Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
more debug output for breakpoints
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoint_count = 0;
65 arm7_9->sw_breakpoints_added = 0;
66 arm7_9->wp0_used = 0;
67 arm7_9->wp1_used = arm7_9->wp1_used_default;
68 arm7_9->wp_available = arm7_9->wp_available_max;
69
70 return jtag_execute_queue();
71 }
72
73 /**
74 * Assign a watchpoint to one of the two available hardware comparators in an
75 * ARM7 or ARM9 target.
76 *
77 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
78 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
79 */
80 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
81 {
82 if (!arm7_9->wp0_used)
83 {
84 arm7_9->wp0_used = 1;
85 breakpoint->set = 1;
86 arm7_9->wp_available--;
87 }
88 else if (!arm7_9->wp1_used)
89 {
90 arm7_9->wp1_used = 1;
91 breakpoint->set = 2;
92 arm7_9->wp_available--;
93 }
94 else
95 {
96 LOG_ERROR("BUG: no hardware comparator available");
97 }
98 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
99 breakpoint->unique_id,
100 breakpoint->address,
101 breakpoint->set );
102 }
103
104 /**
105 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
106 *
107 * @param arm7_9 Pointer to common struct for ARM7/9 targets
108 * @return Error codes if there is a problem finding a watchpoint or the result
109 * of executing the JTAG queue
110 */
111 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
112 {
113 if (arm7_9->sw_breakpoints_added)
114 {
115 return ERROR_OK;
116 }
117 if (arm7_9->wp_available < 1)
118 {
119 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
120 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
121 }
122 arm7_9->wp_available--;
123
124 /* pick a breakpoint unit */
125 if (!arm7_9->wp0_used)
126 {
127 arm7_9->sw_breakpoints_added = 1;
128 arm7_9->wp0_used = 3;
129 } else if (!arm7_9->wp1_used)
130 {
131 arm7_9->sw_breakpoints_added = 2;
132 arm7_9->wp1_used = 3;
133 }
134 else
135 {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1)
141 {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 }
148 else if (arm7_9->sw_breakpoints_added == 2)
149 {
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
155 }
156 else
157 {
158 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
159 return ERROR_FAIL;
160 }
161 LOG_DEBUG("SW BP using hw wp: %d",
162 arm7_9->sw_breakpoints_added );
163
164 return jtag_execute_queue();
165 }
166
167 /**
168 * Setup the common pieces for an ARM7/9 target after reset or on startup.
169 *
170 * @param target Pointer to an ARM7/9 target to setup
171 * @return Result of clearing the watchpoints on the target
172 */
173 int arm7_9_setup(target_t *target)
174 {
175 armv4_5_common_t *armv4_5 = target->arch_info;
176 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
177
178 return arm7_9_clear_watchpoints(arm7_9);
179 }
180
181 /**
182 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
183 * targets. A return of ERROR_OK signifies that the target is a valid target
184 * and that the pointers have been set properly.
185 *
186 * @param target Pointer to the target device to get the pointers from
187 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
188 * targets
189 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
190 * targets
191 * @return ERROR_OK if successful
192 */
193 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
194 {
195 armv4_5_common_t *armv4_5 = target->arch_info;
196 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
197
198 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
199 {
200 return -1;
201 }
202
203 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
204 {
205 return -1;
206 }
207
208 *armv4_5_p = armv4_5;
209 *arm7_9_p = arm7_9;
210
211 return ERROR_OK;
212 }
213
214 /**
215 * Set either a hardware or software breakpoint on an ARM7/9 target. The
216 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
217 * might have erased the values in Embedded ICE.
218 *
219 * @param target Pointer to the target device to set the breakpoints on
220 * @param breakpoint Pointer to the breakpoint to be set
221 * @return For hardware breakpoints, this is the result of executing the JTAG
222 * queue. For software breakpoints, this will be the status of the
223 * required memory reads and writes
224 */
225 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
226 {
227 armv4_5_common_t *armv4_5 = target->arch_info;
228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
229 int retval = ERROR_OK;
230
231 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
232 breakpoint->unique_id,
233 breakpoint->address,
234 breakpoint->type);
235
236 if (target->state != TARGET_HALTED)
237 {
238 LOG_WARNING("target not halted");
239 return ERROR_TARGET_NOT_HALTED;
240 }
241
242 if (breakpoint->type == BKPT_HARD)
243 {
244 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
245 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
246
247 /* reassign a hw breakpoint */
248 if (breakpoint->set == 0)
249 {
250 arm7_9_assign_wp(arm7_9, breakpoint);
251 }
252
253 if (breakpoint->set == 1)
254 {
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
258 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
259 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
260 }
261 else if (breakpoint->set == 2)
262 {
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
266 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
267 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
268 }
269 else
270 {
271 LOG_ERROR("BUG: no hardware comparator available");
272 return ERROR_OK;
273 }
274
275 retval = jtag_execute_queue();
276 }
277 else if (breakpoint->type == BKPT_SOFT)
278 {
279 /* did we already set this breakpoint? */
280 if (breakpoint->set)
281 return ERROR_OK;
282
283 if (breakpoint->length == 4)
284 {
285 uint32_t verify = 0xffffffff;
286 /* keep the original instruction in target endianness */
287 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
288 {
289 return retval;
290 }
291 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
292 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
293 {
294 return retval;
295 }
296
297 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
298 {
299 return retval;
300 }
301 if (verify != arm7_9->arm_bkpt)
302 {
303 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
304 return ERROR_OK;
305 }
306 }
307 else
308 {
309 uint16_t verify = 0xffff;
310 /* keep the original instruction in target endianness */
311 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
312 {
313 return retval;
314 }
315 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
316 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
317 {
318 return retval;
319 }
320
321 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
322 {
323 return retval;
324 }
325 if (verify != arm7_9->thumb_bkpt)
326 {
327 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
328 return ERROR_OK;
329 }
330 }
331
332 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
333 return retval;
334
335 arm7_9->sw_breakpoint_count++;
336
337 breakpoint->set = 1;
338 }
339
340 return retval;
341 }
342
343 /**
344 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
345 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
346 * will be updated. Otherwise, the software breakpoint will be restored to its
347 * original instruction if it hasn't already been modified.
348 *
349 * @param target Pointer to ARM7/9 target to unset the breakpoint from
350 * @param breakpoint Pointer to breakpoint to be unset
351 * @return For hardware breakpoints, this is the result of executing the JTAG
352 * queue. For software breakpoints, this will be the status of the
353 * required memory reads and writes
354 */
355 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
356 {
357 int retval = ERROR_OK;
358
359 armv4_5_common_t *armv4_5 = target->arch_info;
360 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
361
362 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
363 breakpoint->unique_id,
364 breakpoint->address );
365
366 if (!breakpoint->set)
367 {
368 LOG_WARNING("breakpoint not set");
369 return ERROR_OK;
370 }
371
372 if (breakpoint->type == BKPT_HARD)
373 {
374 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
375 breakpoint->unique_id,
376 breakpoint->set );
377 if (breakpoint->set == 1)
378 {
379 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
380 arm7_9->wp0_used = 0;
381 arm7_9->wp_available++;
382 }
383 else if (breakpoint->set == 2)
384 {
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
386 arm7_9->wp1_used = 0;
387 arm7_9->wp_available++;
388 }
389 retval = jtag_execute_queue();
390 breakpoint->set = 0;
391 }
392 else
393 {
394 /* restore original instruction (kept in target endianness) */
395 if (breakpoint->length == 4)
396 {
397 uint32_t current_instr;
398 /* check that user program as not modified breakpoint instruction */
399 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 if (current_instr == arm7_9->arm_bkpt)
404 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
405 {
406 return retval;
407 }
408 }
409 else
410 {
411 uint16_t current_instr;
412 /* check that user program as not modified breakpoint instruction */
413 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 if (current_instr == arm7_9->thumb_bkpt)
418 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
419 {
420 return retval;
421 }
422 }
423
424 if (--arm7_9->sw_breakpoint_count==0)
425 {
426 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
427 if (arm7_9->sw_breakpoints_added == 1)
428 {
429 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
430 }
431 else if (arm7_9->sw_breakpoints_added == 2)
432 {
433 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
434 }
435 }
436
437 breakpoint->set = 0;
438 }
439
440 return retval;
441 }
442
443 /**
444 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
445 * dangling breakpoints and that the desired breakpoint can be added.
446 *
447 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
448 * @param breakpoint Pointer to the breakpoint to be added
449 * @return An error status if there is a problem adding the breakpoint or the
450 * result of setting the breakpoint
451 */
452 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
453 {
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
456
457 if (target->state != TARGET_HALTED)
458 {
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
461 }
462
463 if (arm7_9->breakpoint_count == 0)
464 {
465 /* make sure we don't have any dangling breakpoints. This is vital upon
466 * GDB connect/disconnect
467 */
468 arm7_9_clear_watchpoints(arm7_9);
469 }
470
471 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
472 {
473 LOG_INFO("no watchpoint unit available for hardware breakpoint");
474 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
475 }
476
477 if ((breakpoint->length != 2) && (breakpoint->length != 4))
478 {
479 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
480 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
481 }
482
483 if (breakpoint->type == BKPT_HARD)
484 {
485 arm7_9_assign_wp(arm7_9, breakpoint);
486 }
487
488 arm7_9->breakpoint_count++;
489
490 return arm7_9_set_breakpoint(target, breakpoint);
491 }
492
493 /**
494 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
495 * dangling breakpoints and updates available watchpoints if it is a hardware
496 * breakpoint.
497 *
498 * @param target Pointer to the target to have a breakpoint removed
499 * @param breakpoint Pointer to the breakpoint to be removed
500 * @return Error status if there was a problem unsetting the breakpoint or the
501 * watchpoints could not be cleared
502 */
503 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
504 {
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
508
509 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
510 {
511 return retval;
512 }
513
514 if (breakpoint->type == BKPT_HARD)
515 arm7_9->wp_available++;
516
517 arm7_9->breakpoint_count--;
518 if (arm7_9->breakpoint_count == 0)
519 {
520 /* make sure we don't have any dangling breakpoints */
521 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
522 {
523 return retval;
524 }
525 }
526
527 return ERROR_OK;
528 }
529
530 /**
531 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
532 * considered a bug to call this function when there are no available watchpoint
533 * units.
534 *
535 * @param target Pointer to an ARM7/9 target to set a watchpoint on
536 * @param watchpoint Pointer to the watchpoint to be set
537 * @return Error status if watchpoint set fails or the result of executing the
538 * JTAG queue
539 */
540 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
541 {
542 int retval = ERROR_OK;
543 armv4_5_common_t *armv4_5 = target->arch_info;
544 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
545 int rw_mask = 1;
546 uint32_t mask;
547
548 mask = watchpoint->length - 1;
549
550 if (target->state != TARGET_HALTED)
551 {
552 LOG_WARNING("target not halted");
553 return ERROR_TARGET_NOT_HALTED;
554 }
555
556 if (watchpoint->rw == WPT_ACCESS)
557 rw_mask = 0;
558 else
559 rw_mask = 1;
560
561 if (!arm7_9->wp0_used)
562 {
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
564 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
566 if (watchpoint->mask != 0xffffffffu)
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
568 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
569 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
570
571 if ((retval = jtag_execute_queue()) != ERROR_OK)
572 {
573 return retval;
574 }
575 watchpoint->set = 1;
576 arm7_9->wp0_used = 2;
577 }
578 else if (!arm7_9->wp1_used)
579 {
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
581 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
582 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
583 if (watchpoint->mask != 0xffffffffu)
584 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
585 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
586 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
587
588 if ((retval = jtag_execute_queue()) != ERROR_OK)
589 {
590 return retval;
591 }
592 watchpoint->set = 2;
593 arm7_9->wp1_used = 2;
594 }
595 else
596 {
597 LOG_ERROR("BUG: no hardware comparator available");
598 return ERROR_OK;
599 }
600
601 return ERROR_OK;
602 }
603
604 /**
605 * Unset an existing watchpoint and clear the used watchpoint unit.
606 *
607 * @param target Pointer to the target to have the watchpoint removed
608 * @param watchpoint Pointer to the watchpoint to be removed
609 * @return Error status while trying to unset the watchpoint or the result of
610 * executing the JTAG queue
611 */
612 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
613 {
614 int retval = ERROR_OK;
615 armv4_5_common_t *armv4_5 = target->arch_info;
616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
617
618 if (target->state != TARGET_HALTED)
619 {
620 LOG_WARNING("target not halted");
621 return ERROR_TARGET_NOT_HALTED;
622 }
623
624 if (!watchpoint->set)
625 {
626 LOG_WARNING("breakpoint not set");
627 return ERROR_OK;
628 }
629
630 if (watchpoint->set == 1)
631 {
632 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
633 if ((retval = jtag_execute_queue()) != ERROR_OK)
634 {
635 return retval;
636 }
637 arm7_9->wp0_used = 0;
638 }
639 else if (watchpoint->set == 2)
640 {
641 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
642 if ((retval = jtag_execute_queue()) != ERROR_OK)
643 {
644 return retval;
645 }
646 arm7_9->wp1_used = 0;
647 }
648 watchpoint->set = 0;
649
650 return ERROR_OK;
651 }
652
653 /**
654 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
655 * available, an error response is returned.
656 *
657 * @param target Pointer to the ARM7/9 target to add a watchpoint to
658 * @param watchpoint Pointer to the watchpoint to be added
659 * @return Error status while trying to add the watchpoint
660 */
661 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
662 {
663 armv4_5_common_t *armv4_5 = target->arch_info;
664 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
665
666 if (target->state != TARGET_HALTED)
667 {
668 LOG_WARNING("target not halted");
669 return ERROR_TARGET_NOT_HALTED;
670 }
671
672 if (arm7_9->wp_available < 1)
673 {
674 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
675 }
676
677 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
678 {
679 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
680 }
681
682 arm7_9->wp_available--;
683
684 return ERROR_OK;
685 }
686
687 /**
688 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
689 * the used watchpoint unit will be reopened.
690 *
691 * @param target Pointer to the target to remove a watchpoint from
692 * @param watchpoint Pointer to the watchpoint to be removed
693 * @return Result of trying to unset the watchpoint
694 */
695 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
696 {
697 int retval = ERROR_OK;
698 armv4_5_common_t *armv4_5 = target->arch_info;
699 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
700
701 if (watchpoint->set)
702 {
703 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
704 {
705 return retval;
706 }
707 }
708
709 arm7_9->wp_available++;
710
711 return ERROR_OK;
712 }
713
714 /**
715 * Restarts the target by sending a RESTART instruction and moving the JTAG
716 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
717 * asserted by the processor.
718 *
719 * @param target Pointer to target to issue commands to
720 * @return Error status if there is a timeout or a problem while executing the
721 * JTAG queue
722 */
723 int arm7_9_execute_sys_speed(struct target_s *target)
724 {
725 int retval;
726
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
730 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
731
732 /* set RESTART instruction */
733 jtag_set_end_state(TAP_IDLE);
734 if (arm7_9->need_bypass_before_restart) {
735 arm7_9->need_bypass_before_restart = 0;
736 arm_jtag_set_instr(jtag_info, 0xf, NULL);
737 }
738 arm_jtag_set_instr(jtag_info, 0x4, NULL);
739
740 long long then = timeval_ms();
741 int timeout;
742 while (!(timeout = ((timeval_ms()-then) > 1000)))
743 {
744 /* read debug status register */
745 embeddedice_read_reg(dbg_stat);
746 if ((retval = jtag_execute_queue()) != ERROR_OK)
747 return retval;
748 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
749 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
750 break;
751 if (debug_level >= 3)
752 {
753 alive_sleep(100);
754 } else
755 {
756 keep_alive();
757 }
758 }
759 if (timeout)
760 {
761 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
762 return ERROR_TARGET_TIMEOUT;
763 }
764
765 return ERROR_OK;
766 }
767
768 /**
769 * Restarts the target by sending a RESTART instruction and moving the JTAG
770 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
771 * waiting until they are.
772 *
773 * @param target Pointer to the target to issue commands to
774 * @return Always ERROR_OK
775 */
776 int arm7_9_execute_fast_sys_speed(struct target_s *target)
777 {
778 static int set = 0;
779 static uint8_t check_value[4], check_mask[4];
780
781 armv4_5_common_t *armv4_5 = target->arch_info;
782 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
783 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
784 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
785
786 /* set RESTART instruction */
787 jtag_set_end_state(TAP_IDLE);
788 if (arm7_9->need_bypass_before_restart) {
789 arm7_9->need_bypass_before_restart = 0;
790 arm_jtag_set_instr(jtag_info, 0xf, NULL);
791 }
792 arm_jtag_set_instr(jtag_info, 0x4, NULL);
793
794 if (!set)
795 {
796 /* check for DBGACK and SYSCOMP set (others don't care) */
797
798 /* NB! These are constants that must be available until after next jtag_execute() and
799 * we evaluate the values upon first execution in lieu of setting up these constants
800 * during early setup.
801 * */
802 buf_set_u32(check_value, 0, 32, 0x9);
803 buf_set_u32(check_mask, 0, 32, 0x9);
804 set = 1;
805 }
806
807 /* read debug status register */
808 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
809
810 return ERROR_OK;
811 }
812
813 /**
814 * Get some data from the ARM7/9 target.
815 *
816 * @param target Pointer to the ARM7/9 target to read data from
817 * @param size The number of 32bit words to be read
818 * @param buffer Pointer to the buffer that will hold the data
819 * @return The result of receiving data from the Embedded ICE unit
820 */
821 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
822 {
823 armv4_5_common_t *armv4_5 = target->arch_info;
824 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
825 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
826 uint32_t *data;
827 int retval = ERROR_OK;
828 uint32_t i;
829
830 data = malloc(size * (sizeof(uint32_t)));
831
832 retval = embeddedice_receive(jtag_info, data, size);
833
834 /* return the 32-bit ints in the 8-bit array */
835 for (i = 0; i < size; i++)
836 {
837 h_u32_to_le(buffer + (i * 4), data[i]);
838 }
839
840 free(data);
841
842 return retval;
843 }
844
845 /**
846 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
847 * target is running and the DCC control register has the W bit high, this will
848 * execute the request on the target.
849 *
850 * @param priv Void pointer expected to be a target_t pointer
851 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
852 * from the Embedded ICE unit
853 */
854 int arm7_9_handle_target_request(void *priv)
855 {
856 int retval = ERROR_OK;
857 target_t *target = priv;
858 if (!target_was_examined(target))
859 return ERROR_OK;
860 armv4_5_common_t *armv4_5 = target->arch_info;
861 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
862 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
863 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
864
865 if (!target->dbg_msg_enabled)
866 return ERROR_OK;
867
868 if (target->state == TARGET_RUNNING)
869 {
870 /* read DCC control register */
871 embeddedice_read_reg(dcc_control);
872 if ((retval = jtag_execute_queue()) != ERROR_OK)
873 {
874 return retval;
875 }
876
877 /* check W bit */
878 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
879 {
880 uint32_t request;
881
882 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
883 {
884 return retval;
885 }
886 if ((retval = target_request(target, request)) != ERROR_OK)
887 {
888 return retval;
889 }
890 }
891 }
892
893 return ERROR_OK;
894 }
895
896 /**
897 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
898 * is manipulated to the right halted state based on its current state. This is
899 * what happens:
900 *
901 * <table>
902 * <tr><th > State</th><th > Action</th></tr>
903 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
904 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
905 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
906 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
907 * </table>
908 *
909 * If the target does not end up in the halted state, a warning is produced. If
910 * DBGACK is cleared, then the target is expected to either be running or
911 * running in debug.
912 *
913 * @param target Pointer to the ARM7/9 target to poll
914 * @return ERROR_OK or an error status if a command fails
915 */
916 int arm7_9_poll(target_t *target)
917 {
918 int retval;
919 armv4_5_common_t *armv4_5 = target->arch_info;
920 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
921 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
922
923 /* read debug status register */
924 embeddedice_read_reg(dbg_stat);
925 if ((retval = jtag_execute_queue()) != ERROR_OK)
926 {
927 return retval;
928 }
929
930 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
931 {
932 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
933 if (target->state == TARGET_UNKNOWN)
934 {
935 /* Starting OpenOCD with target in debug-halt */
936 target->state = TARGET_RUNNING;
937 LOG_DEBUG("DBGACK already set during server startup.");
938 }
939 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
940 {
941 int check_pc = 0;
942 if (target->state == TARGET_RESET)
943 {
944 if (target->reset_halt)
945 {
946 enum reset_types jtag_reset_config = jtag_get_reset_config();
947 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
948 {
949 check_pc = 1;
950 }
951 }
952 }
953
954 target->state = TARGET_HALTED;
955
956 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
957 return retval;
958
959 if (check_pc)
960 {
961 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
962 uint32_t t=*((uint32_t *)reg->value);
963 if (t != 0)
964 {
965 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
966 }
967 }
968
969 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
970 {
971 return retval;
972 }
973 }
974 if (target->state == TARGET_DEBUG_RUNNING)
975 {
976 target->state = TARGET_HALTED;
977 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
978 return retval;
979
980 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
981 {
982 return retval;
983 }
984 }
985 if (target->state != TARGET_HALTED)
986 {
987 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
988 }
989 }
990 else
991 {
992 if (target->state != TARGET_DEBUG_RUNNING)
993 target->state = TARGET_RUNNING;
994 }
995
996 return ERROR_OK;
997 }
998
999 /**
1000 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
1001 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
1002 * affected) completely stop the JTAG clock while the core is held in reset
1003 * (SRST). It isn't possible to program the halt condition once reset is
1004 * asserted, hence a hook that allows the target to set up its reset-halt
1005 * condition is setup prior to asserting reset.
1006 *
1007 * @param target Pointer to an ARM7/9 target to assert reset on
1008 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
1009 */
1010 int arm7_9_assert_reset(target_t *target)
1011 {
1012 armv4_5_common_t *armv4_5 = target->arch_info;
1013 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1014 LOG_DEBUG("target->state: %s",
1015 target_state_name(target));
1016
1017 enum reset_types jtag_reset_config = jtag_get_reset_config();
1018 if (!(jtag_reset_config & RESET_HAS_SRST))
1019 {
1020 LOG_ERROR("Can't assert SRST");
1021 return ERROR_FAIL;
1022 }
1023
1024 if (target->reset_halt)
1025 {
1026 /*
1027 * Some targets do not support communication while SRST is asserted. We need to
1028 * set up the reset vector catch here.
1029 *
1030 * If TRST is asserted, then these settings will be reset anyway, so setting them
1031 * here is harmless.
1032 */
1033 if (arm7_9->has_vector_catch)
1034 {
1035 /* program vector catch register to catch reset vector */
1036 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1037
1038 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1039 jtag_add_runtest(1, jtag_get_end_state());
1040 }
1041 else
1042 {
1043 /* program watchpoint unit to match on reset vector address */
1044 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1045 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1046 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1047 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1048 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1049 }
1050 }
1051
1052 /* here we should issue an SRST only, but we may have to assert TRST as well */
1053 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1054 {
1055 jtag_add_reset(1, 1);
1056 } else
1057 {
1058 jtag_add_reset(0, 1);
1059 }
1060
1061 target->state = TARGET_RESET;
1062 jtag_add_sleep(50000);
1063
1064 armv4_5_invalidate_core_regs(target);
1065
1066 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1067 {
1068 /* debug entry was already prepared in arm7_9_assert_reset() */
1069 target->debug_reason = DBG_REASON_DBGRQ;
1070 }
1071
1072 return ERROR_OK;
1073 }
1074
1075 /**
1076 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1077 * and the target is being reset into a halt, a warning will be triggered
1078 * because it is not possible to reset into a halted mode in this case. The
1079 * target is halted using the target's functions.
1080 *
1081 * @param target Pointer to the target to have the reset deasserted
1082 * @return ERROR_OK or an error from polling or halting the target
1083 */
1084 int arm7_9_deassert_reset(target_t *target)
1085 {
1086 int retval = ERROR_OK;
1087 LOG_DEBUG("target->state: %s",
1088 target_state_name(target));
1089
1090 /* deassert reset lines */
1091 jtag_add_reset(0, 0);
1092
1093 enum reset_types jtag_reset_config = jtag_get_reset_config();
1094 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1095 {
1096 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1097 /* set up embedded ice registers again */
1098 if ((retval = target_examine_one(target)) != ERROR_OK)
1099 return retval;
1100
1101 if ((retval = target_poll(target)) != ERROR_OK)
1102 {
1103 return retval;
1104 }
1105
1106 if ((retval = target_halt(target)) != ERROR_OK)
1107 {
1108 return retval;
1109 }
1110
1111 }
1112 return retval;
1113 }
1114
1115 /**
1116 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1117 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1118 * vector catch was used, it is restored. Otherwise, the control value is
1119 * restored and the watchpoint unit is restored if it was in use.
1120 *
1121 * @param target Pointer to the ARM7/9 target to have halt cleared
1122 * @return Always ERROR_OK
1123 */
1124 int arm7_9_clear_halt(target_t *target)
1125 {
1126 armv4_5_common_t *armv4_5 = target->arch_info;
1127 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1128 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1129
1130 /* we used DBGRQ only if we didn't come out of reset */
1131 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1132 {
1133 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1134 */
1135 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1136 embeddedice_store_reg(dbg_ctrl);
1137 }
1138 else
1139 {
1140 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1141 {
1142 /* if we came out of reset, and vector catch is supported, we used
1143 * vector catch to enter debug state
1144 * restore the register in that case
1145 */
1146 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1147 }
1148 else
1149 {
1150 /* restore registers if watchpoint unit 0 was in use
1151 */
1152 if (arm7_9->wp0_used)
1153 {
1154 if (arm7_9->debug_entry_from_reset)
1155 {
1156 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1157 }
1158 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1159 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1160 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1161 }
1162 /* control value always has to be restored, as it was either disabled,
1163 * or enabled with possibly different bits
1164 */
1165 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1166 }
1167 }
1168
1169 return ERROR_OK;
1170 }
1171
1172 /**
1173 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1174 * and then there is a wait until the processor shows the halt. This wait can
1175 * timeout and results in an error being returned. The software reset involves
1176 * clearing the halt, updating the debug control register, changing to ARM mode,
1177 * reset of the program counter, and reset of all of the registers.
1178 *
1179 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1180 * @return Error status if any of the commands fail, otherwise ERROR_OK
1181 */
1182 int arm7_9_soft_reset_halt(struct target_s *target)
1183 {
1184 armv4_5_common_t *armv4_5 = target->arch_info;
1185 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1186 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1187 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1188 int i;
1189 int retval;
1190
1191 /* FIX!!! replace some of this code with tcl commands
1192 *
1193 * halt # the halt command is synchronous
1194 * armv4_5 core_state arm
1195 *
1196 */
1197
1198 if ((retval = target_halt(target)) != ERROR_OK)
1199 return retval;
1200
1201 long long then = timeval_ms();
1202 int timeout;
1203 while (!(timeout = ((timeval_ms()-then) > 1000)))
1204 {
1205 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1206 break;
1207 embeddedice_read_reg(dbg_stat);
1208 if ((retval = jtag_execute_queue()) != ERROR_OK)
1209 return retval;
1210 if (debug_level >= 3)
1211 {
1212 alive_sleep(100);
1213 } else
1214 {
1215 keep_alive();
1216 }
1217 }
1218 if (timeout)
1219 {
1220 LOG_ERROR("Failed to halt CPU after 1 sec");
1221 return ERROR_TARGET_TIMEOUT;
1222 }
1223 target->state = TARGET_HALTED;
1224
1225 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1226 * ensure that DBGRQ is cleared
1227 */
1228 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1229 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1230 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1231 embeddedice_store_reg(dbg_ctrl);
1232
1233 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1234 {
1235 return retval;
1236 }
1237
1238 /* if the target is in Thumb state, change to ARM state */
1239 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1240 {
1241 uint32_t r0_thumb, pc_thumb;
1242 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1243 /* Entered debug from Thumb mode */
1244 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1245 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1246 }
1247
1248 /* all register content is now invalid */
1249 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1250 {
1251 return retval;
1252 }
1253
1254 /* SVC, ARM state, IRQ and FIQ disabled */
1255 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1256 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1257 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1258
1259 /* start fetching from 0x0 */
1260 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1261 armv4_5->core_cache->reg_list[15].dirty = 1;
1262 armv4_5->core_cache->reg_list[15].valid = 1;
1263
1264 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1265 armv4_5->core_state = ARMV4_5_STATE_ARM;
1266
1267 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1268 return ERROR_FAIL;
1269
1270 /* reset registers */
1271 for (i = 0; i <= 14; i++)
1272 {
1273 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1274 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1275 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1276 }
1277
1278 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1279 {
1280 return retval;
1281 }
1282
1283 return ERROR_OK;
1284 }
1285
1286 /**
1287 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1288 * line or by programming a watchpoint to trigger on any address. It is
1289 * considered a bug to call this function while the target is in the
1290 * TARGET_RESET state.
1291 *
1292 * @param target Pointer to the ARM7/9 target to be halted
1293 * @return Always ERROR_OK
1294 */
1295 int arm7_9_halt(target_t *target)
1296 {
1297 if (target->state == TARGET_RESET)
1298 {
1299 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1300 return ERROR_OK;
1301 }
1302
1303 armv4_5_common_t *armv4_5 = target->arch_info;
1304 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1305 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1306
1307 LOG_DEBUG("target->state: %s",
1308 target_state_name(target));
1309
1310 if (target->state == TARGET_HALTED)
1311 {
1312 LOG_DEBUG("target was already halted");
1313 return ERROR_OK;
1314 }
1315
1316 if (target->state == TARGET_UNKNOWN)
1317 {
1318 LOG_WARNING("target was in unknown state when halt was requested");
1319 }
1320
1321 if (arm7_9->use_dbgrq)
1322 {
1323 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1324 */
1325 if (arm7_9->set_special_dbgrq) {
1326 arm7_9->set_special_dbgrq(target);
1327 } else {
1328 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1329 embeddedice_store_reg(dbg_ctrl);
1330 }
1331 }
1332 else
1333 {
1334 /* program watchpoint unit to match on any address
1335 */
1336 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1337 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1338 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1339 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1340 }
1341
1342 target->debug_reason = DBG_REASON_DBGRQ;
1343
1344 return ERROR_OK;
1345 }
1346
1347 /**
1348 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1349 * ARM. The JTAG queue is then executed and the reason for debug entry is
1350 * examined. Once done, the target is verified to be halted and the processor
1351 * is forced into ARM mode. The core registers are saved for the current core
1352 * mode and the program counter (register 15) is updated as needed. The core
1353 * registers and CPSR and SPSR are saved for restoration later.
1354 *
1355 * @param target Pointer to target that is entering debug mode
1356 * @return Error code if anything fails, otherwise ERROR_OK
1357 */
1358 int arm7_9_debug_entry(target_t *target)
1359 {
1360 int i;
1361 uint32_t context[16];
1362 uint32_t* context_p[16];
1363 uint32_t r0_thumb, pc_thumb;
1364 uint32_t cpsr;
1365 int retval;
1366 /* get pointers to arch-specific information */
1367 armv4_5_common_t *armv4_5 = target->arch_info;
1368 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1369 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1370 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1371
1372 #ifdef _DEBUG_ARM7_9_
1373 LOG_DEBUG("-");
1374 #endif
1375
1376 if (arm7_9->pre_debug_entry)
1377 arm7_9->pre_debug_entry(target);
1378
1379 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1380 * ensure that DBGRQ is cleared
1381 */
1382 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1383 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1384 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1385 embeddedice_store_reg(dbg_ctrl);
1386
1387 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1388 {
1389 return retval;
1390 }
1391
1392 if ((retval = jtag_execute_queue()) != ERROR_OK)
1393 {
1394 return retval;
1395 }
1396
1397 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1398 return retval;
1399
1400
1401 if (target->state != TARGET_HALTED)
1402 {
1403 LOG_WARNING("target not halted");
1404 return ERROR_TARGET_NOT_HALTED;
1405 }
1406
1407 /* if the target is in Thumb state, change to ARM state */
1408 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1409 {
1410 LOG_DEBUG("target entered debug from Thumb state");
1411 /* Entered debug from Thumb mode */
1412 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1413 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1414 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1415 }
1416 else
1417 {
1418 LOG_DEBUG("target entered debug from ARM state");
1419 /* Entered debug from ARM mode */
1420 armv4_5->core_state = ARMV4_5_STATE_ARM;
1421 }
1422
1423 for (i = 0; i < 16; i++)
1424 context_p[i] = &context[i];
1425 /* save core registers (r0 - r15 of current core mode) */
1426 arm7_9->read_core_regs(target, 0xffff, context_p);
1427
1428 arm7_9->read_xpsr(target, &cpsr, 0);
1429
1430 if ((retval = jtag_execute_queue()) != ERROR_OK)
1431 return retval;
1432
1433 /* if the core has been executing in Thumb state, set the T bit */
1434 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1435 cpsr |= 0x20;
1436
1437 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1438 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1439 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1440
1441 armv4_5->core_mode = cpsr & 0x1f;
1442
1443 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1444 {
1445 target->state = TARGET_UNKNOWN;
1446 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1447 return ERROR_TARGET_FAILURE;
1448 }
1449
1450 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1451
1452 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1453 {
1454 LOG_DEBUG("thumb state, applying fixups");
1455 context[0] = r0_thumb;
1456 context[15] = pc_thumb;
1457 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1458 {
1459 /* adjust value stored by STM */
1460 context[15] -= 3 * 4;
1461 }
1462
1463 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1464 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1465 else
1466 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1467
1468 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1469 return ERROR_FAIL;
1470
1471 for (i = 0; i <= 15; i++)
1472 {
1473 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1474 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1475 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1476 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1477 }
1478
1479 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1480
1481 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1482 return ERROR_FAIL;
1483
1484 /* exceptions other than USR & SYS have a saved program status register */
1485 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1486 {
1487 uint32_t spsr;
1488 arm7_9->read_xpsr(target, &spsr, 1);
1489 if ((retval = jtag_execute_queue()) != ERROR_OK)
1490 {
1491 return retval;
1492 }
1493 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1494 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1495 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1496 }
1497
1498 /* r0 and r15 (pc) have to be restored later */
1499 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1500 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1501
1502 if ((retval = jtag_execute_queue()) != ERROR_OK)
1503 return retval;
1504
1505 if (arm7_9->post_debug_entry)
1506 arm7_9->post_debug_entry(target);
1507
1508 return ERROR_OK;
1509 }
1510
1511 /**
1512 * Validate the full context for an ARM7/9 target in all processor modes. If
1513 * there are any invalid registers for the target, they will all be read. This
1514 * includes the PSR.
1515 *
1516 * @param target Pointer to the ARM7/9 target to capture the full context from
1517 * @return Error if the target is not halted, has an invalid core mode, or if
1518 * the JTAG queue fails to execute
1519 */
1520 int arm7_9_full_context(target_t *target)
1521 {
1522 int i;
1523 int retval;
1524 armv4_5_common_t *armv4_5 = target->arch_info;
1525 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1526
1527 LOG_DEBUG("-");
1528
1529 if (target->state != TARGET_HALTED)
1530 {
1531 LOG_WARNING("target not halted");
1532 return ERROR_TARGET_NOT_HALTED;
1533 }
1534
1535 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1536 return ERROR_FAIL;
1537
1538 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1539 * SYS shares registers with User, so we don't touch SYS
1540 */
1541 for (i = 0; i < 6; i++)
1542 {
1543 uint32_t mask = 0;
1544 uint32_t* reg_p[16];
1545 int j;
1546 int valid = 1;
1547
1548 /* check if there are invalid registers in the current mode
1549 */
1550 for (j = 0; j <= 16; j++)
1551 {
1552 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1553 valid = 0;
1554 }
1555
1556 if (!valid)
1557 {
1558 uint32_t tmp_cpsr;
1559
1560 /* change processor mode (and mask T bit) */
1561 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1562 tmp_cpsr |= armv4_5_number_to_mode(i);
1563 tmp_cpsr &= ~0x20;
1564 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1565
1566 for (j = 0; j < 15; j++)
1567 {
1568 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1569 {
1570 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1571 mask |= 1 << j;
1572 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1573 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1574 }
1575 }
1576
1577 /* if only the PSR is invalid, mask is all zeroes */
1578 if (mask)
1579 arm7_9->read_core_regs(target, mask, reg_p);
1580
1581 /* check if the PSR has to be read */
1582 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1583 {
1584 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1585 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1586 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1587 }
1588 }
1589 }
1590
1591 /* restore processor mode (mask T bit) */
1592 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1593
1594 if ((retval = jtag_execute_queue()) != ERROR_OK)
1595 {
1596 return retval;
1597 }
1598 return ERROR_OK;
1599 }
1600
1601 /**
1602 * Restore the processor context on an ARM7/9 target. The full processor
1603 * context is analyzed to see if any of the registers are dirty on this end, but
1604 * have a valid new value. If this is the case, the processor is changed to the
1605 * appropriate mode and the new register values are written out to the
1606 * processor. If there happens to be a dirty register with an invalid value, an
1607 * error will be logged.
1608 *
1609 * @param target Pointer to the ARM7/9 target to have its context restored
1610 * @return Error status if the target is not halted or the core mode in the
1611 * armv4_5 struct is invalid.
1612 */
1613 int arm7_9_restore_context(target_t *target)
1614 {
1615 armv4_5_common_t *armv4_5 = target->arch_info;
1616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1617 reg_t *reg;
1618 armv4_5_core_reg_t *reg_arch_info;
1619 enum armv4_5_mode current_mode = armv4_5->core_mode;
1620 int i, j;
1621 int dirty;
1622 int mode_change;
1623
1624 LOG_DEBUG("-");
1625
1626 if (target->state != TARGET_HALTED)
1627 {
1628 LOG_WARNING("target not halted");
1629 return ERROR_TARGET_NOT_HALTED;
1630 }
1631
1632 if (arm7_9->pre_restore_context)
1633 arm7_9->pre_restore_context(target);
1634
1635 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1636 return ERROR_FAIL;
1637
1638 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1639 * SYS shares registers with User, so we don't touch SYS
1640 */
1641 for (i = 0; i < 6; i++)
1642 {
1643 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1644 dirty = 0;
1645 mode_change = 0;
1646 /* check if there are dirty registers in the current mode
1647 */
1648 for (j = 0; j <= 16; j++)
1649 {
1650 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1651 reg_arch_info = reg->arch_info;
1652 if (reg->dirty == 1)
1653 {
1654 if (reg->valid == 1)
1655 {
1656 dirty = 1;
1657 LOG_DEBUG("examining dirty reg: %s", reg->name);
1658 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1659 && (reg_arch_info->mode != current_mode)
1660 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1661 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1662 {
1663 mode_change = 1;
1664 LOG_DEBUG("require mode change");
1665 }
1666 }
1667 else
1668 {
1669 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1670 }
1671 }
1672 }
1673
1674 if (dirty)
1675 {
1676 uint32_t mask = 0x0;
1677 int num_regs = 0;
1678 uint32_t regs[16];
1679
1680 if (mode_change)
1681 {
1682 uint32_t tmp_cpsr;
1683
1684 /* change processor mode (mask T bit) */
1685 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1686 tmp_cpsr |= armv4_5_number_to_mode(i);
1687 tmp_cpsr &= ~0x20;
1688 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1689 current_mode = armv4_5_number_to_mode(i);
1690 }
1691
1692 for (j = 0; j <= 14; j++)
1693 {
1694 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1695 reg_arch_info = reg->arch_info;
1696
1697
1698 if (reg->dirty == 1)
1699 {
1700 regs[j] = buf_get_u32(reg->value, 0, 32);
1701 mask |= 1 << j;
1702 num_regs++;
1703 reg->dirty = 0;
1704 reg->valid = 1;
1705 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1706 }
1707 }
1708
1709 if (mask)
1710 {
1711 arm7_9->write_core_regs(target, mask, regs);
1712 }
1713
1714 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1715 reg_arch_info = reg->arch_info;
1716 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1717 {
1718 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1719 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1720 }
1721 }
1722 }
1723
1724 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1725 {
1726 /* restore processor mode (mask T bit) */
1727 uint32_t tmp_cpsr;
1728
1729 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1730 tmp_cpsr |= armv4_5_number_to_mode(i);
1731 tmp_cpsr &= ~0x20;
1732 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1733 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1734 }
1735 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1736 {
1737 /* CPSR has been changed, full restore necessary (mask T bit) */
1738 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1739 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1740 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1741 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1742 }
1743
1744 /* restore PC */
1745 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1746 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1747 armv4_5->core_cache->reg_list[15].dirty = 0;
1748
1749 if (arm7_9->post_restore_context)
1750 arm7_9->post_restore_context(target);
1751
1752 return ERROR_OK;
1753 }
1754
1755 /**
1756 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1757 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1758 * restart.
1759 *
1760 * @param target Pointer to the ARM7/9 target to be restarted
1761 * @return Result of executing the JTAG queue
1762 */
1763 int arm7_9_restart_core(struct target_s *target)
1764 {
1765 armv4_5_common_t *armv4_5 = target->arch_info;
1766 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1767 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1768
1769 /* set RESTART instruction */
1770 jtag_set_end_state(TAP_IDLE);
1771 if (arm7_9->need_bypass_before_restart) {
1772 arm7_9->need_bypass_before_restart = 0;
1773 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1774 }
1775 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1776
1777 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1778 return jtag_execute_queue();
1779 }
1780
1781 /**
1782 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1783 * iterated through and are set on the target if they aren't already set.
1784 *
1785 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1786 */
1787 void arm7_9_enable_watchpoints(struct target_s *target)
1788 {
1789 watchpoint_t *watchpoint = target->watchpoints;
1790
1791 while (watchpoint)
1792 {
1793 if (watchpoint->set == 0)
1794 arm7_9_set_watchpoint(target, watchpoint);
1795 watchpoint = watchpoint->next;
1796 }
1797 }
1798
1799 /**
1800 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1801 * iterated through and are set on the target.
1802 *
1803 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1804 */
1805 void arm7_9_enable_breakpoints(struct target_s *target)
1806 {
1807 breakpoint_t *breakpoint = target->breakpoints;
1808
1809 /* set any pending breakpoints */
1810 while (breakpoint)
1811 {
1812 arm7_9_set_breakpoint(target, breakpoint);
1813 breakpoint = breakpoint->next;
1814 }
1815 }
1816
1817 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1818 {
1819 armv4_5_common_t *armv4_5 = target->arch_info;
1820 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1821 breakpoint_t *breakpoint = target->breakpoints;
1822 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1823 int err, retval = ERROR_OK;
1824
1825 LOG_DEBUG("-");
1826
1827 if (target->state != TARGET_HALTED)
1828 {
1829 LOG_WARNING("target not halted");
1830 return ERROR_TARGET_NOT_HALTED;
1831 }
1832
1833 if (!debug_execution)
1834 {
1835 target_free_all_working_areas(target);
1836 }
1837
1838 /* current = 1: continue on current pc, otherwise continue at <address> */
1839 if (!current)
1840 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1841
1842 uint32_t current_pc;
1843 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1844
1845 /* the front-end may request us not to handle breakpoints */
1846 if (handle_breakpoints)
1847 {
1848 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1849 {
1850 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1851 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1852 {
1853 return retval;
1854 }
1855
1856 /* calculate PC of next instruction */
1857 uint32_t next_pc;
1858 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1859 {
1860 uint32_t current_opcode;
1861 target_read_u32(target, current_pc, &current_opcode);
1862 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1863 return retval;
1864 }
1865
1866 LOG_DEBUG("enable single-step");
1867 arm7_9->enable_single_step(target, next_pc);
1868
1869 target->debug_reason = DBG_REASON_SINGLESTEP;
1870
1871 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875
1876 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1877 arm7_9->branch_resume(target);
1878 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1879 {
1880 arm7_9->branch_resume_thumb(target);
1881 }
1882 else
1883 {
1884 LOG_ERROR("unhandled core state");
1885 return ERROR_FAIL;
1886 }
1887
1888 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1889 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1890 err = arm7_9_execute_sys_speed(target);
1891
1892 LOG_DEBUG("disable single-step");
1893 arm7_9->disable_single_step(target);
1894
1895 if (err != ERROR_OK)
1896 {
1897 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1898 {
1899 return retval;
1900 }
1901 target->state = TARGET_UNKNOWN;
1902 return err;
1903 }
1904
1905 arm7_9_debug_entry(target);
1906 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1907
1908 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1909 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1910 {
1911 return retval;
1912 }
1913 }
1914 }
1915
1916 /* enable any pending breakpoints and watchpoints */
1917 arm7_9_enable_breakpoints(target);
1918 arm7_9_enable_watchpoints(target);
1919
1920 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1921 {
1922 return retval;
1923 }
1924
1925 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1926 {
1927 arm7_9->branch_resume(target);
1928 }
1929 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1930 {
1931 arm7_9->branch_resume_thumb(target);
1932 }
1933 else
1934 {
1935 LOG_ERROR("unhandled core state");
1936 return ERROR_FAIL;
1937 }
1938
1939 /* deassert DBGACK and INTDIS */
1940 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1941 /* INTDIS only when we really resume, not during debug execution */
1942 if (!debug_execution)
1943 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1944 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1945
1946 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1947 {
1948 return retval;
1949 }
1950
1951 target->debug_reason = DBG_REASON_NOTHALTED;
1952
1953 if (!debug_execution)
1954 {
1955 /* registers are now invalid */
1956 armv4_5_invalidate_core_regs(target);
1957 target->state = TARGET_RUNNING;
1958 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1959 {
1960 return retval;
1961 }
1962 }
1963 else
1964 {
1965 target->state = TARGET_DEBUG_RUNNING;
1966 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1967 {
1968 return retval;
1969 }
1970 }
1971
1972 LOG_DEBUG("target resumed");
1973
1974 return ERROR_OK;
1975 }
1976
1977 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1978 {
1979 armv4_5_common_t *armv4_5 = target->arch_info;
1980 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1981
1982 uint32_t current_pc;
1983 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1984
1985 if (next_pc != current_pc)
1986 {
1987 /* setup an inverse breakpoint on the current PC
1988 * - comparator 1 matches the current address
1989 * - rangeout from comparator 1 is connected to comparator 0 rangein
1990 * - comparator 0 matches any address, as long as rangein is low */
1991 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1992 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1993 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1995 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1998 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1999 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2000 }
2001 else
2002 {
2003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
2004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
2005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
2006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
2007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2011 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2012 }
2013 }
2014
2015 void arm7_9_disable_eice_step(target_t *target)
2016 {
2017 armv4_5_common_t *armv4_5 = target->arch_info;
2018 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2019
2020 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2021 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2022 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2023 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2024 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2025 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2026 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2027 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2028 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2029 }
2030
2031 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2032 {
2033 armv4_5_common_t *armv4_5 = target->arch_info;
2034 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2035 breakpoint_t *breakpoint = NULL;
2036 int err, retval;
2037
2038 if (target->state != TARGET_HALTED)
2039 {
2040 LOG_WARNING("target not halted");
2041 return ERROR_TARGET_NOT_HALTED;
2042 }
2043
2044 /* current = 1: continue on current pc, otherwise continue at <address> */
2045 if (!current)
2046 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2047
2048 uint32_t current_pc;
2049 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2050
2051 /* the front-end may request us not to handle breakpoints */
2052 if (handle_breakpoints)
2053 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2054 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2055 {
2056 return retval;
2057 }
2058
2059 target->debug_reason = DBG_REASON_SINGLESTEP;
2060
2061 /* calculate PC of next instruction */
2062 uint32_t next_pc;
2063 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2064 {
2065 uint32_t current_opcode;
2066 target_read_u32(target, current_pc, &current_opcode);
2067 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2068 return retval;
2069 }
2070
2071 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2072 {
2073 return retval;
2074 }
2075
2076 arm7_9->enable_single_step(target, next_pc);
2077
2078 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2079 {
2080 arm7_9->branch_resume(target);
2081 }
2082 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2083 {
2084 arm7_9->branch_resume_thumb(target);
2085 }
2086 else
2087 {
2088 LOG_ERROR("unhandled core state");
2089 return ERROR_FAIL;
2090 }
2091
2092 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2093 {
2094 return retval;
2095 }
2096
2097 err = arm7_9_execute_sys_speed(target);
2098 arm7_9->disable_single_step(target);
2099
2100 /* registers are now invalid */
2101 armv4_5_invalidate_core_regs(target);
2102
2103 if (err != ERROR_OK)
2104 {
2105 target->state = TARGET_UNKNOWN;
2106 } else {
2107 arm7_9_debug_entry(target);
2108 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2109 {
2110 return retval;
2111 }
2112 LOG_DEBUG("target stepped");
2113 }
2114
2115 if (breakpoint)
2116 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2117 {
2118 return retval;
2119 }
2120
2121 return err;
2122 }
2123
2124 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2125 {
2126 uint32_t* reg_p[16];
2127 uint32_t value;
2128 int retval;
2129 armv4_5_common_t *armv4_5 = target->arch_info;
2130 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2131
2132 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2133 return ERROR_FAIL;
2134
2135 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2136
2137 if ((num < 0) || (num > 16))
2138 return ERROR_INVALID_ARGUMENTS;
2139
2140 if ((mode != ARMV4_5_MODE_ANY)
2141 && (mode != armv4_5->core_mode)
2142 && (reg_mode != ARMV4_5_MODE_ANY))
2143 {
2144 uint32_t tmp_cpsr;
2145
2146 /* change processor mode (mask T bit) */
2147 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2148 tmp_cpsr |= mode;
2149 tmp_cpsr &= ~0x20;
2150 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2151 }
2152
2153 if ((num >= 0) && (num <= 15))
2154 {
2155 /* read a normal core register */
2156 reg_p[num] = &value;
2157
2158 arm7_9->read_core_regs(target, 1 << num, reg_p);
2159 }
2160 else
2161 {
2162 /* read a program status register
2163 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2164 */
2165 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2166 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2167
2168 arm7_9->read_xpsr(target, &value, spsr);
2169 }
2170
2171 if ((retval = jtag_execute_queue()) != ERROR_OK)
2172 {
2173 return retval;
2174 }
2175
2176 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2177 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2178 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2179
2180 if ((mode != ARMV4_5_MODE_ANY)
2181 && (mode != armv4_5->core_mode)
2182 && (reg_mode != ARMV4_5_MODE_ANY)) {
2183 /* restore processor mode (mask T bit) */
2184 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2185 }
2186
2187 return ERROR_OK;
2188 }
2189
2190 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2191 {
2192 uint32_t reg[16];
2193 armv4_5_common_t *armv4_5 = target->arch_info;
2194 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2195
2196 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2197 return ERROR_FAIL;
2198
2199 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2200
2201 if ((num < 0) || (num > 16))
2202 return ERROR_INVALID_ARGUMENTS;
2203
2204 if ((mode != ARMV4_5_MODE_ANY)
2205 && (mode != armv4_5->core_mode)
2206 && (reg_mode != ARMV4_5_MODE_ANY)) {
2207 uint32_t tmp_cpsr;
2208
2209 /* change processor mode (mask T bit) */
2210 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2211 tmp_cpsr |= mode;
2212 tmp_cpsr &= ~0x20;
2213 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2214 }
2215
2216 if ((num >= 0) && (num <= 15))
2217 {
2218 /* write a normal core register */
2219 reg[num] = value;
2220
2221 arm7_9->write_core_regs(target, 1 << num, reg);
2222 }
2223 else
2224 {
2225 /* write a program status register
2226 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2227 */
2228 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2229 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2230
2231 /* if we're writing the CPSR, mask the T bit */
2232 if (!spsr)
2233 value &= ~0x20;
2234
2235 arm7_9->write_xpsr(target, value, spsr);
2236 }
2237
2238 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2239 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2240
2241 if ((mode != ARMV4_5_MODE_ANY)
2242 && (mode != armv4_5->core_mode)
2243 && (reg_mode != ARMV4_5_MODE_ANY)) {
2244 /* restore processor mode (mask T bit) */
2245 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2246 }
2247
2248 return jtag_execute_queue();
2249 }
2250
2251 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2252 {
2253 armv4_5_common_t *armv4_5 = target->arch_info;
2254 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2255
2256 uint32_t reg[16];
2257 uint32_t num_accesses = 0;
2258 int thisrun_accesses;
2259 int i;
2260 uint32_t cpsr;
2261 int retval;
2262 int last_reg = 0;
2263
2264 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2265
2266 if (target->state != TARGET_HALTED)
2267 {
2268 LOG_WARNING("target not halted");
2269 return ERROR_TARGET_NOT_HALTED;
2270 }
2271
2272 /* sanitize arguments */
2273 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2274 return ERROR_INVALID_ARGUMENTS;
2275
2276 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2277 return ERROR_TARGET_UNALIGNED_ACCESS;
2278
2279 /* load the base register with the address of the first word */
2280 reg[0] = address;
2281 arm7_9->write_core_regs(target, 0x1, reg);
2282
2283 int j = 0;
2284
2285 switch (size)
2286 {
2287 case 4:
2288 while (num_accesses < count)
2289 {
2290 uint32_t reg_list;
2291 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2292 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2293
2294 if (last_reg <= thisrun_accesses)
2295 last_reg = thisrun_accesses;
2296
2297 arm7_9->load_word_regs(target, reg_list);
2298
2299 /* fast memory reads are only safe when the target is running
2300 * from a sufficiently high clock (32 kHz is usually too slow)
2301 */
2302 if (arm7_9->fast_memory_access)
2303 retval = arm7_9_execute_fast_sys_speed(target);
2304 else
2305 retval = arm7_9_execute_sys_speed(target);
2306 if (retval != ERROR_OK)
2307 return retval;
2308
2309 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2310
2311 /* advance buffer, count number of accesses */
2312 buffer += thisrun_accesses * 4;
2313 num_accesses += thisrun_accesses;
2314
2315 if ((j++%1024) == 0)
2316 {
2317 keep_alive();
2318 }
2319 }
2320 break;
2321 case 2:
2322 while (num_accesses < count)
2323 {
2324 uint32_t reg_list;
2325 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2326 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2327
2328 for (i = 1; i <= thisrun_accesses; i++)
2329 {
2330 if (i > last_reg)
2331 last_reg = i;
2332 arm7_9->load_hword_reg(target, i);
2333 /* fast memory reads are only safe when the target is running
2334 * from a sufficiently high clock (32 kHz is usually too slow)
2335 */
2336 if (arm7_9->fast_memory_access)
2337 retval = arm7_9_execute_fast_sys_speed(target);
2338 else
2339 retval = arm7_9_execute_sys_speed(target);
2340 if (retval != ERROR_OK)
2341 {
2342 return retval;
2343 }
2344
2345 }
2346
2347 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2348
2349 /* advance buffer, count number of accesses */
2350 buffer += thisrun_accesses * 2;
2351 num_accesses += thisrun_accesses;
2352
2353 if ((j++%1024) == 0)
2354 {
2355 keep_alive();
2356 }
2357 }
2358 break;
2359 case 1:
2360 while (num_accesses < count)
2361 {
2362 uint32_t reg_list;
2363 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2364 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2365
2366 for (i = 1; i <= thisrun_accesses; i++)
2367 {
2368 if (i > last_reg)
2369 last_reg = i;
2370 arm7_9->load_byte_reg(target, i);
2371 /* fast memory reads are only safe when the target is running
2372 * from a sufficiently high clock (32 kHz is usually too slow)
2373 */
2374 if (arm7_9->fast_memory_access)
2375 retval = arm7_9_execute_fast_sys_speed(target);
2376 else
2377 retval = arm7_9_execute_sys_speed(target);
2378 if (retval != ERROR_OK)
2379 {
2380 return retval;
2381 }
2382 }
2383
2384 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2385
2386 /* advance buffer, count number of accesses */
2387 buffer += thisrun_accesses * 1;
2388 num_accesses += thisrun_accesses;
2389
2390 if ((j++%1024) == 0)
2391 {
2392 keep_alive();
2393 }
2394 }
2395 break;
2396 default:
2397 LOG_ERROR("BUG: we shouldn't get here");
2398 exit(-1);
2399 break;
2400 }
2401
2402 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2403 return ERROR_FAIL;
2404
2405 for (i = 0; i <= last_reg; i++)
2406 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2407
2408 arm7_9->read_xpsr(target, &cpsr, 0);
2409 if ((retval = jtag_execute_queue()) != ERROR_OK)
2410 {
2411 LOG_ERROR("JTAG error while reading cpsr");
2412 return ERROR_TARGET_DATA_ABORT;
2413 }
2414
2415 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2416 {
2417 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2418
2419 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2420
2421 return ERROR_TARGET_DATA_ABORT;
2422 }
2423
2424 return ERROR_OK;
2425 }
2426
2427 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2428 {
2429 armv4_5_common_t *armv4_5 = target->arch_info;
2430 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2431 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2432
2433 uint32_t reg[16];
2434 uint32_t num_accesses = 0;
2435 int thisrun_accesses;
2436 int i;
2437 uint32_t cpsr;
2438 int retval;
2439 int last_reg = 0;
2440
2441 #ifdef _DEBUG_ARM7_9_
2442 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2443 #endif
2444
2445 if (target->state != TARGET_HALTED)
2446 {
2447 LOG_WARNING("target not halted");
2448 return ERROR_TARGET_NOT_HALTED;
2449 }
2450
2451 /* sanitize arguments */
2452 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2453 return ERROR_INVALID_ARGUMENTS;
2454
2455 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2456 return ERROR_TARGET_UNALIGNED_ACCESS;
2457
2458 /* load the base register with the address of the first word */
2459 reg[0] = address;
2460 arm7_9->write_core_regs(target, 0x1, reg);
2461
2462 /* Clear DBGACK, to make sure memory fetches work as expected */
2463 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2464 embeddedice_store_reg(dbg_ctrl);
2465
2466 switch (size)
2467 {
2468 case 4:
2469 while (num_accesses < count)
2470 {
2471 uint32_t reg_list;
2472 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2473 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2474
2475 for (i = 1; i <= thisrun_accesses; i++)
2476 {
2477 if (i > last_reg)
2478 last_reg = i;
2479 reg[i] = target_buffer_get_u32(target, buffer);
2480 buffer += 4;
2481 }
2482
2483 arm7_9->write_core_regs(target, reg_list, reg);
2484
2485 arm7_9->store_word_regs(target, reg_list);
2486
2487 /* fast memory writes are only safe when the target is running
2488 * from a sufficiently high clock (32 kHz is usually too slow)
2489 */
2490 if (arm7_9->fast_memory_access)
2491 retval = arm7_9_execute_fast_sys_speed(target);
2492 else
2493 retval = arm7_9_execute_sys_speed(target);
2494 if (retval != ERROR_OK)
2495 {
2496 return retval;
2497 }
2498
2499 num_accesses += thisrun_accesses;
2500 }
2501 break;
2502 case 2:
2503 while (num_accesses < count)
2504 {
2505 uint32_t reg_list;
2506 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2507 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2508
2509 for (i = 1; i <= thisrun_accesses; i++)
2510 {
2511 if (i > last_reg)
2512 last_reg = i;
2513 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2514 buffer += 2;
2515 }
2516
2517 arm7_9->write_core_regs(target, reg_list, reg);
2518
2519 for (i = 1; i <= thisrun_accesses; i++)
2520 {
2521 arm7_9->store_hword_reg(target, i);
2522
2523 /* fast memory writes are only safe when the target is running
2524 * from a sufficiently high clock (32 kHz is usually too slow)
2525 */
2526 if (arm7_9->fast_memory_access)
2527 retval = arm7_9_execute_fast_sys_speed(target);
2528 else
2529 retval = arm7_9_execute_sys_speed(target);
2530 if (retval != ERROR_OK)
2531 {
2532 return retval;
2533 }
2534 }
2535
2536 num_accesses += thisrun_accesses;
2537 }
2538 break;
2539 case 1:
2540 while (num_accesses < count)
2541 {
2542 uint32_t reg_list;
2543 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2544 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2545
2546 for (i = 1; i <= thisrun_accesses; i++)
2547 {
2548 if (i > last_reg)
2549 last_reg = i;
2550 reg[i] = *buffer++ & 0xff;
2551 }
2552
2553 arm7_9->write_core_regs(target, reg_list, reg);
2554
2555 for (i = 1; i <= thisrun_accesses; i++)
2556 {
2557 arm7_9->store_byte_reg(target, i);
2558 /* fast memory writes are only safe when the target is running
2559 * from a sufficiently high clock (32 kHz is usually too slow)
2560 */
2561 if (arm7_9->fast_memory_access)
2562 retval = arm7_9_execute_fast_sys_speed(target);
2563 else
2564 retval = arm7_9_execute_sys_speed(target);
2565 if (retval != ERROR_OK)
2566 {
2567 return retval;
2568 }
2569
2570 }
2571
2572 num_accesses += thisrun_accesses;
2573 }
2574 break;
2575 default:
2576 LOG_ERROR("BUG: we shouldn't get here");
2577 exit(-1);
2578 break;
2579 }
2580
2581 /* Re-Set DBGACK */
2582 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2583 embeddedice_store_reg(dbg_ctrl);
2584
2585 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2586 return ERROR_FAIL;
2587
2588 for (i = 0; i <= last_reg; i++)
2589 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2590
2591 arm7_9->read_xpsr(target, &cpsr, 0);
2592 if ((retval = jtag_execute_queue()) != ERROR_OK)
2593 {
2594 LOG_ERROR("JTAG error while reading cpsr");
2595 return ERROR_TARGET_DATA_ABORT;
2596 }
2597
2598 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2599 {
2600 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2601
2602 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2603
2604 return ERROR_TARGET_DATA_ABORT;
2605 }
2606
2607 return ERROR_OK;
2608 }
2609
2610 static int dcc_count;
2611 static uint8_t *dcc_buffer;
2612
2613 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2614 {
2615 int retval = ERROR_OK;
2616 armv4_5_common_t *armv4_5 = target->arch_info;
2617 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2618
2619 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2620 return retval;
2621
2622 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2623 int count = dcc_count;
2624 uint8_t *buffer = dcc_buffer;
2625 if (count > 2)
2626 {
2627 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2628 * core function repeated. */
2629 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2630 buffer += 4;
2631
2632 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2633 uint8_t reg_addr = ice_reg->addr & 0x1f;
2634 jtag_tap_t *tap;
2635 tap = ice_reg->jtag_info->tap;
2636
2637 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2638 buffer += (count-2)*4;
2639
2640 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2641 } else
2642 {
2643 int i;
2644 for (i = 0; i < count; i++)
2645 {
2646 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2647 buffer += 4;
2648 }
2649 }
2650
2651 if ((retval = target_halt(target))!= ERROR_OK)
2652 {
2653 return retval;
2654 }
2655 return target_wait_state(target, TARGET_HALTED, 500);
2656 }
2657
2658 static const uint32_t dcc_code[] =
2659 {
2660 /* MRC TST BNE MRC STR B */
2661 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2662 };
2663
2664 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2665
2666 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2667 {
2668 int retval;
2669 armv4_5_common_t *armv4_5 = target->arch_info;
2670 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2671 int i;
2672
2673 if (!arm7_9->dcc_downloads)
2674 return target_write_memory(target, address, 4, count, buffer);
2675
2676 /* regrab previously allocated working_area, or allocate a new one */
2677 if (!arm7_9->dcc_working_area)
2678 {
2679 uint8_t dcc_code_buf[6 * 4];
2680
2681 /* make sure we have a working area */
2682 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2683 {
2684 LOG_INFO("no working area available, falling back to memory writes");
2685 return target_write_memory(target, address, 4, count, buffer);
2686 }
2687
2688 /* copy target instructions to target endianness */
2689 for (i = 0; i < 6; i++)
2690 {
2691 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2692 }
2693
2694 /* write DCC code to working area */
2695 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2696 {
2697 return retval;
2698 }
2699 }
2700
2701 armv4_5_algorithm_t armv4_5_info;
2702 reg_param_t reg_params[1];
2703
2704 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2705 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2706 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2707
2708 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2709
2710 buf_set_u32(reg_params[0].value, 0, 32, address);
2711
2712 dcc_count = count;
2713 dcc_buffer = buffer;
2714 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2715 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2716
2717 if (retval == ERROR_OK)
2718 {
2719 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2720 if (endaddress != (address + count*4))
2721 {
2722 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2723 retval = ERROR_FAIL;
2724 }
2725 }
2726
2727 destroy_reg_param(&reg_params[0]);
2728
2729 return retval;
2730 }
2731
2732 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2733 {
2734 working_area_t *crc_algorithm;
2735 armv4_5_algorithm_t armv4_5_info;
2736 reg_param_t reg_params[2];
2737 int retval;
2738
2739 uint32_t arm7_9_crc_code[] = {
2740 0xE1A02000, /* mov r2, r0 */
2741 0xE3E00000, /* mov r0, #0xffffffff */
2742 0xE1A03001, /* mov r3, r1 */
2743 0xE3A04000, /* mov r4, #0 */
2744 0xEA00000B, /* b ncomp */
2745 /* nbyte: */
2746 0xE7D21004, /* ldrb r1, [r2, r4] */
2747 0xE59F7030, /* ldr r7, CRC32XOR */
2748 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2749 0xE3A05000, /* mov r5, #0 */
2750 /* loop: */
2751 0xE3500000, /* cmp r0, #0 */
2752 0xE1A06080, /* mov r6, r0, asl #1 */
2753 0xE2855001, /* add r5, r5, #1 */
2754 0xE1A00006, /* mov r0, r6 */
2755 0xB0260007, /* eorlt r0, r6, r7 */
2756 0xE3550008, /* cmp r5, #8 */
2757 0x1AFFFFF8, /* bne loop */
2758 0xE2844001, /* add r4, r4, #1 */
2759 /* ncomp: */
2760 0xE1540003, /* cmp r4, r3 */
2761 0x1AFFFFF1, /* bne nbyte */
2762 /* end: */
2763 0xEAFFFFFE, /* b end */
2764 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2765 };
2766
2767 uint32_t i;
2768
2769 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2770 {
2771 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2772 }
2773
2774 /* convert flash writing code into a buffer in target endianness */
2775 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2776 {
2777 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2778 {
2779 return retval;
2780 }
2781 }
2782
2783 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2784 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2785 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2786
2787 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2788 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2789
2790 buf_set_u32(reg_params[0].value, 0, 32, address);
2791 buf_set_u32(reg_params[1].value, 0, 32, count);
2792
2793 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2794 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2795 {
2796 LOG_ERROR("error executing arm7_9 crc algorithm");
2797 destroy_reg_param(&reg_params[0]);
2798 destroy_reg_param(&reg_params[1]);
2799 target_free_working_area(target, crc_algorithm);
2800 return retval;
2801 }
2802
2803 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2804
2805 destroy_reg_param(&reg_params[0]);
2806 destroy_reg_param(&reg_params[1]);
2807
2808 target_free_working_area(target, crc_algorithm);
2809
2810 return ERROR_OK;
2811 }
2812
2813 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2814 {
2815 working_area_t *erase_check_algorithm;
2816 reg_param_t reg_params[3];
2817 armv4_5_algorithm_t armv4_5_info;
2818 int retval;
2819 uint32_t i;
2820
2821 uint32_t erase_check_code[] =
2822 {
2823 /* loop: */
2824 0xe4d03001, /* ldrb r3, [r0], #1 */
2825 0xe0022003, /* and r2, r2, r3 */
2826 0xe2511001, /* subs r1, r1, #1 */
2827 0x1afffffb, /* bne loop */
2828 /* end: */
2829 0xeafffffe /* b end */
2830 };
2831
2832 /* make sure we have a working area */
2833 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2834 {
2835 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2836 }
2837
2838 /* convert flash writing code into a buffer in target endianness */
2839 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2840 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2841 {
2842 return retval;
2843 }
2844
2845 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2846 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2847 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2848
2849 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2850 buf_set_u32(reg_params[0].value, 0, 32, address);
2851
2852 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2853 buf_set_u32(reg_params[1].value, 0, 32, count);
2854
2855 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2856 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2857
2858 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2859 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2860 {
2861 destroy_reg_param(&reg_params[0]);
2862 destroy_reg_param(&reg_params[1]);
2863 destroy_reg_param(&reg_params[2]);
2864 target_free_working_area(target, erase_check_algorithm);
2865 return 0;
2866 }
2867
2868 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2869
2870 destroy_reg_param(&reg_params[0]);
2871 destroy_reg_param(&reg_params[1]);
2872 destroy_reg_param(&reg_params[2]);
2873
2874 target_free_working_area(target, erase_check_algorithm);
2875
2876 return ERROR_OK;
2877 }
2878
2879 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2880 {
2881 command_t *arm7_9_cmd;
2882
2883 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2884
2885 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2886 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2887
2888 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2889
2890 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2891 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2892 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2893 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2894 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2895 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2896
2897 armv4_5_register_commands(cmd_ctx);
2898
2899 etm_register_commands(cmd_ctx);
2900
2901 return ERROR_OK;
2902 }
2903
2904 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2905 {
2906 uint32_t value;
2907 int spsr;
2908 int retval;
2909 target_t *target = get_current_target(cmd_ctx);
2910 armv4_5_common_t *armv4_5;
2911 arm7_9_common_t *arm7_9;
2912
2913 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2914 {
2915 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2916 return ERROR_OK;
2917 }
2918
2919 if (target->state != TARGET_HALTED)
2920 {
2921 command_print(cmd_ctx, "can't write registers while running");
2922 return ERROR_OK;
2923 }
2924
2925 if (argc < 2)
2926 {
2927 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2928 return ERROR_OK;
2929 }
2930
2931 value = strtoul(args[0], NULL, 0);
2932 spsr = strtol(args[1], NULL, 0);
2933
2934 /* if we're writing the CPSR, mask the T bit */
2935 if (!spsr)
2936 value &= ~0x20;
2937
2938 arm7_9->write_xpsr(target, value, spsr);
2939 if ((retval = jtag_execute_queue()) != ERROR_OK)
2940 {
2941 LOG_ERROR("JTAG error while writing to xpsr");
2942 return retval;
2943 }
2944
2945 return ERROR_OK;
2946 }
2947
2948 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2949 {
2950 uint32_t value;
2951 int rotate;
2952 int spsr;
2953 int retval;
2954 target_t *target = get_current_target(cmd_ctx);
2955 armv4_5_common_t *armv4_5;
2956 arm7_9_common_t *arm7_9;
2957
2958 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2959 {
2960 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2961 return ERROR_OK;
2962 }
2963
2964 if (target->state != TARGET_HALTED)
2965 {
2966 command_print(cmd_ctx, "can't write registers while running");
2967 return ERROR_OK;
2968 }
2969
2970 if (argc < 3)
2971 {
2972 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2973 return ERROR_OK;
2974 }
2975
2976 value = strtoul(args[0], NULL, 0);
2977 rotate = strtol(args[1], NULL, 0);
2978 spsr = strtol(args[2], NULL, 0);
2979
2980 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2981 if ((retval = jtag_execute_queue()) != ERROR_OK)
2982 {
2983 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2984 return retval;
2985 }
2986
2987 return ERROR_OK;
2988 }
2989
2990 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2991 {
2992 uint32_t value;
2993 uint32_t mode;
2994 int num;
2995 target_t *target = get_current_target(cmd_ctx);
2996 armv4_5_common_t *armv4_5;
2997 arm7_9_common_t *arm7_9;
2998
2999 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3000 {
3001 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3002 return ERROR_OK;
3003 }
3004
3005 if (target->state != TARGET_HALTED)
3006 {
3007 command_print(cmd_ctx, "can't write registers while running");
3008 return ERROR_OK;
3009 }
3010
3011 if (argc < 3)
3012 {
3013 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3014 return ERROR_OK;
3015 }
3016
3017 num = strtol(args[0], NULL, 0);
3018 mode = strtoul(args[1], NULL, 0);
3019 value = strtoul(args[2], NULL, 0);
3020
3021 return arm7_9_write_core_reg(target, num, mode, value);
3022 }
3023
3024 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3025 {
3026 target_t *target = get_current_target(cmd_ctx);
3027 armv4_5_common_t *armv4_5;
3028 arm7_9_common_t *arm7_9;
3029
3030 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3031 {
3032 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3033 return ERROR_OK;
3034 }
3035
3036 if (argc > 0)
3037 {
3038 if (strcmp("enable", args[0]) == 0)
3039 {
3040 arm7_9->use_dbgrq = 1;
3041 }
3042 else if (strcmp("disable", args[0]) == 0)
3043 {
3044 arm7_9->use_dbgrq = 0;
3045 }
3046 else
3047 {
3048 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3049 }
3050 }
3051
3052 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3053
3054 return ERROR_OK;
3055 }
3056
3057 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3058 {
3059 target_t *target = get_current_target(cmd_ctx);
3060 armv4_5_common_t *armv4_5;
3061 arm7_9_common_t *arm7_9;
3062
3063 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3064 {
3065 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3066 return ERROR_OK;
3067 }
3068
3069 if (argc > 0)
3070 {
3071 if (strcmp("enable", args[0]) == 0)
3072 {
3073 arm7_9->fast_memory_access = 1;
3074 }
3075 else if (strcmp("disable", args[0]) == 0)
3076 {
3077 arm7_9->fast_memory_access = 0;
3078 }
3079 else
3080 {
3081 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3082 }
3083 }
3084
3085 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3086
3087 return ERROR_OK;
3088 }
3089
3090 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3091 {
3092 target_t *target = get_current_target(cmd_ctx);
3093 armv4_5_common_t *armv4_5;
3094 arm7_9_common_t *arm7_9;
3095
3096 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3097 {
3098 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3099 return ERROR_OK;
3100 }
3101
3102 if (argc > 0)
3103 {
3104 if (strcmp("enable", args[0]) == 0)
3105 {
3106 arm7_9->dcc_downloads = 1;
3107 }
3108 else if (strcmp("disable", args[0]) == 0)
3109 {
3110 arm7_9->dcc_downloads = 0;
3111 }
3112 else
3113 {
3114 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3115 }
3116 }
3117
3118 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3119
3120 return ERROR_OK;
3121 }
3122
3123 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3124 {
3125 int retval = ERROR_OK;
3126 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3127
3128 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3129
3130 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3131 {
3132 return retval;
3133 }
3134
3135 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3136 arm7_9->wp_available_max = 2;
3137 arm7_9->sw_breakpoints_added = 0;
3138 arm7_9->sw_breakpoint_count = 0;
3139 arm7_9->breakpoint_count = 0;
3140 arm7_9->wp0_used = 0;
3141 arm7_9->wp1_used = 0;
3142 arm7_9->wp1_used_default = 0;
3143 arm7_9->use_dbgrq = 0;
3144
3145 arm7_9->etm_ctx = NULL;
3146 arm7_9->has_single_step = 0;
3147 arm7_9->has_monitor_mode = 0;
3148 arm7_9->has_vector_catch = 0;
3149
3150 arm7_9->debug_entry_from_reset = 0;
3151
3152 arm7_9->dcc_working_area = NULL;
3153
3154 arm7_9->fast_memory_access = fast_and_dangerous;
3155 arm7_9->dcc_downloads = fast_and_dangerous;
3156
3157 arm7_9->need_bypass_before_restart = 0;
3158
3159 armv4_5->arch_info = arm7_9;
3160 armv4_5->read_core_reg = arm7_9_read_core_reg;
3161 armv4_5->write_core_reg = arm7_9_write_core_reg;
3162 armv4_5->full_context = arm7_9_full_context;
3163
3164 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3165 {
3166 return retval;
3167 }
3168
3169 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3170 {
3171 return retval;
3172 }
3173
3174 return ERROR_OK;
3175 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)