Code Review / openocd.git / blob
? search:


6a56417e26d1089e9c575331e6af775aed9b28db
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41
42 /**
43 * Clear watchpoints for an ARM7/9 target.
44 *
45 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
46 * @return JTAG error status after executing queue
47 */
48 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
49 {
50 LOG_DEBUG("-");
51 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
52 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
53 arm7_9->sw_breakpoint_count = 0;
54 arm7_9->sw_breakpoints_added = 0;
55 arm7_9->wp0_used = 0;
56 arm7_9->wp1_used = arm7_9->wp1_used_default;
57 arm7_9->wp_available = arm7_9->wp_available_max;
58
59 return jtag_execute_queue();
60 }
61
62 /**
63 * Assign a watchpoint to one of the two available hardware comparators in an
64 * ARM7 or ARM9 target.
65 *
66 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
67 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
68 */
69 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
70 {
71 if (!arm7_9->wp0_used)
72 {
73 arm7_9->wp0_used = 1;
74 breakpoint->set = 1;
75 arm7_9->wp_available--;
76 }
77 else if (!arm7_9->wp1_used)
78 {
79 arm7_9->wp1_used = 1;
80 breakpoint->set = 2;
81 arm7_9->wp_available--;
82 }
83 else
84 {
85 LOG_ERROR("BUG: no hardware comparator available");
86 }
87 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
88 breakpoint->unique_id,
89 breakpoint->address,
90 breakpoint->set );
91 }
92
93 /**
94 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
95 *
96 * @param arm7_9 Pointer to common struct for ARM7/9 targets
97 * @return Error codes if there is a problem finding a watchpoint or the result
98 * of executing the JTAG queue
99 */
100 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
101 {
102 if (arm7_9->sw_breakpoints_added)
103 {
104 return ERROR_OK;
105 }
106 if (arm7_9->wp_available < 1)
107 {
108 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
109 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
110 }
111 arm7_9->wp_available--;
112
113 /* pick a breakpoint unit */
114 if (!arm7_9->wp0_used)
115 {
116 arm7_9->sw_breakpoints_added = 1;
117 arm7_9->wp0_used = 3;
118 } else if (!arm7_9->wp1_used)
119 {
120 arm7_9->sw_breakpoints_added = 2;
121 arm7_9->wp1_used = 3;
122 }
123 else
124 {
125 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
126 return ERROR_FAIL;
127 }
128
129 if (arm7_9->sw_breakpoints_added == 1)
130 {
131 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
132 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
133 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
134 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
135 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
136 }
137 else if (arm7_9->sw_breakpoints_added == 2)
138 {
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
144 }
145 else
146 {
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
148 return ERROR_FAIL;
149 }
150 LOG_DEBUG("SW BP using hw wp: %d",
151 arm7_9->sw_breakpoints_added );
152
153 return jtag_execute_queue();
154 }
155
156 /**
157 * Setup the common pieces for an ARM7/9 target after reset or on startup.
158 *
159 * @param target Pointer to an ARM7/9 target to setup
160 * @return Result of clearing the watchpoints on the target
161 */
162 int arm7_9_setup(target_t *target)
163 {
164 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
165
166 return arm7_9_clear_watchpoints(arm7_9);
167 }
168
169 /**
170 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
171 * targets. A return of ERROR_OK signifies that the target is a valid target
172 * and that the pointers have been set properly.
173 *
174 * @param target Pointer to the target device to get the pointers from
175 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
176 * targets
177 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
178 * targets
179 * @return ERROR_OK if successful
180 */
181 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
182 {
183 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
184 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
185
186 /* FIXME stop using this routine; just target_to_arm7_9() and
187 * verify the resulting pointer using a replacement routine
188 * that emits a usage message.
189 */
190 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
191 return ERROR_TARGET_INVALID;
192
193 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
194 return ERROR_TARGET_INVALID;
195
196 *armv4_5_p = armv4_5;
197 *arm7_9_p = arm7_9;
198
199 return ERROR_OK;
200 }
201
202 /**
203 * Set either a hardware or software breakpoint on an ARM7/9 target. The
204 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
205 * might have erased the values in Embedded ICE.
206 *
207 * @param target Pointer to the target device to set the breakpoints on
208 * @param breakpoint Pointer to the breakpoint to be set
209 * @return For hardware breakpoints, this is the result of executing the JTAG
210 * queue. For software breakpoints, this will be the status of the
211 * required memory reads and writes
212 */
213 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
214 {
215 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
216 int retval = ERROR_OK;
217
218 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
219 breakpoint->unique_id,
220 breakpoint->address,
221 breakpoint->type);
222
223 if (target->state != TARGET_HALTED)
224 {
225 LOG_WARNING("target not halted");
226 return ERROR_TARGET_NOT_HALTED;
227 }
228
229 if (breakpoint->type == BKPT_HARD)
230 {
231 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
232 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
233
234 /* reassign a hw breakpoint */
235 if (breakpoint->set == 0)
236 {
237 arm7_9_assign_wp(arm7_9, breakpoint);
238 }
239
240 if (breakpoint->set == 1)
241 {
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
245 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
246 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
247 }
248 else if (breakpoint->set == 2)
249 {
250 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
251 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
252 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
255 }
256 else
257 {
258 LOG_ERROR("BUG: no hardware comparator available");
259 return ERROR_OK;
260 }
261
262 retval = jtag_execute_queue();
263 }
264 else if (breakpoint->type == BKPT_SOFT)
265 {
266 /* did we already set this breakpoint? */
267 if (breakpoint->set)
268 return ERROR_OK;
269
270 if (breakpoint->length == 4)
271 {
272 uint32_t verify = 0xffffffff;
273 /* keep the original instruction in target endianness */
274 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
275 {
276 return retval;
277 }
278 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
279 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
280 {
281 return retval;
282 }
283
284 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
285 {
286 return retval;
287 }
288 if (verify != arm7_9->arm_bkpt)
289 {
290 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
291 return ERROR_OK;
292 }
293 }
294 else
295 {
296 uint16_t verify = 0xffff;
297 /* keep the original instruction in target endianness */
298 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
299 {
300 return retval;
301 }
302 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
303 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
304 {
305 return retval;
306 }
307
308 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
309 {
310 return retval;
311 }
312 if (verify != arm7_9->thumb_bkpt)
313 {
314 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
315 return ERROR_OK;
316 }
317 }
318
319 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
320 return retval;
321
322 arm7_9->sw_breakpoint_count++;
323
324 breakpoint->set = 1;
325 }
326
327 return retval;
328 }
329
330 /**
331 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
332 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
333 * will be updated. Otherwise, the software breakpoint will be restored to its
334 * original instruction if it hasn't already been modified.
335 *
336 * @param target Pointer to ARM7/9 target to unset the breakpoint from
337 * @param breakpoint Pointer to breakpoint to be unset
338 * @return For hardware breakpoints, this is the result of executing the JTAG
339 * queue. For software breakpoints, this will be the status of the
340 * required memory reads and writes
341 */
342 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
343 {
344 int retval = ERROR_OK;
345 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
346
347 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
348 breakpoint->unique_id,
349 breakpoint->address );
350
351 if (!breakpoint->set)
352 {
353 LOG_WARNING("breakpoint not set");
354 return ERROR_OK;
355 }
356
357 if (breakpoint->type == BKPT_HARD)
358 {
359 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
360 breakpoint->unique_id,
361 breakpoint->set );
362 if (breakpoint->set == 1)
363 {
364 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
365 arm7_9->wp0_used = 0;
366 arm7_9->wp_available++;
367 }
368 else if (breakpoint->set == 2)
369 {
370 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
371 arm7_9->wp1_used = 0;
372 arm7_9->wp_available++;
373 }
374 retval = jtag_execute_queue();
375 breakpoint->set = 0;
376 }
377 else
378 {
379 /* restore original instruction (kept in target endianness) */
380 if (breakpoint->length == 4)
381 {
382 uint32_t current_instr;
383 /* check that user program as not modified breakpoint instruction */
384 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
385 {
386 return retval;
387 }
388 if (current_instr == arm7_9->arm_bkpt)
389 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
390 {
391 return retval;
392 }
393 }
394 else
395 {
396 uint16_t current_instr;
397 /* check that user program as not modified breakpoint instruction */
398 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
399 {
400 return retval;
401 }
402 if (current_instr == arm7_9->thumb_bkpt)
403 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
404 {
405 return retval;
406 }
407 }
408
409 if (--arm7_9->sw_breakpoint_count==0)
410 {
411 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
412 if (arm7_9->sw_breakpoints_added == 1)
413 {
414 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
415 }
416 else if (arm7_9->sw_breakpoints_added == 2)
417 {
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
419 }
420 }
421
422 breakpoint->set = 0;
423 }
424
425 return retval;
426 }
427
428 /**
429 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
430 * dangling breakpoints and that the desired breakpoint can be added.
431 *
432 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
433 * @param breakpoint Pointer to the breakpoint to be added
434 * @return An error status if there is a problem adding the breakpoint or the
435 * result of setting the breakpoint
436 */
437 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
438 {
439 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
440
441 if (target->state != TARGET_HALTED)
442 {
443 LOG_WARNING("target not halted");
444 return ERROR_TARGET_NOT_HALTED;
445 }
446
447 if (arm7_9->breakpoint_count == 0)
448 {
449 /* make sure we don't have any dangling breakpoints. This is vital upon
450 * GDB connect/disconnect
451 */
452 arm7_9_clear_watchpoints(arm7_9);
453 }
454
455 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
456 {
457 LOG_INFO("no watchpoint unit available for hardware breakpoint");
458 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
459 }
460
461 if ((breakpoint->length != 2) && (breakpoint->length != 4))
462 {
463 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
464 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
465 }
466
467 if (breakpoint->type == BKPT_HARD)
468 {
469 arm7_9_assign_wp(arm7_9, breakpoint);
470 }
471
472 arm7_9->breakpoint_count++;
473
474 return arm7_9_set_breakpoint(target, breakpoint);
475 }
476
477 /**
478 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
479 * dangling breakpoints and updates available watchpoints if it is a hardware
480 * breakpoint.
481 *
482 * @param target Pointer to the target to have a breakpoint removed
483 * @param breakpoint Pointer to the breakpoint to be removed
484 * @return Error status if there was a problem unsetting the breakpoint or the
485 * watchpoints could not be cleared
486 */
487 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
488 {
489 int retval = ERROR_OK;
490 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
491
492 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
493 {
494 return retval;
495 }
496
497 if (breakpoint->type == BKPT_HARD)
498 arm7_9->wp_available++;
499
500 arm7_9->breakpoint_count--;
501 if (arm7_9->breakpoint_count == 0)
502 {
503 /* make sure we don't have any dangling breakpoints */
504 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
505 {
506 return retval;
507 }
508 }
509
510 return ERROR_OK;
511 }
512
513 /**
514 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
515 * considered a bug to call this function when there are no available watchpoint
516 * units.
517 *
518 * @param target Pointer to an ARM7/9 target to set a watchpoint on
519 * @param watchpoint Pointer to the watchpoint to be set
520 * @return Error status if watchpoint set fails or the result of executing the
521 * JTAG queue
522 */
523 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
524 {
525 int retval = ERROR_OK;
526 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
527 int rw_mask = 1;
528 uint32_t mask;
529
530 mask = watchpoint->length - 1;
531
532 if (target->state != TARGET_HALTED)
533 {
534 LOG_WARNING("target not halted");
535 return ERROR_TARGET_NOT_HALTED;
536 }
537
538 if (watchpoint->rw == WPT_ACCESS)
539 rw_mask = 0;
540 else
541 rw_mask = 1;
542
543 if (!arm7_9->wp0_used)
544 {
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
548 if (watchpoint->mask != 0xffffffffu)
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
552
553 if ((retval = jtag_execute_queue()) != ERROR_OK)
554 {
555 return retval;
556 }
557 watchpoint->set = 1;
558 arm7_9->wp0_used = 2;
559 }
560 else if (!arm7_9->wp1_used)
561 {
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
564 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
565 if (watchpoint->mask != 0xffffffffu)
566 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
568 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
569
570 if ((retval = jtag_execute_queue()) != ERROR_OK)
571 {
572 return retval;
573 }
574 watchpoint->set = 2;
575 arm7_9->wp1_used = 2;
576 }
577 else
578 {
579 LOG_ERROR("BUG: no hardware comparator available");
580 return ERROR_OK;
581 }
582
583 return ERROR_OK;
584 }
585
586 /**
587 * Unset an existing watchpoint and clear the used watchpoint unit.
588 *
589 * @param target Pointer to the target to have the watchpoint removed
590 * @param watchpoint Pointer to the watchpoint to be removed
591 * @return Error status while trying to unset the watchpoint or the result of
592 * executing the JTAG queue
593 */
594 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
595 {
596 int retval = ERROR_OK;
597 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
598
599 if (target->state != TARGET_HALTED)
600 {
601 LOG_WARNING("target not halted");
602 return ERROR_TARGET_NOT_HALTED;
603 }
604
605 if (!watchpoint->set)
606 {
607 LOG_WARNING("breakpoint not set");
608 return ERROR_OK;
609 }
610
611 if (watchpoint->set == 1)
612 {
613 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
614 if ((retval = jtag_execute_queue()) != ERROR_OK)
615 {
616 return retval;
617 }
618 arm7_9->wp0_used = 0;
619 }
620 else if (watchpoint->set == 2)
621 {
622 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
623 if ((retval = jtag_execute_queue()) != ERROR_OK)
624 {
625 return retval;
626 }
627 arm7_9->wp1_used = 0;
628 }
629 watchpoint->set = 0;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
636 * available, an error response is returned.
637 *
638 * @param target Pointer to the ARM7/9 target to add a watchpoint to
639 * @param watchpoint Pointer to the watchpoint to be added
640 * @return Error status while trying to add the watchpoint
641 */
642 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
643 {
644 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
645
646 if (target->state != TARGET_HALTED)
647 {
648 LOG_WARNING("target not halted");
649 return ERROR_TARGET_NOT_HALTED;
650 }
651
652 if (arm7_9->wp_available < 1)
653 {
654 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
655 }
656
657 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
658 {
659 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
660 }
661
662 arm7_9->wp_available--;
663
664 return ERROR_OK;
665 }
666
667 /**
668 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
669 * the used watchpoint unit will be reopened.
670 *
671 * @param target Pointer to the target to remove a watchpoint from
672 * @param watchpoint Pointer to the watchpoint to be removed
673 * @return Result of trying to unset the watchpoint
674 */
675 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
676 {
677 int retval = ERROR_OK;
678 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
679
680 if (watchpoint->set)
681 {
682 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
683 {
684 return retval;
685 }
686 }
687
688 arm7_9->wp_available++;
689
690 return ERROR_OK;
691 }
692
693 /**
694 * Restarts the target by sending a RESTART instruction and moving the JTAG
695 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
696 * asserted by the processor.
697 *
698 * @param target Pointer to target to issue commands to
699 * @return Error status if there is a timeout or a problem while executing the
700 * JTAG queue
701 */
702 int arm7_9_execute_sys_speed(struct target_s *target)
703 {
704 int retval;
705 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
706 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
707 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
708
709 /* set RESTART instruction */
710 jtag_set_end_state(TAP_IDLE);
711 if (arm7_9->need_bypass_before_restart) {
712 arm7_9->need_bypass_before_restart = 0;
713 arm_jtag_set_instr(jtag_info, 0xf, NULL);
714 }
715 arm_jtag_set_instr(jtag_info, 0x4, NULL);
716
717 long long then = timeval_ms();
718 int timeout;
719 while (!(timeout = ((timeval_ms()-then) > 1000)))
720 {
721 /* read debug status register */
722 embeddedice_read_reg(dbg_stat);
723 if ((retval = jtag_execute_queue()) != ERROR_OK)
724 return retval;
725 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
726 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
727 break;
728 if (debug_level >= 3)
729 {
730 alive_sleep(100);
731 } else
732 {
733 keep_alive();
734 }
735 }
736 if (timeout)
737 {
738 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
739 return ERROR_TARGET_TIMEOUT;
740 }
741
742 return ERROR_OK;
743 }
744
745 /**
746 * Restarts the target by sending a RESTART instruction and moving the JTAG
747 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
748 * waiting until they are.
749 *
750 * @param target Pointer to the target to issue commands to
751 * @return Always ERROR_OK
752 */
753 int arm7_9_execute_fast_sys_speed(struct target_s *target)
754 {
755 static int set = 0;
756 static uint8_t check_value[4], check_mask[4];
757
758 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
759 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
760 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
761
762 /* set RESTART instruction */
763 jtag_set_end_state(TAP_IDLE);
764 if (arm7_9->need_bypass_before_restart) {
765 arm7_9->need_bypass_before_restart = 0;
766 arm_jtag_set_instr(jtag_info, 0xf, NULL);
767 }
768 arm_jtag_set_instr(jtag_info, 0x4, NULL);
769
770 if (!set)
771 {
772 /* check for DBGACK and SYSCOMP set (others don't care) */
773
774 /* NB! These are constants that must be available until after next jtag_execute() and
775 * we evaluate the values upon first execution in lieu of setting up these constants
776 * during early setup.
777 * */
778 buf_set_u32(check_value, 0, 32, 0x9);
779 buf_set_u32(check_mask, 0, 32, 0x9);
780 set = 1;
781 }
782
783 /* read debug status register */
784 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
785
786 return ERROR_OK;
787 }
788
789 /**
790 * Get some data from the ARM7/9 target.
791 *
792 * @param target Pointer to the ARM7/9 target to read data from
793 * @param size The number of 32bit words to be read
794 * @param buffer Pointer to the buffer that will hold the data
795 * @return The result of receiving data from the Embedded ICE unit
796 */
797 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
798 {
799 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
800 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
801 uint32_t *data;
802 int retval = ERROR_OK;
803 uint32_t i;
804
805 data = malloc(size * (sizeof(uint32_t)));
806
807 retval = embeddedice_receive(jtag_info, data, size);
808
809 /* return the 32-bit ints in the 8-bit array */
810 for (i = 0; i < size; i++)
811 {
812 h_u32_to_le(buffer + (i * 4), data[i]);
813 }
814
815 free(data);
816
817 return retval;
818 }
819
820 /**
821 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
822 * target is running and the DCC control register has the W bit high, this will
823 * execute the request on the target.
824 *
825 * @param priv Void pointer expected to be a target_t pointer
826 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
827 * from the Embedded ICE unit
828 */
829 int arm7_9_handle_target_request(void *priv)
830 {
831 int retval = ERROR_OK;
832 target_t *target = priv;
833 if (!target_was_examined(target))
834 return ERROR_OK;
835 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
836 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
837 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
838
839 if (!target->dbg_msg_enabled)
840 return ERROR_OK;
841
842 if (target->state == TARGET_RUNNING)
843 {
844 /* read DCC control register */
845 embeddedice_read_reg(dcc_control);
846 if ((retval = jtag_execute_queue()) != ERROR_OK)
847 {
848 return retval;
849 }
850
851 /* check W bit */
852 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
853 {
854 uint32_t request;
855
856 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
857 {
858 return retval;
859 }
860 if ((retval = target_request(target, request)) != ERROR_OK)
861 {
862 return retval;
863 }
864 }
865 }
866
867 return ERROR_OK;
868 }
869
870 /**
871 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
872 * is manipulated to the right halted state based on its current state. This is
873 * what happens:
874 *
875 * <table>
876 * <tr><th > State</th><th > Action</th></tr>
877 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
878 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
879 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
880 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
881 * </table>
882 *
883 * If the target does not end up in the halted state, a warning is produced. If
884 * DBGACK is cleared, then the target is expected to either be running or
885 * running in debug.
886 *
887 * @param target Pointer to the ARM7/9 target to poll
888 * @return ERROR_OK or an error status if a command fails
889 */
890 int arm7_9_poll(target_t *target)
891 {
892 int retval;
893 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
894 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
895
896 /* read debug status register */
897 embeddedice_read_reg(dbg_stat);
898 if ((retval = jtag_execute_queue()) != ERROR_OK)
899 {
900 return retval;
901 }
902
903 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
904 {
905 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
906 if (target->state == TARGET_UNKNOWN)
907 {
908 /* Starting OpenOCD with target in debug-halt */
909 target->state = TARGET_RUNNING;
910 LOG_DEBUG("DBGACK already set during server startup.");
911 }
912 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
913 {
914 int check_pc = 0;
915 if (target->state == TARGET_RESET)
916 {
917 if (target->reset_halt)
918 {
919 enum reset_types jtag_reset_config = jtag_get_reset_config();
920 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
921 {
922 check_pc = 1;
923 }
924 }
925 }
926
927 target->state = TARGET_HALTED;
928
929 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
930 return retval;
931
932 if (check_pc)
933 {
934 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
935 uint32_t t=*((uint32_t *)reg->value);
936 if (t != 0)
937 {
938 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
939 }
940 }
941
942 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
943 {
944 return retval;
945 }
946 }
947 if (target->state == TARGET_DEBUG_RUNNING)
948 {
949 target->state = TARGET_HALTED;
950 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
951 return retval;
952
953 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
954 {
955 return retval;
956 }
957 }
958 if (target->state != TARGET_HALTED)
959 {
960 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
961 }
962 }
963 else
964 {
965 if (target->state != TARGET_DEBUG_RUNNING)
966 target->state = TARGET_RUNNING;
967 }
968
969 return ERROR_OK;
970 }
971
972 /**
973 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
974 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
975 * affected) completely stop the JTAG clock while the core is held in reset
976 * (SRST). It isn't possible to program the halt condition once reset is
977 * asserted, hence a hook that allows the target to set up its reset-halt
978 * condition is setup prior to asserting reset.
979 *
980 * @param target Pointer to an ARM7/9 target to assert reset on
981 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
982 */
983 int arm7_9_assert_reset(target_t *target)
984 {
985 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
986
987 LOG_DEBUG("target->state: %s",
988 target_state_name(target));
989
990 enum reset_types jtag_reset_config = jtag_get_reset_config();
991 if (!(jtag_reset_config & RESET_HAS_SRST))
992 {
993 LOG_ERROR("Can't assert SRST");
994 return ERROR_FAIL;
995 }
996
997 /* At this point trst has been asserted/deasserted once. We would
998 * like to program EmbeddedICE while SRST is asserted, instead of
999 * depending on SRST to leave that module alone. However, many CPUs
1000 * gate the JTAG clock while SRST is asserted; or JTAG may need
1001 * clock stability guarantees (adaptive clocking might help).
1002 *
1003 * So we assume JTAG access during SRST is off the menu unless it's
1004 * been specifically enabled.
1005 */
1006 bool srst_asserted = false;
1007
1008 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
1009 && (jtag_reset_config & RESET_SRST_NO_GATING))
1010 {
1011 jtag_add_reset(0, 1);
1012 srst_asserted = true;
1013 }
1014
1015 if (target->reset_halt)
1016 {
1017 /*
1018 * Some targets do not support communication while SRST is asserted. We need to
1019 * set up the reset vector catch here.
1020 *
1021 * If TRST is asserted, then these settings will be reset anyway, so setting them
1022 * here is harmless.
1023 */
1024 if (arm7_9->has_vector_catch)
1025 {
1026 /* program vector catch register to catch reset vector */
1027 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1028
1029 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1030 jtag_add_runtest(1, jtag_get_end_state());
1031 }
1032 else
1033 {
1034 /* program watchpoint unit to match on reset vector address */
1035 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1036 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1037 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1038 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1039 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1040 }
1041 }
1042
1043 /* here we should issue an SRST only, but we may have to assert TRST as well */
1044 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1045 {
1046 jtag_add_reset(1, 1);
1047 } else if (!srst_asserted)
1048 {
1049 jtag_add_reset(0, 1);
1050 }
1051
1052 target->state = TARGET_RESET;
1053 jtag_add_sleep(50000);
1054
1055 armv4_5_invalidate_core_regs(target);
1056
1057 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1058 {
1059 /* debug entry was already prepared in arm7_9_assert_reset() */
1060 target->debug_reason = DBG_REASON_DBGRQ;
1061 }
1062
1063 return ERROR_OK;
1064 }
1065
1066 /**
1067 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1068 * and the target is being reset into a halt, a warning will be triggered
1069 * because it is not possible to reset into a halted mode in this case. The
1070 * target is halted using the target's functions.
1071 *
1072 * @param target Pointer to the target to have the reset deasserted
1073 * @return ERROR_OK or an error from polling or halting the target
1074 */
1075 int arm7_9_deassert_reset(target_t *target)
1076 {
1077 int retval = ERROR_OK;
1078 LOG_DEBUG("target->state: %s",
1079 target_state_name(target));
1080
1081 /* deassert reset lines */
1082 jtag_add_reset(0, 0);
1083
1084 enum reset_types jtag_reset_config = jtag_get_reset_config();
1085 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1086 {
1087 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1088 /* set up embedded ice registers again */
1089 if ((retval = target_examine_one(target)) != ERROR_OK)
1090 return retval;
1091
1092 if ((retval = target_poll(target)) != ERROR_OK)
1093 {
1094 return retval;
1095 }
1096
1097 if ((retval = target_halt(target)) != ERROR_OK)
1098 {
1099 return retval;
1100 }
1101
1102 }
1103 return retval;
1104 }
1105
1106 /**
1107 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1108 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1109 * vector catch was used, it is restored. Otherwise, the control value is
1110 * restored and the watchpoint unit is restored if it was in use.
1111 *
1112 * @param target Pointer to the ARM7/9 target to have halt cleared
1113 * @return Always ERROR_OK
1114 */
1115 int arm7_9_clear_halt(target_t *target)
1116 {
1117 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1118 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1119
1120 /* we used DBGRQ only if we didn't come out of reset */
1121 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1122 {
1123 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1124 */
1125 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1126 embeddedice_store_reg(dbg_ctrl);
1127 }
1128 else
1129 {
1130 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1131 {
1132 /* if we came out of reset, and vector catch is supported, we used
1133 * vector catch to enter debug state
1134 * restore the register in that case
1135 */
1136 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1137 }
1138 else
1139 {
1140 /* restore registers if watchpoint unit 0 was in use
1141 */
1142 if (arm7_9->wp0_used)
1143 {
1144 if (arm7_9->debug_entry_from_reset)
1145 {
1146 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1147 }
1148 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1149 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1150 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1151 }
1152 /* control value always has to be restored, as it was either disabled,
1153 * or enabled with possibly different bits
1154 */
1155 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1156 }
1157 }
1158
1159 return ERROR_OK;
1160 }
1161
1162 /**
1163 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1164 * and then there is a wait until the processor shows the halt. This wait can
1165 * timeout and results in an error being returned. The software reset involves
1166 * clearing the halt, updating the debug control register, changing to ARM mode,
1167 * reset of the program counter, and reset of all of the registers.
1168 *
1169 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1170 * @return Error status if any of the commands fail, otherwise ERROR_OK
1171 */
1172 int arm7_9_soft_reset_halt(struct target_s *target)
1173 {
1174 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1175 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1176 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1177 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1178 int i;
1179 int retval;
1180
1181 /* FIX!!! replace some of this code with tcl commands
1182 *
1183 * halt # the halt command is synchronous
1184 * armv4_5 core_state arm
1185 *
1186 */
1187
1188 if ((retval = target_halt(target)) != ERROR_OK)
1189 return retval;
1190
1191 long long then = timeval_ms();
1192 int timeout;
1193 while (!(timeout = ((timeval_ms()-then) > 1000)))
1194 {
1195 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1196 break;
1197 embeddedice_read_reg(dbg_stat);
1198 if ((retval = jtag_execute_queue()) != ERROR_OK)
1199 return retval;
1200 if (debug_level >= 3)
1201 {
1202 alive_sleep(100);
1203 } else
1204 {
1205 keep_alive();
1206 }
1207 }
1208 if (timeout)
1209 {
1210 LOG_ERROR("Failed to halt CPU after 1 sec");
1211 return ERROR_TARGET_TIMEOUT;
1212 }
1213 target->state = TARGET_HALTED;
1214
1215 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1216 * ensure that DBGRQ is cleared
1217 */
1218 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1219 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1220 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1221 embeddedice_store_reg(dbg_ctrl);
1222
1223 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1224 {
1225 return retval;
1226 }
1227
1228 /* if the target is in Thumb state, change to ARM state */
1229 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1230 {
1231 uint32_t r0_thumb, pc_thumb;
1232 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1233 /* Entered debug from Thumb mode */
1234 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1235 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1236 }
1237
1238 /* all register content is now invalid */
1239 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1240 {
1241 return retval;
1242 }
1243
1244 /* SVC, ARM state, IRQ and FIQ disabled */
1245 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1246 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1247 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1248
1249 /* start fetching from 0x0 */
1250 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1251 armv4_5->core_cache->reg_list[15].dirty = 1;
1252 armv4_5->core_cache->reg_list[15].valid = 1;
1253
1254 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1255 armv4_5->core_state = ARMV4_5_STATE_ARM;
1256
1257 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1258 return ERROR_FAIL;
1259
1260 /* reset registers */
1261 for (i = 0; i <= 14; i++)
1262 {
1263 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1264 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1265 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1266 }
1267
1268 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1269 {
1270 return retval;
1271 }
1272
1273 return ERROR_OK;
1274 }
1275
1276 /**
1277 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1278 * line or by programming a watchpoint to trigger on any address. It is
1279 * considered a bug to call this function while the target is in the
1280 * TARGET_RESET state.
1281 *
1282 * @param target Pointer to the ARM7/9 target to be halted
1283 * @return Always ERROR_OK
1284 */
1285 int arm7_9_halt(target_t *target)
1286 {
1287 if (target->state == TARGET_RESET)
1288 {
1289 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1290 return ERROR_OK;
1291 }
1292
1293 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1294 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1295
1296 LOG_DEBUG("target->state: %s",
1297 target_state_name(target));
1298
1299 if (target->state == TARGET_HALTED)
1300 {
1301 LOG_DEBUG("target was already halted");
1302 return ERROR_OK;
1303 }
1304
1305 if (target->state == TARGET_UNKNOWN)
1306 {
1307 LOG_WARNING("target was in unknown state when halt was requested");
1308 }
1309
1310 if (arm7_9->use_dbgrq)
1311 {
1312 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1313 */
1314 if (arm7_9->set_special_dbgrq) {
1315 arm7_9->set_special_dbgrq(target);
1316 } else {
1317 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1318 embeddedice_store_reg(dbg_ctrl);
1319 }
1320 }
1321 else
1322 {
1323 /* program watchpoint unit to match on any address
1324 */
1325 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1326 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1327 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1328 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1329 }
1330
1331 target->debug_reason = DBG_REASON_DBGRQ;
1332
1333 return ERROR_OK;
1334 }
1335
1336 /**
1337 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1338 * ARM. The JTAG queue is then executed and the reason for debug entry is
1339 * examined. Once done, the target is verified to be halted and the processor
1340 * is forced into ARM mode. The core registers are saved for the current core
1341 * mode and the program counter (register 15) is updated as needed. The core
1342 * registers and CPSR and SPSR are saved for restoration later.
1343 *
1344 * @param target Pointer to target that is entering debug mode
1345 * @return Error code if anything fails, otherwise ERROR_OK
1346 */
1347 int arm7_9_debug_entry(target_t *target)
1348 {
1349 int i;
1350 uint32_t context[16];
1351 uint32_t* context_p[16];
1352 uint32_t r0_thumb, pc_thumb;
1353 uint32_t cpsr;
1354 int retval;
1355 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1356 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1357 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1358 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1359
1360 #ifdef _DEBUG_ARM7_9_
1361 LOG_DEBUG("-");
1362 #endif
1363
1364 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1365 * ensure that DBGRQ is cleared
1366 */
1367 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1368 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1369 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1370 embeddedice_store_reg(dbg_ctrl);
1371
1372 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1373 {
1374 return retval;
1375 }
1376
1377 if ((retval = jtag_execute_queue()) != ERROR_OK)
1378 {
1379 return retval;
1380 }
1381
1382 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1383 return retval;
1384
1385
1386 if (target->state != TARGET_HALTED)
1387 {
1388 LOG_WARNING("target not halted");
1389 return ERROR_TARGET_NOT_HALTED;
1390 }
1391
1392 /* if the target is in Thumb state, change to ARM state */
1393 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1394 {
1395 LOG_DEBUG("target entered debug from Thumb state");
1396 /* Entered debug from Thumb mode */
1397 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1398 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1399 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1400 }
1401 else
1402 {
1403 LOG_DEBUG("target entered debug from ARM state");
1404 /* Entered debug from ARM mode */
1405 armv4_5->core_state = ARMV4_5_STATE_ARM;
1406 }
1407
1408 for (i = 0; i < 16; i++)
1409 context_p[i] = &context[i];
1410 /* save core registers (r0 - r15 of current core mode) */
1411 arm7_9->read_core_regs(target, 0xffff, context_p);
1412
1413 arm7_9->read_xpsr(target, &cpsr, 0);
1414
1415 if ((retval = jtag_execute_queue()) != ERROR_OK)
1416 return retval;
1417
1418 /* if the core has been executing in Thumb state, set the T bit */
1419 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1420 cpsr |= 0x20;
1421
1422 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1423 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1424 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1425
1426 armv4_5->core_mode = cpsr & 0x1f;
1427
1428 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1429 {
1430 target->state = TARGET_UNKNOWN;
1431 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1432 return ERROR_TARGET_FAILURE;
1433 }
1434
1435 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1436
1437 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1438 {
1439 LOG_DEBUG("thumb state, applying fixups");
1440 context[0] = r0_thumb;
1441 context[15] = pc_thumb;
1442 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1443 {
1444 /* adjust value stored by STM */
1445 context[15] -= 3 * 4;
1446 }
1447
1448 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1449 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1450 else
1451 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1452
1453 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1454 return ERROR_FAIL;
1455
1456 for (i = 0; i <= 15; i++)
1457 {
1458 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1459 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1460 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1461 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1462 }
1463
1464 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1465
1466 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1467 return ERROR_FAIL;
1468
1469 /* exceptions other than USR & SYS have a saved program status register */
1470 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1471 {
1472 uint32_t spsr;
1473 arm7_9->read_xpsr(target, &spsr, 1);
1474 if ((retval = jtag_execute_queue()) != ERROR_OK)
1475 {
1476 return retval;
1477 }
1478 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1479 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1480 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1481 }
1482
1483 /* r0 and r15 (pc) have to be restored later */
1484 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1485 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1486
1487 if ((retval = jtag_execute_queue()) != ERROR_OK)
1488 return retval;
1489
1490 if (arm7_9->post_debug_entry)
1491 arm7_9->post_debug_entry(target);
1492
1493 return ERROR_OK;
1494 }
1495
1496 /**
1497 * Validate the full context for an ARM7/9 target in all processor modes. If
1498 * there are any invalid registers for the target, they will all be read. This
1499 * includes the PSR.
1500 *
1501 * @param target Pointer to the ARM7/9 target to capture the full context from
1502 * @return Error if the target is not halted, has an invalid core mode, or if
1503 * the JTAG queue fails to execute
1504 */
1505 int arm7_9_full_context(target_t *target)
1506 {
1507 int i;
1508 int retval;
1509 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1510 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1511
1512 LOG_DEBUG("-");
1513
1514 if (target->state != TARGET_HALTED)
1515 {
1516 LOG_WARNING("target not halted");
1517 return ERROR_TARGET_NOT_HALTED;
1518 }
1519
1520 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1521 return ERROR_FAIL;
1522
1523 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1524 * SYS shares registers with User, so we don't touch SYS
1525 */
1526 for (i = 0; i < 6; i++)
1527 {
1528 uint32_t mask = 0;
1529 uint32_t* reg_p[16];
1530 int j;
1531 int valid = 1;
1532
1533 /* check if there are invalid registers in the current mode
1534 */
1535 for (j = 0; j <= 16; j++)
1536 {
1537 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1538 valid = 0;
1539 }
1540
1541 if (!valid)
1542 {
1543 uint32_t tmp_cpsr;
1544
1545 /* change processor mode (and mask T bit) */
1546 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1547 tmp_cpsr |= armv4_5_number_to_mode(i);
1548 tmp_cpsr &= ~0x20;
1549 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1550
1551 for (j = 0; j < 15; j++)
1552 {
1553 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1554 {
1555 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1556 mask |= 1 << j;
1557 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1558 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1559 }
1560 }
1561
1562 /* if only the PSR is invalid, mask is all zeroes */
1563 if (mask)
1564 arm7_9->read_core_regs(target, mask, reg_p);
1565
1566 /* check if the PSR has to be read */
1567 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1568 {
1569 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1570 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1571 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1572 }
1573 }
1574 }
1575
1576 /* restore processor mode (mask T bit) */
1577 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1578
1579 if ((retval = jtag_execute_queue()) != ERROR_OK)
1580 {
1581 return retval;
1582 }
1583 return ERROR_OK;
1584 }
1585
1586 /**
1587 * Restore the processor context on an ARM7/9 target. The full processor
1588 * context is analyzed to see if any of the registers are dirty on this end, but
1589 * have a valid new value. If this is the case, the processor is changed to the
1590 * appropriate mode and the new register values are written out to the
1591 * processor. If there happens to be a dirty register with an invalid value, an
1592 * error will be logged.
1593 *
1594 * @param target Pointer to the ARM7/9 target to have its context restored
1595 * @return Error status if the target is not halted or the core mode in the
1596 * armv4_5 struct is invalid.
1597 */
1598 int arm7_9_restore_context(target_t *target)
1599 {
1600 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1601 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1602 reg_t *reg;
1603 armv4_5_core_reg_t *reg_arch_info;
1604 enum armv4_5_mode current_mode = armv4_5->core_mode;
1605 int i, j;
1606 int dirty;
1607 int mode_change;
1608
1609 LOG_DEBUG("-");
1610
1611 if (target->state != TARGET_HALTED)
1612 {
1613 LOG_WARNING("target not halted");
1614 return ERROR_TARGET_NOT_HALTED;
1615 }
1616
1617 if (arm7_9->pre_restore_context)
1618 arm7_9->pre_restore_context(target);
1619
1620 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1621 return ERROR_FAIL;
1622
1623 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1624 * SYS shares registers with User, so we don't touch SYS
1625 */
1626 for (i = 0; i < 6; i++)
1627 {
1628 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1629 dirty = 0;
1630 mode_change = 0;
1631 /* check if there are dirty registers in the current mode
1632 */
1633 for (j = 0; j <= 16; j++)
1634 {
1635 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1636 reg_arch_info = reg->arch_info;
1637 if (reg->dirty == 1)
1638 {
1639 if (reg->valid == 1)
1640 {
1641 dirty = 1;
1642 LOG_DEBUG("examining dirty reg: %s", reg->name);
1643 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1644 && (reg_arch_info->mode != current_mode)
1645 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1646 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1647 {
1648 mode_change = 1;
1649 LOG_DEBUG("require mode change");
1650 }
1651 }
1652 else
1653 {
1654 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1655 }
1656 }
1657 }
1658
1659 if (dirty)
1660 {
1661 uint32_t mask = 0x0;
1662 int num_regs = 0;
1663 uint32_t regs[16];
1664
1665 if (mode_change)
1666 {
1667 uint32_t tmp_cpsr;
1668
1669 /* change processor mode (mask T bit) */
1670 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1671 tmp_cpsr |= armv4_5_number_to_mode(i);
1672 tmp_cpsr &= ~0x20;
1673 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1674 current_mode = armv4_5_number_to_mode(i);
1675 }
1676
1677 for (j = 0; j <= 14; j++)
1678 {
1679 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1680 reg_arch_info = reg->arch_info;
1681
1682
1683 if (reg->dirty == 1)
1684 {
1685 regs[j] = buf_get_u32(reg->value, 0, 32);
1686 mask |= 1 << j;
1687 num_regs++;
1688 reg->dirty = 0;
1689 reg->valid = 1;
1690 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1691 }
1692 }
1693
1694 if (mask)
1695 {
1696 arm7_9->write_core_regs(target, mask, regs);
1697 }
1698
1699 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1700 reg_arch_info = reg->arch_info;
1701 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1702 {
1703 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1704 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1705 }
1706 }
1707 }
1708
1709 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1710 {
1711 /* restore processor mode (mask T bit) */
1712 uint32_t tmp_cpsr;
1713
1714 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1715 tmp_cpsr |= armv4_5_number_to_mode(i);
1716 tmp_cpsr &= ~0x20;
1717 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1718 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1719 }
1720 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1721 {
1722 /* CPSR has been changed, full restore necessary (mask T bit) */
1723 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1724 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1725 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1726 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1727 }
1728
1729 /* restore PC */
1730 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1731 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1732 armv4_5->core_cache->reg_list[15].dirty = 0;
1733
1734 if (arm7_9->post_restore_context)
1735 arm7_9->post_restore_context(target);
1736
1737 return ERROR_OK;
1738 }
1739
1740 /**
1741 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1742 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1743 * restart.
1744 *
1745 * @param target Pointer to the ARM7/9 target to be restarted
1746 * @return Result of executing the JTAG queue
1747 */
1748 int arm7_9_restart_core(struct target_s *target)
1749 {
1750 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1751 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1752
1753 /* set RESTART instruction */
1754 jtag_set_end_state(TAP_IDLE);
1755 if (arm7_9->need_bypass_before_restart) {
1756 arm7_9->need_bypass_before_restart = 0;
1757 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1758 }
1759 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1760
1761 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1762 return jtag_execute_queue();
1763 }
1764
1765 /**
1766 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1767 * iterated through and are set on the target if they aren't already set.
1768 *
1769 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1770 */
1771 void arm7_9_enable_watchpoints(struct target_s *target)
1772 {
1773 watchpoint_t *watchpoint = target->watchpoints;
1774
1775 while (watchpoint)
1776 {
1777 if (watchpoint->set == 0)
1778 arm7_9_set_watchpoint(target, watchpoint);
1779 watchpoint = watchpoint->next;
1780 }
1781 }
1782
1783 /**
1784 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1785 * iterated through and are set on the target.
1786 *
1787 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1788 */
1789 void arm7_9_enable_breakpoints(struct target_s *target)
1790 {
1791 breakpoint_t *breakpoint = target->breakpoints;
1792
1793 /* set any pending breakpoints */
1794 while (breakpoint)
1795 {
1796 arm7_9_set_breakpoint(target, breakpoint);
1797 breakpoint = breakpoint->next;
1798 }
1799 }
1800
1801 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1802 {
1803 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1804 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1805 breakpoint_t *breakpoint = target->breakpoints;
1806 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1807 int err, retval = ERROR_OK;
1808
1809 LOG_DEBUG("-");
1810
1811 if (target->state != TARGET_HALTED)
1812 {
1813 LOG_WARNING("target not halted");
1814 return ERROR_TARGET_NOT_HALTED;
1815 }
1816
1817 if (!debug_execution)
1818 {
1819 target_free_all_working_areas(target);
1820 }
1821
1822 /* current = 1: continue on current pc, otherwise continue at <address> */
1823 if (!current)
1824 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1825
1826 uint32_t current_pc;
1827 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1828
1829 /* the front-end may request us not to handle breakpoints */
1830 if (handle_breakpoints)
1831 {
1832 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1833 {
1834 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1835 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1836 {
1837 return retval;
1838 }
1839
1840 /* calculate PC of next instruction */
1841 uint32_t next_pc;
1842 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1843 {
1844 uint32_t current_opcode;
1845 target_read_u32(target, current_pc, &current_opcode);
1846 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1847 return retval;
1848 }
1849
1850 LOG_DEBUG("enable single-step");
1851 arm7_9->enable_single_step(target, next_pc);
1852
1853 target->debug_reason = DBG_REASON_SINGLESTEP;
1854
1855 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1856 {
1857 return retval;
1858 }
1859
1860 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1861 arm7_9->branch_resume(target);
1862 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1863 {
1864 arm7_9->branch_resume_thumb(target);
1865 }
1866 else
1867 {
1868 LOG_ERROR("unhandled core state");
1869 return ERROR_FAIL;
1870 }
1871
1872 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1873 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1874 err = arm7_9_execute_sys_speed(target);
1875
1876 LOG_DEBUG("disable single-step");
1877 arm7_9->disable_single_step(target);
1878
1879 if (err != ERROR_OK)
1880 {
1881 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1882 {
1883 return retval;
1884 }
1885 target->state = TARGET_UNKNOWN;
1886 return err;
1887 }
1888
1889 arm7_9_debug_entry(target);
1890 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1891
1892 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1893 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1894 {
1895 return retval;
1896 }
1897 }
1898 }
1899
1900 /* enable any pending breakpoints and watchpoints */
1901 arm7_9_enable_breakpoints(target);
1902 arm7_9_enable_watchpoints(target);
1903
1904 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1905 {
1906 return retval;
1907 }
1908
1909 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1910 {
1911 arm7_9->branch_resume(target);
1912 }
1913 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1914 {
1915 arm7_9->branch_resume_thumb(target);
1916 }
1917 else
1918 {
1919 LOG_ERROR("unhandled core state");
1920 return ERROR_FAIL;
1921 }
1922
1923 /* deassert DBGACK and INTDIS */
1924 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1925 /* INTDIS only when we really resume, not during debug execution */
1926 if (!debug_execution)
1927 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1928 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1929
1930 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1931 {
1932 return retval;
1933 }
1934
1935 target->debug_reason = DBG_REASON_NOTHALTED;
1936
1937 if (!debug_execution)
1938 {
1939 /* registers are now invalid */
1940 armv4_5_invalidate_core_regs(target);
1941 target->state = TARGET_RUNNING;
1942 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1943 {
1944 return retval;
1945 }
1946 }
1947 else
1948 {
1949 target->state = TARGET_DEBUG_RUNNING;
1950 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1951 {
1952 return retval;
1953 }
1954 }
1955
1956 LOG_DEBUG("target resumed");
1957
1958 return ERROR_OK;
1959 }
1960
1961 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1962 {
1963 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1964 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1965 uint32_t current_pc;
1966 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1967
1968 if (next_pc != current_pc)
1969 {
1970 /* setup an inverse breakpoint on the current PC
1971 * - comparator 1 matches the current address
1972 * - rangeout from comparator 1 is connected to comparator 0 rangein
1973 * - comparator 0 matches any address, as long as rangein is low */
1974 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1983 }
1984 else
1985 {
1986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1990 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1991 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1992 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1993 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1995 }
1996 }
1997
1998 void arm7_9_disable_eice_step(target_t *target)
1999 {
2000 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2001
2002 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2003 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2004 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2005 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2006 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2007 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2008 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2009 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2010 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2011 }
2012
2013 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2014 {
2015 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2016 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2017 breakpoint_t *breakpoint = NULL;
2018 int err, retval;
2019
2020 if (target->state != TARGET_HALTED)
2021 {
2022 LOG_WARNING("target not halted");
2023 return ERROR_TARGET_NOT_HALTED;
2024 }
2025
2026 /* current = 1: continue on current pc, otherwise continue at <address> */
2027 if (!current)
2028 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2029
2030 uint32_t current_pc;
2031 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2032
2033 /* the front-end may request us not to handle breakpoints */
2034 if (handle_breakpoints)
2035 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2036 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2037 {
2038 return retval;
2039 }
2040
2041 target->debug_reason = DBG_REASON_SINGLESTEP;
2042
2043 /* calculate PC of next instruction */
2044 uint32_t next_pc;
2045 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2046 {
2047 uint32_t current_opcode;
2048 target_read_u32(target, current_pc, &current_opcode);
2049 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2050 return retval;
2051 }
2052
2053 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2054 {
2055 return retval;
2056 }
2057
2058 arm7_9->enable_single_step(target, next_pc);
2059
2060 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2061 {
2062 arm7_9->branch_resume(target);
2063 }
2064 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2065 {
2066 arm7_9->branch_resume_thumb(target);
2067 }
2068 else
2069 {
2070 LOG_ERROR("unhandled core state");
2071 return ERROR_FAIL;
2072 }
2073
2074 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2075 {
2076 return retval;
2077 }
2078
2079 err = arm7_9_execute_sys_speed(target);
2080 arm7_9->disable_single_step(target);
2081
2082 /* registers are now invalid */
2083 armv4_5_invalidate_core_regs(target);
2084
2085 if (err != ERROR_OK)
2086 {
2087 target->state = TARGET_UNKNOWN;
2088 } else {
2089 arm7_9_debug_entry(target);
2090 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2091 {
2092 return retval;
2093 }
2094 LOG_DEBUG("target stepped");
2095 }
2096
2097 if (breakpoint)
2098 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2099 {
2100 return retval;
2101 }
2102
2103 return err;
2104 }
2105
2106 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2107 {
2108 uint32_t* reg_p[16];
2109 uint32_t value;
2110 int retval;
2111 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2112 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2113
2114 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2115 return ERROR_FAIL;
2116
2117 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2118
2119 if ((num < 0) || (num > 16))
2120 return ERROR_INVALID_ARGUMENTS;
2121
2122 if ((mode != ARMV4_5_MODE_ANY)
2123 && (mode != armv4_5->core_mode)
2124 && (reg_mode != ARMV4_5_MODE_ANY))
2125 {
2126 uint32_t tmp_cpsr;
2127
2128 /* change processor mode (mask T bit) */
2129 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2130 tmp_cpsr |= mode;
2131 tmp_cpsr &= ~0x20;
2132 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2133 }
2134
2135 if ((num >= 0) && (num <= 15))
2136 {
2137 /* read a normal core register */
2138 reg_p[num] = &value;
2139
2140 arm7_9->read_core_regs(target, 1 << num, reg_p);
2141 }
2142 else
2143 {
2144 /* read a program status register
2145 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2146 */
2147 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2148 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2149
2150 arm7_9->read_xpsr(target, &value, spsr);
2151 }
2152
2153 if ((retval = jtag_execute_queue()) != ERROR_OK)
2154 {
2155 return retval;
2156 }
2157
2158 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2159 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2160 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2161
2162 if ((mode != ARMV4_5_MODE_ANY)
2163 && (mode != armv4_5->core_mode)
2164 && (reg_mode != ARMV4_5_MODE_ANY)) {
2165 /* restore processor mode (mask T bit) */
2166 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2167 }
2168
2169 return ERROR_OK;
2170 }
2171
2172 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2173 {
2174 uint32_t reg[16];
2175 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2176 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2177
2178 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2179 return ERROR_FAIL;
2180
2181 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2182
2183 if ((num < 0) || (num > 16))
2184 return ERROR_INVALID_ARGUMENTS;
2185
2186 if ((mode != ARMV4_5_MODE_ANY)
2187 && (mode != armv4_5->core_mode)
2188 && (reg_mode != ARMV4_5_MODE_ANY)) {
2189 uint32_t tmp_cpsr;
2190
2191 /* change processor mode (mask T bit) */
2192 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2193 tmp_cpsr |= mode;
2194 tmp_cpsr &= ~0x20;
2195 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2196 }
2197
2198 if ((num >= 0) && (num <= 15))
2199 {
2200 /* write a normal core register */
2201 reg[num] = value;
2202
2203 arm7_9->write_core_regs(target, 1 << num, reg);
2204 }
2205 else
2206 {
2207 /* write a program status register
2208 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2209 */
2210 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2211 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2212
2213 /* if we're writing the CPSR, mask the T bit */
2214 if (!spsr)
2215 value &= ~0x20;
2216
2217 arm7_9->write_xpsr(target, value, spsr);
2218 }
2219
2220 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2221 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2222
2223 if ((mode != ARMV4_5_MODE_ANY)
2224 && (mode != armv4_5->core_mode)
2225 && (reg_mode != ARMV4_5_MODE_ANY)) {
2226 /* restore processor mode (mask T bit) */
2227 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2228 }
2229
2230 return jtag_execute_queue();
2231 }
2232
2233 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2234 {
2235 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2236 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2237 uint32_t reg[16];
2238 uint32_t num_accesses = 0;
2239 int thisrun_accesses;
2240 int i;
2241 uint32_t cpsr;
2242 int retval;
2243 int last_reg = 0;
2244
2245 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2246
2247 if (target->state != TARGET_HALTED)
2248 {
2249 LOG_WARNING("target not halted");
2250 return ERROR_TARGET_NOT_HALTED;
2251 }
2252
2253 /* sanitize arguments */
2254 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2255 return ERROR_INVALID_ARGUMENTS;
2256
2257 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2258 return ERROR_TARGET_UNALIGNED_ACCESS;
2259
2260 /* load the base register with the address of the first word */
2261 reg[0] = address;
2262 arm7_9->write_core_regs(target, 0x1, reg);
2263
2264 int j = 0;
2265
2266 switch (size)
2267 {
2268 case 4:
2269 while (num_accesses < count)
2270 {
2271 uint32_t reg_list;
2272 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2273 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2274
2275 if (last_reg <= thisrun_accesses)
2276 last_reg = thisrun_accesses;
2277
2278 arm7_9->load_word_regs(target, reg_list);
2279
2280 /* fast memory reads are only safe when the target is running
2281 * from a sufficiently high clock (32 kHz is usually too slow)
2282 */
2283 if (arm7_9->fast_memory_access)
2284 retval = arm7_9_execute_fast_sys_speed(target);
2285 else
2286 retval = arm7_9_execute_sys_speed(target);
2287 if (retval != ERROR_OK)
2288 return retval;
2289
2290 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2291
2292 /* advance buffer, count number of accesses */
2293 buffer += thisrun_accesses * 4;
2294 num_accesses += thisrun_accesses;
2295
2296 if ((j++%1024) == 0)
2297 {
2298 keep_alive();
2299 }
2300 }
2301 break;
2302 case 2:
2303 while (num_accesses < count)
2304 {
2305 uint32_t reg_list;
2306 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2307 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2308
2309 for (i = 1; i <= thisrun_accesses; i++)
2310 {
2311 if (i > last_reg)
2312 last_reg = i;
2313 arm7_9->load_hword_reg(target, i);
2314 /* fast memory reads are only safe when the target is running
2315 * from a sufficiently high clock (32 kHz is usually too slow)
2316 */
2317 if (arm7_9->fast_memory_access)
2318 retval = arm7_9_execute_fast_sys_speed(target);
2319 else
2320 retval = arm7_9_execute_sys_speed(target);
2321 if (retval != ERROR_OK)
2322 {
2323 return retval;
2324 }
2325
2326 }
2327
2328 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2329
2330 /* advance buffer, count number of accesses */
2331 buffer += thisrun_accesses * 2;
2332 num_accesses += thisrun_accesses;
2333
2334 if ((j++%1024) == 0)
2335 {
2336 keep_alive();
2337 }
2338 }
2339 break;
2340 case 1:
2341 while (num_accesses < count)
2342 {
2343 uint32_t reg_list;
2344 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2345 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2346
2347 for (i = 1; i <= thisrun_accesses; i++)
2348 {
2349 if (i > last_reg)
2350 last_reg = i;
2351 arm7_9->load_byte_reg(target, i);
2352 /* fast memory reads are only safe when the target is running
2353 * from a sufficiently high clock (32 kHz is usually too slow)
2354 */
2355 if (arm7_9->fast_memory_access)
2356 retval = arm7_9_execute_fast_sys_speed(target);
2357 else
2358 retval = arm7_9_execute_sys_speed(target);
2359 if (retval != ERROR_OK)
2360 {
2361 return retval;
2362 }
2363 }
2364
2365 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2366
2367 /* advance buffer, count number of accesses */
2368 buffer += thisrun_accesses * 1;
2369 num_accesses += thisrun_accesses;
2370
2371 if ((j++%1024) == 0)
2372 {
2373 keep_alive();
2374 }
2375 }
2376 break;
2377 default:
2378 LOG_ERROR("BUG: we shouldn't get here");
2379 exit(-1);
2380 break;
2381 }
2382
2383 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2384 return ERROR_FAIL;
2385
2386 for (i = 0; i <= last_reg; i++)
2387 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2388
2389 arm7_9->read_xpsr(target, &cpsr, 0);
2390 if ((retval = jtag_execute_queue()) != ERROR_OK)
2391 {
2392 LOG_ERROR("JTAG error while reading cpsr");
2393 return ERROR_TARGET_DATA_ABORT;
2394 }
2395
2396 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2397 {
2398 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2399
2400 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2401
2402 return ERROR_TARGET_DATA_ABORT;
2403 }
2404
2405 return ERROR_OK;
2406 }
2407
2408 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2409 {
2410 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2411 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2412 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2413
2414 uint32_t reg[16];
2415 uint32_t num_accesses = 0;
2416 int thisrun_accesses;
2417 int i;
2418 uint32_t cpsr;
2419 int retval;
2420 int last_reg = 0;
2421
2422 #ifdef _DEBUG_ARM7_9_
2423 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2424 #endif
2425
2426 if (target->state != TARGET_HALTED)
2427 {
2428 LOG_WARNING("target not halted");
2429 return ERROR_TARGET_NOT_HALTED;
2430 }
2431
2432 /* sanitize arguments */
2433 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2434 return ERROR_INVALID_ARGUMENTS;
2435
2436 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2437 return ERROR_TARGET_UNALIGNED_ACCESS;
2438
2439 /* load the base register with the address of the first word */
2440 reg[0] = address;
2441 arm7_9->write_core_regs(target, 0x1, reg);
2442
2443 /* Clear DBGACK, to make sure memory fetches work as expected */
2444 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2445 embeddedice_store_reg(dbg_ctrl);
2446
2447 switch (size)
2448 {
2449 case 4:
2450 while (num_accesses < count)
2451 {
2452 uint32_t reg_list;
2453 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2454 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2455
2456 for (i = 1; i <= thisrun_accesses; i++)
2457 {
2458 if (i > last_reg)
2459 last_reg = i;
2460 reg[i] = target_buffer_get_u32(target, buffer);
2461 buffer += 4;
2462 }
2463
2464 arm7_9->write_core_regs(target, reg_list, reg);
2465
2466 arm7_9->store_word_regs(target, reg_list);
2467
2468 /* fast memory writes are only safe when the target is running
2469 * from a sufficiently high clock (32 kHz is usually too slow)
2470 */
2471 if (arm7_9->fast_memory_access)
2472 retval = arm7_9_execute_fast_sys_speed(target);
2473 else
2474 retval = arm7_9_execute_sys_speed(target);
2475 if (retval != ERROR_OK)
2476 {
2477 return retval;
2478 }
2479
2480 num_accesses += thisrun_accesses;
2481 }
2482 break;
2483 case 2:
2484 while (num_accesses < count)
2485 {
2486 uint32_t reg_list;
2487 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2488 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2489
2490 for (i = 1; i <= thisrun_accesses; i++)
2491 {
2492 if (i > last_reg)
2493 last_reg = i;
2494 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2495 buffer += 2;
2496 }
2497
2498 arm7_9->write_core_regs(target, reg_list, reg);
2499
2500 for (i = 1; i <= thisrun_accesses; i++)
2501 {
2502 arm7_9->store_hword_reg(target, i);
2503
2504 /* fast memory writes are only safe when the target is running
2505 * from a sufficiently high clock (32 kHz is usually too slow)
2506 */
2507 if (arm7_9->fast_memory_access)
2508 retval = arm7_9_execute_fast_sys_speed(target);
2509 else
2510 retval = arm7_9_execute_sys_speed(target);
2511 if (retval != ERROR_OK)
2512 {
2513 return retval;
2514 }
2515 }
2516
2517 num_accesses += thisrun_accesses;
2518 }
2519 break;
2520 case 1:
2521 while (num_accesses < count)
2522 {
2523 uint32_t reg_list;
2524 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2525 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2526
2527 for (i = 1; i <= thisrun_accesses; i++)
2528 {
2529 if (i > last_reg)
2530 last_reg = i;
2531 reg[i] = *buffer++ & 0xff;
2532 }
2533
2534 arm7_9->write_core_regs(target, reg_list, reg);
2535
2536 for (i = 1; i <= thisrun_accesses; i++)
2537 {
2538 arm7_9->store_byte_reg(target, i);
2539 /* fast memory writes are only safe when the target is running
2540 * from a sufficiently high clock (32 kHz is usually too slow)
2541 */
2542 if (arm7_9->fast_memory_access)
2543 retval = arm7_9_execute_fast_sys_speed(target);
2544 else
2545 retval = arm7_9_execute_sys_speed(target);
2546 if (retval != ERROR_OK)
2547 {
2548 return retval;
2549 }
2550
2551 }
2552
2553 num_accesses += thisrun_accesses;
2554 }
2555 break;
2556 default:
2557 LOG_ERROR("BUG: we shouldn't get here");
2558 exit(-1);
2559 break;
2560 }
2561
2562 /* Re-Set DBGACK */
2563 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2564 embeddedice_store_reg(dbg_ctrl);
2565
2566 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2567 return ERROR_FAIL;
2568
2569 for (i = 0; i <= last_reg; i++)
2570 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2571
2572 arm7_9->read_xpsr(target, &cpsr, 0);
2573 if ((retval = jtag_execute_queue()) != ERROR_OK)
2574 {
2575 LOG_ERROR("JTAG error while reading cpsr");
2576 return ERROR_TARGET_DATA_ABORT;
2577 }
2578
2579 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2580 {
2581 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2582
2583 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2584
2585 return ERROR_TARGET_DATA_ABORT;
2586 }
2587
2588 return ERROR_OK;
2589 }
2590
2591 static int dcc_count;
2592 static uint8_t *dcc_buffer;
2593
2594 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2595 {
2596 int retval = ERROR_OK;
2597 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2598
2599 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2600 return retval;
2601
2602 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2603 int count = dcc_count;
2604 uint8_t *buffer = dcc_buffer;
2605 if (count > 2)
2606 {
2607 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2608 * core function repeated. */
2609 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2610 buffer += 4;
2611
2612 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2613 uint8_t reg_addr = ice_reg->addr & 0x1f;
2614 jtag_tap_t *tap;
2615 tap = ice_reg->jtag_info->tap;
2616
2617 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2618 buffer += (count-2)*4;
2619
2620 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2621 } else
2622 {
2623 int i;
2624 for (i = 0; i < count; i++)
2625 {
2626 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2627 buffer += 4;
2628 }
2629 }
2630
2631 if ((retval = target_halt(target))!= ERROR_OK)
2632 {
2633 return retval;
2634 }
2635 return target_wait_state(target, TARGET_HALTED, 500);
2636 }
2637
2638 static const uint32_t dcc_code[] =
2639 {
2640 /* r0 == input, points to memory buffer
2641 * r1 == scratch
2642 */
2643
2644 /* spin until DCC control (c0) reports data arrived */
2645 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2646 0xe3110001, /* tst r1, #1 */
2647 0x0afffffc, /* bne w */
2648
2649 /* read word from DCC (c1), write to memory */
2650 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2651 0xe4801004, /* str r1, [r0], #4 */
2652
2653 /* repeat */
2654 0xeafffff9 /* b w */
2655 };
2656
2657 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2658
2659 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2660 {
2661 int retval;
2662 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2663 int i;
2664
2665 if (!arm7_9->dcc_downloads)
2666 return target_write_memory(target, address, 4, count, buffer);
2667
2668 /* regrab previously allocated working_area, or allocate a new one */
2669 if (!arm7_9->dcc_working_area)
2670 {
2671 uint8_t dcc_code_buf[6 * 4];
2672
2673 /* make sure we have a working area */
2674 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2675 {
2676 LOG_INFO("no working area available, falling back to memory writes");
2677 return target_write_memory(target, address, 4, count, buffer);
2678 }
2679
2680 /* copy target instructions to target endianness */
2681 for (i = 0; i < 6; i++)
2682 {
2683 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2684 }
2685
2686 /* write DCC code to working area */
2687 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2688 {
2689 return retval;
2690 }
2691 }
2692
2693 armv4_5_algorithm_t armv4_5_info;
2694 reg_param_t reg_params[1];
2695
2696 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2697 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2698 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2699
2700 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2701
2702 buf_set_u32(reg_params[0].value, 0, 32, address);
2703
2704 dcc_count = count;
2705 dcc_buffer = buffer;
2706 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2707 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2708
2709 if (retval == ERROR_OK)
2710 {
2711 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2712 if (endaddress != (address + count*4))
2713 {
2714 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2715 retval = ERROR_FAIL;
2716 }
2717 }
2718
2719 destroy_reg_param(&reg_params[0]);
2720
2721 return retval;
2722 }
2723
2724 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2725 {
2726 working_area_t *crc_algorithm;
2727 armv4_5_algorithm_t armv4_5_info;
2728 reg_param_t reg_params[2];
2729 int retval;
2730
2731 static const uint32_t arm7_9_crc_code[] = {
2732 0xE1A02000, /* mov r2, r0 */
2733 0xE3E00000, /* mov r0, #0xffffffff */
2734 0xE1A03001, /* mov r3, r1 */
2735 0xE3A04000, /* mov r4, #0 */
2736 0xEA00000B, /* b ncomp */
2737 /* nbyte: */
2738 0xE7D21004, /* ldrb r1, [r2, r4] */
2739 0xE59F7030, /* ldr r7, CRC32XOR */
2740 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2741 0xE3A05000, /* mov r5, #0 */
2742 /* loop: */
2743 0xE3500000, /* cmp r0, #0 */
2744 0xE1A06080, /* mov r6, r0, asl #1 */
2745 0xE2855001, /* add r5, r5, #1 */
2746 0xE1A00006, /* mov r0, r6 */
2747 0xB0260007, /* eorlt r0, r6, r7 */
2748 0xE3550008, /* cmp r5, #8 */
2749 0x1AFFFFF8, /* bne loop */
2750 0xE2844001, /* add r4, r4, #1 */
2751 /* ncomp: */
2752 0xE1540003, /* cmp r4, r3 */
2753 0x1AFFFFF1, /* bne nbyte */
2754 /* end: */
2755 0xEAFFFFFE, /* b end */
2756 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2757 };
2758
2759 uint32_t i;
2760
2761 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2762 {
2763 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2764 }
2765
2766 /* convert flash writing code into a buffer in target endianness */
2767 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2768 {
2769 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2770 {
2771 return retval;
2772 }
2773 }
2774
2775 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2776 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2777 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2778
2779 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2780 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2781
2782 buf_set_u32(reg_params[0].value, 0, 32, address);
2783 buf_set_u32(reg_params[1].value, 0, 32, count);
2784
2785 /* 20 second timeout/megabyte */
2786 int timeout = 20000 * (1 + (count / (1024*1024)));
2787
2788 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2789 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2790 {
2791 LOG_ERROR("error executing arm7_9 crc algorithm");
2792 destroy_reg_param(&reg_params[0]);
2793 destroy_reg_param(&reg_params[1]);
2794 target_free_working_area(target, crc_algorithm);
2795 return retval;
2796 }
2797
2798 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2799
2800 destroy_reg_param(&reg_params[0]);
2801 destroy_reg_param(&reg_params[1]);
2802
2803 target_free_working_area(target, crc_algorithm);
2804
2805 return ERROR_OK;
2806 }
2807
2808 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2809 {
2810 working_area_t *erase_check_algorithm;
2811 reg_param_t reg_params[3];
2812 armv4_5_algorithm_t armv4_5_info;
2813 int retval;
2814 uint32_t i;
2815
2816 static const uint32_t erase_check_code[] =
2817 {
2818 /* loop: */
2819 0xe4d03001, /* ldrb r3, [r0], #1 */
2820 0xe0022003, /* and r2, r2, r3 */
2821 0xe2511001, /* subs r1, r1, #1 */
2822 0x1afffffb, /* bne loop */
2823 /* end: */
2824 0xeafffffe /* b end */
2825 };
2826
2827 /* make sure we have a working area */
2828 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2829 {
2830 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2831 }
2832
2833 /* convert flash writing code into a buffer in target endianness */
2834 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2835 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2836 {
2837 return retval;
2838 }
2839
2840 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2841 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2842 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2843
2844 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2845 buf_set_u32(reg_params[0].value, 0, 32, address);
2846
2847 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2848 buf_set_u32(reg_params[1].value, 0, 32, count);
2849
2850 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2851 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2852
2853 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2854 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2855 {
2856 destroy_reg_param(&reg_params[0]);
2857 destroy_reg_param(&reg_params[1]);
2858 destroy_reg_param(&reg_params[2]);
2859 target_free_working_area(target, erase_check_algorithm);
2860 return 0;
2861 }
2862
2863 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2864
2865 destroy_reg_param(&reg_params[0]);
2866 destroy_reg_param(&reg_params[1]);
2867 destroy_reg_param(&reg_params[2]);
2868
2869 target_free_working_area(target, erase_check_algorithm);
2870
2871 return ERROR_OK;
2872 }
2873
2874 COMMAND_HANDLER(handle_arm7_9_write_xpsr_command)
2875 {
2876 uint32_t value;
2877 int spsr;
2878 int retval;
2879 target_t *target = get_current_target(cmd_ctx);
2880 armv4_5_common_t *armv4_5;
2881 arm7_9_common_t *arm7_9;
2882
2883 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2884 {
2885 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2886 return ERROR_OK;
2887 }
2888
2889 if (target->state != TARGET_HALTED)
2890 {
2891 command_print(cmd_ctx, "can't write registers while running");
2892 return ERROR_OK;
2893 }
2894
2895 if (argc < 2)
2896 {
2897 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2898 return ERROR_OK;
2899 }
2900
2901 COMMAND_PARSE_NUMBER(u32, args[0], value);
2902 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2903
2904 /* if we're writing the CPSR, mask the T bit */
2905 if (!spsr)
2906 value &= ~0x20;
2907
2908 arm7_9->write_xpsr(target, value, spsr);
2909 if ((retval = jtag_execute_queue()) != ERROR_OK)
2910 {
2911 LOG_ERROR("JTAG error while writing to xpsr");
2912 return retval;
2913 }
2914
2915 return ERROR_OK;
2916 }
2917
2918 COMMAND_HANDLER(handle_arm7_9_write_xpsr_im8_command)
2919 {
2920 uint32_t value;
2921 int rotate;
2922 int spsr;
2923 int retval;
2924 target_t *target = get_current_target(cmd_ctx);
2925 armv4_5_common_t *armv4_5;
2926 arm7_9_common_t *arm7_9;
2927
2928 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2929 {
2930 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2931 return ERROR_OK;
2932 }
2933
2934 if (target->state != TARGET_HALTED)
2935 {
2936 command_print(cmd_ctx, "can't write registers while running");
2937 return ERROR_OK;
2938 }
2939
2940 if (argc < 3)
2941 {
2942 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2943 return ERROR_OK;
2944 }
2945
2946 COMMAND_PARSE_NUMBER(u32, args[0], value);
2947 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2948 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2949
2950 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2951 if ((retval = jtag_execute_queue()) != ERROR_OK)
2952 {
2953 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2954 return retval;
2955 }
2956
2957 return ERROR_OK;
2958 }
2959
2960 COMMAND_HANDLER(handle_arm7_9_write_core_reg_command)
2961 {
2962 uint32_t value;
2963 uint32_t mode;
2964 int num;
2965 target_t *target = get_current_target(cmd_ctx);
2966 armv4_5_common_t *armv4_5;
2967 arm7_9_common_t *arm7_9;
2968
2969 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2970 {
2971 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2972 return ERROR_OK;
2973 }
2974
2975 if (target->state != TARGET_HALTED)
2976 {
2977 command_print(cmd_ctx, "can't write registers while running");
2978 return ERROR_OK;
2979 }
2980
2981 if (argc < 3)
2982 {
2983 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2984 return ERROR_OK;
2985 }
2986
2987 COMMAND_PARSE_NUMBER(int, args[0], num);
2988 COMMAND_PARSE_NUMBER(u32, args[1], mode);
2989 COMMAND_PARSE_NUMBER(u32, args[2], value);
2990
2991 return arm7_9_write_core_reg(target, num, mode, value);
2992 }
2993
2994 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2995 {
2996 target_t *target = get_current_target(cmd_ctx);
2997 armv4_5_common_t *armv4_5;
2998 arm7_9_common_t *arm7_9;
2999
3000 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3001 {
3002 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3003 return ERROR_OK;
3004 }
3005
3006 if (argc > 0)
3007 {
3008 if (strcmp("enable", args[0]) == 0)
3009 {
3010 arm7_9->use_dbgrq = 1;
3011 }
3012 else if (strcmp("disable", args[0]) == 0)
3013 {
3014 arm7_9->use_dbgrq = 0;
3015 }
3016 else
3017 {
3018 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3019 }
3020 }
3021
3022 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3023
3024 return ERROR_OK;
3025 }
3026
3027 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
3028 {
3029 target_t *target = get_current_target(cmd_ctx);
3030 armv4_5_common_t *armv4_5;
3031 arm7_9_common_t *arm7_9;
3032
3033 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3034 {
3035 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3036 return ERROR_OK;
3037 }
3038
3039 if (argc > 0)
3040 {
3041 if (strcmp("enable", args[0]) == 0)
3042 {
3043 arm7_9->fast_memory_access = 1;
3044 }
3045 else if (strcmp("disable", args[0]) == 0)
3046 {
3047 arm7_9->fast_memory_access = 0;
3048 }
3049 else
3050 {
3051 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3052 }
3053 }
3054
3055 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3056
3057 return ERROR_OK;
3058 }
3059
3060 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
3061 {
3062 target_t *target = get_current_target(cmd_ctx);
3063 armv4_5_common_t *armv4_5;
3064 arm7_9_common_t *arm7_9;
3065
3066 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3067 {
3068 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3069 return ERROR_OK;
3070 }
3071
3072 if (argc > 0)
3073 {
3074 if (strcmp("enable", args[0]) == 0)
3075 {
3076 arm7_9->dcc_downloads = 1;
3077 }
3078 else if (strcmp("disable", args[0]) == 0)
3079 {
3080 arm7_9->dcc_downloads = 0;
3081 }
3082 else
3083 {
3084 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3085 }
3086 }
3087
3088 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3089
3090 return ERROR_OK;
3091 }
3092
3093 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3094 {
3095 int retval = ERROR_OK;
3096 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3097
3098 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3099
3100 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3101 return retval;
3102
3103 /* caller must have allocated via calloc(), so everything's zeroed */
3104
3105 arm7_9->wp_available_max = 2;
3106
3107 arm7_9->fast_memory_access = fast_and_dangerous;
3108 arm7_9->dcc_downloads = fast_and_dangerous;
3109
3110 armv4_5->arch_info = arm7_9;
3111 armv4_5->read_core_reg = arm7_9_read_core_reg;
3112 armv4_5->write_core_reg = arm7_9_write_core_reg;
3113 armv4_5->full_context = arm7_9_full_context;
3114
3115 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3116 return retval;
3117
3118 return target_register_timer_callback(arm7_9_handle_target_request,
3119 1, 1, target);
3120 }
3121
3122 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
3123 {
3124 command_t *arm7_9_cmd;
3125
3126 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9",
3127 NULL, COMMAND_ANY, "arm7/9 specific commands");
3128
3129 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr",
3130 handle_arm7_9_write_xpsr_command, COMMAND_EXEC,
3131 "write program status register <value> <not cpsr | spsr>");
3132 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8",
3133 handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC,
3134 "write program status register "
3135 "<8bit immediate> <rotate> <not cpsr | spsr>");
3136
3137 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg",
3138 handle_arm7_9_write_core_reg_command, COMMAND_EXEC,
3139 "write core register <num> <mode> <value>");
3140
3141 register_command(cmd_ctx, arm7_9_cmd, "dbgrq",
3142 handle_arm7_9_dbgrq_command, COMMAND_ANY,
3143 "use EmbeddedICE dbgrq instead of breakpoint "
3144 "for target halt requests <enable | disable>");
3145 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access",
3146 handle_arm7_9_fast_memory_access_command, COMMAND_ANY,
3147 "use fast memory accesses instead of slower "
3148 "but potentially safer accesses <enable | disable>");
3149 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads",
3150 handle_arm7_9_dcc_downloads_command, COMMAND_ANY,
3151 "use DCC downloads for larger memory writes <enable | disable>");
3152
3153 armv4_5_register_commands(cmd_ctx);
3154
3155 etm_register_commands(cmd_ctx);
3156
3157 return ERROR_OK;
3158 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)