09e8b78c40a63e422ae7a59a29cbbe647d328d81
[openocd.git] / src / target / arm11_dbgtap.c
1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
3 * *
4 * Copyright (C) 2008 Oyvind Harboe oyvind.harboe@zylin.com *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #include "arm11.h"
27 #include "jtag.h"
28 #include "log.h"
29
30 #include <stdlib.h>
31 #include <string.h>
32
33 #if 0
34 #define JTAG_DEBUG(expr ...) DEBUG(expr)
35 #else
36 #define JTAG_DEBUG(expr ...) do {} while(0)
37 #endif
38
39 enum tap_state arm11_move_pi_to_si_via_ci[] =
40 {
41 TAP_E2I, TAP_UI, TAP_SDS, TAP_SIS, TAP_CI, TAP_SI
42 };
43
44
45 int arm11_add_ir_scan_vc(int num_fields, scan_field_t *fields, enum tap_state state)
46 {
47 if (cmd_queue_cur_state == TAP_PI)
48 jtag_add_pathmove(asizeof(arm11_move_pi_to_si_via_ci), arm11_move_pi_to_si_via_ci);
49
50 jtag_add_ir_scan(num_fields, fields, state);
51 return ERROR_OK;
52 }
53
54 enum tap_state arm11_move_pd_to_sd_via_cd[] =
55 {
56 TAP_E2D, TAP_UD, TAP_SDS, TAP_CD, TAP_SD
57 };
58
59 int arm11_add_dr_scan_vc(int num_fields, scan_field_t *fields, enum tap_state state)
60 {
61 if (cmd_queue_cur_state == TAP_PD)
62 jtag_add_pathmove(asizeof(arm11_move_pd_to_sd_via_cd), arm11_move_pd_to_sd_via_cd);
63
64 jtag_add_dr_scan(num_fields, fields, state);
65 return ERROR_OK;
66 }
67
68
69 /** Code de-clutter: Construct scan_field_t to write out a value
70 *
71 * \param arm11 Target state variable.
72 * \param num_bits Length of the data field
73 * \param out_data pointer to the data that will be sent out
74 * <em>(data is read when it is added to the JTAG queue)</em>
75 * \param in_data pointer to the memory that will receive data that was clocked in
76 * <em>(data is written when the JTAG queue is executed)</em>
77 * \param field target data structure that will be initialized
78 */
79 void arm11_setup_field(arm11_common_t * arm11, int num_bits, void * out_data, void * in_data, scan_field_t * field)
80 {
81 field->device = arm11->jtag_info.chain_pos;
82 field->num_bits = num_bits;
83 field->out_mask = NULL;
84 field->in_check_mask = NULL;
85 field->in_check_value = NULL;
86 field->in_handler = NULL;
87 field->in_handler_priv = NULL;
88
89 field->out_value = out_data;
90 field->in_value = in_data;
91 }
92
93
94 /** Write JTAG instruction register
95 *
96 * \param arm11 Target state variable.
97 * \param instr An ARM11 DBGTAP instruction. Use enum #arm11_instructions.
98 * \param state Pass the final TAP state or -1 for the default value (Pause-IR).
99 *
100 * \remarks This adds to the JTAG command queue but does \em not execute it.
101 */
102 void arm11_add_IR(arm11_common_t * arm11, u8 instr, enum tap_state state)
103 {
104 jtag_device_t *device = jtag_get_device(arm11->jtag_info.chain_pos);
105 if (device==NULL)
106 {
107 /* FIX!!!! error is logged, but not propagated back up the call stack... */
108 }
109
110 if (buf_get_u32(device->cur_instr, 0, 5) == instr)
111 {
112 JTAG_DEBUG("IR <= 0x%02x SKIPPED", instr);
113 return;
114 }
115
116 JTAG_DEBUG("IR <= 0x%02x", instr);
117
118 scan_field_t field;
119
120 arm11_setup_field(arm11, 5, &instr, NULL, &field);
121
122 arm11_add_ir_scan_vc(1, &field, state == -1 ? TAP_PI : state);
123 }
124
125 /** Verify shifted out data from Scan Chain Register (SCREG)
126 * Used as parameter to scan_field_t::in_handler in
127 * arm11_add_debug_SCAN_N().
128 *
129 */
130 static int arm11_in_handler_SCAN_N(u8 *in_value, void *priv, struct scan_field_s *field)
131 {
132 /** \todo TODO: clarify why this isnt properly masked in jtag.c jtag_read_buffer() */
133 u8 v = *in_value & 0x1F;
134
135 if (v != 0x10)
136 {
137 LOG_ERROR("'arm11 target' JTAG communication error SCREG SCAN OUT 0x%02x (expected 0x10)", v);
138 return ERROR_FAIL;
139 }
140
141 JTAG_DEBUG("SCREG SCAN OUT 0x%02x", v);
142 return ERROR_OK;
143 }
144
145 /** Select and write to Scan Chain Register (SCREG)
146 *
147 * This function sets the instruction register to SCAN_N and writes
148 * the data register with the selected chain number.
149 *
150 * http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301f/Cacbjhfg.html
151 *
152 * \param arm11 Target state variable.
153 * \param chain Scan chain that will be selected.
154 * \param state Pass the final TAP state or -1 for the default
155 * value (Pause-DR).
156 *
157 * The chain takes effect when Update-DR is passed (usually when subsequently
158 * the INTEXT/EXTEST instructions are written).
159 *
160 * \warning (Obsolete) Using this twice in a row will \em fail. The first call will end
161 * in Pause-DR. The second call, due to the IR caching, will not
162 * go through Capture-DR when shifting in the new scan chain number.
163 * As a result the verification in arm11_in_handler_SCAN_N() must
164 * fail.
165 *
166 * \remarks This adds to the JTAG command queue but does \em not execute it.
167 */
168
169 void arm11_add_debug_SCAN_N(arm11_common_t * arm11, u8 chain, enum tap_state state)
170 {
171 JTAG_DEBUG("SCREG <= 0x%02x", chain);
172
173 arm11_add_IR(arm11, ARM11_SCAN_N, -1);
174
175 scan_field_t field;
176
177 arm11_setup_field(arm11, 5, &chain, NULL, &field);
178
179 field.in_handler = arm11_in_handler_SCAN_N;
180
181 arm11_add_dr_scan_vc(1, &field, state == -1 ? TAP_PD : state);
182 }
183
184 /** Write an instruction into the ITR register
185 *
186 * \param arm11 Target state variable.
187 * \param inst An ARM11 processor instruction/opcode.
188 * \param flag Optional parameter to retrieve the InstCompl flag
189 * (this will be written when the JTAG chain is executed).
190 * \param state Pass the final TAP state or -1 for the default
191 * value (Run-Test/Idle).
192 *
193 * \remarks By default this ends with Run-Test/Idle state
194 * and causes the instruction to be executed. If
195 * a subsequent write to DTR is needed before
196 * executing the instruction then TAP_PD should be
197 * passed to \p state.
198 *
199 * \remarks This adds to the JTAG command queue but does \em not execute it.
200 */
201 void arm11_add_debug_INST(arm11_common_t * arm11, u32 inst, u8 * flag, enum tap_state state)
202 {
203 JTAG_DEBUG("INST <= 0x%08x", inst);
204
205 scan_field_t itr[2];
206
207 arm11_setup_field(arm11, 32, &inst, NULL, itr + 0);
208 arm11_setup_field(arm11, 1, NULL, flag, itr + 1);
209
210 arm11_add_dr_scan_vc(asizeof(itr), itr, state == -1 ? TAP_RTI : state);
211 }
212
213 /** Read the Debug Status and Control Register (DSCR)
214 *
215 * same as CP14 c1
216 *
217 * \param arm11 Target state variable.
218 * \return DSCR content
219 *
220 * \remarks This is a stand-alone function that executes the JTAG command queue.
221 */
222 u32 arm11_read_DSCR(arm11_common_t * arm11)
223 {
224 arm11_add_debug_SCAN_N(arm11, 0x01, -1);
225
226 arm11_add_IR(arm11, ARM11_INTEST, -1);
227
228 u32 dscr;
229 scan_field_t chain1_field;
230
231 arm11_setup_field(arm11, 32, NULL, &dscr, &chain1_field);
232
233 arm11_add_dr_scan_vc(1, &chain1_field, TAP_PD);
234
235 jtag_execute_queue();
236
237 if (arm11->last_dscr != dscr)
238 JTAG_DEBUG("DSCR = %08x (OLD %08x)", dscr, arm11->last_dscr);
239
240 arm11->last_dscr = dscr;
241
242 return dscr;
243 }
244
245 /** Write the Debug Status and Control Register (DSCR)
246 *
247 * same as CP14 c1
248 *
249 * \param arm11 Target state variable.
250 * \param dscr DSCR content
251 *
252 * \remarks This is a stand-alone function that executes the JTAG command queue.
253 */
254 void arm11_write_DSCR(arm11_common_t * arm11, u32 dscr)
255 {
256 arm11_add_debug_SCAN_N(arm11, 0x01, -1);
257
258 arm11_add_IR(arm11, ARM11_EXTEST, -1);
259
260 scan_field_t chain1_field;
261
262 arm11_setup_field(arm11, 32, &dscr, NULL, &chain1_field);
263
264 arm11_add_dr_scan_vc(1, &chain1_field, TAP_PD);
265
266 jtag_execute_queue();
267
268 JTAG_DEBUG("DSCR <= %08x (OLD %08x)", dscr, arm11->last_dscr);
269
270 arm11->last_dscr = dscr;
271 }
272
273
274
275 /** Get the debug reason from Debug Status and Control Register (DSCR)
276 *
277 * \param dscr DSCR value to analyze
278 * \return Debug reason
279 *
280 */
281 enum target_debug_reason arm11_get_DSCR_debug_reason(u32 dscr)
282 {
283 switch (dscr & ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_MASK)
284 {
285 case ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_HALT:
286 LOG_INFO("Debug entry: JTAG HALT");
287 return DBG_REASON_DBGRQ;
288
289 case ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_BREAKPOINT:
290 LOG_INFO("Debug entry: breakpoint");
291 return DBG_REASON_BREAKPOINT;
292
293 case ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_WATCHPOINT:
294 LOG_INFO("Debug entry: watchpoint");
295 return DBG_REASON_WATCHPOINT;
296
297 case ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_BKPT_INSTRUCTION:
298 LOG_INFO("Debug entry: BKPT instruction");
299 return DBG_REASON_BREAKPOINT;
300
301 case ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_EDBGRQ:
302 LOG_INFO("Debug entry: EDBGRQ signal");
303 return DBG_REASON_DBGRQ;
304
305 case ARM11_DSCR_METHOD_OF_DEBUG_ENTRY_VECTOR_CATCH:
306 LOG_INFO("Debug entry: VCR vector catch");
307 return DBG_REASON_BREAKPOINT;
308
309 default:
310 LOG_INFO("Debug entry: unknown");
311 return DBG_REASON_DBGRQ;
312 }
313 };
314
315
316
317 /** Prepare the stage for ITR/DTR operations
318 * from the arm11_run_instr... group of functions.
319 *
320 * Put arm11_run_instr_data_prepare() and arm11_run_instr_data_finish()
321 * around a block of arm11_run_instr_... calls.
322 *
323 * Select scan chain 5 to allow quick access to DTR. When scan
324 * chain 4 is needed to put in a register the ITRSel instruction
325 * shortcut is used instead of actually changing the Scan_N
326 * register.
327 *
328 * \param arm11 Target state variable.
329 *
330 */
331 void arm11_run_instr_data_prepare(arm11_common_t * arm11)
332 {
333 arm11_add_debug_SCAN_N(arm11, 0x05, -1);
334 }
335
336 /** Cleanup after ITR/DTR operations
337 * from the arm11_run_instr... group of functions
338 *
339 * Put arm11_run_instr_data_prepare() and arm11_run_instr_data_finish()
340 * around a block of arm11_run_instr_... calls.
341 *
342 * Any RTI can lead to an instruction execution when
343 * scan chains 4 or 5 are selected and the IR holds
344 * INTEST or EXTEST. So we must disable that before
345 * any following activities lead to an RTI.
346 *
347 * \param arm11 Target state variable.
348 *
349 */
350 void arm11_run_instr_data_finish(arm11_common_t * arm11)
351 {
352 arm11_add_debug_SCAN_N(arm11, 0x00, -1);
353 }
354
355
356 /** Execute one or multiple instructions via ITR
357 *
358 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
359 *
360 * \param arm11 Target state variable.
361 * \param opcode Pointer to sequence of ARM opcodes
362 * \param count Number of opcodes to execute
363 *
364 */
365 void arm11_run_instr_no_data(arm11_common_t * arm11, u32 * opcode, size_t count)
366 {
367 arm11_add_IR(arm11, ARM11_ITRSEL, -1);
368
369 while (count--)
370 {
371 arm11_add_debug_INST(arm11, *opcode++, NULL, TAP_RTI);
372
373 while (1)
374 {
375 u8 flag;
376
377 arm11_add_debug_INST(arm11, 0, &flag, count ? TAP_RTI : TAP_PD);
378
379 jtag_execute_queue();
380
381 if (flag)
382 break;
383 }
384 }
385 }
386
387 /** Execute one instruction via ITR
388 *
389 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
390 *
391 * \param arm11 Target state variable.
392 * \param opcode ARM opcode
393 *
394 */
395 void arm11_run_instr_no_data1(arm11_common_t * arm11, u32 opcode)
396 {
397 arm11_run_instr_no_data(arm11, &opcode, 1);
398 }
399
400
401 /** Execute one instruction via ITR repeatedly while
402 * passing data to the core via DTR on each execution.
403 *
404 * The executed instruction \em must read data from DTR.
405 *
406 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
407 *
408 * \param arm11 Target state variable.
409 * \param opcode ARM opcode
410 * \param data Pointer to the data words to be passed to the core
411 * \param count Number of data words and instruction repetitions
412 *
413 */
414 void arm11_run_instr_data_to_core(arm11_common_t * arm11, u32 opcode, u32 * data, size_t count)
415 {
416 arm11_add_IR(arm11, ARM11_ITRSEL, -1);
417
418 arm11_add_debug_INST(arm11, opcode, NULL, TAP_PD);
419
420 arm11_add_IR(arm11, ARM11_EXTEST, -1);
421
422 scan_field_t chain5_fields[3];
423
424 u32 Data;
425 u8 Ready;
426 u8 nRetry;
427
428 arm11_setup_field(arm11, 32, &Data, NULL, chain5_fields + 0);
429 arm11_setup_field(arm11, 1, NULL, &Ready, chain5_fields + 1);
430 arm11_setup_field(arm11, 1, NULL, &nRetry, chain5_fields + 2);
431
432 while (count--)
433 {
434 do
435 {
436 Data = *data;
437
438 arm11_add_dr_scan_vc(asizeof(chain5_fields), chain5_fields, TAP_RTI);
439 jtag_execute_queue();
440
441 JTAG_DEBUG("DTR Ready %d nRetry %d", Ready, nRetry);
442 }
443 while (!Ready);
444
445 data++;
446 }
447
448 arm11_add_IR(arm11, ARM11_INTEST, -1);
449
450 do
451 {
452 Data = 0;
453
454 arm11_add_dr_scan_vc(asizeof(chain5_fields), chain5_fields, TAP_PD);
455 jtag_execute_queue();
456
457 JTAG_DEBUG("DTR Data %08x Ready %d nRetry %d", Data, Ready, nRetry);
458 }
459 while (!Ready);
460 }
461
462 /** JTAG path for arm11_run_instr_data_to_core_noack
463 *
464 * The repeated TAP_RTI's do not cause a repeated execution
465 * if passed without leaving the state.
466 *
467 * Since this is more than 7 bits (adjustable via adding more
468 * TAP_RTI's) it produces an artificial delay in the lower
469 * layer (FT2232) that is long enough to finish execution on
470 * the core but still shorter than any manually inducible delays.
471 *
472 */
473 enum tap_state arm11_MOVE_PD_RTI_PD_with_delay[] =
474 {
475 TAP_E2D, TAP_UD, TAP_RTI, TAP_RTI, TAP_RTI, TAP_SDS, TAP_CD, TAP_SD
476 };
477
478
479
480 /** Execute one instruction via ITR repeatedly while
481 * passing data to the core via DTR on each execution.
482 *
483 * No Ready check during transmission.
484 *
485 * The executed instruction \em must read data from DTR.
486 *
487 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
488 *
489 * \param arm11 Target state variable.
490 * \param opcode ARM opcode
491 * \param data Pointer to the data words to be passed to the core
492 * \param count Number of data words and instruction repetitions
493 *
494 */
495 void arm11_run_instr_data_to_core_noack(arm11_common_t * arm11, u32 opcode, u32 * data, size_t count)
496 {
497 arm11_add_IR(arm11, ARM11_ITRSEL, -1);
498
499 arm11_add_debug_INST(arm11, opcode, NULL, TAP_PD);
500
501 arm11_add_IR(arm11, ARM11_EXTEST, -1);
502
503 scan_field_t chain5_fields[3];
504
505 arm11_setup_field(arm11, 32, NULL/*&Data*/, NULL, chain5_fields + 0);
506 arm11_setup_field(arm11, 1, NULL, NULL /*&Ready*/, chain5_fields + 1);
507 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
508
509 u8 Readies[count + 1];
510 u8 * ReadyPos = Readies;
511
512 while (count--)
513 {
514 chain5_fields[0].out_value = (void *)(data++);
515 chain5_fields[1].in_value = ReadyPos++;
516
517 if (count)
518 {
519 jtag_add_dr_scan(asizeof(chain5_fields), chain5_fields, TAP_PD);
520 jtag_add_pathmove(asizeof(arm11_MOVE_PD_RTI_PD_with_delay),
521 arm11_MOVE_PD_RTI_PD_with_delay);
522 }
523 else
524 {
525 jtag_add_dr_scan(asizeof(chain5_fields), chain5_fields, TAP_RTI);
526 }
527 }
528
529 arm11_add_IR(arm11, ARM11_INTEST, -1);
530
531 chain5_fields[0].out_value = 0;
532 chain5_fields[1].in_value = ReadyPos++;
533
534 arm11_add_dr_scan_vc(asizeof(chain5_fields), chain5_fields, TAP_PD);
535
536 jtag_execute_queue();
537
538 size_t error_count = 0;
539
540 {size_t i;
541 for (i = 0; i < asizeof(Readies); i++)
542 {
543 if (Readies[i] != 1)
544 {
545 error_count++;
546 }
547 }}
548
549 if (error_count)
550 LOG_ERROR("Transfer errors " ZU, error_count);
551 }
552
553
554 /** Execute an instruction via ITR while handing data into the core via DTR.
555 *
556 * The executed instruction \em must read data from DTR.
557 *
558 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
559 *
560 * \param arm11 Target state variable.
561 * \param opcode ARM opcode
562 * \param data Data word to be passed to the core via DTR
563 *
564 */
565 void arm11_run_instr_data_to_core1(arm11_common_t * arm11, u32 opcode, u32 data)
566 {
567 arm11_run_instr_data_to_core(arm11, opcode, &data, 1);
568 }
569
570
571 /** Execute one instruction via ITR repeatedly while
572 * reading data from the core via DTR on each execution.
573 *
574 * The executed instruction \em must write data to DTR.
575 *
576 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
577 *
578 * \param arm11 Target state variable.
579 * \param opcode ARM opcode
580 * \param data Pointer to an array that receives the data words from the core
581 * \param count Number of data words and instruction repetitions
582 *
583 */
584 void arm11_run_instr_data_from_core(arm11_common_t * arm11, u32 opcode, u32 * data, size_t count)
585 {
586 arm11_add_IR(arm11, ARM11_ITRSEL, -1);
587
588 arm11_add_debug_INST(arm11, opcode, NULL, TAP_RTI);
589
590 arm11_add_IR(arm11, ARM11_INTEST, -1);
591
592 scan_field_t chain5_fields[3];
593
594 u32 Data;
595 u8 Ready;
596 u8 nRetry;
597
598 arm11_setup_field(arm11, 32, NULL, &Data, chain5_fields + 0);
599 arm11_setup_field(arm11, 1, NULL, &Ready, chain5_fields + 1);
600 arm11_setup_field(arm11, 1, NULL, &nRetry, chain5_fields + 2);
601
602 while (count--)
603 {
604 do
605 {
606 arm11_add_dr_scan_vc(asizeof(chain5_fields), chain5_fields, count ? TAP_RTI : TAP_PD);
607 jtag_execute_queue();
608
609 JTAG_DEBUG("DTR Data %08x Ready %d nRetry %d", Data, Ready, nRetry);
610 }
611 while (!Ready);
612
613 *data++ = Data;
614 }
615 }
616
617 /** Execute one instruction via ITR
618 * then load r0 into DTR and read DTR from core.
619 *
620 * The first executed instruction (\p opcode) should write data to r0.
621 *
622 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
623 *
624 * \param arm11 Target state variable.
625 * \param opcode ARM opcode to write r0 with the value of interest
626 * \param data Pointer to a data word that receives the value from r0 after \p opcode was executed.
627 *
628 */
629 void arm11_run_instr_data_from_core_via_r0(arm11_common_t * arm11, u32 opcode, u32 * data)
630 {
631 arm11_run_instr_no_data1(arm11, opcode);
632
633 /* MCR p14,0,R0,c0,c5,0 (move r0 -> wDTR -> local var) */
634 arm11_run_instr_data_from_core(arm11, 0xEE000E15, data, 1);
635 }
636
637 /** Load data into core via DTR then move it to r0 then
638 * execute one instruction via ITR
639 *
640 * The final executed instruction (\p opcode) should read data from r0.
641 *
642 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
643 *
644 * \param arm11 Target state variable.
645 * \param opcode ARM opcode to read r0 act upon it
646 * \param data Data word that will be written to r0 before \p opcode is executed
647 *
648 */
649 void arm11_run_instr_data_to_core_via_r0(arm11_common_t * arm11, u32 opcode, u32 data)
650 {
651 /* MRC p14,0,r0,c0,c5,0 */
652 arm11_run_instr_data_to_core1(arm11, 0xEE100E15, data);
653
654 arm11_run_instr_no_data1(arm11, opcode);
655 }
656
657 /** Apply reads and writes to scan chain 7
658 *
659 * \see arm11_sc7_action_t
660 *
661 * \param arm11 Target state variable.
662 * \param actions A list of read and/or write instructions
663 * \param count Number of instructions in the list.
664 *
665 */
666 void arm11_sc7_run(arm11_common_t * arm11, arm11_sc7_action_t * actions, size_t count)
667 {
668 arm11_add_debug_SCAN_N(arm11, 0x07, -1);
669
670 arm11_add_IR(arm11, ARM11_EXTEST, -1);
671
672 scan_field_t chain7_fields[3];
673
674 u8 nRW;
675 u32 DataOut;
676 u8 AddressOut;
677 u8 Ready;
678 u32 DataIn;
679 u8 AddressIn;
680
681 arm11_setup_field(arm11, 1, &nRW, &Ready, chain7_fields + 0);
682 arm11_setup_field(arm11, 32, &DataOut, &DataIn, chain7_fields + 1);
683 arm11_setup_field(arm11, 7, &AddressOut, &AddressIn, chain7_fields + 2);
684
685 {size_t i;
686 for (i = 0; i < count + 1; i++)
687 {
688 if (i < count)
689 {
690 nRW = actions[i].write ? 1 : 0;
691 DataOut = actions[i].value;
692 AddressOut = actions[i].address;
693 }
694 else
695 {
696 nRW = 0;
697 DataOut = 0;
698 AddressOut = 0;
699 }
700
701 do
702 {
703 JTAG_DEBUG("SC7 <= Address %02x Data %08x nRW %d", AddressOut, DataOut, nRW);
704
705 arm11_add_dr_scan_vc(asizeof(chain7_fields), chain7_fields, TAP_PD);
706 jtag_execute_queue();
707
708 JTAG_DEBUG("SC7 => Address %02x Data %08x Ready %d", AddressIn, DataIn, Ready);
709 }
710 while (!Ready); /* 'nRW' is 'Ready' on read out */
711
712 if (i > 0)
713 {
714 if (actions[i - 1].address != AddressIn)
715 {
716 LOG_WARNING("Scan chain 7 shifted out unexpected address");
717 }
718
719 if (!actions[i - 1].write)
720 {
721 actions[i - 1].value = DataIn;
722 }
723 else
724 {
725 if (actions[i - 1].value != DataIn)
726 {
727 LOG_WARNING("Scan chain 7 shifted out unexpected data");
728 }
729 }
730 }
731 }}
732
733 {size_t i;
734 for (i = 0; i < count; i++)
735 {
736 JTAG_DEBUG("SC7 %02d: %02x %s %08x", i, actions[i].address, actions[i].write ? "<=" : "=>", actions[i].value);
737 }}
738 }
739
740 /** Clear VCR and all breakpoints and watchpoints via scan chain 7
741 *
742 * \param arm11 Target state variable.
743 *
744 */
745 void arm11_sc7_clear_vbw(arm11_common_t * arm11)
746 {
747 arm11_sc7_action_t clear_bw[arm11->brp + arm11->wrp + 1];
748 arm11_sc7_action_t * pos = clear_bw;
749
750 {size_t i;
751 for (i = 0; i < asizeof(clear_bw); i++)
752 {
753 clear_bw[i].write = true;
754 clear_bw[i].value = 0;
755 }}
756
757 {size_t i;
758 for (i = 0; i < arm11->brp; i++)
759 (pos++)->address = ARM11_SC7_BCR0 + i;
760 }
761
762 {size_t i;
763 for (i = 0; i < arm11->wrp; i++)
764 (pos++)->address = ARM11_SC7_WCR0 + i;
765 }
766
767 (pos++)->address = ARM11_SC7_VCR;
768
769 arm11_sc7_run(arm11, clear_bw, asizeof(clear_bw));
770 }
771
772 /** Write VCR register
773 *
774 * \param arm11 Target state variable.
775 * \param value Value to be written
776 */
777 void arm11_sc7_set_vcr(arm11_common_t * arm11, u32 value)
778 {
779 arm11_sc7_action_t set_vcr;
780
781 set_vcr.write = true;
782 set_vcr.address = ARM11_SC7_VCR;
783 set_vcr.value = value;
784
785
786 arm11_sc7_run(arm11, &set_vcr, 1);
787 }
788
789
790
791 /** Read word from address
792 *
793 * \param arm11 Target state variable.
794 * \param address Memory address to be read
795 * \param result Pointer where to store result
796 *
797 */
798 void arm11_read_memory_word(arm11_common_t * arm11, u32 address, u32 * result)
799 {
800 arm11_run_instr_data_prepare(arm11);
801
802 /* MRC p14,0,r0,c0,c5,0 (r0 = address) */
803 arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
804
805 /* LDC p14,c5,[R0],#4 (DTR = [r0]) */
806 arm11_run_instr_data_from_core(arm11, 0xecb05e01, result, 1);
807
808 arm11_run_instr_data_finish(arm11);
809 }
810
811