Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Remove annoying end-of-line whitespace from most src/*
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoint_count = 0;
65 arm7_9->sw_breakpoints_added = 0;
66 arm7_9->wp0_used = 0;
67 arm7_9->wp1_used = arm7_9->wp1_used_default;
68 arm7_9->wp_available = arm7_9->wp_available_max;
69
70 return jtag_execute_queue();
71 }
72
73 /**
74 * Assign a watchpoint to one of the two available hardware comparators in an
75 * ARM7 or ARM9 target.
76 *
77 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
78 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
79 */
80 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
81 {
82 if (!arm7_9->wp0_used)
83 {
84 arm7_9->wp0_used = 1;
85 breakpoint->set = 1;
86 arm7_9->wp_available--;
87 }
88 else if (!arm7_9->wp1_used)
89 {
90 arm7_9->wp1_used = 1;
91 breakpoint->set = 2;
92 arm7_9->wp_available--;
93 }
94 else
95 {
96 LOG_ERROR("BUG: no hardware comparator available");
97 }
98 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
99 breakpoint->unique_id,
100 breakpoint->address,
101 breakpoint->set );
102 }
103
104 /**
105 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
106 *
107 * @param arm7_9 Pointer to common struct for ARM7/9 targets
108 * @return Error codes if there is a problem finding a watchpoint or the result
109 * of executing the JTAG queue
110 */
111 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
112 {
113 if (arm7_9->sw_breakpoints_added)
114 {
115 return ERROR_OK;
116 }
117 if (arm7_9->wp_available < 1)
118 {
119 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
120 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
121 }
122 arm7_9->wp_available--;
123
124 /* pick a breakpoint unit */
125 if (!arm7_9->wp0_used)
126 {
127 arm7_9->sw_breakpoints_added = 1;
128 arm7_9->wp0_used = 3;
129 } else if (!arm7_9->wp1_used)
130 {
131 arm7_9->sw_breakpoints_added = 2;
132 arm7_9->wp1_used = 3;
133 }
134 else
135 {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1)
141 {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 }
148 else if (arm7_9->sw_breakpoints_added == 2)
149 {
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
155 }
156 else
157 {
158 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
159 return ERROR_FAIL;
160 }
161 LOG_DEBUG("SW BP using hw wp: %d",
162 arm7_9->sw_breakpoints_added );
163
164 return jtag_execute_queue();
165 }
166
167 /**
168 * Setup the common pieces for an ARM7/9 target after reset or on startup.
169 *
170 * @param target Pointer to an ARM7/9 target to setup
171 * @return Result of clearing the watchpoints on the target
172 */
173 int arm7_9_setup(target_t *target)
174 {
175 armv4_5_common_t *armv4_5 = target->arch_info;
176 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
177
178 return arm7_9_clear_watchpoints(arm7_9);
179 }
180
181 /**
182 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
183 * targets. A return of ERROR_OK signifies that the target is a valid target
184 * and that the pointers have been set properly.
185 *
186 * @param target Pointer to the target device to get the pointers from
187 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
188 * targets
189 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
190 * targets
191 * @return ERROR_OK if successful
192 */
193 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
194 {
195 armv4_5_common_t *armv4_5 = target->arch_info;
196 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
197
198 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
199 {
200 return -1;
201 }
202
203 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
204 {
205 return -1;
206 }
207
208 *armv4_5_p = armv4_5;
209 *arm7_9_p = arm7_9;
210
211 return ERROR_OK;
212 }
213
214 /**
215 * Set either a hardware or software breakpoint on an ARM7/9 target. The
216 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
217 * might have erased the values in Embedded ICE.
218 *
219 * @param target Pointer to the target device to set the breakpoints on
220 * @param breakpoint Pointer to the breakpoint to be set
221 * @return For hardware breakpoints, this is the result of executing the JTAG
222 * queue. For software breakpoints, this will be the status of the
223 * required memory reads and writes
224 */
225 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
226 {
227 armv4_5_common_t *armv4_5 = target->arch_info;
228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
229 int retval = ERROR_OK;
230
231 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
232 breakpoint->unique_id,
233 breakpoint->address,
234 breakpoint->type);
235
236 if (target->state != TARGET_HALTED)
237 {
238 LOG_WARNING("target not halted");
239 return ERROR_TARGET_NOT_HALTED;
240 }
241
242 if (breakpoint->type == BKPT_HARD)
243 {
244 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
245 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
246
247 /* reassign a hw breakpoint */
248 if (breakpoint->set == 0)
249 {
250 arm7_9_assign_wp(arm7_9, breakpoint);
251 }
252
253 if (breakpoint->set == 1)
254 {
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
258 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
259 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
260 }
261 else if (breakpoint->set == 2)
262 {
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
266 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
267 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
268 }
269 else
270 {
271 LOG_ERROR("BUG: no hardware comparator available");
272 return ERROR_OK;
273 }
274
275 retval = jtag_execute_queue();
276 }
277 else if (breakpoint->type == BKPT_SOFT)
278 {
279 /* did we already set this breakpoint? */
280 if (breakpoint->set)
281 return ERROR_OK;
282
283 if (breakpoint->length == 4)
284 {
285 uint32_t verify = 0xffffffff;
286 /* keep the original instruction in target endianness */
287 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
288 {
289 return retval;
290 }
291 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
292 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
293 {
294 return retval;
295 }
296
297 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
298 {
299 return retval;
300 }
301 if (verify != arm7_9->arm_bkpt)
302 {
303 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
304 return ERROR_OK;
305 }
306 }
307 else
308 {
309 uint16_t verify = 0xffff;
310 /* keep the original instruction in target endianness */
311 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
312 {
313 return retval;
314 }
315 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
316 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
317 {
318 return retval;
319 }
320
321 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
322 {
323 return retval;
324 }
325 if (verify != arm7_9->thumb_bkpt)
326 {
327 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
328 return ERROR_OK;
329 }
330 }
331
332 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
333 return retval;
334
335 arm7_9->sw_breakpoint_count++;
336
337 breakpoint->set = 1;
338 }
339
340 return retval;
341 }
342
343 /**
344 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
345 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
346 * will be updated. Otherwise, the software breakpoint will be restored to its
347 * original instruction if it hasn't already been modified.
348 *
349 * @param target Pointer to ARM7/9 target to unset the breakpoint from
350 * @param breakpoint Pointer to breakpoint to be unset
351 * @return For hardware breakpoints, this is the result of executing the JTAG
352 * queue. For software breakpoints, this will be the status of the
353 * required memory reads and writes
354 */
355 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
356 {
357 int retval = ERROR_OK;
358
359 armv4_5_common_t *armv4_5 = target->arch_info;
360 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
361
362 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
363 breakpoint->unique_id,
364 breakpoint->address );
365
366 if (!breakpoint->set)
367 {
368 LOG_WARNING("breakpoint not set");
369 return ERROR_OK;
370 }
371
372 if (breakpoint->type == BKPT_HARD)
373 {
374 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
375 breakpoint->unique_id,
376 breakpoint->set );
377 if (breakpoint->set == 1)
378 {
379 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
380 arm7_9->wp0_used = 0;
381 arm7_9->wp_available++;
382 }
383 else if (breakpoint->set == 2)
384 {
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
386 arm7_9->wp1_used = 0;
387 arm7_9->wp_available++;
388 }
389 retval = jtag_execute_queue();
390 breakpoint->set = 0;
391 }
392 else
393 {
394 /* restore original instruction (kept in target endianness) */
395 if (breakpoint->length == 4)
396 {
397 uint32_t current_instr;
398 /* check that user program as not modified breakpoint instruction */
399 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 if (current_instr == arm7_9->arm_bkpt)
404 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
405 {
406 return retval;
407 }
408 }
409 else
410 {
411 uint16_t current_instr;
412 /* check that user program as not modified breakpoint instruction */
413 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 if (current_instr == arm7_9->thumb_bkpt)
418 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
419 {
420 return retval;
421 }
422 }
423
424 if (--arm7_9->sw_breakpoint_count==0)
425 {
426 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
427 if (arm7_9->sw_breakpoints_added == 1)
428 {
429 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
430 }
431 else if (arm7_9->sw_breakpoints_added == 2)
432 {
433 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
434 }
435 }
436
437 breakpoint->set = 0;
438 }
439
440 return retval;
441 }
442
443 /**
444 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
445 * dangling breakpoints and that the desired breakpoint can be added.
446 *
447 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
448 * @param breakpoint Pointer to the breakpoint to be added
449 * @return An error status if there is a problem adding the breakpoint or the
450 * result of setting the breakpoint
451 */
452 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
453 {
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
456
457 if (target->state != TARGET_HALTED)
458 {
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
461 }
462
463 if (arm7_9->breakpoint_count == 0)
464 {
465 /* make sure we don't have any dangling breakpoints. This is vital upon
466 * GDB connect/disconnect
467 */
468 arm7_9_clear_watchpoints(arm7_9);
469 }
470
471 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
472 {
473 LOG_INFO("no watchpoint unit available for hardware breakpoint");
474 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
475 }
476
477 if ((breakpoint->length != 2) && (breakpoint->length != 4))
478 {
479 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
480 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
481 }
482
483 if (breakpoint->type == BKPT_HARD)
484 {
485 arm7_9_assign_wp(arm7_9, breakpoint);
486 }
487
488 arm7_9->breakpoint_count++;
489
490 return arm7_9_set_breakpoint(target, breakpoint);
491 }
492
493 /**
494 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
495 * dangling breakpoints and updates available watchpoints if it is a hardware
496 * breakpoint.
497 *
498 * @param target Pointer to the target to have a breakpoint removed
499 * @param breakpoint Pointer to the breakpoint to be removed
500 * @return Error status if there was a problem unsetting the breakpoint or the
501 * watchpoints could not be cleared
502 */
503 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
504 {
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
508
509 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
510 {
511 return retval;
512 }
513
514 if (breakpoint->type == BKPT_HARD)
515 arm7_9->wp_available++;
516
517 arm7_9->breakpoint_count--;
518 if (arm7_9->breakpoint_count == 0)
519 {
520 /* make sure we don't have any dangling breakpoints */
521 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
522 {
523 return retval;
524 }
525 }
526
527 return ERROR_OK;
528 }
529
530 /**
531 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
532 * considered a bug to call this function when there are no available watchpoint
533 * units.
534 *
535 * @param target Pointer to an ARM7/9 target to set a watchpoint on
536 * @param watchpoint Pointer to the watchpoint to be set
537 * @return Error status if watchpoint set fails or the result of executing the
538 * JTAG queue
539 */
540 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
541 {
542 int retval = ERROR_OK;
543 armv4_5_common_t *armv4_5 = target->arch_info;
544 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
545 int rw_mask = 1;
546 uint32_t mask;
547
548 mask = watchpoint->length - 1;
549
550 if (target->state != TARGET_HALTED)
551 {
552 LOG_WARNING("target not halted");
553 return ERROR_TARGET_NOT_HALTED;
554 }
555
556 if (watchpoint->rw == WPT_ACCESS)
557 rw_mask = 0;
558 else
559 rw_mask = 1;
560
561 if (!arm7_9->wp0_used)
562 {
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
564 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
566 if (watchpoint->mask != 0xffffffffu)
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
568 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
569 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
570
571 if ((retval = jtag_execute_queue()) != ERROR_OK)
572 {
573 return retval;
574 }
575 watchpoint->set = 1;
576 arm7_9->wp0_used = 2;
577 }
578 else if (!arm7_9->wp1_used)
579 {
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
581 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
582 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
583 if (watchpoint->mask != 0xffffffffu)
584 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
585 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
586 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
587
588 if ((retval = jtag_execute_queue()) != ERROR_OK)
589 {
590 return retval;
591 }
592 watchpoint->set = 2;
593 arm7_9->wp1_used = 2;
594 }
595 else
596 {
597 LOG_ERROR("BUG: no hardware comparator available");
598 return ERROR_OK;
599 }
600
601 return ERROR_OK;
602 }
603
604 /**
605 * Unset an existing watchpoint and clear the used watchpoint unit.
606 *
607 * @param target Pointer to the target to have the watchpoint removed
608 * @param watchpoint Pointer to the watchpoint to be removed
609 * @return Error status while trying to unset the watchpoint or the result of
610 * executing the JTAG queue
611 */
612 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
613 {
614 int retval = ERROR_OK;
615 armv4_5_common_t *armv4_5 = target->arch_info;
616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
617
618 if (target->state != TARGET_HALTED)
619 {
620 LOG_WARNING("target not halted");
621 return ERROR_TARGET_NOT_HALTED;
622 }
623
624 if (!watchpoint->set)
625 {
626 LOG_WARNING("breakpoint not set");
627 return ERROR_OK;
628 }
629
630 if (watchpoint->set == 1)
631 {
632 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
633 if ((retval = jtag_execute_queue()) != ERROR_OK)
634 {
635 return retval;
636 }
637 arm7_9->wp0_used = 0;
638 }
639 else if (watchpoint->set == 2)
640 {
641 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
642 if ((retval = jtag_execute_queue()) != ERROR_OK)
643 {
644 return retval;
645 }
646 arm7_9->wp1_used = 0;
647 }
648 watchpoint->set = 0;
649
650 return ERROR_OK;
651 }
652
653 /**
654 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
655 * available, an error response is returned.
656 *
657 * @param target Pointer to the ARM7/9 target to add a watchpoint to
658 * @param watchpoint Pointer to the watchpoint to be added
659 * @return Error status while trying to add the watchpoint
660 */
661 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
662 {
663 armv4_5_common_t *armv4_5 = target->arch_info;
664 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
665
666 if (target->state != TARGET_HALTED)
667 {
668 LOG_WARNING("target not halted");
669 return ERROR_TARGET_NOT_HALTED;
670 }
671
672 if (arm7_9->wp_available < 1)
673 {
674 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
675 }
676
677 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
678 {
679 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
680 }
681
682 arm7_9->wp_available--;
683
684 return ERROR_OK;
685 }
686
687 /**
688 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
689 * the used watchpoint unit will be reopened.
690 *
691 * @param target Pointer to the target to remove a watchpoint from
692 * @param watchpoint Pointer to the watchpoint to be removed
693 * @return Result of trying to unset the watchpoint
694 */
695 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
696 {
697 int retval = ERROR_OK;
698 armv4_5_common_t *armv4_5 = target->arch_info;
699 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
700
701 if (watchpoint->set)
702 {
703 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
704 {
705 return retval;
706 }
707 }
708
709 arm7_9->wp_available++;
710
711 return ERROR_OK;
712 }
713
714 /**
715 * Restarts the target by sending a RESTART instruction and moving the JTAG
716 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
717 * asserted by the processor.
718 *
719 * @param target Pointer to target to issue commands to
720 * @return Error status if there is a timeout or a problem while executing the
721 * JTAG queue
722 */
723 int arm7_9_execute_sys_speed(struct target_s *target)
724 {
725 int retval;
726
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
730 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
731
732 /* set RESTART instruction */
733 jtag_set_end_state(TAP_IDLE);
734 if (arm7_9->need_bypass_before_restart) {
735 arm7_9->need_bypass_before_restart = 0;
736 arm_jtag_set_instr(jtag_info, 0xf, NULL);
737 }
738 arm_jtag_set_instr(jtag_info, 0x4, NULL);
739
740 long long then = timeval_ms();
741 int timeout;
742 while (!(timeout = ((timeval_ms()-then) > 1000)))
743 {
744 /* read debug status register */
745 embeddedice_read_reg(dbg_stat);
746 if ((retval = jtag_execute_queue()) != ERROR_OK)
747 return retval;
748 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
749 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
750 break;
751 if (debug_level >= 3)
752 {
753 alive_sleep(100);
754 } else
755 {
756 keep_alive();
757 }
758 }
759 if (timeout)
760 {
761 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
762 return ERROR_TARGET_TIMEOUT;
763 }
764
765 return ERROR_OK;
766 }
767
768 /**
769 * Restarts the target by sending a RESTART instruction and moving the JTAG
770 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
771 * waiting until they are.
772 *
773 * @param target Pointer to the target to issue commands to
774 * @return Always ERROR_OK
775 */
776 int arm7_9_execute_fast_sys_speed(struct target_s *target)
777 {
778 static int set = 0;
779 static uint8_t check_value[4], check_mask[4];
780
781 armv4_5_common_t *armv4_5 = target->arch_info;
782 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
783 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
784 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
785
786 /* set RESTART instruction */
787 jtag_set_end_state(TAP_IDLE);
788 if (arm7_9->need_bypass_before_restart) {
789 arm7_9->need_bypass_before_restart = 0;
790 arm_jtag_set_instr(jtag_info, 0xf, NULL);
791 }
792 arm_jtag_set_instr(jtag_info, 0x4, NULL);
793
794 if (!set)
795 {
796 /* check for DBGACK and SYSCOMP set (others don't care) */
797
798 /* NB! These are constants that must be available until after next jtag_execute() and
799 * we evaluate the values upon first execution in lieu of setting up these constants
800 * during early setup.
801 * */
802 buf_set_u32(check_value, 0, 32, 0x9);
803 buf_set_u32(check_mask, 0, 32, 0x9);
804 set = 1;
805 }
806
807 /* read debug status register */
808 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
809
810 return ERROR_OK;
811 }
812
813 /**
814 * Get some data from the ARM7/9 target.
815 *
816 * @param target Pointer to the ARM7/9 target to read data from
817 * @param size The number of 32bit words to be read
818 * @param buffer Pointer to the buffer that will hold the data
819 * @return The result of receiving data from the Embedded ICE unit
820 */
821 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
822 {
823 armv4_5_common_t *armv4_5 = target->arch_info;
824 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
825 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
826 uint32_t *data;
827 int retval = ERROR_OK;
828 uint32_t i;
829
830 data = malloc(size * (sizeof(uint32_t)));
831
832 retval = embeddedice_receive(jtag_info, data, size);
833
834 /* return the 32-bit ints in the 8-bit array */
835 for (i = 0; i < size; i++)
836 {
837 h_u32_to_le(buffer + (i * 4), data[i]);
838 }
839
840 free(data);
841
842 return retval;
843 }
844
845 /**
846 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
847 * target is running and the DCC control register has the W bit high, this will
848 * execute the request on the target.
849 *
850 * @param priv Void pointer expected to be a target_t pointer
851 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
852 * from the Embedded ICE unit
853 */
854 int arm7_9_handle_target_request(void *priv)
855 {
856 int retval = ERROR_OK;
857 target_t *target = priv;
858 if (!target_was_examined(target))
859 return ERROR_OK;
860 armv4_5_common_t *armv4_5 = target->arch_info;
861 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
862 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
863 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
864
865 if (!target->dbg_msg_enabled)
866 return ERROR_OK;
867
868 if (target->state == TARGET_RUNNING)
869 {
870 /* read DCC control register */
871 embeddedice_read_reg(dcc_control);
872 if ((retval = jtag_execute_queue()) != ERROR_OK)
873 {
874 return retval;
875 }
876
877 /* check W bit */
878 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
879 {
880 uint32_t request;
881
882 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
883 {
884 return retval;
885 }
886 if ((retval = target_request(target, request)) != ERROR_OK)
887 {
888 return retval;
889 }
890 }
891 }
892
893 return ERROR_OK;
894 }
895
896 /**
897 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
898 * is manipulated to the right halted state based on its current state. This is
899 * what happens:
900 *
901 * <table>
902 * <tr><th > State</th><th > Action</th></tr>
903 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
904 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
905 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
906 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
907 * </table>
908 *
909 * If the target does not end up in the halted state, a warning is produced. If
910 * DBGACK is cleared, then the target is expected to either be running or
911 * running in debug.
912 *
913 * @param target Pointer to the ARM7/9 target to poll
914 * @return ERROR_OK or an error status if a command fails
915 */
916 int arm7_9_poll(target_t *target)
917 {
918 int retval;
919 armv4_5_common_t *armv4_5 = target->arch_info;
920 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
921 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
922
923 /* read debug status register */
924 embeddedice_read_reg(dbg_stat);
925 if ((retval = jtag_execute_queue()) != ERROR_OK)
926 {
927 return retval;
928 }
929
930 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
931 {
932 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
933 if (target->state == TARGET_UNKNOWN)
934 {
935 /* Starting OpenOCD with target in debug-halt */
936 target->state = TARGET_RUNNING;
937 LOG_DEBUG("DBGACK already set during server startup.");
938 }
939 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
940 {
941 int check_pc = 0;
942 if (target->state == TARGET_RESET)
943 {
944 if (target->reset_halt)
945 {
946 enum reset_types jtag_reset_config = jtag_get_reset_config();
947 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
948 {
949 check_pc = 1;
950 }
951 }
952 }
953
954 target->state = TARGET_HALTED;
955
956 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
957 return retval;
958
959 if (check_pc)
960 {
961 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
962 uint32_t t=*((uint32_t *)reg->value);
963 if (t != 0)
964 {
965 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
966 }
967 }
968
969 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
970 {
971 return retval;
972 }
973 }
974 if (target->state == TARGET_DEBUG_RUNNING)
975 {
976 target->state = TARGET_HALTED;
977 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
978 return retval;
979
980 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
981 {
982 return retval;
983 }
984 }
985 if (target->state != TARGET_HALTED)
986 {
987 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
988 }
989 }
990 else
991 {
992 if (target->state != TARGET_DEBUG_RUNNING)
993 target->state = TARGET_RUNNING;
994 }
995
996 return ERROR_OK;
997 }
998
999 /**
1000 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
1001 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
1002 * affected) completely stop the JTAG clock while the core is held in reset
1003 * (SRST). It isn't possible to program the halt condition once reset is
1004 * asserted, hence a hook that allows the target to set up its reset-halt
1005 * condition is setup prior to asserting reset.
1006 *
1007 * @param target Pointer to an ARM7/9 target to assert reset on
1008 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
1009 */
1010 int arm7_9_assert_reset(target_t *target)
1011 {
1012 armv4_5_common_t *armv4_5 = target->arch_info;
1013 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1014 LOG_DEBUG("target->state: %s",
1015 target_state_name(target));
1016
1017 enum reset_types jtag_reset_config = jtag_get_reset_config();
1018 if (!(jtag_reset_config & RESET_HAS_SRST))
1019 {
1020 LOG_ERROR("Can't assert SRST");
1021 return ERROR_FAIL;
1022 }
1023
1024 /* at this point trst has been asserted/deasserted once. We want to
1025 * program embedded ice while SRST is asserted, but some CPUs gate
1026 * the JTAG clock while SRST is asserted
1027 */
1028 bool srst_asserted = false;
1029 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0) && ((jtag_reset_config & RESET_SRST_GATES_JTAG) == 0))
1030 {
1031 jtag_add_reset(0, 1);
1032 srst_asserted = true;
1033 }
1034
1035 if (target->reset_halt)
1036 {
1037 /*
1038 * Some targets do not support communication while SRST is asserted. We need to
1039 * set up the reset vector catch here.
1040 *
1041 * If TRST is asserted, then these settings will be reset anyway, so setting them
1042 * here is harmless.
1043 */
1044 if (arm7_9->has_vector_catch)
1045 {
1046 /* program vector catch register to catch reset vector */
1047 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1048
1049 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1050 jtag_add_runtest(1, jtag_get_end_state());
1051 }
1052 else
1053 {
1054 /* program watchpoint unit to match on reset vector address */
1055 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1056 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1057 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1058 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1059 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1060 }
1061 }
1062
1063 /* here we should issue an SRST only, but we may have to assert TRST as well */
1064 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1065 {
1066 jtag_add_reset(1, 1);
1067 } else if (!srst_asserted)
1068 {
1069 jtag_add_reset(0, 1);
1070 }
1071
1072 target->state = TARGET_RESET;
1073 jtag_add_sleep(50000);
1074
1075 armv4_5_invalidate_core_regs(target);
1076
1077 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1078 {
1079 /* debug entry was already prepared in arm7_9_assert_reset() */
1080 target->debug_reason = DBG_REASON_DBGRQ;
1081 }
1082
1083 return ERROR_OK;
1084 }
1085
1086 /**
1087 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1088 * and the target is being reset into a halt, a warning will be triggered
1089 * because it is not possible to reset into a halted mode in this case. The
1090 * target is halted using the target's functions.
1091 *
1092 * @param target Pointer to the target to have the reset deasserted
1093 * @return ERROR_OK or an error from polling or halting the target
1094 */
1095 int arm7_9_deassert_reset(target_t *target)
1096 {
1097 int retval = ERROR_OK;
1098 LOG_DEBUG("target->state: %s",
1099 target_state_name(target));
1100
1101 /* deassert reset lines */
1102 jtag_add_reset(0, 0);
1103
1104 enum reset_types jtag_reset_config = jtag_get_reset_config();
1105 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1106 {
1107 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1108 /* set up embedded ice registers again */
1109 if ((retval = target_examine_one(target)) != ERROR_OK)
1110 return retval;
1111
1112 if ((retval = target_poll(target)) != ERROR_OK)
1113 {
1114 return retval;
1115 }
1116
1117 if ((retval = target_halt(target)) != ERROR_OK)
1118 {
1119 return retval;
1120 }
1121
1122 }
1123 return retval;
1124 }
1125
1126 /**
1127 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1128 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1129 * vector catch was used, it is restored. Otherwise, the control value is
1130 * restored and the watchpoint unit is restored if it was in use.
1131 *
1132 * @param target Pointer to the ARM7/9 target to have halt cleared
1133 * @return Always ERROR_OK
1134 */
1135 int arm7_9_clear_halt(target_t *target)
1136 {
1137 armv4_5_common_t *armv4_5 = target->arch_info;
1138 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1139 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1140
1141 /* we used DBGRQ only if we didn't come out of reset */
1142 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1143 {
1144 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1145 */
1146 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1147 embeddedice_store_reg(dbg_ctrl);
1148 }
1149 else
1150 {
1151 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1152 {
1153 /* if we came out of reset, and vector catch is supported, we used
1154 * vector catch to enter debug state
1155 * restore the register in that case
1156 */
1157 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1158 }
1159 else
1160 {
1161 /* restore registers if watchpoint unit 0 was in use
1162 */
1163 if (arm7_9->wp0_used)
1164 {
1165 if (arm7_9->debug_entry_from_reset)
1166 {
1167 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1168 }
1169 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1170 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1171 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1172 }
1173 /* control value always has to be restored, as it was either disabled,
1174 * or enabled with possibly different bits
1175 */
1176 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1177 }
1178 }
1179
1180 return ERROR_OK;
1181 }
1182
1183 /**
1184 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1185 * and then there is a wait until the processor shows the halt. This wait can
1186 * timeout and results in an error being returned. The software reset involves
1187 * clearing the halt, updating the debug control register, changing to ARM mode,
1188 * reset of the program counter, and reset of all of the registers.
1189 *
1190 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1191 * @return Error status if any of the commands fail, otherwise ERROR_OK
1192 */
1193 int arm7_9_soft_reset_halt(struct target_s *target)
1194 {
1195 armv4_5_common_t *armv4_5 = target->arch_info;
1196 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1197 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1198 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1199 int i;
1200 int retval;
1201
1202 /* FIX!!! replace some of this code with tcl commands
1203 *
1204 * halt # the halt command is synchronous
1205 * armv4_5 core_state arm
1206 *
1207 */
1208
1209 if ((retval = target_halt(target)) != ERROR_OK)
1210 return retval;
1211
1212 long long then = timeval_ms();
1213 int timeout;
1214 while (!(timeout = ((timeval_ms()-then) > 1000)))
1215 {
1216 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1217 break;
1218 embeddedice_read_reg(dbg_stat);
1219 if ((retval = jtag_execute_queue()) != ERROR_OK)
1220 return retval;
1221 if (debug_level >= 3)
1222 {
1223 alive_sleep(100);
1224 } else
1225 {
1226 keep_alive();
1227 }
1228 }
1229 if (timeout)
1230 {
1231 LOG_ERROR("Failed to halt CPU after 1 sec");
1232 return ERROR_TARGET_TIMEOUT;
1233 }
1234 target->state = TARGET_HALTED;
1235
1236 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1237 * ensure that DBGRQ is cleared
1238 */
1239 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1240 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1241 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1242 embeddedice_store_reg(dbg_ctrl);
1243
1244 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1245 {
1246 return retval;
1247 }
1248
1249 /* if the target is in Thumb state, change to ARM state */
1250 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1251 {
1252 uint32_t r0_thumb, pc_thumb;
1253 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1254 /* Entered debug from Thumb mode */
1255 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1256 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1257 }
1258
1259 /* all register content is now invalid */
1260 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1261 {
1262 return retval;
1263 }
1264
1265 /* SVC, ARM state, IRQ and FIQ disabled */
1266 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1267 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1268 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1269
1270 /* start fetching from 0x0 */
1271 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1272 armv4_5->core_cache->reg_list[15].dirty = 1;
1273 armv4_5->core_cache->reg_list[15].valid = 1;
1274
1275 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1276 armv4_5->core_state = ARMV4_5_STATE_ARM;
1277
1278 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1279 return ERROR_FAIL;
1280
1281 /* reset registers */
1282 for (i = 0; i <= 14; i++)
1283 {
1284 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1285 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1286 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1287 }
1288
1289 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1290 {
1291 return retval;
1292 }
1293
1294 return ERROR_OK;
1295 }
1296
1297 /**
1298 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1299 * line or by programming a watchpoint to trigger on any address. It is
1300 * considered a bug to call this function while the target is in the
1301 * TARGET_RESET state.
1302 *
1303 * @param target Pointer to the ARM7/9 target to be halted
1304 * @return Always ERROR_OK
1305 */
1306 int arm7_9_halt(target_t *target)
1307 {
1308 if (target->state == TARGET_RESET)
1309 {
1310 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1311 return ERROR_OK;
1312 }
1313
1314 armv4_5_common_t *armv4_5 = target->arch_info;
1315 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1316 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1317
1318 LOG_DEBUG("target->state: %s",
1319 target_state_name(target));
1320
1321 if (target->state == TARGET_HALTED)
1322 {
1323 LOG_DEBUG("target was already halted");
1324 return ERROR_OK;
1325 }
1326
1327 if (target->state == TARGET_UNKNOWN)
1328 {
1329 LOG_WARNING("target was in unknown state when halt was requested");
1330 }
1331
1332 if (arm7_9->use_dbgrq)
1333 {
1334 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1335 */
1336 if (arm7_9->set_special_dbgrq) {
1337 arm7_9->set_special_dbgrq(target);
1338 } else {
1339 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1340 embeddedice_store_reg(dbg_ctrl);
1341 }
1342 }
1343 else
1344 {
1345 /* program watchpoint unit to match on any address
1346 */
1347 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1348 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1349 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1350 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1351 }
1352
1353 target->debug_reason = DBG_REASON_DBGRQ;
1354
1355 return ERROR_OK;
1356 }
1357
1358 /**
1359 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1360 * ARM. The JTAG queue is then executed and the reason for debug entry is
1361 * examined. Once done, the target is verified to be halted and the processor
1362 * is forced into ARM mode. The core registers are saved for the current core
1363 * mode and the program counter (register 15) is updated as needed. The core
1364 * registers and CPSR and SPSR are saved for restoration later.
1365 *
1366 * @param target Pointer to target that is entering debug mode
1367 * @return Error code if anything fails, otherwise ERROR_OK
1368 */
1369 int arm7_9_debug_entry(target_t *target)
1370 {
1371 int i;
1372 uint32_t context[16];
1373 uint32_t* context_p[16];
1374 uint32_t r0_thumb, pc_thumb;
1375 uint32_t cpsr;
1376 int retval;
1377 /* get pointers to arch-specific information */
1378 armv4_5_common_t *armv4_5 = target->arch_info;
1379 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1380 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1381 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1382
1383 #ifdef _DEBUG_ARM7_9_
1384 LOG_DEBUG("-");
1385 #endif
1386
1387 if (arm7_9->pre_debug_entry)
1388 arm7_9->pre_debug_entry(target);
1389
1390 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1391 * ensure that DBGRQ is cleared
1392 */
1393 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1394 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1395 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1396 embeddedice_store_reg(dbg_ctrl);
1397
1398 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1399 {
1400 return retval;
1401 }
1402
1403 if ((retval = jtag_execute_queue()) != ERROR_OK)
1404 {
1405 return retval;
1406 }
1407
1408 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1409 return retval;
1410
1411
1412 if (target->state != TARGET_HALTED)
1413 {
1414 LOG_WARNING("target not halted");
1415 return ERROR_TARGET_NOT_HALTED;
1416 }
1417
1418 /* if the target is in Thumb state, change to ARM state */
1419 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1420 {
1421 LOG_DEBUG("target entered debug from Thumb state");
1422 /* Entered debug from Thumb mode */
1423 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1424 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1425 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1426 }
1427 else
1428 {
1429 LOG_DEBUG("target entered debug from ARM state");
1430 /* Entered debug from ARM mode */
1431 armv4_5->core_state = ARMV4_5_STATE_ARM;
1432 }
1433
1434 for (i = 0; i < 16; i++)
1435 context_p[i] = &context[i];
1436 /* save core registers (r0 - r15 of current core mode) */
1437 arm7_9->read_core_regs(target, 0xffff, context_p);
1438
1439 arm7_9->read_xpsr(target, &cpsr, 0);
1440
1441 if ((retval = jtag_execute_queue()) != ERROR_OK)
1442 return retval;
1443
1444 /* if the core has been executing in Thumb state, set the T bit */
1445 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1446 cpsr |= 0x20;
1447
1448 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1449 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1450 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1451
1452 armv4_5->core_mode = cpsr & 0x1f;
1453
1454 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1455 {
1456 target->state = TARGET_UNKNOWN;
1457 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1458 return ERROR_TARGET_FAILURE;
1459 }
1460
1461 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1462
1463 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1464 {
1465 LOG_DEBUG("thumb state, applying fixups");
1466 context[0] = r0_thumb;
1467 context[15] = pc_thumb;
1468 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1469 {
1470 /* adjust value stored by STM */
1471 context[15] -= 3 * 4;
1472 }
1473
1474 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1475 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1476 else
1477 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1478
1479 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1480 return ERROR_FAIL;
1481
1482 for (i = 0; i <= 15; i++)
1483 {
1484 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1485 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1486 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1487 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1488 }
1489
1490 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1491
1492 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1493 return ERROR_FAIL;
1494
1495 /* exceptions other than USR & SYS have a saved program status register */
1496 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1497 {
1498 uint32_t spsr;
1499 arm7_9->read_xpsr(target, &spsr, 1);
1500 if ((retval = jtag_execute_queue()) != ERROR_OK)
1501 {
1502 return retval;
1503 }
1504 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1505 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1506 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1507 }
1508
1509 /* r0 and r15 (pc) have to be restored later */
1510 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1511 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1512
1513 if ((retval = jtag_execute_queue()) != ERROR_OK)
1514 return retval;
1515
1516 if (arm7_9->post_debug_entry)
1517 arm7_9->post_debug_entry(target);
1518
1519 return ERROR_OK;
1520 }
1521
1522 /**
1523 * Validate the full context for an ARM7/9 target in all processor modes. If
1524 * there are any invalid registers for the target, they will all be read. This
1525 * includes the PSR.
1526 *
1527 * @param target Pointer to the ARM7/9 target to capture the full context from
1528 * @return Error if the target is not halted, has an invalid core mode, or if
1529 * the JTAG queue fails to execute
1530 */
1531 int arm7_9_full_context(target_t *target)
1532 {
1533 int i;
1534 int retval;
1535 armv4_5_common_t *armv4_5 = target->arch_info;
1536 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1537
1538 LOG_DEBUG("-");
1539
1540 if (target->state != TARGET_HALTED)
1541 {
1542 LOG_WARNING("target not halted");
1543 return ERROR_TARGET_NOT_HALTED;
1544 }
1545
1546 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1547 return ERROR_FAIL;
1548
1549 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1550 * SYS shares registers with User, so we don't touch SYS
1551 */
1552 for (i = 0; i < 6; i++)
1553 {
1554 uint32_t mask = 0;
1555 uint32_t* reg_p[16];
1556 int j;
1557 int valid = 1;
1558
1559 /* check if there are invalid registers in the current mode
1560 */
1561 for (j = 0; j <= 16; j++)
1562 {
1563 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1564 valid = 0;
1565 }
1566
1567 if (!valid)
1568 {
1569 uint32_t tmp_cpsr;
1570
1571 /* change processor mode (and mask T bit) */
1572 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1573 tmp_cpsr |= armv4_5_number_to_mode(i);
1574 tmp_cpsr &= ~0x20;
1575 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1576
1577 for (j = 0; j < 15; j++)
1578 {
1579 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1580 {
1581 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1582 mask |= 1 << j;
1583 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1584 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1585 }
1586 }
1587
1588 /* if only the PSR is invalid, mask is all zeroes */
1589 if (mask)
1590 arm7_9->read_core_regs(target, mask, reg_p);
1591
1592 /* check if the PSR has to be read */
1593 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1594 {
1595 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1596 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1597 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1598 }
1599 }
1600 }
1601
1602 /* restore processor mode (mask T bit) */
1603 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1604
1605 if ((retval = jtag_execute_queue()) != ERROR_OK)
1606 {
1607 return retval;
1608 }
1609 return ERROR_OK;
1610 }
1611
1612 /**
1613 * Restore the processor context on an ARM7/9 target. The full processor
1614 * context is analyzed to see if any of the registers are dirty on this end, but
1615 * have a valid new value. If this is the case, the processor is changed to the
1616 * appropriate mode and the new register values are written out to the
1617 * processor. If there happens to be a dirty register with an invalid value, an
1618 * error will be logged.
1619 *
1620 * @param target Pointer to the ARM7/9 target to have its context restored
1621 * @return Error status if the target is not halted or the core mode in the
1622 * armv4_5 struct is invalid.
1623 */
1624 int arm7_9_restore_context(target_t *target)
1625 {
1626 armv4_5_common_t *armv4_5 = target->arch_info;
1627 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1628 reg_t *reg;
1629 armv4_5_core_reg_t *reg_arch_info;
1630 enum armv4_5_mode current_mode = armv4_5->core_mode;
1631 int i, j;
1632 int dirty;
1633 int mode_change;
1634
1635 LOG_DEBUG("-");
1636
1637 if (target->state != TARGET_HALTED)
1638 {
1639 LOG_WARNING("target not halted");
1640 return ERROR_TARGET_NOT_HALTED;
1641 }
1642
1643 if (arm7_9->pre_restore_context)
1644 arm7_9->pre_restore_context(target);
1645
1646 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1647 return ERROR_FAIL;
1648
1649 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1650 * SYS shares registers with User, so we don't touch SYS
1651 */
1652 for (i = 0; i < 6; i++)
1653 {
1654 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1655 dirty = 0;
1656 mode_change = 0;
1657 /* check if there are dirty registers in the current mode
1658 */
1659 for (j = 0; j <= 16; j++)
1660 {
1661 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1662 reg_arch_info = reg->arch_info;
1663 if (reg->dirty == 1)
1664 {
1665 if (reg->valid == 1)
1666 {
1667 dirty = 1;
1668 LOG_DEBUG("examining dirty reg: %s", reg->name);
1669 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1670 && (reg_arch_info->mode != current_mode)
1671 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1672 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1673 {
1674 mode_change = 1;
1675 LOG_DEBUG("require mode change");
1676 }
1677 }
1678 else
1679 {
1680 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1681 }
1682 }
1683 }
1684
1685 if (dirty)
1686 {
1687 uint32_t mask = 0x0;
1688 int num_regs = 0;
1689 uint32_t regs[16];
1690
1691 if (mode_change)
1692 {
1693 uint32_t tmp_cpsr;
1694
1695 /* change processor mode (mask T bit) */
1696 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1697 tmp_cpsr |= armv4_5_number_to_mode(i);
1698 tmp_cpsr &= ~0x20;
1699 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1700 current_mode = armv4_5_number_to_mode(i);
1701 }
1702
1703 for (j = 0; j <= 14; j++)
1704 {
1705 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1706 reg_arch_info = reg->arch_info;
1707
1708
1709 if (reg->dirty == 1)
1710 {
1711 regs[j] = buf_get_u32(reg->value, 0, 32);
1712 mask |= 1 << j;
1713 num_regs++;
1714 reg->dirty = 0;
1715 reg->valid = 1;
1716 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1717 }
1718 }
1719
1720 if (mask)
1721 {
1722 arm7_9->write_core_regs(target, mask, regs);
1723 }
1724
1725 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1726 reg_arch_info = reg->arch_info;
1727 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1728 {
1729 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1730 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1731 }
1732 }
1733 }
1734
1735 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1736 {
1737 /* restore processor mode (mask T bit) */
1738 uint32_t tmp_cpsr;
1739
1740 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1741 tmp_cpsr |= armv4_5_number_to_mode(i);
1742 tmp_cpsr &= ~0x20;
1743 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1744 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1745 }
1746 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1747 {
1748 /* CPSR has been changed, full restore necessary (mask T bit) */
1749 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1750 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1751 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1752 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1753 }
1754
1755 /* restore PC */
1756 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1757 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1758 armv4_5->core_cache->reg_list[15].dirty = 0;
1759
1760 if (arm7_9->post_restore_context)
1761 arm7_9->post_restore_context(target);
1762
1763 return ERROR_OK;
1764 }
1765
1766 /**
1767 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1768 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1769 * restart.
1770 *
1771 * @param target Pointer to the ARM7/9 target to be restarted
1772 * @return Result of executing the JTAG queue
1773 */
1774 int arm7_9_restart_core(struct target_s *target)
1775 {
1776 armv4_5_common_t *armv4_5 = target->arch_info;
1777 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1778 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1779
1780 /* set RESTART instruction */
1781 jtag_set_end_state(TAP_IDLE);
1782 if (arm7_9->need_bypass_before_restart) {
1783 arm7_9->need_bypass_before_restart = 0;
1784 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1785 }
1786 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1787
1788 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1789 return jtag_execute_queue();
1790 }
1791
1792 /**
1793 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1794 * iterated through and are set on the target if they aren't already set.
1795 *
1796 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1797 */
1798 void arm7_9_enable_watchpoints(struct target_s *target)
1799 {
1800 watchpoint_t *watchpoint = target->watchpoints;
1801
1802 while (watchpoint)
1803 {
1804 if (watchpoint->set == 0)
1805 arm7_9_set_watchpoint(target, watchpoint);
1806 watchpoint = watchpoint->next;
1807 }
1808 }
1809
1810 /**
1811 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1812 * iterated through and are set on the target.
1813 *
1814 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1815 */
1816 void arm7_9_enable_breakpoints(struct target_s *target)
1817 {
1818 breakpoint_t *breakpoint = target->breakpoints;
1819
1820 /* set any pending breakpoints */
1821 while (breakpoint)
1822 {
1823 arm7_9_set_breakpoint(target, breakpoint);
1824 breakpoint = breakpoint->next;
1825 }
1826 }
1827
1828 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1829 {
1830 armv4_5_common_t *armv4_5 = target->arch_info;
1831 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1832 breakpoint_t *breakpoint = target->breakpoints;
1833 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1834 int err, retval = ERROR_OK;
1835
1836 LOG_DEBUG("-");
1837
1838 if (target->state != TARGET_HALTED)
1839 {
1840 LOG_WARNING("target not halted");
1841 return ERROR_TARGET_NOT_HALTED;
1842 }
1843
1844 if (!debug_execution)
1845 {
1846 target_free_all_working_areas(target);
1847 }
1848
1849 /* current = 1: continue on current pc, otherwise continue at <address> */
1850 if (!current)
1851 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1852
1853 uint32_t current_pc;
1854 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1855
1856 /* the front-end may request us not to handle breakpoints */
1857 if (handle_breakpoints)
1858 {
1859 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1860 {
1861 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1862 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1863 {
1864 return retval;
1865 }
1866
1867 /* calculate PC of next instruction */
1868 uint32_t next_pc;
1869 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1870 {
1871 uint32_t current_opcode;
1872 target_read_u32(target, current_pc, &current_opcode);
1873 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1874 return retval;
1875 }
1876
1877 LOG_DEBUG("enable single-step");
1878 arm7_9->enable_single_step(target, next_pc);
1879
1880 target->debug_reason = DBG_REASON_SINGLESTEP;
1881
1882 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1883 {
1884 return retval;
1885 }
1886
1887 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1888 arm7_9->branch_resume(target);
1889 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1890 {
1891 arm7_9->branch_resume_thumb(target);
1892 }
1893 else
1894 {
1895 LOG_ERROR("unhandled core state");
1896 return ERROR_FAIL;
1897 }
1898
1899 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1900 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1901 err = arm7_9_execute_sys_speed(target);
1902
1903 LOG_DEBUG("disable single-step");
1904 arm7_9->disable_single_step(target);
1905
1906 if (err != ERROR_OK)
1907 {
1908 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1909 {
1910 return retval;
1911 }
1912 target->state = TARGET_UNKNOWN;
1913 return err;
1914 }
1915
1916 arm7_9_debug_entry(target);
1917 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1918
1919 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1920 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1921 {
1922 return retval;
1923 }
1924 }
1925 }
1926
1927 /* enable any pending breakpoints and watchpoints */
1928 arm7_9_enable_breakpoints(target);
1929 arm7_9_enable_watchpoints(target);
1930
1931 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1932 {
1933 return retval;
1934 }
1935
1936 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1937 {
1938 arm7_9->branch_resume(target);
1939 }
1940 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1941 {
1942 arm7_9->branch_resume_thumb(target);
1943 }
1944 else
1945 {
1946 LOG_ERROR("unhandled core state");
1947 return ERROR_FAIL;
1948 }
1949
1950 /* deassert DBGACK and INTDIS */
1951 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1952 /* INTDIS only when we really resume, not during debug execution */
1953 if (!debug_execution)
1954 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1955 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1956
1957 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1958 {
1959 return retval;
1960 }
1961
1962 target->debug_reason = DBG_REASON_NOTHALTED;
1963
1964 if (!debug_execution)
1965 {
1966 /* registers are now invalid */
1967 armv4_5_invalidate_core_regs(target);
1968 target->state = TARGET_RUNNING;
1969 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1970 {
1971 return retval;
1972 }
1973 }
1974 else
1975 {
1976 target->state = TARGET_DEBUG_RUNNING;
1977 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1978 {
1979 return retval;
1980 }
1981 }
1982
1983 LOG_DEBUG("target resumed");
1984
1985 return ERROR_OK;
1986 }
1987
1988 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1989 {
1990 armv4_5_common_t *armv4_5 = target->arch_info;
1991 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1992
1993 uint32_t current_pc;
1994 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1995
1996 if (next_pc != current_pc)
1997 {
1998 /* setup an inverse breakpoint on the current PC
1999 * - comparator 1 matches the current address
2000 * - rangeout from comparator 1 is connected to comparator 0 rangein
2001 * - comparator 0 matches any address, as long as rangein is low */
2002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
2003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
2004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
2006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
2007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
2010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2011 }
2012 else
2013 {
2014 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
2015 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
2016 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
2017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
2018 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2019 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2020 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2021 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2022 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2023 }
2024 }
2025
2026 void arm7_9_disable_eice_step(target_t *target)
2027 {
2028 armv4_5_common_t *armv4_5 = target->arch_info;
2029 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2030
2031 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2032 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2033 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2034 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2035 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2036 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2037 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2038 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2039 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2040 }
2041
2042 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2043 {
2044 armv4_5_common_t *armv4_5 = target->arch_info;
2045 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2046 breakpoint_t *breakpoint = NULL;
2047 int err, retval;
2048
2049 if (target->state != TARGET_HALTED)
2050 {
2051 LOG_WARNING("target not halted");
2052 return ERROR_TARGET_NOT_HALTED;
2053 }
2054
2055 /* current = 1: continue on current pc, otherwise continue at <address> */
2056 if (!current)
2057 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2058
2059 uint32_t current_pc;
2060 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2061
2062 /* the front-end may request us not to handle breakpoints */
2063 if (handle_breakpoints)
2064 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2065 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2066 {
2067 return retval;
2068 }
2069
2070 target->debug_reason = DBG_REASON_SINGLESTEP;
2071
2072 /* calculate PC of next instruction */
2073 uint32_t next_pc;
2074 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2075 {
2076 uint32_t current_opcode;
2077 target_read_u32(target, current_pc, &current_opcode);
2078 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2079 return retval;
2080 }
2081
2082 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2083 {
2084 return retval;
2085 }
2086
2087 arm7_9->enable_single_step(target, next_pc);
2088
2089 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2090 {
2091 arm7_9->branch_resume(target);
2092 }
2093 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2094 {
2095 arm7_9->branch_resume_thumb(target);
2096 }
2097 else
2098 {
2099 LOG_ERROR("unhandled core state");
2100 return ERROR_FAIL;
2101 }
2102
2103 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2104 {
2105 return retval;
2106 }
2107
2108 err = arm7_9_execute_sys_speed(target);
2109 arm7_9->disable_single_step(target);
2110
2111 /* registers are now invalid */
2112 armv4_5_invalidate_core_regs(target);
2113
2114 if (err != ERROR_OK)
2115 {
2116 target->state = TARGET_UNKNOWN;
2117 } else {
2118 arm7_9_debug_entry(target);
2119 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2120 {
2121 return retval;
2122 }
2123 LOG_DEBUG("target stepped");
2124 }
2125
2126 if (breakpoint)
2127 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2128 {
2129 return retval;
2130 }
2131
2132 return err;
2133 }
2134
2135 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2136 {
2137 uint32_t* reg_p[16];
2138 uint32_t value;
2139 int retval;
2140 armv4_5_common_t *armv4_5 = target->arch_info;
2141 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2142
2143 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2144 return ERROR_FAIL;
2145
2146 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2147
2148 if ((num < 0) || (num > 16))
2149 return ERROR_INVALID_ARGUMENTS;
2150
2151 if ((mode != ARMV4_5_MODE_ANY)
2152 && (mode != armv4_5->core_mode)
2153 && (reg_mode != ARMV4_5_MODE_ANY))
2154 {
2155 uint32_t tmp_cpsr;
2156
2157 /* change processor mode (mask T bit) */
2158 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2159 tmp_cpsr |= mode;
2160 tmp_cpsr &= ~0x20;
2161 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2162 }
2163
2164 if ((num >= 0) && (num <= 15))
2165 {
2166 /* read a normal core register */
2167 reg_p[num] = &value;
2168
2169 arm7_9->read_core_regs(target, 1 << num, reg_p);
2170 }
2171 else
2172 {
2173 /* read a program status register
2174 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2175 */
2176 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2177 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2178
2179 arm7_9->read_xpsr(target, &value, spsr);
2180 }
2181
2182 if ((retval = jtag_execute_queue()) != ERROR_OK)
2183 {
2184 return retval;
2185 }
2186
2187 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2188 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2189 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2190
2191 if ((mode != ARMV4_5_MODE_ANY)
2192 && (mode != armv4_5->core_mode)
2193 && (reg_mode != ARMV4_5_MODE_ANY)) {
2194 /* restore processor mode (mask T bit) */
2195 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2196 }
2197
2198 return ERROR_OK;
2199 }
2200
2201 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2202 {
2203 uint32_t reg[16];
2204 armv4_5_common_t *armv4_5 = target->arch_info;
2205 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2206
2207 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2208 return ERROR_FAIL;
2209
2210 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2211
2212 if ((num < 0) || (num > 16))
2213 return ERROR_INVALID_ARGUMENTS;
2214
2215 if ((mode != ARMV4_5_MODE_ANY)
2216 && (mode != armv4_5->core_mode)
2217 && (reg_mode != ARMV4_5_MODE_ANY)) {
2218 uint32_t tmp_cpsr;
2219
2220 /* change processor mode (mask T bit) */
2221 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2222 tmp_cpsr |= mode;
2223 tmp_cpsr &= ~0x20;
2224 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2225 }
2226
2227 if ((num >= 0) && (num <= 15))
2228 {
2229 /* write a normal core register */
2230 reg[num] = value;
2231
2232 arm7_9->write_core_regs(target, 1 << num, reg);
2233 }
2234 else
2235 {
2236 /* write a program status register
2237 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2238 */
2239 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2240 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2241
2242 /* if we're writing the CPSR, mask the T bit */
2243 if (!spsr)
2244 value &= ~0x20;
2245
2246 arm7_9->write_xpsr(target, value, spsr);
2247 }
2248
2249 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2250 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2251
2252 if ((mode != ARMV4_5_MODE_ANY)
2253 && (mode != armv4_5->core_mode)
2254 && (reg_mode != ARMV4_5_MODE_ANY)) {
2255 /* restore processor mode (mask T bit) */
2256 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2257 }
2258
2259 return jtag_execute_queue();
2260 }
2261
2262 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2263 {
2264 armv4_5_common_t *armv4_5 = target->arch_info;
2265 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2266
2267 uint32_t reg[16];
2268 uint32_t num_accesses = 0;
2269 int thisrun_accesses;
2270 int i;
2271 uint32_t cpsr;
2272 int retval;
2273 int last_reg = 0;
2274
2275 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2276
2277 if (target->state != TARGET_HALTED)
2278 {
2279 LOG_WARNING("target not halted");
2280 return ERROR_TARGET_NOT_HALTED;
2281 }
2282
2283 /* sanitize arguments */
2284 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2285 return ERROR_INVALID_ARGUMENTS;
2286
2287 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2288 return ERROR_TARGET_UNALIGNED_ACCESS;
2289
2290 /* load the base register with the address of the first word */
2291 reg[0] = address;
2292 arm7_9->write_core_regs(target, 0x1, reg);
2293
2294 int j = 0;
2295
2296 switch (size)
2297 {
2298 case 4:
2299 while (num_accesses < count)
2300 {
2301 uint32_t reg_list;
2302 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2303 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2304
2305 if (last_reg <= thisrun_accesses)
2306 last_reg = thisrun_accesses;
2307
2308 arm7_9->load_word_regs(target, reg_list);
2309
2310 /* fast memory reads are only safe when the target is running
2311 * from a sufficiently high clock (32 kHz is usually too slow)
2312 */
2313 if (arm7_9->fast_memory_access)
2314 retval = arm7_9_execute_fast_sys_speed(target);
2315 else
2316 retval = arm7_9_execute_sys_speed(target);
2317 if (retval != ERROR_OK)
2318 return retval;
2319
2320 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2321
2322 /* advance buffer, count number of accesses */
2323 buffer += thisrun_accesses * 4;
2324 num_accesses += thisrun_accesses;
2325
2326 if ((j++%1024) == 0)
2327 {
2328 keep_alive();
2329 }
2330 }
2331 break;
2332 case 2:
2333 while (num_accesses < count)
2334 {
2335 uint32_t reg_list;
2336 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2337 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2338
2339 for (i = 1; i <= thisrun_accesses; i++)
2340 {
2341 if (i > last_reg)
2342 last_reg = i;
2343 arm7_9->load_hword_reg(target, i);
2344 /* fast memory reads are only safe when the target is running
2345 * from a sufficiently high clock (32 kHz is usually too slow)
2346 */
2347 if (arm7_9->fast_memory_access)
2348 retval = arm7_9_execute_fast_sys_speed(target);
2349 else
2350 retval = arm7_9_execute_sys_speed(target);
2351 if (retval != ERROR_OK)
2352 {
2353 return retval;
2354 }
2355
2356 }
2357
2358 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2359
2360 /* advance buffer, count number of accesses */
2361 buffer += thisrun_accesses * 2;
2362 num_accesses += thisrun_accesses;
2363
2364 if ((j++%1024) == 0)
2365 {
2366 keep_alive();
2367 }
2368 }
2369 break;
2370 case 1:
2371 while (num_accesses < count)
2372 {
2373 uint32_t reg_list;
2374 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2375 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2376
2377 for (i = 1; i <= thisrun_accesses; i++)
2378 {
2379 if (i > last_reg)
2380 last_reg = i;
2381 arm7_9->load_byte_reg(target, i);
2382 /* fast memory reads are only safe when the target is running
2383 * from a sufficiently high clock (32 kHz is usually too slow)
2384 */
2385 if (arm7_9->fast_memory_access)
2386 retval = arm7_9_execute_fast_sys_speed(target);
2387 else
2388 retval = arm7_9_execute_sys_speed(target);
2389 if (retval != ERROR_OK)
2390 {
2391 return retval;
2392 }
2393 }
2394
2395 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2396
2397 /* advance buffer, count number of accesses */
2398 buffer += thisrun_accesses * 1;
2399 num_accesses += thisrun_accesses;
2400
2401 if ((j++%1024) == 0)
2402 {
2403 keep_alive();
2404 }
2405 }
2406 break;
2407 default:
2408 LOG_ERROR("BUG: we shouldn't get here");
2409 exit(-1);
2410 break;
2411 }
2412
2413 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2414 return ERROR_FAIL;
2415
2416 for (i = 0; i <= last_reg; i++)
2417 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2418
2419 arm7_9->read_xpsr(target, &cpsr, 0);
2420 if ((retval = jtag_execute_queue()) != ERROR_OK)
2421 {
2422 LOG_ERROR("JTAG error while reading cpsr");
2423 return ERROR_TARGET_DATA_ABORT;
2424 }
2425
2426 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2427 {
2428 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2429
2430 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2431
2432 return ERROR_TARGET_DATA_ABORT;
2433 }
2434
2435 return ERROR_OK;
2436 }
2437
2438 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2439 {
2440 armv4_5_common_t *armv4_5 = target->arch_info;
2441 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2442 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2443
2444 uint32_t reg[16];
2445 uint32_t num_accesses = 0;
2446 int thisrun_accesses;
2447 int i;
2448 uint32_t cpsr;
2449 int retval;
2450 int last_reg = 0;
2451
2452 #ifdef _DEBUG_ARM7_9_
2453 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2454 #endif
2455
2456 if (target->state != TARGET_HALTED)
2457 {
2458 LOG_WARNING("target not halted");
2459 return ERROR_TARGET_NOT_HALTED;
2460 }
2461
2462 /* sanitize arguments */
2463 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2464 return ERROR_INVALID_ARGUMENTS;
2465
2466 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2467 return ERROR_TARGET_UNALIGNED_ACCESS;
2468
2469 /* load the base register with the address of the first word */
2470 reg[0] = address;
2471 arm7_9->write_core_regs(target, 0x1, reg);
2472
2473 /* Clear DBGACK, to make sure memory fetches work as expected */
2474 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2475 embeddedice_store_reg(dbg_ctrl);
2476
2477 switch (size)
2478 {
2479 case 4:
2480 while (num_accesses < count)
2481 {
2482 uint32_t reg_list;
2483 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2484 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2485
2486 for (i = 1; i <= thisrun_accesses; i++)
2487 {
2488 if (i > last_reg)
2489 last_reg = i;
2490 reg[i] = target_buffer_get_u32(target, buffer);
2491 buffer += 4;
2492 }
2493
2494 arm7_9->write_core_regs(target, reg_list, reg);
2495
2496 arm7_9->store_word_regs(target, reg_list);
2497
2498 /* fast memory writes are only safe when the target is running
2499 * from a sufficiently high clock (32 kHz is usually too slow)
2500 */
2501 if (arm7_9->fast_memory_access)
2502 retval = arm7_9_execute_fast_sys_speed(target);
2503 else
2504 retval = arm7_9_execute_sys_speed(target);
2505 if (retval != ERROR_OK)
2506 {
2507 return retval;
2508 }
2509
2510 num_accesses += thisrun_accesses;
2511 }
2512 break;
2513 case 2:
2514 while (num_accesses < count)
2515 {
2516 uint32_t reg_list;
2517 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2518 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2519
2520 for (i = 1; i <= thisrun_accesses; i++)
2521 {
2522 if (i > last_reg)
2523 last_reg = i;
2524 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2525 buffer += 2;
2526 }
2527
2528 arm7_9->write_core_regs(target, reg_list, reg);
2529
2530 for (i = 1; i <= thisrun_accesses; i++)
2531 {
2532 arm7_9->store_hword_reg(target, i);
2533
2534 /* fast memory writes are only safe when the target is running
2535 * from a sufficiently high clock (32 kHz is usually too slow)
2536 */
2537 if (arm7_9->fast_memory_access)
2538 retval = arm7_9_execute_fast_sys_speed(target);
2539 else
2540 retval = arm7_9_execute_sys_speed(target);
2541 if (retval != ERROR_OK)
2542 {
2543 return retval;
2544 }
2545 }
2546
2547 num_accesses += thisrun_accesses;
2548 }
2549 break;
2550 case 1:
2551 while (num_accesses < count)
2552 {
2553 uint32_t reg_list;
2554 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2555 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2556
2557 for (i = 1; i <= thisrun_accesses; i++)
2558 {
2559 if (i > last_reg)
2560 last_reg = i;
2561 reg[i] = *buffer++ & 0xff;
2562 }
2563
2564 arm7_9->write_core_regs(target, reg_list, reg);
2565
2566 for (i = 1; i <= thisrun_accesses; i++)
2567 {
2568 arm7_9->store_byte_reg(target, i);
2569 /* fast memory writes are only safe when the target is running
2570 * from a sufficiently high clock (32 kHz is usually too slow)
2571 */
2572 if (arm7_9->fast_memory_access)
2573 retval = arm7_9_execute_fast_sys_speed(target);
2574 else
2575 retval = arm7_9_execute_sys_speed(target);
2576 if (retval != ERROR_OK)
2577 {
2578 return retval;
2579 }
2580
2581 }
2582
2583 num_accesses += thisrun_accesses;
2584 }
2585 break;
2586 default:
2587 LOG_ERROR("BUG: we shouldn't get here");
2588 exit(-1);
2589 break;
2590 }
2591
2592 /* Re-Set DBGACK */
2593 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2594 embeddedice_store_reg(dbg_ctrl);
2595
2596 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2597 return ERROR_FAIL;
2598
2599 for (i = 0; i <= last_reg; i++)
2600 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2601
2602 arm7_9->read_xpsr(target, &cpsr, 0);
2603 if ((retval = jtag_execute_queue()) != ERROR_OK)
2604 {
2605 LOG_ERROR("JTAG error while reading cpsr");
2606 return ERROR_TARGET_DATA_ABORT;
2607 }
2608
2609 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2610 {
2611 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2612
2613 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2614
2615 return ERROR_TARGET_DATA_ABORT;
2616 }
2617
2618 return ERROR_OK;
2619 }
2620
2621 static int dcc_count;
2622 static uint8_t *dcc_buffer;
2623
2624 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2625 {
2626 int retval = ERROR_OK;
2627 armv4_5_common_t *armv4_5 = target->arch_info;
2628 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2629
2630 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2631 return retval;
2632
2633 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2634 int count = dcc_count;
2635 uint8_t *buffer = dcc_buffer;
2636 if (count > 2)
2637 {
2638 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2639 * core function repeated. */
2640 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2641 buffer += 4;
2642
2643 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2644 uint8_t reg_addr = ice_reg->addr & 0x1f;
2645 jtag_tap_t *tap;
2646 tap = ice_reg->jtag_info->tap;
2647
2648 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2649 buffer += (count-2)*4;
2650
2651 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2652 } else
2653 {
2654 int i;
2655 for (i = 0; i < count; i++)
2656 {
2657 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2658 buffer += 4;
2659 }
2660 }
2661
2662 if ((retval = target_halt(target))!= ERROR_OK)
2663 {
2664 return retval;
2665 }
2666 return target_wait_state(target, TARGET_HALTED, 500);
2667 }
2668
2669 static const uint32_t dcc_code[] =
2670 {
2671 /* r0 == input, points to memory buffer
2672 * r1 == scratch
2673 */
2674
2675 /* spin until DCC control (c0) reports data arrived */
2676 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2677 0xe3110001, /* tst r1, #1 */
2678 0x0afffffc, /* bne w */
2679
2680 /* read word from DCC (c1), write to memory */
2681 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2682 0xe4801004, /* str r1, [r0], #4 */
2683
2684 /* repeat */
2685 0xeafffff9 /* b w */
2686 };
2687
2688 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2689
2690 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2691 {
2692 int retval;
2693 armv4_5_common_t *armv4_5 = target->arch_info;
2694 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2695 int i;
2696
2697 if (!arm7_9->dcc_downloads)
2698 return target_write_memory(target, address, 4, count, buffer);
2699
2700 /* regrab previously allocated working_area, or allocate a new one */
2701 if (!arm7_9->dcc_working_area)
2702 {
2703 uint8_t dcc_code_buf[6 * 4];
2704
2705 /* make sure we have a working area */
2706 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2707 {
2708 LOG_INFO("no working area available, falling back to memory writes");
2709 return target_write_memory(target, address, 4, count, buffer);
2710 }
2711
2712 /* copy target instructions to target endianness */
2713 for (i = 0; i < 6; i++)
2714 {
2715 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2716 }
2717
2718 /* write DCC code to working area */
2719 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2720 {
2721 return retval;
2722 }
2723 }
2724
2725 armv4_5_algorithm_t armv4_5_info;
2726 reg_param_t reg_params[1];
2727
2728 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2729 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2730 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2731
2732 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2733
2734 buf_set_u32(reg_params[0].value, 0, 32, address);
2735
2736 dcc_count = count;
2737 dcc_buffer = buffer;
2738 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2739 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2740
2741 if (retval == ERROR_OK)
2742 {
2743 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2744 if (endaddress != (address + count*4))
2745 {
2746 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2747 retval = ERROR_FAIL;
2748 }
2749 }
2750
2751 destroy_reg_param(&reg_params[0]);
2752
2753 return retval;
2754 }
2755
2756 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2757 {
2758 working_area_t *crc_algorithm;
2759 armv4_5_algorithm_t armv4_5_info;
2760 reg_param_t reg_params[2];
2761 int retval;
2762
2763 static const uint32_t arm7_9_crc_code[] = {
2764 0xE1A02000, /* mov r2, r0 */
2765 0xE3E00000, /* mov r0, #0xffffffff */
2766 0xE1A03001, /* mov r3, r1 */
2767 0xE3A04000, /* mov r4, #0 */
2768 0xEA00000B, /* b ncomp */
2769 /* nbyte: */
2770 0xE7D21004, /* ldrb r1, [r2, r4] */
2771 0xE59F7030, /* ldr r7, CRC32XOR */
2772 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2773 0xE3A05000, /* mov r5, #0 */
2774 /* loop: */
2775 0xE3500000, /* cmp r0, #0 */
2776 0xE1A06080, /* mov r6, r0, asl #1 */
2777 0xE2855001, /* add r5, r5, #1 */
2778 0xE1A00006, /* mov r0, r6 */
2779 0xB0260007, /* eorlt r0, r6, r7 */
2780 0xE3550008, /* cmp r5, #8 */
2781 0x1AFFFFF8, /* bne loop */
2782 0xE2844001, /* add r4, r4, #1 */
2783 /* ncomp: */
2784 0xE1540003, /* cmp r4, r3 */
2785 0x1AFFFFF1, /* bne nbyte */
2786 /* end: */
2787 0xEAFFFFFE, /* b end */
2788 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2789 };
2790
2791 uint32_t i;
2792
2793 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2794 {
2795 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2796 }
2797
2798 /* convert flash writing code into a buffer in target endianness */
2799 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2800 {
2801 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2802 {
2803 return retval;
2804 }
2805 }
2806
2807 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2808 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2809 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2810
2811 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2812 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2813
2814 buf_set_u32(reg_params[0].value, 0, 32, address);
2815 buf_set_u32(reg_params[1].value, 0, 32, count);
2816
2817 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2818 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2819 {
2820 LOG_ERROR("error executing arm7_9 crc algorithm");
2821 destroy_reg_param(&reg_params[0]);
2822 destroy_reg_param(&reg_params[1]);
2823 target_free_working_area(target, crc_algorithm);
2824 return retval;
2825 }
2826
2827 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2828
2829 destroy_reg_param(&reg_params[0]);
2830 destroy_reg_param(&reg_params[1]);
2831
2832 target_free_working_area(target, crc_algorithm);
2833
2834 return ERROR_OK;
2835 }
2836
2837 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2838 {
2839 working_area_t *erase_check_algorithm;
2840 reg_param_t reg_params[3];
2841 armv4_5_algorithm_t armv4_5_info;
2842 int retval;
2843 uint32_t i;
2844
2845 static const uint32_t erase_check_code[] =
2846 {
2847 /* loop: */
2848 0xe4d03001, /* ldrb r3, [r0], #1 */
2849 0xe0022003, /* and r2, r2, r3 */
2850 0xe2511001, /* subs r1, r1, #1 */
2851 0x1afffffb, /* bne loop */
2852 /* end: */
2853 0xeafffffe /* b end */
2854 };
2855
2856 /* make sure we have a working area */
2857 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2858 {
2859 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2860 }
2861
2862 /* convert flash writing code into a buffer in target endianness */
2863 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2864 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2865 {
2866 return retval;
2867 }
2868
2869 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2870 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2871 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2872
2873 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2874 buf_set_u32(reg_params[0].value, 0, 32, address);
2875
2876 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2877 buf_set_u32(reg_params[1].value, 0, 32, count);
2878
2879 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2880 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2881
2882 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2883 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2884 {
2885 destroy_reg_param(&reg_params[0]);
2886 destroy_reg_param(&reg_params[1]);
2887 destroy_reg_param(&reg_params[2]);
2888 target_free_working_area(target, erase_check_algorithm);
2889 return 0;
2890 }
2891
2892 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2893
2894 destroy_reg_param(&reg_params[0]);
2895 destroy_reg_param(&reg_params[1]);
2896 destroy_reg_param(&reg_params[2]);
2897
2898 target_free_working_area(target, erase_check_algorithm);
2899
2900 return ERROR_OK;
2901 }
2902
2903 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2904 {
2905 command_t *arm7_9_cmd;
2906
2907 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2908
2909 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2910 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2911
2912 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2913
2914 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2915 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2916 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2917 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2918 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2919 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2920
2921 armv4_5_register_commands(cmd_ctx);
2922
2923 etm_register_commands(cmd_ctx);
2924
2925 return ERROR_OK;
2926 }
2927
2928 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2929 {
2930 uint32_t value;
2931 int spsr;
2932 int retval;
2933 target_t *target = get_current_target(cmd_ctx);
2934 armv4_5_common_t *armv4_5;
2935 arm7_9_common_t *arm7_9;
2936
2937 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2938 {
2939 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2940 return ERROR_OK;
2941 }
2942
2943 if (target->state != TARGET_HALTED)
2944 {
2945 command_print(cmd_ctx, "can't write registers while running");
2946 return ERROR_OK;
2947 }
2948
2949 if (argc < 2)
2950 {
2951 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2952 return ERROR_OK;
2953 }
2954
2955 value = strtoul(args[0], NULL, 0);
2956 spsr = strtol(args[1], NULL, 0);
2957
2958 /* if we're writing the CPSR, mask the T bit */
2959 if (!spsr)
2960 value &= ~0x20;
2961
2962 arm7_9->write_xpsr(target, value, spsr);
2963 if ((retval = jtag_execute_queue()) != ERROR_OK)
2964 {
2965 LOG_ERROR("JTAG error while writing to xpsr");
2966 return retval;
2967 }
2968
2969 return ERROR_OK;
2970 }
2971
2972 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2973 {
2974 uint32_t value;
2975 int rotate;
2976 int spsr;
2977 int retval;
2978 target_t *target = get_current_target(cmd_ctx);
2979 armv4_5_common_t *armv4_5;
2980 arm7_9_common_t *arm7_9;
2981
2982 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2983 {
2984 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2985 return ERROR_OK;
2986 }
2987
2988 if (target->state != TARGET_HALTED)
2989 {
2990 command_print(cmd_ctx, "can't write registers while running");
2991 return ERROR_OK;
2992 }
2993
2994 if (argc < 3)
2995 {
2996 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2997 return ERROR_OK;
2998 }
2999
3000 value = strtoul(args[0], NULL, 0);
3001 rotate = strtol(args[1], NULL, 0);
3002 spsr = strtol(args[2], NULL, 0);
3003
3004 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
3005 if ((retval = jtag_execute_queue()) != ERROR_OK)
3006 {
3007 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
3008 return retval;
3009 }
3010
3011 return ERROR_OK;
3012 }
3013
3014 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3015 {
3016 uint32_t value;
3017 uint32_t mode;
3018 int num;
3019 target_t *target = get_current_target(cmd_ctx);
3020 armv4_5_common_t *armv4_5;
3021 arm7_9_common_t *arm7_9;
3022
3023 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3024 {
3025 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3026 return ERROR_OK;
3027 }
3028
3029 if (target->state != TARGET_HALTED)
3030 {
3031 command_print(cmd_ctx, "can't write registers while running");
3032 return ERROR_OK;
3033 }
3034
3035 if (argc < 3)
3036 {
3037 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3038 return ERROR_OK;
3039 }
3040
3041 num = strtol(args[0], NULL, 0);
3042 mode = strtoul(args[1], NULL, 0);
3043 value = strtoul(args[2], NULL, 0);
3044
3045 return arm7_9_write_core_reg(target, num, mode, value);
3046 }
3047
3048 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3049 {
3050 target_t *target = get_current_target(cmd_ctx);
3051 armv4_5_common_t *armv4_5;
3052 arm7_9_common_t *arm7_9;
3053
3054 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3055 {
3056 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3057 return ERROR_OK;
3058 }
3059
3060 if (argc > 0)
3061 {
3062 if (strcmp("enable", args[0]) == 0)
3063 {
3064 arm7_9->use_dbgrq = 1;
3065 }
3066 else if (strcmp("disable", args[0]) == 0)
3067 {
3068 arm7_9->use_dbgrq = 0;
3069 }
3070 else
3071 {
3072 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3073 }
3074 }
3075
3076 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3077
3078 return ERROR_OK;
3079 }
3080
3081 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3082 {
3083 target_t *target = get_current_target(cmd_ctx);
3084 armv4_5_common_t *armv4_5;
3085 arm7_9_common_t *arm7_9;
3086
3087 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3088 {
3089 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3090 return ERROR_OK;
3091 }
3092
3093 if (argc > 0)
3094 {
3095 if (strcmp("enable", args[0]) == 0)
3096 {
3097 arm7_9->fast_memory_access = 1;
3098 }
3099 else if (strcmp("disable", args[0]) == 0)
3100 {
3101 arm7_9->fast_memory_access = 0;
3102 }
3103 else
3104 {
3105 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3106 }
3107 }
3108
3109 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3110
3111 return ERROR_OK;
3112 }
3113
3114 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3115 {
3116 target_t *target = get_current_target(cmd_ctx);
3117 armv4_5_common_t *armv4_5;
3118 arm7_9_common_t *arm7_9;
3119
3120 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3121 {
3122 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3123 return ERROR_OK;
3124 }
3125
3126 if (argc > 0)
3127 {
3128 if (strcmp("enable", args[0]) == 0)
3129 {
3130 arm7_9->dcc_downloads = 1;
3131 }
3132 else if (strcmp("disable", args[0]) == 0)
3133 {
3134 arm7_9->dcc_downloads = 0;
3135 }
3136 else
3137 {
3138 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3139 }
3140 }
3141
3142 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3143
3144 return ERROR_OK;
3145 }
3146
3147 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3148 {
3149 int retval = ERROR_OK;
3150 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3151
3152 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3153
3154 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3155 {
3156 return retval;
3157 }
3158
3159 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3160 arm7_9->wp_available_max = 2;
3161 arm7_9->sw_breakpoints_added = 0;
3162 arm7_9->sw_breakpoint_count = 0;
3163 arm7_9->breakpoint_count = 0;
3164 arm7_9->wp0_used = 0;
3165 arm7_9->wp1_used = 0;
3166 arm7_9->wp1_used_default = 0;
3167 arm7_9->use_dbgrq = 0;
3168
3169 arm7_9->etm_ctx = NULL;
3170 arm7_9->has_single_step = 0;
3171 arm7_9->has_monitor_mode = 0;
3172 arm7_9->has_vector_catch = 0;
3173
3174 arm7_9->debug_entry_from_reset = 0;
3175
3176 arm7_9->dcc_working_area = NULL;
3177
3178 arm7_9->fast_memory_access = fast_and_dangerous;
3179 arm7_9->dcc_downloads = fast_and_dangerous;
3180
3181 arm7_9->need_bypass_before_restart = 0;
3182
3183 armv4_5->arch_info = arm7_9;
3184 armv4_5->read_core_reg = arm7_9_read_core_reg;
3185 armv4_5->write_core_reg = arm7_9_write_core_reg;
3186 armv4_5->full_context = arm7_9_full_context;
3187
3188 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3189 {
3190 return retval;
3191 }
3192
3193 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3194 {
3195 return retval;
3196 }
3197
3198 return ERROR_OK;
3199 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)