Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM: use <target/arm.h> not armv4_5.h
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
36 #include "etm.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
41 #include "register.h"
42 #include "armv4_5.h"
43
44
45 /**
46 * @file
47 * Hold common code supporting the ARM7 and ARM9 core generations.
48 *
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
56 *
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
61 */
62
63 static int arm7_9_debug_entry(struct target *target);
64
65 /**
66 * Clear watchpoints for an ARM7/9 target.
67 *
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
70 */
71 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
72 {
73 LOG_DEBUG("-");
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
75 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
76 arm7_9->sw_breakpoint_count = 0;
77 arm7_9->sw_breakpoints_added = 0;
78 arm7_9->wp0_used = 0;
79 arm7_9->wp1_used = arm7_9->wp1_used_default;
80 arm7_9->wp_available = arm7_9->wp_available_max;
81
82 return jtag_execute_queue();
83 }
84
85 /**
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
88 *
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
91 */
92 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
93 {
94 if (!arm7_9->wp0_used)
95 {
96 arm7_9->wp0_used = 1;
97 breakpoint->set = 1;
98 arm7_9->wp_available--;
99 }
100 else if (!arm7_9->wp1_used)
101 {
102 arm7_9->wp1_used = 1;
103 breakpoint->set = 2;
104 arm7_9->wp_available--;
105 }
106 else
107 {
108 LOG_ERROR("BUG: no hardware comparator available");
109 }
110 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
111 breakpoint->unique_id,
112 breakpoint->address,
113 breakpoint->set );
114 }
115
116 /**
117 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
118 *
119 * @param arm7_9 Pointer to common struct for ARM7/9 targets
120 * @return Error codes if there is a problem finding a watchpoint or the result
121 * of executing the JTAG queue
122 */
123 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
124 {
125 if (arm7_9->sw_breakpoints_added)
126 {
127 return ERROR_OK;
128 }
129 if (arm7_9->wp_available < 1)
130 {
131 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
132 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
133 }
134 arm7_9->wp_available--;
135
136 /* pick a breakpoint unit */
137 if (!arm7_9->wp0_used)
138 {
139 arm7_9->sw_breakpoints_added = 1;
140 arm7_9->wp0_used = 3;
141 } else if (!arm7_9->wp1_used)
142 {
143 arm7_9->sw_breakpoints_added = 2;
144 arm7_9->wp1_used = 3;
145 }
146 else
147 {
148 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
149 return ERROR_FAIL;
150 }
151
152 if (arm7_9->sw_breakpoints_added == 1)
153 {
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
155 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
156 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
159 }
160 else if (arm7_9->sw_breakpoints_added == 2)
161 {
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
164 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
165 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
166 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
167 }
168 else
169 {
170 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
171 return ERROR_FAIL;
172 }
173 LOG_DEBUG("SW BP using hw wp: %d",
174 arm7_9->sw_breakpoints_added );
175
176 return jtag_execute_queue();
177 }
178
179 /**
180 * Setup the common pieces for an ARM7/9 target after reset or on startup.
181 *
182 * @param target Pointer to an ARM7/9 target to setup
183 * @return Result of clearing the watchpoints on the target
184 */
185 int arm7_9_setup(struct target *target)
186 {
187 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
188
189 return arm7_9_clear_watchpoints(arm7_9);
190 }
191
192 /**
193 * Set either a hardware or software breakpoint on an ARM7/9 target. The
194 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
195 * might have erased the values in Embedded ICE.
196 *
197 * @param target Pointer to the target device to set the breakpoints on
198 * @param breakpoint Pointer to the breakpoint to be set
199 * @return For hardware breakpoints, this is the result of executing the JTAG
200 * queue. For software breakpoints, this will be the status of the
201 * required memory reads and writes
202 */
203 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
204 {
205 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
206 int retval = ERROR_OK;
207
208 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
209 breakpoint->unique_id,
210 breakpoint->address,
211 breakpoint->type);
212
213 if (target->state != TARGET_HALTED)
214 {
215 LOG_WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED;
217 }
218
219 if (breakpoint->type == BKPT_HARD)
220 {
221 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
222 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
223
224 /* reassign a hw breakpoint */
225 if (breakpoint->set == 0)
226 {
227 arm7_9_assign_wp(arm7_9, breakpoint);
228 }
229
230 if (breakpoint->set == 1)
231 {
232 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
233 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
234 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
236 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
237 }
238 else if (breakpoint->set == 2)
239 {
240 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
245 }
246 else
247 {
248 LOG_ERROR("BUG: no hardware comparator available");
249 return ERROR_OK;
250 }
251
252 retval = jtag_execute_queue();
253 }
254 else if (breakpoint->type == BKPT_SOFT)
255 {
256 /* did we already set this breakpoint? */
257 if (breakpoint->set)
258 return ERROR_OK;
259
260 if (breakpoint->length == 4)
261 {
262 uint32_t verify = 0xffffffff;
263 /* keep the original instruction in target endianness */
264 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
265 {
266 return retval;
267 }
268 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
269 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
270 {
271 return retval;
272 }
273
274 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
275 {
276 return retval;
277 }
278 if (verify != arm7_9->arm_bkpt)
279 {
280 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
281 return ERROR_OK;
282 }
283 }
284 else
285 {
286 uint16_t verify = 0xffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
293 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->thumb_bkpt)
303 {
304 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308
309 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
310 return retval;
311
312 arm7_9->sw_breakpoint_count++;
313
314 breakpoint->set = 1;
315 }
316
317 return retval;
318 }
319
320 /**
321 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
322 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
323 * will be updated. Otherwise, the software breakpoint will be restored to its
324 * original instruction if it hasn't already been modified.
325 *
326 * @param target Pointer to ARM7/9 target to unset the breakpoint from
327 * @param breakpoint Pointer to breakpoint to be unset
328 * @return For hardware breakpoints, this is the result of executing the JTAG
329 * queue. For software breakpoints, this will be the status of the
330 * required memory reads and writes
331 */
332 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
333 {
334 int retval = ERROR_OK;
335 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
336
337 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
338 breakpoint->unique_id,
339 breakpoint->address );
340
341 if (!breakpoint->set)
342 {
343 LOG_WARNING("breakpoint not set");
344 return ERROR_OK;
345 }
346
347 if (breakpoint->type == BKPT_HARD)
348 {
349 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
350 breakpoint->unique_id,
351 breakpoint->set );
352 if (breakpoint->set == 1)
353 {
354 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
355 arm7_9->wp0_used = 0;
356 arm7_9->wp_available++;
357 }
358 else if (breakpoint->set == 2)
359 {
360 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
361 arm7_9->wp1_used = 0;
362 arm7_9->wp_available++;
363 }
364 retval = jtag_execute_queue();
365 breakpoint->set = 0;
366 }
367 else
368 {
369 /* restore original instruction (kept in target endianness) */
370 if (breakpoint->length == 4)
371 {
372 uint32_t current_instr;
373 /* check that user program as not modified breakpoint instruction */
374 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
375 {
376 return retval;
377 }
378 if (current_instr == arm7_9->arm_bkpt)
379 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
380 {
381 return retval;
382 }
383 }
384 else
385 {
386 uint16_t current_instr;
387 /* check that user program as not modified breakpoint instruction */
388 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
389 {
390 return retval;
391 }
392 if (current_instr == arm7_9->thumb_bkpt)
393 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
394 {
395 return retval;
396 }
397 }
398
399 if (--arm7_9->sw_breakpoint_count==0)
400 {
401 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
402 if (arm7_9->sw_breakpoints_added == 1)
403 {
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
405 }
406 else if (arm7_9->sw_breakpoints_added == 2)
407 {
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
409 }
410 }
411
412 breakpoint->set = 0;
413 }
414
415 return retval;
416 }
417
418 /**
419 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
420 * dangling breakpoints and that the desired breakpoint can be added.
421 *
422 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
423 * @param breakpoint Pointer to the breakpoint to be added
424 * @return An error status if there is a problem adding the breakpoint or the
425 * result of setting the breakpoint
426 */
427 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
428 {
429 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
430
431 if (arm7_9->breakpoint_count == 0)
432 {
433 /* make sure we don't have any dangling breakpoints. This is vital upon
434 * GDB connect/disconnect
435 */
436 arm7_9_clear_watchpoints(arm7_9);
437 }
438
439 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
440 {
441 LOG_INFO("no watchpoint unit available for hardware breakpoint");
442 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
443 }
444
445 if ((breakpoint->length != 2) && (breakpoint->length != 4))
446 {
447 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
448 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
449 }
450
451 if (breakpoint->type == BKPT_HARD)
452 {
453 arm7_9_assign_wp(arm7_9, breakpoint);
454 }
455
456 arm7_9->breakpoint_count++;
457
458 return arm7_9_set_breakpoint(target, breakpoint);
459 }
460
461 /**
462 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
463 * dangling breakpoints and updates available watchpoints if it is a hardware
464 * breakpoint.
465 *
466 * @param target Pointer to the target to have a breakpoint removed
467 * @param breakpoint Pointer to the breakpoint to be removed
468 * @return Error status if there was a problem unsetting the breakpoint or the
469 * watchpoints could not be cleared
470 */
471 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
472 {
473 int retval = ERROR_OK;
474 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
475
476 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
477 {
478 return retval;
479 }
480
481 if (breakpoint->type == BKPT_HARD)
482 arm7_9->wp_available++;
483
484 arm7_9->breakpoint_count--;
485 if (arm7_9->breakpoint_count == 0)
486 {
487 /* make sure we don't have any dangling breakpoints */
488 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
489 {
490 return retval;
491 }
492 }
493
494 return ERROR_OK;
495 }
496
497 /**
498 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
499 * considered a bug to call this function when there are no available watchpoint
500 * units.
501 *
502 * @param target Pointer to an ARM7/9 target to set a watchpoint on
503 * @param watchpoint Pointer to the watchpoint to be set
504 * @return Error status if watchpoint set fails or the result of executing the
505 * JTAG queue
506 */
507 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
508 {
509 int retval = ERROR_OK;
510 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
511 int rw_mask = 1;
512 uint32_t mask;
513
514 mask = watchpoint->length - 1;
515
516 if (target->state != TARGET_HALTED)
517 {
518 LOG_WARNING("target not halted");
519 return ERROR_TARGET_NOT_HALTED;
520 }
521
522 if (watchpoint->rw == WPT_ACCESS)
523 rw_mask = 0;
524 else
525 rw_mask = 1;
526
527 if (!arm7_9->wp0_used)
528 {
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
532 if (watchpoint->mask != 0xffffffffu)
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
536
537 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 {
539 return retval;
540 }
541 watchpoint->set = 1;
542 arm7_9->wp0_used = 2;
543 }
544 else if (!arm7_9->wp1_used)
545 {
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
549 if (watchpoint->mask != 0xffffffffu)
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
552 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
553
554 if ((retval = jtag_execute_queue()) != ERROR_OK)
555 {
556 return retval;
557 }
558 watchpoint->set = 2;
559 arm7_9->wp1_used = 2;
560 }
561 else
562 {
563 LOG_ERROR("BUG: no hardware comparator available");
564 return ERROR_OK;
565 }
566
567 return ERROR_OK;
568 }
569
570 /**
571 * Unset an existing watchpoint and clear the used watchpoint unit.
572 *
573 * @param target Pointer to the target to have the watchpoint removed
574 * @param watchpoint Pointer to the watchpoint to be removed
575 * @return Error status while trying to unset the watchpoint or the result of
576 * executing the JTAG queue
577 */
578 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
579 {
580 int retval = ERROR_OK;
581 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
582
583 if (target->state != TARGET_HALTED)
584 {
585 LOG_WARNING("target not halted");
586 return ERROR_TARGET_NOT_HALTED;
587 }
588
589 if (!watchpoint->set)
590 {
591 LOG_WARNING("breakpoint not set");
592 return ERROR_OK;
593 }
594
595 if (watchpoint->set == 1)
596 {
597 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
598 if ((retval = jtag_execute_queue()) != ERROR_OK)
599 {
600 return retval;
601 }
602 arm7_9->wp0_used = 0;
603 }
604 else if (watchpoint->set == 2)
605 {
606 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
607 if ((retval = jtag_execute_queue()) != ERROR_OK)
608 {
609 return retval;
610 }
611 arm7_9->wp1_used = 0;
612 }
613 watchpoint->set = 0;
614
615 return ERROR_OK;
616 }
617
618 /**
619 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
620 * available, an error response is returned.
621 *
622 * @param target Pointer to the ARM7/9 target to add a watchpoint to
623 * @param watchpoint Pointer to the watchpoint to be added
624 * @return Error status while trying to add the watchpoint
625 */
626 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
627 {
628 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
629
630 if (arm7_9->wp_available < 1)
631 {
632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
633 }
634
635 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
636 {
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
638 }
639
640 arm7_9->wp_available--;
641
642 return ERROR_OK;
643 }
644
645 /**
646 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
647 * the used watchpoint unit will be reopened.
648 *
649 * @param target Pointer to the target to remove a watchpoint from
650 * @param watchpoint Pointer to the watchpoint to be removed
651 * @return Result of trying to unset the watchpoint
652 */
653 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
654 {
655 int retval = ERROR_OK;
656 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
657
658 if (watchpoint->set)
659 {
660 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
661 {
662 return retval;
663 }
664 }
665
666 arm7_9->wp_available++;
667
668 return ERROR_OK;
669 }
670
671 /**
672 * Restarts the target by sending a RESTART instruction and moving the JTAG
673 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
674 * asserted by the processor.
675 *
676 * @param target Pointer to target to issue commands to
677 * @return Error status if there is a timeout or a problem while executing the
678 * JTAG queue
679 */
680 int arm7_9_execute_sys_speed(struct target *target)
681 {
682 int retval;
683 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
684 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
685 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
686
687 /* set RESTART instruction */
688 jtag_set_end_state(TAP_IDLE);
689 if (arm7_9->need_bypass_before_restart) {
690 arm7_9->need_bypass_before_restart = 0;
691 arm_jtag_set_instr(jtag_info, 0xf, NULL);
692 }
693 arm_jtag_set_instr(jtag_info, 0x4, NULL);
694
695 long long then = timeval_ms();
696 int timeout;
697 while (!(timeout = ((timeval_ms()-then) > 1000)))
698 {
699 /* read debug status register */
700 embeddedice_read_reg(dbg_stat);
701 if ((retval = jtag_execute_queue()) != ERROR_OK)
702 return retval;
703 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
704 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
705 break;
706 if (debug_level >= 3)
707 {
708 alive_sleep(100);
709 } else
710 {
711 keep_alive();
712 }
713 }
714 if (timeout)
715 {
716 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
717 return ERROR_TARGET_TIMEOUT;
718 }
719
720 return ERROR_OK;
721 }
722
723 /**
724 * Restarts the target by sending a RESTART instruction and moving the JTAG
725 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
726 * waiting until they are.
727 *
728 * @param target Pointer to the target to issue commands to
729 * @return Always ERROR_OK
730 */
731 int arm7_9_execute_fast_sys_speed(struct target *target)
732 {
733 static int set = 0;
734 static uint8_t check_value[4], check_mask[4];
735
736 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
737 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
738 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
739
740 /* set RESTART instruction */
741 jtag_set_end_state(TAP_IDLE);
742 if (arm7_9->need_bypass_before_restart) {
743 arm7_9->need_bypass_before_restart = 0;
744 arm_jtag_set_instr(jtag_info, 0xf, NULL);
745 }
746 arm_jtag_set_instr(jtag_info, 0x4, NULL);
747
748 if (!set)
749 {
750 /* check for DBGACK and SYSCOMP set (others don't care) */
751
752 /* NB! These are constants that must be available until after next jtag_execute() and
753 * we evaluate the values upon first execution in lieu of setting up these constants
754 * during early setup.
755 * */
756 buf_set_u32(check_value, 0, 32, 0x9);
757 buf_set_u32(check_mask, 0, 32, 0x9);
758 set = 1;
759 }
760
761 /* read debug status register */
762 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
763
764 return ERROR_OK;
765 }
766
767 /**
768 * Get some data from the ARM7/9 target.
769 *
770 * @param target Pointer to the ARM7/9 target to read data from
771 * @param size The number of 32bit words to be read
772 * @param buffer Pointer to the buffer that will hold the data
773 * @return The result of receiving data from the Embedded ICE unit
774 */
775 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
776 {
777 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
778 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
779 uint32_t *data;
780 int retval = ERROR_OK;
781 uint32_t i;
782
783 data = malloc(size * (sizeof(uint32_t)));
784
785 retval = embeddedice_receive(jtag_info, data, size);
786
787 /* return the 32-bit ints in the 8-bit array */
788 for (i = 0; i < size; i++)
789 {
790 h_u32_to_le(buffer + (i * 4), data[i]);
791 }
792
793 free(data);
794
795 return retval;
796 }
797
798 /**
799 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
800 * target is running and the DCC control register has the W bit high, this will
801 * execute the request on the target.
802 *
803 * @param priv Void pointer expected to be a struct target pointer
804 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
805 * from the Embedded ICE unit
806 */
807 int arm7_9_handle_target_request(void *priv)
808 {
809 int retval = ERROR_OK;
810 struct target *target = priv;
811 if (!target_was_examined(target))
812 return ERROR_OK;
813 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
814 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
815 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
816
817 if (!target->dbg_msg_enabled)
818 return ERROR_OK;
819
820 if (target->state == TARGET_RUNNING)
821 {
822 /* read DCC control register */
823 embeddedice_read_reg(dcc_control);
824 if ((retval = jtag_execute_queue()) != ERROR_OK)
825 {
826 return retval;
827 }
828
829 /* check W bit */
830 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
831 {
832 uint32_t request;
833
834 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
835 {
836 return retval;
837 }
838 if ((retval = target_request(target, request)) != ERROR_OK)
839 {
840 return retval;
841 }
842 }
843 }
844
845 return ERROR_OK;
846 }
847
848 /**
849 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
850 * is manipulated to the right halted state based on its current state. This is
851 * what happens:
852 *
853 * <table>
854 * <tr><th > State</th><th > Action</th></tr>
855 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
856 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
857 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
858 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
859 * </table>
860 *
861 * If the target does not end up in the halted state, a warning is produced. If
862 * DBGACK is cleared, then the target is expected to either be running or
863 * running in debug.
864 *
865 * @param target Pointer to the ARM7/9 target to poll
866 * @return ERROR_OK or an error status if a command fails
867 */
868 int arm7_9_poll(struct target *target)
869 {
870 int retval;
871 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
872 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
873
874 /* read debug status register */
875 embeddedice_read_reg(dbg_stat);
876 if ((retval = jtag_execute_queue()) != ERROR_OK)
877 {
878 return retval;
879 }
880
881 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
882 {
883 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
884 if (target->state == TARGET_UNKNOWN)
885 {
886 /* Starting OpenOCD with target in debug-halt */
887 target->state = TARGET_RUNNING;
888 LOG_DEBUG("DBGACK already set during server startup.");
889 }
890 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
891 {
892 int check_pc = 0;
893 if (target->state == TARGET_RESET)
894 {
895 if (target->reset_halt)
896 {
897 enum reset_types jtag_reset_config = jtag_get_reset_config();
898 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
899 {
900 check_pc = 1;
901 }
902 }
903 }
904
905 target->state = TARGET_HALTED;
906
907 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
908 return retval;
909
910 if (check_pc)
911 {
912 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
913 uint32_t t=*((uint32_t *)reg->value);
914 if (t != 0)
915 {
916 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
917 }
918 }
919
920 if (arm_semihosting(target, &retval) != 0)
921 return retval;
922
923 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
924 {
925 return retval;
926 }
927 }
928 if (target->state == TARGET_DEBUG_RUNNING)
929 {
930 target->state = TARGET_HALTED;
931 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
932 return retval;
933
934 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
935 {
936 return retval;
937 }
938 }
939 if (target->state != TARGET_HALTED)
940 {
941 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
942 }
943 }
944 else
945 {
946 if (target->state != TARGET_DEBUG_RUNNING)
947 target->state = TARGET_RUNNING;
948 }
949
950 return ERROR_OK;
951 }
952
953 /**
954 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
955 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
956 * affected) completely stop the JTAG clock while the core is held in reset
957 * (SRST). It isn't possible to program the halt condition once reset is
958 * asserted, hence a hook that allows the target to set up its reset-halt
959 * condition is setup prior to asserting reset.
960 *
961 * @param target Pointer to an ARM7/9 target to assert reset on
962 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
963 */
964 int arm7_9_assert_reset(struct target *target)
965 {
966 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
967
968 LOG_DEBUG("target->state: %s",
969 target_state_name(target));
970
971 enum reset_types jtag_reset_config = jtag_get_reset_config();
972 if (!(jtag_reset_config & RESET_HAS_SRST))
973 {
974 LOG_ERROR("Can't assert SRST");
975 return ERROR_FAIL;
976 }
977
978 /* At this point trst has been asserted/deasserted once. We would
979 * like to program EmbeddedICE while SRST is asserted, instead of
980 * depending on SRST to leave that module alone. However, many CPUs
981 * gate the JTAG clock while SRST is asserted; or JTAG may need
982 * clock stability guarantees (adaptive clocking might help).
983 *
984 * So we assume JTAG access during SRST is off the menu unless it's
985 * been specifically enabled.
986 */
987 bool srst_asserted = false;
988
989 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
990 && (jtag_reset_config & RESET_SRST_NO_GATING))
991 {
992 jtag_add_reset(0, 1);
993 srst_asserted = true;
994 }
995
996 if (target->reset_halt)
997 {
998 /*
999 * Some targets do not support communication while SRST is asserted. We need to
1000 * set up the reset vector catch here.
1001 *
1002 * If TRST is asserted, then these settings will be reset anyway, so setting them
1003 * here is harmless.
1004 */
1005 if (arm7_9->has_vector_catch)
1006 {
1007 /* program vector catch register to catch reset vector */
1008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1009
1010 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1011 jtag_add_runtest(1, jtag_get_end_state());
1012 }
1013 else
1014 {
1015 /* program watchpoint unit to match on reset vector address */
1016 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1018 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1019 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1020 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1021 }
1022 }
1023
1024 /* here we should issue an SRST only, but we may have to assert TRST as well */
1025 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1026 {
1027 jtag_add_reset(1, 1);
1028 } else if (!srst_asserted)
1029 {
1030 jtag_add_reset(0, 1);
1031 }
1032
1033 target->state = TARGET_RESET;
1034 jtag_add_sleep(50000);
1035
1036 register_cache_invalidate(arm7_9->armv4_5_common.core_cache);
1037
1038 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1039 {
1040 /* debug entry was already prepared in arm7_9_assert_reset() */
1041 target->debug_reason = DBG_REASON_DBGRQ;
1042 }
1043
1044 return ERROR_OK;
1045 }
1046
1047 /**
1048 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1049 * and the target is being reset into a halt, a warning will be triggered
1050 * because it is not possible to reset into a halted mode in this case. The
1051 * target is halted using the target's functions.
1052 *
1053 * @param target Pointer to the target to have the reset deasserted
1054 * @return ERROR_OK or an error from polling or halting the target
1055 */
1056 int arm7_9_deassert_reset(struct target *target)
1057 {
1058 int retval = ERROR_OK;
1059 LOG_DEBUG("target->state: %s",
1060 target_state_name(target));
1061
1062 /* deassert reset lines */
1063 jtag_add_reset(0, 0);
1064
1065 enum reset_types jtag_reset_config = jtag_get_reset_config();
1066 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1067 {
1068 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1069 /* set up embedded ice registers again */
1070 if ((retval = target_examine_one(target)) != ERROR_OK)
1071 return retval;
1072
1073 if ((retval = target_poll(target)) != ERROR_OK)
1074 {
1075 return retval;
1076 }
1077
1078 if ((retval = target_halt(target)) != ERROR_OK)
1079 {
1080 return retval;
1081 }
1082
1083 }
1084 return retval;
1085 }
1086
1087 /**
1088 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1089 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1090 * vector catch was used, it is restored. Otherwise, the control value is
1091 * restored and the watchpoint unit is restored if it was in use.
1092 *
1093 * @param target Pointer to the ARM7/9 target to have halt cleared
1094 * @return Always ERROR_OK
1095 */
1096 int arm7_9_clear_halt(struct target *target)
1097 {
1098 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1099 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1100
1101 /* we used DBGRQ only if we didn't come out of reset */
1102 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1103 {
1104 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1105 */
1106 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1107 embeddedice_store_reg(dbg_ctrl);
1108 }
1109 else
1110 {
1111 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1112 {
1113 /* if we came out of reset, and vector catch is supported, we used
1114 * vector catch to enter debug state
1115 * restore the register in that case
1116 */
1117 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1118 }
1119 else
1120 {
1121 /* restore registers if watchpoint unit 0 was in use
1122 */
1123 if (arm7_9->wp0_used)
1124 {
1125 if (arm7_9->debug_entry_from_reset)
1126 {
1127 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1128 }
1129 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1130 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1131 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1132 }
1133 /* control value always has to be restored, as it was either disabled,
1134 * or enabled with possibly different bits
1135 */
1136 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1137 }
1138 }
1139
1140 return ERROR_OK;
1141 }
1142
1143 /**
1144 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1145 * and then there is a wait until the processor shows the halt. This wait can
1146 * timeout and results in an error being returned. The software reset involves
1147 * clearing the halt, updating the debug control register, changing to ARM mode,
1148 * reset of the program counter, and reset of all of the registers.
1149 *
1150 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1151 * @return Error status if any of the commands fail, otherwise ERROR_OK
1152 */
1153 int arm7_9_soft_reset_halt(struct target *target)
1154 {
1155 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1156 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1157 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1158 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1159 int i;
1160 int retval;
1161
1162 /* FIX!!! replace some of this code with tcl commands
1163 *
1164 * halt # the halt command is synchronous
1165 * armv4_5 core_state arm
1166 *
1167 */
1168
1169 if ((retval = target_halt(target)) != ERROR_OK)
1170 return retval;
1171
1172 long long then = timeval_ms();
1173 int timeout;
1174 while (!(timeout = ((timeval_ms()-then) > 1000)))
1175 {
1176 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1177 break;
1178 embeddedice_read_reg(dbg_stat);
1179 if ((retval = jtag_execute_queue()) != ERROR_OK)
1180 return retval;
1181 if (debug_level >= 3)
1182 {
1183 alive_sleep(100);
1184 } else
1185 {
1186 keep_alive();
1187 }
1188 }
1189 if (timeout)
1190 {
1191 LOG_ERROR("Failed to halt CPU after 1 sec");
1192 return ERROR_TARGET_TIMEOUT;
1193 }
1194 target->state = TARGET_HALTED;
1195
1196 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1197 * ensure that DBGRQ is cleared
1198 */
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1200 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1201 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1202 embeddedice_store_reg(dbg_ctrl);
1203
1204 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1205 {
1206 return retval;
1207 }
1208
1209 /* if the target is in Thumb state, change to ARM state */
1210 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1211 {
1212 uint32_t r0_thumb, pc_thumb;
1213 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1214 /* Entered debug from Thumb mode */
1215 armv4_5->core_state = ARM_STATE_THUMB;
1216 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1217 }
1218
1219 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1220
1221 /* all register content is now invalid */
1222 register_cache_invalidate(armv4_5->core_cache);
1223
1224 /* SVC, ARM state, IRQ and FIQ disabled */
1225 uint32_t cpsr;
1226
1227 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
1228 cpsr &= ~0xff;
1229 cpsr |= 0xd3;
1230 arm_set_cpsr(armv4_5, cpsr);
1231 armv4_5->cpsr->dirty = 1;
1232
1233 /* start fetching from 0x0 */
1234 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1235 armv4_5->core_cache->reg_list[15].dirty = 1;
1236 armv4_5->core_cache->reg_list[15].valid = 1;
1237
1238 /* reset registers */
1239 for (i = 0; i <= 14; i++)
1240 {
1241 struct reg *r = arm_reg_current(armv4_5, i);
1242
1243 buf_set_u32(r->value, 0, 32, 0xffffffff);
1244 r->dirty = 1;
1245 r->valid = 1;
1246 }
1247
1248 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1249 {
1250 return retval;
1251 }
1252
1253 return ERROR_OK;
1254 }
1255
1256 /**
1257 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1258 * line or by programming a watchpoint to trigger on any address. It is
1259 * considered a bug to call this function while the target is in the
1260 * TARGET_RESET state.
1261 *
1262 * @param target Pointer to the ARM7/9 target to be halted
1263 * @return Always ERROR_OK
1264 */
1265 int arm7_9_halt(struct target *target)
1266 {
1267 if (target->state == TARGET_RESET)
1268 {
1269 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1270 return ERROR_OK;
1271 }
1272
1273 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1274 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1275
1276 LOG_DEBUG("target->state: %s",
1277 target_state_name(target));
1278
1279 if (target->state == TARGET_HALTED)
1280 {
1281 LOG_DEBUG("target was already halted");
1282 return ERROR_OK;
1283 }
1284
1285 if (target->state == TARGET_UNKNOWN)
1286 {
1287 LOG_WARNING("target was in unknown state when halt was requested");
1288 }
1289
1290 if (arm7_9->use_dbgrq)
1291 {
1292 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1293 */
1294 if (arm7_9->set_special_dbgrq) {
1295 arm7_9->set_special_dbgrq(target);
1296 } else {
1297 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1298 embeddedice_store_reg(dbg_ctrl);
1299 }
1300 }
1301 else
1302 {
1303 /* program watchpoint unit to match on any address
1304 */
1305 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1306 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1307 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1308 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1309 }
1310
1311 target->debug_reason = DBG_REASON_DBGRQ;
1312
1313 return ERROR_OK;
1314 }
1315
1316 /**
1317 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1318 * ARM. The JTAG queue is then executed and the reason for debug entry is
1319 * examined. Once done, the target is verified to be halted and the processor
1320 * is forced into ARM mode. The core registers are saved for the current core
1321 * mode and the program counter (register 15) is updated as needed. The core
1322 * registers and CPSR and SPSR are saved for restoration later.
1323 *
1324 * @param target Pointer to target that is entering debug mode
1325 * @return Error code if anything fails, otherwise ERROR_OK
1326 */
1327 static int arm7_9_debug_entry(struct target *target)
1328 {
1329 int i;
1330 uint32_t context[16];
1331 uint32_t* context_p[16];
1332 uint32_t r0_thumb, pc_thumb;
1333 uint32_t cpsr, cpsr_mask = 0;
1334 int retval;
1335 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1336 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1337 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1338 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1339
1340 #ifdef _DEBUG_ARM7_9_
1341 LOG_DEBUG("-");
1342 #endif
1343
1344 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1345 * ensure that DBGRQ is cleared
1346 */
1347 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1348 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1349 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1350 embeddedice_store_reg(dbg_ctrl);
1351
1352 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1353 {
1354 return retval;
1355 }
1356
1357 if ((retval = jtag_execute_queue()) != ERROR_OK)
1358 {
1359 return retval;
1360 }
1361
1362 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1363 return retval;
1364
1365
1366 if (target->state != TARGET_HALTED)
1367 {
1368 LOG_WARNING("target not halted");
1369 return ERROR_TARGET_NOT_HALTED;
1370 }
1371
1372 /* if the target is in Thumb state, change to ARM state */
1373 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1374 {
1375 LOG_DEBUG("target entered debug from Thumb state");
1376 /* Entered debug from Thumb mode */
1377 armv4_5->core_state = ARM_STATE_THUMB;
1378 cpsr_mask = 1 << 5;
1379 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1380 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1381 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1382 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1383 /* \todo Get some vaguely correct handling of Jazelle, if
1384 * anyone ever uses it and full info becomes available.
1385 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1386 * B.7.3 for the reverse. That'd be the bare minimum...
1387 */
1388 LOG_DEBUG("target entered debug from Jazelle state");
1389 armv4_5->core_state = ARM_STATE_JAZELLE;
1390 cpsr_mask = 1 << 24;
1391 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1392 } else {
1393 LOG_DEBUG("target entered debug from ARM state");
1394 /* Entered debug from ARM mode */
1395 armv4_5->core_state = ARM_STATE_ARM;
1396 }
1397
1398 for (i = 0; i < 16; i++)
1399 context_p[i] = &context[i];
1400 /* save core registers (r0 - r15 of current core mode) */
1401 arm7_9->read_core_regs(target, 0xffff, context_p);
1402
1403 arm7_9->read_xpsr(target, &cpsr, 0);
1404
1405 if ((retval = jtag_execute_queue()) != ERROR_OK)
1406 return retval;
1407
1408 /* Sync our CPSR copy with J or T bits EICE reported, but
1409 * which we then erased by putting the core into ARM mode.
1410 */
1411 arm_set_cpsr(armv4_5, cpsr | cpsr_mask);
1412
1413 if (!is_arm_mode(armv4_5->core_mode))
1414 {
1415 target->state = TARGET_UNKNOWN;
1416 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1417 return ERROR_TARGET_FAILURE;
1418 }
1419
1420 LOG_DEBUG("target entered debug state in %s mode",
1421 arm_mode_name(armv4_5->core_mode));
1422
1423 if (armv4_5->core_state == ARM_STATE_THUMB)
1424 {
1425 LOG_DEBUG("thumb state, applying fixups");
1426 context[0] = r0_thumb;
1427 context[15] = pc_thumb;
1428 } else if (armv4_5->core_state == ARM_STATE_ARM)
1429 {
1430 /* adjust value stored by STM */
1431 context[15] -= 3 * 4;
1432 }
1433
1434 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1435 context[15] -= 3 * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1436 else
1437 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1438
1439 for (i = 0; i <= 15; i++)
1440 {
1441 struct reg *r = arm_reg_current(armv4_5, i);
1442
1443 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1444
1445 buf_set_u32(r->value, 0, 32, context[i]);
1446 /* r0 and r15 (pc) have to be restored later */
1447 r->dirty = (i == 0) || (i == 15);
1448 r->valid = 1;
1449 }
1450
1451 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1452
1453 /* exceptions other than USR & SYS have a saved program status register */
1454 if (armv4_5->spsr) {
1455 uint32_t spsr;
1456 arm7_9->read_xpsr(target, &spsr, 1);
1457 if ((retval = jtag_execute_queue()) != ERROR_OK)
1458 {
1459 return retval;
1460 }
1461 buf_set_u32(armv4_5->spsr->value, 0, 32, spsr);
1462 armv4_5->spsr->dirty = 0;
1463 armv4_5->spsr->valid = 1;
1464 }
1465
1466 if ((retval = jtag_execute_queue()) != ERROR_OK)
1467 return retval;
1468
1469 if (arm7_9->post_debug_entry)
1470 arm7_9->post_debug_entry(target);
1471
1472 return ERROR_OK;
1473 }
1474
1475 /**
1476 * Validate the full context for an ARM7/9 target in all processor modes. If
1477 * there are any invalid registers for the target, they will all be read. This
1478 * includes the PSR.
1479 *
1480 * @param target Pointer to the ARM7/9 target to capture the full context from
1481 * @return Error if the target is not halted, has an invalid core mode, or if
1482 * the JTAG queue fails to execute
1483 */
1484 int arm7_9_full_context(struct target *target)
1485 {
1486 int i;
1487 int retval;
1488 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1489 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1490
1491 LOG_DEBUG("-");
1492
1493 if (target->state != TARGET_HALTED)
1494 {
1495 LOG_WARNING("target not halted");
1496 return ERROR_TARGET_NOT_HALTED;
1497 }
1498
1499 if (!is_arm_mode(armv4_5->core_mode))
1500 return ERROR_FAIL;
1501
1502 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1503 * SYS shares registers with User, so we don't touch SYS
1504 */
1505 for (i = 0; i < 6; i++)
1506 {
1507 uint32_t mask = 0;
1508 uint32_t* reg_p[16];
1509 int j;
1510 int valid = 1;
1511
1512 /* check if there are invalid registers in the current mode
1513 */
1514 for (j = 0; j <= 16; j++)
1515 {
1516 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1517 valid = 0;
1518 }
1519
1520 if (!valid)
1521 {
1522 uint32_t tmp_cpsr;
1523
1524 /* change processor mode (and mask T bit) */
1525 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8)
1526 & 0xe0;
1527 tmp_cpsr |= armv4_5_number_to_mode(i);
1528 tmp_cpsr &= ~0x20;
1529 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1530
1531 for (j = 0; j < 15; j++)
1532 {
1533 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1534 {
1535 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1536 mask |= 1 << j;
1537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1538 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1539 }
1540 }
1541
1542 /* if only the PSR is invalid, mask is all zeroes */
1543 if (mask)
1544 arm7_9->read_core_regs(target, mask, reg_p);
1545
1546 /* check if the PSR has to be read */
1547 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1548 {
1549 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1550 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1551 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1552 }
1553 }
1554 }
1555
1556 /* restore processor mode (mask T bit) */
1557 arm7_9->write_xpsr_im8(target,
1558 buf_get_u32(armv4_5->cpsr->value, 0, 8) & ~0x20,
1559 0, 0);
1560
1561 if ((retval = jtag_execute_queue()) != ERROR_OK)
1562 {
1563 return retval;
1564 }
1565 return ERROR_OK;
1566 }
1567
1568 /**
1569 * Restore the processor context on an ARM7/9 target. The full processor
1570 * context is analyzed to see if any of the registers are dirty on this end, but
1571 * have a valid new value. If this is the case, the processor is changed to the
1572 * appropriate mode and the new register values are written out to the
1573 * processor. If there happens to be a dirty register with an invalid value, an
1574 * error will be logged.
1575 *
1576 * @param target Pointer to the ARM7/9 target to have its context restored
1577 * @return Error status if the target is not halted or the core mode in the
1578 * armv4_5 struct is invalid.
1579 */
1580 int arm7_9_restore_context(struct target *target)
1581 {
1582 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1583 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1584 struct reg *reg;
1585 struct arm_reg *reg_arch_info;
1586 enum arm_mode current_mode = armv4_5->core_mode;
1587 int i, j;
1588 int dirty;
1589 int mode_change;
1590
1591 LOG_DEBUG("-");
1592
1593 if (target->state != TARGET_HALTED)
1594 {
1595 LOG_WARNING("target not halted");
1596 return ERROR_TARGET_NOT_HALTED;
1597 }
1598
1599 if (arm7_9->pre_restore_context)
1600 arm7_9->pre_restore_context(target);
1601
1602 if (!is_arm_mode(armv4_5->core_mode))
1603 return ERROR_FAIL;
1604
1605 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1606 * SYS shares registers with User, so we don't touch SYS
1607 */
1608 for (i = 0; i < 6; i++)
1609 {
1610 LOG_DEBUG("examining %s mode",
1611 arm_mode_name(armv4_5->core_mode));
1612 dirty = 0;
1613 mode_change = 0;
1614 /* check if there are dirty registers in the current mode
1615 */
1616 for (j = 0; j <= 16; j++)
1617 {
1618 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1619 reg_arch_info = reg->arch_info;
1620 if (reg->dirty == 1)
1621 {
1622 if (reg->valid == 1)
1623 {
1624 dirty = 1;
1625 LOG_DEBUG("examining dirty reg: %s", reg->name);
1626 if ((reg_arch_info->mode != ARM_MODE_ANY)
1627 && (reg_arch_info->mode != current_mode)
1628 && !((reg_arch_info->mode == ARM_MODE_USR) && (armv4_5->core_mode == ARM_MODE_SYS))
1629 && !((reg_arch_info->mode == ARM_MODE_SYS) && (armv4_5->core_mode == ARM_MODE_USR)))
1630 {
1631 mode_change = 1;
1632 LOG_DEBUG("require mode change");
1633 }
1634 }
1635 else
1636 {
1637 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1638 }
1639 }
1640 }
1641
1642 if (dirty)
1643 {
1644 uint32_t mask = 0x0;
1645 int num_regs = 0;
1646 uint32_t regs[16];
1647
1648 if (mode_change)
1649 {
1650 uint32_t tmp_cpsr;
1651
1652 /* change processor mode (mask T bit) */
1653 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value,
1654 0, 8) & 0xe0;
1655 tmp_cpsr |= armv4_5_number_to_mode(i);
1656 tmp_cpsr &= ~0x20;
1657 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1658 current_mode = armv4_5_number_to_mode(i);
1659 }
1660
1661 for (j = 0; j <= 14; j++)
1662 {
1663 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1664 reg_arch_info = reg->arch_info;
1665
1666
1667 if (reg->dirty == 1)
1668 {
1669 regs[j] = buf_get_u32(reg->value, 0, 32);
1670 mask |= 1 << j;
1671 num_regs++;
1672 reg->dirty = 0;
1673 reg->valid = 1;
1674 LOG_DEBUG("writing register %i mode %s "
1675 "with value 0x%8.8" PRIx32, j,
1676 arm_mode_name(armv4_5->core_mode),
1677 regs[j]);
1678 }
1679 }
1680
1681 if (mask)
1682 {
1683 arm7_9->write_core_regs(target, mask, regs);
1684 }
1685
1686 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1687 reg_arch_info = reg->arch_info;
1688 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY))
1689 {
1690 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1691 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1692 }
1693 }
1694 }
1695
1696 if (!armv4_5->cpsr->dirty && (armv4_5->core_mode != current_mode))
1697 {
1698 /* restore processor mode (mask T bit) */
1699 uint32_t tmp_cpsr;
1700
1701 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
1702 tmp_cpsr |= armv4_5_number_to_mode(i);
1703 tmp_cpsr &= ~0x20;
1704 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1705 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1706 }
1707 else if (armv4_5->cpsr->dirty)
1708 {
1709 /* CPSR has been changed, full restore necessary (mask T bit) */
1710 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1711 buf_get_u32(armv4_5->cpsr->value, 0, 32));
1712 arm7_9->write_xpsr(target,
1713 buf_get_u32(armv4_5->cpsr->value, 0, 32)
1714 & ~0x20, 0);
1715 armv4_5->cpsr->dirty = 0;
1716 armv4_5->cpsr->valid = 1;
1717 }
1718
1719 /* restore PC */
1720 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1721 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1722 armv4_5->core_cache->reg_list[15].dirty = 0;
1723
1724 if (arm7_9->post_restore_context)
1725 arm7_9->post_restore_context(target);
1726
1727 return ERROR_OK;
1728 }
1729
1730 /**
1731 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1732 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1733 * restart.
1734 *
1735 * @param target Pointer to the ARM7/9 target to be restarted
1736 * @return Result of executing the JTAG queue
1737 */
1738 int arm7_9_restart_core(struct target *target)
1739 {
1740 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1741 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1742
1743 /* set RESTART instruction */
1744 jtag_set_end_state(TAP_IDLE);
1745 if (arm7_9->need_bypass_before_restart) {
1746 arm7_9->need_bypass_before_restart = 0;
1747 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1748 }
1749 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1750
1751 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1752 return jtag_execute_queue();
1753 }
1754
1755 /**
1756 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1757 * iterated through and are set on the target if they aren't already set.
1758 *
1759 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1760 */
1761 void arm7_9_enable_watchpoints(struct target *target)
1762 {
1763 struct watchpoint *watchpoint = target->watchpoints;
1764
1765 while (watchpoint)
1766 {
1767 if (watchpoint->set == 0)
1768 arm7_9_set_watchpoint(target, watchpoint);
1769 watchpoint = watchpoint->next;
1770 }
1771 }
1772
1773 /**
1774 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1775 * iterated through and are set on the target.
1776 *
1777 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1778 */
1779 void arm7_9_enable_breakpoints(struct target *target)
1780 {
1781 struct breakpoint *breakpoint = target->breakpoints;
1782
1783 /* set any pending breakpoints */
1784 while (breakpoint)
1785 {
1786 arm7_9_set_breakpoint(target, breakpoint);
1787 breakpoint = breakpoint->next;
1788 }
1789 }
1790
1791 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1792 {
1793 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1794 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1795 struct breakpoint *breakpoint = target->breakpoints;
1796 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1797 int err, retval = ERROR_OK;
1798
1799 LOG_DEBUG("-");
1800
1801 if (target->state != TARGET_HALTED)
1802 {
1803 LOG_WARNING("target not halted");
1804 return ERROR_TARGET_NOT_HALTED;
1805 }
1806
1807 if (!debug_execution)
1808 {
1809 target_free_all_working_areas(target);
1810 }
1811
1812 /* current = 1: continue on current pc, otherwise continue at <address> */
1813 if (!current)
1814 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1815
1816 uint32_t current_pc;
1817 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1818
1819 /* the front-end may request us not to handle breakpoints */
1820 if (handle_breakpoints)
1821 {
1822 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1823 {
1824 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1825 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1826 {
1827 return retval;
1828 }
1829
1830 /* calculate PC of next instruction */
1831 uint32_t next_pc;
1832 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1833 {
1834 uint32_t current_opcode;
1835 target_read_u32(target, current_pc, &current_opcode);
1836 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1837 return retval;
1838 }
1839
1840 LOG_DEBUG("enable single-step");
1841 arm7_9->enable_single_step(target, next_pc);
1842
1843 target->debug_reason = DBG_REASON_SINGLESTEP;
1844
1845 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1846 {
1847 return retval;
1848 }
1849
1850 if (armv4_5->core_state == ARM_STATE_ARM)
1851 arm7_9->branch_resume(target);
1852 else if (armv4_5->core_state == ARM_STATE_THUMB)
1853 {
1854 arm7_9->branch_resume_thumb(target);
1855 }
1856 else
1857 {
1858 LOG_ERROR("unhandled core state");
1859 return ERROR_FAIL;
1860 }
1861
1862 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1863 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1864 err = arm7_9_execute_sys_speed(target);
1865
1866 LOG_DEBUG("disable single-step");
1867 arm7_9->disable_single_step(target);
1868
1869 if (err != ERROR_OK)
1870 {
1871 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875 target->state = TARGET_UNKNOWN;
1876 return err;
1877 }
1878
1879 arm7_9_debug_entry(target);
1880 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1881
1882 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1883 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1884 {
1885 return retval;
1886 }
1887 }
1888 }
1889
1890 /* enable any pending breakpoints and watchpoints */
1891 arm7_9_enable_breakpoints(target);
1892 arm7_9_enable_watchpoints(target);
1893
1894 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1895 {
1896 return retval;
1897 }
1898
1899 if (armv4_5->core_state == ARM_STATE_ARM)
1900 {
1901 arm7_9->branch_resume(target);
1902 }
1903 else if (armv4_5->core_state == ARM_STATE_THUMB)
1904 {
1905 arm7_9->branch_resume_thumb(target);
1906 }
1907 else
1908 {
1909 LOG_ERROR("unhandled core state");
1910 return ERROR_FAIL;
1911 }
1912
1913 /* deassert DBGACK and INTDIS */
1914 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1915 /* INTDIS only when we really resume, not during debug execution */
1916 if (!debug_execution)
1917 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1918 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1919
1920 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1921 {
1922 return retval;
1923 }
1924
1925 target->debug_reason = DBG_REASON_NOTHALTED;
1926
1927 if (!debug_execution)
1928 {
1929 /* registers are now invalid */
1930 register_cache_invalidate(armv4_5->core_cache);
1931 target->state = TARGET_RUNNING;
1932 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1933 {
1934 return retval;
1935 }
1936 }
1937 else
1938 {
1939 target->state = TARGET_DEBUG_RUNNING;
1940 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1941 {
1942 return retval;
1943 }
1944 }
1945
1946 LOG_DEBUG("target resumed");
1947
1948 return ERROR_OK;
1949 }
1950
1951 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1952 {
1953 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1954 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1955 uint32_t current_pc;
1956 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1957
1958 if (next_pc != current_pc)
1959 {
1960 /* setup an inverse breakpoint on the current PC
1961 * - comparator 1 matches the current address
1962 * - rangeout from comparator 1 is connected to comparator 0 rangein
1963 * - comparator 0 matches any address, as long as rangein is low */
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1973 }
1974 else
1975 {
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1985 }
1986 }
1987
1988 void arm7_9_disable_eice_step(struct target *target)
1989 {
1990 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1991
1992 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1993 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1996 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1997 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2000 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2001 }
2002
2003 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
2004 {
2005 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2006 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2007 struct breakpoint *breakpoint = NULL;
2008 int err, retval;
2009
2010 if (target->state != TARGET_HALTED)
2011 {
2012 LOG_WARNING("target not halted");
2013 return ERROR_TARGET_NOT_HALTED;
2014 }
2015
2016 /* current = 1: continue on current pc, otherwise continue at <address> */
2017 if (!current)
2018 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2019
2020 uint32_t current_pc;
2021 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2022
2023 /* the front-end may request us not to handle breakpoints */
2024 if (handle_breakpoints)
2025 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2026 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2027 {
2028 return retval;
2029 }
2030
2031 target->debug_reason = DBG_REASON_SINGLESTEP;
2032
2033 /* calculate PC of next instruction */
2034 uint32_t next_pc;
2035 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2036 {
2037 uint32_t current_opcode;
2038 target_read_u32(target, current_pc, &current_opcode);
2039 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2040 return retval;
2041 }
2042
2043 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2044 {
2045 return retval;
2046 }
2047
2048 arm7_9->enable_single_step(target, next_pc);
2049
2050 if (armv4_5->core_state == ARM_STATE_ARM)
2051 {
2052 arm7_9->branch_resume(target);
2053 }
2054 else if (armv4_5->core_state == ARM_STATE_THUMB)
2055 {
2056 arm7_9->branch_resume_thumb(target);
2057 }
2058 else
2059 {
2060 LOG_ERROR("unhandled core state");
2061 return ERROR_FAIL;
2062 }
2063
2064 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2065 {
2066 return retval;
2067 }
2068
2069 err = arm7_9_execute_sys_speed(target);
2070 arm7_9->disable_single_step(target);
2071
2072 /* registers are now invalid */
2073 register_cache_invalidate(armv4_5->core_cache);
2074
2075 if (err != ERROR_OK)
2076 {
2077 target->state = TARGET_UNKNOWN;
2078 } else {
2079 arm7_9_debug_entry(target);
2080 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2081 {
2082 return retval;
2083 }
2084 LOG_DEBUG("target stepped");
2085 }
2086
2087 if (breakpoint)
2088 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2089 {
2090 return retval;
2091 }
2092
2093 return err;
2094 }
2095
2096 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
2097 int num, enum arm_mode mode)
2098 {
2099 uint32_t* reg_p[16];
2100 uint32_t value;
2101 int retval;
2102 struct arm_reg *areg = r->arch_info;
2103 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2104 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2105
2106 if (!is_arm_mode(armv4_5->core_mode))
2107 return ERROR_FAIL;
2108 if ((num < 0) || (num > 16))
2109 return ERROR_INVALID_ARGUMENTS;
2110
2111 if ((mode != ARM_MODE_ANY)
2112 && (mode != armv4_5->core_mode)
2113 && (areg->mode != ARM_MODE_ANY))
2114 {
2115 uint32_t tmp_cpsr;
2116
2117 /* change processor mode (mask T bit) */
2118 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2119 tmp_cpsr |= mode;
2120 tmp_cpsr &= ~0x20;
2121 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2122 }
2123
2124 if ((num >= 0) && (num <= 15))
2125 {
2126 /* read a normal core register */
2127 reg_p[num] = &value;
2128
2129 arm7_9->read_core_regs(target, 1 << num, reg_p);
2130 }
2131 else
2132 {
2133 /* read a program status register
2134 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2135 */
2136 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2137 }
2138
2139 if ((retval = jtag_execute_queue()) != ERROR_OK)
2140 {
2141 return retval;
2142 }
2143
2144 r->valid = 1;
2145 r->dirty = 0;
2146 buf_set_u32(r->value, 0, 32, value);
2147
2148 if ((mode != ARM_MODE_ANY)
2149 && (mode != armv4_5->core_mode)
2150 && (areg->mode != ARM_MODE_ANY)) {
2151 /* restore processor mode (mask T bit) */
2152 arm7_9->write_xpsr_im8(target,
2153 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2154 & ~0x20, 0, 0);
2155 }
2156
2157 return ERROR_OK;
2158 }
2159
2160 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2161 int num, enum arm_mode mode, uint32_t value)
2162 {
2163 uint32_t reg[16];
2164 struct arm_reg *areg = r->arch_info;
2165 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2166 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2167
2168 if (!is_arm_mode(armv4_5->core_mode))
2169 return ERROR_FAIL;
2170 if ((num < 0) || (num > 16))
2171 return ERROR_INVALID_ARGUMENTS;
2172
2173 if ((mode != ARM_MODE_ANY)
2174 && (mode != armv4_5->core_mode)
2175 && (areg->mode != ARM_MODE_ANY)) {
2176 uint32_t tmp_cpsr;
2177
2178 /* change processor mode (mask T bit) */
2179 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2180 tmp_cpsr |= mode;
2181 tmp_cpsr &= ~0x20;
2182 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2183 }
2184
2185 if ((num >= 0) && (num <= 15))
2186 {
2187 /* write a normal core register */
2188 reg[num] = value;
2189
2190 arm7_9->write_core_regs(target, 1 << num, reg);
2191 }
2192 else
2193 {
2194 /* write a program status register
2195 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2196 */
2197 int spsr = (areg->mode != ARM_MODE_ANY);
2198
2199 /* if we're writing the CPSR, mask the T bit */
2200 if (!spsr)
2201 value &= ~0x20;
2202
2203 arm7_9->write_xpsr(target, value, spsr);
2204 }
2205
2206 r->valid = 1;
2207 r->dirty = 0;
2208
2209 if ((mode != ARM_MODE_ANY)
2210 && (mode != armv4_5->core_mode)
2211 && (areg->mode != ARM_MODE_ANY)) {
2212 /* restore processor mode (mask T bit) */
2213 arm7_9->write_xpsr_im8(target,
2214 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2215 & ~0x20, 0, 0);
2216 }
2217
2218 return jtag_execute_queue();
2219 }
2220
2221 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2222 {
2223 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2224 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2225 uint32_t reg[16];
2226 uint32_t num_accesses = 0;
2227 int thisrun_accesses;
2228 int i;
2229 uint32_t cpsr;
2230 int retval;
2231 int last_reg = 0;
2232
2233 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2234
2235 if (target->state != TARGET_HALTED)
2236 {
2237 LOG_WARNING("target not halted");
2238 return ERROR_TARGET_NOT_HALTED;
2239 }
2240
2241 /* sanitize arguments */
2242 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2243 return ERROR_INVALID_ARGUMENTS;
2244
2245 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2246 return ERROR_TARGET_UNALIGNED_ACCESS;
2247
2248 /* load the base register with the address of the first word */
2249 reg[0] = address;
2250 arm7_9->write_core_regs(target, 0x1, reg);
2251
2252 int j = 0;
2253
2254 switch (size)
2255 {
2256 case 4:
2257 while (num_accesses < count)
2258 {
2259 uint32_t reg_list;
2260 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2261 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2262
2263 if (last_reg <= thisrun_accesses)
2264 last_reg = thisrun_accesses;
2265
2266 arm7_9->load_word_regs(target, reg_list);
2267
2268 /* fast memory reads are only safe when the target is running
2269 * from a sufficiently high clock (32 kHz is usually too slow)
2270 */
2271 if (arm7_9->fast_memory_access)
2272 retval = arm7_9_execute_fast_sys_speed(target);
2273 else
2274 retval = arm7_9_execute_sys_speed(target);
2275 if (retval != ERROR_OK)
2276 return retval;
2277
2278 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2279
2280 /* advance buffer, count number of accesses */
2281 buffer += thisrun_accesses * 4;
2282 num_accesses += thisrun_accesses;
2283
2284 if ((j++%1024) == 0)
2285 {
2286 keep_alive();
2287 }
2288 }
2289 break;
2290 case 2:
2291 while (num_accesses < count)
2292 {
2293 uint32_t reg_list;
2294 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2295 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2296
2297 for (i = 1; i <= thisrun_accesses; i++)
2298 {
2299 if (i > last_reg)
2300 last_reg = i;
2301 arm7_9->load_hword_reg(target, i);
2302 /* fast memory reads are only safe when the target is running
2303 * from a sufficiently high clock (32 kHz is usually too slow)
2304 */
2305 if (arm7_9->fast_memory_access)
2306 retval = arm7_9_execute_fast_sys_speed(target);
2307 else
2308 retval = arm7_9_execute_sys_speed(target);
2309 if (retval != ERROR_OK)
2310 {
2311 return retval;
2312 }
2313
2314 }
2315
2316 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2317
2318 /* advance buffer, count number of accesses */
2319 buffer += thisrun_accesses * 2;
2320 num_accesses += thisrun_accesses;
2321
2322 if ((j++%1024) == 0)
2323 {
2324 keep_alive();
2325 }
2326 }
2327 break;
2328 case 1:
2329 while (num_accesses < count)
2330 {
2331 uint32_t reg_list;
2332 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2333 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2334
2335 for (i = 1; i <= thisrun_accesses; i++)
2336 {
2337 if (i > last_reg)
2338 last_reg = i;
2339 arm7_9->load_byte_reg(target, i);
2340 /* fast memory reads are only safe when the target is running
2341 * from a sufficiently high clock (32 kHz is usually too slow)
2342 */
2343 if (arm7_9->fast_memory_access)
2344 retval = arm7_9_execute_fast_sys_speed(target);
2345 else
2346 retval = arm7_9_execute_sys_speed(target);
2347 if (retval != ERROR_OK)
2348 {
2349 return retval;
2350 }
2351 }
2352
2353 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2354
2355 /* advance buffer, count number of accesses */
2356 buffer += thisrun_accesses * 1;
2357 num_accesses += thisrun_accesses;
2358
2359 if ((j++%1024) == 0)
2360 {
2361 keep_alive();
2362 }
2363 }
2364 break;
2365 default:
2366 LOG_ERROR("BUG: we shouldn't get here");
2367 exit(-1);
2368 break;
2369 }
2370
2371 if (!is_arm_mode(armv4_5->core_mode))
2372 return ERROR_FAIL;
2373
2374 for (i = 0; i <= last_reg; i++) {
2375 struct reg *r = arm_reg_current(armv4_5, i);
2376
2377 r->dirty = r->valid;
2378 }
2379
2380 arm7_9->read_xpsr(target, &cpsr, 0);
2381 if ((retval = jtag_execute_queue()) != ERROR_OK)
2382 {
2383 LOG_ERROR("JTAG error while reading cpsr");
2384 return ERROR_TARGET_DATA_ABORT;
2385 }
2386
2387 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2388 {
2389 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2390
2391 arm7_9->write_xpsr_im8(target,
2392 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2393 & ~0x20, 0, 0);
2394
2395 return ERROR_TARGET_DATA_ABORT;
2396 }
2397
2398 return ERROR_OK;
2399 }
2400
2401 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2402 {
2403 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2404 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2405 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2406
2407 uint32_t reg[16];
2408 uint32_t num_accesses = 0;
2409 int thisrun_accesses;
2410 int i;
2411 uint32_t cpsr;
2412 int retval;
2413 int last_reg = 0;
2414
2415 #ifdef _DEBUG_ARM7_9_
2416 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2417 #endif
2418
2419 if (target->state != TARGET_HALTED)
2420 {
2421 LOG_WARNING("target not halted");
2422 return ERROR_TARGET_NOT_HALTED;
2423 }
2424
2425 /* sanitize arguments */
2426 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2427 return ERROR_INVALID_ARGUMENTS;
2428
2429 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2430 return ERROR_TARGET_UNALIGNED_ACCESS;
2431
2432 /* load the base register with the address of the first word */
2433 reg[0] = address;
2434 arm7_9->write_core_regs(target, 0x1, reg);
2435
2436 /* Clear DBGACK, to make sure memory fetches work as expected */
2437 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2438 embeddedice_store_reg(dbg_ctrl);
2439
2440 switch (size)
2441 {
2442 case 4:
2443 while (num_accesses < count)
2444 {
2445 uint32_t reg_list;
2446 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2447 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2448
2449 for (i = 1; i <= thisrun_accesses; i++)
2450 {
2451 if (i > last_reg)
2452 last_reg = i;
2453 reg[i] = target_buffer_get_u32(target, buffer);
2454 buffer += 4;
2455 }
2456
2457 arm7_9->write_core_regs(target, reg_list, reg);
2458
2459 arm7_9->store_word_regs(target, reg_list);
2460
2461 /* fast memory writes are only safe when the target is running
2462 * from a sufficiently high clock (32 kHz is usually too slow)
2463 */
2464 if (arm7_9->fast_memory_access)
2465 retval = arm7_9_execute_fast_sys_speed(target);
2466 else
2467 retval = arm7_9_execute_sys_speed(target);
2468 if (retval != ERROR_OK)
2469 {
2470 return retval;
2471 }
2472
2473 num_accesses += thisrun_accesses;
2474 }
2475 break;
2476 case 2:
2477 while (num_accesses < count)
2478 {
2479 uint32_t reg_list;
2480 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2481 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2482
2483 for (i = 1; i <= thisrun_accesses; i++)
2484 {
2485 if (i > last_reg)
2486 last_reg = i;
2487 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2488 buffer += 2;
2489 }
2490
2491 arm7_9->write_core_regs(target, reg_list, reg);
2492
2493 for (i = 1; i <= thisrun_accesses; i++)
2494 {
2495 arm7_9->store_hword_reg(target, i);
2496
2497 /* fast memory writes are only safe when the target is running
2498 * from a sufficiently high clock (32 kHz is usually too slow)
2499 */
2500 if (arm7_9->fast_memory_access)
2501 retval = arm7_9_execute_fast_sys_speed(target);
2502 else
2503 retval = arm7_9_execute_sys_speed(target);
2504 if (retval != ERROR_OK)
2505 {
2506 return retval;
2507 }
2508 }
2509
2510 num_accesses += thisrun_accesses;
2511 }
2512 break;
2513 case 1:
2514 while (num_accesses < count)
2515 {
2516 uint32_t reg_list;
2517 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2518 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2519
2520 for (i = 1; i <= thisrun_accesses; i++)
2521 {
2522 if (i > last_reg)
2523 last_reg = i;
2524 reg[i] = *buffer++ & 0xff;
2525 }
2526
2527 arm7_9->write_core_regs(target, reg_list, reg);
2528
2529 for (i = 1; i <= thisrun_accesses; i++)
2530 {
2531 arm7_9->store_byte_reg(target, i);
2532 /* fast memory writes are only safe when the target is running
2533 * from a sufficiently high clock (32 kHz is usually too slow)
2534 */
2535 if (arm7_9->fast_memory_access)
2536 retval = arm7_9_execute_fast_sys_speed(target);
2537 else
2538 retval = arm7_9_execute_sys_speed(target);
2539 if (retval != ERROR_OK)
2540 {
2541 return retval;
2542 }
2543
2544 }
2545
2546 num_accesses += thisrun_accesses;
2547 }
2548 break;
2549 default:
2550 LOG_ERROR("BUG: we shouldn't get here");
2551 exit(-1);
2552 break;
2553 }
2554
2555 /* Re-Set DBGACK */
2556 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2557 embeddedice_store_reg(dbg_ctrl);
2558
2559 if (!is_arm_mode(armv4_5->core_mode))
2560 return ERROR_FAIL;
2561
2562 for (i = 0; i <= last_reg; i++) {
2563 struct reg *r = arm_reg_current(armv4_5, i);
2564
2565 r->dirty = r->valid;
2566 }
2567
2568 arm7_9->read_xpsr(target, &cpsr, 0);
2569 if ((retval = jtag_execute_queue()) != ERROR_OK)
2570 {
2571 LOG_ERROR("JTAG error while reading cpsr");
2572 return ERROR_TARGET_DATA_ABORT;
2573 }
2574
2575 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2576 {
2577 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2578
2579 arm7_9->write_xpsr_im8(target,
2580 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2581 & ~0x20, 0, 0);
2582
2583 return ERROR_TARGET_DATA_ABORT;
2584 }
2585
2586 return ERROR_OK;
2587 }
2588
2589 static int dcc_count;
2590 static uint8_t *dcc_buffer;
2591
2592 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2593 {
2594 int retval = ERROR_OK;
2595 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2596
2597 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2598 return retval;
2599
2600 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2601 int count = dcc_count;
2602 uint8_t *buffer = dcc_buffer;
2603 if (count > 2)
2604 {
2605 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2606 * core function repeated. */
2607 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2608 buffer += 4;
2609
2610 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2611 uint8_t reg_addr = ice_reg->addr & 0x1f;
2612 struct jtag_tap *tap;
2613 tap = ice_reg->jtag_info->tap;
2614
2615 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2616 buffer += (count-2)*4;
2617
2618 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2619 } else
2620 {
2621 int i;
2622 for (i = 0; i < count; i++)
2623 {
2624 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2625 buffer += 4;
2626 }
2627 }
2628
2629 if ((retval = target_halt(target))!= ERROR_OK)
2630 {
2631 return retval;
2632 }
2633 return target_wait_state(target, TARGET_HALTED, 500);
2634 }
2635
2636 static const uint32_t dcc_code[] =
2637 {
2638 /* r0 == input, points to memory buffer
2639 * r1 == scratch
2640 */
2641
2642 /* spin until DCC control (c0) reports data arrived */
2643 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2644 0xe3110001, /* tst r1, #1 */
2645 0x0afffffc, /* bne w */
2646
2647 /* read word from DCC (c1), write to memory */
2648 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2649 0xe4801004, /* str r1, [r0], #4 */
2650
2651 /* repeat */
2652 0xeafffff9 /* b w */
2653 };
2654
2655 extern int armv4_5_run_algorithm_inner(struct target *target,
2656 int num_mem_params, struct mem_param *mem_params,
2657 int num_reg_params, struct reg_param *reg_params,
2658 uint32_t entry_point, uint32_t exit_point,
2659 int timeout_ms, void *arch_info,
2660 int (*run_it)(struct target *target, uint32_t exit_point,
2661 int timeout_ms, void *arch_info));
2662
2663 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2664 {
2665 int retval;
2666 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2667 int i;
2668
2669 if (!arm7_9->dcc_downloads)
2670 return target_write_memory(target, address, 4, count, buffer);
2671
2672 /* regrab previously allocated working_area, or allocate a new one */
2673 if (!arm7_9->dcc_working_area)
2674 {
2675 uint8_t dcc_code_buf[6 * 4];
2676
2677 /* make sure we have a working area */
2678 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2679 {
2680 LOG_INFO("no working area available, falling back to memory writes");
2681 return target_write_memory(target, address, 4, count, buffer);
2682 }
2683
2684 /* copy target instructions to target endianness */
2685 for (i = 0; i < 6; i++)
2686 {
2687 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2688 }
2689
2690 /* write DCC code to working area */
2691 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2692 {
2693 return retval;
2694 }
2695 }
2696
2697 struct arm_algorithm armv4_5_info;
2698 struct reg_param reg_params[1];
2699
2700 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
2701 armv4_5_info.core_mode = ARM_MODE_SVC;
2702 armv4_5_info.core_state = ARM_STATE_ARM;
2703
2704 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2705
2706 buf_set_u32(reg_params[0].value, 0, 32, address);
2707
2708 dcc_count = count;
2709 dcc_buffer = buffer;
2710 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2711 arm7_9->dcc_working_area->address,
2712 arm7_9->dcc_working_area->address + 6*4,
2713 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2714
2715 if (retval == ERROR_OK)
2716 {
2717 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2718 if (endaddress != (address + count*4))
2719 {
2720 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2721 retval = ERROR_FAIL;
2722 }
2723 }
2724
2725 destroy_reg_param(&reg_params[0]);
2726
2727 return retval;
2728 }
2729
2730 /**
2731 * Perform per-target setup that requires JTAG access.
2732 */
2733 int arm7_9_examine(struct target *target)
2734 {
2735 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2736 int retval;
2737
2738 if (!target_was_examined(target)) {
2739 struct reg_cache *t, **cache_p;
2740
2741 t = embeddedice_build_reg_cache(target, arm7_9);
2742 if (t == NULL)
2743 return ERROR_FAIL;
2744
2745 cache_p = register_get_last_cache_p(&target->reg_cache);
2746 (*cache_p) = t;
2747 arm7_9->eice_cache = (*cache_p);
2748
2749 if (arm7_9->armv4_5_common.etm)
2750 (*cache_p)->next = etm_build_reg_cache(target,
2751 &arm7_9->jtag_info,
2752 arm7_9->armv4_5_common.etm);
2753
2754 target_set_examined(target);
2755 }
2756
2757 retval = embeddedice_setup(target);
2758 if (retval == ERROR_OK)
2759 retval = arm7_9_setup(target);
2760 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2761 retval = etm_setup(target);
2762 return retval;
2763 }
2764
2765 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2766 {
2767 struct target *target = get_current_target(CMD_CTX);
2768 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2769
2770 if (!is_arm7_9(arm7_9))
2771 {
2772 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2773 return ERROR_TARGET_INVALID;
2774 }
2775
2776 if (CMD_ARGC > 0)
2777 COMMAND_PARSE_ENABLE(CMD_ARGV[0],arm7_9->use_dbgrq);
2778
2779 command_print(CMD_CTX, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2780
2781 return ERROR_OK;
2782 }
2783
2784 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2785 {
2786 struct target *target = get_current_target(CMD_CTX);
2787 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2788
2789 if (!is_arm7_9(arm7_9))
2790 {
2791 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2792 return ERROR_TARGET_INVALID;
2793 }
2794
2795 if (CMD_ARGC > 0)
2796 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2797
2798 command_print(CMD_CTX, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2799
2800 return ERROR_OK;
2801 }
2802
2803 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2804 {
2805 struct target *target = get_current_target(CMD_CTX);
2806 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2807
2808 if (!is_arm7_9(arm7_9))
2809 {
2810 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2811 return ERROR_TARGET_INVALID;
2812 }
2813
2814 if (CMD_ARGC > 0)
2815 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2816
2817 command_print(CMD_CTX, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2818
2819 return ERROR_OK;
2820 }
2821
2822 COMMAND_HANDLER(handle_arm7_9_semihosting_command)
2823 {
2824 struct target *target = get_current_target(CMD_CTX);
2825 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2826
2827 if (!is_arm7_9(arm7_9))
2828 {
2829 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2830 return ERROR_TARGET_INVALID;
2831 }
2832
2833 if (CMD_ARGC > 0)
2834 {
2835 int semihosting;
2836
2837 COMMAND_PARSE_ENABLE(CMD_ARGV[0], semihosting);
2838
2839 if (arm7_9->has_vector_catch) {
2840 struct reg *vector_catch = &arm7_9->eice_cache
2841 ->reg_list[EICE_VEC_CATCH];
2842
2843 if (!vector_catch->valid)
2844 embeddedice_read_reg(vector_catch);
2845 buf_set_u32(vector_catch->value, 2, 1, semihosting);
2846 embeddedice_store_reg(vector_catch);
2847 } else {
2848 /* TODO: allow optional high vectors and/or BKPT_HARD */
2849 if (semihosting)
2850 breakpoint_add(target, 8, 4, BKPT_SOFT);
2851 else
2852 breakpoint_remove(target, 8);
2853 }
2854
2855 /* FIXME never let that "catch" be dropped! */
2856 arm7_9->armv4_5_common.is_semihosting = semihosting;
2857
2858 }
2859
2860 command_print(CMD_CTX, "semihosting is %s",
2861 arm7_9->armv4_5_common.is_semihosting
2862 ? "enabled" : "disabled");
2863
2864 return ERROR_OK;
2865 }
2866
2867 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2868 {
2869 int retval = ERROR_OK;
2870 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2871
2872 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2873
2874 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2875 return retval;
2876
2877 /* caller must have allocated via calloc(), so everything's zeroed */
2878
2879 arm7_9->wp_available_max = 2;
2880
2881 arm7_9->fast_memory_access = false;
2882 arm7_9->dcc_downloads = false;
2883
2884 armv4_5->arch_info = arm7_9;
2885 armv4_5->read_core_reg = arm7_9_read_core_reg;
2886 armv4_5->write_core_reg = arm7_9_write_core_reg;
2887 armv4_5->full_context = arm7_9_full_context;
2888
2889 retval = arm_init_arch_info(target, armv4_5);
2890 if (retval != ERROR_OK)
2891 return retval;
2892
2893 return target_register_timer_callback(arm7_9_handle_target_request,
2894 1, 1, target);
2895 }
2896
2897 static const struct command_registration arm7_9_any_command_handlers[] = {
2898 {
2899 "dbgrq",
2900 .handler = &handle_arm7_9_dbgrq_command,
2901 .mode = COMMAND_ANY,
2902 .usage = "<enable|disable>",
2903 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2904 "for target halt requests",
2905 },
2906 {
2907 "fast_memory_access",
2908 .handler = &handle_arm7_9_fast_memory_access_command,
2909 .mode = COMMAND_ANY,
2910 .usage = "<enable|disable>",
2911 .help = "use fast memory accesses instead of slower "
2912 "but potentially safer accesses",
2913 },
2914 {
2915 "dcc_downloads",
2916 .handler = &handle_arm7_9_dcc_downloads_command,
2917 .mode = COMMAND_ANY,
2918 .usage = "<enable | disable>",
2919 .help = "use DCC downloads for larger memory writes",
2920 },
2921 {
2922 "semihosting",
2923 .handler = &handle_arm7_9_semihosting_command,
2924 .mode = COMMAND_EXEC,
2925 .usage = "<enable | disable>",
2926 .help = "activate support for semihosting operations",
2927 },
2928 COMMAND_REGISTRATION_DONE
2929 };
2930 const struct command_registration arm7_9_command_handlers[] = {
2931 {
2932 .chain = arm_command_handlers,
2933 },
2934 {
2935 .chain = etm_command_handlers,
2936 },
2937 {
2938 .name = "arm7_9",
2939 .mode = COMMAND_ANY,
2940 .help = "arm7/9 specific commands",
2941 .chain = arm7_9_any_command_handlers,
2942 },
2943 COMMAND_REGISTRATION_DONE
2944 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)