Laurentiu Cocanu - memory read/write and exit() error path fixes
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 √ėyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
15 * *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
20 * *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29
30 #include "replacements.h"
31
32 #include "embeddedice.h"
33 #include "target.h"
34 #include "target_request.h"
35 #include "armv4_5.h"
36 #include "arm_jtag.h"
37 #include "jtag.h"
38 #include "log.h"
39 #include "arm7_9_common.h"
40 #include "breakpoints.h"
41 #include "time_support.h"
42
43 #include <stdlib.h>
44 #include <string.h>
45 #include <unistd.h>
46
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <sys/time.h>
50 #include <errno.h>
51
52 int arm7_9_debug_entry(target_t *target);
53 int arm7_9_enable_sw_bkpts(struct target_s *target);
54
55 /* command handler forward declarations */
56 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
61 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
64
65
66 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
67 {
68 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
69 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
70 arm7_9->sw_breakpoints_added = 0;
71 arm7_9->wp0_used = 0;
72 arm7_9->wp1_used = arm7_9->wp1_used_default;
73 arm7_9->wp_available = arm7_9->wp_available_max;
74
75 return jtag_execute_queue();
76 }
77
78 /* set up embedded ice registers */
79 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
80 {
81 if (arm7_9->sw_breakpoints_added)
82 {
83 return ERROR_OK;
84 }
85 if (arm7_9->wp_available < 1)
86 {
87 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
88 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
89 }
90 arm7_9->wp_available--;
91
92 /* pick a breakpoint unit */
93 if (!arm7_9->wp0_used)
94 {
95 arm7_9->sw_breakpoints_added=1;
96 arm7_9->wp0_used = 3;
97 } else if (!arm7_9->wp1_used)
98 {
99 arm7_9->sw_breakpoints_added=2;
100 arm7_9->wp1_used = 3;
101 }
102 else
103 {
104 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
105 return ERROR_FAIL;
106 }
107
108 if (arm7_9->sw_breakpoints_added==1)
109 {
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
112 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
113 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
115 }
116 else if (arm7_9->sw_breakpoints_added==2)
117 {
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
120 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
121 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
122 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
123 }
124 else
125 {
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
127 return ERROR_FAIL;
128 }
129
130 return jtag_execute_queue();
131 }
132
133 /* set things up after a reset / on startup */
134 int arm7_9_setup(target_t *target)
135 {
136 armv4_5_common_t *armv4_5 = target->arch_info;
137 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
138
139 return arm7_9_clear_watchpoints(arm7_9);
140 }
141
142
143 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
144 {
145 armv4_5_common_t *armv4_5 = target->arch_info;
146 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
147
148 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
149 {
150 return -1;
151 }
152
153 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
154 {
155 return -1;
156 }
157
158 *armv4_5_p = armv4_5;
159 *arm7_9_p = arm7_9;
160
161 return ERROR_OK;
162 }
163
164 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
165 * might have erased the values in embedded ice
166 */
167 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
168 {
169 armv4_5_common_t *armv4_5 = target->arch_info;
170 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
171 int retval=ERROR_OK;
172
173 if (target->state != TARGET_HALTED)
174 {
175 LOG_WARNING("target not halted");
176 return ERROR_TARGET_NOT_HALTED;
177 }
178
179 if (breakpoint->type == BKPT_HARD)
180 {
181 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
182 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
183 if (breakpoint->set==1)
184 {
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
187 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
188 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
190 }
191 else if (breakpoint->set==2)
192 {
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
195 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
196 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
197 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
198 }
199 else
200 {
201 LOG_ERROR("BUG: no hardware comparator available");
202 return ERROR_OK;
203 }
204
205 retval=jtag_execute_queue();
206 }
207 else if (breakpoint->type == BKPT_SOFT)
208 {
209 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
210 return retval;
211
212 /* did we already set this breakpoint? */
213 if (breakpoint->set)
214 return ERROR_OK;
215
216 if (breakpoint->length == 4)
217 {
218 u32 verify = 0xffffffff;
219 /* keep the original instruction in target endianness */
220 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
221 {
222 return retval;
223 }
224 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
225 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
226 {
227 return retval;
228 }
229
230 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify)) != ERROR_OK)
231 {
232 return retval;
233 }
234 if (verify != arm7_9->arm_bkpt)
235 {
236 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
237 return ERROR_OK;
238 }
239 }
240 else
241 {
242 u16 verify = 0xffff;
243 /* keep the original instruction in target endianness */
244 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
245 {
246 return retval;
247 }
248 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
249 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
250 {
251 return retval;
252 }
253
254 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify)) != ERROR_OK)
255 {
256 return retval;
257 }
258 if (verify != arm7_9->thumb_bkpt)
259 {
260 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
261 return ERROR_OK;
262 }
263 }
264 breakpoint->set = 1;
265 }
266
267 return retval;
268
269 }
270
271 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
272 {
273 int retval = ERROR_OK;
274
275 armv4_5_common_t *armv4_5 = target->arch_info;
276 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
277
278 if (!breakpoint->set)
279 {
280 LOG_WARNING("breakpoint not set");
281 return ERROR_OK;
282 }
283
284 if (breakpoint->type == BKPT_HARD)
285 {
286 if (breakpoint->set == 1)
287 {
288 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
289 arm7_9->wp0_used = 0;
290 }
291 else if (breakpoint->set == 2)
292 {
293 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
294 arm7_9->wp1_used = 0;
295 }
296 retval = jtag_execute_queue();
297 breakpoint->set = 0;
298 }
299 else
300 {
301 /* restore original instruction (kept in target endianness) */
302 if (breakpoint->length == 4)
303 {
304 u32 current_instr;
305 /* check that user program as not modified breakpoint instruction */
306 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)&current_instr)) != ERROR_OK)
307 {
308 return retval;
309 }
310 if (current_instr==arm7_9->arm_bkpt)
311 if ((retval = target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
312 {
313 return retval;
314 }
315 }
316 else
317 {
318 u16 current_instr;
319 /* check that user program as not modified breakpoint instruction */
320 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)&current_instr)) != ERROR_OK)
321 {
322 return retval;
323 }
324 if (current_instr==arm7_9->thumb_bkpt)
325 if ((retval = target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
326 {
327 return retval;
328 }
329 }
330 breakpoint->set = 0;
331 }
332
333 return retval;
334 }
335
336 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
337 {
338 armv4_5_common_t *armv4_5 = target->arch_info;
339 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
340
341 if (target->state != TARGET_HALTED)
342 {
343 LOG_WARNING("target not halted");
344 return ERROR_TARGET_NOT_HALTED;
345 }
346
347 if (arm7_9->breakpoint_count==0)
348 {
349 /* make sure we don't have any dangling breakpoints. This is vital upon
350 * GDB connect/disconnect
351 */
352 arm7_9_clear_watchpoints(arm7_9);
353 }
354
355 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
356 {
357 LOG_INFO("no watchpoint unit available for hardware breakpoint");
358 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
359 }
360
361 if ((breakpoint->length != 2) && (breakpoint->length != 4))
362 {
363 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
364 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
365 }
366
367 if (breakpoint->type == BKPT_HARD)
368 {
369 arm7_9->wp_available--;
370
371 if (!arm7_9->wp0_used)
372 {
373 arm7_9->wp0_used = 1;
374 breakpoint->set = 1;
375 }
376 else if (!arm7_9->wp1_used)
377 {
378 arm7_9->wp1_used = 1;
379 breakpoint->set = 2;
380 }
381 else
382 {
383 LOG_ERROR("BUG: no hardware comparator available");
384 }
385 }
386
387
388 arm7_9->breakpoint_count++;
389
390 return arm7_9_set_breakpoint(target, breakpoint);
391 }
392
393 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
394 {
395 int retval = ERROR_OK;
396 armv4_5_common_t *armv4_5 = target->arch_info;
397 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
398
399 if((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
400 {
401 return retval;
402 }
403
404 if (breakpoint->type == BKPT_HARD)
405 arm7_9->wp_available++;
406
407 arm7_9->breakpoint_count--;
408 if (arm7_9->breakpoint_count==0)
409 {
410 /* make sure we don't have any dangling breakpoints */
411 if((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
412 {
413 return retval;
414 }
415 }
416
417 return ERROR_OK;
418 }
419
420 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
421 {
422 int retval = ERROR_OK;
423 armv4_5_common_t *armv4_5 = target->arch_info;
424 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
425 int rw_mask = 1;
426 u32 mask;
427
428 mask = watchpoint->length - 1;
429
430 if (target->state != TARGET_HALTED)
431 {
432 LOG_WARNING("target not halted");
433 return ERROR_TARGET_NOT_HALTED;
434 }
435
436 if (watchpoint->rw == WPT_ACCESS)
437 rw_mask = 0;
438 else
439 rw_mask = 1;
440
441 if (!arm7_9->wp0_used)
442 {
443 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
444 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
445 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
446 if( watchpoint->mask != 0xffffffffu )
447 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
448 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
449 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
450
451 if((retval = jtag_execute_queue()) != ERROR_OK)
452 {
453 return retval;
454 }
455 watchpoint->set = 1;
456 arm7_9->wp0_used = 2;
457 }
458 else if (!arm7_9->wp1_used)
459 {
460 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
461 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
462 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
463 if( watchpoint->mask != 0xffffffffu )
464 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
465 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
466 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
467
468 if((retval = jtag_execute_queue()) != ERROR_OK)
469 {
470 return retval;
471 }
472 watchpoint->set = 2;
473 arm7_9->wp1_used = 2;
474 }
475 else
476 {
477 LOG_ERROR("BUG: no hardware comparator available");
478 return ERROR_OK;
479 }
480
481 return ERROR_OK;
482 }
483
484 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
485 {
486 int retval = ERROR_OK;
487 armv4_5_common_t *armv4_5 = target->arch_info;
488 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
489
490 if (target->state != TARGET_HALTED)
491 {
492 LOG_WARNING("target not halted");
493 return ERROR_TARGET_NOT_HALTED;
494 }
495
496 if (!watchpoint->set)
497 {
498 LOG_WARNING("breakpoint not set");
499 return ERROR_OK;
500 }
501
502 if (watchpoint->set == 1)
503 {
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
505 if((retval = jtag_execute_queue()) != ERROR_OK)
506 {
507 return retval;
508 }
509 arm7_9->wp0_used = 0;
510 }
511 else if (watchpoint->set == 2)
512 {
513 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
514 if((retval = jtag_execute_queue()) != ERROR_OK)
515 {
516 return retval;
517 }
518 arm7_9->wp1_used = 0;
519 }
520 watchpoint->set = 0;
521
522 return ERROR_OK;
523 }
524
525 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
526 {
527 armv4_5_common_t *armv4_5 = target->arch_info;
528 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
529
530 if (target->state != TARGET_HALTED)
531 {
532 LOG_WARNING("target not halted");
533 return ERROR_TARGET_NOT_HALTED;
534 }
535
536 if (arm7_9->wp_available < 1)
537 {
538 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
539 }
540
541 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
542 {
543 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
544 }
545
546 arm7_9->wp_available--;
547
548 return ERROR_OK;
549 }
550
551 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
552 {
553 int retval = ERROR_OK;
554 armv4_5_common_t *armv4_5 = target->arch_info;
555 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
556
557 if (watchpoint->set)
558 {
559 if((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
560 {
561 return retval;
562 }
563 }
564
565 arm7_9->wp_available++;
566
567 return ERROR_OK;
568 }
569
570
571
572
573 int arm7_9_execute_sys_speed(struct target_s *target)
574 {
575 int retval;
576
577 armv4_5_common_t *armv4_5 = target->arch_info;
578 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
579 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
580 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
581
582 /* set RESTART instruction */
583 jtag_add_end_state(TAP_RTI);
584 if (arm7_9->need_bypass_before_restart) {
585 arm7_9->need_bypass_before_restart = 0;
586 arm_jtag_set_instr(jtag_info, 0xf, NULL);
587 }
588 arm_jtag_set_instr(jtag_info, 0x4, NULL);
589
590 long long then=timeval_ms();
591 int timeout;
592 while (!(timeout=((timeval_ms()-then)>1000)))
593 {
594 /* read debug status register */
595 embeddedice_read_reg(dbg_stat);
596 if ((retval = jtag_execute_queue()) != ERROR_OK)
597 return retval;
598 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
599 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
600 break;
601 if (debug_level>=3)
602 {
603 alive_sleep(100);
604 } else
605 {
606 keep_alive();
607 }
608 }
609 if (timeout)
610 {
611 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
612 return ERROR_TARGET_TIMEOUT;
613 }
614
615 return ERROR_OK;
616 }
617
618 int arm7_9_execute_fast_sys_speed(struct target_s *target)
619 {
620 static int set=0;
621 static u8 check_value[4], check_mask[4];
622
623 armv4_5_common_t *armv4_5 = target->arch_info;
624 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
625 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
626 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
627
628 /* set RESTART instruction */
629 jtag_add_end_state(TAP_RTI);
630 if (arm7_9->need_bypass_before_restart) {
631 arm7_9->need_bypass_before_restart = 0;
632 arm_jtag_set_instr(jtag_info, 0xf, NULL);
633 }
634 arm_jtag_set_instr(jtag_info, 0x4, NULL);
635
636 if (!set)
637 {
638 /* check for DBGACK and SYSCOMP set (others don't care) */
639
640 /* NB! These are constants that must be available until after next jtag_execute() and
641 we evaluate the values upon first execution in lieu of setting up these constants
642 during early setup.
643 */
644 buf_set_u32(check_value, 0, 32, 0x9);
645 buf_set_u32(check_mask, 0, 32, 0x9);
646 set=1;
647 }
648
649 /* read debug status register */
650 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
651
652 return ERROR_OK;
653 }
654
655 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
656 {
657 armv4_5_common_t *armv4_5 = target->arch_info;
658 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
659 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
660 u32 *data;
661 int i, retval = ERROR_OK;
662
663 data = malloc(size * (sizeof(u32)));
664
665 retval = embeddedice_receive(jtag_info, data, size);
666
667 for (i = 0; i < size; i++)
668 {
669 h_u32_to_le(buffer + (i * 4), data[i]);
670 }
671
672 free(data);
673
674 return retval;
675 }
676
677 int arm7_9_handle_target_request(void *priv)
678 {
679 int retval = ERROR_OK;
680 target_t *target = priv;
681 if (!target->type->examined)
682 return ERROR_OK;
683 armv4_5_common_t *armv4_5 = target->arch_info;
684 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
685 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
686 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
687
688
689 if (!target->dbg_msg_enabled)
690 return ERROR_OK;
691
692 if (target->state == TARGET_RUNNING)
693 {
694 /* read DCC control register */
695 embeddedice_read_reg(dcc_control);
696 if ((retval = jtag_execute_queue()) != ERROR_OK)
697 {
698 return retval;
699 }
700
701 /* check W bit */
702 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
703 {
704 u32 request;
705
706 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
707 {
708 return retval;
709 }
710 if ((retval = target_request(target, request)) != ERROR_OK)
711 {
712 return retval;
713 }
714 }
715 }
716
717 return ERROR_OK;
718 }
719
720 int arm7_9_poll(target_t *target)
721 {
722 int retval;
723 armv4_5_common_t *armv4_5 = target->arch_info;
724 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
725 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
726
727 /* read debug status register */
728 embeddedice_read_reg(dbg_stat);
729 if ((retval = jtag_execute_queue()) != ERROR_OK)
730 {
731 return retval;
732 }
733
734 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
735 {
736 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
737 if (target->state == TARGET_UNKNOWN)
738 {
739 target->state = TARGET_RUNNING;
740 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
741 }
742 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
743 {
744 int check_pc=0;
745 if (target->state == TARGET_RESET)
746 {
747 if (target->reset_halt)
748 {
749 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
750 {
751 check_pc = 1;
752 }
753 }
754 }
755
756 target->state = TARGET_HALTED;
757
758 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
759 return retval;
760
761 if (check_pc)
762 {
763 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
764 u32 t=*((u32 *)reg->value);
765 if (t!=0)
766 {
767 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
768 }
769 }
770
771 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
772 {
773 return retval;
774 }
775 }
776 if (target->state == TARGET_DEBUG_RUNNING)
777 {
778 target->state = TARGET_HALTED;
779 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
780 return retval;
781
782 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
783 {
784 return retval;
785 }
786 }
787 if (target->state != TARGET_HALTED)
788 {
789 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
790 }
791 }
792 else
793 {
794 if (target->state != TARGET_DEBUG_RUNNING)
795 target->state = TARGET_RUNNING;
796 }
797
798 return ERROR_OK;
799 }
800
801 /*
802 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
803 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
804 while the core is held in reset(SRST). It isn't possible to program the halt
805 condition once reset was asserted, hence a hook that allows the target to set
806 up its reset-halt condition prior to asserting reset.
807 */
808
809 int arm7_9_assert_reset(target_t *target)
810 {
811 armv4_5_common_t *armv4_5 = target->arch_info;
812 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
813 LOG_DEBUG("target->state: %s",
814 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
815
816 if (!(jtag_reset_config & RESET_HAS_SRST))
817 {
818 LOG_ERROR("Can't assert SRST");
819 return ERROR_FAIL;
820 }
821
822 if (target->reset_halt)
823 {
824 /*
825 * Some targets do not support communication while SRST is asserted. We need to
826 * set up the reset vector catch here.
827 *
828 * If TRST is asserted, then these settings will be reset anyway, so setting them
829 * here is harmless.
830 */
831 if (arm7_9->has_vector_catch)
832 {
833 /* program vector catch register to catch reset vector */
834 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
835 }
836 else
837 {
838 /* program watchpoint unit to match on reset vector address */
839 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
840 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
841 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
842 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
843 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
844 }
845 }
846
847 /* here we should issue a srst only, but we may have to assert trst as well */
848 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
849 {
850 jtag_add_reset(1, 1);
851 } else
852 {
853 jtag_add_reset(0, 1);
854 }
855
856
857 target->state = TARGET_RESET;
858 jtag_add_sleep(50000);
859
860 armv4_5_invalidate_core_regs(target);
861
862 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
863 {
864 /* debug entry was already prepared in arm7_9_assert_reset() */
865 target->debug_reason = DBG_REASON_DBGRQ;
866 }
867
868 return ERROR_OK;
869
870 }
871
872 int arm7_9_deassert_reset(target_t *target)
873 {
874 int retval=ERROR_OK;
875 LOG_DEBUG("target->state: %s",
876 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
877
878
879 /* deassert reset lines */
880 jtag_add_reset(0, 0);
881
882 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
883 {
884 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
885 /* set up embedded ice registers again */
886 if ((retval=target->type->examine(target))!=ERROR_OK)
887 return retval;
888
889 if ((retval=target_poll(target))!=ERROR_OK)
890 {
891 return retval;
892 }
893
894 if ((retval=target_halt(target))!=ERROR_OK)
895 {
896 return retval;
897 }
898
899 }
900 return retval;
901 }
902
903 int arm7_9_clear_halt(target_t *target)
904 {
905 armv4_5_common_t *armv4_5 = target->arch_info;
906 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
907 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
908
909 /* we used DBGRQ only if we didn't come out of reset */
910 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
911 {
912 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
913 */
914 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
915 embeddedice_store_reg(dbg_ctrl);
916 }
917 else
918 {
919 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
920 {
921 /* if we came out of reset, and vector catch is supported, we used
922 * vector catch to enter debug state
923 * restore the register in that case
924 */
925 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
926 }
927 else
928 {
929 /* restore registers if watchpoint unit 0 was in use
930 */
931 if (arm7_9->wp0_used)
932 {
933 if (arm7_9->debug_entry_from_reset)
934 {
935 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
936 }
937 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
938 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
939 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
940 }
941 /* control value always has to be restored, as it was either disabled,
942 * or enabled with possibly different bits
943 */
944 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
945 }
946 }
947
948 return ERROR_OK;
949 }
950
951 int arm7_9_soft_reset_halt(struct target_s *target)
952 {
953 armv4_5_common_t *armv4_5 = target->arch_info;
954 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
955 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
956 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
957 int i;
958 int retval;
959
960 if ((retval=target_halt(target))!=ERROR_OK)
961 return retval;
962
963 long long then=timeval_ms();
964 int timeout;
965 while (!(timeout=((timeval_ms()-then)>1000)))
966 {
967 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
968 break;
969 embeddedice_read_reg(dbg_stat);
970 if ((retval=jtag_execute_queue())!=ERROR_OK)
971 return retval;
972 if (debug_level>=3)
973 {
974 alive_sleep(100);
975 } else
976 {
977 keep_alive();
978 }
979 }
980 if (timeout)
981 {
982 LOG_ERROR("Failed to halt CPU after 1 sec");
983 return ERROR_TARGET_TIMEOUT;
984 }
985 target->state = TARGET_HALTED;
986
987 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
988 * ensure that DBGRQ is cleared
989 */
990 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
991 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
992 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
993 embeddedice_store_reg(dbg_ctrl);
994
995 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
996 {
997 return retval;
998 }
999
1000 /* if the target is in Thumb state, change to ARM state */
1001 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1002 {
1003 u32 r0_thumb, pc_thumb;
1004 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1005 /* Entered debug from Thumb mode */
1006 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1007 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1008 }
1009
1010 /* all register content is now invalid */
1011 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1012 {
1013 return retval;
1014 }
1015
1016 /* SVC, ARM state, IRQ and FIQ disabled */
1017 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1018 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1019 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1020
1021 /* start fetching from 0x0 */
1022 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1023 armv4_5->core_cache->reg_list[15].dirty = 1;
1024 armv4_5->core_cache->reg_list[15].valid = 1;
1025
1026 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1027 armv4_5->core_state = ARMV4_5_STATE_ARM;
1028
1029 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1030 return ERROR_FAIL;
1031
1032 /* reset registers */
1033 for (i = 0; i <= 14; i++)
1034 {
1035 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1036 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1037 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1038 }
1039
1040 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1041 {
1042 return retval;
1043 }
1044
1045 return ERROR_OK;
1046 }
1047
1048 int arm7_9_halt(target_t *target)
1049 {
1050 if (target->state==TARGET_RESET)
1051 {
1052 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1053 return ERROR_OK;
1054 }
1055
1056 armv4_5_common_t *armv4_5 = target->arch_info;
1057 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1058 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1059
1060 LOG_DEBUG("target->state: %s",
1061 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1062
1063 if (target->state == TARGET_HALTED)
1064 {
1065 LOG_DEBUG("target was already halted");
1066 return ERROR_OK;
1067 }
1068
1069 if (target->state == TARGET_UNKNOWN)
1070 {
1071 LOG_WARNING("target was in unknown state when halt was requested");
1072 }
1073
1074 if (arm7_9->use_dbgrq)
1075 {
1076 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1077 */
1078 if (arm7_9->set_special_dbgrq) {
1079 arm7_9->set_special_dbgrq(target);
1080 } else {
1081 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1082 embeddedice_store_reg(dbg_ctrl);
1083 }
1084 }
1085 else
1086 {
1087 /* program watchpoint unit to match on any address
1088 */
1089 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1090 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1091 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1092 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1093 }
1094
1095 target->debug_reason = DBG_REASON_DBGRQ;
1096
1097 return ERROR_OK;
1098 }
1099
1100 int arm7_9_debug_entry(target_t *target)
1101 {
1102 int i;
1103 u32 context[16];
1104 u32* context_p[16];
1105 u32 r0_thumb, pc_thumb;
1106 u32 cpsr;
1107 int retval;
1108 /* get pointers to arch-specific information */
1109 armv4_5_common_t *armv4_5 = target->arch_info;
1110 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1111 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1112 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1113
1114 #ifdef _DEBUG_ARM7_9_
1115 LOG_DEBUG("-");
1116 #endif
1117
1118 if (arm7_9->pre_debug_entry)
1119 arm7_9->pre_debug_entry(target);
1120
1121 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1122 * ensure that DBGRQ is cleared
1123 */
1124 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1125 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1126 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1127 embeddedice_store_reg(dbg_ctrl);
1128
1129 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1130 {
1131 return retval;
1132 }
1133
1134 if ((retval = jtag_execute_queue()) != ERROR_OK)
1135 {
1136 return retval;
1137 }
1138
1139 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1140 return retval;
1141
1142
1143 if (target->state != TARGET_HALTED)
1144 {
1145 LOG_WARNING("target not halted");
1146 return ERROR_TARGET_NOT_HALTED;
1147 }
1148
1149 /* if the target is in Thumb state, change to ARM state */
1150 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1151 {
1152 LOG_DEBUG("target entered debug from Thumb state");
1153 /* Entered debug from Thumb mode */
1154 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1155 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1156 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1157 }
1158 else
1159 {
1160 LOG_DEBUG("target entered debug from ARM state");
1161 /* Entered debug from ARM mode */
1162 armv4_5->core_state = ARMV4_5_STATE_ARM;
1163 }
1164
1165 for (i = 0; i < 16; i++)
1166 context_p[i] = &context[i];
1167 /* save core registers (r0 - r15 of current core mode) */
1168 arm7_9->read_core_regs(target, 0xffff, context_p);
1169
1170 arm7_9->read_xpsr(target, &cpsr, 0);
1171
1172 if ((retval = jtag_execute_queue()) != ERROR_OK)
1173 return retval;
1174
1175 /* if the core has been executing in Thumb state, set the T bit */
1176 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1177 cpsr |= 0x20;
1178
1179 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1180 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1181 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1182
1183 armv4_5->core_mode = cpsr & 0x1f;
1184
1185 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1186 {
1187 target->state = TARGET_UNKNOWN;
1188 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1189 return ERROR_TARGET_FAILURE;
1190 }
1191
1192 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1193
1194 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1195 {
1196 LOG_DEBUG("thumb state, applying fixups");
1197 context[0] = r0_thumb;
1198 context[15] = pc_thumb;
1199 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1200 {
1201 /* adjust value stored by STM */
1202 context[15] -= 3 * 4;
1203 }
1204
1205 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1206 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1207 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1208 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1209 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1210 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1211 else if (target->debug_reason == DBG_REASON_DBGRQ)
1212 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1213 else
1214 {
1215 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1216 }
1217
1218 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1219 return ERROR_FAIL;
1220
1221 for (i=0; i<=15; i++)
1222 {
1223 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1224 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1225 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1227 }
1228
1229 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1230
1231 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1232 return ERROR_FAIL;
1233
1234 /* exceptions other than USR & SYS have a saved program status register */
1235 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1236 {
1237 u32 spsr;
1238 arm7_9->read_xpsr(target, &spsr, 1);
1239 if ((retval = jtag_execute_queue()) != ERROR_OK)
1240 {
1241 return retval;
1242 }
1243 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1244 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1245 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1246 }
1247
1248 /* r0 and r15 (pc) have to be restored later */
1249 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1250 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1251
1252 if ((retval = jtag_execute_queue()) != ERROR_OK)
1253 return retval;
1254
1255 if (arm7_9->post_debug_entry)
1256 arm7_9->post_debug_entry(target);
1257
1258 return ERROR_OK;
1259 }
1260
1261 int arm7_9_full_context(target_t *target)
1262 {
1263 int i;
1264 int retval;
1265 armv4_5_common_t *armv4_5 = target->arch_info;
1266 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1267
1268 LOG_DEBUG("-");
1269
1270 if (target->state != TARGET_HALTED)
1271 {
1272 LOG_WARNING("target not halted");
1273 return ERROR_TARGET_NOT_HALTED;
1274 }
1275
1276 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1277 return ERROR_FAIL;
1278
1279 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1280 * SYS shares registers with User, so we don't touch SYS
1281 */
1282 for(i = 0; i < 6; i++)
1283 {
1284 u32 mask = 0;
1285 u32* reg_p[16];
1286 int j;
1287 int valid = 1;
1288
1289 /* check if there are invalid registers in the current mode
1290 */
1291 for (j = 0; j <= 16; j++)
1292 {
1293 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1294 valid = 0;
1295 }
1296
1297 if (!valid)
1298 {
1299 u32 tmp_cpsr;
1300
1301 /* change processor mode (and mask T bit) */
1302 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1303 tmp_cpsr |= armv4_5_number_to_mode(i);
1304 tmp_cpsr &= ~0x20;
1305 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1306
1307 for (j = 0; j < 15; j++)
1308 {
1309 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1310 {
1311 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1312 mask |= 1 << j;
1313 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1314 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1315 }
1316 }
1317
1318 /* if only the PSR is invalid, mask is all zeroes */
1319 if (mask)
1320 arm7_9->read_core_regs(target, mask, reg_p);
1321
1322 /* check if the PSR has to be read */
1323 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1324 {
1325 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1326 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1327 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1328 }
1329 }
1330 }
1331
1332 /* restore processor mode (mask T bit) */
1333 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1334
1335 if ((retval = jtag_execute_queue()) != ERROR_OK)
1336 {
1337 return retval;
1338 }
1339 return ERROR_OK;
1340 }
1341
1342 int arm7_9_restore_context(target_t *target)
1343 {
1344 armv4_5_common_t *armv4_5 = target->arch_info;
1345 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1346 reg_t *reg;
1347 armv4_5_core_reg_t *reg_arch_info;
1348 enum armv4_5_mode current_mode = armv4_5->core_mode;
1349 int i, j;
1350 int dirty;
1351 int mode_change;
1352
1353 LOG_DEBUG("-");
1354
1355 if (target->state != TARGET_HALTED)
1356 {
1357 LOG_WARNING("target not halted");
1358 return ERROR_TARGET_NOT_HALTED;
1359 }
1360
1361 if (arm7_9->pre_restore_context)
1362 arm7_9->pre_restore_context(target);
1363
1364 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1365 return ERROR_FAIL;
1366
1367 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1368 * SYS shares registers with User, so we don't touch SYS
1369 */
1370 for (i = 0; i < 6; i++)
1371 {
1372 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1373 dirty = 0;
1374 mode_change = 0;
1375 /* check if there are dirty registers in the current mode
1376 */
1377 for (j = 0; j <= 16; j++)
1378 {
1379 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1380 reg_arch_info = reg->arch_info;
1381 if (reg->dirty == 1)
1382 {
1383 if (reg->valid == 1)
1384 {
1385 dirty = 1;
1386 LOG_DEBUG("examining dirty reg: %s", reg->name);
1387 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1388 && (reg_arch_info->mode != current_mode)
1389 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1390 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1391 {
1392 mode_change = 1;
1393 LOG_DEBUG("require mode change");
1394 }
1395 }
1396 else
1397 {
1398 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1399 }
1400 }
1401 }
1402
1403 if (dirty)
1404 {
1405 u32 mask = 0x0;
1406 int num_regs = 0;
1407 u32 regs[16];
1408
1409 if (mode_change)
1410 {
1411 u32 tmp_cpsr;
1412
1413 /* change processor mode (mask T bit) */
1414 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1415 tmp_cpsr |= armv4_5_number_to_mode(i);
1416 tmp_cpsr &= ~0x20;
1417 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1418 current_mode = armv4_5_number_to_mode(i);
1419 }
1420
1421 for (j = 0; j <= 14; j++)
1422 {
1423 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1424 reg_arch_info = reg->arch_info;
1425
1426
1427 if (reg->dirty == 1)
1428 {
1429 regs[j] = buf_get_u32(reg->value, 0, 32);
1430 mask |= 1 << j;
1431 num_regs++;
1432 reg->dirty = 0;
1433 reg->valid = 1;
1434 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1435 }
1436 }
1437
1438 if (mask)
1439 {
1440 arm7_9->write_core_regs(target, mask, regs);
1441 }
1442
1443 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1444 reg_arch_info = reg->arch_info;
1445 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1446 {
1447 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1448 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1449 }
1450 }
1451 }
1452
1453 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1454 {
1455 /* restore processor mode (mask T bit) */
1456 u32 tmp_cpsr;
1457
1458 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1459 tmp_cpsr |= armv4_5_number_to_mode(i);
1460 tmp_cpsr &= ~0x20;
1461 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1462 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1463 }
1464 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1465 {
1466 /* CPSR has been changed, full restore necessary (mask T bit) */
1467 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1468 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1469 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1470 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1471 }
1472
1473 /* restore PC */
1474 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1475 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1476 armv4_5->core_cache->reg_list[15].dirty = 0;
1477
1478 if (arm7_9->post_restore_context)
1479 arm7_9->post_restore_context(target);
1480
1481 return ERROR_OK;
1482 }
1483
1484 int arm7_9_restart_core(struct target_s *target)
1485 {
1486 armv4_5_common_t *armv4_5 = target->arch_info;
1487 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1488 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1489
1490 /* set RESTART instruction */
1491 jtag_add_end_state(TAP_RTI);
1492 if (arm7_9->need_bypass_before_restart) {
1493 arm7_9->need_bypass_before_restart = 0;
1494 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1495 }
1496 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1497
1498 jtag_add_runtest(1, TAP_RTI);
1499 return jtag_execute_queue();
1500 }
1501
1502 void arm7_9_enable_watchpoints(struct target_s *target)
1503 {
1504 watchpoint_t *watchpoint = target->watchpoints;
1505
1506 while (watchpoint)
1507 {
1508 if (watchpoint->set == 0)
1509 arm7_9_set_watchpoint(target, watchpoint);
1510 watchpoint = watchpoint->next;
1511 }
1512 }
1513
1514 void arm7_9_enable_breakpoints(struct target_s *target)
1515 {
1516 breakpoint_t *breakpoint = target->breakpoints;
1517
1518 /* set any pending breakpoints */
1519 while (breakpoint)
1520 {
1521 arm7_9_set_breakpoint(target, breakpoint);
1522 breakpoint = breakpoint->next;
1523 }
1524 }
1525
1526
1527 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1528 {
1529 armv4_5_common_t *armv4_5 = target->arch_info;
1530 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1531 breakpoint_t *breakpoint = target->breakpoints;
1532 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1533 int err, retval = ERROR_OK;
1534
1535 LOG_DEBUG("-");
1536
1537 if (target->state != TARGET_HALTED)
1538 {
1539 LOG_WARNING("target not halted");
1540 return ERROR_TARGET_NOT_HALTED;
1541 }
1542
1543 if (!debug_execution)
1544 {
1545 target_free_all_working_areas(target);
1546 }
1547
1548 /* current = 1: continue on current pc, otherwise continue at <address> */
1549 if (!current)
1550 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1551
1552 /* the front-end may request us not to handle breakpoints */
1553 if (handle_breakpoints)
1554 {
1555 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1556 {
1557 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1558 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1559 {
1560 return retval;
1561 }
1562
1563 LOG_DEBUG("enable single-step");
1564 arm7_9->enable_single_step(target);
1565
1566 target->debug_reason = DBG_REASON_SINGLESTEP;
1567
1568 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1569 {
1570 return retval;
1571 }
1572
1573 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1574 arm7_9->branch_resume(target);
1575 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1576 {
1577 arm7_9->branch_resume_thumb(target);
1578 }
1579 else
1580 {
1581 LOG_ERROR("unhandled core state");
1582 return ERROR_FAIL;
1583 }
1584
1585 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1586 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1587 err = arm7_9_execute_sys_speed(target);
1588
1589 LOG_DEBUG("disable single-step");
1590 arm7_9->disable_single_step(target);
1591
1592 if (err != ERROR_OK)
1593 {
1594 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1595 {
1596 return retval;
1597 }
1598 target->state = TARGET_UNKNOWN;
1599 return err;
1600 }
1601
1602 arm7_9_debug_entry(target);
1603 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1604
1605 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1606 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1607 {
1608 return retval;
1609 }
1610 }
1611 }
1612
1613 /* enable any pending breakpoints and watchpoints */
1614 arm7_9_enable_breakpoints(target);
1615 arm7_9_enable_watchpoints(target);
1616
1617 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1618 {
1619 return retval;
1620 }
1621
1622 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1623 {
1624 arm7_9->branch_resume(target);
1625 }
1626 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1627 {
1628 arm7_9->branch_resume_thumb(target);
1629 }
1630 else
1631 {
1632 LOG_ERROR("unhandled core state");
1633 return ERROR_FAIL;
1634 }
1635
1636 /* deassert DBGACK and INTDIS */
1637 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1638 /* INTDIS only when we really resume, not during debug execution */
1639 if (!debug_execution)
1640 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1641 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1642
1643 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1644 {
1645 return retval;
1646 }
1647
1648 target->debug_reason = DBG_REASON_NOTHALTED;
1649
1650 if (!debug_execution)
1651 {
1652 /* registers are now invalid */
1653 armv4_5_invalidate_core_regs(target);
1654 target->state = TARGET_RUNNING;
1655 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1656 {
1657 return retval;
1658 }
1659 }
1660 else
1661 {
1662 target->state = TARGET_DEBUG_RUNNING;
1663 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1664 {
1665 return retval;
1666 }
1667 }
1668
1669 LOG_DEBUG("target resumed");
1670
1671 return ERROR_OK;
1672 }
1673
1674 void arm7_9_enable_eice_step(target_t *target)
1675 {
1676 armv4_5_common_t *armv4_5 = target->arch_info;
1677 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1678
1679 /* setup an inverse breakpoint on the current PC
1680 * - comparator 1 matches the current address
1681 * - rangeout from comparator 1 is connected to comparator 0 rangein
1682 * - comparator 0 matches any address, as long as rangein is low */
1683 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1684 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1685 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1686 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1687 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1688 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1689 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1690 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1691 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1692 }
1693
1694 void arm7_9_disable_eice_step(target_t *target)
1695 {
1696 armv4_5_common_t *armv4_5 = target->arch_info;
1697 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1698
1699 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1700 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1701 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1702 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1703 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1704 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1705 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1706 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1707 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1708 }
1709
1710 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1711 {
1712 armv4_5_common_t *armv4_5 = target->arch_info;
1713 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1714 breakpoint_t *breakpoint = NULL;
1715 int err, retval;
1716
1717 if (target->state != TARGET_HALTED)
1718 {
1719 LOG_WARNING("target not halted");
1720 return ERROR_TARGET_NOT_HALTED;
1721 }
1722
1723 /* current = 1: continue on current pc, otherwise continue at <address> */
1724 if (!current)
1725 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1726
1727 /* the front-end may request us not to handle breakpoints */
1728 if (handle_breakpoints)
1729 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1730 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1731 {
1732 return retval;
1733 }
1734
1735 target->debug_reason = DBG_REASON_SINGLESTEP;
1736
1737 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1738 {
1739 return retval;
1740 }
1741
1742 arm7_9->enable_single_step(target);
1743
1744 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1745 {
1746 arm7_9->branch_resume(target);
1747 }
1748 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1749 {
1750 arm7_9->branch_resume_thumb(target);
1751 }
1752 else
1753 {
1754 LOG_ERROR("unhandled core state");
1755 return ERROR_FAIL;
1756 }
1757
1758 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1759 {
1760 return retval;
1761 }
1762
1763 err = arm7_9_execute_sys_speed(target);
1764 arm7_9->disable_single_step(target);
1765
1766 /* registers are now invalid */
1767 armv4_5_invalidate_core_regs(target);
1768
1769 if (err != ERROR_OK)
1770 {
1771 target->state = TARGET_UNKNOWN;
1772 } else {
1773 arm7_9_debug_entry(target);
1774 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1775 {
1776 return retval;
1777 }
1778 LOG_DEBUG("target stepped");
1779 }
1780
1781 if (breakpoint)
1782 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1783 {
1784 return retval;
1785 }
1786
1787 return err;
1788
1789 }
1790
1791 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1792 {
1793 u32* reg_p[16];
1794 u32 value;
1795 int retval;
1796 armv4_5_common_t *armv4_5 = target->arch_info;
1797 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1798
1799 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1800 return ERROR_FAIL;
1801
1802 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1803
1804 if ((num < 0) || (num > 16))
1805 return ERROR_INVALID_ARGUMENTS;
1806
1807 if ((mode != ARMV4_5_MODE_ANY)
1808 && (mode != armv4_5->core_mode)
1809 && (reg_mode != ARMV4_5_MODE_ANY))
1810 {
1811 u32 tmp_cpsr;
1812
1813 /* change processor mode (mask T bit) */
1814 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1815 tmp_cpsr |= mode;
1816 tmp_cpsr &= ~0x20;
1817 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1818 }
1819
1820 if ((num >= 0) && (num <= 15))
1821 {
1822 /* read a normal core register */
1823 reg_p[num] = &value;
1824
1825 arm7_9->read_core_regs(target, 1 << num, reg_p);
1826 }
1827 else
1828 {
1829 /* read a program status register
1830 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1831 */
1832 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1833 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1834
1835 arm7_9->read_xpsr(target, &value, spsr);
1836 }
1837
1838 if ((retval = jtag_execute_queue()) != ERROR_OK)
1839 {
1840 return retval;
1841 }
1842
1843 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1844 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1845 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1846
1847 if ((mode != ARMV4_5_MODE_ANY)
1848 && (mode != armv4_5->core_mode)
1849 && (reg_mode != ARMV4_5_MODE_ANY)) {
1850 /* restore processor mode (mask T bit) */
1851 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1852 }
1853
1854 return ERROR_OK;
1855
1856 }
1857
1858 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1859 {
1860 u32 reg[16];
1861 armv4_5_common_t *armv4_5 = target->arch_info;
1862 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1863
1864 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1865 return ERROR_FAIL;
1866
1867 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1868
1869 if ((num < 0) || (num > 16))
1870 return ERROR_INVALID_ARGUMENTS;
1871
1872 if ((mode != ARMV4_5_MODE_ANY)
1873 && (mode != armv4_5->core_mode)
1874 && (reg_mode != ARMV4_5_MODE_ANY)) {
1875 u32 tmp_cpsr;
1876
1877 /* change processor mode (mask T bit) */
1878 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1879 tmp_cpsr |= mode;
1880 tmp_cpsr &= ~0x20;
1881 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1882 }
1883
1884 if ((num >= 0) && (num <= 15))
1885 {
1886 /* write a normal core register */
1887 reg[num] = value;
1888
1889 arm7_9->write_core_regs(target, 1 << num, reg);
1890 }
1891 else
1892 {
1893 /* write a program status register
1894 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1895 */
1896 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1897 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1898
1899 /* if we're writing the CPSR, mask the T bit */
1900 if (!spsr)
1901 value &= ~0x20;
1902
1903 arm7_9->write_xpsr(target, value, spsr);
1904 }
1905
1906 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1907 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1908
1909 if ((mode != ARMV4_5_MODE_ANY)
1910 && (mode != armv4_5->core_mode)
1911 && (reg_mode != ARMV4_5_MODE_ANY)) {
1912 /* restore processor mode (mask T bit) */
1913 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1914 }
1915
1916 return jtag_execute_queue();
1917 }
1918
1919 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1920 {
1921 armv4_5_common_t *armv4_5 = target->arch_info;
1922 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1923
1924 u32 reg[16];
1925 int num_accesses = 0;
1926 int thisrun_accesses;
1927 int i;
1928 u32 cpsr;
1929 int retval;
1930 int last_reg = 0;
1931
1932 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1933
1934 if (target->state != TARGET_HALTED)
1935 {
1936 LOG_WARNING("target not halted");
1937 return ERROR_TARGET_NOT_HALTED;
1938 }
1939
1940 /* sanitize arguments */
1941 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1942 return ERROR_INVALID_ARGUMENTS;
1943
1944 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1945 return ERROR_TARGET_UNALIGNED_ACCESS;
1946
1947 /* load the base register with the address of the first word */
1948 reg[0] = address;
1949 arm7_9->write_core_regs(target, 0x1, reg);
1950
1951 int j=0;
1952
1953 switch (size)
1954 {
1955 case 4:
1956 while (num_accesses < count)
1957 {
1958 u32 reg_list;
1959 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1960 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1961
1962 if (last_reg <= thisrun_accesses)
1963 last_reg = thisrun_accesses;
1964
1965 arm7_9->load_word_regs(target, reg_list);
1966
1967 /* fast memory reads are only safe when the target is running
1968 * from a sufficiently high clock (32 kHz is usually too slow)
1969 */
1970 if (arm7_9->fast_memory_access)
1971 arm7_9_execute_fast_sys_speed(target);
1972 else
1973 arm7_9_execute_sys_speed(target);
1974
1975 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1976
1977 /* advance buffer, count number of accesses */
1978 buffer += thisrun_accesses * 4;
1979 num_accesses += thisrun_accesses;
1980
1981 if ((j++%1024)==0)
1982 {
1983 keep_alive();
1984 }
1985 }
1986 break;
1987 case 2:
1988 while (num_accesses < count)
1989 {
1990 u32 reg_list;
1991 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1992 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1993
1994 for (i = 1; i <= thisrun_accesses; i++)
1995 {
1996 if (i > last_reg)
1997 last_reg = i;
1998 arm7_9->load_hword_reg(target, i);
1999 /* fast memory reads are only safe when the target is running
2000 * from a sufficiently high clock (32 kHz is usually too slow)
2001 */
2002 if (arm7_9->fast_memory_access)
2003 retval = arm7_9_execute_fast_sys_speed(target);
2004 else
2005 retval = arm7_9_execute_sys_speed(target);
2006 if(retval != ERROR_OK)
2007 {
2008 return retval;
2009 }
2010
2011 }
2012
2013 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2014
2015 /* advance buffer, count number of accesses */
2016 buffer += thisrun_accesses * 2;
2017 num_accesses += thisrun_accesses;
2018
2019 if ((j++%1024)==0)
2020 {
2021 keep_alive();
2022 }
2023 }
2024 break;
2025 case 1:
2026 while (num_accesses < count)
2027 {
2028 u32 reg_list;
2029 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2030 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2031
2032 for (i = 1; i <= thisrun_accesses; i++)
2033 {
2034 if (i > last_reg)
2035 last_reg = i;
2036 arm7_9->load_byte_reg(target, i);
2037 /* fast memory reads are only safe when the target is running
2038 * from a sufficiently high clock (32 kHz is usually too slow)
2039 */
2040 if (arm7_9->fast_memory_access)
2041 retval = arm7_9_execute_fast_sys_speed(target);
2042 else
2043 retval = arm7_9_execute_sys_speed(target);
2044 if(retval != ERROR_OK)
2045 {
2046 return retval;
2047 }
2048 }
2049
2050 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2051
2052 /* advance buffer, count number of accesses */
2053 buffer += thisrun_accesses * 1;
2054 num_accesses += thisrun_accesses;
2055
2056 if ((j++%1024)==0)
2057 {
2058 keep_alive();
2059 }
2060 }
2061 break;
2062 default:
2063 LOG_ERROR("BUG: we shouldn't get here");
2064 exit(-1);
2065 break;
2066 }
2067
2068 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2069 return ERROR_FAIL;
2070
2071 for (i=0; i<=last_reg; i++)
2072 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2073
2074 arm7_9->read_xpsr(target, &cpsr, 0);
2075 if ((retval = jtag_execute_queue()) != ERROR_OK)
2076 {
2077 LOG_ERROR("JTAG error while reading cpsr");
2078 return ERROR_TARGET_DATA_ABORT;
2079 }
2080
2081 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2082 {
2083 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2084
2085 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2086
2087 return ERROR_TARGET_DATA_ABORT;
2088 }
2089
2090 return ERROR_OK;
2091 }
2092
2093 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2094 {
2095 armv4_5_common_t *armv4_5 = target->arch_info;
2096 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2097 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2098
2099 u32 reg[16];
2100 int num_accesses = 0;
2101 int thisrun_accesses;
2102 int i;
2103 u32 cpsr;
2104 int retval;
2105 int last_reg = 0;
2106
2107 #ifdef _DEBUG_ARM7_9_
2108 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2109 #endif
2110
2111 if (target->state != TARGET_HALTED)
2112 {
2113 LOG_WARNING("target not halted");
2114 return ERROR_TARGET_NOT_HALTED;
2115 }
2116
2117 /* sanitize arguments */
2118 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2119 return ERROR_INVALID_ARGUMENTS;
2120
2121 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2122 return ERROR_TARGET_UNALIGNED_ACCESS;
2123
2124 /* load the base register with the address of the first word */
2125 reg[0] = address;
2126 arm7_9->write_core_regs(target, 0x1, reg);
2127
2128 /* Clear DBGACK, to make sure memory fetches work as expected */
2129 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2130 embeddedice_store_reg(dbg_ctrl);
2131
2132 switch (size)
2133 {
2134 case 4:
2135 while (num_accesses < count)
2136 {
2137 u32 reg_list;
2138 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2139 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2140
2141 for (i = 1; i <= thisrun_accesses; i++)
2142 {
2143 if (i > last_reg)
2144 last_reg = i;
2145 reg[i] = target_buffer_get_u32(target, buffer);
2146 buffer += 4;
2147 }
2148
2149 arm7_9->write_core_regs(target, reg_list, reg);
2150
2151 arm7_9->store_word_regs(target, reg_list);
2152
2153 /* fast memory writes are only safe when the target is running
2154 * from a sufficiently high clock (32 kHz is usually too slow)
2155 */
2156 if (arm7_9->fast_memory_access)
2157 retval = arm7_9_execute_fast_sys_speed(target);
2158 else
2159 retval = arm7_9_execute_sys_speed(target);
2160 if(retval != ERROR_OK)
2161 {
2162 return retval;
2163 }
2164
2165 num_accesses += thisrun_accesses;
2166 }
2167 break;
2168 case 2:
2169 while (num_accesses < count)
2170 {
2171 u32 reg_list;
2172 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2173 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2174
2175 for (i = 1; i <= thisrun_accesses; i++)
2176 {
2177 if (i > last_reg)
2178 last_reg = i;
2179 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2180 buffer += 2;
2181 }
2182
2183 arm7_9->write_core_regs(target, reg_list, reg);
2184
2185 for (i = 1; i <= thisrun_accesses; i++)
2186 {
2187 arm7_9->store_hword_reg(target, i);
2188
2189 /* fast memory writes are only safe when the target is running
2190 * from a sufficiently high clock (32 kHz is usually too slow)
2191 */
2192 if (arm7_9->fast_memory_access)
2193 retval = arm7_9_execute_fast_sys_speed(target);
2194 else
2195 retval = arm7_9_execute_sys_speed(target);
2196 if(retval != ERROR_OK)
2197 {
2198 return retval;
2199 }
2200 }
2201
2202 num_accesses += thisrun_accesses;
2203 }
2204 break;
2205 case 1:
2206 while (num_accesses < count)
2207 {
2208 u32 reg_list;
2209 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2210 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2211
2212 for (i = 1; i <= thisrun_accesses; i++)
2213 {
2214 if (i > last_reg)
2215 last_reg = i;
2216 reg[i] = *buffer++ & 0xff;
2217 }
2218
2219 arm7_9->write_core_regs(target, reg_list, reg);
2220
2221 for (i = 1; i <= thisrun_accesses; i++)
2222 {
2223 arm7_9->store_byte_reg(target, i);
2224 /* fast memory writes are only safe when the target is running
2225 * from a sufficiently high clock (32 kHz is usually too slow)
2226 */
2227 if (arm7_9->fast_memory_access)
2228 retval = arm7_9_execute_fast_sys_speed(target);
2229 else
2230 retval = arm7_9_execute_sys_speed(target);
2231 if(retval != ERROR_OK)
2232 {
2233 return retval;
2234 }
2235
2236 }
2237
2238 num_accesses += thisrun_accesses;
2239 }
2240 break;
2241 default:
2242 LOG_ERROR("BUG: we shouldn't get here");
2243 exit(-1);
2244 break;
2245 }
2246
2247 /* Re-Set DBGACK */
2248 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2249 embeddedice_store_reg(dbg_ctrl);
2250
2251 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2252 return ERROR_FAIL;
2253
2254 for (i=0; i<=last_reg; i++)
2255 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2256
2257 arm7_9->read_xpsr(target, &cpsr, 0);
2258 if ((retval = jtag_execute_queue()) != ERROR_OK)
2259 {
2260 LOG_ERROR("JTAG error while reading cpsr");
2261 return ERROR_TARGET_DATA_ABORT;
2262 }
2263
2264 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2265 {
2266 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2267
2268 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2269
2270 return ERROR_TARGET_DATA_ABORT;
2271 }
2272
2273 return ERROR_OK;
2274 }
2275
2276 static int dcc_count;
2277 static u8 *dcc_buffer;
2278
2279
2280 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2281 {
2282 int retval = ERROR_OK;
2283 armv4_5_common_t *armv4_5 = target->arch_info;
2284 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2285 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2286 int count=dcc_count;
2287 u8 *buffer=dcc_buffer;
2288 if (count>2)
2289 {
2290 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2291 core function repeated.
2292 */
2293 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2294 buffer+=4;
2295
2296 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2297 u8 reg_addr = ice_reg->addr & 0x1f;
2298 int chain_pos = ice_reg->jtag_info->chain_pos;
2299
2300 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2301 buffer += (count-2)*4;
2302
2303 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2304 } else
2305 {
2306 int i;
2307 for (i = 0; i < count; i++)
2308 {
2309 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2310 buffer += 4;
2311 }
2312 }
2313
2314 if((retval = target_halt(target))!= ERROR_OK)
2315 {
2316 return retval;
2317 }
2318 return target_wait_state(target, TARGET_HALTED, 500);
2319 }
2320
2321
2322 static const u32 dcc_code[] =
2323 {
2324 /* MRC TST BNE MRC STR B */
2325 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2326 };
2327
2328 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2329
2330
2331 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2332 {
2333 int retval;
2334 armv4_5_common_t *armv4_5 = target->arch_info;
2335 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2336 int i;
2337
2338 if (!arm7_9->dcc_downloads)
2339 return target->type->write_memory(target, address, 4, count, buffer);
2340
2341 /* regrab previously allocated working_area, or allocate a new one */
2342 if (!arm7_9->dcc_working_area)
2343 {
2344 u8 dcc_code_buf[6 * 4];
2345
2346 /* make sure we have a working area */
2347 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2348 {
2349 LOG_INFO("no working area available, falling back to memory writes");
2350 return target->type->write_memory(target, address, 4, count, buffer);
2351 }
2352
2353 /* copy target instructions to target endianness */
2354 for (i = 0; i < 6; i++)
2355 {
2356 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2357 }
2358
2359 /* write DCC code to working area */
2360 if ((retval = target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2361 {
2362 return retval;
2363 }
2364 }
2365
2366 armv4_5_algorithm_t armv4_5_info;
2367 reg_param_t reg_params[1];
2368
2369 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2370 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2371 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2372
2373 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2374
2375 buf_set_u32(reg_params[0].value, 0, 32, address);
2376
2377 //armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params,
2378 // int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info))
2379 dcc_count=count;
2380 dcc_buffer=buffer;
2381 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2382 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2383
2384 if (retval==ERROR_OK)
2385 {
2386 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2387 if (endaddress!=(address+count*4))
2388 {
2389 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2390 retval=ERROR_FAIL;
2391 }
2392 }
2393
2394 destroy_reg_param(&reg_params[0]);
2395
2396 return retval;
2397 }
2398
2399 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2400 {
2401 working_area_t *crc_algorithm;
2402 armv4_5_algorithm_t armv4_5_info;
2403 reg_param_t reg_params[2];
2404 int retval;
2405
2406 u32 arm7_9_crc_code[] = {
2407 0xE1A02000, /* mov r2, r0 */
2408 0xE3E00000, /* mov r0, #0xffffffff */
2409 0xE1A03001, /* mov r3, r1 */
2410 0xE3A04000, /* mov r4, #0 */
2411 0xEA00000B, /* b ncomp */
2412 /* nbyte: */
2413 0xE7D21004, /* ldrb r1, [r2, r4] */
2414 0xE59F7030, /* ldr r7, CRC32XOR */
2415 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2416 0xE3A05000, /* mov r5, #0 */
2417 /* loop: */
2418 0xE3500000, /* cmp r0, #0 */
2419 0xE1A06080, /* mov r6, r0, asl #1 */
2420 0xE2855001, /* add r5, r5, #1 */
2421 0xE1A00006, /* mov r0, r6 */
2422 0xB0260007, /* eorlt r0, r6, r7 */
2423 0xE3550008, /* cmp r5, #8 */
2424 0x1AFFFFF8, /* bne loop */
2425 0xE2844001, /* add r4, r4, #1 */
2426 /* ncomp: */
2427 0xE1540003, /* cmp r4, r3 */
2428 0x1AFFFFF1, /* bne nbyte */
2429 /* end: */
2430 0xEAFFFFFE, /* b end */
2431 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2432 };
2433
2434 int i;
2435
2436 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2437 {
2438 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2439 }
2440
2441 /* convert flash writing code into a buffer in target endianness */
2442 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2443 {
2444 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2445 {
2446 return retval;
2447 }
2448 }
2449
2450 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2451 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2452 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2453
2454 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2455 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2456
2457 buf_set_u32(reg_params[0].value, 0, 32, address);
2458 buf_set_u32(reg_params[1].value, 0, 32, count);
2459
2460 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2461 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2462 {
2463 LOG_ERROR("error executing arm7_9 crc algorithm");
2464 destroy_reg_param(&reg_params[0]);
2465 destroy_reg_param(&reg_params[1]);
2466 target_free_working_area(target, crc_algorithm);
2467 return retval;
2468 }
2469
2470 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2471
2472 destroy_reg_param(&reg_params[0]);
2473 destroy_reg_param(&reg_params[1]);
2474
2475 target_free_working_area(target, crc_algorithm);
2476
2477 return ERROR_OK;
2478 }
2479
2480 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2481 {
2482 working_area_t *erase_check_algorithm;
2483 reg_param_t reg_params[3];
2484 armv4_5_algorithm_t armv4_5_info;
2485 int retval;
2486 int i;
2487
2488 u32 erase_check_code[] =
2489 {
2490 /* loop: */
2491 0xe4d03001, /* ldrb r3, [r0], #1 */
2492 0xe0022003, /* and r2, r2, r3 */
2493 0xe2511001, /* subs r1, r1, #1 */
2494 0x1afffffb, /* bne loop */
2495 /* end: */
2496 0xeafffffe /* b end */
2497 };
2498
2499 /* make sure we have a working area */
2500 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2501 {
2502 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2503 }
2504
2505 /* convert flash writing code into a buffer in target endianness */
2506 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2507 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i])) != ERROR_OK)
2508 {
2509 return retval;
2510 }
2511
2512 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2513 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2514 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2515
2516 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2517 buf_set_u32(reg_params[0].value, 0, 32, address);
2518
2519 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2520 buf_set_u32(reg_params[1].value, 0, 32, count);
2521
2522 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2523 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2524
2525 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2526 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2527 {
2528 destroy_reg_param(&reg_params[0]);
2529 destroy_reg_param(&reg_params[1]);
2530 destroy_reg_param(&reg_params[2]);
2531 target_free_working_area(target, erase_check_algorithm);
2532 return 0;
2533 }
2534
2535 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2536
2537 destroy_reg_param(&reg_params[0]);
2538 destroy_reg_param(&reg_params[1]);
2539 destroy_reg_param(&reg_params[2]);
2540
2541 target_free_working_area(target, erase_check_algorithm);
2542
2543 return ERROR_OK;
2544 }
2545
2546 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2547 {
2548 command_t *arm7_9_cmd;
2549
2550 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2551
2552 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2553 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2554
2555 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2556
2557 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2558 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2559 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2560 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2561 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2562 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2563 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2564 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2565
2566 armv4_5_register_commands(cmd_ctx);
2567
2568 etm_register_commands(cmd_ctx);
2569
2570 return ERROR_OK;
2571 }
2572
2573 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2574 {
2575 u32 value;
2576 int spsr;
2577 int retval;
2578 target_t *target = get_current_target(cmd_ctx);
2579 armv4_5_common_t *armv4_5;
2580 arm7_9_common_t *arm7_9;
2581
2582 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2583 {
2584 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2585 return ERROR_OK;
2586 }
2587
2588 if (target->state != TARGET_HALTED)
2589 {
2590 command_print(cmd_ctx, "can't write registers while running");
2591 return ERROR_OK;
2592 }
2593
2594 if (argc < 2)
2595 {
2596 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2597 return ERROR_OK;
2598 }
2599
2600 value = strtoul(args[0], NULL, 0);
2601 spsr = strtol(args[1], NULL, 0);
2602
2603 /* if we're writing the CPSR, mask the T bit */
2604 if (!spsr)
2605 value &= ~0x20;
2606
2607 arm7_9->write_xpsr(target, value, spsr);
2608 if ((retval = jtag_execute_queue()) != ERROR_OK)
2609 {
2610 LOG_ERROR("JTAG error while writing to xpsr");
2611 return retval;
2612 }
2613
2614 return ERROR_OK;
2615 }
2616
2617 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2618 {
2619 u32 value;
2620 int rotate;
2621 int spsr;
2622 int retval;
2623 target_t *target = get_current_target(cmd_ctx);
2624 armv4_5_common_t *armv4_5;
2625 arm7_9_common_t *arm7_9;
2626
2627 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2628 {
2629 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2630 return ERROR_OK;
2631 }
2632
2633 if (target->state != TARGET_HALTED)
2634 {
2635 command_print(cmd_ctx, "can't write registers while running");
2636 return ERROR_OK;
2637 }
2638
2639 if (argc < 3)
2640 {
2641 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2642 return ERROR_OK;
2643 }
2644
2645 value = strtoul(args[0], NULL, 0);
2646 rotate = strtol(args[1], NULL, 0);
2647 spsr = strtol(args[2], NULL, 0);
2648
2649 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2650 if ((retval = jtag_execute_queue()) != ERROR_OK)
2651 {
2652 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2653 return retval;
2654 }
2655
2656 return ERROR_OK;
2657 }
2658
2659 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2660 {
2661 u32 value;
2662 u32 mode;
2663 int num;
2664 target_t *target = get_current_target(cmd_ctx);
2665 armv4_5_common_t *armv4_5;
2666 arm7_9_common_t *arm7_9;
2667
2668 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2669 {
2670 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2671 return ERROR_OK;
2672 }
2673
2674 if (target->state != TARGET_HALTED)
2675 {
2676 command_print(cmd_ctx, "can't write registers while running");
2677 return ERROR_OK;
2678 }
2679
2680 if (argc < 3)
2681 {
2682 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2683 return ERROR_OK;
2684 }
2685
2686 num = strtol(args[0], NULL, 0);
2687 mode = strtoul(args[1], NULL, 0);
2688 value = strtoul(args[2], NULL, 0);
2689
2690 return arm7_9_write_core_reg(target, num, mode, value);
2691
2692 }
2693
2694
2695 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2696 {
2697 target_t *target = get_current_target(cmd_ctx);
2698 armv4_5_common_t *armv4_5;
2699 arm7_9_common_t *arm7_9;
2700
2701 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2702 {
2703 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2704 return ERROR_OK;
2705 }
2706
2707 if (argc > 0)
2708 {
2709 if (strcmp("enable", args[0]) == 0)
2710 {
2711 arm7_9->use_dbgrq = 1;
2712 }
2713 else if (strcmp("disable", args[0]) == 0)
2714 {
2715 arm7_9->use_dbgrq = 0;
2716 }
2717 else
2718 {
2719 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2720 }
2721 }
2722
2723 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2724
2725 return ERROR_OK;
2726 }
2727
2728 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2729 {
2730 target_t *target = get_current_target(cmd_ctx);
2731 armv4_5_common_t *armv4_5;
2732 arm7_9_common_t *arm7_9;
2733
2734 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2735 {
2736 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2737 return ERROR_OK;
2738 }
2739
2740 if (argc > 0)
2741 {
2742 if (strcmp("enable", args[0]) == 0)
2743 {
2744 arm7_9->fast_memory_access = 1;
2745 }
2746 else if (strcmp("disable", args[0]) == 0)
2747 {
2748 arm7_9->fast_memory_access = 0;
2749 }
2750 else
2751 {
2752 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2753 }
2754 }
2755
2756 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2757
2758 return ERROR_OK;
2759 }
2760
2761 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2762 {
2763 target_t *target = get_current_target(cmd_ctx);
2764 armv4_5_common_t *armv4_5;
2765 arm7_9_common_t *arm7_9;
2766
2767 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2768 {
2769 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2770 return ERROR_OK;
2771 }
2772
2773 if (argc > 0)
2774 {
2775 if (strcmp("enable", args[0]) == 0)
2776 {
2777 arm7_9->dcc_downloads = 1;
2778 }
2779 else if (strcmp("disable", args[0]) == 0)
2780 {
2781 arm7_9->dcc_downloads = 0;
2782 }
2783 else
2784 {
2785 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2786 }
2787 }
2788
2789 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2790
2791 return ERROR_OK;
2792 }
2793
2794 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2795 {
2796 int retval = ERROR_OK;
2797 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2798
2799 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2800
2801 if((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2802 {
2803 return retval;
2804 }
2805
2806 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2807 arm7_9->wp_available_max = 2;
2808 arm7_9->sw_breakpoints_added = 0;
2809 arm7_9->breakpoint_count = 0;
2810 arm7_9->wp0_used = 0;
2811 arm7_9->wp1_used = 0;
2812 arm7_9->wp1_used_default = 0;
2813 arm7_9->use_dbgrq = 0;
2814
2815 arm7_9->etm_ctx = NULL;
2816 arm7_9->has_single_step = 0;
2817 arm7_9->has_monitor_mode = 0;
2818 arm7_9->has_vector_catch = 0;
2819
2820 arm7_9->debug_entry_from_reset = 0;
2821
2822 arm7_9->dcc_working_area = NULL;
2823
2824 arm7_9->fast_memory_access = fast_and_dangerous;
2825 arm7_9->dcc_downloads = fast_and_dangerous;
2826
2827 arm7_9->need_bypass_before_restart = 0;
2828
2829 armv4_5->arch_info = arm7_9;
2830 armv4_5->read_core_reg = arm7_9_read_core_reg;
2831 armv4_5->write_core_reg = arm7_9_write_core_reg;
2832 armv4_5->full_context = arm7_9_full_context;
2833
2834 if((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
2835 {
2836 return retval;
2837 }
2838
2839 if((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
2840 {
2841 return retval;
2842 }
2843
2844 return ERROR_OK;
2845 }