1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include <helper/time_support.h>
34 #include "target_type.h"
35 #include "algorithm.h"
37 #include "arm_opcodes.h"
41 #define _DEBUG_INSTRUCTION_EXECUTION_
45 /* FIXME none of these flags should be global to all ARM11 cores!
46 * Most of them shouldn't exist at all, once the code works...
48 static bool arm11_config_memwrite_burst
= true;
49 static bool arm11_config_memwrite_error_fatal
= true;
50 static uint32_t arm11_vcr
= 0;
51 static bool arm11_config_step_irq_enable
= false;
52 static bool arm11_config_hardware_step
= false;
54 static int arm11_step(struct target
*target
, int current
,
55 uint32_t address
, int handle_breakpoints
);
58 /** Check and if necessary take control of the system
60 * \param arm11 Target state variable.
62 static int arm11_check_init(struct arm11_common
*arm11
)
64 CHECK_RETVAL(arm11_read_DSCR(arm11
));
65 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
67 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
))
69 LOG_DEBUG("Bringing target into debug mode");
71 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
72 arm11_write_DSCR(arm11
, arm11
->dscr
);
74 /* add further reset initialization here */
76 arm11
->simulate_reset_on_next_halt
= true;
78 if (arm11
->dscr
& DSCR_CORE_HALTED
)
80 /** \todo TODO: this needs further scrutiny because
81 * arm11_debug_entry() never gets called. (WHY NOT?)
82 * As a result we don't read the actual register states from
86 arm11
->arm
.target
->state
= TARGET_HALTED
;
87 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
91 arm11
->arm
.target
->state
= TARGET_RUNNING
;
92 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
95 arm11_sc7_clear_vbw(arm11
);
102 * Save processor state. This is called after a HALT instruction
103 * succeeds, and on other occasions the processor enters debug mode
104 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
106 static int arm11_debug_entry(struct arm11_common
*arm11
)
110 arm11
->arm
.target
->state
= TARGET_HALTED
;
111 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
113 /* REVISIT entire cache should already be invalid !!! */
114 register_cache_invalidate(arm11
->arm
.core_cache
);
116 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
118 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
119 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
120 if (arm11
->is_wdtr_saved
)
122 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
124 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
126 struct scan_field chain5_fields
[3];
128 arm11_setup_field(arm11
, 32, NULL
,
129 &arm11
->saved_wdtr
, chain5_fields
+ 0);
130 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
131 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
133 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
137 /* DSCR: set the Execute ARM instruction enable bit.
139 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
140 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
141 * for executing instructions via ITR.
143 arm11_write_DSCR(arm11
, DSCR_ITR_EN
| arm11
->dscr
);
147 Before executing any instruction in debug state you have to drain the write buffer.
148 This ensures that no imprecise Data Aborts can return at a later point:*/
150 /** \todo TODO: Test drain write buffer. */
155 /* MRC p14,0,R0,c5,c10,0 */
156 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
158 /* mcr 15, 0, r0, cr7, cr10, {4} */
159 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
161 uint32_t dscr
= arm11_read_DSCR(arm11
);
163 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
165 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
)
167 arm11_run_instr_no_data1(arm11
, 0xe320f000);
169 dscr
= arm11_read_DSCR(arm11
);
171 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
180 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
181 * CPSR and PC after the rDTR stuff. We do it all at once.
183 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
184 if (retval
!= ERROR_OK
)
185 LOG_ERROR("DPM REG READ -- fail %d", retval
);
187 retval
= arm11_run_instr_data_prepare(arm11
);
188 if (retval
!= ERROR_OK
)
191 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
192 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
193 if (arm11
->is_rdtr_saved
)
195 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
196 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
197 0xEE100E15, &arm11
->saved_rdtr
);
198 if (retval
!= ERROR_OK
)
202 /* REVISIT Now that we've saved core state, there's may also
203 * be MMU and cache state to care about ...
206 if (arm11
->simulate_reset_on_next_halt
)
208 arm11
->simulate_reset_on_next_halt
= false;
210 LOG_DEBUG("Reset c1 Control Register");
212 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
214 /* MCR p15,0,R0,c1,c0,0 */
215 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
216 if (retval
!= ERROR_OK
)
221 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
224 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
225 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
226 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
228 if (retval
!= ERROR_OK
)
230 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
234 retval
= arm11_run_instr_data_finish(arm11
);
235 if (retval
!= ERROR_OK
)
242 * Restore processor state. This is called in preparation for
243 * the RESTART function.
245 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
249 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
251 /* NOTE: the ARM1136 TRM suggests restoring all registers
252 * except R0/PC/CPSR right now. Instead, we do them all
253 * at once, just a bit later on.
256 /* REVISIT once we start caring about MMU and cache state,
257 * address it here ...
260 /* spec says clear wDTR and rDTR; we assume they are clear as
261 otherwise our programming would be sloppy */
263 CHECK_RETVAL(arm11_read_DSCR(arm11
));
265 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
))
268 The wDTR/rDTR two registers that are used to send/receive data to/from
269 the core in tandem with corresponding instruction codes that are
270 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
271 registers hold data that was written by one side (CPU or JTAG) and not
272 read out by the other side.
274 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
275 (unsigned) arm11
->dscr
);
280 /* maybe restore original wDTR */
281 if (arm11
->is_wdtr_saved
)
283 retval
= arm11_run_instr_data_prepare(arm11
);
284 if (retval
!= ERROR_OK
)
287 /* MCR p14,0,R0,c0,c5,0 */
288 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
289 0xee000e15, arm11
->saved_wdtr
);
290 if (retval
!= ERROR_OK
)
293 retval
= arm11_run_instr_data_finish(arm11
);
294 if (retval
!= ERROR_OK
)
298 /* restore CPSR, PC, and R0 ... after flushing any modified
301 retval
= arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
);
303 retval
= arm11_bpwp_flush(arm11
);
305 register_cache_invalidate(arm11
->arm
.core_cache
);
308 arm11_write_DSCR(arm11
, arm11
->dscr
);
310 /* maybe restore rDTR */
311 if (arm11
->is_rdtr_saved
)
313 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
315 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
317 struct scan_field chain5_fields
[3];
319 uint8_t Ready
= 0; /* ignored */
320 uint8_t Valid
= 0; /* ignored */
322 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
323 NULL
, chain5_fields
+ 0);
324 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
325 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
327 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
330 /* now processor is ready to RESTART */
335 /* poll current target status */
336 static int arm11_poll(struct target
*target
)
339 struct arm11_common
*arm11
= target_to_arm11(target
);
341 CHECK_RETVAL(arm11_check_init(arm11
));
343 if (arm11
->dscr
& DSCR_CORE_HALTED
)
345 if (target
->state
!= TARGET_HALTED
)
347 enum target_state old_state
= target
->state
;
349 LOG_DEBUG("enter TARGET_HALTED");
350 retval
= arm11_debug_entry(arm11
);
351 if (retval
!= ERROR_OK
)
354 target_call_event_callbacks(target
,
355 (old_state
== TARGET_DEBUG_RUNNING
)
356 ? TARGET_EVENT_DEBUG_HALTED
357 : TARGET_EVENT_HALTED
);
362 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
)
364 LOG_DEBUG("enter TARGET_RUNNING");
365 target
->state
= TARGET_RUNNING
;
366 target
->debug_reason
= DBG_REASON_NOTHALTED
;
372 /* architecture specific status reply */
373 static int arm11_arch_state(struct target
*target
)
375 struct arm11_common
*arm11
= target_to_arm11(target
);
378 retval
= arm_arch_state(target
);
380 /* REVISIT also display ARM11-specific MMU and cache status ... */
382 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
383 LOG_USER("Watchpoint triggered at PC %#08x",
384 (unsigned) arm11
->dpm
.wp_pc
);
389 /* target request support */
390 static int arm11_target_request_data(struct target
*target
,
391 uint32_t size
, uint8_t *buffer
)
393 LOG_WARNING("Not implemented: %s", __func__
);
398 /* target execution control */
399 static int arm11_halt(struct target
*target
)
401 struct arm11_common
*arm11
= target_to_arm11(target
);
403 LOG_DEBUG("target->state: %s",
404 target_state_name(target
));
406 if (target
->state
== TARGET_UNKNOWN
)
408 arm11
->simulate_reset_on_next_halt
= true;
411 if (target
->state
== TARGET_HALTED
)
413 LOG_DEBUG("target was already halted");
417 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
419 CHECK_RETVAL(jtag_execute_queue());
425 CHECK_RETVAL(arm11_read_DSCR(arm11
));
427 if (arm11
->dscr
& DSCR_CORE_HALTED
)
438 if ((timeval_ms()-then
) > 1000)
440 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
447 enum target_state old_state
= target
->state
;
449 arm11_debug_entry(arm11
);
452 target_call_event_callbacks(target
,
453 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
459 arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
461 void *value
= arm11
->arm
.core_cache
->reg_list
[15].value
;
464 buf_set_u32(value
, 0, 32, address
);
466 address
= buf_get_u32(value
, 0, 32);
471 static int arm11_resume(struct target
*target
, int current
,
472 uint32_t address
, int handle_breakpoints
, int debug_execution
)
474 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
475 // current, address, handle_breakpoints, debug_execution);
477 struct arm11_common
*arm11
= target_to_arm11(target
);
479 LOG_DEBUG("target->state: %s",
480 target_state_name(target
));
483 if (target
->state
!= TARGET_HALTED
)
485 LOG_ERROR("Target not halted");
486 return ERROR_TARGET_NOT_HALTED
;
489 address
= arm11_nextpc(arm11
, current
, address
);
491 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
493 /* clear breakpoints/watchpoints and VCR*/
494 arm11_sc7_clear_vbw(arm11
);
496 if (!debug_execution
)
497 target_free_all_working_areas(target
);
499 /* Set up breakpoints */
500 if (handle_breakpoints
)
502 /* check if one matches PC and step over it if necessary */
504 struct breakpoint
* bp
;
506 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
508 if (bp
->address
== address
)
510 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
511 arm11_step(target
, 1, 0, 0);
516 /* set all breakpoints */
518 unsigned brp_num
= 0;
520 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
522 struct arm11_sc7_action brp
[2];
525 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
526 brp
[0].value
= bp
->address
;
528 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
529 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
531 arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
));
533 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
540 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
543 arm11_leave_debug_state(arm11
, handle_breakpoints
);
545 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
547 CHECK_RETVAL(jtag_execute_queue());
552 CHECK_RETVAL(arm11_read_DSCR(arm11
));
554 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
556 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
567 if ((timeval_ms()-then
) > 1000)
569 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
576 target
->debug_reason
= DBG_REASON_NOTHALTED
;
577 if (!debug_execution
)
578 target
->state
= TARGET_RUNNING
;
580 target
->state
= TARGET_DEBUG_RUNNING
;
581 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
586 static int arm11_step(struct target
*target
, int current
,
587 uint32_t address
, int handle_breakpoints
)
589 LOG_DEBUG("target->state: %s",
590 target_state_name(target
));
592 if (target
->state
!= TARGET_HALTED
)
594 LOG_WARNING("target was not halted");
595 return ERROR_TARGET_NOT_HALTED
;
598 struct arm11_common
*arm11
= target_to_arm11(target
);
600 address
= arm11_nextpc(arm11
, current
, address
);
602 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
605 /** \todo TODO: Thumb not supported here */
607 uint32_t next_instruction
;
609 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
612 if ((next_instruction
& 0xFFF00070) == 0xe1200070)
614 address
= arm11_nextpc(arm11
, 0, address
+ 4);
615 LOG_DEBUG("Skipping BKPT");
617 /* skip over Wait for interrupt / Standby */
618 /* mcr 15, 0, r?, cr7, cr0, {4} */
619 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90)
621 address
= arm11_nextpc(arm11
, 0, address
+ 4);
622 LOG_DEBUG("Skipping WFI");
624 /* ignore B to self */
625 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
627 LOG_DEBUG("Not stepping jump to self");
631 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
634 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
635 * the VCR might be something worth looking into. */
638 /* Set up breakpoint for stepping */
640 struct arm11_sc7_action brp
[2];
643 brp
[0].address
= ARM11_SC7_BVR0
;
645 brp
[1].address
= ARM11_SC7_BCR0
;
647 if (arm11_config_hardware_step
)
649 /* Hardware single stepping ("instruction address
650 * mismatch") is used if enabled. It's not quite
651 * exactly "run one instruction"; "branch to here"
652 * loops won't break, neither will some other cases,
653 * but it's probably the best default.
655 * Hardware single stepping isn't supported on v6
656 * debug modules. ARM1176 and v7 can support it...
658 * FIXME Thumb stepping likely needs to use 0x03
659 * or 0xc0 byte masks, not 0x0f.
661 brp
[0].value
= address
;
662 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
663 | (0 << 14) | (0 << 16) | (0 << 20)
667 /* Sets a breakpoint on the next PC, as calculated
668 * by instruction set simulation.
670 * REVISIT stepping Thumb on ARM1156 requires Thumb2
671 * support from the simulator.
676 retval
= arm_simulate_step(target
, &next_pc
);
677 if (retval
!= ERROR_OK
)
680 brp
[0].value
= next_pc
;
681 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
682 | (0 << 14) | (0 << 16) | (0 << 20)
686 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
691 if (arm11_config_step_irq_enable
)
692 /* this disable should be redundant ... */
693 arm11
->dscr
&= ~DSCR_INT_DIS
;
695 arm11
->dscr
|= DSCR_INT_DIS
;
698 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
700 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
702 CHECK_RETVAL(jtag_execute_queue());
709 const uint32_t mask
= DSCR_CORE_RESTARTED
712 CHECK_RETVAL(arm11_read_DSCR(arm11
));
713 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
715 if ((arm11
->dscr
& mask
) == mask
)
725 if ((timeval_ms()-then
) > 1000)
727 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
734 /* clear breakpoint */
735 arm11_sc7_clear_vbw(arm11
);
738 CHECK_RETVAL(arm11_debug_entry(arm11
));
740 /* restore default state */
741 arm11
->dscr
&= ~DSCR_INT_DIS
;
745 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
747 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
752 static int arm11_assert_reset(struct target
*target
)
754 struct arm11_common
*arm11
= target_to_arm11(target
);
756 /* optionally catch reset vector */
757 if (target
->reset_halt
&& !(arm11_vcr
& 1))
758 arm11_sc7_set_vcr(arm11
, arm11_vcr
| 1);
760 /* Issue some kind of warm reset. */
761 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
)) {
762 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
763 } else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
764 /* REVISIT handle "pulls" cases, if there's
765 * hardware that needs them to work.
767 jtag_add_reset(0, 1);
769 LOG_ERROR("%s: how to reset?", target_name(target
));
773 /* registers are now invalid */
774 register_cache_invalidate(arm11
->arm
.core_cache
);
776 target
->state
= TARGET_RESET
;
782 * - There is another bug in the arm11 core. (iMX31 specific again?)
783 * When you generate an access to external logic (for example DDR
784 * controller via AHB bus) and that block is not configured (perhaps
785 * it is still held in reset), that transaction will never complete.
786 * This will hang arm11 core but it will also hang JTAG controller.
787 * Nothing short of srst assertion will bring it out of this.
790 static int arm11_deassert_reset(struct target
*target
)
792 struct arm11_common
*arm11
= target_to_arm11(target
);
795 /* be certain SRST is off */
796 jtag_add_reset(0, 0);
798 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
799 * at least DSCR. OMAP24xx doesn't show that problem, though
800 * SRST-only reset seems to be problematic for other reasons.
801 * (Secure boot sequences being one likelihood!)
805 retval
= arm11_poll(target
);
807 if (target
->reset_halt
) {
808 if (target
->state
!= TARGET_HALTED
) {
809 LOG_WARNING("%s: ran after reset and before halt ...",
810 target_name(target
));
811 if ((retval
= target_halt(target
)) != ERROR_OK
)
816 /* maybe restore vector catch config */
817 if (target
->reset_halt
&& !(arm11_vcr
& 1))
818 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
823 static int arm11_soft_reset_halt(struct target
*target
)
825 LOG_WARNING("Not implemented: %s", __func__
);
830 /* target memory access
831 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
832 * count: number of items of <size>
834 * arm11_config_memrw_no_increment - in the future we may want to be able
835 * to read/write a range of data to a "port". a "port" is an action on
836 * read memory address for some peripheral.
838 static int arm11_read_memory_inner(struct target
*target
,
839 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
840 bool arm11_config_memrw_no_increment
)
842 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
845 if (target
->state
!= TARGET_HALTED
)
847 LOG_WARNING("target was not halted");
848 return ERROR_TARGET_NOT_HALTED
;
851 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
853 struct arm11_common
*arm11
= target_to_arm11(target
);
855 retval
= arm11_run_instr_data_prepare(arm11
);
856 if (retval
!= ERROR_OK
)
859 /* MRC p14,0,r0,c0,c5,0 */
860 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
861 if (retval
!= ERROR_OK
)
867 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
869 for (size_t i
= 0; i
< count
; i
++)
871 /* ldrb r1, [r0], #1 */
873 arm11_run_instr_no_data1(arm11
,
874 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000);
877 /* MCR p14,0,R1,c0,c5,0 */
878 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
887 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
889 for (size_t i
= 0; i
< count
; i
++)
891 /* ldrh r1, [r0], #2 */
892 arm11_run_instr_no_data1(arm11
,
893 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0);
897 /* MCR p14,0,R1,c0,c5,0 */
898 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
900 uint16_t svalue
= res
;
901 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
909 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
910 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
911 uint32_t *words
= (uint32_t *)buffer
;
913 /* LDC p14,c5,[R0],#4 */
914 /* LDC p14,c5,[R0] */
915 arm11_run_instr_data_from_core(arm11
, instr
, words
, count
);
920 return arm11_run_instr_data_finish(arm11
);
923 static int arm11_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
925 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
929 * no_increment - in the future we may want to be able
930 * to read/write a range of data to a "port". a "port" is an action on
931 * read memory address for some peripheral.
933 static int arm11_write_memory_inner(struct target
*target
,
934 uint32_t address
, uint32_t size
,
935 uint32_t count
, uint8_t *buffer
,
940 if (target
->state
!= TARGET_HALTED
)
942 LOG_WARNING("target was not halted");
943 return ERROR_TARGET_NOT_HALTED
;
946 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
948 struct arm11_common
*arm11
= target_to_arm11(target
);
950 retval
= arm11_run_instr_data_prepare(arm11
);
951 if (retval
!= ERROR_OK
)
954 /* MRC p14,0,r0,c0,c5,0 */
955 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
956 if (retval
!= ERROR_OK
)
959 /* burst writes are not used for single words as those may well be
960 * reset init script writes.
962 * The other advantage is that as burst writes are default, we'll
963 * now exercise both burst and non-burst code paths with the
964 * default settings, increasing code coverage.
966 bool burst
= arm11_config_memwrite_burst
&& (count
> 1);
972 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
974 for (size_t i
= 0; i
< count
; i
++)
976 /* MRC p14,0,r1,c0,c5,0 */
977 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
978 if (retval
!= ERROR_OK
)
981 /* strb r1, [r0], #1 */
983 retval
= arm11_run_instr_no_data1(arm11
,
987 if (retval
!= ERROR_OK
)
996 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
998 for (size_t i
= 0; i
< count
; i
++)
1001 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
1003 /* MRC p14,0,r1,c0,c5,0 */
1004 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
1005 if (retval
!= ERROR_OK
)
1008 /* strh r1, [r0], #2 */
1010 retval
= arm11_run_instr_no_data1(arm11
,
1014 if (retval
!= ERROR_OK
)
1022 /* increment: STC p14,c5,[R0],#4 */
1023 /* no increment: STC p14,c5,[R0]*/
1024 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
1026 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1027 uint32_t *words
= (uint32_t*)buffer
;
1029 /* "burst" here just means trusting each instruction executes
1030 * fully before we run the next one: per-word roundtrips, to
1031 * check the Ready flag, are not used.
1034 retval
= arm11_run_instr_data_to_core(arm11
,
1035 instr
, words
, count
);
1037 retval
= arm11_run_instr_data_to_core_noack(arm11
,
1038 instr
, words
, count
);
1039 if (retval
!= ERROR_OK
)
1046 /* r0 verification */
1051 /* MCR p14,0,R0,c0,c5,0 */
1052 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1053 if (retval
!= ERROR_OK
)
1056 if (address
+ size
* count
!= r0
)
1058 LOG_ERROR("Data transfer failed. Expected end "
1059 "address 0x%08x, got 0x%08x",
1060 (unsigned) (address
+ size
* count
),
1064 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1066 if (arm11_config_memwrite_error_fatal
)
1071 return arm11_run_instr_data_finish(arm11
);
1074 static int arm11_write_memory(struct target
*target
,
1075 uint32_t address
, uint32_t size
,
1076 uint32_t count
, uint8_t *buffer
)
1078 /* pointer increment matters only for multi-unit writes ...
1079 * not e.g. to a "reset the chip" controller.
1081 return arm11_write_memory_inner(target
, address
, size
,
1082 count
, buffer
, count
== 1);
1085 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1086 static int arm11_bulk_write_memory(struct target
*target
,
1087 uint32_t address
, uint32_t count
, uint8_t *buffer
)
1089 if (target
->state
!= TARGET_HALTED
)
1091 LOG_WARNING("target was not halted");
1092 return ERROR_TARGET_NOT_HALTED
;
1095 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1098 /* target break-/watchpoint control
1099 * rw: 0 = write, 1 = read, 2 = access
1101 static int arm11_add_breakpoint(struct target
*target
,
1102 struct breakpoint
*breakpoint
)
1104 struct arm11_common
*arm11
= target_to_arm11(target
);
1107 if (breakpoint
->type
== BKPT_SOFT
)
1109 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1110 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1114 if (!arm11
->free_brps
)
1116 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1117 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1120 if (breakpoint
->length
!= 4)
1122 LOG_DEBUG("only breakpoints of four bytes length supported");
1123 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1131 static int arm11_remove_breakpoint(struct target
*target
,
1132 struct breakpoint
*breakpoint
)
1134 struct arm11_common
*arm11
= target_to_arm11(target
);
1141 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1143 struct arm11_common
*arm11
;
1145 if (target
->tap
== NULL
)
1148 if (target
->tap
->ir_length
!= 5)
1150 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1151 return ERROR_COMMAND_SYNTAX_ERROR
;
1154 arm11
= calloc(1, sizeof *arm11
);
1158 arm_init_arch_info(target
, &arm11
->arm
);
1160 arm11
->jtag_info
.tap
= target
->tap
;
1161 arm11
->jtag_info
.scann_size
= 5;
1162 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1163 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1164 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1169 static int arm11_init_target(struct command_context
*cmd_ctx
,
1170 struct target
*target
)
1172 /* Initialize anything we can set up without talking to the target */
1176 /* talk to the target and set things up */
1177 static int arm11_examine(struct target
*target
)
1181 struct arm11_common
*arm11
= target_to_arm11(target
);
1182 uint32_t didr
, device_id
;
1183 uint8_t implementor
;
1185 /* FIXME split into do-first-time and do-every-time logic ... */
1189 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1191 struct scan_field idcode_field
;
1193 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1195 arm11_add_dr_scan_vc(1, &idcode_field
, TAP_DRPAUSE
);
1199 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1201 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1203 struct scan_field chain0_fields
[2];
1205 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1206 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1208 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields
), chain0_fields
, TAP_IDLE
);
1210 CHECK_RETVAL(jtag_execute_queue());
1212 switch (device_id
& 0x0FFFF000)
1221 arm11
->arm
.core_type
= ARM_MODE_MON
;
1225 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1228 LOG_INFO("found %s", type
);
1230 /* unlikely this could ever fail, but ... */
1231 switch ((didr
>> 16) & 0x0F) {
1232 case ARM11_DEBUG_V6
:
1233 case ARM11_DEBUG_V61
: /* supports security extensions */
1236 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1240 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1242 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1243 arm11
->free_brps
= arm11
->brp
;
1245 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1246 device_id
, implementor
, didr
);
1248 /* as a side-effect this reads DSCR and thus
1249 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1250 * as suggested by the spec.
1253 retval
= arm11_check_init(arm11
);
1254 if (retval
!= ERROR_OK
)
1257 /* Build register cache "late", after target_init(), since we
1258 * want to know if this core supports Secure Monitor mode.
1260 if (!target_was_examined(target
))
1261 retval
= arm11_dpm_init(arm11
, didr
);
1263 /* ETM on ARM11 still uses original scanchain 6 access mode */
1264 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1265 *register_get_last_cache_p(&target
->reg_cache
) =
1266 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1268 retval
= etm_setup(target
);
1271 target_set_examined(target
);
1277 /* FIXME all these BOOL_WRAPPER things should be modifying
1278 * per-instance state, not shared state; ditto the vector
1279 * catch register support. Scan chains with multiple cores
1280 * should be able to say "work with this core like this,
1281 * that core like that". Example, ARM11 MPCore ...
1284 #define ARM11_BOOL_WRAPPER(name, print_name) \
1285 COMMAND_HANDLER(arm11_handle_bool_##name) \
1287 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1288 &arm11_config_##name, print_name); \
1291 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1292 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1293 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1294 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1296 COMMAND_HANDLER(arm11_handle_vcr
)
1302 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11_vcr
);
1305 return ERROR_COMMAND_SYNTAX_ERROR
;
1308 LOG_INFO("VCR 0x%08" PRIx32
"", arm11_vcr
);
1312 static const struct command_registration arm11_mw_command_handlers
[] = {
1315 .handler
= &arm11_handle_bool_memwrite_burst
,
1316 .mode
= COMMAND_ANY
,
1317 .help
= "Enable/Disable potentially risky fast burst mode"
1318 " (default: enabled)",
1321 .name
= "error_fatal",
1322 .handler
= &arm11_handle_bool_memwrite_error_fatal
,
1323 .mode
= COMMAND_ANY
,
1324 .help
= "Terminate program if transfer error was found"
1325 " (default: enabled)",
1327 COMMAND_REGISTRATION_DONE
1329 static const struct command_registration arm11_any_command_handlers
[] = {
1331 /* "hardware_step" is only here to check if the default
1332 * simulate + breakpoint implementation is broken.
1333 * TEMPORARY! NOT DOCUMENTED! */
1334 .name
= "hardware_step",
1335 .handler
= &arm11_handle_bool_hardware_step
,
1336 .mode
= COMMAND_ANY
,
1337 .help
= "DEBUG ONLY - Hardware single stepping"
1338 " (default: disabled)",
1339 .usage
= "(enable|disable)",
1343 .mode
= COMMAND_ANY
,
1344 .help
= "memwrite command group",
1345 .chain
= arm11_mw_command_handlers
,
1348 .name
= "step_irq_enable",
1349 .handler
= &arm11_handle_bool_step_irq_enable
,
1350 .mode
= COMMAND_ANY
,
1351 .help
= "Enable interrupts while stepping"
1352 " (default: disabled)",
1356 .handler
= &arm11_handle_vcr
,
1357 .mode
= COMMAND_ANY
,
1358 .help
= "Control (Interrupt) Vector Catch Register",
1360 COMMAND_REGISTRATION_DONE
1362 static const struct command_registration arm11_command_handlers
[] = {
1364 .chain
= arm_command_handlers
,
1367 .chain
= etm_command_handlers
,
1371 .mode
= COMMAND_ANY
,
1372 .help
= "ARM11 command group",
1373 .chain
= arm11_any_command_handlers
,
1375 COMMAND_REGISTRATION_DONE
1378 /** Holds methods for ARM11xx targets. */
1379 struct target_type arm11_target
= {
1383 .arch_state
= arm11_arch_state
,
1385 .target_request_data
= arm11_target_request_data
,
1388 .resume
= arm11_resume
,
1391 .assert_reset
= arm11_assert_reset
,
1392 .deassert_reset
= arm11_deassert_reset
,
1393 .soft_reset_halt
= arm11_soft_reset_halt
,
1395 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1397 .read_memory
= arm11_read_memory
,
1398 .write_memory
= arm11_write_memory
,
1400 .bulk_write_memory
= arm11_bulk_write_memory
,
1402 .checksum_memory
= arm_checksum_memory
,
1403 .blank_check_memory
= arm_blank_check_memory
,
1405 .add_breakpoint
= arm11_add_breakpoint
,
1406 .remove_breakpoint
= arm11_remove_breakpoint
,
1408 .run_algorithm
= armv4_5_run_algorithm
,
1410 .commands
= arm11_command_handlers
,
1411 .target_create
= arm11_target_create
,
1412 .init_target
= arm11_init_target
,
1413 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)