 .handler
= &arm11_handle_vcr
,
1352 .mode
= COMMAND_ANY
,
1353 .help
= "Control (Interrupt) Vector Catch Register",
1355 COMMAND_REGISTRATION_DONE
1357 static const struct command_registration arm11_command_handlers
[] = {
1359 .chain
= arm_command_handlers
,
1362 .chain
= etm_command_handlers
,
1366 .mode
= COMMAND_ANY
,
1367 .help
= "ARM11 command group",
1368 .chain
= arm11_any_command_handlers
,
1370 COMMAND_REGISTRATION_DONE
1373 /** Holds methods for ARM11xx targets. */
1374 struct target_type arm11_target
= {
1378 .arch_state
= arm11_arch_state
,
1380 .target_request_data
= arm11_target_request_data
,
1383 .resume
= arm11_resume
,
1386 .assert_reset
= arm11_assert_reset
,
1387 .deassert_reset
= arm11_deassert_reset
,
1388 .soft_reset_halt
= arm11_soft_reset_halt
,
1390 .get_gdb_reg_list
= armv4_5_get_gdb_reg_list
,
1392 .read_memory
= arm11_read_memory
,
1393 .write_memory
= arm11_write_memory
,
1395 .bulk_write_memory
= arm11_bulk_write_memory
,
1397 .checksum_memory
= arm_checksum_memory
,
1398 .blank_check_memory
= arm_blank_check_memory
,
1400 .add_breakpoint
= arm11_add_breakpoint
,
1401 .remove_breakpoint
= arm11_remove_breakpoint
,
1403 .run_algorithm
= armv4_5_run_algorithm
,
1405 .commands
= arm11_command_handlers
,
1406 .target_create
= arm11_target_create
,
1407 .init_target
= arm11_init_target
,
1408 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)