1 // SPDX-License-Identifier: GPL-2.0-or-later
3 /***************************************************************************
4 * Copyright (C) 2005 by Dominic Rath *
5 * Dominic.Rath@gmx.de *
7 * Copyright (C) 2007-2010 Øyvind Harboe *
8 * oyvind.harboe@zylin.com *
10 * Copyright (C) 2008 by Spencer Oliver *
11 * spen@spen-soft.co.uk *
13 * Copyright (C) 2008 by Hongtao Zheng *
16 * Copyright (C) 2009 by David Brownell *
17 ***************************************************************************/
23 #include "breakpoints.h"
24 #include "embeddedice.h"
25 #include "target_request.h"
27 #include <helper/time_support.h>
28 #include "arm_simulator.h"
29 #include "arm_semihosting.h"
30 #include "algorithm.h"
36 * Hold common code supporting the ARM7 and ARM9 core generations.
38 * While the ARM core implementations evolved substantially during these
39 * two generations, they look quite similar from the JTAG perspective.
40 * Both have similar debug facilities, based on the same two scan chains
41 * providing access to the core and to an EmbeddedICE module. Both can
42 * support similar ETM and ETB modules, for tracing. And both expose
43 * what could be viewed as "ARM Classic", with multiple processor modes,
44 * shadowed registers, and support for the Thumb instruction set.
46 * Processor differences include things like presence or absence of MMU
47 * and cache, pipeline sizes, use of a modified Harvard Architecture
48 * (with separate instruction and data buses from the CPU), support
49 * for cpu clock gating during idle, and more.
52 static int arm7_9_debug_entry(struct target
*target
);
55 * Clear watchpoints for an ARM7/9 target.
57 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
58 * @return JTAG error status after executing queue
60 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
63 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
64 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
65 arm7_9
->sw_breakpoint_count
= 0;
66 arm7_9
->sw_breakpoints_added
= 0;
68 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
69 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
71 return jtag_execute_queue();
75 * Assign a watchpoint to one of the two available hardware comparators in an
76 * ARM7 or ARM9 target.
78 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
79 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
81 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
83 if (!arm7_9
->wp0_used
) {
85 breakpoint_hw_set(breakpoint
, 0);
86 arm7_9
->wp_available
--;
87 } else if (!arm7_9
->wp1_used
) {
89 breakpoint_hw_set(breakpoint
, 1);
90 arm7_9
->wp_available
--;
92 LOG_ERROR("BUG: no hardware comparator available");
95 LOG_DEBUG("BPID: %" PRIu32
" (0x%08" TARGET_PRIxADDR
") using hw wp: %u",
96 breakpoint
->unique_id
,
102 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
104 * @param arm7_9 Pointer to common struct for ARM7/9 targets
105 * @return Error codes if there is a problem finding a watchpoint or the result
106 * of executing the JTAG queue
108 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
110 if (arm7_9
->sw_breakpoints_added
)
112 if (arm7_9
->wp_available
< 1) {
113 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
114 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
116 arm7_9
->wp_available
--;
118 /* pick a breakpoint unit */
119 if (!arm7_9
->wp0_used
) {
120 arm7_9
->sw_breakpoints_added
= 1;
121 arm7_9
->wp0_used
= 3;
122 } else if (!arm7_9
->wp1_used
) {
123 arm7_9
->sw_breakpoints_added
= 2;
124 arm7_9
->wp1_used
= 3;
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
130 if (arm7_9
->sw_breakpoints_added
== 1) {
131 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
132 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
133 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
134 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
135 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
136 } else if (arm7_9
->sw_breakpoints_added
== 2) {
137 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
138 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
139 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
140 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
141 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
143 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
146 LOG_DEBUG("SW BP using hw wp: %d",
147 arm7_9
->sw_breakpoints_added
);
149 return jtag_execute_queue();
153 * Setup the common pieces for an ARM7/9 target after reset or on startup.
155 * @param target Pointer to an ARM7/9 target to setup
156 * @return Result of clearing the watchpoints on the target
158 static int arm7_9_setup(struct target
*target
)
160 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
162 return arm7_9_clear_watchpoints(arm7_9
);
166 * Set either a hardware or software breakpoint on an ARM7/9 target. The
167 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
168 * might have erased the values in Embedded ICE.
170 * @param target Pointer to the target device to set the breakpoints on
171 * @param breakpoint Pointer to the breakpoint to be set
172 * @return For hardware breakpoints, this is the result of executing the JTAG
173 * queue. For software breakpoints, this will be the status of the
174 * required memory reads and writes
176 static int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
178 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
179 int retval
= ERROR_OK
;
181 LOG_DEBUG("BPID: %" PRIu32
", Address: 0x%08" TARGET_PRIxADDR
", Type: %d",
182 breakpoint
->unique_id
,
186 if (target
->state
!= TARGET_HALTED
) {
187 LOG_TARGET_ERROR(target
, "not halted");
188 return ERROR_TARGET_NOT_HALTED
;
191 if (breakpoint
->type
== BKPT_HARD
) {
192 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
193 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
195 /* reassign a hw breakpoint */
196 if (!breakpoint
->is_set
)
197 arm7_9_assign_wp(arm7_9
, breakpoint
);
199 if (breakpoint
->number
== 0) {
200 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
201 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
202 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
203 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
204 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
205 } else if (breakpoint
->number
== 1) {
206 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
207 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
208 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
209 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
210 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
212 LOG_ERROR("BUG: no hardware comparator available");
216 retval
= jtag_execute_queue();
217 } else if (breakpoint
->type
== BKPT_SOFT
) {
218 /* did we already set this breakpoint? */
219 if (breakpoint
->is_set
)
222 if (breakpoint
->length
== 4) {
223 uint32_t verify
= 0xffffffff;
224 /* keep the original instruction in target endianness */
225 retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
226 if (retval
!= ERROR_OK
)
228 /* write the breakpoint instruction in target
229 * endianness (arm7_9->arm_bkpt is host endian) */
230 retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
);
231 if (retval
!= ERROR_OK
)
234 retval
= target_read_u32(target
, breakpoint
->address
, &verify
);
235 if (retval
!= ERROR_OK
)
237 if (verify
!= arm7_9
->arm_bkpt
) {
238 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" TARGET_PRIxADDR
239 " - check that memory is read/writable", breakpoint
->address
);
243 uint16_t verify
= 0xffff;
244 /* keep the original instruction in target endianness */
245 retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
246 if (retval
!= ERROR_OK
)
248 /* write the breakpoint instruction in target
249 * endianness (arm7_9->thumb_bkpt is host endian) */
250 retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
);
251 if (retval
!= ERROR_OK
)
254 retval
= target_read_u16(target
, breakpoint
->address
, &verify
);
255 if (retval
!= ERROR_OK
)
257 if (verify
!= arm7_9
->thumb_bkpt
) {
258 LOG_ERROR("Unable to set thumb software breakpoint at address %08" TARGET_PRIxADDR
259 " - check that memory is read/writable", breakpoint
->address
);
264 retval
= arm7_9_set_software_breakpoints(arm7_9
);
265 if (retval
!= ERROR_OK
)
268 arm7_9
->sw_breakpoint_count
++;
270 breakpoint
->is_set
= true;
277 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
278 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
279 * will be updated. Otherwise, the software breakpoint will be restored to its
280 * original instruction if it hasn't already been modified.
282 * @param target Pointer to ARM7/9 target to unset the breakpoint from
283 * @param breakpoint Pointer to breakpoint to be unset
284 * @return For hardware breakpoints, this is the result of executing the JTAG
285 * queue. For software breakpoints, this will be the status of the
286 * required memory reads and writes
288 static int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
290 int retval
= ERROR_OK
;
291 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
293 LOG_DEBUG("BPID: %" PRIu32
", Address: 0x%08" TARGET_PRIxADDR
,
294 breakpoint
->unique_id
,
295 breakpoint
->address
);
297 if (!breakpoint
->is_set
) {
298 LOG_WARNING("breakpoint not set");
302 if (breakpoint
->type
== BKPT_HARD
) {
303 LOG_DEBUG("BPID: %" PRIu32
" Releasing hw wp: %d",
304 breakpoint
->unique_id
,
306 if (breakpoint
->number
== 0) {
307 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
308 arm7_9
->wp0_used
= 0;
309 arm7_9
->wp_available
++;
310 } else if (breakpoint
->number
== 1) {
311 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
312 arm7_9
->wp1_used
= 0;
313 arm7_9
->wp_available
++;
315 retval
= jtag_execute_queue();
316 breakpoint
->is_set
= false;
318 /* restore original instruction (kept in target endianness) */
319 if (breakpoint
->length
== 4) {
320 uint32_t current_instr
;
321 /* check that user program as not modified breakpoint instruction */
322 retval
= target_read_memory(target
,
323 breakpoint
->address
, 4, 1, (uint8_t *)¤t_instr
);
324 if (retval
!= ERROR_OK
)
326 current_instr
= target_buffer_get_u32(target
, (uint8_t *)¤t_instr
);
327 if (current_instr
== arm7_9
->arm_bkpt
) {
328 retval
= target_write_memory(target
,
329 breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
330 if (retval
!= ERROR_OK
)
335 uint16_t current_instr
;
336 /* check that user program as not modified breakpoint instruction */
337 retval
= target_read_memory(target
,
338 breakpoint
->address
, 2, 1, (uint8_t *)¤t_instr
);
339 if (retval
!= ERROR_OK
)
341 current_instr
= target_buffer_get_u16(target
, (uint8_t *)¤t_instr
);
342 if (current_instr
== arm7_9
->thumb_bkpt
) {
343 retval
= target_write_memory(target
,
344 breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
345 if (retval
!= ERROR_OK
)
350 if (--arm7_9
->sw_breakpoint_count
== 0) {
351 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
353 if (arm7_9
->sw_breakpoints_added
== 1)
354 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
355 EICE_W0_CONTROL_VALUE
], 0);
356 else if (arm7_9
->sw_breakpoints_added
== 2)
357 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
358 EICE_W1_CONTROL_VALUE
], 0);
361 breakpoint
->is_set
= false;
368 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
369 * dangling breakpoints and that the desired breakpoint can be added.
371 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
372 * @param breakpoint Pointer to the breakpoint to be added
373 * @return An error status if there is a problem adding the breakpoint or the
374 * result of setting the breakpoint
376 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
378 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
380 if (arm7_9
->breakpoint_count
== 0) {
381 /* make sure we don't have any dangling breakpoints. This is vital upon
382 * GDB connect/disconnect
384 arm7_9_clear_watchpoints(arm7_9
);
387 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1)) {
388 LOG_INFO("no watchpoint unit available for hardware breakpoint");
389 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
392 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4)) {
393 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
394 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
397 if (breakpoint
->type
== BKPT_HARD
)
398 arm7_9_assign_wp(arm7_9
, breakpoint
);
400 arm7_9
->breakpoint_count
++;
402 return arm7_9_set_breakpoint(target
, breakpoint
);
406 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
407 * dangling breakpoints and updates available watchpoints if it is a hardware
410 * @param target Pointer to the target to have a breakpoint removed
411 * @param breakpoint Pointer to the breakpoint to be removed
412 * @return Error status if there was a problem unsetting the breakpoint or the
413 * watchpoints could not be cleared
415 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
417 int retval
= ERROR_OK
;
418 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
420 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
421 if (retval
!= ERROR_OK
)
424 if (breakpoint
->type
== BKPT_HARD
)
425 arm7_9
->wp_available
++;
427 arm7_9
->breakpoint_count
--;
428 if (arm7_9
->breakpoint_count
== 0) {
429 /* make sure we don't have any dangling breakpoints */
430 retval
= arm7_9_clear_watchpoints(arm7_9
);
431 if (retval
!= ERROR_OK
)
439 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
440 * considered a bug to call this function when there are no available watchpoint
443 * @param target Pointer to an ARM7/9 target to set a watchpoint on
444 * @param watchpoint Pointer to the watchpoint to be set
445 * @return Error status if watchpoint set fails or the result of executing the
448 static int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
450 int retval
= ERROR_OK
;
451 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
454 const uint32_t wp_data_mask
= watchpoint
->mask
;
456 mask
= watchpoint
->length
- 1;
458 if (target
->state
!= TARGET_HALTED
) {
459 LOG_TARGET_ERROR(target
, "not halted");
460 return ERROR_TARGET_NOT_HALTED
;
463 if (watchpoint
->rw
== WPT_ACCESS
)
468 if (!arm7_9
->wp0_used
) {
469 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
],
470 watchpoint
->address
);
471 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
472 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
],
474 if (wp_data_mask
!= (uint32_t)WATCHPOINT_IGNORE_DATA_VALUE_MASK
)
475 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
],
477 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
478 0xff & ~EICE_W_CTRL_NOPC
& ~rw_mask
);
479 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
480 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_NOPC
| (watchpoint
->rw
& 1));
482 retval
= jtag_execute_queue();
483 if (retval
!= ERROR_OK
)
485 watchpoint_set(watchpoint
, 1);
486 arm7_9
->wp0_used
= 2;
487 } else if (!arm7_9
->wp1_used
) {
488 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
489 watchpoint
->address
);
490 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
491 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
],
493 if (wp_data_mask
!= (uint32_t)WATCHPOINT_IGNORE_DATA_VALUE_MASK
)
494 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
],
496 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
497 0xff & ~EICE_W_CTRL_NOPC
& ~rw_mask
);
498 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
499 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_NOPC
| (watchpoint
->rw
& 1));
501 retval
= jtag_execute_queue();
502 if (retval
!= ERROR_OK
)
504 watchpoint_set(watchpoint
, 2);
505 arm7_9
->wp1_used
= 2;
507 LOG_ERROR("BUG: no hardware comparator available");
515 * Unset an existing watchpoint and clear the used watchpoint unit.
517 * @param target Pointer to the target to have the watchpoint removed
518 * @param watchpoint Pointer to the watchpoint to be removed
519 * @return Error status while trying to unset the watchpoint or the result of
520 * executing the JTAG queue
522 static int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
524 int retval
= ERROR_OK
;
525 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
527 if (target
->state
!= TARGET_HALTED
) {
528 LOG_TARGET_ERROR(target
, "not halted");
529 return ERROR_TARGET_NOT_HALTED
;
532 if (!watchpoint
->is_set
) {
533 LOG_WARNING("breakpoint not set");
537 if (watchpoint
->number
== 1) {
538 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
539 retval
= jtag_execute_queue();
540 if (retval
!= ERROR_OK
)
542 arm7_9
->wp0_used
= 0;
543 } else if (watchpoint
->number
== 2) {
544 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
545 retval
= jtag_execute_queue();
546 if (retval
!= ERROR_OK
)
548 arm7_9
->wp1_used
= 0;
550 watchpoint
->is_set
= false;
556 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
557 * available, an error response is returned.
559 * @param target Pointer to the ARM7/9 target to add a watchpoint to
560 * @param watchpoint Pointer to the watchpoint to be added
561 * @return Error status while trying to add the watchpoint
563 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
565 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
567 if (arm7_9
->wp_available
< 1)
568 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
570 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
571 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
573 arm7_9
->wp_available
--;
579 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
580 * the used watchpoint unit will be reopened.
582 * @param target Pointer to the target to remove a watchpoint from
583 * @param watchpoint Pointer to the watchpoint to be removed
584 * @return Result of trying to unset the watchpoint
586 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
588 int retval
= ERROR_OK
;
589 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
591 if (watchpoint
->is_set
) {
592 retval
= arm7_9_unset_watchpoint(target
, watchpoint
);
593 if (retval
!= ERROR_OK
)
597 arm7_9
->wp_available
++;
603 * Restarts the target by sending a RESTART instruction and moving the JTAG
604 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
605 * asserted by the processor.
607 * @param target Pointer to target to issue commands to
608 * @return Error status if there is a timeout or a problem while executing the
611 int arm7_9_execute_sys_speed(struct target
*target
)
614 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
615 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
616 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
618 /* set RESTART instruction */
619 if (arm7_9
->need_bypass_before_restart
) {
620 arm7_9
->need_bypass_before_restart
= 0;
621 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
622 if (retval
!= ERROR_OK
)
625 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
626 if (retval
!= ERROR_OK
)
629 int64_t then
= timeval_ms();
631 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
632 /* read debug status register */
633 embeddedice_read_reg(dbg_stat
);
634 retval
= jtag_execute_queue();
635 if (retval
!= ERROR_OK
)
637 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
638 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
640 if (debug_level
>= 3)
646 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"",
647 buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
648 return ERROR_TARGET_TIMEOUT
;
655 * Restarts the target by sending a RESTART instruction and moving the JTAG
656 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
657 * waiting until they are.
659 * @param target Pointer to the target to issue commands to
660 * @return Always ERROR_OK
662 static int arm7_9_execute_fast_sys_speed(struct target
*target
)
665 static uint8_t check_value
[4], check_mask
[4];
667 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
668 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
669 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
672 /* set RESTART instruction */
673 if (arm7_9
->need_bypass_before_restart
) {
674 arm7_9
->need_bypass_before_restart
= 0;
675 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
676 if (retval
!= ERROR_OK
)
679 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
680 if (retval
!= ERROR_OK
)
684 /* check for DBGACK and SYSCOMP set (others don't care) */
686 /* NB! These are constants that must be available until after next jtag_execute() and
687 * we evaluate the values upon first execution in lieu of setting up these constants
688 * during early setup.
690 buf_set_u32(check_value
, 0, 32, 0x9);
691 buf_set_u32(check_mask
, 0, 32, 0x9);
695 /* read debug status register */
696 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
702 * Get some data from the ARM7/9 target.
704 * @param target Pointer to the ARM7/9 target to read data from
705 * @param size The number of 32bit words to be read
706 * @param buffer Pointer to the buffer that will hold the data
707 * @return The result of receiving data from the Embedded ICE unit
709 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
711 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
712 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
714 int retval
= ERROR_OK
;
717 data
= malloc(size
* (sizeof(uint32_t)));
719 retval
= embeddedice_receive(jtag_info
, data
, size
);
721 /* return the 32-bit ints in the 8-bit array */
722 for (i
= 0; i
< size
; i
++)
723 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
731 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
732 * target is running and the DCC control register has the W bit high, this will
733 * execute the request on the target.
735 * @param priv Void pointer expected to be a struct target pointer
736 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
737 * from the Embedded ICE unit
739 static int arm7_9_handle_target_request(void *priv
)
741 int retval
= ERROR_OK
;
742 struct target
*target
= priv
;
743 if (!target_was_examined(target
))
745 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
746 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
747 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
749 if (!target
->dbg_msg_enabled
)
752 if (target
->state
== TARGET_RUNNING
) {
753 /* read DCC control register */
754 embeddedice_read_reg(dcc_control
);
755 retval
= jtag_execute_queue();
756 if (retval
!= ERROR_OK
)
760 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1) {
763 retval
= embeddedice_receive(jtag_info
, &request
, 1);
764 if (retval
!= ERROR_OK
)
766 retval
= target_request(target
, request
);
767 if (retval
!= ERROR_OK
)
776 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
777 * is manipulated to the right halted state based on its current state. This is
781 * <tr><th > State</th><th > Action</th></tr>
782 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
783 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
784 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
785 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
786 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
789 * If the target does not end up in the halted state, a warning is produced. If
790 * DBGACK is cleared, then the target is expected to either be running or
793 * @param target Pointer to the ARM7/9 target to poll
794 * @return ERROR_OK or an error status if a command fails
796 int arm7_9_poll(struct target
*target
)
799 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
800 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
802 /* read debug status register */
803 embeddedice_read_reg(dbg_stat
);
804 retval
= jtag_execute_queue();
805 if (retval
!= ERROR_OK
)
808 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)) {
809 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
810 if (target
->state
== TARGET_UNKNOWN
) {
811 /* Starting OpenOCD with target in debug-halt */
812 target
->state
= TARGET_RUNNING
;
813 LOG_DEBUG("DBGACK already set during server startup.");
815 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
)) {
816 target
->state
= TARGET_HALTED
;
818 retval
= arm7_9_debug_entry(target
);
819 if (retval
!= ERROR_OK
)
822 if (arm_semihosting(target
, &retval
) != 0)
825 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
826 if (retval
!= ERROR_OK
)
829 if (target
->state
== TARGET_DEBUG_RUNNING
) {
830 target
->state
= TARGET_HALTED
;
831 retval
= arm7_9_debug_entry(target
);
832 if (retval
!= ERROR_OK
)
835 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
836 if (retval
!= ERROR_OK
)
839 if (target
->state
!= TARGET_HALTED
)
841 "DBGACK set, but the target did not end up in the halted state %d",
844 if (target
->state
!= TARGET_DEBUG_RUNNING
)
845 target
->state
= TARGET_RUNNING
;
852 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
853 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
854 * affected) completely stop the JTAG clock while the core is held in reset
855 * (SRST). It isn't possible to program the halt condition once reset is
856 * asserted, hence a hook that allows the target to set up its reset-halt
857 * condition is setup prior to asserting reset.
859 * @param target Pointer to an ARM7/9 target to assert reset on
860 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
862 int arm7_9_assert_reset(struct target
*target
)
864 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
865 enum reset_types jtag_reset_config
= jtag_get_reset_config();
866 bool use_event
= false;
868 /* TODO: apply hw reset signal in not examined state */
869 if (!(target_was_examined(target
))) {
870 LOG_WARNING("Reset is not asserted because the target is not examined.");
871 LOG_WARNING("Use a reset button or power cycle the target.");
872 return ERROR_TARGET_NOT_EXAMINED
;
875 LOG_DEBUG("target->state: %s", target_state_name(target
));
877 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
879 else if (!(jtag_reset_config
& RESET_HAS_SRST
)) {
880 LOG_ERROR("%s: how to reset?", target_name(target
));
884 /* At this point trst has been asserted/deasserted once. We would
885 * like to program EmbeddedICE while SRST is asserted, instead of
886 * depending on SRST to leave that module alone. However, many CPUs
887 * gate the JTAG clock while SRST is asserted; or JTAG may need
888 * clock stability guarantees (adaptive clocking might help).
890 * So we assume JTAG access during SRST is off the menu unless it's
891 * been specifically enabled.
893 bool srst_asserted
= false;
895 if (!use_event
&& !(jtag_reset_config
& RESET_SRST_PULLS_TRST
)
896 && (jtag_reset_config
& RESET_SRST_NO_GATING
)) {
897 jtag_add_reset(0, 1);
898 srst_asserted
= true;
901 if (target
->reset_halt
) {
903 * For targets that don't support communication while SRST is
904 * asserted, we need to set up the reset vector catch first.
906 * When we use TRST+SRST and that's equivalent to a power-up
907 * reset, these settings may well be reset anyway; so setting
908 * them here won't matter.
910 if (arm7_9
->has_vector_catch
) {
911 /* program vector catch register to catch reset */
912 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
914 /* extra runtest added as issues were found with
915 * certain ARM9 cores (maybe more) - AT91SAM9260
918 jtag_add_runtest(1, TAP_IDLE
);
920 /* program watchpoint unit to match on reset vector
923 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
924 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
925 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
926 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
927 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
932 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
934 /* If we use SRST ... we'd like to issue just SRST, but the
935 * board or chip may be set up so we have to assert TRST as
936 * well. On some chips that combination is equivalent to a
937 * power-up reset, and generally clobbers EICE state.
939 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
940 jtag_add_reset(1, 1);
941 else if (!srst_asserted
)
942 jtag_add_reset(0, 1);
943 jtag_add_sleep(50000);
946 target
->state
= TARGET_RESET
;
947 register_cache_invalidate(arm7_9
->arm
.core_cache
);
949 /* REVISIT why isn't standard debug entry logic sufficient?? */
950 if (target
->reset_halt
&& (!(jtag_reset_config
& RESET_SRST_PULLS_TRST
) || use_event
)) {
951 /* debug entry was prepared above */
952 target
->debug_reason
= DBG_REASON_DBGRQ
;
959 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
960 * and the target is being reset into a halt, a warning will be triggered
961 * because it is not possible to reset into a halted mode in this case. The
962 * target is halted using the target's functions.
964 * @param target Pointer to the target to have the reset deasserted
965 * @return ERROR_OK or an error from polling or halting the target
967 int arm7_9_deassert_reset(struct target
*target
)
969 int retval
= ERROR_OK
;
970 LOG_DEBUG("target->state: %s", target_state_name(target
));
972 /* deassert reset lines */
973 jtag_add_reset(0, 0);
975 /* In case polling is disabled, we need to examine the
976 * target and poll here for this target to work correctly.
978 * Otherwise, e.g. halt will fail afterwards with bogus
979 * error messages as halt will believe that reset is
982 retval
= target_examine_one(target
);
983 if (retval
!= ERROR_OK
)
986 retval
= target_poll(target
);
987 if (retval
!= ERROR_OK
)
990 enum reset_types jtag_reset_config
= jtag_get_reset_config();
991 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0) {
993 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
994 retval
= target_halt(target
);
995 if (retval
!= ERROR_OK
)
1002 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1003 * reset and if DBGRQ is used, it is programmed to be deasserted. If the reset
1004 * vector catch was used, it is restored. Otherwise, the control value is
1005 * restored and the watchpoint unit is restored if it was in use.
1007 * @param target Pointer to the ARM7/9 target to have halt cleared
1008 * @return Always ERROR_OK
1010 static int arm7_9_clear_halt(struct target
*target
)
1012 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1013 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1015 /* we used DBGRQ only if we didn't come out of reset */
1016 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
) {
1017 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1019 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1020 embeddedice_store_reg(dbg_ctrl
);
1022 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
) {
1023 /* if we came out of reset, and vector catch is supported, we used
1024 * vector catch to enter debug state
1025 * restore the register in that case
1027 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1029 /* restore registers if watchpoint unit 0 was in use
1031 if (arm7_9
->wp0_used
) {
1032 if (arm7_9
->debug_entry_from_reset
)
1033 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1034 EICE_W0_ADDR_VALUE
]);
1035 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1036 EICE_W0_ADDR_MASK
]);
1037 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1038 EICE_W0_DATA_MASK
]);
1039 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1040 EICE_W0_CONTROL_MASK
]);
1042 /* control value always has to be restored, as it was either disabled,
1043 * or enabled with possibly different bits
1045 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1053 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1054 * and then there is a wait until the processor shows the halt. This wait can
1055 * timeout and results in an error being returned. The software reset involves
1056 * clearing the halt, updating the debug control register, changing to ARM mode,
1057 * reset of the program counter, and reset of all of the registers.
1059 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1060 * @return Error status if any of the commands fail, otherwise ERROR_OK
1062 int arm7_9_soft_reset_halt(struct target
*target
)
1064 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1065 struct arm
*arm
= &arm7_9
->arm
;
1066 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1067 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1071 /* FIX!!! replace some of this code with tcl commands
1073 * halt # the halt command is synchronous
1074 * armv4_5 core_state arm
1078 retval
= target_halt(target
);
1079 if (retval
!= ERROR_OK
)
1082 long long then
= timeval_ms();
1084 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
1085 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1087 embeddedice_read_reg(dbg_stat
);
1088 retval
= jtag_execute_queue();
1089 if (retval
!= ERROR_OK
)
1091 if (debug_level
>= 3)
1097 LOG_ERROR("Failed to halt CPU after 1 sec");
1098 return ERROR_TARGET_TIMEOUT
;
1100 target
->state
= TARGET_HALTED
;
1102 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1103 * ensure that DBGRQ is cleared
1105 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1106 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1107 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1108 embeddedice_store_reg(dbg_ctrl
);
1110 retval
= arm7_9_clear_halt(target
);
1111 if (retval
!= ERROR_OK
)
1114 /* if the target is in Thumb state, change to ARM state */
1115 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1116 uint32_t r0_thumb
, pc_thumb
;
1117 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1118 /* Entered debug from Thumb mode */
1119 arm
->core_state
= ARM_STATE_THUMB
;
1120 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1123 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1125 /* all register content is now invalid */
1126 register_cache_invalidate(arm
->core_cache
);
1128 /* SVC, ARM state, IRQ and FIQ disabled */
1131 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
1134 arm_set_cpsr(arm
, cpsr
);
1135 arm
->cpsr
->dirty
= true;
1137 /* start fetching from 0x0 */
1138 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
1139 arm
->pc
->dirty
= true;
1140 arm
->pc
->valid
= true;
1142 /* reset registers */
1143 for (i
= 0; i
<= 14; i
++) {
1144 struct reg
*r
= arm_reg_current(arm
, i
);
1146 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1151 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1152 if (retval
!= ERROR_OK
)
1159 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1160 * line or by programming a watchpoint to trigger on any address. It is
1161 * considered a bug to call this function while the target is in the
1162 * TARGET_RESET state.
1164 * @param target Pointer to the ARM7/9 target to be halted
1165 * @return Always ERROR_OK
1167 int arm7_9_halt(struct target
*target
)
1169 if (target
->state
== TARGET_RESET
) {
1171 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1175 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1176 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1178 LOG_DEBUG("target->state: %s",
1179 target_state_name(target
));
1181 if (target
->state
== TARGET_HALTED
) {
1182 LOG_DEBUG("target was already halted");
1186 if (target
->state
== TARGET_UNKNOWN
)
1187 LOG_WARNING("target was in unknown state when halt was requested");
1189 if (arm7_9
->use_dbgrq
) {
1190 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1192 if (arm7_9
->set_special_dbgrq
)
1193 arm7_9
->set_special_dbgrq(target
);
1195 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1196 embeddedice_store_reg(dbg_ctrl
);
1199 /* program watchpoint unit to match on any address
1201 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1202 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1203 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1204 EICE_W_CTRL_ENABLE
);
1205 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1206 ~EICE_W_CTRL_NOPC
& 0xff);
1209 target
->debug_reason
= DBG_REASON_DBGRQ
;
1215 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1216 * ARM. The JTAG queue is then executed and the reason for debug entry is
1217 * examined. Once done, the target is verified to be halted and the processor
1218 * is forced into ARM mode. The core registers are saved for the current core
1219 * mode and the program counter (register 15) is updated as needed. The core
1220 * registers and CPSR and SPSR are saved for restoration later.
1222 * @param target Pointer to target that is entering debug mode
1223 * @return Error code if anything fails, otherwise ERROR_OK
1225 static int arm7_9_debug_entry(struct target
*target
)
1228 uint32_t context
[16];
1229 uint32_t *context_p
[16];
1230 uint32_t r0_thumb
, pc_thumb
;
1231 uint32_t cpsr
, cpsr_mask
= 0;
1233 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1234 struct arm
*arm
= &arm7_9
->arm
;
1235 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1236 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1238 #ifdef _DEBUG_ARM7_9_
1242 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1243 * ensure that DBGRQ is cleared
1245 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1246 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1247 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1248 embeddedice_store_reg(dbg_ctrl
);
1250 retval
= arm7_9_clear_halt(target
);
1251 if (retval
!= ERROR_OK
)
1254 retval
= jtag_execute_queue();
1255 if (retval
!= ERROR_OK
)
1258 retval
= arm7_9
->examine_debug_reason(target
);
1259 if (retval
!= ERROR_OK
)
1262 if (target
->state
!= TARGET_HALTED
) {
1263 LOG_TARGET_ERROR(target
, "not halted");
1264 return ERROR_TARGET_NOT_HALTED
;
1267 /* if the target is in Thumb state, change to ARM state */
1268 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1269 LOG_DEBUG("target entered debug from Thumb state");
1270 /* Entered debug from Thumb mode */
1271 arm
->core_state
= ARM_STATE_THUMB
;
1273 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1274 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1275 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1276 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1277 /* \todo Get some vaguely correct handling of Jazelle, if
1278 * anyone ever uses it and full info becomes available.
1279 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1280 * B.7.3 for the reverse. That'd be the bare minimum...
1282 LOG_DEBUG("target entered debug from Jazelle state");
1283 arm
->core_state
= ARM_STATE_JAZELLE
;
1284 cpsr_mask
= 1 << 24;
1285 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1287 LOG_DEBUG("target entered debug from ARM state");
1288 /* Entered debug from ARM mode */
1289 arm
->core_state
= ARM_STATE_ARM
;
1292 for (i
= 0; i
< 16; i
++)
1293 context_p
[i
] = &context
[i
];
1294 /* save core registers (r0 - r15 of current core mode) */
1295 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1297 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1299 retval
= jtag_execute_queue();
1300 if (retval
!= ERROR_OK
)
1303 /* Sync our CPSR copy with J or T bits EICE reported, but
1304 * which we then erased by putting the core into ARM mode.
1306 arm_set_cpsr(arm
, cpsr
| cpsr_mask
);
1308 if (!is_arm_mode(arm
->core_mode
)) {
1309 target
->state
= TARGET_UNKNOWN
;
1310 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1311 return ERROR_TARGET_FAILURE
;
1314 LOG_DEBUG("target entered debug state in %s mode",
1315 arm_mode_name(arm
->core_mode
));
1317 if (arm
->core_state
== ARM_STATE_THUMB
) {
1318 LOG_DEBUG("thumb state, applying fixups");
1319 context
[0] = r0_thumb
;
1320 context
[15] = pc_thumb
;
1321 } else if (arm
->core_state
== ARM_STATE_ARM
) {
1322 /* adjust value stored by STM */
1323 context
[15] -= 3 * 4;
1326 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1327 context
[15] -= 3 * ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1329 context
[15] -= arm7_9
->dbgreq_adjust_pc
*
1330 ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1332 for (i
= 0; i
<= 15; i
++) {
1333 struct reg
*r
= arm_reg_current(arm
, i
);
1335 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1337 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1338 /* r0 and r15 (pc) have to be restored later */
1339 r
->dirty
= (i
== 0) || (i
== 15);
1343 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1345 /* exceptions other than USR & SYS have a saved program status register */
1348 arm7_9
->read_xpsr(target
, &spsr
, 1);
1349 retval
= jtag_execute_queue();
1350 if (retval
!= ERROR_OK
)
1352 buf_set_u32(arm
->spsr
->value
, 0, 32, spsr
);
1353 arm
->spsr
->dirty
= false;
1354 arm
->spsr
->valid
= true;
1357 retval
= jtag_execute_queue();
1358 if (retval
!= ERROR_OK
)
1361 if (arm7_9
->post_debug_entry
) {
1362 retval
= arm7_9
->post_debug_entry(target
);
1363 if (retval
!= ERROR_OK
)
1371 * Validate the full context for an ARM7/9 target in all processor modes. If
1372 * there are any invalid registers for the target, they will all be read. This
1375 * @param target Pointer to the ARM7/9 target to capture the full context from
1376 * @return Error if the target is not halted, has an invalid core mode, or if
1377 * the JTAG queue fails to execute
1379 static int arm7_9_full_context(struct target
*target
)
1383 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1384 struct arm
*arm
= &arm7_9
->arm
;
1388 } read_cache
[6 * (16 + 1)];
1389 int read_cache_idx
= 0;
1393 if (target
->state
!= TARGET_HALTED
) {
1394 LOG_TARGET_ERROR(target
, "not halted");
1395 return ERROR_TARGET_NOT_HALTED
;
1398 if (!is_arm_mode(arm
->core_mode
)) {
1399 LOG_ERROR("not a valid arm core mode - communication failure?");
1403 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1404 * SYS shares registers with User, so we don't touch SYS
1406 for (i
= 0; i
< 6; i
++) {
1408 uint32_t *reg_p
[16];
1412 /* check if there are invalid registers in the current mode
1414 for (j
= 0; j
<= 16; j
++) {
1415 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
)
1422 /* change processor mode (and mask T bit) */
1423 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8)
1425 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1427 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1429 for (j
= 0; j
< 15; j
++) {
1430 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1431 armv4_5_number_to_mode(i
), j
).valid
) {
1432 read_cache
[read_cache_idx
].reg_p
= ARMV4_5_CORE_REG_MODE(
1434 armv4_5_number_to_mode(i
),
1436 reg_p
[j
] = &read_cache
[read_cache_idx
].value
;
1439 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1440 armv4_5_number_to_mode(i
),
1442 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1443 armv4_5_number_to_mode(i
),
1448 /* if only the PSR is invalid, mask is all zeroes */
1450 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1452 /* check if the PSR has to be read */
1453 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1455 read_cache
[read_cache_idx
].reg_p
= ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1456 armv4_5_number_to_mode(i
), 16).value
;
1457 arm7_9
->read_xpsr(target
, &read_cache
[read_cache_idx
].value
, 1);
1459 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1461 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1467 /* restore processor mode (mask T bit) */
1468 arm7_9
->write_xpsr_im8(target
,
1469 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
1471 retval
= jtag_execute_queue();
1472 if (retval
!= ERROR_OK
)
1475 * FIXME: regs in cache should be tagged as 'valid' only now,
1476 * not before the jtag_execute_queue()
1478 while (read_cache_idx
) {
1480 buf_set_u32(read_cache
[read_cache_idx
].reg_p
, 0, 32, read_cache
[read_cache_idx
].value
);
1486 * Restore the processor context on an ARM7/9 target. The full processor
1487 * context is analyzed to see if any of the registers are dirty on this end, but
1488 * have a valid new value. If this is the case, the processor is changed to the
1489 * appropriate mode and the new register values are written out to the
1490 * processor. If there happens to be a dirty register with an invalid value, an
1491 * error will be logged.
1493 * @param target Pointer to the ARM7/9 target to have its context restored
1494 * @return Error status if the target is not halted or the core mode in the
1495 * armv4_5 struct is invalid.
1497 static int arm7_9_restore_context(struct target
*target
)
1499 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1500 struct arm
*arm
= &arm7_9
->arm
;
1502 enum arm_mode current_mode
= arm
->core_mode
;
1509 if (target
->state
!= TARGET_HALTED
) {
1510 LOG_TARGET_ERROR(target
, "not halted");
1511 return ERROR_TARGET_NOT_HALTED
;
1514 if (arm7_9
->pre_restore_context
)
1515 arm7_9
->pre_restore_context(target
);
1517 if (!is_arm_mode(arm
->core_mode
)) {
1518 LOG_ERROR("not a valid arm core mode - communication failure?");
1522 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1523 * SYS shares registers with User, so we don't touch SYS
1525 for (i
= 0; i
< 6; i
++) {
1526 LOG_DEBUG("examining %s mode",
1527 arm_mode_name(arm
->core_mode
));
1530 /* check if there are dirty registers in the current mode
1532 for (j
= 0; j
<= 16; j
++) {
1533 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
);
1537 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1538 struct arm_reg
*reg_arch_info
;
1539 reg_arch_info
= reg
->arch_info
;
1540 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1541 && (reg_arch_info
->mode
!= current_mode
)
1542 && !((reg_arch_info
->mode
== ARM_MODE_USR
)
1543 && (arm
->core_mode
== ARM_MODE_SYS
))
1544 && !((reg_arch_info
->mode
== ARM_MODE_SYS
)
1545 && (arm
->core_mode
== ARM_MODE_USR
))) {
1547 LOG_DEBUG("require mode change");
1550 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1556 uint32_t mask
= 0x0;
1562 /* change processor mode (mask T bit) */
1563 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
,
1565 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1567 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1568 current_mode
= armv4_5_number_to_mode(i
);
1571 for (j
= 0; j
<= 14; j
++) {
1572 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1573 armv4_5_number_to_mode(i
),
1577 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1581 LOG_DEBUG("writing register %i mode %s "
1582 "with value 0x%8.8" PRIx32
, j
,
1583 arm_mode_name(arm
->core_mode
),
1589 arm7_9
->write_core_regs(target
, mask
, regs
);
1592 &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(
1594 struct arm_reg
*reg_arch_info
;
1595 reg_arch_info
= reg
->arch_info
;
1596 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
)) {
1597 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"",
1599 buf_get_u32(reg
->value
, 0, 32));
1600 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1605 if (!arm
->cpsr
->dirty
&& (arm
->core_mode
!= current_mode
)) {
1606 /* restore processor mode (mask T bit) */
1609 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
1610 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1612 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1613 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1615 } else if (arm
->cpsr
->dirty
) {
1616 /* CPSR has been changed, full restore necessary (mask T bit) */
1617 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1618 buf_get_u32(arm
->cpsr
->value
, 0, 32));
1619 arm7_9
->write_xpsr(target
,
1620 buf_get_u32(arm
->cpsr
->value
, 0, 32)
1622 arm
->cpsr
->dirty
= false;
1623 arm
->cpsr
->valid
= true;
1627 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
,
1628 buf_get_u32(arm
->pc
->value
, 0, 32));
1629 arm7_9
->write_pc(target
, buf_get_u32(arm
->pc
->value
, 0, 32));
1630 arm
->pc
->dirty
= false;
1636 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1637 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1640 * @param target Pointer to the ARM7/9 target to be restarted
1641 * @return Result of executing the JTAG queue
1643 static int arm7_9_restart_core(struct target
*target
)
1645 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1646 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1649 /* set RESTART instruction */
1650 if (arm7_9
->need_bypass_before_restart
) {
1651 arm7_9
->need_bypass_before_restart
= 0;
1653 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
1654 if (retval
!= ERROR_OK
)
1657 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
1658 if (retval
!= ERROR_OK
)
1661 jtag_add_runtest(1, TAP_IDLE
);
1662 return jtag_execute_queue();
1666 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1667 * iterated through and are set on the target if they aren't already set.
1669 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1671 static void arm7_9_enable_watchpoints(struct target
*target
)
1673 struct watchpoint
*watchpoint
= target
->watchpoints
;
1675 while (watchpoint
) {
1676 if (!watchpoint
->is_set
)
1677 arm7_9_set_watchpoint(target
, watchpoint
);
1678 watchpoint
= watchpoint
->next
;
1683 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1684 * iterated through and are set on the target.
1686 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1688 static void arm7_9_enable_breakpoints(struct target
*target
)
1690 struct breakpoint
*breakpoint
= target
->breakpoints
;
1692 /* set any pending breakpoints */
1693 while (breakpoint
) {
1694 arm7_9_set_breakpoint(target
, breakpoint
);
1695 breakpoint
= breakpoint
->next
;
1699 int arm7_9_resume(struct target
*target
,
1701 target_addr_t address
,
1702 int handle_breakpoints
,
1703 int debug_execution
)
1705 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1706 struct arm
*arm
= &arm7_9
->arm
;
1707 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1708 int err
, retval
= ERROR_OK
;
1712 if (target
->state
!= TARGET_HALTED
) {
1713 LOG_TARGET_ERROR(target
, "not halted");
1714 return ERROR_TARGET_NOT_HALTED
;
1717 if (!debug_execution
)
1718 target_free_all_working_areas(target
);
1720 /* current = 1: continue on current pc, otherwise continue at <address> */
1722 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1724 uint32_t current_pc
;
1725 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1727 /* the front-end may request us not to handle breakpoints */
1728 if (handle_breakpoints
) {
1729 struct breakpoint
*breakpoint
;
1730 breakpoint
= breakpoint_find(target
,
1731 buf_get_u32(arm
->pc
->value
, 0, 32));
1733 LOG_DEBUG("unset breakpoint at 0x%8.8" TARGET_PRIxADDR
" (id: %" PRIu32
,
1734 breakpoint
->address
,
1735 breakpoint
->unique_id
);
1736 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1737 if (retval
!= ERROR_OK
)
1740 /* calculate PC of next instruction */
1742 retval
= arm_simulate_step(target
, &next_pc
);
1743 if (retval
!= ERROR_OK
) {
1744 uint32_t current_opcode
;
1745 target_read_u32(target
, current_pc
, ¤t_opcode
);
1747 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1752 LOG_DEBUG("enable single-step");
1753 arm7_9
->enable_single_step(target
, next_pc
);
1755 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1757 retval
= arm7_9_restore_context(target
);
1758 if (retval
!= ERROR_OK
)
1761 if (arm
->core_state
== ARM_STATE_ARM
)
1762 arm7_9
->branch_resume(target
);
1763 else if (arm
->core_state
== ARM_STATE_THUMB
)
1764 arm7_9
->branch_resume_thumb(target
);
1766 LOG_ERROR("unhandled core state");
1770 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1771 embeddedice_write_reg(dbg_ctrl
,
1772 buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1773 err
= arm7_9_execute_sys_speed(target
);
1775 LOG_DEBUG("disable single-step");
1776 arm7_9
->disable_single_step(target
);
1778 if (err
!= ERROR_OK
) {
1779 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1780 if (retval
!= ERROR_OK
)
1782 target
->state
= TARGET_UNKNOWN
;
1786 retval
= arm7_9_debug_entry(target
);
1787 if (retval
!= ERROR_OK
)
1789 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
,
1790 buf_get_u32(arm
->pc
->value
, 0, 32));
1792 LOG_DEBUG("set breakpoint at 0x%8.8" TARGET_PRIxADDR
"", breakpoint
->address
);
1793 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1794 if (retval
!= ERROR_OK
)
1799 /* enable any pending breakpoints and watchpoints */
1800 arm7_9_enable_breakpoints(target
);
1801 arm7_9_enable_watchpoints(target
);
1803 retval
= arm7_9_restore_context(target
);
1804 if (retval
!= ERROR_OK
)
1807 if (arm
->core_state
== ARM_STATE_ARM
)
1808 arm7_9
->branch_resume(target
);
1809 else if (arm
->core_state
== ARM_STATE_THUMB
)
1810 arm7_9
->branch_resume_thumb(target
);
1812 LOG_ERROR("unhandled core state");
1816 /* deassert DBGACK and INTDIS */
1817 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1818 /* INTDIS only when we really resume, not during debug execution */
1819 if (!debug_execution
)
1820 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1821 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1823 retval
= arm7_9_restart_core(target
);
1824 if (retval
!= ERROR_OK
)
1827 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1829 if (!debug_execution
) {
1830 /* registers are now invalid */
1831 register_cache_invalidate(arm
->core_cache
);
1832 target
->state
= TARGET_RUNNING
;
1833 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1834 if (retval
!= ERROR_OK
)
1837 target
->state
= TARGET_DEBUG_RUNNING
;
1838 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1839 if (retval
!= ERROR_OK
)
1843 LOG_DEBUG("target resumed");
1848 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1850 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1851 struct arm
*arm
= &arm7_9
->arm
;
1852 uint32_t current_pc
;
1853 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1855 if (next_pc
!= current_pc
) {
1856 /* setup an inverse breakpoint on the current PC
1857 * - comparator 1 matches the current address
1858 * - rangeout from comparator 1 is connected to comparator 0 rangein
1859 * - comparator 0 matches any address, as long as rangein is low */
1860 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1861 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1862 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1863 EICE_W_CTRL_ENABLE
);
1864 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1865 ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_NOPC
) & 0xff);
1866 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
1868 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1869 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1870 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1871 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1872 ~EICE_W_CTRL_NOPC
& 0xff);
1874 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1875 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1876 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1877 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1878 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1879 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1880 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1881 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
1882 EICE_W_CTRL_ENABLE
);
1883 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1884 ~EICE_W_CTRL_NOPC
& 0xff);
1888 void arm7_9_disable_eice_step(struct target
*target
)
1890 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1892 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1893 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1894 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1895 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1896 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1897 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1898 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1899 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1900 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1903 int arm7_9_step(struct target
*target
, int current
, target_addr_t address
, int handle_breakpoints
)
1905 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1906 struct arm
*arm
= &arm7_9
->arm
;
1907 struct breakpoint
*breakpoint
= NULL
;
1910 if (target
->state
!= TARGET_HALTED
) {
1911 LOG_TARGET_ERROR(target
, "not halted");
1912 return ERROR_TARGET_NOT_HALTED
;
1915 /* current = 1: continue on current pc, otherwise continue at <address> */
1917 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1919 uint32_t current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1921 /* the front-end may request us not to handle breakpoints */
1922 if (handle_breakpoints
)
1923 breakpoint
= breakpoint_find(target
, current_pc
);
1925 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1926 if (retval
!= ERROR_OK
)
1930 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1932 /* calculate PC of next instruction */
1934 retval
= arm_simulate_step(target
, &next_pc
);
1935 if (retval
!= ERROR_OK
) {
1936 uint32_t current_opcode
;
1937 target_read_u32(target
, current_pc
, ¤t_opcode
);
1939 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1944 retval
= arm7_9_restore_context(target
);
1945 if (retval
!= ERROR_OK
)
1948 arm7_9
->enable_single_step(target
, next_pc
);
1950 if (arm
->core_state
== ARM_STATE_ARM
)
1951 arm7_9
->branch_resume(target
);
1952 else if (arm
->core_state
== ARM_STATE_THUMB
)
1953 arm7_9
->branch_resume_thumb(target
);
1955 LOG_ERROR("unhandled core state");
1959 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1960 if (retval
!= ERROR_OK
)
1963 err
= arm7_9_execute_sys_speed(target
);
1964 arm7_9
->disable_single_step(target
);
1966 /* registers are now invalid */
1967 register_cache_invalidate(arm
->core_cache
);
1969 if (err
!= ERROR_OK
)
1970 target
->state
= TARGET_UNKNOWN
;
1972 retval
= arm7_9_debug_entry(target
);
1973 if (retval
!= ERROR_OK
)
1975 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1976 if (retval
!= ERROR_OK
)
1978 LOG_DEBUG("target stepped");
1982 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1983 if (retval
!= ERROR_OK
)
1990 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
1991 int num
, enum arm_mode mode
)
1993 uint32_t *reg_p
[16];
1995 struct arm_reg
*areg
= r
->arch_info
;
1996 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1997 struct arm
*arm
= &arm7_9
->arm
;
1999 if (!is_arm_mode(arm
->core_mode
))
2001 if ((num
< 0) || (num
> 16))
2002 return ERROR_COMMAND_SYNTAX_ERROR
;
2004 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2005 && (areg
->mode
!= ARM_MODE_ANY
)) {
2008 /* change processor mode (mask T bit) */
2009 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2012 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2016 if ((num
>= 0) && (num
<= 15)) {
2017 /* read a normal core register */
2018 reg_p
[num
] = &value
;
2020 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2022 /* read a program status register
2023 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2025 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2028 retval
= jtag_execute_queue();
2029 if (retval
!= ERROR_OK
)
2034 buf_set_u32(r
->value
, 0, 32, value
);
2036 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2037 && (areg
->mode
!= ARM_MODE_ANY
)) {
2038 /* restore processor mode (mask T bit) */
2039 arm7_9
->write_xpsr_im8(target
,
2040 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2046 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2047 int num
, enum arm_mode mode
, uint8_t *value
)
2050 struct arm_reg
*areg
= r
->arch_info
;
2051 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2052 struct arm
*arm
= &arm7_9
->arm
;
2054 if (!is_arm_mode(arm
->core_mode
))
2056 if ((num
< 0) || (num
> 16))
2057 return ERROR_COMMAND_SYNTAX_ERROR
;
2059 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2060 && (areg
->mode
!= ARM_MODE_ANY
)) {
2063 /* change processor mode (mask T bit) */
2064 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2067 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2070 if ((num
>= 0) && (num
<= 15)) {
2071 /* write a normal core register */
2072 reg
[num
] = buf_get_u32(value
, 0, 32);
2074 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2076 /* write a program status register
2077 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2079 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2081 uint32_t t
= buf_get_u32(value
, 0, 32);
2082 /* if we're writing the CPSR, mask the T bit */
2086 arm7_9
->write_xpsr(target
, t
, spsr
);
2092 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2093 && (areg
->mode
!= ARM_MODE_ANY
)) {
2094 /* restore processor mode (mask T bit) */
2095 arm7_9
->write_xpsr_im8(target
,
2096 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2099 return jtag_execute_queue();
2102 int arm7_9_read_memory(struct target
*target
,
2103 target_addr_t address
,
2108 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2109 struct arm
*arm
= &arm7_9
->arm
;
2111 uint32_t num_accesses
= 0;
2112 int thisrun_accesses
;
2118 LOG_DEBUG("address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"",
2119 address
, size
, count
);
2121 if (target
->state
!= TARGET_HALTED
) {
2122 LOG_TARGET_ERROR(target
, "not halted");
2123 return ERROR_TARGET_NOT_HALTED
;
2126 /* sanitize arguments */
2127 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2128 return ERROR_COMMAND_SYNTAX_ERROR
;
2130 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2131 return ERROR_TARGET_UNALIGNED_ACCESS
;
2133 /* load the base register with the address of the first word */
2135 arm7_9
->write_core_regs(target
, 0x1, reg
);
2141 while (num_accesses
< count
) {
2144 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2145 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2147 if (last_reg
<= thisrun_accesses
)
2148 last_reg
= thisrun_accesses
;
2150 arm7_9
->load_word_regs(target
, reg_list
);
2152 /* fast memory reads are only safe when the target is running
2153 * from a sufficiently high clock (32 kHz is usually too slow)
2155 if (arm7_9
->fast_memory_access
)
2156 retval
= arm7_9_execute_fast_sys_speed(target
);
2158 retval
= arm7_9_execute_sys_speed(target
);
2159 if (retval
!= ERROR_OK
)
2162 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2164 /* advance buffer, count number of accesses */
2165 buffer
+= thisrun_accesses
* 4;
2166 num_accesses
+= thisrun_accesses
;
2168 if ((j
++%1024) == 0)
2173 while (num_accesses
< count
) {
2176 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2177 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2179 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2182 arm7_9
->load_hword_reg(target
, i
);
2183 /* fast memory reads are only safe when the target is running
2184 * from a sufficiently high clock (32 kHz is usually too slow)
2186 if (arm7_9
->fast_memory_access
)
2187 retval
= arm7_9_execute_fast_sys_speed(target
);
2189 retval
= arm7_9_execute_sys_speed(target
);
2190 if (retval
!= ERROR_OK
)
2195 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2197 /* advance buffer, count number of accesses */
2198 buffer
+= thisrun_accesses
* 2;
2199 num_accesses
+= thisrun_accesses
;
2201 if ((j
++%1024) == 0)
2206 while (num_accesses
< count
) {
2209 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2210 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2212 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2215 arm7_9
->load_byte_reg(target
, i
);
2216 /* fast memory reads are only safe when the target is running
2217 * from a sufficiently high clock (32 kHz is usually too slow)
2219 if (arm7_9
->fast_memory_access
)
2220 retval
= arm7_9_execute_fast_sys_speed(target
);
2222 retval
= arm7_9_execute_sys_speed(target
);
2223 if (retval
!= ERROR_OK
)
2227 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2229 /* advance buffer, count number of accesses */
2230 buffer
+= thisrun_accesses
* 1;
2231 num_accesses
+= thisrun_accesses
;
2233 if ((j
++%1024) == 0)
2239 if (!is_arm_mode(arm
->core_mode
))
2242 for (i
= 0; i
<= last_reg
; i
++) {
2243 struct reg
*r
= arm_reg_current(arm
, i
);
2244 r
->dirty
= r
->valid
;
2247 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2248 retval
= jtag_execute_queue();
2249 if (retval
!= ERROR_OK
) {
2250 LOG_ERROR("JTAG error while reading cpsr");
2251 return ERROR_TARGET_DATA_ABORT
;
2254 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2256 "memory read caused data abort "
2257 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2262 arm7_9
->write_xpsr_im8(target
,
2263 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2266 return ERROR_TARGET_DATA_ABORT
;
2272 int arm7_9_write_memory(struct target
*target
,
2273 target_addr_t address
,
2276 const uint8_t *buffer
)
2278 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2279 struct arm
*arm
= &arm7_9
->arm
;
2280 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2283 uint32_t num_accesses
= 0;
2284 int thisrun_accesses
;
2290 #ifdef _DEBUG_ARM7_9_
2291 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2294 if (target
->state
!= TARGET_HALTED
) {
2295 LOG_TARGET_ERROR(target
, "not halted");
2296 return ERROR_TARGET_NOT_HALTED
;
2299 /* sanitize arguments */
2300 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2301 return ERROR_COMMAND_SYNTAX_ERROR
;
2303 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2304 return ERROR_TARGET_UNALIGNED_ACCESS
;
2306 /* load the base register with the address of the first word */
2308 arm7_9
->write_core_regs(target
, 0x1, reg
);
2310 /* Clear DBGACK, to make sure memory fetches work as expected */
2311 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2312 embeddedice_store_reg(dbg_ctrl
);
2316 while (num_accesses
< count
) {
2319 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2320 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2322 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2325 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2329 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2331 arm7_9
->store_word_regs(target
, reg_list
);
2333 /* fast memory writes are only safe when the target is running
2334 * from a sufficiently high clock (32 kHz is usually too slow)
2336 if (arm7_9
->fast_memory_access
)
2337 retval
= arm7_9_execute_fast_sys_speed(target
);
2339 retval
= arm7_9_execute_sys_speed(target
);
2342 * if memory writes are made when the clock is running slow
2343 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2344 * processor operations after a "reset halt" or "reset init",
2345 * need to immediately stroke the keep alive or will end up with
2346 * gdb "keep alive not sent error message" problem.
2352 if (retval
!= ERROR_OK
)
2355 num_accesses
+= thisrun_accesses
;
2359 while (num_accesses
< count
) {
2362 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2363 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2365 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2368 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2372 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2374 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2375 arm7_9
->store_hword_reg(target
, i
);
2377 /* fast memory writes are only safe when the target is running
2378 * from a sufficiently high clock (32 kHz is usually too slow)
2380 if (arm7_9
->fast_memory_access
)
2381 retval
= arm7_9_execute_fast_sys_speed(target
);
2383 retval
= arm7_9_execute_sys_speed(target
);
2386 * if memory writes are made when the clock is running slow
2387 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2388 * processor operations after a "reset halt" or "reset init",
2389 * need to immediately stroke the keep alive or will end up with
2390 * gdb "keep alive not sent error message" problem.
2396 if (retval
!= ERROR_OK
)
2400 num_accesses
+= thisrun_accesses
;
2404 while (num_accesses
< count
) {
2407 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2408 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2410 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2413 reg
[i
] = *buffer
++ & 0xff;
2416 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2418 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2419 arm7_9
->store_byte_reg(target
, i
);
2420 /* fast memory writes are only safe when the target is running
2421 * from a sufficiently high clock (32 kHz is usually too slow)
2423 if (arm7_9
->fast_memory_access
)
2424 retval
= arm7_9_execute_fast_sys_speed(target
);
2426 retval
= arm7_9_execute_sys_speed(target
);
2429 * if memory writes are made when the clock is running slow
2430 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2431 * processor operations after a "reset halt" or "reset init",
2432 * need to immediately stroke the keep alive or will end up with
2433 * gdb "keep alive not sent error message" problem.
2439 if (retval
!= ERROR_OK
)
2444 num_accesses
+= thisrun_accesses
;
2450 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2451 embeddedice_store_reg(dbg_ctrl
);
2453 if (!is_arm_mode(arm
->core_mode
))
2456 for (i
= 0; i
<= last_reg
; i
++) {
2457 struct reg
*r
= arm_reg_current(arm
, i
);
2458 r
->dirty
= r
->valid
;
2461 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2462 retval
= jtag_execute_queue();
2463 if (retval
!= ERROR_OK
) {
2464 LOG_ERROR("JTAG error while reading cpsr");
2465 return ERROR_TARGET_DATA_ABORT
;
2468 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2470 "memory write caused data abort "
2471 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2476 arm7_9
->write_xpsr_im8(target
,
2477 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2480 return ERROR_TARGET_DATA_ABORT
;
2486 int arm7_9_write_memory_opt(struct target
*target
,
2487 target_addr_t address
,
2490 const uint8_t *buffer
)
2492 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2495 if (size
== 4 && count
> 32 && arm7_9
->bulk_write_memory
) {
2496 /* Attempt to do a bulk write */
2497 retval
= arm7_9
->bulk_write_memory(target
, address
, count
, buffer
);
2499 if (retval
== ERROR_OK
)
2503 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2506 int arm7_9_write_memory_no_opt(struct target
*target
,
2510 const uint8_t *buffer
)
2512 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2514 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2517 static int dcc_count
;
2518 static const uint8_t *dcc_buffer
;
2520 static int arm7_9_dcc_completion(struct target
*target
,
2521 uint32_t exit_point
,
2522 unsigned int timeout_ms
,
2525 int retval
= ERROR_OK
;
2526 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2528 retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500);
2529 if (retval
!= ERROR_OK
)
2532 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2533 int count
= dcc_count
;
2534 const uint8_t *buffer
= dcc_buffer
;
2536 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2537 * core function repeated. */
2538 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2539 fast_target_buffer_get_u32(buffer
, little
));
2542 struct embeddedice_reg
*ice_reg
=
2543 arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2544 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2545 struct jtag_tap
*tap
;
2546 tap
= ice_reg
->jtag_info
->tap
;
2548 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2549 buffer
+= (count
-2)*4;
2551 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2552 fast_target_buffer_get_u32(buffer
, little
));
2555 for (i
= 0; i
< count
; i
++) {
2556 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2557 fast_target_buffer_get_u32(buffer
, little
));
2562 retval
= target_halt(target
);
2563 if (retval
!= ERROR_OK
)
2565 return target_wait_state(target
, TARGET_HALTED
, 500);
2568 static const uint32_t dcc_code
[] = {
2569 /* r0 == input, points to memory buffer
2573 /* spin until DCC control (c0) reports data arrived */
2574 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2575 0xe3110001, /* tst r1, #1 */
2576 0x0afffffc, /* bne w */
2578 /* read word from DCC (c1), write to memory */
2579 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2580 0xe4801004, /* str r1, [r0], #4 */
2583 0xeafffff9 /* b w */
2586 int arm7_9_bulk_write_memory(struct target
*target
,
2587 target_addr_t address
,
2589 const uint8_t *buffer
)
2592 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2594 if (address
% 4 != 0)
2595 return ERROR_TARGET_UNALIGNED_ACCESS
;
2597 if (!arm7_9
->dcc_downloads
)
2598 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2600 /* regrab previously allocated working_area, or allocate a new one */
2601 if (!arm7_9
->dcc_working_area
) {
2602 uint8_t dcc_code_buf
[6 * 4];
2604 /* make sure we have a working area */
2605 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
) {
2606 LOG_INFO("no working area available, falling back to memory writes");
2607 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2610 /* copy target instructions to target endianness */
2611 target_buffer_set_u32_array(target
, dcc_code_buf
, ARRAY_SIZE(dcc_code
), dcc_code
);
2613 /* write DCC code to working area, using the non-optimized
2614 * memory write to avoid ending up here again */
2615 retval
= arm7_9_write_memory_no_opt(target
,
2616 arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
);
2617 if (retval
!= ERROR_OK
)
2621 struct arm_algorithm arm_algo
;
2622 struct reg_param reg_params
[1];
2624 arm_algo
.common_magic
= ARM_COMMON_MAGIC
;
2625 arm_algo
.core_mode
= ARM_MODE_SVC
;
2626 arm_algo
.core_state
= ARM_STATE_ARM
;
2628 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2630 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2633 dcc_buffer
= buffer
;
2634 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2635 arm7_9
->dcc_working_area
->address
,
2636 arm7_9
->dcc_working_area
->address
+ 6*4,
2637 20*1000, &arm_algo
, arm7_9_dcc_completion
);
2639 if (retval
== ERROR_OK
) {
2640 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2641 if (endaddress
!= (address
+ count
*4)) {
2643 "DCC write failed, expected end address 0x%08" TARGET_PRIxADDR
" got 0x%0" PRIx32
"",
2644 (address
+ count
*4),
2646 retval
= ERROR_FAIL
;
2650 destroy_reg_param(®_params
[0]);
2656 * Perform per-target setup that requires JTAG access.
2658 int arm7_9_examine(struct target
*target
)
2660 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2663 if (!target_was_examined(target
)) {
2664 struct reg_cache
*t
, **cache_p
;
2666 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2670 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2672 arm7_9
->eice_cache
= (*cache_p
);
2674 if (arm7_9
->arm
.etm
)
2675 (*cache_p
)->next
= etm_build_reg_cache(target
,
2679 target_set_examined(target
);
2682 retval
= embeddedice_setup(target
);
2683 if (retval
== ERROR_OK
)
2684 retval
= arm7_9_setup(target
);
2685 if (retval
== ERROR_OK
&& arm7_9
->arm
.etm
)
2686 retval
= etm_setup(target
);
2690 void arm7_9_deinit(struct target
*target
)
2692 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2694 if (target_was_examined(target
))
2695 embeddedice_free_reg_cache(arm7_9
->eice_cache
);
2697 arm_jtag_close_connection(&arm7_9
->jtag_info
);
2700 int arm7_9_check_reset(struct target
*target
)
2702 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2704 if (get_target_reset_nag() && !arm7_9
->dcc_downloads
)
2706 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2708 if (get_target_reset_nag() && (target
->working_area_size
== 0))
2709 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2711 if (get_target_reset_nag() && !arm7_9
->fast_memory_access
)
2713 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2718 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in
,
2719 jtag_callback_data_t i_size
, jtag_callback_data_t i_be
,
2720 jtag_callback_data_t i_flip
)
2722 uint8_t *in
= (uint8_t *)pu8_in
;
2723 int size
= (int)i_size
;
2725 int flip
= (int)i_flip
;
2730 readback
= le_to_h_u32(in
);
2732 readback
= flip_u32(readback
, 32);
2734 h_u32_to_be(in
, readback
);
2736 h_u32_to_le(in
, readback
);
2739 readback
= le_to_h_u16(in
);
2741 readback
= flip_u32(readback
, 16);
2743 h_u16_to_be(in
, readback
& 0xffff);
2745 h_u16_to_le(in
, readback
& 0xffff);
2750 readback
= flip_u32(readback
, 8);
2751 *in
= readback
& 0xff;
2758 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2760 struct target
*target
= get_current_target(CMD_CTX
);
2761 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2763 if (!is_arm7_9(arm7_9
)) {
2764 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2765 return ERROR_TARGET_INVALID
;
2769 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->use_dbgrq
);
2772 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2773 (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2778 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2780 struct target
*target
= get_current_target(CMD_CTX
);
2781 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2783 if (!is_arm7_9(arm7_9
)) {
2784 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2785 return ERROR_TARGET_INVALID
;
2789 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2792 "fast memory access is %s",
2793 (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2798 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2800 struct target
*target
= get_current_target(CMD_CTX
);
2801 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2803 if (!is_arm7_9(arm7_9
)) {
2804 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2805 return ERROR_TARGET_INVALID
;
2809 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2812 "dcc downloads are %s",
2813 (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2818 static int arm7_9_setup_semihosting(struct target
*target
, int enable
)
2820 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2822 if (!is_arm7_9(arm7_9
)) {
2823 LOG_USER("current target isn't an ARM7/ARM9 target");
2824 return ERROR_TARGET_INVALID
;
2827 if (arm7_9
->has_vector_catch
) {
2828 struct reg
*vector_catch
= &arm7_9
->eice_cache
2829 ->reg_list
[EICE_VEC_CATCH
];
2831 if (!vector_catch
->valid
)
2832 embeddedice_read_reg(vector_catch
);
2833 buf_set_u32(vector_catch
->value
, 2, 1, enable
);
2834 embeddedice_store_reg(vector_catch
);
2836 /* TODO: allow optional high vectors and/or BKPT_HARD */
2838 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2840 breakpoint_remove(target
, 8);
2846 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2848 int retval
= ERROR_OK
;
2849 struct arm
*arm
= &arm7_9
->arm
;
2851 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2853 retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
);
2854 if (retval
!= ERROR_OK
)
2857 /* caller must have allocated via calloc(), so everything's zeroed */
2859 arm7_9
->wp_available_max
= 2;
2861 arm7_9
->fast_memory_access
= false;
2862 arm7_9
->dcc_downloads
= false;
2864 arm
->arch_info
= arm7_9
;
2865 arm
->core_type
= ARM_CORE_TYPE_STD
;
2866 arm
->read_core_reg
= arm7_9_read_core_reg
;
2867 arm
->write_core_reg
= arm7_9_write_core_reg
;
2868 arm
->full_context
= arm7_9_full_context
;
2869 arm
->setup_semihosting
= arm7_9_setup_semihosting
;
2871 retval
= arm_init_arch_info(target
, arm
);
2872 if (retval
!= ERROR_OK
)
2875 return target_register_timer_callback(arm7_9_handle_target_request
,
2876 1, TARGET_TIMER_TYPE_PERIODIC
, target
);
2879 static const struct command_registration arm7_9_any_command_handlers
[] = {
2882 .handler
= handle_arm7_9_dbgrq_command
,
2883 .mode
= COMMAND_ANY
,
2884 .usage
= "['enable'|'disable']",
2885 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2886 "for target halt requests",
2889 .name
= "fast_memory_access",
2890 .handler
= handle_arm7_9_fast_memory_access_command
,
2891 .mode
= COMMAND_ANY
,
2892 .usage
= "['enable'|'disable']",
2893 .help
= "use fast memory accesses instead of slower "
2894 "but potentially safer accesses",
2897 .name
= "dcc_downloads",
2898 .handler
= handle_arm7_9_dcc_downloads_command
,
2899 .mode
= COMMAND_ANY
,
2900 .usage
= "['enable'|'disable']",
2901 .help
= "use DCC downloads for larger memory writes",
2903 COMMAND_REGISTRATION_DONE
2905 const struct command_registration arm7_9_command_handlers
[] = {
2907 .chain
= arm_command_handlers
,
2910 .chain
= etm_command_handlers
,
2914 .mode
= COMMAND_ANY
,
2915 .help
= "arm7/9 specific commands",
2917 .chain
= arm7_9_any_command_handlers
,
2919 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)