3dec458e3341b90b1a0fa917b718357d2bfd2f00
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 √ėyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "replacements.h"
34
35 #include "embeddedice.h"
36 #include "target.h"
37 #include "target_request.h"
38 #include "armv4_5.h"
39 #include "arm_jtag.h"
40 #include "jtag.h"
41 #include "log.h"
42 #include "arm7_9_common.h"
43 #include "breakpoints.h"
44 #include "time_support.h"
45 #include "arm_simulator.h"
46
47 #include <stdlib.h>
48 #include <string.h>
49 #include <unistd.h>
50
51 #include <sys/types.h>
52 #include <sys/stat.h>
53 #include <sys/time.h>
54 #include <errno.h>
55
56 int arm7_9_debug_entry(target_t *target);
57 int arm7_9_enable_sw_bkpts(struct target_s *target);
58
59 /* command handler forward declarations */
60 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
61 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
64 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
65 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
66 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
67 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
68
69
70 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
71 {
72 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
73 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
74 arm7_9->sw_breakpoints_added = 0;
75 arm7_9->wp0_used = 0;
76 arm7_9->wp1_used = arm7_9->wp1_used_default;
77 arm7_9->wp_available = arm7_9->wp_available_max;
78
79 return jtag_execute_queue();
80 }
81
82 /* set up embedded ice registers */
83 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
84 {
85 if (arm7_9->sw_breakpoints_added)
86 {
87 return ERROR_OK;
88 }
89 if (arm7_9->wp_available < 1)
90 {
91 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
92 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
93 }
94 arm7_9->wp_available--;
95
96 /* pick a breakpoint unit */
97 if (!arm7_9->wp0_used)
98 {
99 arm7_9->sw_breakpoints_added=1;
100 arm7_9->wp0_used = 3;
101 } else if (!arm7_9->wp1_used)
102 {
103 arm7_9->sw_breakpoints_added=2;
104 arm7_9->wp1_used = 3;
105 }
106 else
107 {
108 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
109 return ERROR_FAIL;
110 }
111
112 if (arm7_9->sw_breakpoints_added==1)
113 {
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
115 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
116 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
117 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
119 }
120 else if (arm7_9->sw_breakpoints_added==2)
121 {
122 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
123 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
124 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
125 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
126 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
127 }
128 else
129 {
130 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
131 return ERROR_FAIL;
132 }
133
134 return jtag_execute_queue();
135 }
136
137 /* set things up after a reset / on startup */
138 int arm7_9_setup(target_t *target)
139 {
140 armv4_5_common_t *armv4_5 = target->arch_info;
141 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
142
143 return arm7_9_clear_watchpoints(arm7_9);
144 }
145
146
147 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
148 {
149 armv4_5_common_t *armv4_5 = target->arch_info;
150 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
151
152 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
153 {
154 return -1;
155 }
156
157 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
158 {
159 return -1;
160 }
161
162 *armv4_5_p = armv4_5;
163 *arm7_9_p = arm7_9;
164
165 return ERROR_OK;
166 }
167
168 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
169 * might have erased the values in embedded ice
170 */
171 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
172 {
173 armv4_5_common_t *armv4_5 = target->arch_info;
174 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
175 int retval=ERROR_OK;
176
177 if (target->state != TARGET_HALTED)
178 {
179 LOG_WARNING("target not halted");
180 return ERROR_TARGET_NOT_HALTED;
181 }
182
183 if (breakpoint->type == BKPT_HARD)
184 {
185 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
186 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
187 if (breakpoint->set==1)
188 {
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
190 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
191 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
192 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
194 }
195 else if (breakpoint->set==2)
196 {
197 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
198 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
199 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
200 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
201 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
202 }
203 else
204 {
205 LOG_ERROR("BUG: no hardware comparator available");
206 return ERROR_OK;
207 }
208
209 retval=jtag_execute_queue();
210 }
211 else if (breakpoint->type == BKPT_SOFT)
212 {
213 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
214 return retval;
215
216 /* did we already set this breakpoint? */
217 if (breakpoint->set)
218 return ERROR_OK;
219
220 if (breakpoint->length == 4)
221 {
222 u32 verify = 0xffffffff;
223 /* keep the original instruction in target endianness */
224 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
225 {
226 return retval;
227 }
228 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
229 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
230 {
231 return retval;
232 }
233
234 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
235 {
236 return retval;
237 }
238 if (verify != arm7_9->arm_bkpt)
239 {
240 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
241 return ERROR_OK;
242 }
243 }
244 else
245 {
246 u16 verify = 0xffff;
247 /* keep the original instruction in target endianness */
248 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
249 {
250 return retval;
251 }
252 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
253 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
254 {
255 return retval;
256 }
257
258 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
259 {
260 return retval;
261 }
262 if (verify != arm7_9->thumb_bkpt)
263 {
264 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
265 return ERROR_OK;
266 }
267 }
268 breakpoint->set = 1;
269 }
270
271 return retval;
272
273 }
274
275 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
276 {
277 int retval = ERROR_OK;
278
279 armv4_5_common_t *armv4_5 = target->arch_info;
280 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
281
282 if (!breakpoint->set)
283 {
284 LOG_WARNING("breakpoint not set");
285 return ERROR_OK;
286 }
287
288 if (breakpoint->type == BKPT_HARD)
289 {
290 if (breakpoint->set == 1)
291 {
292 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
293 arm7_9->wp0_used = 0;
294 }
295 else if (breakpoint->set == 2)
296 {
297 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
298 arm7_9->wp1_used = 0;
299 }
300 retval = jtag_execute_queue();
301 breakpoint->set = 0;
302 }
303 else
304 {
305 /* restore original instruction (kept in target endianness) */
306 if (breakpoint->length == 4)
307 {
308 u32 current_instr;
309 /* check that user program as not modified breakpoint instruction */
310 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)&current_instr)) != ERROR_OK)
311 {
312 return retval;
313 }
314 if (current_instr==arm7_9->arm_bkpt)
315 if ((retval = target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
316 {
317 return retval;
318 }
319 }
320 else
321 {
322 u16 current_instr;
323 /* check that user program as not modified breakpoint instruction */
324 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)&current_instr)) != ERROR_OK)
325 {
326 return retval;
327 }
328 if (current_instr==arm7_9->thumb_bkpt)
329 if ((retval = target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
330 {
331 return retval;
332 }
333 }
334 breakpoint->set = 0;
335 }
336
337 return retval;
338 }
339
340 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
341 {
342 armv4_5_common_t *armv4_5 = target->arch_info;
343 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
344
345 if (target->state != TARGET_HALTED)
346 {
347 LOG_WARNING("target not halted");
348 return ERROR_TARGET_NOT_HALTED;
349 }
350
351 if (arm7_9->breakpoint_count==0)
352 {
353 /* make sure we don't have any dangling breakpoints. This is vital upon
354 * GDB connect/disconnect
355 */
356 arm7_9_clear_watchpoints(arm7_9);
357 }
358
359 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
360 {
361 LOG_INFO("no watchpoint unit available for hardware breakpoint");
362 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
363 }
364
365 if ((breakpoint->length != 2) && (breakpoint->length != 4))
366 {
367 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
368 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
369 }
370
371 if (breakpoint->type == BKPT_HARD)
372 {
373 arm7_9->wp_available--;
374
375 if (!arm7_9->wp0_used)
376 {
377 arm7_9->wp0_used = 1;
378 breakpoint->set = 1;
379 }
380 else if (!arm7_9->wp1_used)
381 {
382 arm7_9->wp1_used = 1;
383 breakpoint->set = 2;
384 }
385 else
386 {
387 LOG_ERROR("BUG: no hardware comparator available");
388 }
389 }
390
391
392 arm7_9->breakpoint_count++;
393
394 return arm7_9_set_breakpoint(target, breakpoint);
395 }
396
397 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
398 {
399 int retval = ERROR_OK;
400 armv4_5_common_t *armv4_5 = target->arch_info;
401 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
402
403 if((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
404 {
405 return retval;
406 }
407
408 if (breakpoint->type == BKPT_HARD)
409 arm7_9->wp_available++;
410
411 arm7_9->breakpoint_count--;
412 if (arm7_9->breakpoint_count==0)
413 {
414 /* make sure we don't have any dangling breakpoints */
415 if((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
416 {
417 return retval;
418 }
419 }
420
421 return ERROR_OK;
422 }
423
424 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
425 {
426 int retval = ERROR_OK;
427 armv4_5_common_t *armv4_5 = target->arch_info;
428 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
429 int rw_mask = 1;
430 u32 mask;
431
432 mask = watchpoint->length - 1;
433
434 if (target->state != TARGET_HALTED)
435 {
436 LOG_WARNING("target not halted");
437 return ERROR_TARGET_NOT_HALTED;
438 }
439
440 if (watchpoint->rw == WPT_ACCESS)
441 rw_mask = 0;
442 else
443 rw_mask = 1;
444
445 if (!arm7_9->wp0_used)
446 {
447 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
448 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
449 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
450 if( watchpoint->mask != 0xffffffffu )
451 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
452 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
453 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
454
455 if((retval = jtag_execute_queue()) != ERROR_OK)
456 {
457 return retval;
458 }
459 watchpoint->set = 1;
460 arm7_9->wp0_used = 2;
461 }
462 else if (!arm7_9->wp1_used)
463 {
464 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
465 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
466 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
467 if( watchpoint->mask != 0xffffffffu )
468 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
469 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
470 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
471
472 if((retval = jtag_execute_queue()) != ERROR_OK)
473 {
474 return retval;
475 }
476 watchpoint->set = 2;
477 arm7_9->wp1_used = 2;
478 }
479 else
480 {
481 LOG_ERROR("BUG: no hardware comparator available");
482 return ERROR_OK;
483 }
484
485 return ERROR_OK;
486 }
487
488 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
489 {
490 int retval = ERROR_OK;
491 armv4_5_common_t *armv4_5 = target->arch_info;
492 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
493
494 if (target->state != TARGET_HALTED)
495 {
496 LOG_WARNING("target not halted");
497 return ERROR_TARGET_NOT_HALTED;
498 }
499
500 if (!watchpoint->set)
501 {
502 LOG_WARNING("breakpoint not set");
503 return ERROR_OK;
504 }
505
506 if (watchpoint->set == 1)
507 {
508 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
509 if((retval = jtag_execute_queue()) != ERROR_OK)
510 {
511 return retval;
512 }
513 arm7_9->wp0_used = 0;
514 }
515 else if (watchpoint->set == 2)
516 {
517 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
518 if((retval = jtag_execute_queue()) != ERROR_OK)
519 {
520 return retval;
521 }
522 arm7_9->wp1_used = 0;
523 }
524 watchpoint->set = 0;
525
526 return ERROR_OK;
527 }
528
529 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
530 {
531 armv4_5_common_t *armv4_5 = target->arch_info;
532 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
533
534 if (target->state != TARGET_HALTED)
535 {
536 LOG_WARNING("target not halted");
537 return ERROR_TARGET_NOT_HALTED;
538 }
539
540 if (arm7_9->wp_available < 1)
541 {
542 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
543 }
544
545 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
546 {
547 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
548 }
549
550 arm7_9->wp_available--;
551
552 return ERROR_OK;
553 }
554
555 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
556 {
557 int retval = ERROR_OK;
558 armv4_5_common_t *armv4_5 = target->arch_info;
559 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
560
561 if (watchpoint->set)
562 {
563 if((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
564 {
565 return retval;
566 }
567 }
568
569 arm7_9->wp_available++;
570
571 return ERROR_OK;
572 }
573
574
575
576
577 int arm7_9_execute_sys_speed(struct target_s *target)
578 {
579 int retval;
580
581 armv4_5_common_t *armv4_5 = target->arch_info;
582 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
583 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
584 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
585
586 /* set RESTART instruction */
587 jtag_add_end_state(TAP_RTI);
588 if (arm7_9->need_bypass_before_restart) {
589 arm7_9->need_bypass_before_restart = 0;
590 arm_jtag_set_instr(jtag_info, 0xf, NULL);
591 }
592 arm_jtag_set_instr(jtag_info, 0x4, NULL);
593
594 long long then=timeval_ms();
595 int timeout;
596 while (!(timeout=((timeval_ms()-then)>1000)))
597 {
598 /* read debug status register */
599 embeddedice_read_reg(dbg_stat);
600 if ((retval = jtag_execute_queue()) != ERROR_OK)
601 return retval;
602 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
603 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
604 break;
605 if (debug_level>=3)
606 {
607 alive_sleep(100);
608 } else
609 {
610 keep_alive();
611 }
612 }
613 if (timeout)
614 {
615 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
616 return ERROR_TARGET_TIMEOUT;
617 }
618
619 return ERROR_OK;
620 }
621
622 int arm7_9_execute_fast_sys_speed(struct target_s *target)
623 {
624 static int set=0;
625 static u8 check_value[4], check_mask[4];
626
627 armv4_5_common_t *armv4_5 = target->arch_info;
628 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
629 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
630 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
631
632 /* set RESTART instruction */
633 jtag_add_end_state(TAP_RTI);
634 if (arm7_9->need_bypass_before_restart) {
635 arm7_9->need_bypass_before_restart = 0;
636 arm_jtag_set_instr(jtag_info, 0xf, NULL);
637 }
638 arm_jtag_set_instr(jtag_info, 0x4, NULL);
639
640 if (!set)
641 {
642 /* check for DBGACK and SYSCOMP set (others don't care) */
643
644 /* NB! These are constants that must be available until after next jtag_execute() and
645 we evaluate the values upon first execution in lieu of setting up these constants
646 during early setup.
647 */
648 buf_set_u32(check_value, 0, 32, 0x9);
649 buf_set_u32(check_mask, 0, 32, 0x9);
650 set=1;
651 }
652
653 /* read debug status register */
654 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
655
656 return ERROR_OK;
657 }
658
659 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
660 {
661 armv4_5_common_t *armv4_5 = target->arch_info;
662 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
663 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
664 u32 *data;
665 int i, retval = ERROR_OK;
666
667 data = malloc(size * (sizeof(u32)));
668
669 retval = embeddedice_receive(jtag_info, data, size);
670
671 for (i = 0; i < size; i++)
672 {
673 h_u32_to_le(buffer + (i * 4), data[i]);
674 }
675
676 free(data);
677
678 return retval;
679 }
680
681 int arm7_9_handle_target_request(void *priv)
682 {
683 int retval = ERROR_OK;
684 target_t *target = priv;
685 if (!target->type->examined)
686 return ERROR_OK;
687 armv4_5_common_t *armv4_5 = target->arch_info;
688 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
689 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
690 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
691
692
693 if (!target->dbg_msg_enabled)
694 return ERROR_OK;
695
696 if (target->state == TARGET_RUNNING)
697 {
698 /* read DCC control register */
699 embeddedice_read_reg(dcc_control);
700 if ((retval = jtag_execute_queue()) != ERROR_OK)
701 {
702 return retval;
703 }
704
705 /* check W bit */
706 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
707 {
708 u32 request;
709
710 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
711 {
712 return retval;
713 }
714 if ((retval = target_request(target, request)) != ERROR_OK)
715 {
716 return retval;
717 }
718 }
719 }
720
721 return ERROR_OK;
722 }
723
724 int arm7_9_poll(target_t *target)
725 {
726 int retval;
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
730
731 /* read debug status register */
732 embeddedice_read_reg(dbg_stat);
733 if ((retval = jtag_execute_queue()) != ERROR_OK)
734 {
735 return retval;
736 }
737
738 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
739 {
740 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
741 if (target->state == TARGET_UNKNOWN)
742 {
743 target->state = TARGET_RUNNING;
744 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
745 }
746 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
747 {
748 int check_pc=0;
749 if (target->state == TARGET_RESET)
750 {
751 if (target->reset_halt)
752 {
753 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
754 {
755 check_pc = 1;
756 }
757 }
758 }
759
760 target->state = TARGET_HALTED;
761
762 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
763 return retval;
764
765 if (check_pc)
766 {
767 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
768 u32 t=*((u32 *)reg->value);
769 if (t!=0)
770 {
771 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
772 }
773 }
774
775 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
776 {
777 return retval;
778 }
779 }
780 if (target->state == TARGET_DEBUG_RUNNING)
781 {
782 target->state = TARGET_HALTED;
783 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
784 return retval;
785
786 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
787 {
788 return retval;
789 }
790 }
791 if (target->state != TARGET_HALTED)
792 {
793 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
794 }
795 }
796 else
797 {
798 if (target->state != TARGET_DEBUG_RUNNING)
799 target->state = TARGET_RUNNING;
800 }
801
802 return ERROR_OK;
803 }
804
805 /*
806 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
807 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
808 while the core is held in reset(SRST). It isn't possible to program the halt
809 condition once reset was asserted, hence a hook that allows the target to set
810 up its reset-halt condition prior to asserting reset.
811 */
812
813 int arm7_9_assert_reset(target_t *target)
814 {
815 armv4_5_common_t *armv4_5 = target->arch_info;
816 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
817 LOG_DEBUG("target->state: %s",
818 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
819
820 if (!(jtag_reset_config & RESET_HAS_SRST))
821 {
822 LOG_ERROR("Can't assert SRST");
823 return ERROR_FAIL;
824 }
825
826 if (target->reset_halt)
827 {
828 /*
829 * Some targets do not support communication while SRST is asserted. We need to
830 * set up the reset vector catch here.
831 *
832 * If TRST is asserted, then these settings will be reset anyway, so setting them
833 * here is harmless.
834 */
835 if (arm7_9->has_vector_catch)
836 {
837 /* program vector catch register to catch reset vector */
838 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
839 }
840 else
841 {
842 /* program watchpoint unit to match on reset vector address */
843 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
844 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
845 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
846 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
847 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
848 }
849 }
850
851 /* here we should issue a srst only, but we may have to assert trst as well */
852 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
853 {
854 jtag_add_reset(1, 1);
855 } else
856 {
857 jtag_add_reset(0, 1);
858 }
859
860
861 target->state = TARGET_RESET;
862 jtag_add_sleep(50000);
863
864 armv4_5_invalidate_core_regs(target);
865
866 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
867 {
868 /* debug entry was already prepared in arm7_9_assert_reset() */
869 target->debug_reason = DBG_REASON_DBGRQ;
870 }
871
872 return ERROR_OK;
873
874 }
875
876 int arm7_9_deassert_reset(target_t *target)
877 {
878 int retval=ERROR_OK;
879 LOG_DEBUG("target->state: %s",
880 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
881
882
883 /* deassert reset lines */
884 jtag_add_reset(0, 0);
885
886 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
887 {
888 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
889 /* set up embedded ice registers again */
890 if ((retval=target->type->examine(target))!=ERROR_OK)
891 return retval;
892
893 if ((retval=target_poll(target))!=ERROR_OK)
894 {
895 return retval;
896 }
897
898 if ((retval=target_halt(target))!=ERROR_OK)
899 {
900 return retval;
901 }
902
903 }
904 return retval;
905 }
906
907 int arm7_9_clear_halt(target_t *target)
908 {
909 armv4_5_common_t *armv4_5 = target->arch_info;
910 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
911 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
912
913 /* we used DBGRQ only if we didn't come out of reset */
914 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
915 {
916 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
917 */
918 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
919 embeddedice_store_reg(dbg_ctrl);
920 }
921 else
922 {
923 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
924 {
925 /* if we came out of reset, and vector catch is supported, we used
926 * vector catch to enter debug state
927 * restore the register in that case
928 */
929 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
930 }
931 else
932 {
933 /* restore registers if watchpoint unit 0 was in use
934 */
935 if (arm7_9->wp0_used)
936 {
937 if (arm7_9->debug_entry_from_reset)
938 {
939 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
940 }
941 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
942 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
943 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
944 }
945 /* control value always has to be restored, as it was either disabled,
946 * or enabled with possibly different bits
947 */
948 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
949 }
950 }
951
952 return ERROR_OK;
953 }
954
955 int arm7_9_soft_reset_halt(struct target_s *target)
956 {
957 armv4_5_common_t *armv4_5 = target->arch_info;
958 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
959 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
960 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
961 int i;
962 int retval;
963
964 if ((retval=target_halt(target))!=ERROR_OK)
965 return retval;
966
967 long long then=timeval_ms();
968 int timeout;
969 while (!(timeout=((timeval_ms()-then)>1000)))
970 {
971 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
972 break;
973 embeddedice_read_reg(dbg_stat);
974 if ((retval=jtag_execute_queue())!=ERROR_OK)
975 return retval;
976 if (debug_level>=3)
977 {
978 alive_sleep(100);
979 } else
980 {
981 keep_alive();
982 }
983 }
984 if (timeout)
985 {
986 LOG_ERROR("Failed to halt CPU after 1 sec");
987 return ERROR_TARGET_TIMEOUT;
988 }
989 target->state = TARGET_HALTED;
990
991 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
992 * ensure that DBGRQ is cleared
993 */
994 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
995 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
996 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
997 embeddedice_store_reg(dbg_ctrl);
998
999 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1000 {
1001 return retval;
1002 }
1003
1004 /* if the target is in Thumb state, change to ARM state */
1005 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1006 {
1007 u32 r0_thumb, pc_thumb;
1008 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1009 /* Entered debug from Thumb mode */
1010 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1011 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1012 }
1013
1014 /* all register content is now invalid */
1015 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1016 {
1017 return retval;
1018 }
1019
1020 /* SVC, ARM state, IRQ and FIQ disabled */
1021 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1022 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1023 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1024
1025 /* start fetching from 0x0 */
1026 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1027 armv4_5->core_cache->reg_list[15].dirty = 1;
1028 armv4_5->core_cache->reg_list[15].valid = 1;
1029
1030 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1031 armv4_5->core_state = ARMV4_5_STATE_ARM;
1032
1033 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1034 return ERROR_FAIL;
1035
1036 /* reset registers */
1037 for (i = 0; i <= 14; i++)
1038 {
1039 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1040 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1041 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1042 }
1043
1044 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1045 {
1046 return retval;
1047 }
1048
1049 return ERROR_OK;
1050 }
1051
1052 int arm7_9_halt(target_t *target)
1053 {
1054 if (target->state==TARGET_RESET)
1055 {
1056 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1057 return ERROR_OK;
1058 }
1059
1060 armv4_5_common_t *armv4_5 = target->arch_info;
1061 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1062 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1063
1064 LOG_DEBUG("target->state: %s",
1065 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1066
1067 if (target->state == TARGET_HALTED)
1068 {
1069 LOG_DEBUG("target was already halted");
1070 return ERROR_OK;
1071 }
1072
1073 if (target->state == TARGET_UNKNOWN)
1074 {
1075 LOG_WARNING("target was in unknown state when halt was requested");
1076 }
1077
1078 if (arm7_9->use_dbgrq)
1079 {
1080 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1081 */
1082 if (arm7_9->set_special_dbgrq) {
1083 arm7_9->set_special_dbgrq(target);
1084 } else {
1085 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1086 embeddedice_store_reg(dbg_ctrl);
1087 }
1088 }
1089 else
1090 {
1091 /* program watchpoint unit to match on any address
1092 */
1093 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1094 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1095 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1096 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1097 }
1098
1099 target->debug_reason = DBG_REASON_DBGRQ;
1100
1101 return ERROR_OK;
1102 }
1103
1104 int arm7_9_debug_entry(target_t *target)
1105 {
1106 int i;
1107 u32 context[16];
1108 u32* context_p[16];
1109 u32 r0_thumb, pc_thumb;
1110 u32 cpsr;
1111 int retval;
1112 /* get pointers to arch-specific information */
1113 armv4_5_common_t *armv4_5 = target->arch_info;
1114 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1115 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1116 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1117
1118 #ifdef _DEBUG_ARM7_9_
1119 LOG_DEBUG("-");
1120 #endif
1121
1122 if (arm7_9->pre_debug_entry)
1123 arm7_9->pre_debug_entry(target);
1124
1125 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1126 * ensure that DBGRQ is cleared
1127 */
1128 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1129 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1130 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1131 embeddedice_store_reg(dbg_ctrl);
1132
1133 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1134 {
1135 return retval;
1136 }
1137
1138 if ((retval = jtag_execute_queue()) != ERROR_OK)
1139 {
1140 return retval;
1141 }
1142
1143 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1144 return retval;
1145
1146
1147 if (target->state != TARGET_HALTED)
1148 {
1149 LOG_WARNING("target not halted");
1150 return ERROR_TARGET_NOT_HALTED;
1151 }
1152
1153 /* if the target is in Thumb state, change to ARM state */
1154 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1155 {
1156 LOG_DEBUG("target entered debug from Thumb state");
1157 /* Entered debug from Thumb mode */
1158 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1159 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1160 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1161 }
1162 else
1163 {
1164 LOG_DEBUG("target entered debug from ARM state");
1165 /* Entered debug from ARM mode */
1166 armv4_5->core_state = ARMV4_5_STATE_ARM;
1167 }
1168
1169 for (i = 0; i < 16; i++)
1170 context_p[i] = &context[i];
1171 /* save core registers (r0 - r15 of current core mode) */
1172 arm7_9->read_core_regs(target, 0xffff, context_p);
1173
1174 arm7_9->read_xpsr(target, &cpsr, 0);
1175
1176 if ((retval = jtag_execute_queue()) != ERROR_OK)
1177 return retval;
1178
1179 /* if the core has been executing in Thumb state, set the T bit */
1180 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1181 cpsr |= 0x20;
1182
1183 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1184 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1185 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1186
1187 armv4_5->core_mode = cpsr & 0x1f;
1188
1189 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1190 {
1191 target->state = TARGET_UNKNOWN;
1192 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1193 return ERROR_TARGET_FAILURE;
1194 }
1195
1196 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1197
1198 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1199 {
1200 LOG_DEBUG("thumb state, applying fixups");
1201 context[0] = r0_thumb;
1202 context[15] = pc_thumb;
1203 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1204 {
1205 /* adjust value stored by STM */
1206 context[15] -= 3 * 4;
1207 }
1208
1209 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1210 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1211 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1212 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1213 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1214 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1215 else if (target->debug_reason == DBG_REASON_DBGRQ)
1216 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1217 else
1218 {
1219 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1220 }
1221
1222 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1223 return ERROR_FAIL;
1224
1225 for (i=0; i<=15; i++)
1226 {
1227 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1228 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1229 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1230 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1231 }
1232
1233 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1234
1235 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1236 return ERROR_FAIL;
1237
1238 /* exceptions other than USR & SYS have a saved program status register */
1239 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1240 {
1241 u32 spsr;
1242 arm7_9->read_xpsr(target, &spsr, 1);
1243 if ((retval = jtag_execute_queue()) != ERROR_OK)
1244 {
1245 return retval;
1246 }
1247 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1248 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1249 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1250 }
1251
1252 /* r0 and r15 (pc) have to be restored later */
1253 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1254 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1255
1256 if ((retval = jtag_execute_queue()) != ERROR_OK)
1257 return retval;
1258
1259 if (arm7_9->post_debug_entry)
1260 arm7_9->post_debug_entry(target);
1261
1262 return ERROR_OK;
1263 }
1264
1265 int arm7_9_full_context(target_t *target)
1266 {
1267 int i;
1268 int retval;
1269 armv4_5_common_t *armv4_5 = target->arch_info;
1270 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1271
1272 LOG_DEBUG("-");
1273
1274 if (target->state != TARGET_HALTED)
1275 {
1276 LOG_WARNING("target not halted");
1277 return ERROR_TARGET_NOT_HALTED;
1278 }
1279
1280 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1281 return ERROR_FAIL;
1282
1283 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1284 * SYS shares registers with User, so we don't touch SYS
1285 */
1286 for(i = 0; i < 6; i++)
1287 {
1288 u32 mask = 0;
1289 u32* reg_p[16];
1290 int j;
1291 int valid = 1;
1292
1293 /* check if there are invalid registers in the current mode
1294 */
1295 for (j = 0; j <= 16; j++)
1296 {
1297 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1298 valid = 0;
1299 }
1300
1301 if (!valid)
1302 {
1303 u32 tmp_cpsr;
1304
1305 /* change processor mode (and mask T bit) */
1306 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1307 tmp_cpsr |= armv4_5_number_to_mode(i);
1308 tmp_cpsr &= ~0x20;
1309 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1310
1311 for (j = 0; j < 15; j++)
1312 {
1313 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1314 {
1315 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1316 mask |= 1 << j;
1317 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1318 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1319 }
1320 }
1321
1322 /* if only the PSR is invalid, mask is all zeroes */
1323 if (mask)
1324 arm7_9->read_core_regs(target, mask, reg_p);
1325
1326 /* check if the PSR has to be read */
1327 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1328 {
1329 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1330 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1331 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1332 }
1333 }
1334 }
1335
1336 /* restore processor mode (mask T bit) */
1337 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1338
1339 if ((retval = jtag_execute_queue()) != ERROR_OK)
1340 {
1341 return retval;
1342 }
1343 return ERROR_OK;
1344 }
1345
1346 int arm7_9_restore_context(target_t *target)
1347 {
1348 armv4_5_common_t *armv4_5 = target->arch_info;
1349 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1350 reg_t *reg;
1351 armv4_5_core_reg_t *reg_arch_info;
1352 enum armv4_5_mode current_mode = armv4_5->core_mode;
1353 int i, j;
1354 int dirty;
1355 int mode_change;
1356
1357 LOG_DEBUG("-");
1358
1359 if (target->state != TARGET_HALTED)
1360 {
1361 LOG_WARNING("target not halted");
1362 return ERROR_TARGET_NOT_HALTED;
1363 }
1364
1365 if (arm7_9->pre_restore_context)
1366 arm7_9->pre_restore_context(target);
1367
1368 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1369 return ERROR_FAIL;
1370
1371 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1372 * SYS shares registers with User, so we don't touch SYS
1373 */
1374 for (i = 0; i < 6; i++)
1375 {
1376 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1377 dirty = 0;
1378 mode_change = 0;
1379 /* check if there are dirty registers in the current mode
1380 */
1381 for (j = 0; j <= 16; j++)
1382 {
1383 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1384 reg_arch_info = reg->arch_info;
1385 if (reg->dirty == 1)
1386 {
1387 if (reg->valid == 1)
1388 {
1389 dirty = 1;
1390 LOG_DEBUG("examining dirty reg: %s", reg->name);
1391 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1392 && (reg_arch_info->mode != current_mode)
1393 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1394 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1395 {
1396 mode_change = 1;
1397 LOG_DEBUG("require mode change");
1398 }
1399 }
1400 else
1401 {
1402 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1403 }
1404 }
1405 }
1406
1407 if (dirty)
1408 {
1409 u32 mask = 0x0;
1410 int num_regs = 0;
1411 u32 regs[16];
1412
1413 if (mode_change)
1414 {
1415 u32 tmp_cpsr;
1416
1417 /* change processor mode (mask T bit) */
1418 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1419 tmp_cpsr |= armv4_5_number_to_mode(i);
1420 tmp_cpsr &= ~0x20;
1421 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1422 current_mode = armv4_5_number_to_mode(i);
1423 }
1424
1425 for (j = 0; j <= 14; j++)
1426 {
1427 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1428 reg_arch_info = reg->arch_info;
1429
1430
1431 if (reg->dirty == 1)
1432 {
1433 regs[j] = buf_get_u32(reg->value, 0, 32);
1434 mask |= 1 << j;
1435 num_regs++;
1436 reg->dirty = 0;
1437 reg->valid = 1;
1438 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1439 }
1440 }
1441
1442 if (mask)
1443 {
1444 arm7_9->write_core_regs(target, mask, regs);
1445 }
1446
1447 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1448 reg_arch_info = reg->arch_info;
1449 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1450 {
1451 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1452 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1453 }
1454 }
1455 }
1456
1457 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1458 {
1459 /* restore processor mode (mask T bit) */
1460 u32 tmp_cpsr;
1461
1462 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1463 tmp_cpsr |= armv4_5_number_to_mode(i);
1464 tmp_cpsr &= ~0x20;
1465 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1466 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1467 }
1468 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1469 {
1470 /* CPSR has been changed, full restore necessary (mask T bit) */
1471 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1472 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1473 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1474 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1475 }
1476
1477 /* restore PC */
1478 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1479 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1480 armv4_5->core_cache->reg_list[15].dirty = 0;
1481
1482 if (arm7_9->post_restore_context)
1483 arm7_9->post_restore_context(target);
1484
1485 return ERROR_OK;
1486 }
1487
1488 int arm7_9_restart_core(struct target_s *target)
1489 {
1490 armv4_5_common_t *armv4_5 = target->arch_info;
1491 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1492 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1493
1494 /* set RESTART instruction */
1495 jtag_add_end_state(TAP_RTI);
1496 if (arm7_9->need_bypass_before_restart) {
1497 arm7_9->need_bypass_before_restart = 0;
1498 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1499 }
1500 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1501
1502 jtag_add_runtest(1, TAP_RTI);
1503 return jtag_execute_queue();
1504 }
1505
1506 void arm7_9_enable_watchpoints(struct target_s *target)
1507 {
1508 watchpoint_t *watchpoint = target->watchpoints;
1509
1510 while (watchpoint)
1511 {
1512 if (watchpoint->set == 0)
1513 arm7_9_set_watchpoint(target, watchpoint);
1514 watchpoint = watchpoint->next;
1515 }
1516 }
1517
1518 void arm7_9_enable_breakpoints(struct target_s *target)
1519 {
1520 breakpoint_t *breakpoint = target->breakpoints;
1521
1522 /* set any pending breakpoints */
1523 while (breakpoint)
1524 {
1525 arm7_9_set_breakpoint(target, breakpoint);
1526 breakpoint = breakpoint->next;
1527 }
1528 }
1529
1530
1531 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1532 {
1533 armv4_5_common_t *armv4_5 = target->arch_info;
1534 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1535 breakpoint_t *breakpoint = target->breakpoints;
1536 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1537 int err, retval = ERROR_OK;
1538
1539 LOG_DEBUG("-");
1540
1541 if (target->state != TARGET_HALTED)
1542 {
1543 LOG_WARNING("target not halted");
1544 return ERROR_TARGET_NOT_HALTED;
1545 }
1546
1547 if (!debug_execution)
1548 {
1549 target_free_all_working_areas(target);
1550 }
1551
1552 /* current = 1: continue on current pc, otherwise continue at <address> */
1553 if (!current)
1554 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1555
1556 u32 current_pc;
1557 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1558
1559 /* the front-end may request us not to handle breakpoints */
1560 if (handle_breakpoints)
1561 {
1562 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1563 {
1564 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1565 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1566 {
1567 return retval;
1568 }
1569
1570 /* calculate PC of next instruction */
1571 u32 next_pc;
1572 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1573 {
1574 u32 current_opcode;
1575 target_read_u32(target, current_pc, &current_opcode);
1576 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
1577 return retval;
1578 }
1579
1580 LOG_DEBUG("enable single-step");
1581 arm7_9->enable_single_step(target, next_pc);
1582
1583 target->debug_reason = DBG_REASON_SINGLESTEP;
1584
1585 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1586 {
1587 return retval;
1588 }
1589
1590 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1591 arm7_9->branch_resume(target);
1592 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1593 {
1594 arm7_9->branch_resume_thumb(target);
1595 }
1596 else
1597 {
1598 LOG_ERROR("unhandled core state");
1599 return ERROR_FAIL;
1600 }
1601
1602 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1603 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1604 err = arm7_9_execute_sys_speed(target);
1605
1606 LOG_DEBUG("disable single-step");
1607 arm7_9->disable_single_step(target);
1608
1609 if (err != ERROR_OK)
1610 {
1611 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1612 {
1613 return retval;
1614 }
1615 target->state = TARGET_UNKNOWN;
1616 return err;
1617 }
1618
1619 arm7_9_debug_entry(target);
1620 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1621
1622 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1623 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1624 {
1625 return retval;
1626 }
1627 }
1628 }
1629
1630 /* enable any pending breakpoints and watchpoints */
1631 arm7_9_enable_breakpoints(target);
1632 arm7_9_enable_watchpoints(target);
1633
1634 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1635 {
1636 return retval;
1637 }
1638
1639 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1640 {
1641 arm7_9->branch_resume(target);
1642 }
1643 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1644 {
1645 arm7_9->branch_resume_thumb(target);
1646 }
1647 else
1648 {
1649 LOG_ERROR("unhandled core state");
1650 return ERROR_FAIL;
1651 }
1652
1653 /* deassert DBGACK and INTDIS */
1654 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1655 /* INTDIS only when we really resume, not during debug execution */
1656 if (!debug_execution)
1657 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1658 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1659
1660 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1661 {
1662 return retval;
1663 }
1664
1665 target->debug_reason = DBG_REASON_NOTHALTED;
1666
1667 if (!debug_execution)
1668 {
1669 /* registers are now invalid */
1670 armv4_5_invalidate_core_regs(target);
1671 target->state = TARGET_RUNNING;
1672 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1673 {
1674 return retval;
1675 }
1676 }
1677 else
1678 {
1679 target->state = TARGET_DEBUG_RUNNING;
1680 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1681 {
1682 return retval;
1683 }
1684 }
1685
1686 LOG_DEBUG("target resumed");
1687
1688 return ERROR_OK;
1689 }
1690
1691 void arm7_9_enable_eice_step(target_t *target, u32 next_pc)
1692 {
1693 armv4_5_common_t *armv4_5 = target->arch_info;
1694 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1695
1696 u32 current_pc;
1697 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1698
1699 if(next_pc != current_pc)
1700 {
1701 /* setup an inverse breakpoint on the current PC
1702 * - comparator 1 matches the current address
1703 * - rangeout from comparator 1 is connected to comparator 0 rangein
1704 * - comparator 0 matches any address, as long as rangein is low */
1705 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1706 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1707 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1708 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1709 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1710 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1711 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1712 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1713 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1714 }
1715 else
1716 {
1717 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1718 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1719 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1720 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1721 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1722 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1723 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1724 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1725 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1726 }
1727 }
1728
1729 void arm7_9_disable_eice_step(target_t *target)
1730 {
1731 armv4_5_common_t *armv4_5 = target->arch_info;
1732 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1733
1734 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1735 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1736 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1737 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1738 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1739 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1740 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1741 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1742 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1743 }
1744
1745 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1746 {
1747 armv4_5_common_t *armv4_5 = target->arch_info;
1748 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1749 breakpoint_t *breakpoint = NULL;
1750 int err, retval;
1751
1752 if (target->state != TARGET_HALTED)
1753 {
1754 LOG_WARNING("target not halted");
1755 return ERROR_TARGET_NOT_HALTED;
1756 }
1757
1758 /* current = 1: continue on current pc, otherwise continue at <address> */
1759 if (!current)
1760 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1761
1762 u32 current_pc;
1763 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1764
1765 /* the front-end may request us not to handle breakpoints */
1766 if (handle_breakpoints)
1767 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1768 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1769 {
1770 return retval;
1771 }
1772
1773 target->debug_reason = DBG_REASON_SINGLESTEP;
1774
1775 /* calculate PC of next instruction */
1776 u32 next_pc;
1777 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1778 {
1779 u32 current_opcode;
1780 target_read_u32(target, current_pc, &current_opcode);
1781 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
1782 return retval;
1783 }
1784
1785 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1786 {
1787 return retval;
1788 }
1789
1790 arm7_9->enable_single_step(target, next_pc);
1791
1792 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1793 {
1794 arm7_9->branch_resume(target);
1795 }
1796 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1797 {
1798 arm7_9->branch_resume_thumb(target);
1799 }
1800 else
1801 {
1802 LOG_ERROR("unhandled core state");
1803 return ERROR_FAIL;
1804 }
1805
1806 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1807 {
1808 return retval;
1809 }
1810
1811 err = arm7_9_execute_sys_speed(target);
1812 arm7_9->disable_single_step(target);
1813
1814 /* registers are now invalid */
1815 armv4_5_invalidate_core_regs(target);
1816
1817 if (err != ERROR_OK)
1818 {
1819 target->state = TARGET_UNKNOWN;
1820 } else {
1821 arm7_9_debug_entry(target);
1822 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1823 {
1824 return retval;
1825 }
1826 LOG_DEBUG("target stepped");
1827 }
1828
1829 if (breakpoint)
1830 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1831 {
1832 return retval;
1833 }
1834
1835 return err;
1836
1837 }
1838
1839 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1840 {
1841 u32* reg_p[16];
1842 u32 value;
1843 int retval;
1844 armv4_5_common_t *armv4_5 = target->arch_info;
1845 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1846
1847 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1848 return ERROR_FAIL;
1849
1850 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1851
1852 if ((num < 0) || (num > 16))
1853 return ERROR_INVALID_ARGUMENTS;
1854
1855 if ((mode != ARMV4_5_MODE_ANY)
1856 && (mode != armv4_5->core_mode)
1857 && (reg_mode != ARMV4_5_MODE_ANY))
1858 {
1859 u32 tmp_cpsr;
1860
1861 /* change processor mode (mask T bit) */
1862 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1863 tmp_cpsr |= mode;
1864 tmp_cpsr &= ~0x20;
1865 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1866 }
1867
1868 if ((num >= 0) && (num <= 15))
1869 {
1870 /* read a normal core register */
1871 reg_p[num] = &value;
1872
1873 arm7_9->read_core_regs(target, 1 << num, reg_p);
1874 }
1875 else
1876 {
1877 /* read a program status register
1878 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1879 */
1880 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1881 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1882
1883 arm7_9->read_xpsr(target, &value, spsr);
1884 }
1885
1886 if ((retval = jtag_execute_queue()) != ERROR_OK)
1887 {
1888 return retval;
1889 }
1890
1891 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1892 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1893 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1894
1895 if ((mode != ARMV4_5_MODE_ANY)
1896 && (mode != armv4_5->core_mode)
1897 && (reg_mode != ARMV4_5_MODE_ANY)) {
1898 /* restore processor mode (mask T bit) */
1899 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1900 }
1901
1902 return ERROR_OK;
1903
1904 }
1905
1906 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1907 {
1908 u32 reg[16];
1909 armv4_5_common_t *armv4_5 = target->arch_info;
1910 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1911
1912 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1913 return ERROR_FAIL;
1914
1915 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1916
1917 if ((num < 0) || (num > 16))
1918 return ERROR_INVALID_ARGUMENTS;
1919
1920 if ((mode != ARMV4_5_MODE_ANY)
1921 && (mode != armv4_5->core_mode)
1922 && (reg_mode != ARMV4_5_MODE_ANY)) {
1923 u32 tmp_cpsr;
1924
1925 /* change processor mode (mask T bit) */
1926 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1927 tmp_cpsr |= mode;
1928 tmp_cpsr &= ~0x20;
1929 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1930 }
1931
1932 if ((num >= 0) && (num <= 15))
1933 {
1934 /* write a normal core register */
1935 reg[num] = value;
1936
1937 arm7_9->write_core_regs(target, 1 << num, reg);
1938 }
1939 else
1940 {
1941 /* write a program status register
1942 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1943 */
1944 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1945 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1946
1947 /* if we're writing the CPSR, mask the T bit */
1948 if (!spsr)
1949 value &= ~0x20;
1950
1951 arm7_9->write_xpsr(target, value, spsr);
1952 }
1953
1954 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1955 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1956
1957 if ((mode != ARMV4_5_MODE_ANY)
1958 && (mode != armv4_5->core_mode)
1959 && (reg_mode != ARMV4_5_MODE_ANY)) {
1960 /* restore processor mode (mask T bit) */
1961 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1962 }
1963
1964 return jtag_execute_queue();
1965 }
1966
1967 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1968 {
1969 armv4_5_common_t *armv4_5 = target->arch_info;
1970 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1971
1972 u32 reg[16];
1973 int num_accesses = 0;
1974 int thisrun_accesses;
1975 int i;
1976 u32 cpsr;
1977 int retval;
1978 int last_reg = 0;
1979
1980 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1981
1982 if (target->state != TARGET_HALTED)
1983 {
1984 LOG_WARNING("target not halted");
1985 return ERROR_TARGET_NOT_HALTED;
1986 }
1987
1988 /* sanitize arguments */
1989 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1990 return ERROR_INVALID_ARGUMENTS;
1991
1992 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1993 return ERROR_TARGET_UNALIGNED_ACCESS;
1994
1995 /* load the base register with the address of the first word */
1996 reg[0] = address;
1997 arm7_9->write_core_regs(target, 0x1, reg);
1998
1999 int j=0;
2000
2001 switch (size)
2002 {
2003 case 4:
2004 while (num_accesses < count)
2005 {
2006 u32 reg_list;
2007 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2008 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2009
2010 if (last_reg <= thisrun_accesses)
2011 last_reg = thisrun_accesses;
2012
2013 arm7_9->load_word_regs(target, reg_list);
2014
2015 /* fast memory reads are only safe when the target is running
2016 * from a sufficiently high clock (32 kHz is usually too slow)
2017 */
2018 if (arm7_9->fast_memory_access)
2019 retval = arm7_9_execute_fast_sys_speed(target);
2020 else
2021 retval = arm7_9_execute_sys_speed(target);
2022 if (retval != ERROR_OK)
2023 return retval;
2024
2025 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2026
2027 /* advance buffer, count number of accesses */
2028 buffer += thisrun_accesses * 4;
2029 num_accesses += thisrun_accesses;
2030
2031 if ((j++%1024)==0)
2032 {
2033 keep_alive();
2034 }
2035 }
2036 break;
2037 case 2:
2038 while (num_accesses < count)
2039 {
2040 u32 reg_list;
2041 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2042 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2043
2044 for (i = 1; i <= thisrun_accesses; i++)
2045 {
2046 if (i > last_reg)
2047 last_reg = i;
2048 arm7_9->load_hword_reg(target, i);
2049 /* fast memory reads are only safe when the target is running
2050 * from a sufficiently high clock (32 kHz is usually too slow)
2051 */
2052 if (arm7_9->fast_memory_access)
2053 retval = arm7_9_execute_fast_sys_speed(target);
2054 else
2055 retval = arm7_9_execute_sys_speed(target);
2056 if(retval != ERROR_OK)
2057 {
2058 return retval;
2059 }
2060
2061 }
2062
2063 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2064
2065 /* advance buffer, count number of accesses */
2066 buffer += thisrun_accesses * 2;
2067 num_accesses += thisrun_accesses;
2068
2069 if ((j++%1024)==0)
2070 {
2071 keep_alive();
2072 }
2073 }
2074 break;
2075 case 1:
2076 while (num_accesses < count)
2077 {
2078 u32 reg_list;
2079 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2080 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2081
2082 for (i = 1; i <= thisrun_accesses; i++)
2083 {
2084 if (i > last_reg)
2085 last_reg = i;
2086 arm7_9->load_byte_reg(target, i);
2087 /* fast memory reads are only safe when the target is running
2088 * from a sufficiently high clock (32 kHz is usually too slow)
2089 */
2090 if (arm7_9->fast_memory_access)
2091 retval = arm7_9_execute_fast_sys_speed(target);
2092 else
2093 retval = arm7_9_execute_sys_speed(target);
2094 if(retval != ERROR_OK)
2095 {
2096 return retval;
2097 }
2098 }
2099
2100 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2101
2102 /* advance buffer, count number of accesses */
2103 buffer += thisrun_accesses * 1;
2104 num_accesses += thisrun_accesses;
2105
2106 if ((j++%1024)==0)
2107 {
2108 keep_alive();
2109 }
2110 }
2111 break;
2112 default:
2113 LOG_ERROR("BUG: we shouldn't get here");
2114 exit(-1);
2115 break;
2116 }
2117
2118 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2119 return ERROR_FAIL;
2120
2121 for (i=0; i<=last_reg; i++)
2122 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2123
2124 arm7_9->read_xpsr(target, &cpsr, 0);
2125 if ((retval = jtag_execute_queue()) != ERROR_OK)
2126 {
2127 LOG_ERROR("JTAG error while reading cpsr");
2128 return ERROR_TARGET_DATA_ABORT;
2129 }
2130
2131 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2132 {
2133 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2134
2135 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2136
2137 return ERROR_TARGET_DATA_ABORT;
2138 }
2139
2140 return ERROR_OK;
2141 }
2142
2143 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2144 {
2145 armv4_5_common_t *armv4_5 = target->arch_info;
2146 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2147 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2148
2149 u32 reg[16];
2150 int num_accesses = 0;
2151 int thisrun_accesses;
2152 int i;
2153 u32 cpsr;
2154 int retval;
2155 int last_reg = 0;
2156
2157 #ifdef _DEBUG_ARM7_9_
2158 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2159 #endif
2160
2161 if (target->state != TARGET_HALTED)
2162 {
2163 LOG_WARNING("target not halted");
2164 return ERROR_TARGET_NOT_HALTED;
2165 }
2166
2167 /* sanitize arguments */
2168 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2169 return ERROR_INVALID_ARGUMENTS;
2170
2171 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2172 return ERROR_TARGET_UNALIGNED_ACCESS;
2173
2174 /* load the base register with the address of the first word */
2175 reg[0] = address;
2176 arm7_9->write_core_regs(target, 0x1, reg);
2177
2178 /* Clear DBGACK, to make sure memory fetches work as expected */
2179 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2180 embeddedice_store_reg(dbg_ctrl);
2181
2182 switch (size)
2183 {
2184 case 4:
2185 while (num_accesses < count)
2186 {
2187 u32 reg_list;
2188 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2189 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2190
2191 for (i = 1; i <= thisrun_accesses; i++)
2192 {
2193 if (i > last_reg)
2194 last_reg = i;
2195 reg[i] = target_buffer_get_u32(target, buffer);
2196 buffer += 4;
2197 }
2198
2199 arm7_9->write_core_regs(target, reg_list, reg);
2200
2201 arm7_9->store_word_regs(target, reg_list);
2202
2203 /* fast memory writes are only safe when the target is running
2204 * from a sufficiently high clock (32 kHz is usually too slow)
2205 */
2206 if (arm7_9->fast_memory_access)
2207 retval = arm7_9_execute_fast_sys_speed(target);
2208 else
2209 retval = arm7_9_execute_sys_speed(target);
2210 if(retval != ERROR_OK)
2211 {
2212 return retval;
2213 }
2214
2215 num_accesses += thisrun_accesses;
2216 }
2217 break;
2218 case 2:
2219 while (num_accesses < count)
2220 {
2221 u32 reg_list;
2222 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2223 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2224
2225 for (i = 1; i <= thisrun_accesses; i++)
2226 {
2227 if (i > last_reg)
2228 last_reg = i;
2229 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2230 buffer += 2;
2231 }
2232
2233 arm7_9->write_core_regs(target, reg_list, reg);
2234
2235 for (i = 1; i <= thisrun_accesses; i++)
2236 {
2237 arm7_9->store_hword_reg(target, i);
2238
2239 /* fast memory writes are only safe when the target is running
2240 * from a sufficiently high clock (32 kHz is usually too slow)
2241 */
2242 if (arm7_9->fast_memory_access)
2243 retval = arm7_9_execute_fast_sys_speed(target);
2244 else
2245 retval = arm7_9_execute_sys_speed(target);
2246 if(retval != ERROR_OK)
2247 {
2248 return retval;
2249 }
2250 }
2251
2252 num_accesses += thisrun_accesses;
2253 }
2254 break;
2255 case 1:
2256 while (num_accesses < count)
2257 {
2258 u32 reg_list;
2259 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2260 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2261
2262 for (i = 1; i <= thisrun_accesses; i++)
2263 {
2264 if (i > last_reg)
2265 last_reg = i;
2266 reg[i] = *buffer++ & 0xff;
2267 }
2268
2269 arm7_9->write_core_regs(target, reg_list, reg);
2270
2271 for (i = 1; i <= thisrun_accesses; i++)
2272 {
2273 arm7_9->store_byte_reg(target, i);
2274 /* fast memory writes are only safe when the target is running
2275 * from a sufficiently high clock (32 kHz is usually too slow)
2276 */
2277 if (arm7_9->fast_memory_access)
2278 retval = arm7_9_execute_fast_sys_speed(target);
2279 else
2280 retval = arm7_9_execute_sys_speed(target);
2281 if(retval != ERROR_OK)
2282 {
2283 return retval;
2284 }
2285
2286 }
2287
2288 num_accesses += thisrun_accesses;
2289 }
2290 break;
2291 default:
2292 LOG_ERROR("BUG: we shouldn't get here");
2293 exit(-1);
2294 break;
2295 }
2296
2297 /* Re-Set DBGACK */
2298 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2299 embeddedice_store_reg(dbg_ctrl);
2300
2301 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2302 return ERROR_FAIL;
2303
2304 for (i=0; i<=last_reg; i++)
2305 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2306
2307 arm7_9->read_xpsr(target, &cpsr, 0);
2308 if ((retval = jtag_execute_queue()) != ERROR_OK)
2309 {
2310 LOG_ERROR("JTAG error while reading cpsr");
2311 return ERROR_TARGET_DATA_ABORT;
2312 }
2313
2314 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2315 {
2316 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2317
2318 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2319
2320 return ERROR_TARGET_DATA_ABORT;
2321 }
2322
2323 return ERROR_OK;
2324 }
2325
2326 static int dcc_count;
2327 static u8 *dcc_buffer;
2328
2329
2330 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2331 {
2332 int retval = ERROR_OK;
2333 armv4_5_common_t *armv4_5 = target->arch_info;
2334 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2335
2336 if ((retval=target_wait_state(target, TARGET_DEBUG_RUNNING, 500))!=ERROR_OK)
2337 return retval;
2338
2339 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2340 int count=dcc_count;
2341 u8 *buffer=dcc_buffer;
2342 if (count>2)
2343 {
2344 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2345 core function repeated.
2346 */
2347 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2348 buffer+=4;
2349
2350 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2351 u8 reg_addr = ice_reg->addr & 0x1f;
2352 int chain_pos = ice_reg->jtag_info->chain_pos;
2353
2354 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2355 buffer += (count-2)*4;
2356
2357 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2358 } else
2359 {
2360 int i;
2361 for (i = 0; i < count; i++)
2362 {
2363 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2364 buffer += 4;
2365 }
2366 }
2367
2368 if((retval = target_halt(target))!= ERROR_OK)
2369 {
2370 return retval;
2371 }
2372 return target_wait_state(target, TARGET_HALTED, 500);
2373 }
2374
2375
2376 static const u32 dcc_code[] =
2377 {
2378 /* MRC TST BNE MRC STR B */
2379 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2380 };
2381
2382 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2383
2384
2385 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2386 {
2387 int retval;
2388 armv4_5_common_t *armv4_5 = target->arch_info;
2389 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2390 int i;
2391
2392 if (!arm7_9->dcc_downloads)
2393 return target->type->write_memory(target, address, 4, count, buffer);
2394
2395 /* regrab previously allocated working_area, or allocate a new one */
2396 if (!arm7_9->dcc_working_area)
2397 {
2398 u8 dcc_code_buf[6 * 4];
2399
2400 /* make sure we have a working area */
2401 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2402 {
2403 LOG_INFO("no working area available, falling back to memory writes");
2404 return target->type->write_memory(target, address, 4, count, buffer);
2405 }
2406
2407 /* copy target instructions to target endianness */
2408 for (i = 0; i < 6; i++)
2409 {
2410 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2411 }
2412
2413 /* write DCC code to working area */
2414 if ((retval = target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2415 {
2416 return retval;
2417 }
2418 }
2419
2420 armv4_5_algorithm_t armv4_5_info;
2421 reg_param_t reg_params[1];
2422
2423 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2424 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2425 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2426
2427 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2428
2429 buf_set_u32(reg_params[0].value, 0, 32, address);
2430
2431 //armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params,
2432 // int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info))
2433 dcc_count=count;
2434 dcc_buffer=buffer;
2435 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2436 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2437
2438 if (retval==ERROR_OK)
2439 {
2440 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2441 if (endaddress!=(address+count*4))
2442 {
2443 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2444 retval=ERROR_FAIL;
2445 }
2446 }
2447
2448 destroy_reg_param(&reg_params[0]);
2449
2450 return retval;
2451 }
2452
2453 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2454 {
2455 working_area_t *crc_algorithm;
2456 armv4_5_algorithm_t armv4_5_info;
2457 reg_param_t reg_params[2];
2458 int retval;
2459
2460 u32 arm7_9_crc_code[] = {
2461 0xE1A02000, /* mov r2, r0 */
2462 0xE3E00000, /* mov r0, #0xffffffff */
2463 0xE1A03001, /* mov r3, r1 */
2464 0xE3A04000, /* mov r4, #0 */
2465 0xEA00000B, /* b ncomp */
2466 /* nbyte: */
2467 0xE7D21004, /* ldrb r1, [r2, r4] */
2468 0xE59F7030, /* ldr r7, CRC32XOR */
2469 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2470 0xE3A05000, /* mov r5, #0 */
2471 /* loop: */
2472 0xE3500000, /* cmp r0, #0 */
2473 0xE1A06080, /* mov r6, r0, asl #1 */
2474 0xE2855001, /* add r5, r5, #1 */
2475 0xE1A00006, /* mov r0, r6 */
2476 0xB0260007, /* eorlt r0, r6, r7 */
2477 0xE3550008, /* cmp r5, #8 */
2478 0x1AFFFFF8, /* bne loop */
2479 0xE2844001, /* add r4, r4, #1 */
2480 /* ncomp: */
2481 0xE1540003, /* cmp r4, r3 */
2482 0x1AFFFFF1, /* bne nbyte */
2483 /* end: */
2484 0xEAFFFFFE, /* b end */
2485 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2486 };
2487
2488 int i;
2489
2490 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2491 {
2492 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2493 }
2494
2495 /* convert flash writing code into a buffer in target endianness */
2496 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2497 {
2498 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2499 {
2500 return retval;
2501 }
2502 }
2503
2504 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2505 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2506 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2507
2508 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2509 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2510
2511 buf_set_u32(reg_params[0].value, 0, 32, address);
2512 buf_set_u32(reg_params[1].value, 0, 32, count);
2513
2514 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2515 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2516 {
2517 LOG_ERROR("error executing arm7_9 crc algorithm");
2518 destroy_reg_param(&reg_params[0]);
2519 destroy_reg_param(&reg_params[1]);
2520 target_free_working_area(target, crc_algorithm);
2521 return retval;
2522 }
2523
2524 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2525
2526 destroy_reg_param(&reg_params[0]);
2527 destroy_reg_param(&reg_params[1]);
2528
2529 target_free_working_area(target, crc_algorithm);
2530
2531 return ERROR_OK;
2532 }
2533
2534 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2535 {
2536 working_area_t *erase_check_algorithm;
2537 reg_param_t reg_params[3];
2538 armv4_5_algorithm_t armv4_5_info;
2539 int retval;
2540 int i;
2541
2542 u32 erase_check_code[] =
2543 {
2544 /* loop: */
2545 0xe4d03001, /* ldrb r3, [r0], #1 */
2546 0xe0022003, /* and r2, r2, r3 */
2547 0xe2511001, /* subs r1, r1, #1 */
2548 0x1afffffb, /* bne loop */
2549 /* end: */
2550 0xeafffffe /* b end */
2551 };
2552
2553 /* make sure we have a working area */
2554 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2555 {
2556 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2557 }
2558
2559 /* convert flash writing code into a buffer in target endianness */
2560 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2561 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i])) != ERROR_OK)
2562 {
2563 return retval;
2564 }
2565
2566 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2567 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2568 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2569
2570 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2571 buf_set_u32(reg_params[0].value, 0, 32, address);
2572
2573 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2574 buf_set_u32(reg_params[1].value, 0, 32, count);
2575
2576 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2577 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2578
2579 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2580 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2581 {
2582 destroy_reg_param(&reg_params[0]);
2583 destroy_reg_param(&reg_params[1]);
2584 destroy_reg_param(&reg_params[2]);
2585 target_free_working_area(target, erase_check_algorithm);
2586 return 0;
2587 }
2588
2589 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2590
2591 destroy_reg_param(&reg_params[0]);
2592 destroy_reg_param(&reg_params[1]);
2593 destroy_reg_param(&reg_params[2]);
2594
2595 target_free_working_area(target, erase_check_algorithm);
2596
2597 return ERROR_OK;
2598 }
2599
2600 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2601 {
2602 command_t *arm7_9_cmd;
2603
2604 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2605
2606 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2607 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2608
2609 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2610
2611 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2612 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2613 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2614 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2615 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2616 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2617
2618 armv4_5_register_commands(cmd_ctx);
2619
2620 etm_register_commands(cmd_ctx);
2621
2622 return ERROR_OK;
2623 }
2624
2625 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2626 {
2627 u32 value;
2628 int spsr;
2629 int retval;
2630 target_t *target = get_current_target(cmd_ctx);
2631 armv4_5_common_t *armv4_5;
2632 arm7_9_common_t *arm7_9;
2633
2634 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2635 {
2636 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2637 return ERROR_OK;
2638 }
2639
2640 if (target->state != TARGET_HALTED)
2641 {
2642 command_print(cmd_ctx, "can't write registers while running");
2643 return ERROR_OK;
2644 }
2645
2646 if (argc < 2)
2647 {
2648 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2649 return ERROR_OK;
2650 }
2651
2652 value = strtoul(args[0], NULL, 0);
2653 spsr = strtol(args[1], NULL, 0);
2654
2655 /* if we're writing the CPSR, mask the T bit */
2656 if (!spsr)
2657 value &= ~0x20;
2658
2659 arm7_9->write_xpsr(target, value, spsr);
2660 if ((retval = jtag_execute_queue()) != ERROR_OK)
2661 {
2662 LOG_ERROR("JTAG error while writing to xpsr");
2663 return retval;
2664 }
2665
2666 return ERROR_OK;
2667 }
2668
2669 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2670 {
2671 u32 value;
2672 int rotate;
2673 int spsr;
2674 int retval;
2675 target_t *target = get_current_target(cmd_ctx);
2676 armv4_5_common_t *armv4_5;
2677 arm7_9_common_t *arm7_9;
2678
2679 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2680 {
2681 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2682 return ERROR_OK;
2683 }
2684
2685 if (target->state != TARGET_HALTED)
2686 {
2687 command_print(cmd_ctx, "can't write registers while running");
2688 return ERROR_OK;
2689 }
2690
2691 if (argc < 3)
2692 {
2693 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2694 return ERROR_OK;
2695 }
2696
2697 value = strtoul(args[0], NULL, 0);
2698 rotate = strtol(args[1], NULL, 0);
2699 spsr = strtol(args[2], NULL, 0);
2700
2701 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2702 if ((retval = jtag_execute_queue()) != ERROR_OK)
2703 {
2704 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2705 return retval;
2706 }
2707
2708 return ERROR_OK;
2709 }
2710
2711 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2712 {
2713 u32 value;
2714 u32 mode;
2715 int num;
2716 target_t *target = get_current_target(cmd_ctx);
2717 armv4_5_common_t *armv4_5;
2718 arm7_9_common_t *arm7_9;
2719
2720 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2721 {
2722 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2723 return ERROR_OK;
2724 }
2725
2726 if (target->state != TARGET_HALTED)
2727 {
2728 command_print(cmd_ctx, "can't write registers while running");
2729 return ERROR_OK;
2730 }
2731
2732 if (argc < 3)
2733 {
2734 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2735 return ERROR_OK;
2736 }
2737
2738 num = strtol(args[0], NULL, 0);
2739 mode = strtoul(args[1], NULL, 0);
2740 value = strtoul(args[2], NULL, 0);
2741
2742 return arm7_9_write_core_reg(target, num, mode, value);
2743
2744 }
2745
2746
2747 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2748 {
2749 target_t *target = get_current_target(cmd_ctx);
2750 armv4_5_common_t *armv4_5;
2751 arm7_9_common_t *arm7_9;
2752
2753 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2754 {
2755 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2756 return ERROR_OK;
2757 }
2758
2759 if (argc > 0)
2760 {
2761 if (strcmp("enable", args[0]) == 0)
2762 {
2763 arm7_9->use_dbgrq = 1;
2764 }
2765 else if (strcmp("disable", args[0]) == 0)
2766 {
2767 arm7_9->use_dbgrq = 0;
2768 }
2769 else
2770 {
2771 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2772 }
2773 }
2774
2775 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2776
2777 return ERROR_OK;
2778 }
2779
2780 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2781 {
2782 target_t *target = get_current_target(cmd_ctx);
2783 armv4_5_common_t *armv4_5;
2784 arm7_9_common_t *arm7_9;
2785
2786 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2787 {
2788 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2789 return ERROR_OK;
2790 }
2791
2792 if (argc > 0)
2793 {
2794 if (strcmp("enable", args[0]) == 0)
2795 {
2796 arm7_9->fast_memory_access = 1;
2797 }
2798 else if (strcmp("disable", args[0]) == 0)
2799 {
2800 arm7_9->fast_memory_access = 0;
2801 }
2802 else
2803 {
2804 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2805 }
2806 }
2807
2808 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2809
2810 return ERROR_OK;
2811 }
2812
2813 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2814 {
2815 target_t *target = get_current_target(cmd_ctx);
2816 armv4_5_common_t *armv4_5;
2817 arm7_9_common_t *arm7_9;
2818
2819 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2820 {
2821 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2822 return ERROR_OK;
2823 }
2824
2825 if (argc > 0)
2826 {
2827 if (strcmp("enable", args[0]) == 0)
2828 {
2829 arm7_9->dcc_downloads = 1;
2830 }
2831 else if (strcmp("disable", args[0]) == 0)
2832 {
2833 arm7_9->dcc_downloads = 0;
2834 }
2835 else
2836 {
2837 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2838 }
2839 }
2840
2841 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2842
2843 return ERROR_OK;
2844 }
2845
2846 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2847 {
2848 int retval = ERROR_OK;
2849 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2850
2851 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2852
2853 if((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2854 {
2855 return retval;
2856 }
2857
2858 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2859 arm7_9->wp_available_max = 2;
2860 arm7_9->sw_breakpoints_added = 0;
2861 arm7_9->breakpoint_count = 0;
2862 arm7_9->wp0_used = 0;
2863 arm7_9->wp1_used = 0;
2864 arm7_9->wp1_used_default = 0;
2865 arm7_9->use_dbgrq = 0;
2866
2867 arm7_9->etm_ctx = NULL;
2868 arm7_9->has_single_step = 0;
2869 arm7_9->has_monitor_mode = 0;
2870 arm7_9->has_vector_catch = 0;
2871
2872 arm7_9->debug_entry_from_reset = 0;
2873
2874 arm7_9->dcc_working_area = NULL;
2875
2876 arm7_9->fast_memory_access = fast_and_dangerous;
2877 arm7_9->dcc_downloads = fast_and_dangerous;
2878
2879 arm7_9->need_bypass_before_restart = 0;
2880
2881 armv4_5->arch_info = arm7_9;
2882 armv4_5->read_core_reg = arm7_9_read_core_reg;
2883 armv4_5->write_core_reg = arm7_9_write_core_reg;
2884 armv4_5->full_context = arm7_9_full_context;
2885
2886 if((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
2887 {
2888 return retval;
2889 }
2890
2891 if((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
2892 {
2893 return retval;
2894 }
2895
2896 return ERROR_OK;
2897 }