1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
47 * Hold common code supporting the ARM7 and ARM9 core generations.
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
63 static int arm7_9_debug_entry(struct target
*target
);
66 * Clear watchpoints for an ARM7/9 target.
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
71 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
74 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
75 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
76 arm7_9
->sw_breakpoint_count
= 0;
77 arm7_9
->sw_breakpoints_added
= 0;
79 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
80 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
82 return jtag_execute_queue();
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
92 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
94 if (!arm7_9
->wp0_used
)
98 arm7_9
->wp_available
--;
100 else if (!arm7_9
->wp1_used
)
102 arm7_9
->wp1_used
= 1;
104 arm7_9
->wp_available
--;
108 LOG_ERROR("BUG: no hardware comparator available");
110 LOG_DEBUG("BPID: %d (0x%08" PRIx32
") using hw wp: %d",
111 breakpoint
->unique_id
,
117 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
119 * @param arm7_9 Pointer to common struct for ARM7/9 targets
120 * @return Error codes if there is a problem finding a watchpoint or the result
121 * of executing the JTAG queue
123 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
125 if (arm7_9
->sw_breakpoints_added
)
129 if (arm7_9
->wp_available
< 1)
131 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
132 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
134 arm7_9
->wp_available
--;
136 /* pick a breakpoint unit */
137 if (!arm7_9
->wp0_used
)
139 arm7_9
->sw_breakpoints_added
= 1;
140 arm7_9
->wp0_used
= 3;
141 } else if (!arm7_9
->wp1_used
)
143 arm7_9
->sw_breakpoints_added
= 2;
144 arm7_9
->wp1_used
= 3;
148 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
152 if (arm7_9
->sw_breakpoints_added
== 1)
154 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
155 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
156 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
157 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
158 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
160 else if (arm7_9
->sw_breakpoints_added
== 2)
162 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
163 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
164 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
165 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
166 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
170 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
173 LOG_DEBUG("SW BP using hw wp: %d",
174 arm7_9
->sw_breakpoints_added
);
176 return jtag_execute_queue();
180 * Setup the common pieces for an ARM7/9 target after reset or on startup.
182 * @param target Pointer to an ARM7/9 target to setup
183 * @return Result of clearing the watchpoints on the target
185 int arm7_9_setup(struct target
*target
)
187 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
189 return arm7_9_clear_watchpoints(arm7_9
);
193 * Set either a hardware or software breakpoint on an ARM7/9 target. The
194 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
195 * might have erased the values in Embedded ICE.
197 * @param target Pointer to the target device to set the breakpoints on
198 * @param breakpoint Pointer to the breakpoint to be set
199 * @return For hardware breakpoints, this is the result of executing the JTAG
200 * queue. For software breakpoints, this will be the status of the
201 * required memory reads and writes
203 int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
205 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
206 int retval
= ERROR_OK
;
208 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
", Type: %d" ,
209 breakpoint
->unique_id
,
213 if (target
->state
!= TARGET_HALTED
)
215 LOG_WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED
;
219 if (breakpoint
->type
== BKPT_HARD
)
221 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
222 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
224 /* reassign a hw breakpoint */
225 if (breakpoint
->set
== 0)
227 arm7_9_assign_wp(arm7_9
, breakpoint
);
230 if (breakpoint
->set
== 1)
232 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
233 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
234 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
235 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
236 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
238 else if (breakpoint
->set
== 2)
240 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
241 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
242 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
243 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
244 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
248 LOG_ERROR("BUG: no hardware comparator available");
252 retval
= jtag_execute_queue();
254 else if (breakpoint
->type
== BKPT_SOFT
)
256 /* did we already set this breakpoint? */
260 if (breakpoint
->length
== 4)
262 uint32_t verify
= 0xffffffff;
263 /* keep the original instruction in target endianness */
264 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
268 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
269 if ((retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
)) != ERROR_OK
)
274 if ((retval
= target_read_u32(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
278 if (verify
!= arm7_9
->arm_bkpt
)
280 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
286 uint16_t verify
= 0xffff;
287 /* keep the original instruction in target endianness */
288 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
292 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
293 if ((retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
)) != ERROR_OK
)
298 if ((retval
= target_read_u16(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
302 if (verify
!= arm7_9
->thumb_bkpt
)
304 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
309 if ((retval
= arm7_9_set_software_breakpoints(arm7_9
)) != ERROR_OK
)
312 arm7_9
->sw_breakpoint_count
++;
321 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
322 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
323 * will be updated. Otherwise, the software breakpoint will be restored to its
324 * original instruction if it hasn't already been modified.
326 * @param target Pointer to ARM7/9 target to unset the breakpoint from
327 * @param breakpoint Pointer to breakpoint to be unset
328 * @return For hardware breakpoints, this is the result of executing the JTAG
329 * queue. For software breakpoints, this will be the status of the
330 * required memory reads and writes
332 int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
334 int retval
= ERROR_OK
;
335 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
337 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
,
338 breakpoint
->unique_id
,
339 breakpoint
->address
);
341 if (!breakpoint
->set
)
343 LOG_WARNING("breakpoint not set");
347 if (breakpoint
->type
== BKPT_HARD
)
349 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
350 breakpoint
->unique_id
,
352 if (breakpoint
->set
== 1)
354 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
355 arm7_9
->wp0_used
= 0;
356 arm7_9
->wp_available
++;
358 else if (breakpoint
->set
== 2)
360 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
361 arm7_9
->wp1_used
= 0;
362 arm7_9
->wp_available
++;
364 retval
= jtag_execute_queue();
369 /* restore original instruction (kept in target endianness) */
370 if (breakpoint
->length
== 4)
372 uint32_t current_instr
;
373 /* check that user program as not modified breakpoint instruction */
374 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
378 if (current_instr
== arm7_9
->arm_bkpt
)
379 if ((retval
= target_write_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
386 uint16_t current_instr
;
387 /* check that user program as not modified breakpoint instruction */
388 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
392 if (current_instr
== arm7_9
->thumb_bkpt
)
393 if ((retval
= target_write_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
399 if (--arm7_9
->sw_breakpoint_count
==0)
401 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
402 if (arm7_9
->sw_breakpoints_added
== 1)
404 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0);
406 else if (arm7_9
->sw_breakpoints_added
== 2)
408 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0);
419 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
420 * dangling breakpoints and that the desired breakpoint can be added.
422 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
423 * @param breakpoint Pointer to the breakpoint to be added
424 * @return An error status if there is a problem adding the breakpoint or the
425 * result of setting the breakpoint
427 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
429 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
431 if (arm7_9
->breakpoint_count
== 0)
433 /* make sure we don't have any dangling breakpoints. This is vital upon
434 * GDB connect/disconnect
436 arm7_9_clear_watchpoints(arm7_9
);
439 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1))
441 LOG_INFO("no watchpoint unit available for hardware breakpoint");
442 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
445 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4))
447 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
448 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
451 if (breakpoint
->type
== BKPT_HARD
)
453 arm7_9_assign_wp(arm7_9
, breakpoint
);
456 arm7_9
->breakpoint_count
++;
458 return arm7_9_set_breakpoint(target
, breakpoint
);
462 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
463 * dangling breakpoints and updates available watchpoints if it is a hardware
466 * @param target Pointer to the target to have a breakpoint removed
467 * @param breakpoint Pointer to the breakpoint to be removed
468 * @return Error status if there was a problem unsetting the breakpoint or the
469 * watchpoints could not be cleared
471 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
473 int retval
= ERROR_OK
;
474 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
476 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
481 if (breakpoint
->type
== BKPT_HARD
)
482 arm7_9
->wp_available
++;
484 arm7_9
->breakpoint_count
--;
485 if (arm7_9
->breakpoint_count
== 0)
487 /* make sure we don't have any dangling breakpoints */
488 if ((retval
= arm7_9_clear_watchpoints(arm7_9
)) != ERROR_OK
)
498 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
499 * considered a bug to call this function when there are no available watchpoint
502 * @param target Pointer to an ARM7/9 target to set a watchpoint on
503 * @param watchpoint Pointer to the watchpoint to be set
504 * @return Error status if watchpoint set fails or the result of executing the
507 int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
509 int retval
= ERROR_OK
;
510 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
514 mask
= watchpoint
->length
- 1;
516 if (target
->state
!= TARGET_HALTED
)
518 LOG_WARNING("target not halted");
519 return ERROR_TARGET_NOT_HALTED
;
522 if (watchpoint
->rw
== WPT_ACCESS
)
527 if (!arm7_9
->wp0_used
)
529 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], watchpoint
->address
);
530 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
531 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], watchpoint
->mask
);
532 if (watchpoint
->mask
!= 0xffffffffu
)
533 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], watchpoint
->value
);
534 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
535 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
537 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
542 arm7_9
->wp0_used
= 2;
544 else if (!arm7_9
->wp1_used
)
546 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], watchpoint
->address
);
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
548 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], watchpoint
->mask
);
549 if (watchpoint
->mask
!= 0xffffffffu
)
550 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], watchpoint
->value
);
551 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
552 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
554 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
559 arm7_9
->wp1_used
= 2;
563 LOG_ERROR("BUG: no hardware comparator available");
571 * Unset an existing watchpoint and clear the used watchpoint unit.
573 * @param target Pointer to the target to have the watchpoint removed
574 * @param watchpoint Pointer to the watchpoint to be removed
575 * @return Error status while trying to unset the watchpoint or the result of
576 * executing the JTAG queue
578 int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
580 int retval
= ERROR_OK
;
581 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
583 if (target
->state
!= TARGET_HALTED
)
585 LOG_WARNING("target not halted");
586 return ERROR_TARGET_NOT_HALTED
;
589 if (!watchpoint
->set
)
591 LOG_WARNING("breakpoint not set");
595 if (watchpoint
->set
== 1)
597 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
598 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
602 arm7_9
->wp0_used
= 0;
604 else if (watchpoint
->set
== 2)
606 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
607 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
611 arm7_9
->wp1_used
= 0;
619 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
620 * available, an error response is returned.
622 * @param target Pointer to the ARM7/9 target to add a watchpoint to
623 * @param watchpoint Pointer to the watchpoint to be added
624 * @return Error status while trying to add the watchpoint
626 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
628 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
630 if (arm7_9
->wp_available
< 1)
632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
635 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
640 arm7_9
->wp_available
--;
646 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
647 * the used watchpoint unit will be reopened.
649 * @param target Pointer to the target to remove a watchpoint from
650 * @param watchpoint Pointer to the watchpoint to be removed
651 * @return Result of trying to unset the watchpoint
653 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
655 int retval
= ERROR_OK
;
656 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
660 if ((retval
= arm7_9_unset_watchpoint(target
, watchpoint
)) != ERROR_OK
)
666 arm7_9
->wp_available
++;
672 * Restarts the target by sending a RESTART instruction and moving the JTAG
673 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
674 * asserted by the processor.
676 * @param target Pointer to target to issue commands to
677 * @return Error status if there is a timeout or a problem while executing the
680 int arm7_9_execute_sys_speed(struct target
*target
)
683 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
684 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
685 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
687 /* set RESTART instruction */
688 jtag_set_end_state(TAP_IDLE
);
689 if (arm7_9
->need_bypass_before_restart
) {
690 arm7_9
->need_bypass_before_restart
= 0;
691 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
693 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
695 long long then
= timeval_ms();
697 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
699 /* read debug status register */
700 embeddedice_read_reg(dbg_stat
);
701 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
703 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
704 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
706 if (debug_level
>= 3)
716 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"", buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
717 return ERROR_TARGET_TIMEOUT
;
724 * Restarts the target by sending a RESTART instruction and moving the JTAG
725 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
726 * waiting until they are.
728 * @param target Pointer to the target to issue commands to
729 * @return Always ERROR_OK
731 int arm7_9_execute_fast_sys_speed(struct target
*target
)
734 static uint8_t check_value
[4], check_mask
[4];
736 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
737 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
738 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
740 /* set RESTART instruction */
741 jtag_set_end_state(TAP_IDLE
);
742 if (arm7_9
->need_bypass_before_restart
) {
743 arm7_9
->need_bypass_before_restart
= 0;
744 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
746 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
750 /* check for DBGACK and SYSCOMP set (others don't care) */
752 /* NB! These are constants that must be available until after next jtag_execute() and
753 * we evaluate the values upon first execution in lieu of setting up these constants
754 * during early setup.
756 buf_set_u32(check_value
, 0, 32, 0x9);
757 buf_set_u32(check_mask
, 0, 32, 0x9);
761 /* read debug status register */
762 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
768 * Get some data from the ARM7/9 target.
770 * @param target Pointer to the ARM7/9 target to read data from
771 * @param size The number of 32bit words to be read
772 * @param buffer Pointer to the buffer that will hold the data
773 * @return The result of receiving data from the Embedded ICE unit
775 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
777 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
778 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
780 int retval
= ERROR_OK
;
783 data
= malloc(size
* (sizeof(uint32_t)));
785 retval
= embeddedice_receive(jtag_info
, data
, size
);
787 /* return the 32-bit ints in the 8-bit array */
788 for (i
= 0; i
< size
; i
++)
790 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
799 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
800 * target is running and the DCC control register has the W bit high, this will
801 * execute the request on the target.
803 * @param priv Void pointer expected to be a struct target pointer
804 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
805 * from the Embedded ICE unit
807 int arm7_9_handle_target_request(void *priv
)
809 int retval
= ERROR_OK
;
810 struct target
*target
= priv
;
811 if (!target_was_examined(target
))
813 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
814 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
815 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
817 if (!target
->dbg_msg_enabled
)
820 if (target
->state
== TARGET_RUNNING
)
822 /* read DCC control register */
823 embeddedice_read_reg(dcc_control
);
824 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
830 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1)
834 if ((retval
= embeddedice_receive(jtag_info
, &request
, 1)) != ERROR_OK
)
838 if ((retval
= target_request(target
, request
)) != ERROR_OK
)
849 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
850 * is manipulated to the right halted state based on its current state. This is
854 * <tr><th > State</th><th > Action</th></tr>
855 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
856 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
857 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
858 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
861 * If the target does not end up in the halted state, a warning is produced. If
862 * DBGACK is cleared, then the target is expected to either be running or
865 * @param target Pointer to the ARM7/9 target to poll
866 * @return ERROR_OK or an error status if a command fails
868 int arm7_9_poll(struct target
*target
)
871 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
872 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
874 /* read debug status register */
875 embeddedice_read_reg(dbg_stat
);
876 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
881 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
883 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
884 if (target
->state
== TARGET_UNKNOWN
)
886 /* Starting OpenOCD with target in debug-halt */
887 target
->state
= TARGET_RUNNING
;
888 LOG_DEBUG("DBGACK already set during server startup.");
890 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
))
893 if (target
->state
== TARGET_RESET
)
895 if (target
->reset_halt
)
897 enum reset_types jtag_reset_config
= jtag_get_reset_config();
898 if ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
905 target
->state
= TARGET_HALTED
;
907 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
912 struct reg
*reg
= register_get_by_name(target
->reg_cache
, "pc", 1);
913 uint32_t t
=*((uint32_t *)reg
->value
);
916 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
920 if (arm_semihosting(target
, &retval
) != 0)
923 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
928 if (target
->state
== TARGET_DEBUG_RUNNING
)
930 target
->state
= TARGET_HALTED
;
931 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
934 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
)) != ERROR_OK
)
939 if (target
->state
!= TARGET_HALTED
)
941 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target
->state
);
946 if (target
->state
!= TARGET_DEBUG_RUNNING
)
947 target
->state
= TARGET_RUNNING
;
954 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
955 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
956 * affected) completely stop the JTAG clock while the core is held in reset
957 * (SRST). It isn't possible to program the halt condition once reset is
958 * asserted, hence a hook that allows the target to set up its reset-halt
959 * condition is setup prior to asserting reset.
961 * @param target Pointer to an ARM7/9 target to assert reset on
962 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
964 int arm7_9_assert_reset(struct target
*target
)
966 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
968 LOG_DEBUG("target->state: %s",
969 target_state_name(target
));
971 enum reset_types jtag_reset_config
= jtag_get_reset_config();
972 if (!(jtag_reset_config
& RESET_HAS_SRST
))
974 LOG_ERROR("Can't assert SRST");
978 /* At this point trst has been asserted/deasserted once. We would
979 * like to program EmbeddedICE while SRST is asserted, instead of
980 * depending on SRST to leave that module alone. However, many CPUs
981 * gate the JTAG clock while SRST is asserted; or JTAG may need
982 * clock stability guarantees (adaptive clocking might help).
984 * So we assume JTAG access during SRST is off the menu unless it's
985 * been specifically enabled.
987 bool srst_asserted
= false;
989 if (((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
990 && (jtag_reset_config
& RESET_SRST_NO_GATING
))
992 jtag_add_reset(0, 1);
993 srst_asserted
= true;
996 if (target
->reset_halt
)
999 * Some targets do not support communication while SRST is asserted. We need to
1000 * set up the reset vector catch here.
1002 * If TRST is asserted, then these settings will be reset anyway, so setting them
1005 if (arm7_9
->has_vector_catch
)
1007 /* program vector catch register to catch reset vector */
1008 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
1010 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1011 jtag_add_runtest(1, jtag_get_end_state());
1015 /* program watchpoint unit to match on reset vector address */
1016 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
1017 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
1018 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1019 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1020 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1024 /* here we should issue an SRST only, but we may have to assert TRST as well */
1025 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
1027 jtag_add_reset(1, 1);
1028 } else if (!srst_asserted
)
1030 jtag_add_reset(0, 1);
1033 target
->state
= TARGET_RESET
;
1034 jtag_add_sleep(50000);
1036 register_cache_invalidate(arm7_9
->armv4_5_common
.core_cache
);
1038 if ((target
->reset_halt
) && ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0))
1040 /* debug entry was already prepared in arm7_9_assert_reset() */
1041 target
->debug_reason
= DBG_REASON_DBGRQ
;
1048 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1049 * and the target is being reset into a halt, a warning will be triggered
1050 * because it is not possible to reset into a halted mode in this case. The
1051 * target is halted using the target's functions.
1053 * @param target Pointer to the target to have the reset deasserted
1054 * @return ERROR_OK or an error from polling or halting the target
1056 int arm7_9_deassert_reset(struct target
*target
)
1058 int retval
= ERROR_OK
;
1059 LOG_DEBUG("target->state: %s",
1060 target_state_name(target
));
1062 /* deassert reset lines */
1063 jtag_add_reset(0, 0);
1065 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1066 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0)
1068 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1069 /* set up embedded ice registers again */
1070 if ((retval
= target_examine_one(target
)) != ERROR_OK
)
1073 if ((retval
= target_poll(target
)) != ERROR_OK
)
1078 if ((retval
= target_halt(target
)) != ERROR_OK
)
1088 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1089 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1090 * vector catch was used, it is restored. Otherwise, the control value is
1091 * restored and the watchpoint unit is restored if it was in use.
1093 * @param target Pointer to the ARM7/9 target to have halt cleared
1094 * @return Always ERROR_OK
1096 int arm7_9_clear_halt(struct target
*target
)
1098 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1099 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1101 /* we used DBGRQ only if we didn't come out of reset */
1102 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
)
1104 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1106 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1107 embeddedice_store_reg(dbg_ctrl
);
1111 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
)
1113 /* if we came out of reset, and vector catch is supported, we used
1114 * vector catch to enter debug state
1115 * restore the register in that case
1117 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1121 /* restore registers if watchpoint unit 0 was in use
1123 if (arm7_9
->wp0_used
)
1125 if (arm7_9
->debug_entry_from_reset
)
1127 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
]);
1129 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1130 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1131 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1133 /* control value always has to be restored, as it was either disabled,
1134 * or enabled with possibly different bits
1136 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1144 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1145 * and then there is a wait until the processor shows the halt. This wait can
1146 * timeout and results in an error being returned. The software reset involves
1147 * clearing the halt, updating the debug control register, changing to ARM mode,
1148 * reset of the program counter, and reset of all of the registers.
1150 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1151 * @return Error status if any of the commands fail, otherwise ERROR_OK
1153 int arm7_9_soft_reset_halt(struct target
*target
)
1155 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1156 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1157 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1158 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1162 /* FIX!!! replace some of this code with tcl commands
1164 * halt # the halt command is synchronous
1165 * armv4_5 core_state arm
1169 if ((retval
= target_halt(target
)) != ERROR_OK
)
1172 long long then
= timeval_ms();
1174 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
1176 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1178 embeddedice_read_reg(dbg_stat
);
1179 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1181 if (debug_level
>= 3)
1191 LOG_ERROR("Failed to halt CPU after 1 sec");
1192 return ERROR_TARGET_TIMEOUT
;
1194 target
->state
= TARGET_HALTED
;
1196 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1197 * ensure that DBGRQ is cleared
1199 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1200 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1201 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1202 embeddedice_store_reg(dbg_ctrl
);
1204 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1209 /* if the target is in Thumb state, change to ARM state */
1210 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1212 uint32_t r0_thumb
, pc_thumb
;
1213 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1214 /* Entered debug from Thumb mode */
1215 armv4_5
->core_state
= ARM_STATE_THUMB
;
1216 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1219 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1221 /* all register content is now invalid */
1222 register_cache_invalidate(armv4_5
->core_cache
);
1224 /* SVC, ARM state, IRQ and FIQ disabled */
1227 cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 32);
1230 arm_set_cpsr(armv4_5
, cpsr
);
1231 armv4_5
->cpsr
->dirty
= 1;
1233 /* start fetching from 0x0 */
1234 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, 0x0);
1235 armv4_5
->core_cache
->reg_list
[15].dirty
= 1;
1236 armv4_5
->core_cache
->reg_list
[15].valid
= 1;
1238 /* reset registers */
1239 for (i
= 0; i
<= 14; i
++)
1241 struct reg
*r
= arm_reg_current(armv4_5
, i
);
1243 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1248 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
1257 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1258 * line or by programming a watchpoint to trigger on any address. It is
1259 * considered a bug to call this function while the target is in the
1260 * TARGET_RESET state.
1262 * @param target Pointer to the ARM7/9 target to be halted
1263 * @return Always ERROR_OK
1265 int arm7_9_halt(struct target
*target
)
1267 if (target
->state
== TARGET_RESET
)
1269 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1273 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1274 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1276 LOG_DEBUG("target->state: %s",
1277 target_state_name(target
));
1279 if (target
->state
== TARGET_HALTED
)
1281 LOG_DEBUG("target was already halted");
1285 if (target
->state
== TARGET_UNKNOWN
)
1287 LOG_WARNING("target was in unknown state when halt was requested");
1290 if (arm7_9
->use_dbgrq
)
1292 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1294 if (arm7_9
->set_special_dbgrq
) {
1295 arm7_9
->set_special_dbgrq(target
);
1297 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1298 embeddedice_store_reg(dbg_ctrl
);
1303 /* program watchpoint unit to match on any address
1305 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1306 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1307 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1308 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1311 target
->debug_reason
= DBG_REASON_DBGRQ
;
1317 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1318 * ARM. The JTAG queue is then executed and the reason for debug entry is
1319 * examined. Once done, the target is verified to be halted and the processor
1320 * is forced into ARM mode. The core registers are saved for the current core
1321 * mode and the program counter (register 15) is updated as needed. The core
1322 * registers and CPSR and SPSR are saved for restoration later.
1324 * @param target Pointer to target that is entering debug mode
1325 * @return Error code if anything fails, otherwise ERROR_OK
1327 static int arm7_9_debug_entry(struct target
*target
)
1330 uint32_t context
[16];
1331 uint32_t* context_p
[16];
1332 uint32_t r0_thumb
, pc_thumb
;
1333 uint32_t cpsr
, cpsr_mask
= 0;
1335 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1336 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1337 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1338 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1340 #ifdef _DEBUG_ARM7_9_
1344 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1345 * ensure that DBGRQ is cleared
1347 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1348 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1349 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1350 embeddedice_store_reg(dbg_ctrl
);
1352 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1357 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1362 if ((retval
= arm7_9
->examine_debug_reason(target
)) != ERROR_OK
)
1366 if (target
->state
!= TARGET_HALTED
)
1368 LOG_WARNING("target not halted");
1369 return ERROR_TARGET_NOT_HALTED
;
1372 /* if the target is in Thumb state, change to ARM state */
1373 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1375 LOG_DEBUG("target entered debug from Thumb state");
1376 /* Entered debug from Thumb mode */
1377 armv4_5
->core_state
= ARM_STATE_THUMB
;
1379 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1380 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1381 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1382 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1383 /* \todo Get some vaguely correct handling of Jazelle, if
1384 * anyone ever uses it and full info becomes available.
1385 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1386 * B.7.3 for the reverse. That'd be the bare minimum...
1388 LOG_DEBUG("target entered debug from Jazelle state");
1389 armv4_5
->core_state
= ARM_STATE_JAZELLE
;
1390 cpsr_mask
= 1 << 24;
1391 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1393 LOG_DEBUG("target entered debug from ARM state");
1394 /* Entered debug from ARM mode */
1395 armv4_5
->core_state
= ARM_STATE_ARM
;
1398 for (i
= 0; i
< 16; i
++)
1399 context_p
[i
] = &context
[i
];
1400 /* save core registers (r0 - r15 of current core mode) */
1401 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1403 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1405 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1408 /* Sync our CPSR copy with J or T bits EICE reported, but
1409 * which we then erased by putting the core into ARM mode.
1411 arm_set_cpsr(armv4_5
, cpsr
| cpsr_mask
);
1413 if (!is_arm_mode(armv4_5
->core_mode
))
1415 target
->state
= TARGET_UNKNOWN
;
1416 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1417 return ERROR_TARGET_FAILURE
;
1420 LOG_DEBUG("target entered debug state in %s mode",
1421 arm_mode_name(armv4_5
->core_mode
));
1423 if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1425 LOG_DEBUG("thumb state, applying fixups");
1426 context
[0] = r0_thumb
;
1427 context
[15] = pc_thumb
;
1428 } else if (armv4_5
->core_state
== ARM_STATE_ARM
)
1430 /* adjust value stored by STM */
1431 context
[15] -= 3 * 4;
1434 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1435 context
[15] -= 3 * ((armv4_5
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1437 context
[15] -= arm7_9
->dbgreq_adjust_pc
* ((armv4_5
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1439 for (i
= 0; i
<= 15; i
++)
1441 struct reg
*r
= arm_reg_current(armv4_5
, i
);
1443 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1445 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1446 /* r0 and r15 (pc) have to be restored later */
1447 r
->dirty
= (i
== 0) || (i
== 15);
1451 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1453 /* exceptions other than USR & SYS have a saved program status register */
1454 if (armv4_5
->spsr
) {
1456 arm7_9
->read_xpsr(target
, &spsr
, 1);
1457 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1461 buf_set_u32(armv4_5
->spsr
->value
, 0, 32, spsr
);
1462 armv4_5
->spsr
->dirty
= 0;
1463 armv4_5
->spsr
->valid
= 1;
1466 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1469 if (arm7_9
->post_debug_entry
)
1470 arm7_9
->post_debug_entry(target
);
1476 * Validate the full context for an ARM7/9 target in all processor modes. If
1477 * there are any invalid registers for the target, they will all be read. This
1480 * @param target Pointer to the ARM7/9 target to capture the full context from
1481 * @return Error if the target is not halted, has an invalid core mode, or if
1482 * the JTAG queue fails to execute
1484 int arm7_9_full_context(struct target
*target
)
1488 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1489 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1493 if (target
->state
!= TARGET_HALTED
)
1495 LOG_WARNING("target not halted");
1496 return ERROR_TARGET_NOT_HALTED
;
1499 if (!is_arm_mode(armv4_5
->core_mode
))
1502 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1503 * SYS shares registers with User, so we don't touch SYS
1505 for (i
= 0; i
< 6; i
++)
1508 uint32_t* reg_p
[16];
1512 /* check if there are invalid registers in the current mode
1514 for (j
= 0; j
<= 16; j
++)
1516 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1524 /* change processor mode (and mask T bit) */
1525 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
1527 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1529 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1531 for (j
= 0; j
< 15; j
++)
1533 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1535 reg_p
[j
] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).value
;
1537 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
= 1;
1538 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).dirty
= 0;
1542 /* if only the PSR is invalid, mask is all zeroes */
1544 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1546 /* check if the PSR has to be read */
1547 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
== 0)
1549 arm7_9
->read_xpsr(target
, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).value
, 1);
1550 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
= 1;
1551 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).dirty
= 0;
1556 /* restore processor mode (mask T bit) */
1557 arm7_9
->write_xpsr_im8(target
,
1558 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & ~0x20,
1561 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1569 * Restore the processor context on an ARM7/9 target. The full processor
1570 * context is analyzed to see if any of the registers are dirty on this end, but
1571 * have a valid new value. If this is the case, the processor is changed to the
1572 * appropriate mode and the new register values are written out to the
1573 * processor. If there happens to be a dirty register with an invalid value, an
1574 * error will be logged.
1576 * @param target Pointer to the ARM7/9 target to have its context restored
1577 * @return Error status if the target is not halted or the core mode in the
1578 * armv4_5 struct is invalid.
1580 int arm7_9_restore_context(struct target
*target
)
1582 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1583 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1585 struct arm_reg
*reg_arch_info
;
1586 enum arm_mode current_mode
= armv4_5
->core_mode
;
1593 if (target
->state
!= TARGET_HALTED
)
1595 LOG_WARNING("target not halted");
1596 return ERROR_TARGET_NOT_HALTED
;
1599 if (arm7_9
->pre_restore_context
)
1600 arm7_9
->pre_restore_context(target
);
1602 if (!is_arm_mode(armv4_5
->core_mode
))
1605 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1606 * SYS shares registers with User, so we don't touch SYS
1608 for (i
= 0; i
< 6; i
++)
1610 LOG_DEBUG("examining %s mode",
1611 arm_mode_name(armv4_5
->core_mode
));
1614 /* check if there are dirty registers in the current mode
1616 for (j
= 0; j
<= 16; j
++)
1618 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1619 reg_arch_info
= reg
->arch_info
;
1620 if (reg
->dirty
== 1)
1622 if (reg
->valid
== 1)
1625 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1626 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1627 && (reg_arch_info
->mode
!= current_mode
)
1628 && !((reg_arch_info
->mode
== ARM_MODE_USR
) && (armv4_5
->core_mode
== ARM_MODE_SYS
))
1629 && !((reg_arch_info
->mode
== ARM_MODE_SYS
) && (armv4_5
->core_mode
== ARM_MODE_USR
)))
1632 LOG_DEBUG("require mode change");
1637 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg
->name
);
1644 uint32_t mask
= 0x0;
1652 /* change processor mode (mask T bit) */
1653 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
,
1655 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1657 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1658 current_mode
= armv4_5_number_to_mode(i
);
1661 for (j
= 0; j
<= 14; j
++)
1663 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1664 reg_arch_info
= reg
->arch_info
;
1667 if (reg
->dirty
== 1)
1669 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1674 LOG_DEBUG("writing register %i mode %s "
1675 "with value 0x%8.8" PRIx32
, j
,
1676 arm_mode_name(armv4_5
->core_mode
),
1683 arm7_9
->write_core_regs(target
, mask
, regs
);
1686 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16);
1687 reg_arch_info
= reg
->arch_info
;
1688 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
))
1690 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"", i
, buf_get_u32(reg
->value
, 0, 32));
1691 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1696 if (!armv4_5
->cpsr
->dirty
&& (armv4_5
->core_mode
!= current_mode
))
1698 /* restore processor mode (mask T bit) */
1701 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
1702 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1704 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1705 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1707 else if (armv4_5
->cpsr
->dirty
)
1709 /* CPSR has been changed, full restore necessary (mask T bit) */
1710 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1711 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32));
1712 arm7_9
->write_xpsr(target
,
1713 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32)
1715 armv4_5
->cpsr
->dirty
= 0;
1716 armv4_5
->cpsr
->valid
= 1;
1720 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1721 arm7_9
->write_pc(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1722 armv4_5
->core_cache
->reg_list
[15].dirty
= 0;
1724 if (arm7_9
->post_restore_context
)
1725 arm7_9
->post_restore_context(target
);
1731 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1732 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1735 * @param target Pointer to the ARM7/9 target to be restarted
1736 * @return Result of executing the JTAG queue
1738 int arm7_9_restart_core(struct target
*target
)
1740 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1741 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1743 /* set RESTART instruction */
1744 jtag_set_end_state(TAP_IDLE
);
1745 if (arm7_9
->need_bypass_before_restart
) {
1746 arm7_9
->need_bypass_before_restart
= 0;
1747 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
1749 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
1751 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE
));
1752 return jtag_execute_queue();
1756 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1757 * iterated through and are set on the target if they aren't already set.
1759 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1761 void arm7_9_enable_watchpoints(struct target
*target
)
1763 struct watchpoint
*watchpoint
= target
->watchpoints
;
1767 if (watchpoint
->set
== 0)
1768 arm7_9_set_watchpoint(target
, watchpoint
);
1769 watchpoint
= watchpoint
->next
;
1774 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1775 * iterated through and are set on the target.
1777 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1779 void arm7_9_enable_breakpoints(struct target
*target
)
1781 struct breakpoint
*breakpoint
= target
->breakpoints
;
1783 /* set any pending breakpoints */
1786 arm7_9_set_breakpoint(target
, breakpoint
);
1787 breakpoint
= breakpoint
->next
;
1791 int arm7_9_resume(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
, int debug_execution
)
1793 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1794 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1795 struct breakpoint
*breakpoint
= target
->breakpoints
;
1796 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1797 int err
, retval
= ERROR_OK
;
1801 if (target
->state
!= TARGET_HALTED
)
1803 LOG_WARNING("target not halted");
1804 return ERROR_TARGET_NOT_HALTED
;
1807 if (!debug_execution
)
1809 target_free_all_working_areas(target
);
1812 /* current = 1: continue on current pc, otherwise continue at <address> */
1814 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
1816 uint32_t current_pc
;
1817 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1819 /* the front-end may request us not to handle breakpoints */
1820 if (handle_breakpoints
)
1822 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
1824 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32
" (id: %d)", breakpoint
->address
, breakpoint
->unique_id
);
1825 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1830 /* calculate PC of next instruction */
1832 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
1834 uint32_t current_opcode
;
1835 target_read_u32(target
, current_pc
, ¤t_opcode
);
1836 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
1840 LOG_DEBUG("enable single-step");
1841 arm7_9
->enable_single_step(target
, next_pc
);
1843 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1845 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1850 if (armv4_5
->core_state
== ARM_STATE_ARM
)
1851 arm7_9
->branch_resume(target
);
1852 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1854 arm7_9
->branch_resume_thumb(target
);
1858 LOG_ERROR("unhandled core state");
1862 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1863 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1864 err
= arm7_9_execute_sys_speed(target
);
1866 LOG_DEBUG("disable single-step");
1867 arm7_9
->disable_single_step(target
);
1869 if (err
!= ERROR_OK
)
1871 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1875 target
->state
= TARGET_UNKNOWN
;
1879 arm7_9_debug_entry(target
);
1880 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1882 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32
"", breakpoint
->address
);
1883 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1890 /* enable any pending breakpoints and watchpoints */
1891 arm7_9_enable_breakpoints(target
);
1892 arm7_9_enable_watchpoints(target
);
1894 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1899 if (armv4_5
->core_state
== ARM_STATE_ARM
)
1901 arm7_9
->branch_resume(target
);
1903 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1905 arm7_9
->branch_resume_thumb(target
);
1909 LOG_ERROR("unhandled core state");
1913 /* deassert DBGACK and INTDIS */
1914 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1915 /* INTDIS only when we really resume, not during debug execution */
1916 if (!debug_execution
)
1917 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1918 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1920 if ((retval
= arm7_9_restart_core(target
)) != ERROR_OK
)
1925 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1927 if (!debug_execution
)
1929 /* registers are now invalid */
1930 register_cache_invalidate(armv4_5
->core_cache
);
1931 target
->state
= TARGET_RUNNING
;
1932 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
1939 target
->state
= TARGET_DEBUG_RUNNING
;
1940 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
)) != ERROR_OK
)
1946 LOG_DEBUG("target resumed");
1951 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1953 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1954 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1955 uint32_t current_pc
;
1956 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1958 if (next_pc
!= current_pc
)
1960 /* setup an inverse breakpoint on the current PC
1961 * - comparator 1 matches the current address
1962 * - rangeout from comparator 1 is connected to comparator 0 rangein
1963 * - comparator 0 matches any address, as long as rangein is low */
1964 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1966 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1967 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1968 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], current_pc
);
1969 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1970 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1971 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1972 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1976 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1978 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1979 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1980 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1981 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1982 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1983 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1984 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1988 void arm7_9_disable_eice_step(struct target
*target
)
1990 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1992 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1993 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1994 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1995 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1996 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1997 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1998 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1999 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
2000 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
2003 int arm7_9_step(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
)
2005 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2006 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2007 struct breakpoint
*breakpoint
= NULL
;
2010 if (target
->state
!= TARGET_HALTED
)
2012 LOG_WARNING("target not halted");
2013 return ERROR_TARGET_NOT_HALTED
;
2016 /* current = 1: continue on current pc, otherwise continue at <address> */
2018 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
2020 uint32_t current_pc
;
2021 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
2023 /* the front-end may request us not to handle breakpoints */
2024 if (handle_breakpoints
)
2025 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
2026 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2031 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
2033 /* calculate PC of next instruction */
2035 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
2037 uint32_t current_opcode
;
2038 target_read_u32(target
, current_pc
, ¤t_opcode
);
2039 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
2043 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
2048 arm7_9
->enable_single_step(target
, next_pc
);
2050 if (armv4_5
->core_state
== ARM_STATE_ARM
)
2052 arm7_9
->branch_resume(target
);
2054 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
2056 arm7_9
->branch_resume_thumb(target
);
2060 LOG_ERROR("unhandled core state");
2064 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
2069 err
= arm7_9_execute_sys_speed(target
);
2070 arm7_9
->disable_single_step(target
);
2072 /* registers are now invalid */
2073 register_cache_invalidate(armv4_5
->core_cache
);
2075 if (err
!= ERROR_OK
)
2077 target
->state
= TARGET_UNKNOWN
;
2079 arm7_9_debug_entry(target
);
2080 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
2084 LOG_DEBUG("target stepped");
2088 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2096 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
2097 int num
, enum arm_mode mode
)
2099 uint32_t* reg_p
[16];
2102 struct arm_reg
*areg
= r
->arch_info
;
2103 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2104 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2106 if (!is_arm_mode(armv4_5
->core_mode
))
2108 if ((num
< 0) || (num
> 16))
2109 return ERROR_INVALID_ARGUMENTS
;
2111 if ((mode
!= ARM_MODE_ANY
)
2112 && (mode
!= armv4_5
->core_mode
)
2113 && (areg
->mode
!= ARM_MODE_ANY
))
2117 /* change processor mode (mask T bit) */
2118 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
2121 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2124 if ((num
>= 0) && (num
<= 15))
2126 /* read a normal core register */
2127 reg_p
[num
] = &value
;
2129 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2133 /* read a program status register
2134 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2136 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2139 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2146 buf_set_u32(r
->value
, 0, 32, value
);
2148 if ((mode
!= ARM_MODE_ANY
)
2149 && (mode
!= armv4_5
->core_mode
)
2150 && (areg
->mode
!= ARM_MODE_ANY
)) {
2151 /* restore processor mode (mask T bit) */
2152 arm7_9
->write_xpsr_im8(target
,
2153 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2160 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2161 int num
, enum arm_mode mode
, uint32_t value
)
2164 struct arm_reg
*areg
= r
->arch_info
;
2165 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2166 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2168 if (!is_arm_mode(armv4_5
->core_mode
))
2170 if ((num
< 0) || (num
> 16))
2171 return ERROR_INVALID_ARGUMENTS
;
2173 if ((mode
!= ARM_MODE_ANY
)
2174 && (mode
!= armv4_5
->core_mode
)
2175 && (areg
->mode
!= ARM_MODE_ANY
)) {
2178 /* change processor mode (mask T bit) */
2179 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
2182 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2185 if ((num
>= 0) && (num
<= 15))
2187 /* write a normal core register */
2190 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2194 /* write a program status register
2195 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2197 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2199 /* if we're writing the CPSR, mask the T bit */
2203 arm7_9
->write_xpsr(target
, value
, spsr
);
2209 if ((mode
!= ARM_MODE_ANY
)
2210 && (mode
!= armv4_5
->core_mode
)
2211 && (areg
->mode
!= ARM_MODE_ANY
)) {
2212 /* restore processor mode (mask T bit) */
2213 arm7_9
->write_xpsr_im8(target
,
2214 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2218 return jtag_execute_queue();
2221 int arm7_9_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2223 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2224 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2226 uint32_t num_accesses
= 0;
2227 int thisrun_accesses
;
2233 LOG_DEBUG("address: 0x%8.8" PRIx32
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"", address
, size
, count
);
2235 if (target
->state
!= TARGET_HALTED
)
2237 LOG_WARNING("target not halted");
2238 return ERROR_TARGET_NOT_HALTED
;
2241 /* sanitize arguments */
2242 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2243 return ERROR_INVALID_ARGUMENTS
;
2245 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2246 return ERROR_TARGET_UNALIGNED_ACCESS
;
2248 /* load the base register with the address of the first word */
2250 arm7_9
->write_core_regs(target
, 0x1, reg
);
2257 while (num_accesses
< count
)
2260 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2261 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2263 if (last_reg
<= thisrun_accesses
)
2264 last_reg
= thisrun_accesses
;
2266 arm7_9
->load_word_regs(target
, reg_list
);
2268 /* fast memory reads are only safe when the target is running
2269 * from a sufficiently high clock (32 kHz is usually too slow)
2271 if (arm7_9
->fast_memory_access
)
2272 retval
= arm7_9_execute_fast_sys_speed(target
);
2274 retval
= arm7_9_execute_sys_speed(target
);
2275 if (retval
!= ERROR_OK
)
2278 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2280 /* advance buffer, count number of accesses */
2281 buffer
+= thisrun_accesses
* 4;
2282 num_accesses
+= thisrun_accesses
;
2284 if ((j
++%1024) == 0)
2291 while (num_accesses
< count
)
2294 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2295 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2297 for (i
= 1; i
<= thisrun_accesses
; i
++)
2301 arm7_9
->load_hword_reg(target
, i
);
2302 /* fast memory reads are only safe when the target is running
2303 * from a sufficiently high clock (32 kHz is usually too slow)
2305 if (arm7_9
->fast_memory_access
)
2306 retval
= arm7_9_execute_fast_sys_speed(target
);
2308 retval
= arm7_9_execute_sys_speed(target
);
2309 if (retval
!= ERROR_OK
)
2316 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2318 /* advance buffer, count number of accesses */
2319 buffer
+= thisrun_accesses
* 2;
2320 num_accesses
+= thisrun_accesses
;
2322 if ((j
++%1024) == 0)
2329 while (num_accesses
< count
)
2332 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2333 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2335 for (i
= 1; i
<= thisrun_accesses
; i
++)
2339 arm7_9
->load_byte_reg(target
, i
);
2340 /* fast memory reads are only safe when the target is running
2341 * from a sufficiently high clock (32 kHz is usually too slow)
2343 if (arm7_9
->fast_memory_access
)
2344 retval
= arm7_9_execute_fast_sys_speed(target
);
2346 retval
= arm7_9_execute_sys_speed(target
);
2347 if (retval
!= ERROR_OK
)
2353 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2355 /* advance buffer, count number of accesses */
2356 buffer
+= thisrun_accesses
* 1;
2357 num_accesses
+= thisrun_accesses
;
2359 if ((j
++%1024) == 0)
2366 LOG_ERROR("BUG: we shouldn't get here");
2371 if (!is_arm_mode(armv4_5
->core_mode
))
2374 for (i
= 0; i
<= last_reg
; i
++) {
2375 struct reg
*r
= arm_reg_current(armv4_5
, i
);
2377 r
->dirty
= r
->valid
;
2380 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2381 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2383 LOG_ERROR("JTAG error while reading cpsr");
2384 return ERROR_TARGET_DATA_ABORT
;
2387 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (armv4_5
->core_mode
!= ARM_MODE_ABT
))
2389 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2391 arm7_9
->write_xpsr_im8(target
,
2392 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2395 return ERROR_TARGET_DATA_ABORT
;
2401 int arm7_9_write_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2403 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2404 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2405 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2408 uint32_t num_accesses
= 0;
2409 int thisrun_accesses
;
2415 #ifdef _DEBUG_ARM7_9_
2416 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2419 if (target
->state
!= TARGET_HALTED
)
2421 LOG_WARNING("target not halted");
2422 return ERROR_TARGET_NOT_HALTED
;
2425 /* sanitize arguments */
2426 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2427 return ERROR_INVALID_ARGUMENTS
;
2429 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2430 return ERROR_TARGET_UNALIGNED_ACCESS
;
2432 /* load the base register with the address of the first word */
2434 arm7_9
->write_core_regs(target
, 0x1, reg
);
2436 /* Clear DBGACK, to make sure memory fetches work as expected */
2437 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2438 embeddedice_store_reg(dbg_ctrl
);
2443 while (num_accesses
< count
)
2446 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2447 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2449 for (i
= 1; i
<= thisrun_accesses
; i
++)
2453 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2457 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2459 arm7_9
->store_word_regs(target
, reg_list
);
2461 /* fast memory writes are only safe when the target is running
2462 * from a sufficiently high clock (32 kHz is usually too slow)
2464 if (arm7_9
->fast_memory_access
)
2465 retval
= arm7_9_execute_fast_sys_speed(target
);
2467 retval
= arm7_9_execute_sys_speed(target
);
2468 if (retval
!= ERROR_OK
)
2473 num_accesses
+= thisrun_accesses
;
2477 while (num_accesses
< count
)
2480 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2481 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2483 for (i
= 1; i
<= thisrun_accesses
; i
++)
2487 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2491 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2493 for (i
= 1; i
<= thisrun_accesses
; i
++)
2495 arm7_9
->store_hword_reg(target
, i
);
2497 /* fast memory writes are only safe when the target is running
2498 * from a sufficiently high clock (32 kHz is usually too slow)
2500 if (arm7_9
->fast_memory_access
)
2501 retval
= arm7_9_execute_fast_sys_speed(target
);
2503 retval
= arm7_9_execute_sys_speed(target
);
2504 if (retval
!= ERROR_OK
)
2510 num_accesses
+= thisrun_accesses
;
2514 while (num_accesses
< count
)
2517 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2518 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2520 for (i
= 1; i
<= thisrun_accesses
; i
++)
2524 reg
[i
] = *buffer
++ & 0xff;
2527 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2529 for (i
= 1; i
<= thisrun_accesses
; i
++)
2531 arm7_9
->store_byte_reg(target
, i
);
2532 /* fast memory writes are only safe when the target is running
2533 * from a sufficiently high clock (32 kHz is usually too slow)
2535 if (arm7_9
->fast_memory_access
)
2536 retval
= arm7_9_execute_fast_sys_speed(target
);
2538 retval
= arm7_9_execute_sys_speed(target
);
2539 if (retval
!= ERROR_OK
)
2546 num_accesses
+= thisrun_accesses
;
2550 LOG_ERROR("BUG: we shouldn't get here");
2556 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2557 embeddedice_store_reg(dbg_ctrl
);
2559 if (!is_arm_mode(armv4_5
->core_mode
))
2562 for (i
= 0; i
<= last_reg
; i
++) {
2563 struct reg
*r
= arm_reg_current(armv4_5
, i
);
2565 r
->dirty
= r
->valid
;
2568 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2569 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2571 LOG_ERROR("JTAG error while reading cpsr");
2572 return ERROR_TARGET_DATA_ABORT
;
2575 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (armv4_5
->core_mode
!= ARM_MODE_ABT
))
2577 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2579 arm7_9
->write_xpsr_im8(target
,
2580 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2583 return ERROR_TARGET_DATA_ABORT
;
2589 static int dcc_count
;
2590 static uint8_t *dcc_buffer
;
2592 static int arm7_9_dcc_completion(struct target
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
)
2594 int retval
= ERROR_OK
;
2595 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2597 if ((retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500)) != ERROR_OK
)
2600 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2601 int count
= dcc_count
;
2602 uint8_t *buffer
= dcc_buffer
;
2605 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2606 * core function repeated. */
2607 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2610 struct embeddedice_reg
*ice_reg
= arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2611 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2612 struct jtag_tap
*tap
;
2613 tap
= ice_reg
->jtag_info
->tap
;
2615 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2616 buffer
+= (count
-2)*4;
2618 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2622 for (i
= 0; i
< count
; i
++)
2624 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2629 if ((retval
= target_halt(target
))!= ERROR_OK
)
2633 return target_wait_state(target
, TARGET_HALTED
, 500);
2636 static const uint32_t dcc_code
[] =
2638 /* r0 == input, points to memory buffer
2642 /* spin until DCC control (c0) reports data arrived */
2643 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2644 0xe3110001, /* tst r1, #1 */
2645 0x0afffffc, /* bne w */
2647 /* read word from DCC (c1), write to memory */
2648 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2649 0xe4801004, /* str r1, [r0], #4 */
2652 0xeafffff9 /* b w */
2655 extern int armv4_5_run_algorithm_inner(struct target
*target
,
2656 int num_mem_params
, struct mem_param
*mem_params
,
2657 int num_reg_params
, struct reg_param
*reg_params
,
2658 uint32_t entry_point
, uint32_t exit_point
,
2659 int timeout_ms
, void *arch_info
,
2660 int (*run_it
)(struct target
*target
, uint32_t exit_point
,
2661 int timeout_ms
, void *arch_info
));
2663 int arm7_9_bulk_write_memory(struct target
*target
, uint32_t address
, uint32_t count
, uint8_t *buffer
)
2666 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2669 if (!arm7_9
->dcc_downloads
)
2670 return target_write_memory(target
, address
, 4, count
, buffer
);
2672 /* regrab previously allocated working_area, or allocate a new one */
2673 if (!arm7_9
->dcc_working_area
)
2675 uint8_t dcc_code_buf
[6 * 4];
2677 /* make sure we have a working area */
2678 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
)
2680 LOG_INFO("no working area available, falling back to memory writes");
2681 return target_write_memory(target
, address
, 4, count
, buffer
);
2684 /* copy target instructions to target endianness */
2685 for (i
= 0; i
< 6; i
++)
2687 target_buffer_set_u32(target
, dcc_code_buf
+ i
*4, dcc_code
[i
]);
2690 /* write DCC code to working area */
2691 if ((retval
= target_write_memory(target
, arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
)) != ERROR_OK
)
2697 struct arm_algorithm armv4_5_info
;
2698 struct reg_param reg_params
[1];
2700 armv4_5_info
.common_magic
= ARM_COMMON_MAGIC
;
2701 armv4_5_info
.core_mode
= ARM_MODE_SVC
;
2702 armv4_5_info
.core_state
= ARM_STATE_ARM
;
2704 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2706 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2709 dcc_buffer
= buffer
;
2710 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2711 arm7_9
->dcc_working_area
->address
,
2712 arm7_9
->dcc_working_area
->address
+ 6*4,
2713 20*1000, &armv4_5_info
, arm7_9_dcc_completion
);
2715 if (retval
== ERROR_OK
)
2717 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2718 if (endaddress
!= (address
+ count
*4))
2720 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32
" got 0x%0" PRIx32
"", (address
+ count
*4), endaddress
);
2721 retval
= ERROR_FAIL
;
2725 destroy_reg_param(®_params
[0]);
2731 * Perform per-target setup that requires JTAG access.
2733 int arm7_9_examine(struct target
*target
)
2735 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2738 if (!target_was_examined(target
)) {
2739 struct reg_cache
*t
, **cache_p
;
2741 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2745 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2747 arm7_9
->eice_cache
= (*cache_p
);
2749 if (arm7_9
->armv4_5_common
.etm
)
2750 (*cache_p
)->next
= etm_build_reg_cache(target
,
2752 arm7_9
->armv4_5_common
.etm
);
2754 target_set_examined(target
);
2757 retval
= embeddedice_setup(target
);
2758 if (retval
== ERROR_OK
)
2759 retval
= arm7_9_setup(target
);
2760 if (retval
== ERROR_OK
&& arm7_9
->armv4_5_common
.etm
)
2761 retval
= etm_setup(target
);
2765 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2767 struct target
*target
= get_current_target(CMD_CTX
);
2768 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2770 if (!is_arm7_9(arm7_9
))
2772 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2773 return ERROR_TARGET_INVALID
;
2777 COMMAND_PARSE_ENABLE(CMD_ARGV
[0],arm7_9
->use_dbgrq
);
2779 command_print(CMD_CTX
, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2784 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2786 struct target
*target
= get_current_target(CMD_CTX
);
2787 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2789 if (!is_arm7_9(arm7_9
))
2791 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2792 return ERROR_TARGET_INVALID
;
2796 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2798 command_print(CMD_CTX
, "fast memory access is %s", (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2803 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2805 struct target
*target
= get_current_target(CMD_CTX
);
2806 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2808 if (!is_arm7_9(arm7_9
))
2810 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2811 return ERROR_TARGET_INVALID
;
2815 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2817 command_print(CMD_CTX
, "dcc downloads are %s", (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2822 COMMAND_HANDLER(handle_arm7_9_semihosting_command
)
2824 struct target
*target
= get_current_target(CMD_CTX
);
2825 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2827 if (!is_arm7_9(arm7_9
))
2829 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2830 return ERROR_TARGET_INVALID
;
2837 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], semihosting
);
2839 if (arm7_9
->has_vector_catch
) {
2840 struct reg
*vector_catch
= &arm7_9
->eice_cache
2841 ->reg_list
[EICE_VEC_CATCH
];
2843 if (!vector_catch
->valid
)
2844 embeddedice_read_reg(vector_catch
);
2845 buf_set_u32(vector_catch
->value
, 2, 1, semihosting
);
2846 embeddedice_store_reg(vector_catch
);
2848 /* TODO: allow optional high vectors and/or BKPT_HARD */
2850 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2852 breakpoint_remove(target
, 8);
2855 /* FIXME never let that "catch" be dropped! */
2856 arm7_9
->armv4_5_common
.is_semihosting
= semihosting
;
2860 command_print(CMD_CTX
, "semihosting is %s",
2861 arm7_9
->armv4_5_common
.is_semihosting
2862 ? "enabled" : "disabled");
2867 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2869 int retval
= ERROR_OK
;
2870 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2872 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2874 if ((retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
)) != ERROR_OK
)
2877 /* caller must have allocated via calloc(), so everything's zeroed */
2879 arm7_9
->wp_available_max
= 2;
2881 arm7_9
->fast_memory_access
= false;
2882 arm7_9
->dcc_downloads
= false;
2884 armv4_5
->arch_info
= arm7_9
;
2885 armv4_5
->read_core_reg
= arm7_9_read_core_reg
;
2886 armv4_5
->write_core_reg
= arm7_9_write_core_reg
;
2887 armv4_5
->full_context
= arm7_9_full_context
;
2889 retval
= arm_init_arch_info(target
, armv4_5
);
2890 if (retval
!= ERROR_OK
)
2893 return target_register_timer_callback(arm7_9_handle_target_request
,
2897 static const struct command_registration arm7_9_any_command_handlers
[] = {
2900 .handler
= &handle_arm7_9_dbgrq_command
,
2901 .mode
= COMMAND_ANY
,
2902 .usage
= "<enable|disable>",
2903 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2904 "for target halt requests",
2907 "fast_memory_access",
2908 .handler
= &handle_arm7_9_fast_memory_access_command
,
2909 .mode
= COMMAND_ANY
,
2910 .usage
= "<enable|disable>",
2911 .help
= "use fast memory accesses instead of slower "
2912 "but potentially safer accesses",
2916 .handler
= &handle_arm7_9_dcc_downloads_command
,
2917 .mode
= COMMAND_ANY
,
2918 .usage
= "<enable | disable>",
2919 .help
= "use DCC downloads for larger memory writes",
2923 .handler
= &handle_arm7_9_semihosting_command
,
2924 .mode
= COMMAND_EXEC
,
2925 .usage
= "<enable | disable>",
2926 .help
= "activate support for semihosting operations",
2928 COMMAND_REGISTRATION_DONE
2930 const struct command_registration arm7_9_command_handlers
[] = {
2932 .chain
= arm_command_handlers
,
2935 .chain
= etm_command_handlers
,
2939 .mode
= COMMAND_ANY
,
2940 .help
= "arm7/9 specific commands",
2941 .chain
= arm7_9_any_command_handlers
,
2943 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)