Code Review / openocd.git / blob
? search:


280704ef67059b34e3c3b769c7c1206b4e514587
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
36 #include "etm.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
41 #include "register.h"
42 #include "armv4_5.h"
43
44
45 /**
46 * @file
47 * Hold common code supporting the ARM7 and ARM9 core generations.
48 *
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
56 *
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
61 */
62
63 static int arm7_9_debug_entry(struct target *target);
64
65 /**
66 * Clear watchpoints for an ARM7/9 target.
67 *
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
70 */
71 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
72 {
73 LOG_DEBUG("-");
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
75 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
76 arm7_9->sw_breakpoint_count = 0;
77 arm7_9->sw_breakpoints_added = 0;
78 arm7_9->wp0_used = 0;
79 arm7_9->wp1_used = arm7_9->wp1_used_default;
80 arm7_9->wp_available = arm7_9->wp_available_max;
81
82 return jtag_execute_queue();
83 }
84
85 /**
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
88 *
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
91 */
92 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
93 {
94 if (!arm7_9->wp0_used)
95 {
96 arm7_9->wp0_used = 1;
97 breakpoint->set = 1;
98 arm7_9->wp_available--;
99 }
100 else if (!arm7_9->wp1_used)
101 {
102 arm7_9->wp1_used = 1;
103 breakpoint->set = 2;
104 arm7_9->wp_available--;
105 }
106 else
107 {
108 LOG_ERROR("BUG: no hardware comparator available");
109 }
110 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
111 breakpoint->unique_id,
112 breakpoint->address,
113 breakpoint->set );
114 }
115
116 /**
117 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
118 *
119 * @param arm7_9 Pointer to common struct for ARM7/9 targets
120 * @return Error codes if there is a problem finding a watchpoint or the result
121 * of executing the JTAG queue
122 */
123 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
124 {
125 if (arm7_9->sw_breakpoints_added)
126 {
127 return ERROR_OK;
128 }
129 if (arm7_9->wp_available < 1)
130 {
131 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
132 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
133 }
134 arm7_9->wp_available--;
135
136 /* pick a breakpoint unit */
137 if (!arm7_9->wp0_used)
138 {
139 arm7_9->sw_breakpoints_added = 1;
140 arm7_9->wp0_used = 3;
141 } else if (!arm7_9->wp1_used)
142 {
143 arm7_9->sw_breakpoints_added = 2;
144 arm7_9->wp1_used = 3;
145 }
146 else
147 {
148 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
149 return ERROR_FAIL;
150 }
151
152 if (arm7_9->sw_breakpoints_added == 1)
153 {
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
155 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
156 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
159 }
160 else if (arm7_9->sw_breakpoints_added == 2)
161 {
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
164 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
165 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
166 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
167 }
168 else
169 {
170 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
171 return ERROR_FAIL;
172 }
173 LOG_DEBUG("SW BP using hw wp: %d",
174 arm7_9->sw_breakpoints_added );
175
176 return jtag_execute_queue();
177 }
178
179 /**
180 * Setup the common pieces for an ARM7/9 target after reset or on startup.
181 *
182 * @param target Pointer to an ARM7/9 target to setup
183 * @return Result of clearing the watchpoints on the target
184 */
185 int arm7_9_setup(struct target *target)
186 {
187 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
188
189 return arm7_9_clear_watchpoints(arm7_9);
190 }
191
192 /**
193 * Set either a hardware or software breakpoint on an ARM7/9 target. The
194 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
195 * might have erased the values in Embedded ICE.
196 *
197 * @param target Pointer to the target device to set the breakpoints on
198 * @param breakpoint Pointer to the breakpoint to be set
199 * @return For hardware breakpoints, this is the result of executing the JTAG
200 * queue. For software breakpoints, this will be the status of the
201 * required memory reads and writes
202 */
203 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
204 {
205 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
206 int retval = ERROR_OK;
207
208 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
209 breakpoint->unique_id,
210 breakpoint->address,
211 breakpoint->type);
212
213 if (target->state != TARGET_HALTED)
214 {
215 LOG_WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED;
217 }
218
219 if (breakpoint->type == BKPT_HARD)
220 {
221 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
222 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
223
224 /* reassign a hw breakpoint */
225 if (breakpoint->set == 0)
226 {
227 arm7_9_assign_wp(arm7_9, breakpoint);
228 }
229
230 if (breakpoint->set == 1)
231 {
232 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
233 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
234 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
236 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
237 }
238 else if (breakpoint->set == 2)
239 {
240 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
245 }
246 else
247 {
248 LOG_ERROR("BUG: no hardware comparator available");
249 return ERROR_OK;
250 }
251
252 retval = jtag_execute_queue();
253 }
254 else if (breakpoint->type == BKPT_SOFT)
255 {
256 /* did we already set this breakpoint? */
257 if (breakpoint->set)
258 return ERROR_OK;
259
260 if (breakpoint->length == 4)
261 {
262 uint32_t verify = 0xffffffff;
263 /* keep the original instruction in target endianness */
264 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
265 {
266 return retval;
267 }
268 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
269 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
270 {
271 return retval;
272 }
273
274 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
275 {
276 return retval;
277 }
278 if (verify != arm7_9->arm_bkpt)
279 {
280 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
281 return ERROR_OK;
282 }
283 }
284 else
285 {
286 uint16_t verify = 0xffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
293 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->thumb_bkpt)
303 {
304 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308
309 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
310 return retval;
311
312 arm7_9->sw_breakpoint_count++;
313
314 breakpoint->set = 1;
315 }
316
317 return retval;
318 }
319
320 /**
321 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
322 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
323 * will be updated. Otherwise, the software breakpoint will be restored to its
324 * original instruction if it hasn't already been modified.
325 *
326 * @param target Pointer to ARM7/9 target to unset the breakpoint from
327 * @param breakpoint Pointer to breakpoint to be unset
328 * @return For hardware breakpoints, this is the result of executing the JTAG
329 * queue. For software breakpoints, this will be the status of the
330 * required memory reads and writes
331 */
332 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
333 {
334 int retval = ERROR_OK;
335 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
336
337 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
338 breakpoint->unique_id,
339 breakpoint->address );
340
341 if (!breakpoint->set)
342 {
343 LOG_WARNING("breakpoint not set");
344 return ERROR_OK;
345 }
346
347 if (breakpoint->type == BKPT_HARD)
348 {
349 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
350 breakpoint->unique_id,
351 breakpoint->set );
352 if (breakpoint->set == 1)
353 {
354 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
355 arm7_9->wp0_used = 0;
356 arm7_9->wp_available++;
357 }
358 else if (breakpoint->set == 2)
359 {
360 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
361 arm7_9->wp1_used = 0;
362 arm7_9->wp_available++;
363 }
364 retval = jtag_execute_queue();
365 breakpoint->set = 0;
366 }
367 else
368 {
369 /* restore original instruction (kept in target endianness) */
370 if (breakpoint->length == 4)
371 {
372 uint32_t current_instr;
373 /* check that user program as not modified breakpoint instruction */
374 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
375 {
376 return retval;
377 }
378 if (current_instr == arm7_9->arm_bkpt)
379 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
380 {
381 return retval;
382 }
383 }
384 else
385 {
386 uint16_t current_instr;
387 /* check that user program as not modified breakpoint instruction */
388 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
389 {
390 return retval;
391 }
392 if (current_instr == arm7_9->thumb_bkpt)
393 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
394 {
395 return retval;
396 }
397 }
398
399 if (--arm7_9->sw_breakpoint_count==0)
400 {
401 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
402 if (arm7_9->sw_breakpoints_added == 1)
403 {
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
405 }
406 else if (arm7_9->sw_breakpoints_added == 2)
407 {
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
409 }
410 }
411
412 breakpoint->set = 0;
413 }
414
415 return retval;
416 }
417
418 /**
419 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
420 * dangling breakpoints and that the desired breakpoint can be added.
421 *
422 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
423 * @param breakpoint Pointer to the breakpoint to be added
424 * @return An error status if there is a problem adding the breakpoint or the
425 * result of setting the breakpoint
426 */
427 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
428 {
429 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
430
431 if (arm7_9->breakpoint_count == 0)
432 {
433 /* make sure we don't have any dangling breakpoints. This is vital upon
434 * GDB connect/disconnect
435 */
436 arm7_9_clear_watchpoints(arm7_9);
437 }
438
439 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
440 {
441 LOG_INFO("no watchpoint unit available for hardware breakpoint");
442 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
443 }
444
445 if ((breakpoint->length != 2) && (breakpoint->length != 4))
446 {
447 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
448 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
449 }
450
451 if (breakpoint->type == BKPT_HARD)
452 {
453 arm7_9_assign_wp(arm7_9, breakpoint);
454 }
455
456 arm7_9->breakpoint_count++;
457
458 return arm7_9_set_breakpoint(target, breakpoint);
459 }
460
461 /**
462 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
463 * dangling breakpoints and updates available watchpoints if it is a hardware
464 * breakpoint.
465 *
466 * @param target Pointer to the target to have a breakpoint removed
467 * @param breakpoint Pointer to the breakpoint to be removed
468 * @return Error status if there was a problem unsetting the breakpoint or the
469 * watchpoints could not be cleared
470 */
471 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
472 {
473 int retval = ERROR_OK;
474 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
475
476 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
477 {
478 return retval;
479 }
480
481 if (breakpoint->type == BKPT_HARD)
482 arm7_9->wp_available++;
483
484 arm7_9->breakpoint_count--;
485 if (arm7_9->breakpoint_count == 0)
486 {
487 /* make sure we don't have any dangling breakpoints */
488 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
489 {
490 return retval;
491 }
492 }
493
494 return ERROR_OK;
495 }
496
497 /**
498 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
499 * considered a bug to call this function when there are no available watchpoint
500 * units.
501 *
502 * @param target Pointer to an ARM7/9 target to set a watchpoint on
503 * @param watchpoint Pointer to the watchpoint to be set
504 * @return Error status if watchpoint set fails or the result of executing the
505 * JTAG queue
506 */
507 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
508 {
509 int retval = ERROR_OK;
510 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
511 int rw_mask = 1;
512 uint32_t mask;
513
514 mask = watchpoint->length - 1;
515
516 if (target->state != TARGET_HALTED)
517 {
518 LOG_WARNING("target not halted");
519 return ERROR_TARGET_NOT_HALTED;
520 }
521
522 if (watchpoint->rw == WPT_ACCESS)
523 rw_mask = 0;
524 else
525 rw_mask = 1;
526
527 if (!arm7_9->wp0_used)
528 {
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
532 if (watchpoint->mask != 0xffffffffu)
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
536
537 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 {
539 return retval;
540 }
541 watchpoint->set = 1;
542 arm7_9->wp0_used = 2;
543 }
544 else if (!arm7_9->wp1_used)
545 {
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
549 if (watchpoint->mask != 0xffffffffu)
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
552 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
553
554 if ((retval = jtag_execute_queue()) != ERROR_OK)
555 {
556 return retval;
557 }
558 watchpoint->set = 2;
559 arm7_9->wp1_used = 2;
560 }
561 else
562 {
563 LOG_ERROR("BUG: no hardware comparator available");
564 return ERROR_OK;
565 }
566
567 return ERROR_OK;
568 }
569
570 /**
571 * Unset an existing watchpoint and clear the used watchpoint unit.
572 *
573 * @param target Pointer to the target to have the watchpoint removed
574 * @param watchpoint Pointer to the watchpoint to be removed
575 * @return Error status while trying to unset the watchpoint or the result of
576 * executing the JTAG queue
577 */
578 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
579 {
580 int retval = ERROR_OK;
581 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
582
583 if (target->state != TARGET_HALTED)
584 {
585 LOG_WARNING("target not halted");
586 return ERROR_TARGET_NOT_HALTED;
587 }
588
589 if (!watchpoint->set)
590 {
591 LOG_WARNING("breakpoint not set");
592 return ERROR_OK;
593 }
594
595 if (watchpoint->set == 1)
596 {
597 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
598 if ((retval = jtag_execute_queue()) != ERROR_OK)
599 {
600 return retval;
601 }
602 arm7_9->wp0_used = 0;
603 }
604 else if (watchpoint->set == 2)
605 {
606 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
607 if ((retval = jtag_execute_queue()) != ERROR_OK)
608 {
609 return retval;
610 }
611 arm7_9->wp1_used = 0;
612 }
613 watchpoint->set = 0;
614
615 return ERROR_OK;
616 }
617
618 /**
619 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
620 * available, an error response is returned.
621 *
622 * @param target Pointer to the ARM7/9 target to add a watchpoint to
623 * @param watchpoint Pointer to the watchpoint to be added
624 * @return Error status while trying to add the watchpoint
625 */
626 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
627 {
628 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
629
630 if (arm7_9->wp_available < 1)
631 {
632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
633 }
634
635 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
636 {
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
638 }
639
640 arm7_9->wp_available--;
641
642 return ERROR_OK;
643 }
644
645 /**
646 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
647 * the used watchpoint unit will be reopened.
648 *
649 * @param target Pointer to the target to remove a watchpoint from
650 * @param watchpoint Pointer to the watchpoint to be removed
651 * @return Result of trying to unset the watchpoint
652 */
653 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
654 {
655 int retval = ERROR_OK;
656 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
657
658 if (watchpoint->set)
659 {
660 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
661 {
662 return retval;
663 }
664 }
665
666 arm7_9->wp_available++;
667
668 return ERROR_OK;
669 }
670
671 /**
672 * Restarts the target by sending a RESTART instruction and moving the JTAG
673 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
674 * asserted by the processor.
675 *
676 * @param target Pointer to target to issue commands to
677 * @return Error status if there is a timeout or a problem while executing the
678 * JTAG queue
679 */
680 int arm7_9_execute_sys_speed(struct target *target)
681 {
682 int retval;
683 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
684 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
685 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
686
687 /* set RESTART instruction */
688 jtag_set_end_state(TAP_IDLE);
689 if (arm7_9->need_bypass_before_restart) {
690 arm7_9->need_bypass_before_restart = 0;
691 arm_jtag_set_instr(jtag_info, 0xf, NULL);
692 }
693 arm_jtag_set_instr(jtag_info, 0x4, NULL);
694
695 long long then = timeval_ms();
696 int timeout;
697 while (!(timeout = ((timeval_ms()-then) > 1000)))
698 {
699 /* read debug status register */
700 embeddedice_read_reg(dbg_stat);
701 if ((retval = jtag_execute_queue()) != ERROR_OK)
702 return retval;
703 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
704 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
705 break;
706 if (debug_level >= 3)
707 {
708 alive_sleep(100);
709 } else
710 {
711 keep_alive();
712 }
713 }
714 if (timeout)
715 {
716 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
717 return ERROR_TARGET_TIMEOUT;
718 }
719
720 return ERROR_OK;
721 }
722
723 /**
724 * Restarts the target by sending a RESTART instruction and moving the JTAG
725 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
726 * waiting until they are.
727 *
728 * @param target Pointer to the target to issue commands to
729 * @return Always ERROR_OK
730 */
731 int arm7_9_execute_fast_sys_speed(struct target *target)
732 {
733 static int set = 0;
734 static uint8_t check_value[4], check_mask[4];
735
736 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
737 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
738 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
739
740 /* set RESTART instruction */
741 jtag_set_end_state(TAP_IDLE);
742 if (arm7_9->need_bypass_before_restart) {
743 arm7_9->need_bypass_before_restart = 0;
744 arm_jtag_set_instr(jtag_info, 0xf, NULL);
745 }
746 arm_jtag_set_instr(jtag_info, 0x4, NULL);
747
748 if (!set)
749 {
750 /* check for DBGACK and SYSCOMP set (others don't care) */
751
752 /* NB! These are constants that must be available until after next jtag_execute() and
753 * we evaluate the values upon first execution in lieu of setting up these constants
754 * during early setup.
755 * */
756 buf_set_u32(check_value, 0, 32, 0x9);
757 buf_set_u32(check_mask, 0, 32, 0x9);
758 set = 1;
759 }
760
761 /* read debug status register */
762 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
763
764 return ERROR_OK;
765 }
766
767 /**
768 * Get some data from the ARM7/9 target.
769 *
770 * @param target Pointer to the ARM7/9 target to read data from
771 * @param size The number of 32bit words to be read
772 * @param buffer Pointer to the buffer that will hold the data
773 * @return The result of receiving data from the Embedded ICE unit
774 */
775 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
776 {
777 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
778 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
779 uint32_t *data;
780 int retval = ERROR_OK;
781 uint32_t i;
782
783 data = malloc(size * (sizeof(uint32_t)));
784
785 retval = embeddedice_receive(jtag_info, data, size);
786
787 /* return the 32-bit ints in the 8-bit array */
788 for (i = 0; i < size; i++)
789 {
790 h_u32_to_le(buffer + (i * 4), data[i]);
791 }
792
793 free(data);
794
795 return retval;
796 }
797
798 /**
799 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
800 * target is running and the DCC control register has the W bit high, this will
801 * execute the request on the target.
802 *
803 * @param priv Void pointer expected to be a struct target pointer
804 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
805 * from the Embedded ICE unit
806 */
807 int arm7_9_handle_target_request(void *priv)
808 {
809 int retval = ERROR_OK;
810 struct target *target = priv;
811 if (!target_was_examined(target))
812 return ERROR_OK;
813 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
814 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
815 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
816
817 if (!target->dbg_msg_enabled)
818 return ERROR_OK;
819
820 if (target->state == TARGET_RUNNING)
821 {
822 /* read DCC control register */
823 embeddedice_read_reg(dcc_control);
824 if ((retval = jtag_execute_queue()) != ERROR_OK)
825 {
826 return retval;
827 }
828
829 /* check W bit */
830 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
831 {
832 uint32_t request;
833
834 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
835 {
836 return retval;
837 }
838 if ((retval = target_request(target, request)) != ERROR_OK)
839 {
840 return retval;
841 }
842 }
843 }
844
845 return ERROR_OK;
846 }
847
848 /**
849 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
850 * is manipulated to the right halted state based on its current state. This is
851 * what happens:
852 *
853 * <table>
854 * <tr><th > State</th><th > Action</th></tr>
855 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
856 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
857 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
858 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
859 * </table>
860 *
861 * If the target does not end up in the halted state, a warning is produced. If
862 * DBGACK is cleared, then the target is expected to either be running or
863 * running in debug.
864 *
865 * @param target Pointer to the ARM7/9 target to poll
866 * @return ERROR_OK or an error status if a command fails
867 */
868 int arm7_9_poll(struct target *target)
869 {
870 int retval;
871 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
872 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
873
874 /* read debug status register */
875 embeddedice_read_reg(dbg_stat);
876 if ((retval = jtag_execute_queue()) != ERROR_OK)
877 {
878 return retval;
879 }
880
881 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
882 {
883 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
884 if (target->state == TARGET_UNKNOWN)
885 {
886 /* Starting OpenOCD with target in debug-halt */
887 target->state = TARGET_RUNNING;
888 LOG_DEBUG("DBGACK already set during server startup.");
889 }
890 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
891 {
892 int check_pc = 0;
893 if (target->state == TARGET_RESET)
894 {
895 if (target->reset_halt)
896 {
897 enum reset_types jtag_reset_config = jtag_get_reset_config();
898 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
899 {
900 check_pc = 1;
901 }
902 }
903 }
904
905 target->state = TARGET_HALTED;
906
907 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
908 return retval;
909
910 if (check_pc)
911 {
912 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
913 uint32_t t=*((uint32_t *)reg->value);
914 if (t != 0)
915 {
916 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
917 }
918 }
919
920 if (arm_semihosting(target, &retval) != 0)
921 return retval;
922
923 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
924 {
925 return retval;
926 }
927 }
928 if (target->state == TARGET_DEBUG_RUNNING)
929 {
930 target->state = TARGET_HALTED;
931 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
932 return retval;
933
934 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
935 {
936 return retval;
937 }
938 }
939 if (target->state != TARGET_HALTED)
940 {
941 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
942 }
943 }
944 else
945 {
946 if (target->state != TARGET_DEBUG_RUNNING)
947 target->state = TARGET_RUNNING;
948 }
949
950 return ERROR_OK;
951 }
952
953 /**
954 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
955 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
956 * affected) completely stop the JTAG clock while the core is held in reset
957 * (SRST). It isn't possible to program the halt condition once reset is
958 * asserted, hence a hook that allows the target to set up its reset-halt
959 * condition is setup prior to asserting reset.
960 *
961 * @param target Pointer to an ARM7/9 target to assert reset on
962 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
963 */
964 int arm7_9_assert_reset(struct target *target)
965 {
966 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
967
968 LOG_DEBUG("target->state: %s",
969 target_state_name(target));
970
971 enum reset_types jtag_reset_config = jtag_get_reset_config();
972 if (!(jtag_reset_config & RESET_HAS_SRST))
973 {
974 LOG_ERROR("Can't assert SRST");
975 return ERROR_FAIL;
976 }
977
978 /* At this point trst has been asserted/deasserted once. We would
979 * like to program EmbeddedICE while SRST is asserted, instead of
980 * depending on SRST to leave that module alone. However, many CPUs
981 * gate the JTAG clock while SRST is asserted; or JTAG may need
982 * clock stability guarantees (adaptive clocking might help).
983 *
984 * So we assume JTAG access during SRST is off the menu unless it's
985 * been specifically enabled.
986 */
987 bool srst_asserted = false;
988
989 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
990 && (jtag_reset_config & RESET_SRST_NO_GATING))
991 {
992 jtag_add_reset(0, 1);
993 srst_asserted = true;
994 }
995
996 if (target->reset_halt)
997 {
998 /*
999 * Some targets do not support communication while SRST is asserted. We need to
1000 * set up the reset vector catch here.
1001 *
1002 * If TRST is asserted, then these settings will be reset anyway, so setting them
1003 * here is harmless.
1004 */
1005 if (arm7_9->has_vector_catch)
1006 {
1007 /* program vector catch register to catch reset vector */
1008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1009
1010 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1011 jtag_add_runtest(1, jtag_get_end_state());
1012 }
1013 else
1014 {
1015 /* program watchpoint unit to match on reset vector address */
1016 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1018 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1019 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1020 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1021 }
1022 }
1023
1024 /* here we should issue an SRST only, but we may have to assert TRST as well */
1025 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1026 {
1027 jtag_add_reset(1, 1);
1028 } else if (!srst_asserted)
1029 {
1030 jtag_add_reset(0, 1);
1031 }
1032
1033 target->state = TARGET_RESET;
1034 jtag_add_sleep(50000);
1035
1036 register_cache_invalidate(arm7_9->armv4_5_common.core_cache);
1037
1038 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1039 {
1040 /* debug entry was already prepared in arm7_9_assert_reset() */
1041 target->debug_reason = DBG_REASON_DBGRQ;
1042 }
1043
1044 return ERROR_OK;
1045 }
1046
1047 /**
1048 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1049 * and the target is being reset into a halt, a warning will be triggered
1050 * because it is not possible to reset into a halted mode in this case. The
1051 * target is halted using the target's functions.
1052 *
1053 * @param target Pointer to the target to have the reset deasserted
1054 * @return ERROR_OK or an error from polling or halting the target
1055 */
1056 int arm7_9_deassert_reset(struct target *target)
1057 {
1058 int retval = ERROR_OK;
1059 LOG_DEBUG("target->state: %s",
1060 target_state_name(target));
1061
1062 /* deassert reset lines */
1063 jtag_add_reset(0, 0);
1064
1065 enum reset_types jtag_reset_config = jtag_get_reset_config();
1066 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1067 {
1068 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1069 /* set up embedded ice registers again */
1070 if ((retval = target_examine_one(target)) != ERROR_OK)
1071 return retval;
1072
1073 if ((retval = target_poll(target)) != ERROR_OK)
1074 {
1075 return retval;
1076 }
1077
1078 if ((retval = target_halt(target)) != ERROR_OK)
1079 {
1080 return retval;
1081 }
1082
1083 }
1084 return retval;
1085 }
1086
1087 /**
1088 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1089 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1090 * vector catch was used, it is restored. Otherwise, the control value is
1091 * restored and the watchpoint unit is restored if it was in use.
1092 *
1093 * @param target Pointer to the ARM7/9 target to have halt cleared
1094 * @return Always ERROR_OK
1095 */
1096 int arm7_9_clear_halt(struct target *target)
1097 {
1098 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1099 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1100
1101 /* we used DBGRQ only if we didn't come out of reset */
1102 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1103 {
1104 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1105 */
1106 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1107 embeddedice_store_reg(dbg_ctrl);
1108 }
1109 else
1110 {
1111 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1112 {
1113 /* if we came out of reset, and vector catch is supported, we used
1114 * vector catch to enter debug state
1115 * restore the register in that case
1116 */
1117 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1118 }
1119 else
1120 {
1121 /* restore registers if watchpoint unit 0 was in use
1122 */
1123 if (arm7_9->wp0_used)
1124 {
1125 if (arm7_9->debug_entry_from_reset)
1126 {
1127 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1128 }
1129 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1130 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1131 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1132 }
1133 /* control value always has to be restored, as it was either disabled,
1134 * or enabled with possibly different bits
1135 */
1136 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1137 }
1138 }
1139
1140 return ERROR_OK;
1141 }
1142
1143 /**
1144 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1145 * and then there is a wait until the processor shows the halt. This wait can
1146 * timeout and results in an error being returned. The software reset involves
1147 * clearing the halt, updating the debug control register, changing to ARM mode,
1148 * reset of the program counter, and reset of all of the registers.
1149 *
1150 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1151 * @return Error status if any of the commands fail, otherwise ERROR_OK
1152 */
1153 int arm7_9_soft_reset_halt(struct target *target)
1154 {
1155 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1156 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1157 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1158 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1159 int i;
1160 int retval;
1161
1162 /* FIX!!! replace some of this code with tcl commands
1163 *
1164 * halt # the halt command is synchronous
1165 * armv4_5 core_state arm
1166 *
1167 */
1168
1169 if ((retval = target_halt(target)) != ERROR_OK)
1170 return retval;
1171
1172 long long then = timeval_ms();
1173 int timeout;
1174 while (!(timeout = ((timeval_ms()-then) > 1000)))
1175 {
1176 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1177 break;
1178 embeddedice_read_reg(dbg_stat);
1179 if ((retval = jtag_execute_queue()) != ERROR_OK)
1180 return retval;
1181 if (debug_level >= 3)
1182 {
1183 alive_sleep(100);
1184 } else
1185 {
1186 keep_alive();
1187 }
1188 }
1189 if (timeout)
1190 {
1191 LOG_ERROR("Failed to halt CPU after 1 sec");
1192 return ERROR_TARGET_TIMEOUT;
1193 }
1194 target->state = TARGET_HALTED;
1195
1196 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1197 * ensure that DBGRQ is cleared
1198 */
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1200 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1201 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1202 embeddedice_store_reg(dbg_ctrl);
1203
1204 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1205 {
1206 return retval;
1207 }
1208
1209 /* if the target is in Thumb state, change to ARM state */
1210 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1211 {
1212 uint32_t r0_thumb, pc_thumb;
1213 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1214 /* Entered debug from Thumb mode */
1215 armv4_5->core_state = ARM_STATE_THUMB;
1216 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1217 }
1218
1219 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1220
1221 /* all register content is now invalid */
1222 register_cache_invalidate(armv4_5->core_cache);
1223
1224 /* SVC, ARM state, IRQ and FIQ disabled */
1225 uint32_t cpsr;
1226
1227 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
1228 cpsr &= ~0xff;
1229 cpsr |= 0xd3;
1230 arm_set_cpsr(armv4_5, cpsr);
1231 armv4_5->cpsr->dirty = 1;
1232
1233 /* start fetching from 0x0 */
1234 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1235 armv4_5->core_cache->reg_list[15].dirty = 1;
1236 armv4_5->core_cache->reg_list[15].valid = 1;
1237
1238 /* reset registers */
1239 for (i = 0; i <= 14; i++)
1240 {
1241 struct reg *r = arm_reg_current(armv4_5, i);
1242
1243 buf_set_u32(r->value, 0, 32, 0xffffffff);
1244 r->dirty = 1;
1245 r->valid = 1;
1246 }
1247
1248 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1249 {
1250 return retval;
1251 }
1252
1253 return ERROR_OK;
1254 }
1255
1256 /**
1257 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1258 * line or by programming a watchpoint to trigger on any address. It is
1259 * considered a bug to call this function while the target is in the
1260 * TARGET_RESET state.
1261 *
1262 * @param target Pointer to the ARM7/9 target to be halted
1263 * @return Always ERROR_OK
1264 */
1265 int arm7_9_halt(struct target *target)
1266 {
1267 if (target->state == TARGET_RESET)
1268 {
1269 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1270 return ERROR_OK;
1271 }
1272
1273 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1274 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1275
1276 LOG_DEBUG("target->state: %s",
1277 target_state_name(target));
1278
1279 if (target->state == TARGET_HALTED)
1280 {
1281 LOG_DEBUG("target was already halted");
1282 return ERROR_OK;
1283 }
1284
1285 if (target->state == TARGET_UNKNOWN)
1286 {
1287 LOG_WARNING("target was in unknown state when halt was requested");
1288 }
1289
1290 if (arm7_9->use_dbgrq)
1291 {
1292 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1293 */
1294 if (arm7_9->set_special_dbgrq) {
1295 arm7_9->set_special_dbgrq(target);
1296 } else {
1297 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1298 embeddedice_store_reg(dbg_ctrl);
1299 }
1300 }
1301 else
1302 {
1303 /* program watchpoint unit to match on any address
1304 */
1305 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1306 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1307 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1308 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1309 }
1310
1311 target->debug_reason = DBG_REASON_DBGRQ;
1312
1313 return ERROR_OK;
1314 }
1315
1316 /**
1317 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1318 * ARM. The JTAG queue is then executed and the reason for debug entry is
1319 * examined. Once done, the target is verified to be halted and the processor
1320 * is forced into ARM mode. The core registers are saved for the current core
1321 * mode and the program counter (register 15) is updated as needed. The core
1322 * registers and CPSR and SPSR are saved for restoration later.
1323 *
1324 * @param target Pointer to target that is entering debug mode
1325 * @return Error code if anything fails, otherwise ERROR_OK
1326 */
1327 static int arm7_9_debug_entry(struct target *target)
1328 {
1329 int i;
1330 uint32_t context[16];
1331 uint32_t* context_p[16];
1332 uint32_t r0_thumb, pc_thumb;
1333 uint32_t cpsr, cpsr_mask = 0;
1334 int retval;
1335 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1336 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1337 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1338 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1339
1340 #ifdef _DEBUG_ARM7_9_
1341 LOG_DEBUG("-");
1342 #endif
1343
1344 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1345 * ensure that DBGRQ is cleared
1346 */
1347 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1348 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1349 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1350 embeddedice_store_reg(dbg_ctrl);
1351
1352 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1353 {
1354 return retval;
1355 }
1356
1357 if ((retval = jtag_execute_queue()) != ERROR_OK)
1358 {
1359 return retval;
1360 }
1361
1362 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1363 return retval;
1364
1365
1366 if (target->state != TARGET_HALTED)
1367 {
1368 LOG_WARNING("target not halted");
1369 return ERROR_TARGET_NOT_HALTED;
1370 }
1371
1372 /* if the target is in Thumb state, change to ARM state */
1373 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1374 {
1375 LOG_DEBUG("target entered debug from Thumb state");
1376 /* Entered debug from Thumb mode */
1377 armv4_5->core_state = ARM_STATE_THUMB;
1378 cpsr_mask = 1 << 5;
1379 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1380 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1381 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1382 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1383 /* \todo Get some vaguely correct handling of Jazelle, if
1384 * anyone ever uses it and full info becomes available.
1385 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1386 * B.7.3 for the reverse. That'd be the bare minimum...
1387 */
1388 LOG_DEBUG("target entered debug from Jazelle state");
1389 armv4_5->core_state = ARM_STATE_JAZELLE;
1390 cpsr_mask = 1 << 24;
1391 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1392 } else {
1393 LOG_DEBUG("target entered debug from ARM state");
1394 /* Entered debug from ARM mode */
1395 armv4_5->core_state = ARM_STATE_ARM;
1396 }
1397
1398 for (i = 0; i < 16; i++)
1399 context_p[i] = &context[i];
1400 /* save core registers (r0 - r15 of current core mode) */
1401 arm7_9->read_core_regs(target, 0xffff, context_p);
1402
1403 arm7_9->read_xpsr(target, &cpsr, 0);
1404
1405 if ((retval = jtag_execute_queue()) != ERROR_OK)
1406 return retval;
1407
1408 /* Sync our CPSR copy with J or T bits EICE reported, but
1409 * which we then erased by putting the core into ARM mode.
1410 */
1411 arm_set_cpsr(armv4_5, cpsr | cpsr_mask);
1412
1413 if (!is_arm_mode(armv4_5->core_mode))
1414 {
1415 target->state = TARGET_UNKNOWN;
1416 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1417 return ERROR_TARGET_FAILURE;
1418 }
1419
1420 LOG_DEBUG("target entered debug state in %s mode",
1421 arm_mode_name(armv4_5->core_mode));
1422
1423 if (armv4_5->core_state == ARM_STATE_THUMB)
1424 {
1425 LOG_DEBUG("thumb state, applying fixups");
1426 context[0] = r0_thumb;
1427 context[15] = pc_thumb;
1428 } else if (armv4_5->core_state == ARM_STATE_ARM)
1429 {
1430 /* adjust value stored by STM */
1431 context[15] -= 3 * 4;
1432 }
1433
1434 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1435 context[15] -= 3 * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1436 else
1437 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1438
1439 for (i = 0; i <= 15; i++)
1440 {
1441 struct reg *r = arm_reg_current(armv4_5, i);
1442
1443 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1444
1445 buf_set_u32(r->value, 0, 32, context[i]);
1446 /* r0 and r15 (pc) have to be restored later */
1447 r->dirty = (i == 0) || (i == 15);
1448 r->valid = 1;
1449 }
1450
1451 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1452
1453 /* exceptions other than USR & SYS have a saved program status register */
1454 if (armv4_5->spsr) {
1455 uint32_t spsr;
1456 arm7_9->read_xpsr(target, &spsr, 1);
1457 if ((retval = jtag_execute_queue()) != ERROR_OK)
1458 {
1459 return retval;
1460 }
1461 buf_set_u32(armv4_5->spsr->value, 0, 32, spsr);
1462 armv4_5->spsr->dirty = 0;
1463 armv4_5->spsr->valid = 1;
1464 }
1465
1466 if ((retval = jtag_execute_queue()) != ERROR_OK)
1467 return retval;
1468
1469 if (arm7_9->post_debug_entry)
1470 arm7_9->post_debug_entry(target);
1471
1472 return ERROR_OK;
1473 }
1474
1475 /**
1476 * Validate the full context for an ARM7/9 target in all processor modes. If
1477 * there are any invalid registers for the target, they will all be read. This
1478 * includes the PSR.
1479 *
1480 * @param target Pointer to the ARM7/9 target to capture the full context from
1481 * @return Error if the target is not halted, has an invalid core mode, or if
1482 * the JTAG queue fails to execute
1483 */
1484 int arm7_9_full_context(struct target *target)
1485 {
1486 int i;
1487 int retval;
1488 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1489 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1490
1491 LOG_DEBUG("-");
1492
1493 if (target->state != TARGET_HALTED)
1494 {
1495 LOG_WARNING("target not halted");
1496 return ERROR_TARGET_NOT_HALTED;
1497 }
1498
1499 if (!is_arm_mode(armv4_5->core_mode))
1500 return ERROR_FAIL;
1501
1502 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1503 * SYS shares registers with User, so we don't touch SYS
1504 */
1505 for (i = 0; i < 6; i++)
1506 {
1507 uint32_t mask = 0;
1508 uint32_t* reg_p[16];
1509 int j;
1510 int valid = 1;
1511
1512 /* check if there are invalid registers in the current mode
1513 */
1514 for (j = 0; j <= 16; j++)
1515 {
1516 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1517 valid = 0;
1518 }
1519
1520 if (!valid)
1521 {
1522 uint32_t tmp_cpsr;
1523
1524 /* change processor mode (and mask T bit) */
1525 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8)
1526 & 0xe0;
1527 tmp_cpsr |= armv4_5_number_to_mode(i);
1528 tmp_cpsr &= ~0x20;
1529 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1530
1531 for (j = 0; j < 15; j++)
1532 {
1533 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1534 {
1535 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1536 mask |= 1 << j;
1537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1538 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1539 }
1540 }
1541
1542 /* if only the PSR is invalid, mask is all zeroes */
1543 if (mask)
1544 arm7_9->read_core_regs(target, mask, reg_p);
1545
1546 /* check if the PSR has to be read */
1547 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1548 {
1549 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1550 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1551 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1552 }
1553 }
1554 }
1555
1556 /* restore processor mode (mask T bit) */
1557 arm7_9->write_xpsr_im8(target,
1558 buf_get_u32(armv4_5->cpsr->value, 0, 8) & ~0x20,
1559 0, 0);
1560
1561 if ((retval = jtag_execute_queue()) != ERROR_OK)
1562 {
1563 return retval;
1564 }
1565 return ERROR_OK;
1566 }
1567
1568 /**
1569 * Restore the processor context on an ARM7/9 target. The full processor
1570 * context is analyzed to see if any of the registers are dirty on this end, but
1571 * have a valid new value. If this is the case, the processor is changed to the
1572 * appropriate mode and the new register values are written out to the
1573 * processor. If there happens to be a dirty register with an invalid value, an
1574 * error will be logged.
1575 *
1576 * @param target Pointer to the ARM7/9 target to have its context restored
1577 * @return Error status if the target is not halted or the core mode in the
1578 * armv4_5 struct is invalid.
1579 */
1580 int arm7_9_restore_context(struct target *target)
1581 {
1582 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1583 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1584 struct reg *reg;
1585 struct arm_reg *reg_arch_info;
1586 enum arm_mode current_mode = armv4_5->core_mode;
1587 int i, j;
1588 int dirty;
1589 int mode_change;
1590
1591 LOG_DEBUG("-");
1592
1593 if (target->state != TARGET_HALTED)
1594 {
1595 LOG_WARNING("target not halted");
1596 return ERROR_TARGET_NOT_HALTED;
1597 }
1598
1599 if (arm7_9->pre_restore_context)
1600 arm7_9->pre_restore_context(target);
1601
1602 if (!is_arm_mode(armv4_5->core_mode))
1603 return ERROR_FAIL;
1604
1605 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1606 * SYS shares registers with User, so we don't touch SYS
1607 */
1608 for (i = 0; i < 6; i++)
1609 {
1610 LOG_DEBUG("examining %s mode",
1611 arm_mode_name(armv4_5->core_mode));
1612 dirty = 0;
1613 mode_change = 0;
1614 /* check if there are dirty registers in the current mode
1615 */
1616 for (j = 0; j <= 16; j++)
1617 {
1618 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1619 reg_arch_info = reg->arch_info;
1620 if (reg->dirty == 1)
1621 {
1622 if (reg->valid == 1)
1623 {
1624 dirty = 1;
1625 LOG_DEBUG("examining dirty reg: %s", reg->name);
1626 if ((reg_arch_info->mode != ARM_MODE_ANY)
1627 && (reg_arch_info->mode != current_mode)
1628 && !((reg_arch_info->mode == ARM_MODE_USR) && (armv4_5->core_mode == ARM_MODE_SYS))
1629 && !((reg_arch_info->mode == ARM_MODE_SYS) && (armv4_5->core_mode == ARM_MODE_USR)))
1630 {
1631 mode_change = 1;
1632 LOG_DEBUG("require mode change");
1633 }
1634 }
1635 else
1636 {
1637 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1638 }
1639 }
1640 }
1641
1642 if (dirty)
1643 {
1644 uint32_t mask = 0x0;
1645 int num_regs = 0;
1646 uint32_t regs[16];
1647
1648 if (mode_change)
1649 {
1650 uint32_t tmp_cpsr;
1651
1652 /* change processor mode (mask T bit) */
1653 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value,
1654 0, 8) & 0xe0;
1655 tmp_cpsr |= armv4_5_number_to_mode(i);
1656 tmp_cpsr &= ~0x20;
1657 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1658 current_mode = armv4_5_number_to_mode(i);
1659 }
1660
1661 for (j = 0; j <= 14; j++)
1662 {
1663 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1664 reg_arch_info = reg->arch_info;
1665
1666
1667 if (reg->dirty == 1)
1668 {
1669 regs[j] = buf_get_u32(reg->value, 0, 32);
1670 mask |= 1 << j;
1671 num_regs++;
1672 reg->dirty = 0;
1673 reg->valid = 1;
1674 LOG_DEBUG("writing register %i mode %s "
1675 "with value 0x%8.8" PRIx32, j,
1676 arm_mode_name(armv4_5->core_mode),
1677 regs[j]);
1678 }
1679 }
1680
1681 if (mask)
1682 {
1683 arm7_9->write_core_regs(target, mask, regs);
1684 }
1685
1686 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1687 reg_arch_info = reg->arch_info;
1688 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY))
1689 {
1690 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1691 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1692 }
1693 }
1694 }
1695
1696 if (!armv4_5->cpsr->dirty && (armv4_5->core_mode != current_mode))
1697 {
1698 /* restore processor mode (mask T bit) */
1699 uint32_t tmp_cpsr;
1700
1701 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
1702 tmp_cpsr |= armv4_5_number_to_mode(i);
1703 tmp_cpsr &= ~0x20;
1704 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1705 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1706 }
1707 else if (armv4_5->cpsr->dirty)
1708 {
1709 /* CPSR has been changed, full restore necessary (mask T bit) */
1710 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1711 buf_get_u32(armv4_5->cpsr->value, 0, 32));
1712 arm7_9->write_xpsr(target,
1713 buf_get_u32(armv4_5->cpsr->value, 0, 32)
1714 & ~0x20, 0);
1715 armv4_5->cpsr->dirty = 0;
1716 armv4_5->cpsr->valid = 1;
1717 }
1718
1719 /* restore PC */
1720 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1721 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1722 armv4_5->core_cache->reg_list[15].dirty = 0;
1723
1724 if (arm7_9->post_restore_context)
1725 arm7_9->post_restore_context(target);
1726
1727 return ERROR_OK;
1728 }
1729
1730 /**
1731 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1732 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1733 * restart.
1734 *
1735 * @param target Pointer to the ARM7/9 target to be restarted
1736 * @return Result of executing the JTAG queue
1737 */
1738 int arm7_9_restart_core(struct target *target)
1739 {
1740 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1741 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1742
1743 /* set RESTART instruction */
1744 jtag_set_end_state(TAP_IDLE);
1745 if (arm7_9->need_bypass_before_restart) {
1746 arm7_9->need_bypass_before_restart = 0;
1747 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1748 }
1749 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1750
1751 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1752 return jtag_execute_queue();
1753 }
1754
1755 /**
1756 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1757 * iterated through and are set on the target if they aren't already set.
1758 *
1759 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1760 */
1761 void arm7_9_enable_watchpoints(struct target *target)
1762 {
1763 struct watchpoint *watchpoint = target->watchpoints;
1764
1765 while (watchpoint)
1766 {
1767 if (watchpoint->set == 0)
1768 arm7_9_set_watchpoint(target, watchpoint);
1769 watchpoint = watchpoint->next;
1770 }
1771 }
1772
1773 /**
1774 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1775 * iterated through and are set on the target.
1776 *
1777 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1778 */
1779 void arm7_9_enable_breakpoints(struct target *target)
1780 {
1781 struct breakpoint *breakpoint = target->breakpoints;
1782
1783 /* set any pending breakpoints */
1784 while (breakpoint)
1785 {
1786 arm7_9_set_breakpoint(target, breakpoint);
1787 breakpoint = breakpoint->next;
1788 }
1789 }
1790
1791 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1792 {
1793 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1794 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1795 struct breakpoint *breakpoint = target->breakpoints;
1796 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1797 int err, retval = ERROR_OK;
1798
1799 LOG_DEBUG("-");
1800
1801 if (target->state != TARGET_HALTED)
1802 {
1803 LOG_WARNING("target not halted");
1804 return ERROR_TARGET_NOT_HALTED;
1805 }
1806
1807 if (!debug_execution)
1808 {
1809 target_free_all_working_areas(target);
1810 }
1811
1812 /* current = 1: continue on current pc, otherwise continue at <address> */
1813 if (!current)
1814 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1815
1816 uint32_t current_pc;
1817 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1818
1819 /* the front-end may request us not to handle breakpoints */
1820 if (handle_breakpoints)
1821 {
1822 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1823 {
1824 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1825 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1826 {
1827 return retval;
1828 }
1829
1830 /* calculate PC of next instruction */
1831 uint32_t next_pc;
1832 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1833 {
1834 uint32_t current_opcode;
1835 target_read_u32(target, current_pc, &current_opcode);
1836 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1837 return retval;
1838 }
1839
1840 LOG_DEBUG("enable single-step");
1841 arm7_9->enable_single_step(target, next_pc);
1842
1843 target->debug_reason = DBG_REASON_SINGLESTEP;
1844
1845 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1846 {
1847 return retval;
1848 }
1849
1850 if (armv4_5->core_state == ARM_STATE_ARM)
1851 arm7_9->branch_resume(target);
1852 else if (armv4_5->core_state == ARM_STATE_THUMB)
1853 {
1854 arm7_9->branch_resume_thumb(target);
1855 }
1856 else
1857 {
1858 LOG_ERROR("unhandled core state");
1859 return ERROR_FAIL;
1860 }
1861
1862 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1863 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1864 err = arm7_9_execute_sys_speed(target);
1865
1866 LOG_DEBUG("disable single-step");
1867 arm7_9->disable_single_step(target);
1868
1869 if (err != ERROR_OK)
1870 {
1871 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875 target->state = TARGET_UNKNOWN;
1876 return err;
1877 }
1878
1879 arm7_9_debug_entry(target);
1880 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1881
1882 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1883 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1884 {
1885 return retval;
1886 }
1887 }
1888 }
1889
1890 /* enable any pending breakpoints and watchpoints */
1891 arm7_9_enable_breakpoints(target);
1892 arm7_9_enable_watchpoints(target);
1893
1894 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1895 {
1896 return retval;
1897 }
1898
1899 if (armv4_5->core_state == ARM_STATE_ARM)
1900 {
1901 arm7_9->branch_resume(target);
1902 }
1903 else if (armv4_5->core_state == ARM_STATE_THUMB)
1904 {
1905 arm7_9->branch_resume_thumb(target);
1906 }
1907 else
1908 {
1909 LOG_ERROR("unhandled core state");
1910 return ERROR_FAIL;
1911 }
1912
1913 /* deassert DBGACK and INTDIS */
1914 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1915 /* INTDIS only when we really resume, not during debug execution */
1916 if (!debug_execution)
1917 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1918 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1919
1920 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1921 {
1922 return retval;
1923 }
1924
1925 target->debug_reason = DBG_REASON_NOTHALTED;
1926
1927 if (!debug_execution)
1928 {
1929 /* registers are now invalid */
1930 register_cache_invalidate(armv4_5->core_cache);
1931 target->state = TARGET_RUNNING;
1932 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1933 {
1934 return retval;
1935 }
1936 }
1937 else
1938 {
1939 target->state = TARGET_DEBUG_RUNNING;
1940 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1941 {
1942 return retval;
1943 }
1944 }
1945
1946 LOG_DEBUG("target resumed");
1947
1948 return ERROR_OK;
1949 }
1950
1951 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1952 {
1953 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1954 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1955 uint32_t current_pc;
1956 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1957
1958 if (next_pc != current_pc)
1959 {
1960 /* setup an inverse breakpoint on the current PC
1961 * - comparator 1 matches the current address
1962 * - rangeout from comparator 1 is connected to comparator 0 rangein
1963 * - comparator 0 matches any address, as long as rangein is low */
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1973 }
1974 else
1975 {
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1985 }
1986 }
1987
1988 void arm7_9_disable_eice_step(struct target *target)
1989 {
1990 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1991
1992 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1993 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1996 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1997 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2000 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2001 }
2002
2003 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
2004 {
2005 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2006 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2007 struct breakpoint *breakpoint = NULL;
2008 int err, retval;
2009
2010 if (target->state != TARGET_HALTED)
2011 {
2012 LOG_WARNING("target not halted");
2013 return ERROR_TARGET_NOT_HALTED;
2014 }
2015
2016 /* current = 1: continue on current pc, otherwise continue at <address> */
2017 if (!current)
2018 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2019
2020 uint32_t current_pc;
2021 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2022
2023 /* the front-end may request us not to handle breakpoints */
2024 if (handle_breakpoints)
2025 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2026 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2027 {
2028 return retval;
2029 }
2030
2031 target->debug_reason = DBG_REASON_SINGLESTEP;
2032
2033 /* calculate PC of next instruction */
2034 uint32_t next_pc;
2035 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2036 {
2037 uint32_t current_opcode;
2038 target_read_u32(target, current_pc, &current_opcode);
2039 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2040 return retval;
2041 }
2042
2043 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2044 {
2045 return retval;
2046 }
2047
2048 arm7_9->enable_single_step(target, next_pc);
2049
2050 if (armv4_5->core_state == ARM_STATE_ARM)
2051 {
2052 arm7_9->branch_resume(target);
2053 }
2054 else if (armv4_5->core_state == ARM_STATE_THUMB)
2055 {
2056 arm7_9->branch_resume_thumb(target);
2057 }
2058 else
2059 {
2060 LOG_ERROR("unhandled core state");
2061 return ERROR_FAIL;
2062 }
2063
2064 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2065 {
2066 return retval;
2067 }
2068
2069 err = arm7_9_execute_sys_speed(target);
2070 arm7_9->disable_single_step(target);
2071
2072 /* registers are now invalid */
2073 register_cache_invalidate(armv4_5->core_cache);
2074
2075 if (err != ERROR_OK)
2076 {
2077 target->state = TARGET_UNKNOWN;
2078 } else {
2079 arm7_9_debug_entry(target);
2080 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2081 {
2082 return retval;
2083 }
2084 LOG_DEBUG("target stepped");
2085 }
2086
2087 if (breakpoint)
2088 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2089 {
2090 return retval;
2091 }
2092
2093 return err;
2094 }
2095
2096 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
2097 int num, enum arm_mode mode)
2098 {
2099 uint32_t* reg_p[16];
2100 uint32_t value;
2101 int retval;
2102 struct arm_reg *areg = r->arch_info;
2103 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2104 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2105
2106 if (!is_arm_mode(armv4_5->core_mode))
2107 return ERROR_FAIL;
2108 if ((num < 0) || (num > 16))
2109 return ERROR_INVALID_ARGUMENTS;
2110
2111 if ((mode != ARM_MODE_ANY)
2112 && (mode != armv4_5->core_mode)
2113 && (areg->mode != ARM_MODE_ANY))
2114 {
2115 uint32_t tmp_cpsr;
2116
2117 /* change processor mode (mask T bit) */
2118 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2119 tmp_cpsr |= mode;
2120 tmp_cpsr &= ~0x20;
2121 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2122 }
2123
2124 if ((num >= 0) && (num <= 15))
2125 {
2126 /* read a normal core register */
2127 reg_p[num] = &value;
2128
2129 arm7_9->read_core_regs(target, 1 << num, reg_p);
2130 }
2131 else
2132 {
2133 /* read a program status register
2134 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2135 */
2136 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2137 }
2138
2139 if ((retval = jtag_execute_queue()) != ERROR_OK)
2140 {
2141 return retval;
2142 }
2143
2144 r->valid = 1;
2145 r->dirty = 0;
2146 buf_set_u32(r->value, 0, 32, value);
2147
2148 if ((mode != ARM_MODE_ANY)
2149 && (mode != armv4_5->core_mode)
2150 && (areg->mode != ARM_MODE_ANY)) {
2151 /* restore processor mode (mask T bit) */
2152 arm7_9->write_xpsr_im8(target,
2153 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2154 & ~0x20, 0, 0);
2155 }
2156
2157 return ERROR_OK;
2158 }
2159
2160 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2161 int num, enum arm_mode mode, uint32_t value)
2162 {
2163 uint32_t reg[16];
2164 struct arm_reg *areg = r->arch_info;
2165 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2166 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2167
2168 if (!is_arm_mode(armv4_5->core_mode))
2169 return ERROR_FAIL;
2170 if ((num < 0) || (num > 16))
2171 return ERROR_INVALID_ARGUMENTS;
2172
2173 if ((mode != ARM_MODE_ANY)
2174 && (mode != armv4_5->core_mode)
2175 && (areg->mode != ARM_MODE_ANY)) {
2176 uint32_t tmp_cpsr;
2177
2178 /* change processor mode (mask T bit) */
2179 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2180 tmp_cpsr |= mode;
2181 tmp_cpsr &= ~0x20;
2182 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2183 }
2184
2185 if ((num >= 0) && (num <= 15))
2186 {
2187 /* write a normal core register */
2188 reg[num] = value;
2189
2190 arm7_9->write_core_regs(target, 1 << num, reg);
2191 }
2192 else
2193 {
2194 /* write a program status register
2195 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2196 */
2197 int spsr = (areg->mode != ARM_MODE_ANY);
2198
2199 /* if we're writing the CPSR, mask the T bit */
2200 if (!spsr)
2201 value &= ~0x20;
2202
2203 arm7_9->write_xpsr(target, value, spsr);
2204 }
2205
2206 r->valid = 1;
2207 r->dirty = 0;
2208
2209 if ((mode != ARM_MODE_ANY)
2210 && (mode != armv4_5->core_mode)
2211 && (areg->mode != ARM_MODE_ANY)) {
2212 /* restore processor mode (mask T bit) */
2213 arm7_9->write_xpsr_im8(target,
2214 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2215 & ~0x20, 0, 0);
2216 }
2217
2218 return jtag_execute_queue();
2219 }
2220
2221 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2222 {
2223 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2224 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2225 uint32_t reg[16];
2226 uint32_t num_accesses = 0;
2227 int thisrun_accesses;
2228 int i;
2229 uint32_t cpsr;
2230 int retval;
2231 int last_reg = 0;
2232
2233 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2234
2235 if (target->state != TARGET_HALTED)
2236 {
2237 LOG_WARNING("target not halted");
2238 return ERROR_TARGET_NOT_HALTED;
2239 }
2240
2241 /* sanitize arguments */
2242 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2243 return ERROR_INVALID_ARGUMENTS;
2244
2245 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2246 return ERROR_TARGET_UNALIGNED_ACCESS;
2247
2248 /* load the base register with the address of the first word */
2249 reg[0] = address;
2250 arm7_9->write_core_regs(target, 0x1, reg);
2251
2252 int j = 0;
2253
2254 switch (size)
2255 {
2256 case 4:
2257 while (num_accesses < count)
2258 {
2259 uint32_t reg_list;
2260 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2261 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2262
2263 if (last_reg <= thisrun_accesses)
2264 last_reg = thisrun_accesses;
2265
2266 arm7_9->load_word_regs(target, reg_list);
2267
2268 /* fast memory reads are only safe when the target is running
2269 * from a sufficiently high clock (32 kHz is usually too slow)
2270 */
2271 if (arm7_9->fast_memory_access)
2272 retval = arm7_9_execute_fast_sys_speed(target);
2273 else
2274 retval = arm7_9_execute_sys_speed(target);
2275 if (retval != ERROR_OK)
2276 return retval;
2277
2278 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2279
2280 /* advance buffer, count number of accesses */
2281 buffer += thisrun_accesses * 4;
2282 num_accesses += thisrun_accesses;
2283
2284 if ((j++%1024) == 0)
2285 {
2286 keep_alive();
2287 }
2288 }
2289 break;
2290 case 2:
2291 while (num_accesses < count)
2292 {
2293 uint32_t reg_list;
2294 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2295 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2296
2297 for (i = 1; i <= thisrun_accesses; i++)
2298 {
2299 if (i > last_reg)
2300 last_reg = i;
2301 arm7_9->load_hword_reg(target, i);
2302 /* fast memory reads are only safe when the target is running
2303 * from a sufficiently high clock (32 kHz is usually too slow)
2304 */
2305 if (arm7_9->fast_memory_access)
2306 retval = arm7_9_execute_fast_sys_speed(target);
2307 else
2308 retval = arm7_9_execute_sys_speed(target);
2309 if (retval != ERROR_OK)
2310 {
2311 return retval;
2312 }
2313
2314 }
2315
2316 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2317
2318 /* advance buffer, count number of accesses */
2319 buffer += thisrun_accesses * 2;
2320 num_accesses += thisrun_accesses;
2321
2322 if ((j++%1024) == 0)
2323 {
2324 keep_alive();
2325 }
2326 }
2327 break;
2328 case 1:
2329 while (num_accesses < count)
2330 {
2331 uint32_t reg_list;
2332 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2333 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2334
2335 for (i = 1; i <= thisrun_accesses; i++)
2336 {
2337 if (i > last_reg)
2338 last_reg = i;
2339 arm7_9->load_byte_reg(target, i);
2340 /* fast memory reads are only safe when the target is running
2341 * from a sufficiently high clock (32 kHz is usually too slow)
2342 */
2343 if (arm7_9->fast_memory_access)
2344 retval = arm7_9_execute_fast_sys_speed(target);
2345 else
2346 retval = arm7_9_execute_sys_speed(target);
2347 if (retval != ERROR_OK)
2348 {
2349 return retval;
2350 }
2351 }
2352
2353 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2354
2355 /* advance buffer, count number of accesses */
2356 buffer += thisrun_accesses * 1;
2357 num_accesses += thisrun_accesses;
2358
2359 if ((j++%1024) == 0)
2360 {
2361 keep_alive();
2362 }
2363 }
2364 break;
2365 }
2366
2367 if (!is_arm_mode(armv4_5->core_mode))
2368 return ERROR_FAIL;
2369
2370 for (i = 0; i <= last_reg; i++) {
2371 struct reg *r = arm_reg_current(armv4_5, i);
2372
2373 r->dirty = r->valid;
2374 }
2375
2376 arm7_9->read_xpsr(target, &cpsr, 0);
2377 if ((retval = jtag_execute_queue()) != ERROR_OK)
2378 {
2379 LOG_ERROR("JTAG error while reading cpsr");
2380 return ERROR_TARGET_DATA_ABORT;
2381 }
2382
2383 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2384 {
2385 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2386
2387 arm7_9->write_xpsr_im8(target,
2388 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2389 & ~0x20, 0, 0);
2390
2391 return ERROR_TARGET_DATA_ABORT;
2392 }
2393
2394 return ERROR_OK;
2395 }
2396
2397 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2398 {
2399 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2400 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2401 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2402
2403 uint32_t reg[16];
2404 uint32_t num_accesses = 0;
2405 int thisrun_accesses;
2406 int i;
2407 uint32_t cpsr;
2408 int retval;
2409 int last_reg = 0;
2410
2411 #ifdef _DEBUG_ARM7_9_
2412 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2413 #endif
2414
2415 if (target->state != TARGET_HALTED)
2416 {
2417 LOG_WARNING("target not halted");
2418 return ERROR_TARGET_NOT_HALTED;
2419 }
2420
2421 /* sanitize arguments */
2422 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2423 return ERROR_INVALID_ARGUMENTS;
2424
2425 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2426 return ERROR_TARGET_UNALIGNED_ACCESS;
2427
2428 /* load the base register with the address of the first word */
2429 reg[0] = address;
2430 arm7_9->write_core_regs(target, 0x1, reg);
2431
2432 /* Clear DBGACK, to make sure memory fetches work as expected */
2433 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2434 embeddedice_store_reg(dbg_ctrl);
2435
2436 switch (size)
2437 {
2438 case 4:
2439 while (num_accesses < count)
2440 {
2441 uint32_t reg_list;
2442 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2443 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2444
2445 for (i = 1; i <= thisrun_accesses; i++)
2446 {
2447 if (i > last_reg)
2448 last_reg = i;
2449 reg[i] = target_buffer_get_u32(target, buffer);
2450 buffer += 4;
2451 }
2452
2453 arm7_9->write_core_regs(target, reg_list, reg);
2454
2455 arm7_9->store_word_regs(target, reg_list);
2456
2457 /* fast memory writes are only safe when the target is running
2458 * from a sufficiently high clock (32 kHz is usually too slow)
2459 */
2460 if (arm7_9->fast_memory_access)
2461 retval = arm7_9_execute_fast_sys_speed(target);
2462 else
2463 retval = arm7_9_execute_sys_speed(target);
2464 if (retval != ERROR_OK)
2465 {
2466 return retval;
2467 }
2468
2469 num_accesses += thisrun_accesses;
2470 }
2471 break;
2472 case 2:
2473 while (num_accesses < count)
2474 {
2475 uint32_t reg_list;
2476 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2477 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2478
2479 for (i = 1; i <= thisrun_accesses; i++)
2480 {
2481 if (i > last_reg)
2482 last_reg = i;
2483 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2484 buffer += 2;
2485 }
2486
2487 arm7_9->write_core_regs(target, reg_list, reg);
2488
2489 for (i = 1; i <= thisrun_accesses; i++)
2490 {
2491 arm7_9->store_hword_reg(target, i);
2492
2493 /* fast memory writes are only safe when the target is running
2494 * from a sufficiently high clock (32 kHz is usually too slow)
2495 */
2496 if (arm7_9->fast_memory_access)
2497 retval = arm7_9_execute_fast_sys_speed(target);
2498 else
2499 retval = arm7_9_execute_sys_speed(target);
2500 if (retval != ERROR_OK)
2501 {
2502 return retval;
2503 }
2504 }
2505
2506 num_accesses += thisrun_accesses;
2507 }
2508 break;
2509 case 1:
2510 while (num_accesses < count)
2511 {
2512 uint32_t reg_list;
2513 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2514 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2515
2516 for (i = 1; i <= thisrun_accesses; i++)
2517 {
2518 if (i > last_reg)
2519 last_reg = i;
2520 reg[i] = *buffer++ & 0xff;
2521 }
2522
2523 arm7_9->write_core_regs(target, reg_list, reg);
2524
2525 for (i = 1; i <= thisrun_accesses; i++)
2526 {
2527 arm7_9->store_byte_reg(target, i);
2528 /* fast memory writes are only safe when the target is running
2529 * from a sufficiently high clock (32 kHz is usually too slow)
2530 */
2531 if (arm7_9->fast_memory_access)
2532 retval = arm7_9_execute_fast_sys_speed(target);
2533 else
2534 retval = arm7_9_execute_sys_speed(target);
2535 if (retval != ERROR_OK)
2536 {
2537 return retval;
2538 }
2539
2540 }
2541
2542 num_accesses += thisrun_accesses;
2543 }
2544 break;
2545 }
2546
2547 /* Re-Set DBGACK */
2548 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2549 embeddedice_store_reg(dbg_ctrl);
2550
2551 if (!is_arm_mode(armv4_5->core_mode))
2552 return ERROR_FAIL;
2553
2554 for (i = 0; i <= last_reg; i++) {
2555 struct reg *r = arm_reg_current(armv4_5, i);
2556
2557 r->dirty = r->valid;
2558 }
2559
2560 arm7_9->read_xpsr(target, &cpsr, 0);
2561 if ((retval = jtag_execute_queue()) != ERROR_OK)
2562 {
2563 LOG_ERROR("JTAG error while reading cpsr");
2564 return ERROR_TARGET_DATA_ABORT;
2565 }
2566
2567 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2568 {
2569 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2570
2571 arm7_9->write_xpsr_im8(target,
2572 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2573 & ~0x20, 0, 0);
2574
2575 return ERROR_TARGET_DATA_ABORT;
2576 }
2577
2578 return ERROR_OK;
2579 }
2580
2581 static int dcc_count;
2582 static uint8_t *dcc_buffer;
2583
2584 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2585 {
2586 int retval = ERROR_OK;
2587 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2588
2589 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2590 return retval;
2591
2592 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2593 int count = dcc_count;
2594 uint8_t *buffer = dcc_buffer;
2595 if (count > 2)
2596 {
2597 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2598 * core function repeated. */
2599 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2600 buffer += 4;
2601
2602 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2603 uint8_t reg_addr = ice_reg->addr & 0x1f;
2604 struct jtag_tap *tap;
2605 tap = ice_reg->jtag_info->tap;
2606
2607 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2608 buffer += (count-2)*4;
2609
2610 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2611 } else
2612 {
2613 int i;
2614 for (i = 0; i < count; i++)
2615 {
2616 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2617 buffer += 4;
2618 }
2619 }
2620
2621 if ((retval = target_halt(target))!= ERROR_OK)
2622 {
2623 return retval;
2624 }
2625 return target_wait_state(target, TARGET_HALTED, 500);
2626 }
2627
2628 static const uint32_t dcc_code[] =
2629 {
2630 /* r0 == input, points to memory buffer
2631 * r1 == scratch
2632 */
2633
2634 /* spin until DCC control (c0) reports data arrived */
2635 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2636 0xe3110001, /* tst r1, #1 */
2637 0x0afffffc, /* bne w */
2638
2639 /* read word from DCC (c1), write to memory */
2640 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2641 0xe4801004, /* str r1, [r0], #4 */
2642
2643 /* repeat */
2644 0xeafffff9 /* b w */
2645 };
2646
2647 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2648 {
2649 int retval;
2650 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2651 int i;
2652
2653 if (!arm7_9->dcc_downloads)
2654 return target_write_memory(target, address, 4, count, buffer);
2655
2656 /* regrab previously allocated working_area, or allocate a new one */
2657 if (!arm7_9->dcc_working_area)
2658 {
2659 uint8_t dcc_code_buf[6 * 4];
2660
2661 /* make sure we have a working area */
2662 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2663 {
2664 LOG_INFO("no working area available, falling back to memory writes");
2665 return target_write_memory(target, address, 4, count, buffer);
2666 }
2667
2668 /* copy target instructions to target endianness */
2669 for (i = 0; i < 6; i++)
2670 {
2671 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2672 }
2673
2674 /* write DCC code to working area */
2675 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2676 {
2677 return retval;
2678 }
2679 }
2680
2681 struct arm_algorithm armv4_5_info;
2682 struct reg_param reg_params[1];
2683
2684 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
2685 armv4_5_info.core_mode = ARM_MODE_SVC;
2686 armv4_5_info.core_state = ARM_STATE_ARM;
2687
2688 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2689
2690 buf_set_u32(reg_params[0].value, 0, 32, address);
2691
2692 dcc_count = count;
2693 dcc_buffer = buffer;
2694 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2695 arm7_9->dcc_working_area->address,
2696 arm7_9->dcc_working_area->address + 6*4,
2697 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2698
2699 if (retval == ERROR_OK)
2700 {
2701 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2702 if (endaddress != (address + count*4))
2703 {
2704 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2705 retval = ERROR_FAIL;
2706 }
2707 }
2708
2709 destroy_reg_param(&reg_params[0]);
2710
2711 return retval;
2712 }
2713
2714 /**
2715 * Perform per-target setup that requires JTAG access.
2716 */
2717 int arm7_9_examine(struct target *target)
2718 {
2719 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2720 int retval;
2721
2722 if (!target_was_examined(target)) {
2723 struct reg_cache *t, **cache_p;
2724
2725 t = embeddedice_build_reg_cache(target, arm7_9);
2726 if (t == NULL)
2727 return ERROR_FAIL;
2728
2729 cache_p = register_get_last_cache_p(&target->reg_cache);
2730 (*cache_p) = t;
2731 arm7_9->eice_cache = (*cache_p);
2732
2733 if (arm7_9->armv4_5_common.etm)
2734 (*cache_p)->next = etm_build_reg_cache(target,
2735 &arm7_9->jtag_info,
2736 arm7_9->armv4_5_common.etm);
2737
2738 target_set_examined(target);
2739 }
2740
2741 retval = embeddedice_setup(target);
2742 if (retval == ERROR_OK)
2743 retval = arm7_9_setup(target);
2744 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2745 retval = etm_setup(target);
2746 return retval;
2747 }
2748
2749 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2750 {
2751 struct target *target = get_current_target(CMD_CTX);
2752 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2753
2754 if (!is_arm7_9(arm7_9))
2755 {
2756 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2757 return ERROR_TARGET_INVALID;
2758 }
2759
2760 if (CMD_ARGC > 0)
2761 COMMAND_PARSE_ENABLE(CMD_ARGV[0],arm7_9->use_dbgrq);
2762
2763 command_print(CMD_CTX, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2764
2765 return ERROR_OK;
2766 }
2767
2768 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2769 {
2770 struct target *target = get_current_target(CMD_CTX);
2771 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2772
2773 if (!is_arm7_9(arm7_9))
2774 {
2775 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2776 return ERROR_TARGET_INVALID;
2777 }
2778
2779 if (CMD_ARGC > 0)
2780 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2781
2782 command_print(CMD_CTX, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2783
2784 return ERROR_OK;
2785 }
2786
2787 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2788 {
2789 struct target *target = get_current_target(CMD_CTX);
2790 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2791
2792 if (!is_arm7_9(arm7_9))
2793 {
2794 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2795 return ERROR_TARGET_INVALID;
2796 }
2797
2798 if (CMD_ARGC > 0)
2799 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2800
2801 command_print(CMD_CTX, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2802
2803 return ERROR_OK;
2804 }
2805
2806 COMMAND_HANDLER(handle_arm7_9_semihosting_command)
2807 {
2808 struct target *target = get_current_target(CMD_CTX);
2809 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2810
2811 if (!is_arm7_9(arm7_9))
2812 {
2813 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2814 return ERROR_TARGET_INVALID;
2815 }
2816
2817 if (CMD_ARGC > 0)
2818 {
2819 int semihosting;
2820
2821 COMMAND_PARSE_ENABLE(CMD_ARGV[0], semihosting);
2822
2823 if (arm7_9->has_vector_catch) {
2824 struct reg *vector_catch = &arm7_9->eice_cache
2825 ->reg_list[EICE_VEC_CATCH];
2826
2827 if (!vector_catch->valid)
2828 embeddedice_read_reg(vector_catch);
2829 buf_set_u32(vector_catch->value, 2, 1, semihosting);
2830 embeddedice_store_reg(vector_catch);
2831 } else {
2832 /* TODO: allow optional high vectors and/or BKPT_HARD */
2833 if (semihosting)
2834 breakpoint_add(target, 8, 4, BKPT_SOFT);
2835 else
2836 breakpoint_remove(target, 8);
2837 }
2838
2839 /* FIXME never let that "catch" be dropped! */
2840 arm7_9->armv4_5_common.is_semihosting = semihosting;
2841
2842 }
2843
2844 command_print(CMD_CTX, "semihosting is %s",
2845 arm7_9->armv4_5_common.is_semihosting
2846 ? "enabled" : "disabled");
2847
2848 return ERROR_OK;
2849 }
2850
2851 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2852 {
2853 int retval = ERROR_OK;
2854 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2855
2856 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2857
2858 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2859 return retval;
2860
2861 /* caller must have allocated via calloc(), so everything's zeroed */
2862
2863 arm7_9->wp_available_max = 2;
2864
2865 arm7_9->fast_memory_access = false;
2866 arm7_9->dcc_downloads = false;
2867
2868 armv4_5->arch_info = arm7_9;
2869 armv4_5->read_core_reg = arm7_9_read_core_reg;
2870 armv4_5->write_core_reg = arm7_9_write_core_reg;
2871 armv4_5->full_context = arm7_9_full_context;
2872
2873 retval = arm_init_arch_info(target, armv4_5);
2874 if (retval != ERROR_OK)
2875 return retval;
2876
2877 return target_register_timer_callback(arm7_9_handle_target_request,
2878 1, 1, target);
2879 }
2880
2881 static const struct command_registration arm7_9_any_command_handlers[] = {
2882 {
2883 "dbgrq",
2884 .handler = &handle_arm7_9_dbgrq_command,
2885 .mode = COMMAND_ANY,
2886 .usage = "<enable|disable>",
2887 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2888 "for target halt requests",
2889 },
2890 {
2891 "fast_memory_access",
2892 .handler = &handle_arm7_9_fast_memory_access_command,
2893 .mode = COMMAND_ANY,
2894 .usage = "<enable|disable>",
2895 .help = "use fast memory accesses instead of slower "
2896 "but potentially safer accesses",
2897 },
2898 {
2899 "dcc_downloads",
2900 .handler = &handle_arm7_9_dcc_downloads_command,
2901 .mode = COMMAND_ANY,
2902 .usage = "<enable | disable>",
2903 .help = "use DCC downloads for larger memory writes",
2904 },
2905 {
2906 "semihosting",
2907 .handler = &handle_arm7_9_semihosting_command,
2908 .mode = COMMAND_EXEC,
2909 .usage = "<enable | disable>",
2910 .help = "activate support for semihosting operations",
2911 },
2912 COMMAND_REGISTRATION_DONE
2913 };
2914 const struct command_registration arm7_9_command_handlers[] = {
2915 {
2916 .chain = arm_command_handlers,
2917 },
2918 {
2919 .chain = etm_command_handlers,
2920 },
2921 {
2922 .name = "arm7_9",
2923 .mode = COMMAND_ANY,
2924 .help = "arm7/9 specific commands",
2925 .chain = arm7_9_any_command_handlers,
2926 },
2927 COMMAND_REGISTRATION_DONE
2928 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)