1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * Copyright (C) 2009 by David Brownell *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
30 ***************************************************************************/
36 #include "breakpoints.h"
37 #include "embeddedice.h"
38 #include "target_request.h"
40 #include <helper/time_support.h>
41 #include "arm_simulator.h"
42 #include "arm_semihosting.h"
43 #include "algorithm.h"
49 * Hold common code supporting the ARM7 and ARM9 core generations.
51 * While the ARM core implementations evolved substantially during these
52 * two generations, they look quite similar from the JTAG perspective.
53 * Both have similar debug facilities, based on the same two scan chains
54 * providing access to the core and to an EmbeddedICE module. Both can
55 * support similar ETM and ETB modules, for tracing. And both expose
56 * what could be viewed as "ARM Classic", with multiple processor modes,
57 * shadowed registers, and support for the Thumb instruction set.
59 * Processor differences include things like presence or absence of MMU
60 * and cache, pipeline sizes, use of a modified Harvard Architecure
61 * (with separate instruction and data busses from the CPU), support
62 * for cpu clock gating during idle, and more.
65 static int arm7_9_debug_entry(struct target
*target
);
68 * Clear watchpoints for an ARM7/9 target.
70 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
71 * @return JTAG error status after executing queue
73 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
76 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
77 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
78 arm7_9
->sw_breakpoint_count
= 0;
79 arm7_9
->sw_breakpoints_added
= 0;
81 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
82 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
84 return jtag_execute_queue();
88 * Assign a watchpoint to one of the two available hardware comparators in an
89 * ARM7 or ARM9 target.
91 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
92 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
94 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
96 if (!arm7_9
->wp0_used
) {
99 arm7_9
->wp_available
--;
100 } else if (!arm7_9
->wp1_used
) {
101 arm7_9
->wp1_used
= 1;
103 arm7_9
->wp_available
--;
105 LOG_ERROR("BUG: no hardware comparator available");
106 LOG_DEBUG("BPID: %" PRId32
" (0x%08" PRIx32
") using hw wp: %d",
107 breakpoint
->unique_id
,
113 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
115 * @param arm7_9 Pointer to common struct for ARM7/9 targets
116 * @return Error codes if there is a problem finding a watchpoint or the result
117 * of executing the JTAG queue
119 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
121 if (arm7_9
->sw_breakpoints_added
)
123 if (arm7_9
->wp_available
< 1) {
124 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
127 arm7_9
->wp_available
--;
129 /* pick a breakpoint unit */
130 if (!arm7_9
->wp0_used
) {
131 arm7_9
->sw_breakpoints_added
= 1;
132 arm7_9
->wp0_used
= 3;
133 } else if (!arm7_9
->wp1_used
) {
134 arm7_9
->sw_breakpoints_added
= 2;
135 arm7_9
->wp1_used
= 3;
137 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
141 if (arm7_9
->sw_breakpoints_added
== 1) {
142 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
143 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
144 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
145 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
146 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
147 } else if (arm7_9
->sw_breakpoints_added
== 2) {
148 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
149 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
150 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
151 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
152 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
154 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
157 LOG_DEBUG("SW BP using hw wp: %d",
158 arm7_9
->sw_breakpoints_added
);
160 return jtag_execute_queue();
164 * Setup the common pieces for an ARM7/9 target after reset or on startup.
166 * @param target Pointer to an ARM7/9 target to setup
167 * @return Result of clearing the watchpoints on the target
169 static int arm7_9_setup(struct target
*target
)
171 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
173 return arm7_9_clear_watchpoints(arm7_9
);
177 * Set either a hardware or software breakpoint on an ARM7/9 target. The
178 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
179 * might have erased the values in Embedded ICE.
181 * @param target Pointer to the target device to set the breakpoints on
182 * @param breakpoint Pointer to the breakpoint to be set
183 * @return For hardware breakpoints, this is the result of executing the JTAG
184 * queue. For software breakpoints, this will be the status of the
185 * required memory reads and writes
187 static int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
189 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
190 int retval
= ERROR_OK
;
192 LOG_DEBUG("BPID: %" PRId32
", Address: 0x%08" PRIx32
", Type: %d",
193 breakpoint
->unique_id
,
197 if (target
->state
!= TARGET_HALTED
) {
198 LOG_WARNING("target not halted");
199 return ERROR_TARGET_NOT_HALTED
;
202 if (breakpoint
->type
== BKPT_HARD
) {
203 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
204 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
206 /* reassign a hw breakpoint */
207 if (breakpoint
->set
== 0)
208 arm7_9_assign_wp(arm7_9
, breakpoint
);
210 if (breakpoint
->set
== 1) {
211 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
212 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
213 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
214 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
215 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
216 } else if (breakpoint
->set
== 2) {
217 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
218 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
219 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
220 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
221 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
223 LOG_ERROR("BUG: no hardware comparator available");
227 retval
= jtag_execute_queue();
228 } else if (breakpoint
->type
== BKPT_SOFT
) {
229 /* did we already set this breakpoint? */
233 if (breakpoint
->length
== 4) {
234 uint32_t verify
= 0xffffffff;
235 /* keep the original instruction in target endianness */
236 retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
237 if (retval
!= ERROR_OK
)
239 /* write the breakpoint instruction in target
240 * endianness (arm7_9->arm_bkpt is host endian) */
241 retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
);
242 if (retval
!= ERROR_OK
)
245 retval
= target_read_u32(target
, breakpoint
->address
, &verify
);
246 if (retval
!= ERROR_OK
)
248 if (verify
!= arm7_9
->arm_bkpt
) {
249 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
250 " - check that memory is read/writable", breakpoint
->address
);
254 uint16_t verify
= 0xffff;
255 /* keep the original instruction in target endianness */
256 retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
257 if (retval
!= ERROR_OK
)
259 /* write the breakpoint instruction in target
260 * endianness (arm7_9->thumb_bkpt is host endian) */
261 retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
);
262 if (retval
!= ERROR_OK
)
265 retval
= target_read_u16(target
, breakpoint
->address
, &verify
);
266 if (retval
!= ERROR_OK
)
268 if (verify
!= arm7_9
->thumb_bkpt
) {
269 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
270 " - check that memory is read/writable", breakpoint
->address
);
275 retval
= arm7_9_set_software_breakpoints(arm7_9
);
276 if (retval
!= ERROR_OK
)
279 arm7_9
->sw_breakpoint_count
++;
288 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
289 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
290 * will be updated. Otherwise, the software breakpoint will be restored to its
291 * original instruction if it hasn't already been modified.
293 * @param target Pointer to ARM7/9 target to unset the breakpoint from
294 * @param breakpoint Pointer to breakpoint to be unset
295 * @return For hardware breakpoints, this is the result of executing the JTAG
296 * queue. For software breakpoints, this will be the status of the
297 * required memory reads and writes
299 static int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
301 int retval
= ERROR_OK
;
302 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
304 LOG_DEBUG("BPID: %" PRId32
", Address: 0x%08" PRIx32
,
305 breakpoint
->unique_id
,
306 breakpoint
->address
);
308 if (!breakpoint
->set
) {
309 LOG_WARNING("breakpoint not set");
313 if (breakpoint
->type
== BKPT_HARD
) {
314 LOG_DEBUG("BPID: %" PRId32
" Releasing hw wp: %d",
315 breakpoint
->unique_id
,
317 if (breakpoint
->set
== 1) {
318 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
319 arm7_9
->wp0_used
= 0;
320 arm7_9
->wp_available
++;
321 } else if (breakpoint
->set
== 2) {
322 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
323 arm7_9
->wp1_used
= 0;
324 arm7_9
->wp_available
++;
326 retval
= jtag_execute_queue();
329 /* restore original instruction (kept in target endianness) */
330 if (breakpoint
->length
== 4) {
331 uint32_t current_instr
;
332 /* check that user program as not modified breakpoint instruction */
333 retval
= target_read_memory(target
,
334 breakpoint
->address
, 4, 1, (uint8_t *)¤t_instr
);
335 if (retval
!= ERROR_OK
)
337 current_instr
= target_buffer_get_u32(target
, (uint8_t *)¤t_instr
);
338 if (current_instr
== arm7_9
->arm_bkpt
) {
339 retval
= target_write_memory(target
,
340 breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
341 if (retval
!= ERROR_OK
)
346 uint16_t current_instr
;
347 /* check that user program as not modified breakpoint instruction */
348 retval
= target_read_memory(target
,
349 breakpoint
->address
, 2, 1, (uint8_t *)¤t_instr
);
350 if (retval
!= ERROR_OK
)
352 current_instr
= target_buffer_get_u16(target
, (uint8_t *)¤t_instr
);
353 if (current_instr
== arm7_9
->thumb_bkpt
) {
354 retval
= target_write_memory(target
,
355 breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
356 if (retval
!= ERROR_OK
)
361 if (--arm7_9
->sw_breakpoint_count
== 0) {
362 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
364 if (arm7_9
->sw_breakpoints_added
== 1)
365 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
366 EICE_W0_CONTROL_VALUE
], 0);
367 else if (arm7_9
->sw_breakpoints_added
== 2)
368 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
369 EICE_W1_CONTROL_VALUE
], 0);
379 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
380 * dangling breakpoints and that the desired breakpoint can be added.
382 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
383 * @param breakpoint Pointer to the breakpoint to be added
384 * @return An error status if there is a problem adding the breakpoint or the
385 * result of setting the breakpoint
387 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
389 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
391 if (arm7_9
->breakpoint_count
== 0) {
392 /* make sure we don't have any dangling breakpoints. This is vital upon
393 * GDB connect/disconnect
395 arm7_9_clear_watchpoints(arm7_9
);
398 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1)) {
399 LOG_INFO("no watchpoint unit available for hardware breakpoint");
400 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
403 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4)) {
404 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
405 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
408 if (breakpoint
->type
== BKPT_HARD
)
409 arm7_9_assign_wp(arm7_9
, breakpoint
);
411 arm7_9
->breakpoint_count
++;
413 return arm7_9_set_breakpoint(target
, breakpoint
);
417 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
418 * dangling breakpoints and updates available watchpoints if it is a hardware
421 * @param target Pointer to the target to have a breakpoint removed
422 * @param breakpoint Pointer to the breakpoint to be removed
423 * @return Error status if there was a problem unsetting the breakpoint or the
424 * watchpoints could not be cleared
426 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
428 int retval
= ERROR_OK
;
429 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
431 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
432 if (retval
!= ERROR_OK
)
435 if (breakpoint
->type
== BKPT_HARD
)
436 arm7_9
->wp_available
++;
438 arm7_9
->breakpoint_count
--;
439 if (arm7_9
->breakpoint_count
== 0) {
440 /* make sure we don't have any dangling breakpoints */
441 retval
= arm7_9_clear_watchpoints(arm7_9
);
442 if (retval
!= ERROR_OK
)
450 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
451 * considered a bug to call this function when there are no available watchpoint
454 * @param target Pointer to an ARM7/9 target to set a watchpoint on
455 * @param watchpoint Pointer to the watchpoint to be set
456 * @return Error status if watchpoint set fails or the result of executing the
459 static int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
461 int retval
= ERROR_OK
;
462 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
466 mask
= watchpoint
->length
- 1;
468 if (target
->state
!= TARGET_HALTED
) {
469 LOG_WARNING("target not halted");
470 return ERROR_TARGET_NOT_HALTED
;
473 if (watchpoint
->rw
== WPT_ACCESS
)
478 if (!arm7_9
->wp0_used
) {
479 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
],
480 watchpoint
->address
);
481 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
482 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
],
484 if (watchpoint
->mask
!= 0xffffffffu
)
485 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
],
487 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
488 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
489 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
490 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
492 retval
= jtag_execute_queue();
493 if (retval
!= ERROR_OK
)
496 arm7_9
->wp0_used
= 2;
497 } else if (!arm7_9
->wp1_used
) {
498 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
499 watchpoint
->address
);
500 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
501 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
],
503 if (watchpoint
->mask
!= 0xffffffffu
)
504 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
],
506 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
507 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
508 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
509 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
511 retval
= jtag_execute_queue();
512 if (retval
!= ERROR_OK
)
515 arm7_9
->wp1_used
= 2;
517 LOG_ERROR("BUG: no hardware comparator available");
525 * Unset an existing watchpoint and clear the used watchpoint unit.
527 * @param target Pointer to the target to have the watchpoint removed
528 * @param watchpoint Pointer to the watchpoint to be removed
529 * @return Error status while trying to unset the watchpoint or the result of
530 * executing the JTAG queue
532 static int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
534 int retval
= ERROR_OK
;
535 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
537 if (target
->state
!= TARGET_HALTED
) {
538 LOG_WARNING("target not halted");
539 return ERROR_TARGET_NOT_HALTED
;
542 if (!watchpoint
->set
) {
543 LOG_WARNING("breakpoint not set");
547 if (watchpoint
->set
== 1) {
548 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
549 retval
= jtag_execute_queue();
550 if (retval
!= ERROR_OK
)
552 arm7_9
->wp0_used
= 0;
553 } else if (watchpoint
->set
== 2) {
554 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
555 retval
= jtag_execute_queue();
556 if (retval
!= ERROR_OK
)
558 arm7_9
->wp1_used
= 0;
566 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
567 * available, an error response is returned.
569 * @param target Pointer to the ARM7/9 target to add a watchpoint to
570 * @param watchpoint Pointer to the watchpoint to be added
571 * @return Error status while trying to add the watchpoint
573 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
575 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
577 if (arm7_9
->wp_available
< 1)
578 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
580 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
581 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
583 arm7_9
->wp_available
--;
589 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
590 * the used watchpoint unit will be reopened.
592 * @param target Pointer to the target to remove a watchpoint from
593 * @param watchpoint Pointer to the watchpoint to be removed
594 * @return Result of trying to unset the watchpoint
596 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
598 int retval
= ERROR_OK
;
599 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
601 if (watchpoint
->set
) {
602 retval
= arm7_9_unset_watchpoint(target
, watchpoint
);
603 if (retval
!= ERROR_OK
)
607 arm7_9
->wp_available
++;
613 * Restarts the target by sending a RESTART instruction and moving the JTAG
614 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
615 * asserted by the processor.
617 * @param target Pointer to target to issue commands to
618 * @return Error status if there is a timeout or a problem while executing the
621 int arm7_9_execute_sys_speed(struct target
*target
)
624 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
625 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
626 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
628 /* set RESTART instruction */
629 if (arm7_9
->need_bypass_before_restart
) {
630 arm7_9
->need_bypass_before_restart
= 0;
631 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
632 if (retval
!= ERROR_OK
)
635 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
636 if (retval
!= ERROR_OK
)
639 long long then
= timeval_ms();
641 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
642 /* read debug status register */
643 embeddedice_read_reg(dbg_stat
);
644 retval
= jtag_execute_queue();
645 if (retval
!= ERROR_OK
)
647 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
648 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
650 if (debug_level
>= 3)
656 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"",
657 buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
658 return ERROR_TARGET_TIMEOUT
;
665 * Restarts the target by sending a RESTART instruction and moving the JTAG
666 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
667 * waiting until they are.
669 * @param target Pointer to the target to issue commands to
670 * @return Always ERROR_OK
672 static int arm7_9_execute_fast_sys_speed(struct target
*target
)
675 static uint8_t check_value
[4], check_mask
[4];
677 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
678 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
679 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
682 /* set RESTART instruction */
683 if (arm7_9
->need_bypass_before_restart
) {
684 arm7_9
->need_bypass_before_restart
= 0;
685 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
686 if (retval
!= ERROR_OK
)
689 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
690 if (retval
!= ERROR_OK
)
694 /* check for DBGACK and SYSCOMP set (others don't care) */
696 /* NB! These are constants that must be available until after next jtag_execute() and
697 * we evaluate the values upon first execution in lieu of setting up these constants
698 * during early setup.
700 buf_set_u32(check_value
, 0, 32, 0x9);
701 buf_set_u32(check_mask
, 0, 32, 0x9);
705 /* read debug status register */
706 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
712 * Get some data from the ARM7/9 target.
714 * @param target Pointer to the ARM7/9 target to read data from
715 * @param size The number of 32bit words to be read
716 * @param buffer Pointer to the buffer that will hold the data
717 * @return The result of receiving data from the Embedded ICE unit
719 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
721 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
722 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
724 int retval
= ERROR_OK
;
727 data
= malloc(size
* (sizeof(uint32_t)));
729 retval
= embeddedice_receive(jtag_info
, data
, size
);
731 /* return the 32-bit ints in the 8-bit array */
732 for (i
= 0; i
< size
; i
++)
733 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
741 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
742 * target is running and the DCC control register has the W bit high, this will
743 * execute the request on the target.
745 * @param priv Void pointer expected to be a struct target pointer
746 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
747 * from the Embedded ICE unit
749 static int arm7_9_handle_target_request(void *priv
)
751 int retval
= ERROR_OK
;
752 struct target
*target
= priv
;
753 if (!target_was_examined(target
))
755 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
756 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
757 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
759 if (!target
->dbg_msg_enabled
)
762 if (target
->state
== TARGET_RUNNING
) {
763 /* read DCC control register */
764 embeddedice_read_reg(dcc_control
);
765 retval
= jtag_execute_queue();
766 if (retval
!= ERROR_OK
)
770 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1) {
773 retval
= embeddedice_receive(jtag_info
, &request
, 1);
774 if (retval
!= ERROR_OK
)
776 retval
= target_request(target
, request
);
777 if (retval
!= ERROR_OK
)
786 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
787 * is manipulated to the right halted state based on its current state. This is
791 * <tr><th > State</th><th > Action</th></tr>
792 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
793 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
794 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
795 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
796 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
799 * If the target does not end up in the halted state, a warning is produced. If
800 * DBGACK is cleared, then the target is expected to either be running or
803 * @param target Pointer to the ARM7/9 target to poll
804 * @return ERROR_OK or an error status if a command fails
806 int arm7_9_poll(struct target
*target
)
809 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
810 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
812 /* read debug status register */
813 embeddedice_read_reg(dbg_stat
);
814 retval
= jtag_execute_queue();
815 if (retval
!= ERROR_OK
)
818 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)) {
819 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
820 if (target
->state
== TARGET_UNKNOWN
) {
821 /* Starting OpenOCD with target in debug-halt */
822 target
->state
= TARGET_RUNNING
;
823 LOG_DEBUG("DBGACK already set during server startup.");
825 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
)) {
826 target
->state
= TARGET_HALTED
;
828 retval
= arm7_9_debug_entry(target
);
829 if (retval
!= ERROR_OK
)
832 if (arm_semihosting(target
, &retval
) != 0)
835 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
836 if (retval
!= ERROR_OK
)
839 if (target
->state
== TARGET_DEBUG_RUNNING
) {
840 target
->state
= TARGET_HALTED
;
841 retval
= arm7_9_debug_entry(target
);
842 if (retval
!= ERROR_OK
)
845 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
846 if (retval
!= ERROR_OK
)
849 if (target
->state
!= TARGET_HALTED
)
851 "DBGACK set, but the target did not end up in the halted state %d",
854 if (target
->state
!= TARGET_DEBUG_RUNNING
)
855 target
->state
= TARGET_RUNNING
;
862 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
863 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
864 * affected) completely stop the JTAG clock while the core is held in reset
865 * (SRST). It isn't possible to program the halt condition once reset is
866 * asserted, hence a hook that allows the target to set up its reset-halt
867 * condition is setup prior to asserting reset.
869 * @param target Pointer to an ARM7/9 target to assert reset on
870 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
872 int arm7_9_assert_reset(struct target
*target
)
874 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
875 enum reset_types jtag_reset_config
= jtag_get_reset_config();
876 bool use_event
= false;
878 /* TODO: apply hw reset signal in not examined state */
879 if (!(target_was_examined(target
))) {
880 LOG_WARNING("Reset is not asserted because the target is not examined.");
881 LOG_WARNING("Use a reset button or power cycle the target.");
882 return ERROR_TARGET_NOT_EXAMINED
;
885 LOG_DEBUG("target->state: %s", target_state_name(target
));
887 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
889 else if (!(jtag_reset_config
& RESET_HAS_SRST
)) {
890 LOG_ERROR("%s: how to reset?", target_name(target
));
894 /* At this point trst has been asserted/deasserted once. We would
895 * like to program EmbeddedICE while SRST is asserted, instead of
896 * depending on SRST to leave that module alone. However, many CPUs
897 * gate the JTAG clock while SRST is asserted; or JTAG may need
898 * clock stability guarantees (adaptive clocking might help).
900 * So we assume JTAG access during SRST is off the menu unless it's
901 * been specifically enabled.
903 bool srst_asserted
= false;
905 if (!use_event
&& !(jtag_reset_config
& RESET_SRST_PULLS_TRST
)
906 && (jtag_reset_config
& RESET_SRST_NO_GATING
)) {
907 jtag_add_reset(0, 1);
908 srst_asserted
= true;
911 if (target
->reset_halt
) {
913 * For targets that don't support communication while SRST is
914 * asserted, we need to set up the reset vector catch first.
916 * When we use TRST+SRST and that's equivalent to a power-up
917 * reset, these settings may well be reset anyway; so setting
918 * them here won't matter.
920 if (arm7_9
->has_vector_catch
) {
921 /* program vector catch register to catch reset */
922 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
924 /* extra runtest added as issues were found with
925 * certain ARM9 cores (maybe more) - AT91SAM9260
928 jtag_add_runtest(1, TAP_IDLE
);
930 /* program watchpoint unit to match on reset vector
933 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
934 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
935 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
936 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
937 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
942 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
944 /* If we use SRST ... we'd like to issue just SRST, but the
945 * board or chip may be set up so we have to assert TRST as
946 * well. On some chips that combination is equivalent to a
947 * power-up reset, and generally clobbers EICE state.
949 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
950 jtag_add_reset(1, 1);
951 else if (!srst_asserted
)
952 jtag_add_reset(0, 1);
953 jtag_add_sleep(50000);
956 target
->state
= TARGET_RESET
;
957 register_cache_invalidate(arm7_9
->arm
.core_cache
);
959 /* REVISIT why isn't standard debug entry logic sufficient?? */
960 if (target
->reset_halt
&& (!(jtag_reset_config
& RESET_SRST_PULLS_TRST
) || use_event
)) {
961 /* debug entry was prepared above */
962 target
->debug_reason
= DBG_REASON_DBGRQ
;
969 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
970 * and the target is being reset into a halt, a warning will be triggered
971 * because it is not possible to reset into a halted mode in this case. The
972 * target is halted using the target's functions.
974 * @param target Pointer to the target to have the reset deasserted
975 * @return ERROR_OK or an error from polling or halting the target
977 int arm7_9_deassert_reset(struct target
*target
)
979 int retval
= ERROR_OK
;
980 LOG_DEBUG("target->state: %s", target_state_name(target
));
982 /* deassert reset lines */
983 jtag_add_reset(0, 0);
985 /* In case polling is disabled, we need to examine the
986 * target and poll here for this target to work correctly.
988 * Otherwise, e.g. halt will fail afterwards with bogus
989 * error messages as halt will believe that reset is
992 retval
= target_examine_one(target
);
993 if (retval
!= ERROR_OK
)
996 retval
= target_poll(target
);
997 if (retval
!= ERROR_OK
)
1000 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1001 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0) {
1003 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1004 retval
= target_halt(target
);
1005 if (retval
!= ERROR_OK
)
1012 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1013 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1014 * vector catch was used, it is restored. Otherwise, the control value is
1015 * restored and the watchpoint unit is restored if it was in use.
1017 * @param target Pointer to the ARM7/9 target to have halt cleared
1018 * @return Always ERROR_OK
1020 static int arm7_9_clear_halt(struct target
*target
)
1022 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1023 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1025 /* we used DBGRQ only if we didn't come out of reset */
1026 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
) {
1027 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1029 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1030 embeddedice_store_reg(dbg_ctrl
);
1032 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
) {
1033 /* if we came out of reset, and vector catch is supported, we used
1034 * vector catch to enter debug state
1035 * restore the register in that case
1037 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1039 /* restore registers if watchpoint unit 0 was in use
1041 if (arm7_9
->wp0_used
) {
1042 if (arm7_9
->debug_entry_from_reset
)
1043 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1044 EICE_W0_ADDR_VALUE
]);
1045 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1046 EICE_W0_ADDR_MASK
]);
1047 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1048 EICE_W0_DATA_MASK
]);
1049 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1050 EICE_W0_CONTROL_MASK
]);
1052 /* control value always has to be restored, as it was either disabled,
1053 * or enabled with possibly different bits
1055 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1063 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1064 * and then there is a wait until the processor shows the halt. This wait can
1065 * timeout and results in an error being returned. The software reset involves
1066 * clearing the halt, updating the debug control register, changing to ARM mode,
1067 * reset of the program counter, and reset of all of the registers.
1069 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1070 * @return Error status if any of the commands fail, otherwise ERROR_OK
1072 int arm7_9_soft_reset_halt(struct target
*target
)
1074 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1075 struct arm
*arm
= &arm7_9
->arm
;
1076 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1077 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1081 /* FIX!!! replace some of this code with tcl commands
1083 * halt # the halt command is synchronous
1084 * armv4_5 core_state arm
1088 retval
= target_halt(target
);
1089 if (retval
!= ERROR_OK
)
1092 long long then
= timeval_ms();
1094 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
1095 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1097 embeddedice_read_reg(dbg_stat
);
1098 retval
= jtag_execute_queue();
1099 if (retval
!= ERROR_OK
)
1101 if (debug_level
>= 3)
1107 LOG_ERROR("Failed to halt CPU after 1 sec");
1108 return ERROR_TARGET_TIMEOUT
;
1110 target
->state
= TARGET_HALTED
;
1112 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1113 * ensure that DBGRQ is cleared
1115 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1116 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1117 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1118 embeddedice_store_reg(dbg_ctrl
);
1120 retval
= arm7_9_clear_halt(target
);
1121 if (retval
!= ERROR_OK
)
1124 /* if the target is in Thumb state, change to ARM state */
1125 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1126 uint32_t r0_thumb
, pc_thumb
;
1127 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1128 /* Entered debug from Thumb mode */
1129 arm
->core_state
= ARM_STATE_THUMB
;
1130 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1133 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1135 /* all register content is now invalid */
1136 register_cache_invalidate(arm
->core_cache
);
1138 /* SVC, ARM state, IRQ and FIQ disabled */
1141 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
1144 arm_set_cpsr(arm
, cpsr
);
1145 arm
->cpsr
->dirty
= 1;
1147 /* start fetching from 0x0 */
1148 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
1152 /* reset registers */
1153 for (i
= 0; i
<= 14; i
++) {
1154 struct reg
*r
= arm_reg_current(arm
, i
);
1156 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1161 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1162 if (retval
!= ERROR_OK
)
1169 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1170 * line or by programming a watchpoint to trigger on any address. It is
1171 * considered a bug to call this function while the target is in the
1172 * TARGET_RESET state.
1174 * @param target Pointer to the ARM7/9 target to be halted
1175 * @return Always ERROR_OK
1177 int arm7_9_halt(struct target
*target
)
1179 if (target
->state
== TARGET_RESET
) {
1181 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1185 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1186 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1188 LOG_DEBUG("target->state: %s",
1189 target_state_name(target
));
1191 if (target
->state
== TARGET_HALTED
) {
1192 LOG_DEBUG("target was already halted");
1196 if (target
->state
== TARGET_UNKNOWN
)
1197 LOG_WARNING("target was in unknown state when halt was requested");
1199 if (arm7_9
->use_dbgrq
) {
1200 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1202 if (arm7_9
->set_special_dbgrq
)
1203 arm7_9
->set_special_dbgrq(target
);
1205 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1206 embeddedice_store_reg(dbg_ctrl
);
1209 /* program watchpoint unit to match on any address
1211 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1212 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1213 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1214 EICE_W_CTRL_ENABLE
);
1215 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1216 ~EICE_W_CTRL_nOPC
& 0xff);
1219 target
->debug_reason
= DBG_REASON_DBGRQ
;
1225 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1226 * ARM. The JTAG queue is then executed and the reason for debug entry is
1227 * examined. Once done, the target is verified to be halted and the processor
1228 * is forced into ARM mode. The core registers are saved for the current core
1229 * mode and the program counter (register 15) is updated as needed. The core
1230 * registers and CPSR and SPSR are saved for restoration later.
1232 * @param target Pointer to target that is entering debug mode
1233 * @return Error code if anything fails, otherwise ERROR_OK
1235 static int arm7_9_debug_entry(struct target
*target
)
1238 uint32_t context
[16];
1239 uint32_t *context_p
[16];
1240 uint32_t r0_thumb
, pc_thumb
;
1241 uint32_t cpsr
, cpsr_mask
= 0;
1243 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1244 struct arm
*arm
= &arm7_9
->arm
;
1245 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1246 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1248 #ifdef _DEBUG_ARM7_9_
1252 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1253 * ensure that DBGRQ is cleared
1255 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1256 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1257 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1258 embeddedice_store_reg(dbg_ctrl
);
1260 retval
= arm7_9_clear_halt(target
);
1261 if (retval
!= ERROR_OK
)
1264 retval
= jtag_execute_queue();
1265 if (retval
!= ERROR_OK
)
1268 retval
= arm7_9
->examine_debug_reason(target
);
1269 if (retval
!= ERROR_OK
)
1272 if (target
->state
!= TARGET_HALTED
) {
1273 LOG_WARNING("target not halted");
1274 return ERROR_TARGET_NOT_HALTED
;
1277 /* if the target is in Thumb state, change to ARM state */
1278 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1279 LOG_DEBUG("target entered debug from Thumb state");
1280 /* Entered debug from Thumb mode */
1281 arm
->core_state
= ARM_STATE_THUMB
;
1283 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1284 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1285 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1286 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1287 /* \todo Get some vaguely correct handling of Jazelle, if
1288 * anyone ever uses it and full info becomes available.
1289 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1290 * B.7.3 for the reverse. That'd be the bare minimum...
1292 LOG_DEBUG("target entered debug from Jazelle state");
1293 arm
->core_state
= ARM_STATE_JAZELLE
;
1294 cpsr_mask
= 1 << 24;
1295 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1297 LOG_DEBUG("target entered debug from ARM state");
1298 /* Entered debug from ARM mode */
1299 arm
->core_state
= ARM_STATE_ARM
;
1302 for (i
= 0; i
< 16; i
++)
1303 context_p
[i
] = &context
[i
];
1304 /* save core registers (r0 - r15 of current core mode) */
1305 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1307 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1309 retval
= jtag_execute_queue();
1310 if (retval
!= ERROR_OK
)
1313 /* Sync our CPSR copy with J or T bits EICE reported, but
1314 * which we then erased by putting the core into ARM mode.
1316 arm_set_cpsr(arm
, cpsr
| cpsr_mask
);
1318 if (!is_arm_mode(arm
->core_mode
)) {
1319 target
->state
= TARGET_UNKNOWN
;
1320 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1321 return ERROR_TARGET_FAILURE
;
1324 LOG_DEBUG("target entered debug state in %s mode",
1325 arm_mode_name(arm
->core_mode
));
1327 if (arm
->core_state
== ARM_STATE_THUMB
) {
1328 LOG_DEBUG("thumb state, applying fixups");
1329 context
[0] = r0_thumb
;
1330 context
[15] = pc_thumb
;
1331 } else if (arm
->core_state
== ARM_STATE_ARM
) {
1332 /* adjust value stored by STM */
1333 context
[15] -= 3 * 4;
1336 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1337 context
[15] -= 3 * ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1339 context
[15] -= arm7_9
->dbgreq_adjust_pc
*
1340 ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1342 for (i
= 0; i
<= 15; i
++) {
1343 struct reg
*r
= arm_reg_current(arm
, i
);
1345 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1347 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1348 /* r0 and r15 (pc) have to be restored later */
1349 r
->dirty
= (i
== 0) || (i
== 15);
1353 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1355 /* exceptions other than USR & SYS have a saved program status register */
1358 arm7_9
->read_xpsr(target
, &spsr
, 1);
1359 retval
= jtag_execute_queue();
1360 if (retval
!= ERROR_OK
)
1362 buf_set_u32(arm
->spsr
->value
, 0, 32, spsr
);
1363 arm
->spsr
->dirty
= 0;
1364 arm
->spsr
->valid
= 1;
1367 retval
= jtag_execute_queue();
1368 if (retval
!= ERROR_OK
)
1371 if (arm7_9
->post_debug_entry
) {
1372 retval
= arm7_9
->post_debug_entry(target
);
1373 if (retval
!= ERROR_OK
)
1381 * Validate the full context for an ARM7/9 target in all processor modes. If
1382 * there are any invalid registers for the target, they will all be read. This
1385 * @param target Pointer to the ARM7/9 target to capture the full context from
1386 * @return Error if the target is not halted, has an invalid core mode, or if
1387 * the JTAG queue fails to execute
1389 static int arm7_9_full_context(struct target
*target
)
1393 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1394 struct arm
*arm
= &arm7_9
->arm
;
1398 if (target
->state
!= TARGET_HALTED
) {
1399 LOG_WARNING("target not halted");
1400 return ERROR_TARGET_NOT_HALTED
;
1403 if (!is_arm_mode(arm
->core_mode
)) {
1404 LOG_ERROR("not a valid arm core mode - communication failure?");
1408 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1409 * SYS shares registers with User, so we don't touch SYS
1411 for (i
= 0; i
< 6; i
++) {
1413 uint32_t *reg_p
[16];
1417 /* check if there are invalid registers in the current mode
1419 for (j
= 0; j
<= 16; j
++) {
1420 if (ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1427 /* change processor mode (and mask T bit) */
1428 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8)
1430 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1432 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1434 for (j
= 0; j
< 15; j
++) {
1435 if (ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1436 armv4_5_number_to_mode(i
), j
).valid
== 0) {
1437 reg_p
[j
] = (uint32_t *)ARMV4_5_CORE_REG_MODE(
1439 armv4_5_number_to_mode(i
),
1442 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1443 armv4_5_number_to_mode(i
),
1445 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1446 armv4_5_number_to_mode(i
),
1451 /* if only the PSR is invalid, mask is all zeroes */
1453 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1455 /* check if the PSR has to be read */
1456 if (ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1458 arm7_9
->read_xpsr(target
,
1459 (uint32_t *)ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1460 armv4_5_number_to_mode(i
), 16).value
, 1);
1461 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1463 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1469 /* restore processor mode (mask T bit) */
1470 arm7_9
->write_xpsr_im8(target
,
1471 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
1473 retval
= jtag_execute_queue();
1474 if (retval
!= ERROR_OK
)
1480 * Restore the processor context on an ARM7/9 target. The full processor
1481 * context is analyzed to see if any of the registers are dirty on this end, but
1482 * have a valid new value. If this is the case, the processor is changed to the
1483 * appropriate mode and the new register values are written out to the
1484 * processor. If there happens to be a dirty register with an invalid value, an
1485 * error will be logged.
1487 * @param target Pointer to the ARM7/9 target to have its context restored
1488 * @return Error status if the target is not halted or the core mode in the
1489 * armv4_5 struct is invalid.
1491 static int arm7_9_restore_context(struct target
*target
)
1493 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1494 struct arm
*arm
= &arm7_9
->arm
;
1496 enum arm_mode current_mode
= arm
->core_mode
;
1503 if (target
->state
!= TARGET_HALTED
) {
1504 LOG_WARNING("target not halted");
1505 return ERROR_TARGET_NOT_HALTED
;
1508 if (arm7_9
->pre_restore_context
)
1509 arm7_9
->pre_restore_context(target
);
1511 if (!is_arm_mode(arm
->core_mode
)) {
1512 LOG_ERROR("not a valid arm core mode - communication failure?");
1516 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1517 * SYS shares registers with User, so we don't touch SYS
1519 for (i
= 0; i
< 6; i
++) {
1520 LOG_DEBUG("examining %s mode",
1521 arm_mode_name(arm
->core_mode
));
1524 /* check if there are dirty registers in the current mode
1526 for (j
= 0; j
<= 16; j
++) {
1527 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
);
1528 if (reg
->dirty
== 1) {
1529 if (reg
->valid
== 1) {
1531 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1532 struct arm_reg
*reg_arch_info
;
1533 reg_arch_info
= reg
->arch_info
;
1534 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1535 && (reg_arch_info
->mode
!= current_mode
)
1536 && !((reg_arch_info
->mode
== ARM_MODE_USR
)
1537 && (arm
->core_mode
== ARM_MODE_SYS
))
1538 && !((reg_arch_info
->mode
== ARM_MODE_SYS
)
1539 && (arm
->core_mode
== ARM_MODE_USR
))) {
1541 LOG_DEBUG("require mode change");
1544 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1550 uint32_t mask
= 0x0;
1557 /* change processor mode (mask T bit) */
1558 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
,
1560 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1562 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1563 current_mode
= armv4_5_number_to_mode(i
);
1566 for (j
= 0; j
<= 14; j
++) {
1567 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1568 armv4_5_number_to_mode(i
),
1571 if (reg
->dirty
== 1) {
1572 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1577 LOG_DEBUG("writing register %i mode %s "
1578 "with value 0x%8.8" PRIx32
, j
,
1579 arm_mode_name(arm
->core_mode
),
1585 arm7_9
->write_core_regs(target
, mask
, regs
);
1588 &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(
1590 struct arm_reg
*reg_arch_info
;
1591 reg_arch_info
= reg
->arch_info
;
1592 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
)) {
1593 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"",
1595 buf_get_u32(reg
->value
, 0, 32));
1596 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1601 if (!arm
->cpsr
->dirty
&& (arm
->core_mode
!= current_mode
)) {
1602 /* restore processor mode (mask T bit) */
1605 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
1606 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1608 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1609 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1611 } else if (arm
->cpsr
->dirty
) {
1612 /* CPSR has been changed, full restore necessary (mask T bit) */
1613 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1614 buf_get_u32(arm
->cpsr
->value
, 0, 32));
1615 arm7_9
->write_xpsr(target
,
1616 buf_get_u32(arm
->cpsr
->value
, 0, 32)
1618 arm
->cpsr
->dirty
= 0;
1619 arm
->cpsr
->valid
= 1;
1623 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
,
1624 buf_get_u32(arm
->pc
->value
, 0, 32));
1625 arm7_9
->write_pc(target
, buf_get_u32(arm
->pc
->value
, 0, 32));
1632 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1633 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1636 * @param target Pointer to the ARM7/9 target to be restarted
1637 * @return Result of executing the JTAG queue
1639 static int arm7_9_restart_core(struct target
*target
)
1641 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1642 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1645 /* set RESTART instruction */
1646 if (arm7_9
->need_bypass_before_restart
) {
1647 arm7_9
->need_bypass_before_restart
= 0;
1649 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
1650 if (retval
!= ERROR_OK
)
1653 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
1654 if (retval
!= ERROR_OK
)
1657 jtag_add_runtest(1, TAP_IDLE
);
1658 return jtag_execute_queue();
1662 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1663 * iterated through and are set on the target if they aren't already set.
1665 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1667 static void arm7_9_enable_watchpoints(struct target
*target
)
1669 struct watchpoint
*watchpoint
= target
->watchpoints
;
1671 while (watchpoint
) {
1672 if (watchpoint
->set
== 0)
1673 arm7_9_set_watchpoint(target
, watchpoint
);
1674 watchpoint
= watchpoint
->next
;
1679 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1680 * iterated through and are set on the target.
1682 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1684 static void arm7_9_enable_breakpoints(struct target
*target
)
1686 struct breakpoint
*breakpoint
= target
->breakpoints
;
1688 /* set any pending breakpoints */
1689 while (breakpoint
) {
1690 arm7_9_set_breakpoint(target
, breakpoint
);
1691 breakpoint
= breakpoint
->next
;
1695 int arm7_9_resume(struct target
*target
,
1698 int handle_breakpoints
,
1699 int debug_execution
)
1701 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1702 struct arm
*arm
= &arm7_9
->arm
;
1703 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1704 int err
, retval
= ERROR_OK
;
1708 if (target
->state
!= TARGET_HALTED
) {
1709 LOG_WARNING("target not halted");
1710 return ERROR_TARGET_NOT_HALTED
;
1713 if (!debug_execution
)
1714 target_free_all_working_areas(target
);
1716 /* current = 1: continue on current pc, otherwise continue at <address> */
1718 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1720 uint32_t current_pc
;
1721 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1723 /* the front-end may request us not to handle breakpoints */
1724 if (handle_breakpoints
) {
1725 struct breakpoint
*breakpoint
;
1726 breakpoint
= breakpoint_find(target
,
1727 buf_get_u32(arm
->pc
->value
, 0, 32));
1728 if (breakpoint
!= NULL
) {
1729 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32
" (id: %" PRId32
,
1730 breakpoint
->address
,
1731 breakpoint
->unique_id
);
1732 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1733 if (retval
!= ERROR_OK
)
1736 /* calculate PC of next instruction */
1738 retval
= arm_simulate_step(target
, &next_pc
);
1739 if (retval
!= ERROR_OK
) {
1740 uint32_t current_opcode
;
1741 target_read_u32(target
, current_pc
, ¤t_opcode
);
1743 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1748 LOG_DEBUG("enable single-step");
1749 arm7_9
->enable_single_step(target
, next_pc
);
1751 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1753 retval
= arm7_9_restore_context(target
);
1754 if (retval
!= ERROR_OK
)
1757 if (arm
->core_state
== ARM_STATE_ARM
)
1758 arm7_9
->branch_resume(target
);
1759 else if (arm
->core_state
== ARM_STATE_THUMB
)
1760 arm7_9
->branch_resume_thumb(target
);
1762 LOG_ERROR("unhandled core state");
1766 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1767 embeddedice_write_reg(dbg_ctrl
,
1768 buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1769 err
= arm7_9_execute_sys_speed(target
);
1771 LOG_DEBUG("disable single-step");
1772 arm7_9
->disable_single_step(target
);
1774 if (err
!= ERROR_OK
) {
1775 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1776 if (retval
!= ERROR_OK
)
1778 target
->state
= TARGET_UNKNOWN
;
1782 retval
= arm7_9_debug_entry(target
);
1783 if (retval
!= ERROR_OK
)
1785 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
,
1786 buf_get_u32(arm
->pc
->value
, 0, 32));
1788 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32
"", breakpoint
->address
);
1789 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1790 if (retval
!= ERROR_OK
)
1795 /* enable any pending breakpoints and watchpoints */
1796 arm7_9_enable_breakpoints(target
);
1797 arm7_9_enable_watchpoints(target
);
1799 retval
= arm7_9_restore_context(target
);
1800 if (retval
!= ERROR_OK
)
1803 if (arm
->core_state
== ARM_STATE_ARM
)
1804 arm7_9
->branch_resume(target
);
1805 else if (arm
->core_state
== ARM_STATE_THUMB
)
1806 arm7_9
->branch_resume_thumb(target
);
1808 LOG_ERROR("unhandled core state");
1812 /* deassert DBGACK and INTDIS */
1813 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1814 /* INTDIS only when we really resume, not during debug execution */
1815 if (!debug_execution
)
1816 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1817 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1819 retval
= arm7_9_restart_core(target
);
1820 if (retval
!= ERROR_OK
)
1823 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1825 if (!debug_execution
) {
1826 /* registers are now invalid */
1827 register_cache_invalidate(arm
->core_cache
);
1828 target
->state
= TARGET_RUNNING
;
1829 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1830 if (retval
!= ERROR_OK
)
1833 target
->state
= TARGET_DEBUG_RUNNING
;
1834 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1835 if (retval
!= ERROR_OK
)
1839 LOG_DEBUG("target resumed");
1844 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1846 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1847 struct arm
*arm
= &arm7_9
->arm
;
1848 uint32_t current_pc
;
1849 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1851 if (next_pc
!= current_pc
) {
1852 /* setup an inverse breakpoint on the current PC
1853 * - comparator 1 matches the current address
1854 * - rangeout from comparator 1 is connected to comparator 0 rangein
1855 * - comparator 0 matches any address, as long as rangein is low */
1856 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1857 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1858 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1859 EICE_W_CTRL_ENABLE
);
1860 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1861 ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1862 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
1864 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1865 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1866 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1867 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1868 ~EICE_W_CTRL_nOPC
& 0xff);
1870 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1871 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1872 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1873 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1874 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1875 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1876 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1877 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
1878 EICE_W_CTRL_ENABLE
);
1879 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1880 ~EICE_W_CTRL_nOPC
& 0xff);
1884 void arm7_9_disable_eice_step(struct target
*target
)
1886 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1888 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1889 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1890 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1891 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1892 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1893 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1894 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1895 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1896 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1899 int arm7_9_step(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
)
1901 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1902 struct arm
*arm
= &arm7_9
->arm
;
1903 struct breakpoint
*breakpoint
= NULL
;
1906 if (target
->state
!= TARGET_HALTED
) {
1907 LOG_WARNING("target not halted");
1908 return ERROR_TARGET_NOT_HALTED
;
1911 /* current = 1: continue on current pc, otherwise continue at <address> */
1913 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1915 uint32_t current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1917 /* the front-end may request us not to handle breakpoints */
1918 if (handle_breakpoints
)
1919 breakpoint
= breakpoint_find(target
, current_pc
);
1920 if (breakpoint
!= NULL
) {
1921 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1922 if (retval
!= ERROR_OK
)
1926 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1928 /* calculate PC of next instruction */
1930 retval
= arm_simulate_step(target
, &next_pc
);
1931 if (retval
!= ERROR_OK
) {
1932 uint32_t current_opcode
;
1933 target_read_u32(target
, current_pc
, ¤t_opcode
);
1935 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1940 retval
= arm7_9_restore_context(target
);
1941 if (retval
!= ERROR_OK
)
1944 arm7_9
->enable_single_step(target
, next_pc
);
1946 if (arm
->core_state
== ARM_STATE_ARM
)
1947 arm7_9
->branch_resume(target
);
1948 else if (arm
->core_state
== ARM_STATE_THUMB
)
1949 arm7_9
->branch_resume_thumb(target
);
1951 LOG_ERROR("unhandled core state");
1955 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1956 if (retval
!= ERROR_OK
)
1959 err
= arm7_9_execute_sys_speed(target
);
1960 arm7_9
->disable_single_step(target
);
1962 /* registers are now invalid */
1963 register_cache_invalidate(arm
->core_cache
);
1965 if (err
!= ERROR_OK
)
1966 target
->state
= TARGET_UNKNOWN
;
1968 retval
= arm7_9_debug_entry(target
);
1969 if (retval
!= ERROR_OK
)
1971 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1972 if (retval
!= ERROR_OK
)
1974 LOG_DEBUG("target stepped");
1978 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1979 if (retval
!= ERROR_OK
)
1986 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
1987 int num
, enum arm_mode mode
)
1989 uint32_t *reg_p
[16];
1991 struct arm_reg
*areg
= r
->arch_info
;
1992 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1993 struct arm
*arm
= &arm7_9
->arm
;
1995 if (!is_arm_mode(arm
->core_mode
))
1997 if ((num
< 0) || (num
> 16))
1998 return ERROR_COMMAND_SYNTAX_ERROR
;
2000 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2001 && (areg
->mode
!= ARM_MODE_ANY
)) {
2004 /* change processor mode (mask T bit) */
2005 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2008 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2012 if ((num
>= 0) && (num
<= 15)) {
2013 /* read a normal core register */
2014 reg_p
[num
] = &value
;
2016 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2018 /* read a program status register
2019 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2021 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2024 retval
= jtag_execute_queue();
2025 if (retval
!= ERROR_OK
)
2030 buf_set_u32(r
->value
, 0, 32, value
);
2032 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2033 && (areg
->mode
!= ARM_MODE_ANY
)) {
2034 /* restore processor mode (mask T bit) */
2035 arm7_9
->write_xpsr_im8(target
,
2036 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2042 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2043 int num
, enum arm_mode mode
, uint8_t *value
)
2046 struct arm_reg
*areg
= r
->arch_info
;
2047 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2048 struct arm
*arm
= &arm7_9
->arm
;
2050 if (!is_arm_mode(arm
->core_mode
))
2052 if ((num
< 0) || (num
> 16))
2053 return ERROR_COMMAND_SYNTAX_ERROR
;
2055 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2056 && (areg
->mode
!= ARM_MODE_ANY
)) {
2059 /* change processor mode (mask T bit) */
2060 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2063 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2066 if ((num
>= 0) && (num
<= 15)) {
2067 /* write a normal core register */
2068 reg
[num
] = buf_get_u32(value
, 0, 32);
2070 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2072 /* write a program status register
2073 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2075 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2077 uint32_t t
= buf_get_u32(value
, 0, 32);
2078 /* if we're writing the CPSR, mask the T bit */
2082 arm7_9
->write_xpsr(target
, t
, spsr
);
2088 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2089 && (areg
->mode
!= ARM_MODE_ANY
)) {
2090 /* restore processor mode (mask T bit) */
2091 arm7_9
->write_xpsr_im8(target
,
2092 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2095 return jtag_execute_queue();
2098 int arm7_9_read_memory(struct target
*target
,
2104 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2105 struct arm
*arm
= &arm7_9
->arm
;
2107 uint32_t num_accesses
= 0;
2108 int thisrun_accesses
;
2114 LOG_DEBUG("address: 0x%8.8" PRIx32
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"",
2115 address
, size
, count
);
2117 if (target
->state
!= TARGET_HALTED
) {
2118 LOG_WARNING("target not halted");
2119 return ERROR_TARGET_NOT_HALTED
;
2122 /* sanitize arguments */
2123 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2124 return ERROR_COMMAND_SYNTAX_ERROR
;
2126 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2127 return ERROR_TARGET_UNALIGNED_ACCESS
;
2129 /* load the base register with the address of the first word */
2131 arm7_9
->write_core_regs(target
, 0x1, reg
);
2137 while (num_accesses
< count
) {
2140 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2141 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2143 if (last_reg
<= thisrun_accesses
)
2144 last_reg
= thisrun_accesses
;
2146 arm7_9
->load_word_regs(target
, reg_list
);
2148 /* fast memory reads are only safe when the target is running
2149 * from a sufficiently high clock (32 kHz is usually too slow)
2151 if (arm7_9
->fast_memory_access
)
2152 retval
= arm7_9_execute_fast_sys_speed(target
);
2154 retval
= arm7_9_execute_sys_speed(target
);
2155 if (retval
!= ERROR_OK
)
2158 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2160 /* advance buffer, count number of accesses */
2161 buffer
+= thisrun_accesses
* 4;
2162 num_accesses
+= thisrun_accesses
;
2164 if ((j
++%1024) == 0)
2169 while (num_accesses
< count
) {
2172 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2173 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2175 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2178 arm7_9
->load_hword_reg(target
, i
);
2179 /* fast memory reads are only safe when the target is running
2180 * from a sufficiently high clock (32 kHz is usually too slow)
2182 if (arm7_9
->fast_memory_access
)
2183 retval
= arm7_9_execute_fast_sys_speed(target
);
2185 retval
= arm7_9_execute_sys_speed(target
);
2186 if (retval
!= ERROR_OK
)
2191 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2193 /* advance buffer, count number of accesses */
2194 buffer
+= thisrun_accesses
* 2;
2195 num_accesses
+= thisrun_accesses
;
2197 if ((j
++%1024) == 0)
2202 while (num_accesses
< count
) {
2205 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2206 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2208 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2211 arm7_9
->load_byte_reg(target
, i
);
2212 /* fast memory reads are only safe when the target is running
2213 * from a sufficiently high clock (32 kHz is usually too slow)
2215 if (arm7_9
->fast_memory_access
)
2216 retval
= arm7_9_execute_fast_sys_speed(target
);
2218 retval
= arm7_9_execute_sys_speed(target
);
2219 if (retval
!= ERROR_OK
)
2223 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2225 /* advance buffer, count number of accesses */
2226 buffer
+= thisrun_accesses
* 1;
2227 num_accesses
+= thisrun_accesses
;
2229 if ((j
++%1024) == 0)
2235 if (!is_arm_mode(arm
->core_mode
))
2238 for (i
= 0; i
<= last_reg
; i
++) {
2239 struct reg
*r
= arm_reg_current(arm
, i
);
2240 r
->dirty
= r
->valid
;
2243 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2244 retval
= jtag_execute_queue();
2245 if (retval
!= ERROR_OK
) {
2246 LOG_ERROR("JTAG error while reading cpsr");
2247 return ERROR_TARGET_DATA_ABORT
;
2250 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2252 "memory read caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2257 arm7_9
->write_xpsr_im8(target
,
2258 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2261 return ERROR_TARGET_DATA_ABORT
;
2267 int arm7_9_write_memory(struct target
*target
,
2271 const uint8_t *buffer
)
2273 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2274 struct arm
*arm
= &arm7_9
->arm
;
2275 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2278 uint32_t num_accesses
= 0;
2279 int thisrun_accesses
;
2285 #ifdef _DEBUG_ARM7_9_
2286 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2289 if (target
->state
!= TARGET_HALTED
) {
2290 LOG_WARNING("target not halted");
2291 return ERROR_TARGET_NOT_HALTED
;
2294 /* sanitize arguments */
2295 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2296 return ERROR_COMMAND_SYNTAX_ERROR
;
2298 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2299 return ERROR_TARGET_UNALIGNED_ACCESS
;
2301 /* load the base register with the address of the first word */
2303 arm7_9
->write_core_regs(target
, 0x1, reg
);
2305 /* Clear DBGACK, to make sure memory fetches work as expected */
2306 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2307 embeddedice_store_reg(dbg_ctrl
);
2311 while (num_accesses
< count
) {
2314 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2315 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2317 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2320 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2324 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2326 arm7_9
->store_word_regs(target
, reg_list
);
2328 /* fast memory writes are only safe when the target is running
2329 * from a sufficiently high clock (32 kHz is usually too slow)
2331 if (arm7_9
->fast_memory_access
)
2332 retval
= arm7_9_execute_fast_sys_speed(target
);
2334 retval
= arm7_9_execute_sys_speed(target
);
2337 * if memory writes are made when the clock is running slow
2338 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2339 * processor operations after a "reset halt" or "reset init",
2340 * need to immediately stroke the keep alive or will end up with
2341 * gdb "keep alive not sent error message" problem.
2347 if (retval
!= ERROR_OK
)
2350 num_accesses
+= thisrun_accesses
;
2354 while (num_accesses
< count
) {
2357 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2358 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2360 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2363 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2367 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2369 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2370 arm7_9
->store_hword_reg(target
, i
);
2372 /* fast memory writes are only safe when the target is running
2373 * from a sufficiently high clock (32 kHz is usually too slow)
2375 if (arm7_9
->fast_memory_access
)
2376 retval
= arm7_9_execute_fast_sys_speed(target
);
2378 retval
= arm7_9_execute_sys_speed(target
);
2381 * if memory writes are made when the clock is running slow
2382 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2383 * processor operations after a "reset halt" or "reset init",
2384 * need to immediately stroke the keep alive or will end up with
2385 * gdb "keep alive not sent error message" problem.
2391 if (retval
!= ERROR_OK
)
2395 num_accesses
+= thisrun_accesses
;
2399 while (num_accesses
< count
) {
2402 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2403 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2405 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2408 reg
[i
] = *buffer
++ & 0xff;
2411 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2413 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2414 arm7_9
->store_byte_reg(target
, i
);
2415 /* fast memory writes are only safe when the target is running
2416 * from a sufficiently high clock (32 kHz is usually too slow)
2418 if (arm7_9
->fast_memory_access
)
2419 retval
= arm7_9_execute_fast_sys_speed(target
);
2421 retval
= arm7_9_execute_sys_speed(target
);
2424 * if memory writes are made when the clock is running slow
2425 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2426 * processor operations after a "reset halt" or "reset init",
2427 * need to immediately stroke the keep alive or will end up with
2428 * gdb "keep alive not sent error message" problem.
2434 if (retval
!= ERROR_OK
)
2439 num_accesses
+= thisrun_accesses
;
2445 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2446 embeddedice_store_reg(dbg_ctrl
);
2448 if (!is_arm_mode(arm
->core_mode
))
2451 for (i
= 0; i
<= last_reg
; i
++) {
2452 struct reg
*r
= arm_reg_current(arm
, i
);
2453 r
->dirty
= r
->valid
;
2456 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2457 retval
= jtag_execute_queue();
2458 if (retval
!= ERROR_OK
) {
2459 LOG_ERROR("JTAG error while reading cpsr");
2460 return ERROR_TARGET_DATA_ABORT
;
2463 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2465 "memory write caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2470 arm7_9
->write_xpsr_im8(target
,
2471 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2474 return ERROR_TARGET_DATA_ABORT
;
2480 int arm7_9_write_memory_opt(struct target
*target
,
2484 const uint8_t *buffer
)
2486 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2489 if (size
== 4 && count
> 32 && arm7_9
->bulk_write_memory
) {
2490 /* Attempt to do a bulk write */
2491 retval
= arm7_9
->bulk_write_memory(target
, address
, count
, buffer
);
2493 if (retval
== ERROR_OK
)
2497 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2500 int arm7_9_write_memory_no_opt(struct target
*target
,
2504 const uint8_t *buffer
)
2506 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2508 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2511 static int dcc_count
;
2512 static const uint8_t *dcc_buffer
;
2514 static int arm7_9_dcc_completion(struct target
*target
,
2515 uint32_t exit_point
,
2519 int retval
= ERROR_OK
;
2520 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2522 retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500);
2523 if (retval
!= ERROR_OK
)
2526 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2527 int count
= dcc_count
;
2528 const uint8_t *buffer
= dcc_buffer
;
2530 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2531 * core function repeated. */
2532 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2533 fast_target_buffer_get_u32(buffer
, little
));
2536 struct embeddedice_reg
*ice_reg
=
2537 arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2538 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2539 struct jtag_tap
*tap
;
2540 tap
= ice_reg
->jtag_info
->tap
;
2542 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2543 buffer
+= (count
-2)*4;
2545 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2546 fast_target_buffer_get_u32(buffer
, little
));
2549 for (i
= 0; i
< count
; i
++) {
2550 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2551 fast_target_buffer_get_u32(buffer
, little
));
2556 retval
= target_halt(target
);
2557 if (retval
!= ERROR_OK
)
2559 return target_wait_state(target
, TARGET_HALTED
, 500);
2562 static const uint32_t dcc_code
[] = {
2563 /* r0 == input, points to memory buffer
2567 /* spin until DCC control (c0) reports data arrived */
2568 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2569 0xe3110001, /* tst r1, #1 */
2570 0x0afffffc, /* bne w */
2572 /* read word from DCC (c1), write to memory */
2573 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2574 0xe4801004, /* str r1, [r0], #4 */
2577 0xeafffff9 /* b w */
2580 int arm7_9_bulk_write_memory(struct target
*target
,
2583 const uint8_t *buffer
)
2586 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2588 if (address
% 4 != 0)
2589 return ERROR_TARGET_UNALIGNED_ACCESS
;
2591 if (!arm7_9
->dcc_downloads
)
2592 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2594 /* regrab previously allocated working_area, or allocate a new one */
2595 if (!arm7_9
->dcc_working_area
) {
2596 uint8_t dcc_code_buf
[6 * 4];
2598 /* make sure we have a working area */
2599 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
) {
2600 LOG_INFO("no working area available, falling back to memory writes");
2601 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2604 /* copy target instructions to target endianness */
2605 target_buffer_set_u32_array(target
, dcc_code_buf
, ARRAY_SIZE(dcc_code
), dcc_code
);
2607 /* write DCC code to working area, using the non-optimized
2608 * memory write to avoid ending up here again */
2609 retval
= arm7_9_write_memory_no_opt(target
,
2610 arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
);
2611 if (retval
!= ERROR_OK
)
2615 struct arm_algorithm arm_algo
;
2616 struct reg_param reg_params
[1];
2618 arm_algo
.common_magic
= ARM_COMMON_MAGIC
;
2619 arm_algo
.core_mode
= ARM_MODE_SVC
;
2620 arm_algo
.core_state
= ARM_STATE_ARM
;
2622 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2624 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2627 dcc_buffer
= buffer
;
2628 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2629 arm7_9
->dcc_working_area
->address
,
2630 arm7_9
->dcc_working_area
->address
+ 6*4,
2631 20*1000, &arm_algo
, arm7_9_dcc_completion
);
2633 if (retval
== ERROR_OK
) {
2634 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2635 if (endaddress
!= (address
+ count
*4)) {
2637 "DCC write failed, expected end address 0x%08" PRIx32
" got 0x%0" PRIx32
"",
2638 (address
+ count
*4),
2640 retval
= ERROR_FAIL
;
2644 destroy_reg_param(®_params
[0]);
2650 * Perform per-target setup that requires JTAG access.
2652 int arm7_9_examine(struct target
*target
)
2654 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2657 if (!target_was_examined(target
)) {
2658 struct reg_cache
*t
, **cache_p
;
2660 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2664 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2666 arm7_9
->eice_cache
= (*cache_p
);
2668 if (arm7_9
->arm
.etm
)
2669 (*cache_p
)->next
= etm_build_reg_cache(target
,
2673 target_set_examined(target
);
2676 retval
= embeddedice_setup(target
);
2677 if (retval
== ERROR_OK
)
2678 retval
= arm7_9_setup(target
);
2679 if (retval
== ERROR_OK
&& arm7_9
->arm
.etm
)
2680 retval
= etm_setup(target
);
2685 int arm7_9_check_reset(struct target
*target
)
2687 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2689 if (get_target_reset_nag() && !arm7_9
->dcc_downloads
)
2691 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2693 if (get_target_reset_nag() && (target
->working_area_size
== 0))
2694 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2696 if (get_target_reset_nag() && !arm7_9
->fast_memory_access
)
2698 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2703 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in
,
2704 jtag_callback_data_t i_size
, jtag_callback_data_t i_be
,
2705 jtag_callback_data_t i_flip
)
2707 uint8_t *in
= (uint8_t *)pu8_in
;
2708 int size
= (int)i_size
;
2710 int flip
= (int)i_flip
;
2715 readback
= le_to_h_u32(in
);
2717 readback
= flip_u32(readback
, 32);
2719 h_u32_to_be(in
, readback
);
2721 h_u32_to_le(in
, readback
);
2724 readback
= le_to_h_u16(in
);
2726 readback
= flip_u32(readback
, 16);
2728 h_u16_to_be(in
, readback
& 0xffff);
2730 h_u16_to_le(in
, readback
& 0xffff);
2735 readback
= flip_u32(readback
, 8);
2736 *in
= readback
& 0xff;
2743 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2745 struct target
*target
= get_current_target(CMD_CTX
);
2746 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2748 if (!is_arm7_9(arm7_9
)) {
2749 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2750 return ERROR_TARGET_INVALID
;
2754 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->use_dbgrq
);
2756 command_print(CMD_CTX
,
2757 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2758 (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2763 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2765 struct target
*target
= get_current_target(CMD_CTX
);
2766 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2768 if (!is_arm7_9(arm7_9
)) {
2769 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2770 return ERROR_TARGET_INVALID
;
2774 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2776 command_print(CMD_CTX
,
2777 "fast memory access is %s",
2778 (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2783 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2785 struct target
*target
= get_current_target(CMD_CTX
);
2786 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2788 if (!is_arm7_9(arm7_9
)) {
2789 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2790 return ERROR_TARGET_INVALID
;
2794 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2796 command_print(CMD_CTX
,
2797 "dcc downloads are %s",
2798 (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2803 static int arm7_9_setup_semihosting(struct target
*target
, int enable
)
2805 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2807 if (!is_arm7_9(arm7_9
)) {
2808 LOG_USER("current target isn't an ARM7/ARM9 target");
2809 return ERROR_TARGET_INVALID
;
2812 if (arm7_9
->has_vector_catch
) {
2813 struct reg
*vector_catch
= &arm7_9
->eice_cache
2814 ->reg_list
[EICE_VEC_CATCH
];
2816 if (!vector_catch
->valid
)
2817 embeddedice_read_reg(vector_catch
);
2818 buf_set_u32(vector_catch
->value
, 2, 1, enable
);
2819 embeddedice_store_reg(vector_catch
);
2821 /* TODO: allow optional high vectors and/or BKPT_HARD */
2823 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2825 breakpoint_remove(target
, 8);
2831 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2833 int retval
= ERROR_OK
;
2834 struct arm
*arm
= &arm7_9
->arm
;
2836 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2838 retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
);
2839 if (retval
!= ERROR_OK
)
2842 /* caller must have allocated via calloc(), so everything's zeroed */
2844 arm7_9
->wp_available_max
= 2;
2846 arm7_9
->fast_memory_access
= false;
2847 arm7_9
->dcc_downloads
= false;
2849 arm
->arch_info
= arm7_9
;
2850 arm
->core_type
= ARM_MODE_ANY
;
2851 arm
->read_core_reg
= arm7_9_read_core_reg
;
2852 arm
->write_core_reg
= arm7_9_write_core_reg
;
2853 arm
->full_context
= arm7_9_full_context
;
2854 arm
->setup_semihosting
= arm7_9_setup_semihosting
;
2856 retval
= arm_init_arch_info(target
, arm
);
2857 if (retval
!= ERROR_OK
)
2860 return target_register_timer_callback(arm7_9_handle_target_request
,
2864 static const struct command_registration arm7_9_any_command_handlers
[] = {
2867 .handler
= handle_arm7_9_dbgrq_command
,
2868 .mode
= COMMAND_ANY
,
2869 .usage
= "['enable'|'disable']",
2870 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2871 "for target halt requests",
2874 "fast_memory_access",
2875 .handler
= handle_arm7_9_fast_memory_access_command
,
2876 .mode
= COMMAND_ANY
,
2877 .usage
= "['enable'|'disable']",
2878 .help
= "use fast memory accesses instead of slower "
2879 "but potentially safer accesses",
2883 .handler
= handle_arm7_9_dcc_downloads_command
,
2884 .mode
= COMMAND_ANY
,
2885 .usage
= "['enable'|'disable']",
2886 .help
= "use DCC downloads for larger memory writes",
2888 COMMAND_REGISTRATION_DONE
2890 const struct command_registration arm7_9_command_handlers
[] = {
2892 .chain
= arm_command_handlers
,
2895 .chain
= etm_command_handlers
,
2899 .mode
= COMMAND_ANY
,
2900 .help
= "arm7/9 specific commands",
2902 .chain
= arm7_9_any_command_handlers
,
2904 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)