Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM11: tweak TAP ops and debugging
[openocd.git] / src / target / arm11.c
1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
3 * Michael Bruck *
4 * *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
6 * *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
8 * *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
13 * *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
18 * *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
24
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28
29 #include "etm.h"
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include <helper/time_support.h>
34 #include "target_type.h"
35 #include "algorithm.h"
36 #include "register.h"
37
38
39 #if 0
40 #define _DEBUG_INSTRUCTION_EXECUTION_
41 #endif
42
43
44 /* FIXME none of these flags should be global to all ARM11 cores!
45 * Most of them shouldn't exist at all, once the code works...
46 */
47 static bool arm11_config_memwrite_burst = true;
48 static bool arm11_config_memwrite_error_fatal = true;
49 static uint32_t arm11_vcr = 0;
50 static bool arm11_config_step_irq_enable = false;
51 static bool arm11_config_hardware_step = false;
52
53 static int arm11_step(struct target *target, int current,
54 uint32_t address, int handle_breakpoints);
55
56
57 /** Check and if necessary take control of the system
58 *
59 * \param arm11 Target state variable.
60 */
61 static int arm11_check_init(struct arm11_common *arm11)
62 {
63 CHECK_RETVAL(arm11_read_DSCR(arm11));
64 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
65
66 if (!(arm11->dscr & DSCR_HALT_DBG_MODE))
67 {
68 LOG_DEBUG("Bringing target into debug mode");
69
70 arm11->dscr |= DSCR_HALT_DBG_MODE;
71 arm11_write_DSCR(arm11, arm11->dscr);
72
73 /* add further reset initialization here */
74
75 arm11->simulate_reset_on_next_halt = true;
76
77 if (arm11->dscr & DSCR_CORE_HALTED)
78 {
79 /** \todo TODO: this needs further scrutiny because
80 * arm11_debug_entry() never gets called. (WHY NOT?)
81 * As a result we don't read the actual register states from
82 * the target.
83 */
84
85 arm11->arm.target->state = TARGET_HALTED;
86 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
87 }
88 else
89 {
90 arm11->arm.target->state = TARGET_RUNNING;
91 arm11->arm.target->debug_reason = DBG_REASON_NOTHALTED;
92 }
93
94 arm11_sc7_clear_vbw(arm11);
95 }
96
97 return ERROR_OK;
98 }
99
100 /**
101 * Save processor state. This is called after a HALT instruction
102 * succeeds, and on other occasions the processor enters debug mode
103 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
104 */
105 static int arm11_debug_entry(struct arm11_common *arm11)
106 {
107 int retval;
108
109 arm11->arm.target->state = TARGET_HALTED;
110 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
111
112 /* REVISIT entire cache should already be invalid !!! */
113 register_cache_invalidate(arm11->arm.core_cache);
114
115 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
116
117 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
118 arm11->is_wdtr_saved = !!(arm11->dscr & DSCR_DTR_TX_FULL);
119 if (arm11->is_wdtr_saved)
120 {
121 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
122
123 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
124
125 struct scan_field chain5_fields[3];
126
127 arm11_setup_field(arm11, 32, NULL,
128 &arm11->saved_wdtr, chain5_fields + 0);
129 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 1);
130 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
131
132 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
133
134 }
135
136 /* DSCR: set the Execute ARM instruction enable bit.
137 *
138 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
139 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
140 * for executing instructions via ITR.
141 */
142 arm11_write_DSCR(arm11, DSCR_ITR_EN | arm11->dscr);
143
144
145 /* From the spec:
146 Before executing any instruction in debug state you have to drain the write buffer.
147 This ensures that no imprecise Data Aborts can return at a later point:*/
148
149 /** \todo TODO: Test drain write buffer. */
150
151 #if 0
152 while (1)
153 {
154 /* MRC p14,0,R0,c5,c10,0 */
155 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
156
157 /* mcr 15, 0, r0, cr7, cr10, {4} */
158 arm11_run_instr_no_data1(arm11, 0xee070f9a);
159
160 uint32_t dscr = arm11_read_DSCR(arm11);
161
162 LOG_DEBUG("DRAIN, DSCR %08x", dscr);
163
164 if (dscr & ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT)
165 {
166 arm11_run_instr_no_data1(arm11, 0xe320f000);
167
168 dscr = arm11_read_DSCR(arm11);
169
170 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr);
171
172 break;
173 }
174 }
175 #endif
176
177 /* Save registers.
178 *
179 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
180 * CPSR and PC after the rDTR stuff. We do it all at once.
181 */
182 retval = arm_dpm_read_current_registers(&arm11->dpm);
183 if (retval != ERROR_OK)
184 LOG_ERROR("DPM REG READ -- fail %d", retval);
185
186 retval = arm11_run_instr_data_prepare(arm11);
187 if (retval != ERROR_OK)
188 return retval;
189
190 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
191 arm11->is_rdtr_saved = !!(arm11->dscr & DSCR_DTR_RX_FULL);
192 if (arm11->is_rdtr_saved)
193 {
194 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
195 retval = arm11_run_instr_data_from_core_via_r0(arm11,
196 0xEE100E15, &arm11->saved_rdtr);
197 if (retval != ERROR_OK)
198 return retval;
199 }
200
201 /* REVISIT Now that we've saved core state, there's may also
202 * be MMU and cache state to care about ...
203 */
204
205 if (arm11->simulate_reset_on_next_halt)
206 {
207 arm11->simulate_reset_on_next_halt = false;
208
209 LOG_DEBUG("Reset c1 Control Register");
210
211 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
212
213 /* MCR p15,0,R0,c1,c0,0 */
214 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee010f10, 0);
215 if (retval != ERROR_OK)
216 return retval;
217
218 }
219
220 retval = arm11_run_instr_data_finish(arm11);
221 if (retval != ERROR_OK)
222 return retval;
223
224 return ERROR_OK;
225 }
226
227 /**
228 * Restore processor state. This is called in preparation for
229 * the RESTART function.
230 */
231 static int arm11_leave_debug_state(struct arm11_common *arm11, bool bpwp)
232 {
233 int retval;
234
235 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
236
237 /* NOTE: the ARM1136 TRM suggests restoring all registers
238 * except R0/PC/CPSR right now. Instead, we do them all
239 * at once, just a bit later on.
240 */
241
242 /* REVISIT once we start caring about MMU and cache state,
243 * address it here ...
244 */
245
246 /* spec says clear wDTR and rDTR; we assume they are clear as
247 otherwise our programming would be sloppy */
248 {
249 CHECK_RETVAL(arm11_read_DSCR(arm11));
250
251 if (arm11->dscr & (DSCR_DTR_RX_FULL | DSCR_DTR_TX_FULL))
252 {
253 /*
254 The wDTR/rDTR two registers that are used to send/receive data to/from
255 the core in tandem with corresponding instruction codes that are
256 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
257 registers hold data that was written by one side (CPU or JTAG) and not
258 read out by the other side.
259 */
260 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
261 (unsigned) arm11->dscr);
262 return ERROR_FAIL;
263 }
264 }
265
266 /* maybe restore original wDTR */
267 if (arm11->is_wdtr_saved)
268 {
269 retval = arm11_run_instr_data_prepare(arm11);
270 if (retval != ERROR_OK)
271 return retval;
272
273 /* MCR p14,0,R0,c0,c5,0 */
274 retval = arm11_run_instr_data_to_core_via_r0(arm11,
275 0xee000e15, arm11->saved_wdtr);
276 if (retval != ERROR_OK)
277 return retval;
278
279 retval = arm11_run_instr_data_finish(arm11);
280 if (retval != ERROR_OK)
281 return retval;
282 }
283
284 /* restore CPSR, PC, and R0 ... after flushing any modified
285 * registers.
286 */
287 retval = arm_dpm_write_dirty_registers(&arm11->dpm, bpwp);
288
289 register_cache_invalidate(arm11->arm.core_cache);
290
291 /* restore DSCR */
292 arm11_write_DSCR(arm11, arm11->dscr);
293
294 /* maybe restore rDTR */
295 if (arm11->is_rdtr_saved)
296 {
297 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
298
299 arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
300
301 struct scan_field chain5_fields[3];
302
303 uint8_t Ready = 0; /* ignored */
304 uint8_t Valid = 0; /* ignored */
305
306 arm11_setup_field(arm11, 32, &arm11->saved_rdtr,
307 NULL, chain5_fields + 0);
308 arm11_setup_field(arm11, 1, &Ready, NULL, chain5_fields + 1);
309 arm11_setup_field(arm11, 1, &Valid, NULL, chain5_fields + 2);
310
311 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
312 }
313
314 /* now processor is ready to RESTART */
315
316 return ERROR_OK;
317 }
318
319 /* poll current target status */
320 static int arm11_poll(struct target *target)
321 {
322 int retval;
323 struct arm11_common *arm11 = target_to_arm11(target);
324
325 CHECK_RETVAL(arm11_check_init(arm11));
326
327 if (arm11->dscr & DSCR_CORE_HALTED)
328 {
329 if (target->state != TARGET_HALTED)
330 {
331 enum target_state old_state = target->state;
332
333 LOG_DEBUG("enter TARGET_HALTED");
334 retval = arm11_debug_entry(arm11);
335 if (retval != ERROR_OK)
336 return retval;
337
338 target_call_event_callbacks(target,
339 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED);
340 }
341 }
342 else
343 {
344 if (target->state != TARGET_RUNNING && target->state != TARGET_DEBUG_RUNNING)
345 {
346 LOG_DEBUG("enter TARGET_RUNNING");
347 target->state = TARGET_RUNNING;
348 target->debug_reason = DBG_REASON_NOTHALTED;
349 }
350 }
351
352 return ERROR_OK;
353 }
354 /* architecture specific status reply */
355 static int arm11_arch_state(struct target *target)
356 {
357 int retval;
358
359 retval = armv4_5_arch_state(target);
360
361 /* REVISIT also display ARM11-specific MMU and cache status ... */
362
363 return retval;
364 }
365
366 /* target request support */
367 static int arm11_target_request_data(struct target *target,
368 uint32_t size, uint8_t *buffer)
369 {
370 LOG_WARNING("Not implemented: %s", __func__);
371
372 return ERROR_FAIL;
373 }
374
375 /* target execution control */
376 static int arm11_halt(struct target *target)
377 {
378 struct arm11_common *arm11 = target_to_arm11(target);
379
380 LOG_DEBUG("target->state: %s",
381 target_state_name(target));
382
383 if (target->state == TARGET_UNKNOWN)
384 {
385 arm11->simulate_reset_on_next_halt = true;
386 }
387
388 if (target->state == TARGET_HALTED)
389 {
390 LOG_DEBUG("target was already halted");
391 return ERROR_OK;
392 }
393
394 arm11_add_IR(arm11, ARM11_HALT, TAP_IDLE);
395
396 CHECK_RETVAL(jtag_execute_queue());
397
398 int i = 0;
399
400 while (1)
401 {
402 CHECK_RETVAL(arm11_read_DSCR(arm11));
403
404 if (arm11->dscr & DSCR_CORE_HALTED)
405 break;
406
407
408 long long then = 0;
409 if (i == 1000)
410 {
411 then = timeval_ms();
412 }
413 if (i >= 1000)
414 {
415 if ((timeval_ms()-then) > 1000)
416 {
417 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
418 return ERROR_FAIL;
419 }
420 }
421 i++;
422 }
423
424 enum target_state old_state = target->state;
425
426 arm11_debug_entry(arm11);
427
428 CHECK_RETVAL(
429 target_call_event_callbacks(target,
430 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED));
431
432 return ERROR_OK;
433 }
434
435 static uint32_t
436 arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
437 {
438 void *value = arm11->arm.core_cache->reg_list[15].value;
439
440 if (!current)
441 buf_set_u32(value, 0, 32, address);
442 else
443 address = buf_get_u32(value, 0, 32);
444
445 return address;
446 }
447
448 static int arm11_resume(struct target *target, int current,
449 uint32_t address, int handle_breakpoints, int debug_execution)
450 {
451 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
452 // current, address, handle_breakpoints, debug_execution);
453
454 struct arm11_common *arm11 = target_to_arm11(target);
455
456 LOG_DEBUG("target->state: %s",
457 target_state_name(target));
458
459
460 if (target->state != TARGET_HALTED)
461 {
462 LOG_ERROR("Target not halted");
463 return ERROR_TARGET_NOT_HALTED;
464 }
465
466 address = arm11_nextpc(arm11, current, address);
467
468 LOG_DEBUG("RESUME PC %08" PRIx32 "%s", address, !current ? "!" : "");
469
470 /* clear breakpoints/watchpoints and VCR*/
471 arm11_sc7_clear_vbw(arm11);
472
473 if (!debug_execution)
474 target_free_all_working_areas(target);
475
476 /* Set up breakpoints */
477 if (handle_breakpoints)
478 {
479 /* check if one matches PC and step over it if necessary */
480
481 struct breakpoint * bp;
482
483 for (bp = target->breakpoints; bp; bp = bp->next)
484 {
485 if (bp->address == address)
486 {
487 LOG_DEBUG("must step over %08" PRIx32 "", bp->address);
488 arm11_step(target, 1, 0, 0);
489 break;
490 }
491 }
492
493 /* set all breakpoints */
494
495 unsigned brp_num = 0;
496
497 for (bp = target->breakpoints; bp; bp = bp->next)
498 {
499 struct arm11_sc7_action brp[2];
500
501 brp[0].write = 1;
502 brp[0].address = ARM11_SC7_BVR0 + brp_num;
503 brp[0].value = bp->address;
504 brp[1].write = 1;
505 brp[1].address = ARM11_SC7_BCR0 + brp_num;
506 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
507
508 arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp));
509
510 LOG_DEBUG("Add BP %d at %08" PRIx32, brp_num,
511 bp->address);
512
513 brp_num++;
514 }
515
516 if (arm11_vcr)
517 arm11_sc7_set_vcr(arm11, arm11_vcr);
518 }
519
520 arm11_leave_debug_state(arm11, handle_breakpoints);
521
522 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
523
524 CHECK_RETVAL(jtag_execute_queue());
525
526 int i = 0;
527 while (1)
528 {
529 CHECK_RETVAL(arm11_read_DSCR(arm11));
530
531 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
532
533 if (arm11->dscr & DSCR_CORE_RESTARTED)
534 break;
535
536
537 long long then = 0;
538 if (i == 1000)
539 {
540 then = timeval_ms();
541 }
542 if (i >= 1000)
543 {
544 if ((timeval_ms()-then) > 1000)
545 {
546 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
547 return ERROR_FAIL;
548 }
549 }
550 i++;
551 }
552
553 target->debug_reason = DBG_REASON_NOTHALTED;
554 if (!debug_execution)
555 target->state = TARGET_RUNNING;
556 else
557 target->state = TARGET_DEBUG_RUNNING;
558 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
559
560 return ERROR_OK;
561 }
562
563 static int arm11_step(struct target *target, int current,
564 uint32_t address, int handle_breakpoints)
565 {
566 LOG_DEBUG("target->state: %s",
567 target_state_name(target));
568
569 if (target->state != TARGET_HALTED)
570 {
571 LOG_WARNING("target was not halted");
572 return ERROR_TARGET_NOT_HALTED;
573 }
574
575 struct arm11_common *arm11 = target_to_arm11(target);
576
577 address = arm11_nextpc(arm11, current, address);
578
579 LOG_DEBUG("STEP PC %08" PRIx32 "%s", address, !current ? "!" : "");
580
581
582 /** \todo TODO: Thumb not supported here */
583
584 uint32_t next_instruction;
585
586 CHECK_RETVAL(arm11_read_memory_word(arm11, address, &next_instruction));
587
588 /* skip over BKPT */
589 if ((next_instruction & 0xFFF00070) == 0xe1200070)
590 {
591 address = arm11_nextpc(arm11, 0, address + 4);
592 LOG_DEBUG("Skipping BKPT");
593 }
594 /* skip over Wait for interrupt / Standby */
595 /* mcr 15, 0, r?, cr7, cr0, {4} */
596 else if ((next_instruction & 0xFFFF0FFF) == 0xee070f90)
597 {
598 address = arm11_nextpc(arm11, 0, address + 4);
599 LOG_DEBUG("Skipping WFI");
600 }
601 /* ignore B to self */
602 else if ((next_instruction & 0xFEFFFFFF) == 0xeafffffe)
603 {
604 LOG_DEBUG("Not stepping jump to self");
605 }
606 else
607 {
608 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
609 * with this. */
610
611 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
612 * the VCR might be something worth looking into. */
613
614
615 /* Set up breakpoint for stepping */
616
617 struct arm11_sc7_action brp[2];
618
619 brp[0].write = 1;
620 brp[0].address = ARM11_SC7_BVR0;
621 brp[1].write = 1;
622 brp[1].address = ARM11_SC7_BCR0;
623
624 if (arm11_config_hardware_step)
625 {
626 /* Hardware single stepping ("instruction address
627 * mismatch") is used if enabled. It's not quite
628 * exactly "run one instruction"; "branch to here"
629 * loops won't break, neither will some other cases,
630 * but it's probably the best default.
631 *
632 * Hardware single stepping isn't supported on v6
633 * debug modules. ARM1176 and v7 can support it...
634 *
635 * FIXME Thumb stepping likely needs to use 0x03
636 * or 0xc0 byte masks, not 0x0f.
637 */
638 brp[0].value = address;
639 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
640 | (0 << 14) | (0 << 16) | (0 << 20)
641 | (2 << 21);
642 } else
643 {
644 /* Sets a breakpoint on the next PC, as calculated
645 * by instruction set simulation.
646 *
647 * REVISIT stepping Thumb on ARM1156 requires Thumb2
648 * support from the simulator.
649 */
650 uint32_t next_pc;
651 int retval;
652
653 retval = arm_simulate_step(target, &next_pc);
654 if (retval != ERROR_OK)
655 return retval;
656
657 brp[0].value = next_pc;
658 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
659 | (0 << 14) | (0 << 16) | (0 << 20)
660 | (0 << 21);
661 }
662
663 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
664
665 /* resume */
666
667
668 if (arm11_config_step_irq_enable)
669 /* this disable should be redundant ... */
670 arm11->dscr &= ~DSCR_INT_DIS;
671 else
672 arm11->dscr |= DSCR_INT_DIS;
673
674
675 CHECK_RETVAL(arm11_leave_debug_state(arm11, handle_breakpoints));
676
677 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
678
679 CHECK_RETVAL(jtag_execute_queue());
680
681 /* wait for halt */
682 int i = 0;
683
684 while (1)
685 {
686 const uint32_t mask = DSCR_CORE_RESTARTED
687 | DSCR_CORE_HALTED;
688
689 CHECK_RETVAL(arm11_read_DSCR(arm11));
690 LOG_DEBUG("DSCR %08x e", (unsigned) arm11->dscr);
691
692 if ((arm11->dscr & mask) == mask)
693 break;
694
695 long long then = 0;
696 if (i == 1000)
697 {
698 then = timeval_ms();
699 }
700 if (i >= 1000)
701 {
702 if ((timeval_ms()-then) > 1000)
703 {
704 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
705 return ERROR_FAIL;
706 }
707 }
708 i++;
709 }
710
711 /* clear breakpoint */
712 arm11_sc7_clear_vbw(arm11);
713
714 /* save state */
715 CHECK_RETVAL(arm11_debug_entry(arm11));
716
717 /* restore default state */
718 arm11->dscr &= ~DSCR_INT_DIS;
719
720 }
721
722 target->debug_reason = DBG_REASON_SINGLESTEP;
723
724 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_HALTED));
725
726 return ERROR_OK;
727 }
728
729 static int arm11_assert_reset(struct target *target)
730 {
731 int retval;
732 struct arm11_common *arm11 = target_to_arm11(target);
733
734 retval = arm11_check_init(arm11);
735 if (retval != ERROR_OK)
736 return retval;
737
738 target->state = TARGET_UNKNOWN;
739
740 /* we would very much like to reset into the halted, state,
741 * but resetting and halting is second best... */
742 if (target->reset_halt)
743 {
744 CHECK_RETVAL(target_halt(target));
745 }
746
747
748 /* srst is funny. We can not do *anything* else while it's asserted
749 * and it has unkonwn side effects. Make sure no other code runs
750 * meanwhile.
751 *
752 * Code below assumes srst:
753 *
754 * - Causes power-on-reset (but of what parts of the system?). Bug
755 * in arm11?
756 *
757 * - Messes us TAP state without asserting trst.
758 *
759 * - There is another bug in the arm11 core. When you generate an access to
760 * external logic (for example ddr controller via AHB bus) and that block
761 * is not configured (perhaps it is still held in reset), that transaction
762 * will never complete. This will hang arm11 core but it will also hang
763 * JTAG controller. Nothing, short of srst assertion will bring it out of
764 * this.
765 *
766 * Mysteries:
767 *
768 * - What should the PC be after an srst reset when starting in the halted
769 * state?
770 */
771
772 jtag_add_reset(0, 1);
773 jtag_add_reset(0, 0);
774
775 /* How long do we have to wait? */
776 jtag_add_sleep(5000);
777
778 /* un-mess up TAP state */
779 jtag_add_tlr();
780
781 retval = jtag_execute_queue();
782 if (retval != ERROR_OK)
783 {
784 return retval;
785 }
786
787 return ERROR_OK;
788 }
789
790 static int arm11_deassert_reset(struct target *target)
791 {
792 return ERROR_OK;
793 }
794
795 static int arm11_soft_reset_halt(struct target *target)
796 {
797 LOG_WARNING("Not implemented: %s", __func__);
798
799 return ERROR_FAIL;
800 }
801
802 /* target memory access
803 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
804 * count: number of items of <size>
805 *
806 * arm11_config_memrw_no_increment - in the future we may want to be able
807 * to read/write a range of data to a "port". a "port" is an action on
808 * read memory address for some peripheral.
809 */
810 static int arm11_read_memory_inner(struct target *target,
811 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer,
812 bool arm11_config_memrw_no_increment)
813 {
814 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
815 int retval;
816
817 if (target->state != TARGET_HALTED)
818 {
819 LOG_WARNING("target was not halted");
820 return ERROR_TARGET_NOT_HALTED;
821 }
822
823 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
824
825 struct arm11_common *arm11 = target_to_arm11(target);
826
827 retval = arm11_run_instr_data_prepare(arm11);
828 if (retval != ERROR_OK)
829 return retval;
830
831 /* MRC p14,0,r0,c0,c5,0 */
832 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
833 if (retval != ERROR_OK)
834 return retval;
835
836 switch (size)
837 {
838 case 1:
839 arm11->arm.core_cache->reg_list[1].dirty = true;
840
841 for (size_t i = 0; i < count; i++)
842 {
843 /* ldrb r1, [r0], #1 */
844 /* ldrb r1, [r0] */
845 arm11_run_instr_no_data1(arm11,
846 !arm11_config_memrw_no_increment ? 0xe4d01001 : 0xe5d01000);
847
848 uint32_t res;
849 /* MCR p14,0,R1,c0,c5,0 */
850 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
851
852 *buffer++ = res;
853 }
854
855 break;
856
857 case 2:
858 {
859 arm11->arm.core_cache->reg_list[1].dirty = true;
860
861 for (size_t i = 0; i < count; i++)
862 {
863 /* ldrh r1, [r0], #2 */
864 arm11_run_instr_no_data1(arm11,
865 !arm11_config_memrw_no_increment ? 0xe0d010b2 : 0xe1d010b0);
866
867 uint32_t res;
868
869 /* MCR p14,0,R1,c0,c5,0 */
870 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
871
872 uint16_t svalue = res;
873 memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
874 }
875
876 break;
877 }
878
879 case 4:
880 {
881 uint32_t instr = !arm11_config_memrw_no_increment ? 0xecb05e01 : 0xed905e00;
882 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
883 uint32_t *words = (uint32_t *)buffer;
884
885 /* LDC p14,c5,[R0],#4 */
886 /* LDC p14,c5,[R0] */
887 arm11_run_instr_data_from_core(arm11, instr, words, count);
888 break;
889 }
890 }
891
892 return arm11_run_instr_data_finish(arm11);
893 }
894
895 static int arm11_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
896 {
897 return arm11_read_memory_inner(target, address, size, count, buffer, false);
898 }
899
900 /*
901 * no_increment - in the future we may want to be able
902 * to read/write a range of data to a "port". a "port" is an action on
903 * read memory address for some peripheral.
904 */
905 static int arm11_write_memory_inner(struct target *target,
906 uint32_t address, uint32_t size,
907 uint32_t count, uint8_t *buffer,
908 bool no_increment)
909 {
910 int retval;
911
912 if (target->state != TARGET_HALTED)
913 {
914 LOG_WARNING("target was not halted");
915 return ERROR_TARGET_NOT_HALTED;
916 }
917
918 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
919
920 struct arm11_common *arm11 = target_to_arm11(target);
921
922 retval = arm11_run_instr_data_prepare(arm11);
923 if (retval != ERROR_OK)
924 return retval;
925
926 /* MRC p14,0,r0,c0,c5,0 */
927 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
928 if (retval != ERROR_OK)
929 return retval;
930
931 /* burst writes are not used for single words as those may well be
932 * reset init script writes.
933 *
934 * The other advantage is that as burst writes are default, we'll
935 * now exercise both burst and non-burst code paths with the
936 * default settings, increasing code coverage.
937 */
938 bool burst = arm11_config_memwrite_burst && (count > 1);
939
940 switch (size)
941 {
942 case 1:
943 {
944 arm11->arm.core_cache->reg_list[1].dirty = true;
945
946 for (size_t i = 0; i < count; i++)
947 {
948 /* MRC p14,0,r1,c0,c5,0 */
949 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, *buffer++);
950 if (retval != ERROR_OK)
951 return retval;
952
953 /* strb r1, [r0], #1 */
954 /* strb r1, [r0] */
955 retval = arm11_run_instr_no_data1(arm11,
956 !no_increment
957 ? 0xe4c01001
958 : 0xe5c01000);
959 if (retval != ERROR_OK)
960 return retval;
961 }
962
963 break;
964 }
965
966 case 2:
967 {
968 arm11->arm.core_cache->reg_list[1].dirty = true;
969
970 for (size_t i = 0; i < count; i++)
971 {
972 uint16_t value;
973 memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
974
975 /* MRC p14,0,r1,c0,c5,0 */
976 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, value);
977 if (retval != ERROR_OK)
978 return retval;
979
980 /* strh r1, [r0], #2 */
981 /* strh r1, [r0] */
982 retval = arm11_run_instr_no_data1(arm11,
983 !no_increment
984 ? 0xe0c010b2
985 : 0xe1c010b0);
986 if (retval != ERROR_OK)
987 return retval;
988 }
989
990 break;
991 }
992
993 case 4: {
994 uint32_t instr = !no_increment ? 0xeca05e01 : 0xed805e00;
995
996 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
997 uint32_t *words = (uint32_t*)buffer;
998
999 if (!burst)
1000 {
1001 /* STC p14,c5,[R0],#4 */
1002 /* STC p14,c5,[R0]*/
1003 retval = arm11_run_instr_data_to_core(arm11, instr, words, count);
1004 if (retval != ERROR_OK)
1005 return retval;
1006 }
1007 else
1008 {
1009 /* STC p14,c5,[R0],#4 */
1010 /* STC p14,c5,[R0]*/
1011 retval = arm11_run_instr_data_to_core_noack(arm11, instr, words, count);
1012 if (retval != ERROR_OK)
1013 return retval;
1014 }
1015
1016 break;
1017 }
1018 }
1019
1020 /* r0 verification */
1021 if (!no_increment)
1022 {
1023 uint32_t r0;
1024
1025 /* MCR p14,0,R0,c0,c5,0 */
1026 retval = arm11_run_instr_data_from_core(arm11, 0xEE000E15, &r0, 1);
1027 if (retval != ERROR_OK)
1028 return retval;
1029
1030 if (address + size * count != r0)
1031 {
1032 LOG_ERROR("Data transfer failed. Expected end "
1033 "address 0x%08x, got 0x%08x",
1034 (unsigned) (address + size * count),
1035 (unsigned) r0);
1036
1037 if (burst)
1038 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1039
1040 if (arm11_config_memwrite_error_fatal)
1041 return ERROR_FAIL;
1042 }
1043 }
1044
1045 return arm11_run_instr_data_finish(arm11);
1046 }
1047
1048 static int arm11_write_memory(struct target *target,
1049 uint32_t address, uint32_t size,
1050 uint32_t count, uint8_t *buffer)
1051 {
1052 /* pointer increment matters only for multi-unit writes ...
1053 * not e.g. to a "reset the chip" controller.
1054 */
1055 return arm11_write_memory_inner(target, address, size,
1056 count, buffer, count == 1);
1057 }
1058
1059 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1060 static int arm11_bulk_write_memory(struct target *target,
1061 uint32_t address, uint32_t count, uint8_t *buffer)
1062 {
1063 if (target->state != TARGET_HALTED)
1064 {
1065 LOG_WARNING("target was not halted");
1066 return ERROR_TARGET_NOT_HALTED;
1067 }
1068
1069 return arm11_write_memory(target, address, 4, count, buffer);
1070 }
1071
1072 /* target break-/watchpoint control
1073 * rw: 0 = write, 1 = read, 2 = access
1074 */
1075 static int arm11_add_breakpoint(struct target *target,
1076 struct breakpoint *breakpoint)
1077 {
1078 struct arm11_common *arm11 = target_to_arm11(target);
1079
1080 #if 0
1081 if (breakpoint->type == BKPT_SOFT)
1082 {
1083 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1084 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1085 }
1086 #endif
1087
1088 if (!arm11->free_brps)
1089 {
1090 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1091 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1092 }
1093
1094 if (breakpoint->length != 4)
1095 {
1096 LOG_DEBUG("only breakpoints of four bytes length supported");
1097 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1098 }
1099
1100 arm11->free_brps--;
1101
1102 return ERROR_OK;
1103 }
1104
1105 static int arm11_remove_breakpoint(struct target *target,
1106 struct breakpoint *breakpoint)
1107 {
1108 struct arm11_common *arm11 = target_to_arm11(target);
1109
1110 arm11->free_brps++;
1111
1112 return ERROR_OK;
1113 }
1114
1115 static int arm11_target_create(struct target *target, Jim_Interp *interp)
1116 {
1117 struct arm11_common *arm11;
1118
1119 if (target->tap == NULL)
1120 return ERROR_FAIL;
1121
1122 if (target->tap->ir_length != 5)
1123 {
1124 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1125 return ERROR_COMMAND_SYNTAX_ERROR;
1126 }
1127
1128 arm11 = calloc(1, sizeof *arm11);
1129 if (!arm11)
1130 return ERROR_FAIL;
1131
1132 armv4_5_init_arch_info(target, &arm11->arm);
1133
1134 arm11->jtag_info.tap = target->tap;
1135 arm11->jtag_info.scann_size = 5;
1136 arm11->jtag_info.scann_instr = ARM11_SCAN_N;
1137 arm11->jtag_info.cur_scan_chain = ~0; /* invalid/unknown */
1138 arm11->jtag_info.intest_instr = ARM11_INTEST;
1139
1140 return ERROR_OK;
1141 }
1142
1143 static int arm11_init_target(struct command_context *cmd_ctx,
1144 struct target *target)
1145 {
1146 /* Initialize anything we can set up without talking to the target */
1147 return ERROR_OK;
1148 }
1149
1150 /* talk to the target and set things up */
1151 static int arm11_examine(struct target *target)
1152 {
1153 int retval;
1154 char *type;
1155 struct arm11_common *arm11 = target_to_arm11(target);
1156 uint32_t didr, device_id;
1157 uint8_t implementor;
1158
1159 /* FIXME split into do-first-time and do-every-time logic ... */
1160
1161 /* check IDCODE */
1162
1163 arm11_add_IR(arm11, ARM11_IDCODE, ARM11_TAP_DEFAULT);
1164
1165 struct scan_field idcode_field;
1166
1167 arm11_setup_field(arm11, 32, NULL, &device_id, &idcode_field);
1168
1169 arm11_add_dr_scan_vc(1, &idcode_field, TAP_DRPAUSE);
1170
1171 /* check DIDR */
1172
1173 arm11_add_debug_SCAN_N(arm11, 0x00, ARM11_TAP_DEFAULT);
1174
1175 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
1176
1177 struct scan_field chain0_fields[2];
1178
1179 arm11_setup_field(arm11, 32, NULL, &didr, chain0_fields + 0);
1180 arm11_setup_field(arm11, 8, NULL, &implementor, chain0_fields + 1);
1181
1182 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields), chain0_fields, TAP_IDLE);
1183
1184 CHECK_RETVAL(jtag_execute_queue());
1185
1186 switch (device_id & 0x0FFFF000)
1187 {
1188 case 0x07B36000:
1189 type = "ARM1136";
1190 break;
1191 case 0x07B56000:
1192 type = "ARM1156";
1193 break;
1194 case 0x07B76000:
1195 arm11->arm.core_type = ARM_MODE_MON;
1196 type = "ARM1176";
1197 break;
1198 default:
1199 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1200 return ERROR_FAIL;
1201 }
1202 LOG_INFO("found %s", type);
1203
1204 /* unlikely this could ever fail, but ... */
1205 switch ((didr >> 16) & 0x0F) {
1206 case ARM11_DEBUG_V6:
1207 case ARM11_DEBUG_V61: /* supports security extensions */
1208 break;
1209 default:
1210 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1211 return ERROR_FAIL;
1212 }
1213
1214 arm11->brp = ((didr >> 24) & 0x0F) + 1;
1215 arm11->wrp = ((didr >> 28) & 0x0F) + 1;
1216
1217 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1218 arm11->free_brps = arm11->brp;
1219
1220 LOG_DEBUG("IDCODE %08" PRIx32 " IMPLEMENTOR %02x DIDR %08" PRIx32,
1221 device_id, implementor, didr);
1222
1223 /* as a side-effect this reads DSCR and thus
1224 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1225 * as suggested by the spec.
1226 */
1227
1228 retval = arm11_check_init(arm11);
1229 if (retval != ERROR_OK)
1230 return retval;
1231
1232 /* Build register cache "late", after target_init(), since we
1233 * want to know if this core supports Secure Monitor mode.
1234 */
1235 if (!target_was_examined(target))
1236 retval = arm11_dpm_init(arm11, didr);
1237
1238 /* ETM on ARM11 still uses original scanchain 6 access mode */
1239 if (arm11->arm.etm && !target_was_examined(target)) {
1240 *register_get_last_cache_p(&target->reg_cache) =
1241 etm_build_reg_cache(target, &arm11->jtag_info,
1242 arm11->arm.etm);
1243 retval = etm_setup(target);
1244 }
1245
1246 target_set_examined(target);
1247
1248 return ERROR_OK;
1249 }
1250
1251
1252 /* FIXME all these BOOL_WRAPPER things should be modifying
1253 * per-instance state, not shared state; ditto the vector
1254 * catch register support. Scan chains with multiple cores
1255 * should be able to say "work with this core like this,
1256 * that core like that". Example, ARM11 MPCore ...
1257 */
1258
1259 #define ARM11_BOOL_WRAPPER(name, print_name) \
1260 COMMAND_HANDLER(arm11_handle_bool_##name) \
1261 { \
1262 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1263 &arm11_config_##name, print_name); \
1264 }
1265
1266 ARM11_BOOL_WRAPPER(memwrite_burst, "memory write burst mode")
1267 ARM11_BOOL_WRAPPER(memwrite_error_fatal, "fatal error mode for memory writes")
1268 ARM11_BOOL_WRAPPER(step_irq_enable, "IRQs while stepping")
1269 ARM11_BOOL_WRAPPER(hardware_step, "hardware single step")
1270
1271 COMMAND_HANDLER(arm11_handle_vcr)
1272 {
1273 switch (CMD_ARGC) {
1274 case 0:
1275 break;
1276 case 1:
1277 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], arm11_vcr);
1278 break;
1279 default:
1280 return ERROR_COMMAND_SYNTAX_ERROR;
1281 }
1282
1283 LOG_INFO("VCR 0x%08" PRIx32 "", arm11_vcr);
1284 return ERROR_OK;
1285 }
1286
1287 static const struct command_registration arm11_mw_command_handlers[] = {
1288 {
1289 .name = "burst",
1290 .handler = &arm11_handle_bool_memwrite_burst,
1291 .mode = COMMAND_ANY,
1292 .help = "Enable/Disable non-standard but fast burst mode"
1293 " (default: enabled)",
1294 },
1295 {
1296 .name = "error_fatal",
1297 .handler = &arm11_handle_bool_memwrite_error_fatal,
1298 .mode = COMMAND_ANY,
1299 .help = "Terminate program if transfer error was found"
1300 " (default: enabled)",
1301 },
1302 COMMAND_REGISTRATION_DONE
1303 };
1304 static const struct command_registration arm11_any_command_handlers[] = {
1305 {
1306 /* "hardware_step" is only here to check if the default
1307 * simulate + breakpoint implementation is broken.
1308 * TEMPORARY! NOT DOCUMENTED! */
1309 .name = "hardware_step",
1310 .handler = &arm11_handle_bool_hardware_step,
1311 .mode = COMMAND_ANY,
1312 .help = "DEBUG ONLY - Hardware single stepping"
1313 " (default: disabled)",
1314 .usage = "(enable|disable)",
1315 },
1316 {
1317 .name = "memwrite",
1318 .mode = COMMAND_ANY,
1319 .help = "memwrite command group",
1320 .chain = arm11_mw_command_handlers,
1321 },
1322 {
1323 .name = "step_irq_enable",
1324 .handler = &arm11_handle_bool_step_irq_enable,
1325 .mode = COMMAND_ANY,
1326 .help = "Enable interrupts while stepping"
1327 " (default: disabled)",
1328 },
1329 {
1330 .name = "vcr",
1331 .handler = &arm11_handle_vcr,
1332 .mode = COMMAND_ANY,
1333 .help = "Control (Interrupt) Vector Catch Register",
1334 },
1335 COMMAND_REGISTRATION_DONE
1336 };
1337 static const struct command_registration arm11_command_handlers[] = {
1338 {
1339 .chain = arm_command_handlers,
1340 },
1341 {
1342 .chain = etm_command_handlers,
1343 },
1344 {
1345 .name = "arm11",
1346 .mode = COMMAND_ANY,
1347 .help = "ARM11 command group",
1348 .chain = arm11_any_command_handlers,
1349 },
1350 COMMAND_REGISTRATION_DONE
1351 };
1352
1353 /** Holds methods for ARM11xx targets. */
1354 struct target_type arm11_target = {
1355 .name = "arm11",
1356
1357 .poll = arm11_poll,
1358 .arch_state = arm11_arch_state,
1359
1360 .target_request_data = arm11_target_request_data,
1361
1362 .halt = arm11_halt,
1363 .resume = arm11_resume,
1364 .step = arm11_step,
1365
1366 .assert_reset = arm11_assert_reset,
1367 .deassert_reset = arm11_deassert_reset,
1368 .soft_reset_halt = arm11_soft_reset_halt,
1369
1370 .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
1371
1372 .read_memory = arm11_read_memory,
1373 .write_memory = arm11_write_memory,
1374
1375 .bulk_write_memory = arm11_bulk_write_memory,
1376
1377 .checksum_memory = arm_checksum_memory,
1378 .blank_check_memory = arm_blank_check_memory,
1379
1380 .add_breakpoint = arm11_add_breakpoint,
1381 .remove_breakpoint = arm11_remove_breakpoint,
1382
1383 .run_algorithm = armv4_5_run_algorithm,
1384
1385 .commands = arm11_command_handlers,
1386 .target_create = arm11_target_create,
1387 .init_target = arm11_init_target,
1388 .examine = arm11_examine,
1389 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)