1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include "time_support.h"
34 #include "target_type.h"
35 #include "algorithm.h"
40 #define _DEBUG_INSTRUCTION_EXECUTION_
43 static bool arm11_config_memwrite_burst
= true;
44 static bool arm11_config_memwrite_error_fatal
= true;
45 static uint32_t arm11_vcr
= 0;
46 static bool arm11_config_step_irq_enable
= false;
47 static bool arm11_config_hardware_step
= false;
61 enum arm11_regtype type
;
64 /* update arm11_regcache_ids when changing this */
65 static const struct arm11_reg_defs arm11_reg_defs
[] =
68 {"dscr", 0, -1, ARM11_REGISTER_DSCR
},
71 enum arm11_regcache_ids
78 static int arm11_step(struct target
*target
, int current
,
79 uint32_t address
, int handle_breakpoints
);
81 static int arm11_build_reg_cache(struct target
*target
);
82 static int arm11_set_reg(struct reg
*reg
, uint8_t *buf
);
83 static int arm11_get_reg(struct reg
*reg
);
86 /** Check and if necessary take control of the system
88 * \param arm11 Target state variable.
90 static int arm11_check_init(struct arm11_common
*arm11
)
92 CHECK_RETVAL(arm11_read_DSCR(arm11
));
93 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
95 if (!(arm11
->dscr
& ARM11_DSCR_MODE_SELECT
))
97 LOG_DEBUG("Bringing target into debug mode");
99 arm11
->dscr
|= ARM11_DSCR_MODE_SELECT
; /* Halt debug-mode */
100 arm11_write_DSCR(arm11
, arm11
->dscr
);
102 /* add further reset initialization here */
104 arm11
->simulate_reset_on_next_halt
= true;
106 if (arm11
->dscr
& ARM11_DSCR_CORE_HALTED
)
108 /** \todo TODO: this needs further scrutiny because
109 * arm11_debug_entry() never gets called. (WHY NOT?)
110 * As a result we don't read the actual register states from
114 arm11
->arm
.target
->state
= TARGET_HALTED
;
115 arm11
->arm
.target
->debug_reason
=
116 arm11_get_DSCR_debug_reason(arm11
->dscr
);
120 arm11
->arm
.target
->state
= TARGET_RUNNING
;
121 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
124 arm11_sc7_clear_vbw(arm11
);
133 (arm11->reg_values[ARM11_RC_##x])
136 * Save processor state. This is called after a HALT instruction
137 * succeeds, and on other occasions the processor enters debug mode
138 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
140 static int arm11_debug_entry(struct arm11_common
*arm11
)
144 arm11
->arm
.target
->state
= TARGET_HALTED
;
145 arm11
->arm
.target
->debug_reason
=
146 arm11_get_DSCR_debug_reason(arm11
->dscr
);
148 /* REVISIT entire cache should already be invalid !!! */
149 register_cache_invalidate(arm11
->arm
.core_cache
);
151 for (size_t i
= 0; i
< ARRAY_SIZE(arm11
->reg_values
); i
++)
153 arm11
->reg_list
[i
].valid
= 1;
154 arm11
->reg_list
[i
].dirty
= 0;
157 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
160 R(DSCR
) = arm11
->dscr
;
162 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
163 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& ARM11_DSCR_WDTR_FULL
);
164 if (arm11
->is_wdtr_saved
)
166 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
168 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
170 struct scan_field chain5_fields
[3];
172 arm11_setup_field(arm11
, 32, NULL
,
173 &arm11
->saved_wdtr
, chain5_fields
+ 0);
174 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
175 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
177 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
181 /* DSCR: set ARM11_DSCR_EXECUTE_ARM_INSTRUCTION_ENABLE
183 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
184 * but not to issue ITRs. ARM1136 seems to require this to issue
188 arm11_write_DSCR(arm11
, ARM11_DSCR_EXECUTE_ARM_INSTRUCTION_ENABLE
193 Before executing any instruction in debug state you have to drain the write buffer.
194 This ensures that no imprecise Data Aborts can return at a later point:*/
196 /** \todo TODO: Test drain write buffer. */
201 /* MRC p14,0,R0,c5,c10,0 */
202 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
204 /* mcr 15, 0, r0, cr7, cr10, {4} */
205 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
207 uint32_t dscr
= arm11_read_DSCR(arm11
);
209 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
211 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
)
213 arm11_run_instr_no_data1(arm11
, 0xe320f000);
215 dscr
= arm11_read_DSCR(arm11
);
217 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
226 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
227 * CPSR and PC after the rDTR stuff. We do it all at once.
229 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
230 if (retval
!= ERROR_OK
)
231 LOG_ERROR("DPM REG READ -- fail %d", retval
);
233 retval
= arm11_run_instr_data_prepare(arm11
);
234 if (retval
!= ERROR_OK
)
237 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
238 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& ARM11_DSCR_RDTR_FULL
);
239 if (arm11
->is_rdtr_saved
)
241 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
242 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
243 0xEE100E15, &arm11
->saved_rdtr
);
244 if (retval
!= ERROR_OK
)
248 /* REVISIT Now that we've saved core state, there's may also
249 * be MMU and cache state to care about ...
252 if (arm11
->simulate_reset_on_next_halt
)
254 arm11
->simulate_reset_on_next_halt
= false;
256 LOG_DEBUG("Reset c1 Control Register");
258 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
260 /* MCR p15,0,R0,c1,c0,0 */
261 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
262 if (retval
!= ERROR_OK
)
267 retval
= arm11_run_instr_data_finish(arm11
);
268 if (retval
!= ERROR_OK
)
275 * Restore processor state. This is called in preparation for
276 * the RESTART function.
278 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
282 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
284 /* NOTE: the ARM1136 TRM suggests restoring all registers
285 * except R0/PC/CPSR right now. Instead, we do them all
286 * at once, just a bit later on.
289 /* REVISIT once we start caring about MMU and cache state,
290 * address it here ...
293 /* spec says clear wDTR and rDTR; we assume they are clear as
294 otherwise our programming would be sloppy */
296 CHECK_RETVAL(arm11_read_DSCR(arm11
));
298 if (arm11
->dscr
& (ARM11_DSCR_RDTR_FULL
| ARM11_DSCR_WDTR_FULL
))
301 The wDTR/rDTR two registers that are used to send/receive data to/from
302 the core in tandem with corresponding instruction codes that are
303 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
304 registers hold data that was written by one side (CPU or JTAG) and not
305 read out by the other side.
307 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
308 (unsigned) arm11
->dscr
);
313 /* maybe restore original wDTR */
314 if (arm11
->is_wdtr_saved
)
316 retval
= arm11_run_instr_data_prepare(arm11
);
317 if (retval
!= ERROR_OK
)
320 /* MCR p14,0,R0,c0,c5,0 */
321 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
322 0xee000e15, arm11
->saved_wdtr
);
323 if (retval
!= ERROR_OK
)
326 retval
= arm11_run_instr_data_finish(arm11
);
327 if (retval
!= ERROR_OK
)
331 /* restore CPSR, PC, and R0 ... after flushing any modified
334 retval
= arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
);
336 register_cache_invalidate(arm11
->arm
.core_cache
);
340 arm11_write_DSCR(arm11
, R(DSCR
));
342 /* maybe restore rDTR */
344 if (arm11
->is_rdtr_saved
)
346 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
348 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
350 struct scan_field chain5_fields
[3];
352 uint8_t Ready
= 0; /* ignored */
353 uint8_t Valid
= 0; /* ignored */
355 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
356 NULL
, chain5_fields
+ 0);
357 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
358 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
360 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
363 /* now processor is ready to RESTART */
368 /* poll current target status */
369 static int arm11_poll(struct target
*target
)
372 struct arm11_common
*arm11
= target_to_arm11(target
);
374 CHECK_RETVAL(arm11_check_init(arm11
));
376 if (arm11
->dscr
& ARM11_DSCR_CORE_HALTED
)
378 if (target
->state
!= TARGET_HALTED
)
380 enum target_state old_state
= target
->state
;
382 LOG_DEBUG("enter TARGET_HALTED");
383 retval
= arm11_debug_entry(arm11
);
384 if (retval
!= ERROR_OK
)
387 target_call_event_callbacks(target
,
388 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
);
393 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
)
395 LOG_DEBUG("enter TARGET_RUNNING");
396 target
->state
= TARGET_RUNNING
;
397 target
->debug_reason
= DBG_REASON_NOTHALTED
;
403 /* architecture specific status reply */
404 static int arm11_arch_state(struct target
*target
)
408 retval
= armv4_5_arch_state(target
);
410 /* REVISIT also display ARM11-specific MMU and cache status ... */
415 /* target request support */
416 static int arm11_target_request_data(struct target
*target
,
417 uint32_t size
, uint8_t *buffer
)
419 LOG_WARNING("Not implemented: %s", __func__
);
424 /* target execution control */
425 static int arm11_halt(struct target
*target
)
427 struct arm11_common
*arm11
= target_to_arm11(target
);
429 LOG_DEBUG("target->state: %s",
430 target_state_name(target
));
432 if (target
->state
== TARGET_UNKNOWN
)
434 arm11
->simulate_reset_on_next_halt
= true;
437 if (target
->state
== TARGET_HALTED
)
439 LOG_DEBUG("target was already halted");
443 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
445 CHECK_RETVAL(jtag_execute_queue());
451 CHECK_RETVAL(arm11_read_DSCR(arm11
));
453 if (arm11
->dscr
& ARM11_DSCR_CORE_HALTED
)
464 if ((timeval_ms()-then
) > 1000)
466 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
473 enum target_state old_state
= target
->state
;
475 arm11_debug_entry(arm11
);
478 target_call_event_callbacks(target
,
479 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
485 arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
487 void *value
= arm11
->arm
.core_cache
->reg_list
[15].value
;
490 buf_set_u32(value
, 0, 32, address
);
492 address
= buf_get_u32(value
, 0, 32);
497 static int arm11_resume(struct target
*target
, int current
,
498 uint32_t address
, int handle_breakpoints
, int debug_execution
)
500 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
501 // current, address, handle_breakpoints, debug_execution);
503 struct arm11_common
*arm11
= target_to_arm11(target
);
505 LOG_DEBUG("target->state: %s",
506 target_state_name(target
));
509 if (target
->state
!= TARGET_HALTED
)
511 LOG_ERROR("Target not halted");
512 return ERROR_TARGET_NOT_HALTED
;
515 address
= arm11_nextpc(arm11
, current
, address
);
517 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
519 /* clear breakpoints/watchpoints and VCR*/
520 arm11_sc7_clear_vbw(arm11
);
522 if (!debug_execution
)
523 target_free_all_working_areas(target
);
525 /* Set up breakpoints */
526 if (handle_breakpoints
)
528 /* check if one matches PC and step over it if necessary */
530 struct breakpoint
* bp
;
532 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
534 if (bp
->address
== address
)
536 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
537 arm11_step(target
, 1, 0, 0);
542 /* set all breakpoints */
544 unsigned brp_num
= 0;
546 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
548 struct arm11_sc7_action brp
[2];
551 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
552 brp
[0].value
= bp
->address
;
554 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
555 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
557 arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
));
559 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
565 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
568 arm11_leave_debug_state(arm11
, handle_breakpoints
);
570 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
572 CHECK_RETVAL(jtag_execute_queue());
577 CHECK_RETVAL(arm11_read_DSCR(arm11
));
579 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
581 if (arm11
->dscr
& ARM11_DSCR_CORE_RESTARTED
)
592 if ((timeval_ms()-then
) > 1000)
594 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
601 if (!debug_execution
)
603 target
->state
= TARGET_RUNNING
;
604 target
->debug_reason
= DBG_REASON_NOTHALTED
;
606 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
610 target
->state
= TARGET_DEBUG_RUNNING
;
611 target
->debug_reason
= DBG_REASON_NOTHALTED
;
613 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
619 static int arm11_step(struct target
*target
, int current
,
620 uint32_t address
, int handle_breakpoints
)
622 LOG_DEBUG("target->state: %s",
623 target_state_name(target
));
625 if (target
->state
!= TARGET_HALTED
)
627 LOG_WARNING("target was not halted");
628 return ERROR_TARGET_NOT_HALTED
;
631 struct arm11_common
*arm11
= target_to_arm11(target
);
633 address
= arm11_nextpc(arm11
, current
, address
);
635 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
638 /** \todo TODO: Thumb not supported here */
640 uint32_t next_instruction
;
642 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
645 if ((next_instruction
& 0xFFF00070) == 0xe1200070)
647 address
= arm11_nextpc(arm11
, 0, address
+ 4);
648 LOG_DEBUG("Skipping BKPT");
650 /* skip over Wait for interrupt / Standby */
651 /* mcr 15, 0, r?, cr7, cr0, {4} */
652 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90)
654 address
= arm11_nextpc(arm11
, 0, address
+ 4);
655 LOG_DEBUG("Skipping WFI");
657 /* ignore B to self */
658 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
660 LOG_DEBUG("Not stepping jump to self");
664 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
667 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
668 * the VCR might be something worth looking into. */
671 /* Set up breakpoint for stepping */
673 struct arm11_sc7_action brp
[2];
676 brp
[0].address
= ARM11_SC7_BVR0
;
678 brp
[1].address
= ARM11_SC7_BCR0
;
680 if (arm11_config_hardware_step
)
682 /* Hardware single stepping ("instruction address
683 * mismatch") is used if enabled. It's not quite
684 * exactly "run one instruction"; "branch to here"
685 * loops won't break, neither will some other cases,
686 * but it's probably the best default.
688 * Hardware single stepping isn't supported on v6
689 * debug modules. ARM1176 and v7 can support it...
691 * FIXME Thumb stepping likely needs to use 0x03
692 * or 0xc0 byte masks, not 0x0f.
694 brp
[0].value
= address
;
695 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
696 | (0 << 14) | (0 << 16) | (0 << 20)
700 /* Sets a breakpoint on the next PC, as calculated
701 * by instruction set simulation.
703 * REVISIT stepping Thumb on ARM1156 requires Thumb2
704 * support from the simulator.
709 retval
= arm_simulate_step(target
, &next_pc
);
710 if (retval
!= ERROR_OK
)
713 brp
[0].value
= next_pc
;
714 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
715 | (0 << 14) | (0 << 16) | (0 << 20)
719 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
724 if (arm11_config_step_irq_enable
)
725 R(DSCR
) &= ~ARM11_DSCR_INTERRUPTS_DISABLE
; /* should be redundant */
727 R(DSCR
) |= ARM11_DSCR_INTERRUPTS_DISABLE
;
730 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
732 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
734 CHECK_RETVAL(jtag_execute_queue());
741 const uint32_t mask
= ARM11_DSCR_CORE_RESTARTED
742 | ARM11_DSCR_CORE_HALTED
;
744 CHECK_RETVAL(arm11_read_DSCR(arm11
));
745 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
747 if ((arm11
->dscr
& mask
) == mask
)
757 if ((timeval_ms()-then
) > 1000)
759 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
766 /* clear breakpoint */
767 arm11_sc7_clear_vbw(arm11
);
770 CHECK_RETVAL(arm11_debug_entry(arm11
));
772 /* restore default state */
773 R(DSCR
) &= ~ARM11_DSCR_INTERRUPTS_DISABLE
;
777 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
779 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
784 static int arm11_assert_reset(struct target
*target
)
787 struct arm11_common
*arm11
= target_to_arm11(target
);
789 retval
= arm11_check_init(arm11
);
790 if (retval
!= ERROR_OK
)
793 target
->state
= TARGET_UNKNOWN
;
795 /* we would very much like to reset into the halted, state,
796 * but resetting and halting is second best... */
797 if (target
->reset_halt
)
799 CHECK_RETVAL(target_halt(target
));
803 /* srst is funny. We can not do *anything* else while it's asserted
804 * and it has unkonwn side effects. Make sure no other code runs
807 * Code below assumes srst:
809 * - Causes power-on-reset (but of what parts of the system?). Bug
812 * - Messes us TAP state without asserting trst.
814 * - There is another bug in the arm11 core. When you generate an access to
815 * external logic (for example ddr controller via AHB bus) and that block
816 * is not configured (perhaps it is still held in reset), that transaction
817 * will never complete. This will hang arm11 core but it will also hang
818 * JTAG controller. Nothing, short of srst assertion will bring it out of
823 * - What should the PC be after an srst reset when starting in the halted
827 jtag_add_reset(0, 1);
828 jtag_add_reset(0, 0);
830 /* How long do we have to wait? */
831 jtag_add_sleep(5000);
833 /* un-mess up TAP state */
836 retval
= jtag_execute_queue();
837 if (retval
!= ERROR_OK
)
845 static int arm11_deassert_reset(struct target
*target
)
850 static int arm11_soft_reset_halt(struct target
*target
)
852 LOG_WARNING("Not implemented: %s", __func__
);
857 /* target memory access
858 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
859 * count: number of items of <size>
861 * arm11_config_memrw_no_increment - in the future we may want to be able
862 * to read/write a range of data to a "port". a "port" is an action on
863 * read memory address for some peripheral.
865 static int arm11_read_memory_inner(struct target
*target
,
866 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
867 bool arm11_config_memrw_no_increment
)
869 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
872 if (target
->state
!= TARGET_HALTED
)
874 LOG_WARNING("target was not halted");
875 return ERROR_TARGET_NOT_HALTED
;
878 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
880 struct arm11_common
*arm11
= target_to_arm11(target
);
882 retval
= arm11_run_instr_data_prepare(arm11
);
883 if (retval
!= ERROR_OK
)
886 /* MRC p14,0,r0,c0,c5,0 */
887 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
888 if (retval
!= ERROR_OK
)
894 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
896 for (size_t i
= 0; i
< count
; i
++)
898 /* ldrb r1, [r0], #1 */
900 arm11_run_instr_no_data1(arm11
,
901 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000);
904 /* MCR p14,0,R1,c0,c5,0 */
905 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
914 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
916 for (size_t i
= 0; i
< count
; i
++)
918 /* ldrh r1, [r0], #2 */
919 arm11_run_instr_no_data1(arm11
,
920 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0);
924 /* MCR p14,0,R1,c0,c5,0 */
925 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
927 uint16_t svalue
= res
;
928 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
936 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
937 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
938 uint32_t *words
= (uint32_t *)buffer
;
940 /* LDC p14,c5,[R0],#4 */
941 /* LDC p14,c5,[R0] */
942 arm11_run_instr_data_from_core(arm11
, instr
, words
, count
);
947 return arm11_run_instr_data_finish(arm11
);
950 static int arm11_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
952 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
956 * no_increment - in the future we may want to be able
957 * to read/write a range of data to a "port". a "port" is an action on
958 * read memory address for some peripheral.
960 static int arm11_write_memory_inner(struct target
*target
,
961 uint32_t address
, uint32_t size
,
962 uint32_t count
, uint8_t *buffer
,
967 if (target
->state
!= TARGET_HALTED
)
969 LOG_WARNING("target was not halted");
970 return ERROR_TARGET_NOT_HALTED
;
973 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
975 struct arm11_common
*arm11
= target_to_arm11(target
);
977 retval
= arm11_run_instr_data_prepare(arm11
);
978 if (retval
!= ERROR_OK
)
981 /* MRC p14,0,r0,c0,c5,0 */
982 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
983 if (retval
!= ERROR_OK
)
986 /* burst writes are not used for single words as those may well be
987 * reset init script writes.
989 * The other advantage is that as burst writes are default, we'll
990 * now exercise both burst and non-burst code paths with the
991 * default settings, increasing code coverage.
993 bool burst
= arm11_config_memwrite_burst
&& (count
> 1);
999 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
1001 for (size_t i
= 0; i
< count
; i
++)
1003 /* MRC p14,0,r1,c0,c5,0 */
1004 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
1005 if (retval
!= ERROR_OK
)
1008 /* strb r1, [r0], #1 */
1010 retval
= arm11_run_instr_no_data1(arm11
,
1014 if (retval
!= ERROR_OK
)
1023 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
1025 for (size_t i
= 0; i
< count
; i
++)
1028 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
1030 /* MRC p14,0,r1,c0,c5,0 */
1031 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
1032 if (retval
!= ERROR_OK
)
1035 /* strh r1, [r0], #2 */
1037 retval
= arm11_run_instr_no_data1(arm11
,
1041 if (retval
!= ERROR_OK
)
1049 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
1051 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1052 uint32_t *words
= (uint32_t*)buffer
;
1056 /* STC p14,c5,[R0],#4 */
1057 /* STC p14,c5,[R0]*/
1058 retval
= arm11_run_instr_data_to_core(arm11
, instr
, words
, count
);
1059 if (retval
!= ERROR_OK
)
1064 /* STC p14,c5,[R0],#4 */
1065 /* STC p14,c5,[R0]*/
1066 retval
= arm11_run_instr_data_to_core_noack(arm11
, instr
, words
, count
);
1067 if (retval
!= ERROR_OK
)
1075 /* r0 verification */
1080 /* MCR p14,0,R0,c0,c5,0 */
1081 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1082 if (retval
!= ERROR_OK
)
1085 if (address
+ size
* count
!= r0
)
1087 LOG_ERROR("Data transfer failed. Expected end "
1088 "address 0x%08x, got 0x%08x",
1089 (unsigned) (address
+ size
* count
),
1093 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1095 if (arm11_config_memwrite_error_fatal
)
1100 return arm11_run_instr_data_finish(arm11
);
1103 static int arm11_write_memory(struct target
*target
,
1104 uint32_t address
, uint32_t size
,
1105 uint32_t count
, uint8_t *buffer
)
1107 /* pointer increment matters only for multi-unit writes ...
1108 * not e.g. to a "reset the chip" controller.
1110 return arm11_write_memory_inner(target
, address
, size
,
1111 count
, buffer
, count
== 1);
1114 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1115 static int arm11_bulk_write_memory(struct target
*target
,
1116 uint32_t address
, uint32_t count
, uint8_t *buffer
)
1118 if (target
->state
!= TARGET_HALTED
)
1120 LOG_WARNING("target was not halted");
1121 return ERROR_TARGET_NOT_HALTED
;
1124 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1127 /* target break-/watchpoint control
1128 * rw: 0 = write, 1 = read, 2 = access
1130 static int arm11_add_breakpoint(struct target
*target
,
1131 struct breakpoint
*breakpoint
)
1133 struct arm11_common
*arm11
= target_to_arm11(target
);
1136 if (breakpoint
->type
== BKPT_SOFT
)
1138 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1139 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1143 if (!arm11
->free_brps
)
1145 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1146 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1149 if (breakpoint
->length
!= 4)
1151 LOG_DEBUG("only breakpoints of four bytes length supported");
1152 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1160 static int arm11_remove_breakpoint(struct target
*target
,
1161 struct breakpoint
*breakpoint
)
1163 struct arm11_common
*arm11
= target_to_arm11(target
);
1170 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1172 struct arm11_common
*arm11
;
1174 if (target
->tap
== NULL
)
1177 if (target
->tap
->ir_length
!= 5)
1179 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1180 return ERROR_COMMAND_SYNTAX_ERROR
;
1183 arm11
= calloc(1, sizeof *arm11
);
1187 armv4_5_init_arch_info(target
, &arm11
->arm
);
1189 arm11
->jtag_info
.tap
= target
->tap
;
1190 arm11
->jtag_info
.scann_size
= 5;
1191 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1192 /* cur_scan_chain == 0 */
1193 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1198 static int arm11_init_target(struct command_context
*cmd_ctx
,
1199 struct target
*target
)
1201 /* Initialize anything we can set up without talking to the target */
1203 /* REVISIT do we really want such a debug-registers-only cache?
1204 * If we do, it should probably be handled purely by the DPM code,
1205 * so it works identically on the v7a/v7r cores.
1207 return arm11_build_reg_cache(target
);
1210 /* talk to the target and set things up */
1211 static int arm11_examine(struct target
*target
)
1215 struct arm11_common
*arm11
= target_to_arm11(target
);
1216 uint32_t didr
, device_id
;
1217 uint8_t implementor
;
1219 /* FIXME split into do-first-time and do-every-time logic ... */
1223 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1225 struct scan_field idcode_field
;
1227 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1229 arm11_add_dr_scan_vc(1, &idcode_field
, TAP_DRPAUSE
);
1233 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1235 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1237 struct scan_field chain0_fields
[2];
1239 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1240 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1242 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields
), chain0_fields
, TAP_IDLE
);
1244 CHECK_RETVAL(jtag_execute_queue());
1246 switch (device_id
& 0x0FFFF000)
1255 arm11
->arm
.core_type
= ARM_MODE_MON
;
1259 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1262 LOG_INFO("found %s", type
);
1264 /* unlikely this could ever fail, but ... */
1265 switch ((didr
>> 16) & 0x0F) {
1266 case ARM11_DEBUG_V6
:
1267 case ARM11_DEBUG_V61
: /* supports security extensions */
1270 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1274 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1275 arm11
->wrp
= ((didr
>> 28) & 0x0F) + 1;
1277 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1278 arm11
->free_brps
= arm11
->brp
;
1280 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1281 device_id
, implementor
, didr
);
1283 /* as a side-effect this reads DSCR and thus
1284 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1285 * as suggested by the spec.
1288 retval
= arm11_check_init(arm11
);
1289 if (retval
!= ERROR_OK
)
1292 /* Build register cache "late", after target_init(), since we
1293 * want to know if this core supports Secure Monitor mode.
1295 if (!target_was_examined(target
))
1296 retval
= arm11_dpm_init(arm11
, didr
);
1298 /* ETM on ARM11 still uses original scanchain 6 access mode */
1299 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1300 *register_get_last_cache_p(&target
->reg_cache
) =
1301 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1303 retval
= etm_setup(target
);
1306 target_set_examined(target
);
1312 /** Load a register that is marked !valid in the register cache */
1313 static int arm11_get_reg(struct reg
*reg
)
1315 struct arm11_reg_state
*r
= reg
->arch_info
;
1316 struct target
*target
= r
->target
;
1318 if (target
->state
!= TARGET_HALTED
)
1320 LOG_WARNING("target was not halted");
1321 return ERROR_TARGET_NOT_HALTED
;
1324 /** \todo TODO: Check this. We assume that all registers are fetched at debug entry. */
1327 struct arm11_common
*arm11
= target_to_arm11(target
);
1328 const struct arm11_reg_defs
*arm11_reg_info
= arm11_reg_defs
+ ((struct arm11_reg_state
*)reg
->arch_info
)->def_index
;
1334 /** Change a value in the register cache */
1335 static int arm11_set_reg(struct reg
*reg
, uint8_t *buf
)
1337 struct arm11_reg_state
*r
= reg
->arch_info
;
1338 struct target
*target
= r
->target
;
1339 struct arm11_common
*arm11
= target_to_arm11(target
);
1340 // const struct arm11_reg_defs *arm11_reg_info = arm11_reg_defs + ((struct arm11_reg_state *)reg->arch_info)->def_index;
1342 arm11
->reg_values
[((struct arm11_reg_state
*)reg
->arch_info
)->def_index
] = buf_get_u32(buf
, 0, 32);
1349 static const struct reg_arch_type arm11_reg_type
= {
1350 .get
= arm11_get_reg
,
1351 .set
= arm11_set_reg
,
1354 static int arm11_build_reg_cache(struct target
*target
)
1356 struct arm11_common
*arm11
= target_to_arm11(target
);
1357 struct reg_cache
*cache
;
1358 struct reg
*reg_list
;
1359 struct arm11_reg_state
*arm11_reg_states
;
1361 cache
= calloc(1, sizeof *cache
);
1362 reg_list
= calloc(ARM11_REGCACHE_COUNT
, sizeof *reg_list
);
1363 arm11_reg_states
= calloc(ARM11_REGCACHE_COUNT
,
1364 sizeof *arm11_reg_states
);
1365 if (!cache
|| !reg_list
|| !arm11_reg_states
) {
1368 free(arm11_reg_states
);
1372 arm11
->reg_list
= reg_list
;
1374 /* build cache for some of the debug registers */
1375 cache
->name
= "arm11 debug registers";
1376 cache
->reg_list
= reg_list
;
1377 cache
->num_regs
= ARM11_REGCACHE_COUNT
;
1379 struct reg_cache
**cache_p
= register_get_last_cache_p(&target
->reg_cache
);
1382 arm11
->core_cache
= cache
;
1386 /* Not very elegant assertion */
1387 if (ARM11_REGCACHE_COUNT
!= ARRAY_SIZE(arm11
->reg_values
) ||
1388 ARM11_REGCACHE_COUNT
!= ARRAY_SIZE(arm11_reg_defs
) ||
1389 ARM11_REGCACHE_COUNT
!= ARM11_RC_MAX
)
1391 LOG_ERROR("BUG: arm11->reg_values inconsistent (%d %u %u %d)",
1392 ARM11_REGCACHE_COUNT
,
1393 (unsigned) ARRAY_SIZE(arm11
->reg_values
),
1394 (unsigned) ARRAY_SIZE(arm11_reg_defs
),
1396 /* FIXME minimally, use a build_bug_on(X) mechanism;
1397 * runtime exit() here is bad!
1402 for (i
= 0; i
< ARM11_REGCACHE_COUNT
; i
++)
1404 struct reg
* r
= reg_list
+ i
;
1405 const struct arm11_reg_defs
* rd
= arm11_reg_defs
+ i
;
1406 struct arm11_reg_state
* rs
= arm11_reg_states
+ i
;
1410 r
->value
= (uint8_t *)(arm11
->reg_values
+ i
);
1413 r
->type
= &arm11_reg_type
;
1417 rs
->target
= target
;
1423 /* FIXME all these BOOL_WRAPPER things should be modifying
1424 * per-instance state, not shared state; ditto the vector
1425 * catch register support. Scan chains with multiple cores
1426 * should be able to say "work with this core like this,
1427 * that core like that". Example, ARM11 MPCore ...
1430 #define ARM11_BOOL_WRAPPER(name, print_name) \
1431 COMMAND_HANDLER(arm11_handle_bool_##name) \
1433 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1434 &arm11_config_##name, print_name); \
1437 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1438 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1439 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1440 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1442 COMMAND_HANDLER(arm11_handle_vcr
)
1448 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11_vcr
);
1451 return ERROR_COMMAND_SYNTAX_ERROR
;
1454 LOG_INFO("VCR 0x%08" PRIx32
"", arm11_vcr
);
1458 static const struct command_registration arm11_mw_command_handlers
[] = {
1461 .handler
= &arm11_handle_bool_memwrite_burst
,
1462 .mode
= COMMAND_ANY
,
1463 .help
= "Enable/Disable non-standard but fast burst mode"
1464 " (default: enabled)",
1467 .name
= "error_fatal",
1468 .handler
= &arm11_handle_bool_memwrite_error_fatal
,
1469 .mode
= COMMAND_ANY
,
1470 .help
= "Terminate program if transfer error was found"
1471 " (default: enabled)",
1473 COMMAND_REGISTRATION_DONE
1475 static const struct command_registration arm11_any_command_handlers
[] = {
1477 /* "hardware_step" is only here to check if the default
1478 * simulate + breakpoint implementation is broken.
1479 * TEMPORARY! NOT DOCUMENTED! */
1480 .name
= "hardware_step",
1481 .handler
= &arm11_handle_bool_hardware_step
,
1482 .mode
= COMMAND_ANY
,
1483 .help
= "DEBUG ONLY - Hardware single stepping"
1484 " (default: disabled)",
1485 .usage
= "(enable|disable)",
1489 .mode
= COMMAND_ANY
,
1490 .help
= "memwrite command group",
1491 .chain
= arm11_mw_command_handlers
,
1494 .name
= "step_irq_enable",
1495 .handler
= &arm11_handle_bool_step_irq_enable
,
1496 .mode
= COMMAND_ANY
,
1497 .help
= "Enable interrupts while stepping"
1498 " (default: disabled)",
1502 .handler
= &arm11_handle_vcr
,
1503 .mode
= COMMAND_ANY
,
1504 .help
= "Control (Interrupt) Vector Catch Register",
1506 COMMAND_REGISTRATION_DONE
1508 static const struct command_registration arm11_command_handlers
[] = {
1510 .chain
= arm_command_handlers
,
1513 .chain
= etm_command_handlers
,
1517 .mode
= COMMAND_ANY
,
1518 .help
= "ARM11 command group",
1519 .chain
= arm11_any_command_handlers
,
1521 COMMAND_REGISTRATION_DONE
1524 /** Holds methods for ARM11xx targets. */
1525 struct target_type arm11_target
= {
1529 .arch_state
= arm11_arch_state
,
1531 .target_request_data
= arm11_target_request_data
,
1534 .resume
= arm11_resume
,
1537 .assert_reset
= arm11_assert_reset
,
1538 .deassert_reset
= arm11_deassert_reset
,
1539 .soft_reset_halt
= arm11_soft_reset_halt
,
1541 .get_gdb_reg_list
= armv4_5_get_gdb_reg_list
,
1543 .read_memory
= arm11_read_memory
,
1544 .write_memory
= arm11_write_memory
,
1546 .bulk_write_memory
= arm11_bulk_write_memory
,
1548 .checksum_memory
= arm_checksum_memory
,
1549 .blank_check_memory
= arm_blank_check_memory
,
1551 .add_breakpoint
= arm11_add_breakpoint
,
1552 .remove_breakpoint
= arm11_remove_breakpoint
,
1554 .run_algorithm
= armv4_5_run_algorithm
,
1556 .commands
= arm11_command_handlers
,
1557 .target_create
= arm11_target_create
,
1558 .init_target
= arm11_init_target
,
1559 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)