Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM: other code uses the new inheritance/nesting scheme
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoint_count = 0;
65 arm7_9->sw_breakpoints_added = 0;
66 arm7_9->wp0_used = 0;
67 arm7_9->wp1_used = arm7_9->wp1_used_default;
68 arm7_9->wp_available = arm7_9->wp_available_max;
69
70 return jtag_execute_queue();
71 }
72
73 /**
74 * Assign a watchpoint to one of the two available hardware comparators in an
75 * ARM7 or ARM9 target.
76 *
77 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
78 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
79 */
80 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
81 {
82 if (!arm7_9->wp0_used)
83 {
84 arm7_9->wp0_used = 1;
85 breakpoint->set = 1;
86 arm7_9->wp_available--;
87 }
88 else if (!arm7_9->wp1_used)
89 {
90 arm7_9->wp1_used = 1;
91 breakpoint->set = 2;
92 arm7_9->wp_available--;
93 }
94 else
95 {
96 LOG_ERROR("BUG: no hardware comparator available");
97 }
98 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
99 breakpoint->unique_id,
100 breakpoint->address,
101 breakpoint->set );
102 }
103
104 /**
105 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
106 *
107 * @param arm7_9 Pointer to common struct for ARM7/9 targets
108 * @return Error codes if there is a problem finding a watchpoint or the result
109 * of executing the JTAG queue
110 */
111 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
112 {
113 if (arm7_9->sw_breakpoints_added)
114 {
115 return ERROR_OK;
116 }
117 if (arm7_9->wp_available < 1)
118 {
119 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
120 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
121 }
122 arm7_9->wp_available--;
123
124 /* pick a breakpoint unit */
125 if (!arm7_9->wp0_used)
126 {
127 arm7_9->sw_breakpoints_added = 1;
128 arm7_9->wp0_used = 3;
129 } else if (!arm7_9->wp1_used)
130 {
131 arm7_9->sw_breakpoints_added = 2;
132 arm7_9->wp1_used = 3;
133 }
134 else
135 {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1)
141 {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 }
148 else if (arm7_9->sw_breakpoints_added == 2)
149 {
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
155 }
156 else
157 {
158 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
159 return ERROR_FAIL;
160 }
161 LOG_DEBUG("SW BP using hw wp: %d",
162 arm7_9->sw_breakpoints_added );
163
164 return jtag_execute_queue();
165 }
166
167 /**
168 * Setup the common pieces for an ARM7/9 target after reset or on startup.
169 *
170 * @param target Pointer to an ARM7/9 target to setup
171 * @return Result of clearing the watchpoints on the target
172 */
173 int arm7_9_setup(target_t *target)
174 {
175 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
176
177 return arm7_9_clear_watchpoints(arm7_9);
178 }
179
180 /**
181 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
182 * targets. A return of ERROR_OK signifies that the target is a valid target
183 * and that the pointers have been set properly.
184 *
185 * @param target Pointer to the target device to get the pointers from
186 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
187 * targets
188 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
189 * targets
190 * @return ERROR_OK if successful
191 */
192 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
193 {
194 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
195 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
196
197 /* FIXME stop using this routine; just target_to_arm7_9() and
198 * verify the resulting pointer using a replacement routine
199 * that emits a usage message.
200 */
201 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
202 return ERROR_TARGET_INVALID;
203
204 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
205 return ERROR_TARGET_INVALID;
206
207 *armv4_5_p = armv4_5;
208 *arm7_9_p = arm7_9;
209
210 return ERROR_OK;
211 }
212
213 /**
214 * Set either a hardware or software breakpoint on an ARM7/9 target. The
215 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
216 * might have erased the values in Embedded ICE.
217 *
218 * @param target Pointer to the target device to set the breakpoints on
219 * @param breakpoint Pointer to the breakpoint to be set
220 * @return For hardware breakpoints, this is the result of executing the JTAG
221 * queue. For software breakpoints, this will be the status of the
222 * required memory reads and writes
223 */
224 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
225 {
226 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
227 int retval = ERROR_OK;
228
229 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
230 breakpoint->unique_id,
231 breakpoint->address,
232 breakpoint->type);
233
234 if (target->state != TARGET_HALTED)
235 {
236 LOG_WARNING("target not halted");
237 return ERROR_TARGET_NOT_HALTED;
238 }
239
240 if (breakpoint->type == BKPT_HARD)
241 {
242 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
243 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
244
245 /* reassign a hw breakpoint */
246 if (breakpoint->set == 0)
247 {
248 arm7_9_assign_wp(arm7_9, breakpoint);
249 }
250
251 if (breakpoint->set == 1)
252 {
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
258 }
259 else if (breakpoint->set == 2)
260 {
261 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
266 }
267 else
268 {
269 LOG_ERROR("BUG: no hardware comparator available");
270 return ERROR_OK;
271 }
272
273 retval = jtag_execute_queue();
274 }
275 else if (breakpoint->type == BKPT_SOFT)
276 {
277 /* did we already set this breakpoint? */
278 if (breakpoint->set)
279 return ERROR_OK;
280
281 if (breakpoint->length == 4)
282 {
283 uint32_t verify = 0xffffffff;
284 /* keep the original instruction in target endianness */
285 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
286 {
287 return retval;
288 }
289 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
290 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
291 {
292 return retval;
293 }
294
295 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
296 {
297 return retval;
298 }
299 if (verify != arm7_9->arm_bkpt)
300 {
301 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
302 return ERROR_OK;
303 }
304 }
305 else
306 {
307 uint16_t verify = 0xffff;
308 /* keep the original instruction in target endianness */
309 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
310 {
311 return retval;
312 }
313 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
314 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
315 {
316 return retval;
317 }
318
319 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
320 {
321 return retval;
322 }
323 if (verify != arm7_9->thumb_bkpt)
324 {
325 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
326 return ERROR_OK;
327 }
328 }
329
330 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
331 return retval;
332
333 arm7_9->sw_breakpoint_count++;
334
335 breakpoint->set = 1;
336 }
337
338 return retval;
339 }
340
341 /**
342 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
343 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
344 * will be updated. Otherwise, the software breakpoint will be restored to its
345 * original instruction if it hasn't already been modified.
346 *
347 * @param target Pointer to ARM7/9 target to unset the breakpoint from
348 * @param breakpoint Pointer to breakpoint to be unset
349 * @return For hardware breakpoints, this is the result of executing the JTAG
350 * queue. For software breakpoints, this will be the status of the
351 * required memory reads and writes
352 */
353 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
354 {
355 int retval = ERROR_OK;
356 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
357
358 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
359 breakpoint->unique_id,
360 breakpoint->address );
361
362 if (!breakpoint->set)
363 {
364 LOG_WARNING("breakpoint not set");
365 return ERROR_OK;
366 }
367
368 if (breakpoint->type == BKPT_HARD)
369 {
370 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
371 breakpoint->unique_id,
372 breakpoint->set );
373 if (breakpoint->set == 1)
374 {
375 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
376 arm7_9->wp0_used = 0;
377 arm7_9->wp_available++;
378 }
379 else if (breakpoint->set == 2)
380 {
381 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
382 arm7_9->wp1_used = 0;
383 arm7_9->wp_available++;
384 }
385 retval = jtag_execute_queue();
386 breakpoint->set = 0;
387 }
388 else
389 {
390 /* restore original instruction (kept in target endianness) */
391 if (breakpoint->length == 4)
392 {
393 uint32_t current_instr;
394 /* check that user program as not modified breakpoint instruction */
395 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
396 {
397 return retval;
398 }
399 if (current_instr == arm7_9->arm_bkpt)
400 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
401 {
402 return retval;
403 }
404 }
405 else
406 {
407 uint16_t current_instr;
408 /* check that user program as not modified breakpoint instruction */
409 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
410 {
411 return retval;
412 }
413 if (current_instr == arm7_9->thumb_bkpt)
414 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
415 {
416 return retval;
417 }
418 }
419
420 if (--arm7_9->sw_breakpoint_count==0)
421 {
422 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
423 if (arm7_9->sw_breakpoints_added == 1)
424 {
425 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
426 }
427 else if (arm7_9->sw_breakpoints_added == 2)
428 {
429 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
430 }
431 }
432
433 breakpoint->set = 0;
434 }
435
436 return retval;
437 }
438
439 /**
440 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
441 * dangling breakpoints and that the desired breakpoint can be added.
442 *
443 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
444 * @param breakpoint Pointer to the breakpoint to be added
445 * @return An error status if there is a problem adding the breakpoint or the
446 * result of setting the breakpoint
447 */
448 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
449 {
450 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
451
452 if (target->state != TARGET_HALTED)
453 {
454 LOG_WARNING("target not halted");
455 return ERROR_TARGET_NOT_HALTED;
456 }
457
458 if (arm7_9->breakpoint_count == 0)
459 {
460 /* make sure we don't have any dangling breakpoints. This is vital upon
461 * GDB connect/disconnect
462 */
463 arm7_9_clear_watchpoints(arm7_9);
464 }
465
466 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
467 {
468 LOG_INFO("no watchpoint unit available for hardware breakpoint");
469 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
470 }
471
472 if ((breakpoint->length != 2) && (breakpoint->length != 4))
473 {
474 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
475 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
476 }
477
478 if (breakpoint->type == BKPT_HARD)
479 {
480 arm7_9_assign_wp(arm7_9, breakpoint);
481 }
482
483 arm7_9->breakpoint_count++;
484
485 return arm7_9_set_breakpoint(target, breakpoint);
486 }
487
488 /**
489 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
490 * dangling breakpoints and updates available watchpoints if it is a hardware
491 * breakpoint.
492 *
493 * @param target Pointer to the target to have a breakpoint removed
494 * @param breakpoint Pointer to the breakpoint to be removed
495 * @return Error status if there was a problem unsetting the breakpoint or the
496 * watchpoints could not be cleared
497 */
498 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
499 {
500 int retval = ERROR_OK;
501 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
502
503 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
504 {
505 return retval;
506 }
507
508 if (breakpoint->type == BKPT_HARD)
509 arm7_9->wp_available++;
510
511 arm7_9->breakpoint_count--;
512 if (arm7_9->breakpoint_count == 0)
513 {
514 /* make sure we don't have any dangling breakpoints */
515 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
516 {
517 return retval;
518 }
519 }
520
521 return ERROR_OK;
522 }
523
524 /**
525 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
526 * considered a bug to call this function when there are no available watchpoint
527 * units.
528 *
529 * @param target Pointer to an ARM7/9 target to set a watchpoint on
530 * @param watchpoint Pointer to the watchpoint to be set
531 * @return Error status if watchpoint set fails or the result of executing the
532 * JTAG queue
533 */
534 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
535 {
536 int retval = ERROR_OK;
537 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
538 int rw_mask = 1;
539 uint32_t mask;
540
541 mask = watchpoint->length - 1;
542
543 if (target->state != TARGET_HALTED)
544 {
545 LOG_WARNING("target not halted");
546 return ERROR_TARGET_NOT_HALTED;
547 }
548
549 if (watchpoint->rw == WPT_ACCESS)
550 rw_mask = 0;
551 else
552 rw_mask = 1;
553
554 if (!arm7_9->wp0_used)
555 {
556 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
557 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
558 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
559 if (watchpoint->mask != 0xffffffffu)
560 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
561 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
563
564 if ((retval = jtag_execute_queue()) != ERROR_OK)
565 {
566 return retval;
567 }
568 watchpoint->set = 1;
569 arm7_9->wp0_used = 2;
570 }
571 else if (!arm7_9->wp1_used)
572 {
573 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
574 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
575 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
576 if (watchpoint->mask != 0xffffffffu)
577 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
578 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
579 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
580
581 if ((retval = jtag_execute_queue()) != ERROR_OK)
582 {
583 return retval;
584 }
585 watchpoint->set = 2;
586 arm7_9->wp1_used = 2;
587 }
588 else
589 {
590 LOG_ERROR("BUG: no hardware comparator available");
591 return ERROR_OK;
592 }
593
594 return ERROR_OK;
595 }
596
597 /**
598 * Unset an existing watchpoint and clear the used watchpoint unit.
599 *
600 * @param target Pointer to the target to have the watchpoint removed
601 * @param watchpoint Pointer to the watchpoint to be removed
602 * @return Error status while trying to unset the watchpoint or the result of
603 * executing the JTAG queue
604 */
605 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
606 {
607 int retval = ERROR_OK;
608 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
609
610 if (target->state != TARGET_HALTED)
611 {
612 LOG_WARNING("target not halted");
613 return ERROR_TARGET_NOT_HALTED;
614 }
615
616 if (!watchpoint->set)
617 {
618 LOG_WARNING("breakpoint not set");
619 return ERROR_OK;
620 }
621
622 if (watchpoint->set == 1)
623 {
624 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
625 if ((retval = jtag_execute_queue()) != ERROR_OK)
626 {
627 return retval;
628 }
629 arm7_9->wp0_used = 0;
630 }
631 else if (watchpoint->set == 2)
632 {
633 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
634 if ((retval = jtag_execute_queue()) != ERROR_OK)
635 {
636 return retval;
637 }
638 arm7_9->wp1_used = 0;
639 }
640 watchpoint->set = 0;
641
642 return ERROR_OK;
643 }
644
645 /**
646 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
647 * available, an error response is returned.
648 *
649 * @param target Pointer to the ARM7/9 target to add a watchpoint to
650 * @param watchpoint Pointer to the watchpoint to be added
651 * @return Error status while trying to add the watchpoint
652 */
653 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
654 {
655 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
656
657 if (target->state != TARGET_HALTED)
658 {
659 LOG_WARNING("target not halted");
660 return ERROR_TARGET_NOT_HALTED;
661 }
662
663 if (arm7_9->wp_available < 1)
664 {
665 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
666 }
667
668 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
669 {
670 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
671 }
672
673 arm7_9->wp_available--;
674
675 return ERROR_OK;
676 }
677
678 /**
679 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
680 * the used watchpoint unit will be reopened.
681 *
682 * @param target Pointer to the target to remove a watchpoint from
683 * @param watchpoint Pointer to the watchpoint to be removed
684 * @return Result of trying to unset the watchpoint
685 */
686 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
687 {
688 int retval = ERROR_OK;
689 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
690
691 if (watchpoint->set)
692 {
693 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
694 {
695 return retval;
696 }
697 }
698
699 arm7_9->wp_available++;
700
701 return ERROR_OK;
702 }
703
704 /**
705 * Restarts the target by sending a RESTART instruction and moving the JTAG
706 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
707 * asserted by the processor.
708 *
709 * @param target Pointer to target to issue commands to
710 * @return Error status if there is a timeout or a problem while executing the
711 * JTAG queue
712 */
713 int arm7_9_execute_sys_speed(struct target_s *target)
714 {
715 int retval;
716 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
717 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
718 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
719
720 /* set RESTART instruction */
721 jtag_set_end_state(TAP_IDLE);
722 if (arm7_9->need_bypass_before_restart) {
723 arm7_9->need_bypass_before_restart = 0;
724 arm_jtag_set_instr(jtag_info, 0xf, NULL);
725 }
726 arm_jtag_set_instr(jtag_info, 0x4, NULL);
727
728 long long then = timeval_ms();
729 int timeout;
730 while (!(timeout = ((timeval_ms()-then) > 1000)))
731 {
732 /* read debug status register */
733 embeddedice_read_reg(dbg_stat);
734 if ((retval = jtag_execute_queue()) != ERROR_OK)
735 return retval;
736 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
737 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
738 break;
739 if (debug_level >= 3)
740 {
741 alive_sleep(100);
742 } else
743 {
744 keep_alive();
745 }
746 }
747 if (timeout)
748 {
749 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
750 return ERROR_TARGET_TIMEOUT;
751 }
752
753 return ERROR_OK;
754 }
755
756 /**
757 * Restarts the target by sending a RESTART instruction and moving the JTAG
758 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
759 * waiting until they are.
760 *
761 * @param target Pointer to the target to issue commands to
762 * @return Always ERROR_OK
763 */
764 int arm7_9_execute_fast_sys_speed(struct target_s *target)
765 {
766 static int set = 0;
767 static uint8_t check_value[4], check_mask[4];
768
769 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
770 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
771 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
772
773 /* set RESTART instruction */
774 jtag_set_end_state(TAP_IDLE);
775 if (arm7_9->need_bypass_before_restart) {
776 arm7_9->need_bypass_before_restart = 0;
777 arm_jtag_set_instr(jtag_info, 0xf, NULL);
778 }
779 arm_jtag_set_instr(jtag_info, 0x4, NULL);
780
781 if (!set)
782 {
783 /* check for DBGACK and SYSCOMP set (others don't care) */
784
785 /* NB! These are constants that must be available until after next jtag_execute() and
786 * we evaluate the values upon first execution in lieu of setting up these constants
787 * during early setup.
788 * */
789 buf_set_u32(check_value, 0, 32, 0x9);
790 buf_set_u32(check_mask, 0, 32, 0x9);
791 set = 1;
792 }
793
794 /* read debug status register */
795 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
796
797 return ERROR_OK;
798 }
799
800 /**
801 * Get some data from the ARM7/9 target.
802 *
803 * @param target Pointer to the ARM7/9 target to read data from
804 * @param size The number of 32bit words to be read
805 * @param buffer Pointer to the buffer that will hold the data
806 * @return The result of receiving data from the Embedded ICE unit
807 */
808 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
809 {
810 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
811 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
812 uint32_t *data;
813 int retval = ERROR_OK;
814 uint32_t i;
815
816 data = malloc(size * (sizeof(uint32_t)));
817
818 retval = embeddedice_receive(jtag_info, data, size);
819
820 /* return the 32-bit ints in the 8-bit array */
821 for (i = 0; i < size; i++)
822 {
823 h_u32_to_le(buffer + (i * 4), data[i]);
824 }
825
826 free(data);
827
828 return retval;
829 }
830
831 /**
832 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
833 * target is running and the DCC control register has the W bit high, this will
834 * execute the request on the target.
835 *
836 * @param priv Void pointer expected to be a target_t pointer
837 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
838 * from the Embedded ICE unit
839 */
840 int arm7_9_handle_target_request(void *priv)
841 {
842 int retval = ERROR_OK;
843 target_t *target = priv;
844 if (!target_was_examined(target))
845 return ERROR_OK;
846 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
847 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
848 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
849
850 if (!target->dbg_msg_enabled)
851 return ERROR_OK;
852
853 if (target->state == TARGET_RUNNING)
854 {
855 /* read DCC control register */
856 embeddedice_read_reg(dcc_control);
857 if ((retval = jtag_execute_queue()) != ERROR_OK)
858 {
859 return retval;
860 }
861
862 /* check W bit */
863 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
864 {
865 uint32_t request;
866
867 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
868 {
869 return retval;
870 }
871 if ((retval = target_request(target, request)) != ERROR_OK)
872 {
873 return retval;
874 }
875 }
876 }
877
878 return ERROR_OK;
879 }
880
881 /**
882 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
883 * is manipulated to the right halted state based on its current state. This is
884 * what happens:
885 *
886 * <table>
887 * <tr><th > State</th><th > Action</th></tr>
888 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
889 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
890 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
891 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
892 * </table>
893 *
894 * If the target does not end up in the halted state, a warning is produced. If
895 * DBGACK is cleared, then the target is expected to either be running or
896 * running in debug.
897 *
898 * @param target Pointer to the ARM7/9 target to poll
899 * @return ERROR_OK or an error status if a command fails
900 */
901 int arm7_9_poll(target_t *target)
902 {
903 int retval;
904 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
905 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
906
907 /* read debug status register */
908 embeddedice_read_reg(dbg_stat);
909 if ((retval = jtag_execute_queue()) != ERROR_OK)
910 {
911 return retval;
912 }
913
914 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
915 {
916 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
917 if (target->state == TARGET_UNKNOWN)
918 {
919 /* Starting OpenOCD with target in debug-halt */
920 target->state = TARGET_RUNNING;
921 LOG_DEBUG("DBGACK already set during server startup.");
922 }
923 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
924 {
925 int check_pc = 0;
926 if (target->state == TARGET_RESET)
927 {
928 if (target->reset_halt)
929 {
930 enum reset_types jtag_reset_config = jtag_get_reset_config();
931 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
932 {
933 check_pc = 1;
934 }
935 }
936 }
937
938 target->state = TARGET_HALTED;
939
940 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
941 return retval;
942
943 if (check_pc)
944 {
945 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
946 uint32_t t=*((uint32_t *)reg->value);
947 if (t != 0)
948 {
949 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
950 }
951 }
952
953 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
954 {
955 return retval;
956 }
957 }
958 if (target->state == TARGET_DEBUG_RUNNING)
959 {
960 target->state = TARGET_HALTED;
961 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
962 return retval;
963
964 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
965 {
966 return retval;
967 }
968 }
969 if (target->state != TARGET_HALTED)
970 {
971 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
972 }
973 }
974 else
975 {
976 if (target->state != TARGET_DEBUG_RUNNING)
977 target->state = TARGET_RUNNING;
978 }
979
980 return ERROR_OK;
981 }
982
983 /**
984 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
985 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
986 * affected) completely stop the JTAG clock while the core is held in reset
987 * (SRST). It isn't possible to program the halt condition once reset is
988 * asserted, hence a hook that allows the target to set up its reset-halt
989 * condition is setup prior to asserting reset.
990 *
991 * @param target Pointer to an ARM7/9 target to assert reset on
992 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
993 */
994 int arm7_9_assert_reset(target_t *target)
995 {
996 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
997
998 LOG_DEBUG("target->state: %s",
999 target_state_name(target));
1000
1001 enum reset_types jtag_reset_config = jtag_get_reset_config();
1002 if (!(jtag_reset_config & RESET_HAS_SRST))
1003 {
1004 LOG_ERROR("Can't assert SRST");
1005 return ERROR_FAIL;
1006 }
1007
1008 /* At this point trst has been asserted/deasserted once. We would
1009 * like to program EmbeddedICE while SRST is asserted, instead of
1010 * depending on SRST to leave that module alone. However, many CPUs
1011 * gate the JTAG clock while SRST is asserted; or JTAG may need
1012 * clock stability guarantees (adaptive clocking might help).
1013 *
1014 * So we assume JTAG access during SRST is off the menu unless it's
1015 * been specifically enabled.
1016 */
1017 bool srst_asserted = false;
1018
1019 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
1020 && (jtag_reset_config & RESET_SRST_NO_GATING))
1021 {
1022 jtag_add_reset(0, 1);
1023 srst_asserted = true;
1024 }
1025
1026 if (target->reset_halt)
1027 {
1028 /*
1029 * Some targets do not support communication while SRST is asserted. We need to
1030 * set up the reset vector catch here.
1031 *
1032 * If TRST is asserted, then these settings will be reset anyway, so setting them
1033 * here is harmless.
1034 */
1035 if (arm7_9->has_vector_catch)
1036 {
1037 /* program vector catch register to catch reset vector */
1038 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1039
1040 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1041 jtag_add_runtest(1, jtag_get_end_state());
1042 }
1043 else
1044 {
1045 /* program watchpoint unit to match on reset vector address */
1046 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1047 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1048 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1049 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1050 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1051 }
1052 }
1053
1054 /* here we should issue an SRST only, but we may have to assert TRST as well */
1055 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1056 {
1057 jtag_add_reset(1, 1);
1058 } else if (!srst_asserted)
1059 {
1060 jtag_add_reset(0, 1);
1061 }
1062
1063 target->state = TARGET_RESET;
1064 jtag_add_sleep(50000);
1065
1066 armv4_5_invalidate_core_regs(target);
1067
1068 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1069 {
1070 /* debug entry was already prepared in arm7_9_assert_reset() */
1071 target->debug_reason = DBG_REASON_DBGRQ;
1072 }
1073
1074 return ERROR_OK;
1075 }
1076
1077 /**
1078 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1079 * and the target is being reset into a halt, a warning will be triggered
1080 * because it is not possible to reset into a halted mode in this case. The
1081 * target is halted using the target's functions.
1082 *
1083 * @param target Pointer to the target to have the reset deasserted
1084 * @return ERROR_OK or an error from polling or halting the target
1085 */
1086 int arm7_9_deassert_reset(target_t *target)
1087 {
1088 int retval = ERROR_OK;
1089 LOG_DEBUG("target->state: %s",
1090 target_state_name(target));
1091
1092 /* deassert reset lines */
1093 jtag_add_reset(0, 0);
1094
1095 enum reset_types jtag_reset_config = jtag_get_reset_config();
1096 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1097 {
1098 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1099 /* set up embedded ice registers again */
1100 if ((retval = target_examine_one(target)) != ERROR_OK)
1101 return retval;
1102
1103 if ((retval = target_poll(target)) != ERROR_OK)
1104 {
1105 return retval;
1106 }
1107
1108 if ((retval = target_halt(target)) != ERROR_OK)
1109 {
1110 return retval;
1111 }
1112
1113 }
1114 return retval;
1115 }
1116
1117 /**
1118 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1119 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1120 * vector catch was used, it is restored. Otherwise, the control value is
1121 * restored and the watchpoint unit is restored if it was in use.
1122 *
1123 * @param target Pointer to the ARM7/9 target to have halt cleared
1124 * @return Always ERROR_OK
1125 */
1126 int arm7_9_clear_halt(target_t *target)
1127 {
1128 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1129 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1130
1131 /* we used DBGRQ only if we didn't come out of reset */
1132 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1133 {
1134 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1135 */
1136 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1137 embeddedice_store_reg(dbg_ctrl);
1138 }
1139 else
1140 {
1141 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1142 {
1143 /* if we came out of reset, and vector catch is supported, we used
1144 * vector catch to enter debug state
1145 * restore the register in that case
1146 */
1147 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1148 }
1149 else
1150 {
1151 /* restore registers if watchpoint unit 0 was in use
1152 */
1153 if (arm7_9->wp0_used)
1154 {
1155 if (arm7_9->debug_entry_from_reset)
1156 {
1157 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1158 }
1159 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1160 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1161 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1162 }
1163 /* control value always has to be restored, as it was either disabled,
1164 * or enabled with possibly different bits
1165 */
1166 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1167 }
1168 }
1169
1170 return ERROR_OK;
1171 }
1172
1173 /**
1174 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1175 * and then there is a wait until the processor shows the halt. This wait can
1176 * timeout and results in an error being returned. The software reset involves
1177 * clearing the halt, updating the debug control register, changing to ARM mode,
1178 * reset of the program counter, and reset of all of the registers.
1179 *
1180 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1181 * @return Error status if any of the commands fail, otherwise ERROR_OK
1182 */
1183 int arm7_9_soft_reset_halt(struct target_s *target)
1184 {
1185 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1186 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1187 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1188 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1189 int i;
1190 int retval;
1191
1192 /* FIX!!! replace some of this code with tcl commands
1193 *
1194 * halt # the halt command is synchronous
1195 * armv4_5 core_state arm
1196 *
1197 */
1198
1199 if ((retval = target_halt(target)) != ERROR_OK)
1200 return retval;
1201
1202 long long then = timeval_ms();
1203 int timeout;
1204 while (!(timeout = ((timeval_ms()-then) > 1000)))
1205 {
1206 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1207 break;
1208 embeddedice_read_reg(dbg_stat);
1209 if ((retval = jtag_execute_queue()) != ERROR_OK)
1210 return retval;
1211 if (debug_level >= 3)
1212 {
1213 alive_sleep(100);
1214 } else
1215 {
1216 keep_alive();
1217 }
1218 }
1219 if (timeout)
1220 {
1221 LOG_ERROR("Failed to halt CPU after 1 sec");
1222 return ERROR_TARGET_TIMEOUT;
1223 }
1224 target->state = TARGET_HALTED;
1225
1226 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1227 * ensure that DBGRQ is cleared
1228 */
1229 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1230 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1231 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1232 embeddedice_store_reg(dbg_ctrl);
1233
1234 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1235 {
1236 return retval;
1237 }
1238
1239 /* if the target is in Thumb state, change to ARM state */
1240 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1241 {
1242 uint32_t r0_thumb, pc_thumb;
1243 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1244 /* Entered debug from Thumb mode */
1245 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1246 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1247 }
1248
1249 /* all register content is now invalid */
1250 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1251 {
1252 return retval;
1253 }
1254
1255 /* SVC, ARM state, IRQ and FIQ disabled */
1256 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1257 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1258 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1259
1260 /* start fetching from 0x0 */
1261 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1262 armv4_5->core_cache->reg_list[15].dirty = 1;
1263 armv4_5->core_cache->reg_list[15].valid = 1;
1264
1265 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1266 armv4_5->core_state = ARMV4_5_STATE_ARM;
1267
1268 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1269 return ERROR_FAIL;
1270
1271 /* reset registers */
1272 for (i = 0; i <= 14; i++)
1273 {
1274 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1275 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1276 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1277 }
1278
1279 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1280 {
1281 return retval;
1282 }
1283
1284 return ERROR_OK;
1285 }
1286
1287 /**
1288 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1289 * line or by programming a watchpoint to trigger on any address. It is
1290 * considered a bug to call this function while the target is in the
1291 * TARGET_RESET state.
1292 *
1293 * @param target Pointer to the ARM7/9 target to be halted
1294 * @return Always ERROR_OK
1295 */
1296 int arm7_9_halt(target_t *target)
1297 {
1298 if (target->state == TARGET_RESET)
1299 {
1300 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1301 return ERROR_OK;
1302 }
1303
1304 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1305 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1306
1307 LOG_DEBUG("target->state: %s",
1308 target_state_name(target));
1309
1310 if (target->state == TARGET_HALTED)
1311 {
1312 LOG_DEBUG("target was already halted");
1313 return ERROR_OK;
1314 }
1315
1316 if (target->state == TARGET_UNKNOWN)
1317 {
1318 LOG_WARNING("target was in unknown state when halt was requested");
1319 }
1320
1321 if (arm7_9->use_dbgrq)
1322 {
1323 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1324 */
1325 if (arm7_9->set_special_dbgrq) {
1326 arm7_9->set_special_dbgrq(target);
1327 } else {
1328 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1329 embeddedice_store_reg(dbg_ctrl);
1330 }
1331 }
1332 else
1333 {
1334 /* program watchpoint unit to match on any address
1335 */
1336 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1337 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1338 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1339 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1340 }
1341
1342 target->debug_reason = DBG_REASON_DBGRQ;
1343
1344 return ERROR_OK;
1345 }
1346
1347 /**
1348 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1349 * ARM. The JTAG queue is then executed and the reason for debug entry is
1350 * examined. Once done, the target is verified to be halted and the processor
1351 * is forced into ARM mode. The core registers are saved for the current core
1352 * mode and the program counter (register 15) is updated as needed. The core
1353 * registers and CPSR and SPSR are saved for restoration later.
1354 *
1355 * @param target Pointer to target that is entering debug mode
1356 * @return Error code if anything fails, otherwise ERROR_OK
1357 */
1358 int arm7_9_debug_entry(target_t *target)
1359 {
1360 int i;
1361 uint32_t context[16];
1362 uint32_t* context_p[16];
1363 uint32_t r0_thumb, pc_thumb;
1364 uint32_t cpsr;
1365 int retval;
1366 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1367 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1368 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1369 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1370
1371 #ifdef _DEBUG_ARM7_9_
1372 LOG_DEBUG("-");
1373 #endif
1374
1375 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1376 * ensure that DBGRQ is cleared
1377 */
1378 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1379 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1380 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1381 embeddedice_store_reg(dbg_ctrl);
1382
1383 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1384 {
1385 return retval;
1386 }
1387
1388 if ((retval = jtag_execute_queue()) != ERROR_OK)
1389 {
1390 return retval;
1391 }
1392
1393 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1394 return retval;
1395
1396
1397 if (target->state != TARGET_HALTED)
1398 {
1399 LOG_WARNING("target not halted");
1400 return ERROR_TARGET_NOT_HALTED;
1401 }
1402
1403 /* if the target is in Thumb state, change to ARM state */
1404 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1405 {
1406 LOG_DEBUG("target entered debug from Thumb state");
1407 /* Entered debug from Thumb mode */
1408 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1409 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1410 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1411 }
1412 else
1413 {
1414 LOG_DEBUG("target entered debug from ARM state");
1415 /* Entered debug from ARM mode */
1416 armv4_5->core_state = ARMV4_5_STATE_ARM;
1417 }
1418
1419 for (i = 0; i < 16; i++)
1420 context_p[i] = &context[i];
1421 /* save core registers (r0 - r15 of current core mode) */
1422 arm7_9->read_core_regs(target, 0xffff, context_p);
1423
1424 arm7_9->read_xpsr(target, &cpsr, 0);
1425
1426 if ((retval = jtag_execute_queue()) != ERROR_OK)
1427 return retval;
1428
1429 /* if the core has been executing in Thumb state, set the T bit */
1430 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1431 cpsr |= 0x20;
1432
1433 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1434 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1435 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1436
1437 armv4_5->core_mode = cpsr & 0x1f;
1438
1439 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1440 {
1441 target->state = TARGET_UNKNOWN;
1442 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1443 return ERROR_TARGET_FAILURE;
1444 }
1445
1446 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1447
1448 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1449 {
1450 LOG_DEBUG("thumb state, applying fixups");
1451 context[0] = r0_thumb;
1452 context[15] = pc_thumb;
1453 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1454 {
1455 /* adjust value stored by STM */
1456 context[15] -= 3 * 4;
1457 }
1458
1459 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1460 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1461 else
1462 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1463
1464 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1465 return ERROR_FAIL;
1466
1467 for (i = 0; i <= 15; i++)
1468 {
1469 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1470 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1471 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1472 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1473 }
1474
1475 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1476
1477 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1478 return ERROR_FAIL;
1479
1480 /* exceptions other than USR & SYS have a saved program status register */
1481 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1482 {
1483 uint32_t spsr;
1484 arm7_9->read_xpsr(target, &spsr, 1);
1485 if ((retval = jtag_execute_queue()) != ERROR_OK)
1486 {
1487 return retval;
1488 }
1489 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1490 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1491 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1492 }
1493
1494 /* r0 and r15 (pc) have to be restored later */
1495 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1496 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1497
1498 if ((retval = jtag_execute_queue()) != ERROR_OK)
1499 return retval;
1500
1501 if (arm7_9->post_debug_entry)
1502 arm7_9->post_debug_entry(target);
1503
1504 return ERROR_OK;
1505 }
1506
1507 /**
1508 * Validate the full context for an ARM7/9 target in all processor modes. If
1509 * there are any invalid registers for the target, they will all be read. This
1510 * includes the PSR.
1511 *
1512 * @param target Pointer to the ARM7/9 target to capture the full context from
1513 * @return Error if the target is not halted, has an invalid core mode, or if
1514 * the JTAG queue fails to execute
1515 */
1516 int arm7_9_full_context(target_t *target)
1517 {
1518 int i;
1519 int retval;
1520 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1521 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1522
1523 LOG_DEBUG("-");
1524
1525 if (target->state != TARGET_HALTED)
1526 {
1527 LOG_WARNING("target not halted");
1528 return ERROR_TARGET_NOT_HALTED;
1529 }
1530
1531 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1532 return ERROR_FAIL;
1533
1534 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1535 * SYS shares registers with User, so we don't touch SYS
1536 */
1537 for (i = 0; i < 6; i++)
1538 {
1539 uint32_t mask = 0;
1540 uint32_t* reg_p[16];
1541 int j;
1542 int valid = 1;
1543
1544 /* check if there are invalid registers in the current mode
1545 */
1546 for (j = 0; j <= 16; j++)
1547 {
1548 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1549 valid = 0;
1550 }
1551
1552 if (!valid)
1553 {
1554 uint32_t tmp_cpsr;
1555
1556 /* change processor mode (and mask T bit) */
1557 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1558 tmp_cpsr |= armv4_5_number_to_mode(i);
1559 tmp_cpsr &= ~0x20;
1560 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1561
1562 for (j = 0; j < 15; j++)
1563 {
1564 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1565 {
1566 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1567 mask |= 1 << j;
1568 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1569 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1570 }
1571 }
1572
1573 /* if only the PSR is invalid, mask is all zeroes */
1574 if (mask)
1575 arm7_9->read_core_regs(target, mask, reg_p);
1576
1577 /* check if the PSR has to be read */
1578 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1579 {
1580 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1581 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1582 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1583 }
1584 }
1585 }
1586
1587 /* restore processor mode (mask T bit) */
1588 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1589
1590 if ((retval = jtag_execute_queue()) != ERROR_OK)
1591 {
1592 return retval;
1593 }
1594 return ERROR_OK;
1595 }
1596
1597 /**
1598 * Restore the processor context on an ARM7/9 target. The full processor
1599 * context is analyzed to see if any of the registers are dirty on this end, but
1600 * have a valid new value. If this is the case, the processor is changed to the
1601 * appropriate mode and the new register values are written out to the
1602 * processor. If there happens to be a dirty register with an invalid value, an
1603 * error will be logged.
1604 *
1605 * @param target Pointer to the ARM7/9 target to have its context restored
1606 * @return Error status if the target is not halted or the core mode in the
1607 * armv4_5 struct is invalid.
1608 */
1609 int arm7_9_restore_context(target_t *target)
1610 {
1611 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1612 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1613 reg_t *reg;
1614 armv4_5_core_reg_t *reg_arch_info;
1615 enum armv4_5_mode current_mode = armv4_5->core_mode;
1616 int i, j;
1617 int dirty;
1618 int mode_change;
1619
1620 LOG_DEBUG("-");
1621
1622 if (target->state != TARGET_HALTED)
1623 {
1624 LOG_WARNING("target not halted");
1625 return ERROR_TARGET_NOT_HALTED;
1626 }
1627
1628 if (arm7_9->pre_restore_context)
1629 arm7_9->pre_restore_context(target);
1630
1631 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1632 return ERROR_FAIL;
1633
1634 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1635 * SYS shares registers with User, so we don't touch SYS
1636 */
1637 for (i = 0; i < 6; i++)
1638 {
1639 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1640 dirty = 0;
1641 mode_change = 0;
1642 /* check if there are dirty registers in the current mode
1643 */
1644 for (j = 0; j <= 16; j++)
1645 {
1646 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1647 reg_arch_info = reg->arch_info;
1648 if (reg->dirty == 1)
1649 {
1650 if (reg->valid == 1)
1651 {
1652 dirty = 1;
1653 LOG_DEBUG("examining dirty reg: %s", reg->name);
1654 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1655 && (reg_arch_info->mode != current_mode)
1656 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1657 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1658 {
1659 mode_change = 1;
1660 LOG_DEBUG("require mode change");
1661 }
1662 }
1663 else
1664 {
1665 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1666 }
1667 }
1668 }
1669
1670 if (dirty)
1671 {
1672 uint32_t mask = 0x0;
1673 int num_regs = 0;
1674 uint32_t regs[16];
1675
1676 if (mode_change)
1677 {
1678 uint32_t tmp_cpsr;
1679
1680 /* change processor mode (mask T bit) */
1681 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1682 tmp_cpsr |= armv4_5_number_to_mode(i);
1683 tmp_cpsr &= ~0x20;
1684 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1685 current_mode = armv4_5_number_to_mode(i);
1686 }
1687
1688 for (j = 0; j <= 14; j++)
1689 {
1690 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1691 reg_arch_info = reg->arch_info;
1692
1693
1694 if (reg->dirty == 1)
1695 {
1696 regs[j] = buf_get_u32(reg->value, 0, 32);
1697 mask |= 1 << j;
1698 num_regs++;
1699 reg->dirty = 0;
1700 reg->valid = 1;
1701 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1702 }
1703 }
1704
1705 if (mask)
1706 {
1707 arm7_9->write_core_regs(target, mask, regs);
1708 }
1709
1710 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1711 reg_arch_info = reg->arch_info;
1712 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1713 {
1714 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1715 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1716 }
1717 }
1718 }
1719
1720 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1721 {
1722 /* restore processor mode (mask T bit) */
1723 uint32_t tmp_cpsr;
1724
1725 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1726 tmp_cpsr |= armv4_5_number_to_mode(i);
1727 tmp_cpsr &= ~0x20;
1728 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1729 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1730 }
1731 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1732 {
1733 /* CPSR has been changed, full restore necessary (mask T bit) */
1734 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1735 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1736 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1737 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1738 }
1739
1740 /* restore PC */
1741 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1742 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1743 armv4_5->core_cache->reg_list[15].dirty = 0;
1744
1745 if (arm7_9->post_restore_context)
1746 arm7_9->post_restore_context(target);
1747
1748 return ERROR_OK;
1749 }
1750
1751 /**
1752 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1753 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1754 * restart.
1755 *
1756 * @param target Pointer to the ARM7/9 target to be restarted
1757 * @return Result of executing the JTAG queue
1758 */
1759 int arm7_9_restart_core(struct target_s *target)
1760 {
1761 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1762 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1763
1764 /* set RESTART instruction */
1765 jtag_set_end_state(TAP_IDLE);
1766 if (arm7_9->need_bypass_before_restart) {
1767 arm7_9->need_bypass_before_restart = 0;
1768 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1769 }
1770 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1771
1772 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1773 return jtag_execute_queue();
1774 }
1775
1776 /**
1777 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1778 * iterated through and are set on the target if they aren't already set.
1779 *
1780 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1781 */
1782 void arm7_9_enable_watchpoints(struct target_s *target)
1783 {
1784 watchpoint_t *watchpoint = target->watchpoints;
1785
1786 while (watchpoint)
1787 {
1788 if (watchpoint->set == 0)
1789 arm7_9_set_watchpoint(target, watchpoint);
1790 watchpoint = watchpoint->next;
1791 }
1792 }
1793
1794 /**
1795 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1796 * iterated through and are set on the target.
1797 *
1798 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1799 */
1800 void arm7_9_enable_breakpoints(struct target_s *target)
1801 {
1802 breakpoint_t *breakpoint = target->breakpoints;
1803
1804 /* set any pending breakpoints */
1805 while (breakpoint)
1806 {
1807 arm7_9_set_breakpoint(target, breakpoint);
1808 breakpoint = breakpoint->next;
1809 }
1810 }
1811
1812 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1813 {
1814 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1815 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1816 breakpoint_t *breakpoint = target->breakpoints;
1817 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1818 int err, retval = ERROR_OK;
1819
1820 LOG_DEBUG("-");
1821
1822 if (target->state != TARGET_HALTED)
1823 {
1824 LOG_WARNING("target not halted");
1825 return ERROR_TARGET_NOT_HALTED;
1826 }
1827
1828 if (!debug_execution)
1829 {
1830 target_free_all_working_areas(target);
1831 }
1832
1833 /* current = 1: continue on current pc, otherwise continue at <address> */
1834 if (!current)
1835 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1836
1837 uint32_t current_pc;
1838 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1839
1840 /* the front-end may request us not to handle breakpoints */
1841 if (handle_breakpoints)
1842 {
1843 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1844 {
1845 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1846 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1847 {
1848 return retval;
1849 }
1850
1851 /* calculate PC of next instruction */
1852 uint32_t next_pc;
1853 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1854 {
1855 uint32_t current_opcode;
1856 target_read_u32(target, current_pc, &current_opcode);
1857 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1858 return retval;
1859 }
1860
1861 LOG_DEBUG("enable single-step");
1862 arm7_9->enable_single_step(target, next_pc);
1863
1864 target->debug_reason = DBG_REASON_SINGLESTEP;
1865
1866 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1867 {
1868 return retval;
1869 }
1870
1871 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1872 arm7_9->branch_resume(target);
1873 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1874 {
1875 arm7_9->branch_resume_thumb(target);
1876 }
1877 else
1878 {
1879 LOG_ERROR("unhandled core state");
1880 return ERROR_FAIL;
1881 }
1882
1883 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1884 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1885 err = arm7_9_execute_sys_speed(target);
1886
1887 LOG_DEBUG("disable single-step");
1888 arm7_9->disable_single_step(target);
1889
1890 if (err != ERROR_OK)
1891 {
1892 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1893 {
1894 return retval;
1895 }
1896 target->state = TARGET_UNKNOWN;
1897 return err;
1898 }
1899
1900 arm7_9_debug_entry(target);
1901 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1902
1903 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1904 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1905 {
1906 return retval;
1907 }
1908 }
1909 }
1910
1911 /* enable any pending breakpoints and watchpoints */
1912 arm7_9_enable_breakpoints(target);
1913 arm7_9_enable_watchpoints(target);
1914
1915 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1916 {
1917 return retval;
1918 }
1919
1920 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1921 {
1922 arm7_9->branch_resume(target);
1923 }
1924 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1925 {
1926 arm7_9->branch_resume_thumb(target);
1927 }
1928 else
1929 {
1930 LOG_ERROR("unhandled core state");
1931 return ERROR_FAIL;
1932 }
1933
1934 /* deassert DBGACK and INTDIS */
1935 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1936 /* INTDIS only when we really resume, not during debug execution */
1937 if (!debug_execution)
1938 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1939 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1940
1941 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1942 {
1943 return retval;
1944 }
1945
1946 target->debug_reason = DBG_REASON_NOTHALTED;
1947
1948 if (!debug_execution)
1949 {
1950 /* registers are now invalid */
1951 armv4_5_invalidate_core_regs(target);
1952 target->state = TARGET_RUNNING;
1953 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1954 {
1955 return retval;
1956 }
1957 }
1958 else
1959 {
1960 target->state = TARGET_DEBUG_RUNNING;
1961 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1962 {
1963 return retval;
1964 }
1965 }
1966
1967 LOG_DEBUG("target resumed");
1968
1969 return ERROR_OK;
1970 }
1971
1972 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1973 {
1974 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
1975 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1976 uint32_t current_pc;
1977 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1978
1979 if (next_pc != current_pc)
1980 {
1981 /* setup an inverse breakpoint on the current PC
1982 * - comparator 1 matches the current address
1983 * - rangeout from comparator 1 is connected to comparator 0 rangein
1984 * - comparator 0 matches any address, as long as rangein is low */
1985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1990 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1991 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1992 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1993 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1994 }
1995 else
1996 {
1997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1998 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1999 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
2000 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
2001 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2006 }
2007 }
2008
2009 void arm7_9_disable_eice_step(target_t *target)
2010 {
2011 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2012
2013 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2014 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2015 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2016 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2017 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2018 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2019 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2020 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2021 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2022 }
2023
2024 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2025 {
2026 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2027 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2028 breakpoint_t *breakpoint = NULL;
2029 int err, retval;
2030
2031 if (target->state != TARGET_HALTED)
2032 {
2033 LOG_WARNING("target not halted");
2034 return ERROR_TARGET_NOT_HALTED;
2035 }
2036
2037 /* current = 1: continue on current pc, otherwise continue at <address> */
2038 if (!current)
2039 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2040
2041 uint32_t current_pc;
2042 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2043
2044 /* the front-end may request us not to handle breakpoints */
2045 if (handle_breakpoints)
2046 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2047 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2048 {
2049 return retval;
2050 }
2051
2052 target->debug_reason = DBG_REASON_SINGLESTEP;
2053
2054 /* calculate PC of next instruction */
2055 uint32_t next_pc;
2056 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2057 {
2058 uint32_t current_opcode;
2059 target_read_u32(target, current_pc, &current_opcode);
2060 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2061 return retval;
2062 }
2063
2064 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2065 {
2066 return retval;
2067 }
2068
2069 arm7_9->enable_single_step(target, next_pc);
2070
2071 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2072 {
2073 arm7_9->branch_resume(target);
2074 }
2075 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2076 {
2077 arm7_9->branch_resume_thumb(target);
2078 }
2079 else
2080 {
2081 LOG_ERROR("unhandled core state");
2082 return ERROR_FAIL;
2083 }
2084
2085 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2086 {
2087 return retval;
2088 }
2089
2090 err = arm7_9_execute_sys_speed(target);
2091 arm7_9->disable_single_step(target);
2092
2093 /* registers are now invalid */
2094 armv4_5_invalidate_core_regs(target);
2095
2096 if (err != ERROR_OK)
2097 {
2098 target->state = TARGET_UNKNOWN;
2099 } else {
2100 arm7_9_debug_entry(target);
2101 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2102 {
2103 return retval;
2104 }
2105 LOG_DEBUG("target stepped");
2106 }
2107
2108 if (breakpoint)
2109 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2110 {
2111 return retval;
2112 }
2113
2114 return err;
2115 }
2116
2117 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2118 {
2119 uint32_t* reg_p[16];
2120 uint32_t value;
2121 int retval;
2122 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2123 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2124
2125 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2126 return ERROR_FAIL;
2127
2128 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2129
2130 if ((num < 0) || (num > 16))
2131 return ERROR_INVALID_ARGUMENTS;
2132
2133 if ((mode != ARMV4_5_MODE_ANY)
2134 && (mode != armv4_5->core_mode)
2135 && (reg_mode != ARMV4_5_MODE_ANY))
2136 {
2137 uint32_t tmp_cpsr;
2138
2139 /* change processor mode (mask T bit) */
2140 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2141 tmp_cpsr |= mode;
2142 tmp_cpsr &= ~0x20;
2143 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2144 }
2145
2146 if ((num >= 0) && (num <= 15))
2147 {
2148 /* read a normal core register */
2149 reg_p[num] = &value;
2150
2151 arm7_9->read_core_regs(target, 1 << num, reg_p);
2152 }
2153 else
2154 {
2155 /* read a program status register
2156 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2157 */
2158 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2159 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2160
2161 arm7_9->read_xpsr(target, &value, spsr);
2162 }
2163
2164 if ((retval = jtag_execute_queue()) != ERROR_OK)
2165 {
2166 return retval;
2167 }
2168
2169 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2170 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2171 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2172
2173 if ((mode != ARMV4_5_MODE_ANY)
2174 && (mode != armv4_5->core_mode)
2175 && (reg_mode != ARMV4_5_MODE_ANY)) {
2176 /* restore processor mode (mask T bit) */
2177 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2178 }
2179
2180 return ERROR_OK;
2181 }
2182
2183 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2184 {
2185 uint32_t reg[16];
2186 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2187 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2188
2189 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2190 return ERROR_FAIL;
2191
2192 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2193
2194 if ((num < 0) || (num > 16))
2195 return ERROR_INVALID_ARGUMENTS;
2196
2197 if ((mode != ARMV4_5_MODE_ANY)
2198 && (mode != armv4_5->core_mode)
2199 && (reg_mode != ARMV4_5_MODE_ANY)) {
2200 uint32_t tmp_cpsr;
2201
2202 /* change processor mode (mask T bit) */
2203 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2204 tmp_cpsr |= mode;
2205 tmp_cpsr &= ~0x20;
2206 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2207 }
2208
2209 if ((num >= 0) && (num <= 15))
2210 {
2211 /* write a normal core register */
2212 reg[num] = value;
2213
2214 arm7_9->write_core_regs(target, 1 << num, reg);
2215 }
2216 else
2217 {
2218 /* write a program status register
2219 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2220 */
2221 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2222 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2223
2224 /* if we're writing the CPSR, mask the T bit */
2225 if (!spsr)
2226 value &= ~0x20;
2227
2228 arm7_9->write_xpsr(target, value, spsr);
2229 }
2230
2231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2232 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2233
2234 if ((mode != ARMV4_5_MODE_ANY)
2235 && (mode != armv4_5->core_mode)
2236 && (reg_mode != ARMV4_5_MODE_ANY)) {
2237 /* restore processor mode (mask T bit) */
2238 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2239 }
2240
2241 return jtag_execute_queue();
2242 }
2243
2244 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2245 {
2246 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2247 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2248 uint32_t reg[16];
2249 uint32_t num_accesses = 0;
2250 int thisrun_accesses;
2251 int i;
2252 uint32_t cpsr;
2253 int retval;
2254 int last_reg = 0;
2255
2256 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2257
2258 if (target->state != TARGET_HALTED)
2259 {
2260 LOG_WARNING("target not halted");
2261 return ERROR_TARGET_NOT_HALTED;
2262 }
2263
2264 /* sanitize arguments */
2265 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2266 return ERROR_INVALID_ARGUMENTS;
2267
2268 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2269 return ERROR_TARGET_UNALIGNED_ACCESS;
2270
2271 /* load the base register with the address of the first word */
2272 reg[0] = address;
2273 arm7_9->write_core_regs(target, 0x1, reg);
2274
2275 int j = 0;
2276
2277 switch (size)
2278 {
2279 case 4:
2280 while (num_accesses < count)
2281 {
2282 uint32_t reg_list;
2283 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2284 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2285
2286 if (last_reg <= thisrun_accesses)
2287 last_reg = thisrun_accesses;
2288
2289 arm7_9->load_word_regs(target, reg_list);
2290
2291 /* fast memory reads are only safe when the target is running
2292 * from a sufficiently high clock (32 kHz is usually too slow)
2293 */
2294 if (arm7_9->fast_memory_access)
2295 retval = arm7_9_execute_fast_sys_speed(target);
2296 else
2297 retval = arm7_9_execute_sys_speed(target);
2298 if (retval != ERROR_OK)
2299 return retval;
2300
2301 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2302
2303 /* advance buffer, count number of accesses */
2304 buffer += thisrun_accesses * 4;
2305 num_accesses += thisrun_accesses;
2306
2307 if ((j++%1024) == 0)
2308 {
2309 keep_alive();
2310 }
2311 }
2312 break;
2313 case 2:
2314 while (num_accesses < count)
2315 {
2316 uint32_t reg_list;
2317 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2318 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2319
2320 for (i = 1; i <= thisrun_accesses; i++)
2321 {
2322 if (i > last_reg)
2323 last_reg = i;
2324 arm7_9->load_hword_reg(target, i);
2325 /* fast memory reads are only safe when the target is running
2326 * from a sufficiently high clock (32 kHz is usually too slow)
2327 */
2328 if (arm7_9->fast_memory_access)
2329 retval = arm7_9_execute_fast_sys_speed(target);
2330 else
2331 retval = arm7_9_execute_sys_speed(target);
2332 if (retval != ERROR_OK)
2333 {
2334 return retval;
2335 }
2336
2337 }
2338
2339 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2340
2341 /* advance buffer, count number of accesses */
2342 buffer += thisrun_accesses * 2;
2343 num_accesses += thisrun_accesses;
2344
2345 if ((j++%1024) == 0)
2346 {
2347 keep_alive();
2348 }
2349 }
2350 break;
2351 case 1:
2352 while (num_accesses < count)
2353 {
2354 uint32_t reg_list;
2355 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2356 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2357
2358 for (i = 1; i <= thisrun_accesses; i++)
2359 {
2360 if (i > last_reg)
2361 last_reg = i;
2362 arm7_9->load_byte_reg(target, i);
2363 /* fast memory reads are only safe when the target is running
2364 * from a sufficiently high clock (32 kHz is usually too slow)
2365 */
2366 if (arm7_9->fast_memory_access)
2367 retval = arm7_9_execute_fast_sys_speed(target);
2368 else
2369 retval = arm7_9_execute_sys_speed(target);
2370 if (retval != ERROR_OK)
2371 {
2372 return retval;
2373 }
2374 }
2375
2376 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2377
2378 /* advance buffer, count number of accesses */
2379 buffer += thisrun_accesses * 1;
2380 num_accesses += thisrun_accesses;
2381
2382 if ((j++%1024) == 0)
2383 {
2384 keep_alive();
2385 }
2386 }
2387 break;
2388 default:
2389 LOG_ERROR("BUG: we shouldn't get here");
2390 exit(-1);
2391 break;
2392 }
2393
2394 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2395 return ERROR_FAIL;
2396
2397 for (i = 0; i <= last_reg; i++)
2398 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2399
2400 arm7_9->read_xpsr(target, &cpsr, 0);
2401 if ((retval = jtag_execute_queue()) != ERROR_OK)
2402 {
2403 LOG_ERROR("JTAG error while reading cpsr");
2404 return ERROR_TARGET_DATA_ABORT;
2405 }
2406
2407 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2408 {
2409 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2410
2411 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2412
2413 return ERROR_TARGET_DATA_ABORT;
2414 }
2415
2416 return ERROR_OK;
2417 }
2418
2419 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2420 {
2421 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2422 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2423 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2424
2425 uint32_t reg[16];
2426 uint32_t num_accesses = 0;
2427 int thisrun_accesses;
2428 int i;
2429 uint32_t cpsr;
2430 int retval;
2431 int last_reg = 0;
2432
2433 #ifdef _DEBUG_ARM7_9_
2434 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2435 #endif
2436
2437 if (target->state != TARGET_HALTED)
2438 {
2439 LOG_WARNING("target not halted");
2440 return ERROR_TARGET_NOT_HALTED;
2441 }
2442
2443 /* sanitize arguments */
2444 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2445 return ERROR_INVALID_ARGUMENTS;
2446
2447 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2448 return ERROR_TARGET_UNALIGNED_ACCESS;
2449
2450 /* load the base register with the address of the first word */
2451 reg[0] = address;
2452 arm7_9->write_core_regs(target, 0x1, reg);
2453
2454 /* Clear DBGACK, to make sure memory fetches work as expected */
2455 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2456 embeddedice_store_reg(dbg_ctrl);
2457
2458 switch (size)
2459 {
2460 case 4:
2461 while (num_accesses < count)
2462 {
2463 uint32_t reg_list;
2464 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2465 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2466
2467 for (i = 1; i <= thisrun_accesses; i++)
2468 {
2469 if (i > last_reg)
2470 last_reg = i;
2471 reg[i] = target_buffer_get_u32(target, buffer);
2472 buffer += 4;
2473 }
2474
2475 arm7_9->write_core_regs(target, reg_list, reg);
2476
2477 arm7_9->store_word_regs(target, reg_list);
2478
2479 /* fast memory writes are only safe when the target is running
2480 * from a sufficiently high clock (32 kHz is usually too slow)
2481 */
2482 if (arm7_9->fast_memory_access)
2483 retval = arm7_9_execute_fast_sys_speed(target);
2484 else
2485 retval = arm7_9_execute_sys_speed(target);
2486 if (retval != ERROR_OK)
2487 {
2488 return retval;
2489 }
2490
2491 num_accesses += thisrun_accesses;
2492 }
2493 break;
2494 case 2:
2495 while (num_accesses < count)
2496 {
2497 uint32_t reg_list;
2498 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2499 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2500
2501 for (i = 1; i <= thisrun_accesses; i++)
2502 {
2503 if (i > last_reg)
2504 last_reg = i;
2505 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2506 buffer += 2;
2507 }
2508
2509 arm7_9->write_core_regs(target, reg_list, reg);
2510
2511 for (i = 1; i <= thisrun_accesses; i++)
2512 {
2513 arm7_9->store_hword_reg(target, i);
2514
2515 /* fast memory writes are only safe when the target is running
2516 * from a sufficiently high clock (32 kHz is usually too slow)
2517 */
2518 if (arm7_9->fast_memory_access)
2519 retval = arm7_9_execute_fast_sys_speed(target);
2520 else
2521 retval = arm7_9_execute_sys_speed(target);
2522 if (retval != ERROR_OK)
2523 {
2524 return retval;
2525 }
2526 }
2527
2528 num_accesses += thisrun_accesses;
2529 }
2530 break;
2531 case 1:
2532 while (num_accesses < count)
2533 {
2534 uint32_t reg_list;
2535 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2536 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2537
2538 for (i = 1; i <= thisrun_accesses; i++)
2539 {
2540 if (i > last_reg)
2541 last_reg = i;
2542 reg[i] = *buffer++ & 0xff;
2543 }
2544
2545 arm7_9->write_core_regs(target, reg_list, reg);
2546
2547 for (i = 1; i <= thisrun_accesses; i++)
2548 {
2549 arm7_9->store_byte_reg(target, i);
2550 /* fast memory writes are only safe when the target is running
2551 * from a sufficiently high clock (32 kHz is usually too slow)
2552 */
2553 if (arm7_9->fast_memory_access)
2554 retval = arm7_9_execute_fast_sys_speed(target);
2555 else
2556 retval = arm7_9_execute_sys_speed(target);
2557 if (retval != ERROR_OK)
2558 {
2559 return retval;
2560 }
2561
2562 }
2563
2564 num_accesses += thisrun_accesses;
2565 }
2566 break;
2567 default:
2568 LOG_ERROR("BUG: we shouldn't get here");
2569 exit(-1);
2570 break;
2571 }
2572
2573 /* Re-Set DBGACK */
2574 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2575 embeddedice_store_reg(dbg_ctrl);
2576
2577 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2578 return ERROR_FAIL;
2579
2580 for (i = 0; i <= last_reg; i++)
2581 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2582
2583 arm7_9->read_xpsr(target, &cpsr, 0);
2584 if ((retval = jtag_execute_queue()) != ERROR_OK)
2585 {
2586 LOG_ERROR("JTAG error while reading cpsr");
2587 return ERROR_TARGET_DATA_ABORT;
2588 }
2589
2590 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2591 {
2592 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2593
2594 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2595
2596 return ERROR_TARGET_DATA_ABORT;
2597 }
2598
2599 return ERROR_OK;
2600 }
2601
2602 static int dcc_count;
2603 static uint8_t *dcc_buffer;
2604
2605 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2606 {
2607 int retval = ERROR_OK;
2608 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2609
2610 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2611 return retval;
2612
2613 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2614 int count = dcc_count;
2615 uint8_t *buffer = dcc_buffer;
2616 if (count > 2)
2617 {
2618 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2619 * core function repeated. */
2620 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2621 buffer += 4;
2622
2623 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2624 uint8_t reg_addr = ice_reg->addr & 0x1f;
2625 jtag_tap_t *tap;
2626 tap = ice_reg->jtag_info->tap;
2627
2628 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2629 buffer += (count-2)*4;
2630
2631 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2632 } else
2633 {
2634 int i;
2635 for (i = 0; i < count; i++)
2636 {
2637 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2638 buffer += 4;
2639 }
2640 }
2641
2642 if ((retval = target_halt(target))!= ERROR_OK)
2643 {
2644 return retval;
2645 }
2646 return target_wait_state(target, TARGET_HALTED, 500);
2647 }
2648
2649 static const uint32_t dcc_code[] =
2650 {
2651 /* r0 == input, points to memory buffer
2652 * r1 == scratch
2653 */
2654
2655 /* spin until DCC control (c0) reports data arrived */
2656 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2657 0xe3110001, /* tst r1, #1 */
2658 0x0afffffc, /* bne w */
2659
2660 /* read word from DCC (c1), write to memory */
2661 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2662 0xe4801004, /* str r1, [r0], #4 */
2663
2664 /* repeat */
2665 0xeafffff9 /* b w */
2666 };
2667
2668 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2669
2670 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2671 {
2672 int retval;
2673 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
2674 int i;
2675
2676 if (!arm7_9->dcc_downloads)
2677 return target_write_memory(target, address, 4, count, buffer);
2678
2679 /* regrab previously allocated working_area, or allocate a new one */
2680 if (!arm7_9->dcc_working_area)
2681 {
2682 uint8_t dcc_code_buf[6 * 4];
2683
2684 /* make sure we have a working area */
2685 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2686 {
2687 LOG_INFO("no working area available, falling back to memory writes");
2688 return target_write_memory(target, address, 4, count, buffer);
2689 }
2690
2691 /* copy target instructions to target endianness */
2692 for (i = 0; i < 6; i++)
2693 {
2694 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2695 }
2696
2697 /* write DCC code to working area */
2698 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2699 {
2700 return retval;
2701 }
2702 }
2703
2704 armv4_5_algorithm_t armv4_5_info;
2705 reg_param_t reg_params[1];
2706
2707 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2708 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2709 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2710
2711 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2712
2713 buf_set_u32(reg_params[0].value, 0, 32, address);
2714
2715 dcc_count = count;
2716 dcc_buffer = buffer;
2717 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2718 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2719
2720 if (retval == ERROR_OK)
2721 {
2722 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2723 if (endaddress != (address + count*4))
2724 {
2725 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2726 retval = ERROR_FAIL;
2727 }
2728 }
2729
2730 destroy_reg_param(&reg_params[0]);
2731
2732 return retval;
2733 }
2734
2735 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2736 {
2737 working_area_t *crc_algorithm;
2738 armv4_5_algorithm_t armv4_5_info;
2739 reg_param_t reg_params[2];
2740 int retval;
2741
2742 static const uint32_t arm7_9_crc_code[] = {
2743 0xE1A02000, /* mov r2, r0 */
2744 0xE3E00000, /* mov r0, #0xffffffff */
2745 0xE1A03001, /* mov r3, r1 */
2746 0xE3A04000, /* mov r4, #0 */
2747 0xEA00000B, /* b ncomp */
2748 /* nbyte: */
2749 0xE7D21004, /* ldrb r1, [r2, r4] */
2750 0xE59F7030, /* ldr r7, CRC32XOR */
2751 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2752 0xE3A05000, /* mov r5, #0 */
2753 /* loop: */
2754 0xE3500000, /* cmp r0, #0 */
2755 0xE1A06080, /* mov r6, r0, asl #1 */
2756 0xE2855001, /* add r5, r5, #1 */
2757 0xE1A00006, /* mov r0, r6 */
2758 0xB0260007, /* eorlt r0, r6, r7 */
2759 0xE3550008, /* cmp r5, #8 */
2760 0x1AFFFFF8, /* bne loop */
2761 0xE2844001, /* add r4, r4, #1 */
2762 /* ncomp: */
2763 0xE1540003, /* cmp r4, r3 */
2764 0x1AFFFFF1, /* bne nbyte */
2765 /* end: */
2766 0xEAFFFFFE, /* b end */
2767 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2768 };
2769
2770 uint32_t i;
2771
2772 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2773 {
2774 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2775 }
2776
2777 /* convert flash writing code into a buffer in target endianness */
2778 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2779 {
2780 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2781 {
2782 return retval;
2783 }
2784 }
2785
2786 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2787 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2788 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2789
2790 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2791 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2792
2793 buf_set_u32(reg_params[0].value, 0, 32, address);
2794 buf_set_u32(reg_params[1].value, 0, 32, count);
2795
2796 /* 20 second timeout/megabyte */
2797 int timeout = 20000 * (1 + (count / (1024*1024)));
2798
2799 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2800 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2801 {
2802 LOG_ERROR("error executing arm7_9 crc algorithm");
2803 destroy_reg_param(&reg_params[0]);
2804 destroy_reg_param(&reg_params[1]);
2805 target_free_working_area(target, crc_algorithm);
2806 return retval;
2807 }
2808
2809 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2810
2811 destroy_reg_param(&reg_params[0]);
2812 destroy_reg_param(&reg_params[1]);
2813
2814 target_free_working_area(target, crc_algorithm);
2815
2816 return ERROR_OK;
2817 }
2818
2819 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2820 {
2821 working_area_t *erase_check_algorithm;
2822 reg_param_t reg_params[3];
2823 armv4_5_algorithm_t armv4_5_info;
2824 int retval;
2825 uint32_t i;
2826
2827 static const uint32_t erase_check_code[] =
2828 {
2829 /* loop: */
2830 0xe4d03001, /* ldrb r3, [r0], #1 */
2831 0xe0022003, /* and r2, r2, r3 */
2832 0xe2511001, /* subs r1, r1, #1 */
2833 0x1afffffb, /* bne loop */
2834 /* end: */
2835 0xeafffffe /* b end */
2836 };
2837
2838 /* make sure we have a working area */
2839 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2840 {
2841 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2842 }
2843
2844 /* convert flash writing code into a buffer in target endianness */
2845 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2846 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2847 {
2848 return retval;
2849 }
2850
2851 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2852 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2853 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2854
2855 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2856 buf_set_u32(reg_params[0].value, 0, 32, address);
2857
2858 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2859 buf_set_u32(reg_params[1].value, 0, 32, count);
2860
2861 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2862 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2863
2864 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2865 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2866 {
2867 destroy_reg_param(&reg_params[0]);
2868 destroy_reg_param(&reg_params[1]);
2869 destroy_reg_param(&reg_params[2]);
2870 target_free_working_area(target, erase_check_algorithm);
2871 return 0;
2872 }
2873
2874 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2875
2876 destroy_reg_param(&reg_params[0]);
2877 destroy_reg_param(&reg_params[1]);
2878 destroy_reg_param(&reg_params[2]);
2879
2880 target_free_working_area(target, erase_check_algorithm);
2881
2882 return ERROR_OK;
2883 }
2884
2885 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2886 {
2887 command_t *arm7_9_cmd;
2888
2889 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2890
2891 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2892 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2893
2894 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2895
2896 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2897 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2898 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2899 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2900 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2901 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2902
2903 armv4_5_register_commands(cmd_ctx);
2904
2905 etm_register_commands(cmd_ctx);
2906
2907 return ERROR_OK;
2908 }
2909
2910 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2911 {
2912 uint32_t value;
2913 int spsr;
2914 int retval;
2915 target_t *target = get_current_target(cmd_ctx);
2916 armv4_5_common_t *armv4_5;
2917 arm7_9_common_t *arm7_9;
2918
2919 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2920 {
2921 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2922 return ERROR_OK;
2923 }
2924
2925 if (target->state != TARGET_HALTED)
2926 {
2927 command_print(cmd_ctx, "can't write registers while running");
2928 return ERROR_OK;
2929 }
2930
2931 if (argc < 2)
2932 {
2933 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2934 return ERROR_OK;
2935 }
2936
2937 COMMAND_PARSE_NUMBER(u32, args[0], value);
2938 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2939
2940 /* if we're writing the CPSR, mask the T bit */
2941 if (!spsr)
2942 value &= ~0x20;
2943
2944 arm7_9->write_xpsr(target, value, spsr);
2945 if ((retval = jtag_execute_queue()) != ERROR_OK)
2946 {
2947 LOG_ERROR("JTAG error while writing to xpsr");
2948 return retval;
2949 }
2950
2951 return ERROR_OK;
2952 }
2953
2954 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2955 {
2956 uint32_t value;
2957 int rotate;
2958 int spsr;
2959 int retval;
2960 target_t *target = get_current_target(cmd_ctx);
2961 armv4_5_common_t *armv4_5;
2962 arm7_9_common_t *arm7_9;
2963
2964 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2965 {
2966 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2967 return ERROR_OK;
2968 }
2969
2970 if (target->state != TARGET_HALTED)
2971 {
2972 command_print(cmd_ctx, "can't write registers while running");
2973 return ERROR_OK;
2974 }
2975
2976 if (argc < 3)
2977 {
2978 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2979 return ERROR_OK;
2980 }
2981
2982 COMMAND_PARSE_NUMBER(u32, args[0], value);
2983 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2984 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2985
2986 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2987 if ((retval = jtag_execute_queue()) != ERROR_OK)
2988 {
2989 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2990 return retval;
2991 }
2992
2993 return ERROR_OK;
2994 }
2995
2996 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2997 {
2998 uint32_t value;
2999 uint32_t mode;
3000 int num;
3001 target_t *target = get_current_target(cmd_ctx);
3002 armv4_5_common_t *armv4_5;
3003 arm7_9_common_t *arm7_9;
3004
3005 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3006 {
3007 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3008 return ERROR_OK;
3009 }
3010
3011 if (target->state != TARGET_HALTED)
3012 {
3013 command_print(cmd_ctx, "can't write registers while running");
3014 return ERROR_OK;
3015 }
3016
3017 if (argc < 3)
3018 {
3019 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3020 return ERROR_OK;
3021 }
3022
3023 COMMAND_PARSE_NUMBER(int, args[0], num);
3024 COMMAND_PARSE_NUMBER(u32, args[1], mode);
3025 COMMAND_PARSE_NUMBER(u32, args[2], value);
3026
3027 return arm7_9_write_core_reg(target, num, mode, value);
3028 }
3029
3030 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3031 {
3032 target_t *target = get_current_target(cmd_ctx);
3033 armv4_5_common_t *armv4_5;
3034 arm7_9_common_t *arm7_9;
3035
3036 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3037 {
3038 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3039 return ERROR_OK;
3040 }
3041
3042 if (argc > 0)
3043 {
3044 if (strcmp("enable", args[0]) == 0)
3045 {
3046 arm7_9->use_dbgrq = 1;
3047 }
3048 else if (strcmp("disable", args[0]) == 0)
3049 {
3050 arm7_9->use_dbgrq = 0;
3051 }
3052 else
3053 {
3054 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3055 }
3056 }
3057
3058 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3059
3060 return ERROR_OK;
3061 }
3062
3063 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3064 {
3065 target_t *target = get_current_target(cmd_ctx);
3066 armv4_5_common_t *armv4_5;
3067 arm7_9_common_t *arm7_9;
3068
3069 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3070 {
3071 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3072 return ERROR_OK;
3073 }
3074
3075 if (argc > 0)
3076 {
3077 if (strcmp("enable", args[0]) == 0)
3078 {
3079 arm7_9->fast_memory_access = 1;
3080 }
3081 else if (strcmp("disable", args[0]) == 0)
3082 {
3083 arm7_9->fast_memory_access = 0;
3084 }
3085 else
3086 {
3087 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3088 }
3089 }
3090
3091 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3092
3093 return ERROR_OK;
3094 }
3095
3096 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3097 {
3098 target_t *target = get_current_target(cmd_ctx);
3099 armv4_5_common_t *armv4_5;
3100 arm7_9_common_t *arm7_9;
3101
3102 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3103 {
3104 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3105 return ERROR_OK;
3106 }
3107
3108 if (argc > 0)
3109 {
3110 if (strcmp("enable", args[0]) == 0)
3111 {
3112 arm7_9->dcc_downloads = 1;
3113 }
3114 else if (strcmp("disable", args[0]) == 0)
3115 {
3116 arm7_9->dcc_downloads = 0;
3117 }
3118 else
3119 {
3120 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3121 }
3122 }
3123
3124 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3125
3126 return ERROR_OK;
3127 }
3128
3129 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3130 {
3131 int retval = ERROR_OK;
3132 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3133
3134 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3135
3136 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3137 {
3138 return retval;
3139 }
3140
3141 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3142 arm7_9->wp_available_max = 2;
3143 arm7_9->sw_breakpoints_added = 0;
3144 arm7_9->sw_breakpoint_count = 0;
3145 arm7_9->breakpoint_count = 0;
3146 arm7_9->wp0_used = 0;
3147 arm7_9->wp1_used = 0;
3148 arm7_9->wp1_used_default = 0;
3149 arm7_9->use_dbgrq = 0;
3150
3151 arm7_9->etm_ctx = NULL;
3152 arm7_9->has_single_step = 0;
3153 arm7_9->has_monitor_mode = 0;
3154 arm7_9->has_vector_catch = 0;
3155
3156 arm7_9->debug_entry_from_reset = 0;
3157
3158 arm7_9->dcc_working_area = NULL;
3159
3160 arm7_9->fast_memory_access = fast_and_dangerous;
3161 arm7_9->dcc_downloads = fast_and_dangerous;
3162
3163 arm7_9->need_bypass_before_restart = 0;
3164
3165 armv4_5->arch_info = arm7_9;
3166 armv4_5->read_core_reg = arm7_9_read_core_reg;
3167 armv4_5->write_core_reg = arm7_9_write_core_reg;
3168 armv4_5->full_context = arm7_9_full_context;
3169
3170 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3171 {
3172 return retval;
3173 }
3174
3175 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3176 {
3177 return retval;
3178 }
3179
3180 return ERROR_OK;
3181 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)