Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Refactor code, create target_state_name()
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoints_added = 0;
65 arm7_9->wp0_used = 0;
66 arm7_9->wp1_used = arm7_9->wp1_used_default;
67 arm7_9->wp_available = arm7_9->wp_available_max;
68
69 return jtag_execute_queue();
70 }
71
72 /**
73 * Assign a watchpoint to one of the two available hardware comparators in an
74 * ARM7 or ARM9 target.
75 *
76 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
77 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 */
79 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
80 {
81 if (!arm7_9->wp0_used)
82 {
83 arm7_9->wp0_used = 1;
84 breakpoint->set = 1;
85 arm7_9->wp_available--;
86 }
87 else if (!arm7_9->wp1_used)
88 {
89 arm7_9->wp1_used = 1;
90 breakpoint->set = 2;
91 arm7_9->wp_available--;
92 }
93 else
94 {
95 LOG_ERROR("BUG: no hardware comparator available");
96 }
97 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
98 breakpoint->unique_id,
99 breakpoint->address,
100 breakpoint->set );
101 }
102
103 /**
104 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
105 *
106 * @param arm7_9 Pointer to common struct for ARM7/9 targets
107 * @return Error codes if there is a problem finding a watchpoint or the result
108 * of executing the JTAG queue
109 */
110 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
111 {
112 if (arm7_9->sw_breakpoints_added)
113 {
114 return ERROR_OK;
115 }
116 if (arm7_9->wp_available < 1)
117 {
118 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
119 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
120 }
121 arm7_9->wp_available--;
122
123 /* pick a breakpoint unit */
124 if (!arm7_9->wp0_used)
125 {
126 arm7_9->sw_breakpoints_added = 1;
127 arm7_9->wp0_used = 3;
128 } else if (!arm7_9->wp1_used)
129 {
130 arm7_9->sw_breakpoints_added = 2;
131 arm7_9->wp1_used = 3;
132 }
133 else
134 {
135 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
136 return ERROR_FAIL;
137 }
138
139 if (arm7_9->sw_breakpoints_added == 1)
140 {
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
146 }
147 else if (arm7_9->sw_breakpoints_added == 2)
148 {
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
154 }
155 else
156 {
157 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
158 return ERROR_FAIL;
159 }
160 LOG_DEBUG("SW BP using hw wp: %d",
161 arm7_9->sw_breakpoints_added );
162
163 return jtag_execute_queue();
164 }
165
166 /**
167 * Setup the common pieces for an ARM7/9 target after reset or on startup.
168 *
169 * @param target Pointer to an ARM7/9 target to setup
170 * @return Result of clearing the watchpoints on the target
171 */
172 int arm7_9_setup(target_t *target)
173 {
174 armv4_5_common_t *armv4_5 = target->arch_info;
175 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
176
177 return arm7_9_clear_watchpoints(arm7_9);
178 }
179
180 /**
181 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
182 * targets. A return of ERROR_OK signifies that the target is a valid target
183 * and that the pointers have been set properly.
184 *
185 * @param target Pointer to the target device to get the pointers from
186 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
187 * targets
188 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
189 * targets
190 * @return ERROR_OK if successful
191 */
192 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
193 {
194 armv4_5_common_t *armv4_5 = target->arch_info;
195 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
196
197 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
198 {
199 return -1;
200 }
201
202 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
203 {
204 return -1;
205 }
206
207 *armv4_5_p = armv4_5;
208 *arm7_9_p = arm7_9;
209
210 return ERROR_OK;
211 }
212
213 /**
214 * Set either a hardware or software breakpoint on an ARM7/9 target. The
215 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
216 * might have erased the values in Embedded ICE.
217 *
218 * @param target Pointer to the target device to set the breakpoints on
219 * @param breakpoint Pointer to the breakpoint to be set
220 * @return For hardware breakpoints, this is the result of executing the JTAG
221 * queue. For software breakpoints, this will be the status of the
222 * required memory reads and writes
223 */
224 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
225 {
226 armv4_5_common_t *armv4_5 = target->arch_info;
227 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
228 int retval = ERROR_OK;
229
230 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
231 breakpoint->unique_id,
232 breakpoint->address );
233
234 if (target->state != TARGET_HALTED)
235 {
236 LOG_WARNING("target not halted");
237 return ERROR_TARGET_NOT_HALTED;
238 }
239
240 if (breakpoint->type == BKPT_HARD)
241 {
242 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
243 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
244
245 /* reassign a hw breakpoint */
246 if (breakpoint->set == 0)
247 {
248 arm7_9_assign_wp(arm7_9, breakpoint);
249 }
250
251 if (breakpoint->set == 1)
252 {
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
258 }
259 else if (breakpoint->set == 2)
260 {
261 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
266 }
267 else
268 {
269 LOG_ERROR("BUG: no hardware comparator available");
270 return ERROR_OK;
271 }
272
273 retval = jtag_execute_queue();
274 }
275 else if (breakpoint->type == BKPT_SOFT)
276 {
277 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
278 return retval;
279
280 /* did we already set this breakpoint? */
281 if (breakpoint->set)
282 return ERROR_OK;
283
284 if (breakpoint->length == 4)
285 {
286 uint32_t verify = 0xffffffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
293 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->arm_bkpt)
303 {
304 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308 else
309 {
310 uint16_t verify = 0xffff;
311 /* keep the original instruction in target endianness */
312 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
313 {
314 return retval;
315 }
316 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
317 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
318 {
319 return retval;
320 }
321
322 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
323 {
324 return retval;
325 }
326 if (verify != arm7_9->thumb_bkpt)
327 {
328 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
329 return ERROR_OK;
330 }
331 }
332 breakpoint->set = 1;
333 }
334
335 return retval;
336 }
337
338 /**
339 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
340 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
341 * will be updated. Otherwise, the software breakpoint will be restored to its
342 * original instruction if it hasn't already been modified.
343 *
344 * @param target Pointer to ARM7/9 target to unset the breakpoint from
345 * @param breakpoint Pointer to breakpoint to be unset
346 * @return For hardware breakpoints, this is the result of executing the JTAG
347 * queue. For software breakpoints, this will be the status of the
348 * required memory reads and writes
349 */
350 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
351 {
352 int retval = ERROR_OK;
353
354 armv4_5_common_t *armv4_5 = target->arch_info;
355 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
356
357 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
358 breakpoint->unique_id,
359 breakpoint->address );
360
361 if (!breakpoint->set)
362 {
363 LOG_WARNING("breakpoint not set");
364 return ERROR_OK;
365 }
366
367 if (breakpoint->type == BKPT_HARD)
368 {
369 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
370 breakpoint->unique_id,
371 breakpoint->set );
372 if (breakpoint->set == 1)
373 {
374 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
375 arm7_9->wp0_used = 0;
376 arm7_9->wp_available++;
377 }
378 else if (breakpoint->set == 2)
379 {
380 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
381 arm7_9->wp1_used = 0;
382 arm7_9->wp_available++;
383 }
384 retval = jtag_execute_queue();
385 breakpoint->set = 0;
386 }
387 else
388 {
389 /* restore original instruction (kept in target endianness) */
390 if (breakpoint->length == 4)
391 {
392 uint32_t current_instr;
393 /* check that user program as not modified breakpoint instruction */
394 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
395 {
396 return retval;
397 }
398 if (current_instr == arm7_9->arm_bkpt)
399 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 }
404 else
405 {
406 uint16_t current_instr;
407 /* check that user program as not modified breakpoint instruction */
408 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
409 {
410 return retval;
411 }
412 if (current_instr == arm7_9->thumb_bkpt)
413 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 }
418 breakpoint->set = 0;
419 }
420
421 return retval;
422 }
423
424 /**
425 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
426 * dangling breakpoints and that the desired breakpoint can be added.
427 *
428 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
429 * @param breakpoint Pointer to the breakpoint to be added
430 * @return An error status if there is a problem adding the breakpoint or the
431 * result of setting the breakpoint
432 */
433 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
434 {
435 armv4_5_common_t *armv4_5 = target->arch_info;
436 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
437
438 if (target->state != TARGET_HALTED)
439 {
440 LOG_WARNING("target not halted");
441 return ERROR_TARGET_NOT_HALTED;
442 }
443
444 if (arm7_9->breakpoint_count == 0)
445 {
446 /* make sure we don't have any dangling breakpoints. This is vital upon
447 * GDB connect/disconnect
448 */
449 arm7_9_clear_watchpoints(arm7_9);
450 }
451
452 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
453 {
454 LOG_INFO("no watchpoint unit available for hardware breakpoint");
455 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
456 }
457
458 if ((breakpoint->length != 2) && (breakpoint->length != 4))
459 {
460 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
461 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
462 }
463
464 if (breakpoint->type == BKPT_HARD)
465 {
466 arm7_9_assign_wp(arm7_9, breakpoint);
467 }
468
469 arm7_9->breakpoint_count++;
470
471 return arm7_9_set_breakpoint(target, breakpoint);
472 }
473
474 /**
475 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
476 * dangling breakpoints and updates available watchpoints if it is a hardware
477 * breakpoint.
478 *
479 * @param target Pointer to the target to have a breakpoint removed
480 * @param breakpoint Pointer to the breakpoint to be removed
481 * @return Error status if there was a problem unsetting the breakpoint or the
482 * watchpoints could not be cleared
483 */
484 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
485 {
486 int retval = ERROR_OK;
487 armv4_5_common_t *armv4_5 = target->arch_info;
488 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
489
490 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
491 {
492 return retval;
493 }
494
495 if (breakpoint->type == BKPT_HARD)
496 arm7_9->wp_available++;
497
498 arm7_9->breakpoint_count--;
499 if (arm7_9->breakpoint_count == 0)
500 {
501 /* make sure we don't have any dangling breakpoints */
502 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
503 {
504 return retval;
505 }
506 }
507
508 return ERROR_OK;
509 }
510
511 /**
512 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
513 * considered a bug to call this function when there are no available watchpoint
514 * units.
515 *
516 * @param target Pointer to an ARM7/9 target to set a watchpoint on
517 * @param watchpoint Pointer to the watchpoint to be set
518 * @return Error status if watchpoint set fails or the result of executing the
519 * JTAG queue
520 */
521 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
522 {
523 int retval = ERROR_OK;
524 armv4_5_common_t *armv4_5 = target->arch_info;
525 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
526 int rw_mask = 1;
527 uint32_t mask;
528
529 mask = watchpoint->length - 1;
530
531 if (target->state != TARGET_HALTED)
532 {
533 LOG_WARNING("target not halted");
534 return ERROR_TARGET_NOT_HALTED;
535 }
536
537 if (watchpoint->rw == WPT_ACCESS)
538 rw_mask = 0;
539 else
540 rw_mask = 1;
541
542 if (!arm7_9->wp0_used)
543 {
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
547 if (watchpoint->mask != 0xffffffffu)
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
551
552 if ((retval = jtag_execute_queue()) != ERROR_OK)
553 {
554 return retval;
555 }
556 watchpoint->set = 1;
557 arm7_9->wp0_used = 2;
558 }
559 else if (!arm7_9->wp1_used)
560 {
561 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
564 if (watchpoint->mask != 0xffffffffu)
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
566 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
568
569 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 {
571 return retval;
572 }
573 watchpoint->set = 2;
574 arm7_9->wp1_used = 2;
575 }
576 else
577 {
578 LOG_ERROR("BUG: no hardware comparator available");
579 return ERROR_OK;
580 }
581
582 return ERROR_OK;
583 }
584
585 /**
586 * Unset an existing watchpoint and clear the used watchpoint unit.
587 *
588 * @param target Pointer to the target to have the watchpoint removed
589 * @param watchpoint Pointer to the watchpoint to be removed
590 * @return Error status while trying to unset the watchpoint or the result of
591 * executing the JTAG queue
592 */
593 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
594 {
595 int retval = ERROR_OK;
596 armv4_5_common_t *armv4_5 = target->arch_info;
597 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
598
599 if (target->state != TARGET_HALTED)
600 {
601 LOG_WARNING("target not halted");
602 return ERROR_TARGET_NOT_HALTED;
603 }
604
605 if (!watchpoint->set)
606 {
607 LOG_WARNING("breakpoint not set");
608 return ERROR_OK;
609 }
610
611 if (watchpoint->set == 1)
612 {
613 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
614 if ((retval = jtag_execute_queue()) != ERROR_OK)
615 {
616 return retval;
617 }
618 arm7_9->wp0_used = 0;
619 }
620 else if (watchpoint->set == 2)
621 {
622 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
623 if ((retval = jtag_execute_queue()) != ERROR_OK)
624 {
625 return retval;
626 }
627 arm7_9->wp1_used = 0;
628 }
629 watchpoint->set = 0;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
636 * available, an error response is returned.
637 *
638 * @param target Pointer to the ARM7/9 target to add a watchpoint to
639 * @param watchpoint Pointer to the watchpoint to be added
640 * @return Error status while trying to add the watchpoint
641 */
642 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
643 {
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646
647 if (target->state != TARGET_HALTED)
648 {
649 LOG_WARNING("target not halted");
650 return ERROR_TARGET_NOT_HALTED;
651 }
652
653 if (arm7_9->wp_available < 1)
654 {
655 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
656 }
657
658 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
659 {
660 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
661 }
662
663 arm7_9->wp_available--;
664
665 return ERROR_OK;
666 }
667
668 /**
669 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
670 * the used watchpoint unit will be reopened.
671 *
672 * @param target Pointer to the target to remove a watchpoint from
673 * @param watchpoint Pointer to the watchpoint to be removed
674 * @return Result of trying to unset the watchpoint
675 */
676 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
677 {
678 int retval = ERROR_OK;
679 armv4_5_common_t *armv4_5 = target->arch_info;
680 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
681
682 if (watchpoint->set)
683 {
684 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
685 {
686 return retval;
687 }
688 }
689
690 arm7_9->wp_available++;
691
692 return ERROR_OK;
693 }
694
695 /**
696 * Restarts the target by sending a RESTART instruction and moving the JTAG
697 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
698 * asserted by the processor.
699 *
700 * @param target Pointer to target to issue commands to
701 * @return Error status if there is a timeout or a problem while executing the
702 * JTAG queue
703 */
704 int arm7_9_execute_sys_speed(struct target_s *target)
705 {
706 int retval;
707
708 armv4_5_common_t *armv4_5 = target->arch_info;
709 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
710 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
711 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
712
713 /* set RESTART instruction */
714 jtag_set_end_state(TAP_IDLE);
715 if (arm7_9->need_bypass_before_restart) {
716 arm7_9->need_bypass_before_restart = 0;
717 arm_jtag_set_instr(jtag_info, 0xf, NULL);
718 }
719 arm_jtag_set_instr(jtag_info, 0x4, NULL);
720
721 long long then = timeval_ms();
722 int timeout;
723 while (!(timeout = ((timeval_ms()-then) > 1000)))
724 {
725 /* read debug status register */
726 embeddedice_read_reg(dbg_stat);
727 if ((retval = jtag_execute_queue()) != ERROR_OK)
728 return retval;
729 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
730 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
731 break;
732 if (debug_level >= 3)
733 {
734 alive_sleep(100);
735 } else
736 {
737 keep_alive();
738 }
739 }
740 if (timeout)
741 {
742 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
743 return ERROR_TARGET_TIMEOUT;
744 }
745
746 return ERROR_OK;
747 }
748
749 /**
750 * Restarts the target by sending a RESTART instruction and moving the JTAG
751 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
752 * waiting until they are.
753 *
754 * @param target Pointer to the target to issue commands to
755 * @return Always ERROR_OK
756 */
757 int arm7_9_execute_fast_sys_speed(struct target_s *target)
758 {
759 static int set = 0;
760 static uint8_t check_value[4], check_mask[4];
761
762 armv4_5_common_t *armv4_5 = target->arch_info;
763 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
764 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
765 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
766
767 /* set RESTART instruction */
768 jtag_set_end_state(TAP_IDLE);
769 if (arm7_9->need_bypass_before_restart) {
770 arm7_9->need_bypass_before_restart = 0;
771 arm_jtag_set_instr(jtag_info, 0xf, NULL);
772 }
773 arm_jtag_set_instr(jtag_info, 0x4, NULL);
774
775 if (!set)
776 {
777 /* check for DBGACK and SYSCOMP set (others don't care) */
778
779 /* NB! These are constants that must be available until after next jtag_execute() and
780 * we evaluate the values upon first execution in lieu of setting up these constants
781 * during early setup.
782 * */
783 buf_set_u32(check_value, 0, 32, 0x9);
784 buf_set_u32(check_mask, 0, 32, 0x9);
785 set = 1;
786 }
787
788 /* read debug status register */
789 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
790
791 return ERROR_OK;
792 }
793
794 /**
795 * Get some data from the ARM7/9 target.
796 *
797 * @param target Pointer to the ARM7/9 target to read data from
798 * @param size The number of 32bit words to be read
799 * @param buffer Pointer to the buffer that will hold the data
800 * @return The result of receiving data from the Embedded ICE unit
801 */
802 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
803 {
804 armv4_5_common_t *armv4_5 = target->arch_info;
805 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
806 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
807 uint32_t *data;
808 int retval = ERROR_OK;
809 uint32_t i;
810
811 data = malloc(size * (sizeof(uint32_t)));
812
813 retval = embeddedice_receive(jtag_info, data, size);
814
815 /* return the 32-bit ints in the 8-bit array */
816 for (i = 0; i < size; i++)
817 {
818 h_u32_to_le(buffer + (i * 4), data[i]);
819 }
820
821 free(data);
822
823 return retval;
824 }
825
826 /**
827 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
828 * target is running and the DCC control register has the W bit high, this will
829 * execute the request on the target.
830 *
831 * @param priv Void pointer expected to be a target_t pointer
832 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
833 * from the Embedded ICE unit
834 */
835 int arm7_9_handle_target_request(void *priv)
836 {
837 int retval = ERROR_OK;
838 target_t *target = priv;
839 if (!target_was_examined(target))
840 return ERROR_OK;
841 armv4_5_common_t *armv4_5 = target->arch_info;
842 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
843 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
844 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
845
846 if (!target->dbg_msg_enabled)
847 return ERROR_OK;
848
849 if (target->state == TARGET_RUNNING)
850 {
851 /* read DCC control register */
852 embeddedice_read_reg(dcc_control);
853 if ((retval = jtag_execute_queue()) != ERROR_OK)
854 {
855 return retval;
856 }
857
858 /* check W bit */
859 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
860 {
861 uint32_t request;
862
863 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
864 {
865 return retval;
866 }
867 if ((retval = target_request(target, request)) != ERROR_OK)
868 {
869 return retval;
870 }
871 }
872 }
873
874 return ERROR_OK;
875 }
876
877 /**
878 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
879 * is manipulated to the right halted state based on its current state. This is
880 * what happens:
881 *
882 * <table>
883 * <tr><th > State</th><th > Action</th></tr>
884 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
885 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
886 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
887 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
888 * </table>
889 *
890 * If the target does not end up in the halted state, a warning is produced. If
891 * DBGACK is cleared, then the target is expected to either be running or
892 * running in debug.
893 *
894 * @param target Pointer to the ARM7/9 target to poll
895 * @return ERROR_OK or an error status if a command fails
896 */
897 int arm7_9_poll(target_t *target)
898 {
899 int retval;
900 armv4_5_common_t *armv4_5 = target->arch_info;
901 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
902 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
903
904 /* read debug status register */
905 embeddedice_read_reg(dbg_stat);
906 if ((retval = jtag_execute_queue()) != ERROR_OK)
907 {
908 return retval;
909 }
910
911 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
912 {
913 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
914 if (target->state == TARGET_UNKNOWN)
915 {
916 target->state = TARGET_RUNNING;
917 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
918 }
919 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
920 {
921 int check_pc = 0;
922 if (target->state == TARGET_RESET)
923 {
924 if (target->reset_halt)
925 {
926 enum reset_types jtag_reset_config = jtag_get_reset_config();
927 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
928 {
929 check_pc = 1;
930 }
931 }
932 }
933
934 target->state = TARGET_HALTED;
935
936 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
937 return retval;
938
939 if (check_pc)
940 {
941 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
942 uint32_t t=*((uint32_t *)reg->value);
943 if (t != 0)
944 {
945 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
946 }
947 }
948
949 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
950 {
951 return retval;
952 }
953 }
954 if (target->state == TARGET_DEBUG_RUNNING)
955 {
956 target->state = TARGET_HALTED;
957 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
958 return retval;
959
960 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
961 {
962 return retval;
963 }
964 }
965 if (target->state != TARGET_HALTED)
966 {
967 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
968 }
969 }
970 else
971 {
972 if (target->state != TARGET_DEBUG_RUNNING)
973 target->state = TARGET_RUNNING;
974 }
975
976 return ERROR_OK;
977 }
978
979 /**
980 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
981 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
982 * affected) completely stop the JTAG clock while the core is held in reset
983 * (SRST). It isn't possible to program the halt condition once reset is
984 * asserted, hence a hook that allows the target to set up its reset-halt
985 * condition is setup prior to asserting reset.
986 *
987 * @param target Pointer to an ARM7/9 target to assert reset on
988 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
989 */
990 int arm7_9_assert_reset(target_t *target)
991 {
992 armv4_5_common_t *armv4_5 = target->arch_info;
993 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
994 LOG_DEBUG("target->state: %s",
995 target_state_name(target));
996
997 enum reset_types jtag_reset_config = jtag_get_reset_config();
998 if (!(jtag_reset_config & RESET_HAS_SRST))
999 {
1000 LOG_ERROR("Can't assert SRST");
1001 return ERROR_FAIL;
1002 }
1003
1004 if (target->reset_halt)
1005 {
1006 /*
1007 * Some targets do not support communication while SRST is asserted. We need to
1008 * set up the reset vector catch here.
1009 *
1010 * If TRST is asserted, then these settings will be reset anyway, so setting them
1011 * here is harmless.
1012 */
1013 if (arm7_9->has_vector_catch)
1014 {
1015 /* program vector catch register to catch reset vector */
1016 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1017 }
1018 else
1019 {
1020 /* program watchpoint unit to match on reset vector address */
1021 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1022 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1023 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1024 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1025 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1026 }
1027 }
1028
1029 /* here we should issue an SRST only, but we may have to assert TRST as well */
1030 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1031 {
1032 jtag_add_reset(1, 1);
1033 } else
1034 {
1035 jtag_add_reset(0, 1);
1036 }
1037
1038 target->state = TARGET_RESET;
1039 jtag_add_sleep(50000);
1040
1041 armv4_5_invalidate_core_regs(target);
1042
1043 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1044 {
1045 /* debug entry was already prepared in arm7_9_assert_reset() */
1046 target->debug_reason = DBG_REASON_DBGRQ;
1047 }
1048
1049 return ERROR_OK;
1050 }
1051
1052 /**
1053 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1054 * and the target is being reset into a halt, a warning will be triggered
1055 * because it is not possible to reset into a halted mode in this case. The
1056 * target is halted using the target's functions.
1057 *
1058 * @param target Pointer to the target to have the reset deasserted
1059 * @return ERROR_OK or an error from polling or halting the target
1060 */
1061 int arm7_9_deassert_reset(target_t *target)
1062 {
1063 int retval = ERROR_OK;
1064 LOG_DEBUG("target->state: %s",
1065 target_state_name(target));
1066
1067 /* deassert reset lines */
1068 jtag_add_reset(0, 0);
1069
1070 enum reset_types jtag_reset_config = jtag_get_reset_config();
1071 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1072 {
1073 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1074 /* set up embedded ice registers again */
1075 if ((retval = target_examine_one(target)) != ERROR_OK)
1076 return retval;
1077
1078 if ((retval = target_poll(target)) != ERROR_OK)
1079 {
1080 return retval;
1081 }
1082
1083 if ((retval = target_halt(target)) != ERROR_OK)
1084 {
1085 return retval;
1086 }
1087
1088 }
1089 return retval;
1090 }
1091
1092 /**
1093 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1094 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1095 * vector catch was used, it is restored. Otherwise, the control value is
1096 * restored and the watchpoint unit is restored if it was in use.
1097 *
1098 * @param target Pointer to the ARM7/9 target to have halt cleared
1099 * @return Always ERROR_OK
1100 */
1101 int arm7_9_clear_halt(target_t *target)
1102 {
1103 armv4_5_common_t *armv4_5 = target->arch_info;
1104 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1105 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1106
1107 /* we used DBGRQ only if we didn't come out of reset */
1108 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1109 {
1110 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1111 */
1112 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1113 embeddedice_store_reg(dbg_ctrl);
1114 }
1115 else
1116 {
1117 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1118 {
1119 /* if we came out of reset, and vector catch is supported, we used
1120 * vector catch to enter debug state
1121 * restore the register in that case
1122 */
1123 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1124 }
1125 else
1126 {
1127 /* restore registers if watchpoint unit 0 was in use
1128 */
1129 if (arm7_9->wp0_used)
1130 {
1131 if (arm7_9->debug_entry_from_reset)
1132 {
1133 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1134 }
1135 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1136 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1137 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1138 }
1139 /* control value always has to be restored, as it was either disabled,
1140 * or enabled with possibly different bits
1141 */
1142 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1143 }
1144 }
1145
1146 return ERROR_OK;
1147 }
1148
1149 /**
1150 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1151 * and then there is a wait until the processor shows the halt. This wait can
1152 * timeout and results in an error being returned. The software reset involves
1153 * clearing the halt, updating the debug control register, changing to ARM mode,
1154 * reset of the program counter, and reset of all of the registers.
1155 *
1156 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1157 * @return Error status if any of the commands fail, otherwise ERROR_OK
1158 */
1159 int arm7_9_soft_reset_halt(struct target_s *target)
1160 {
1161 armv4_5_common_t *armv4_5 = target->arch_info;
1162 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1163 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1164 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1165 int i;
1166 int retval;
1167
1168 if ((retval = target_halt(target)) != ERROR_OK)
1169 return retval;
1170
1171 long long then = timeval_ms();
1172 int timeout;
1173 while (!(timeout = ((timeval_ms()-then) > 1000)))
1174 {
1175 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1176 break;
1177 embeddedice_read_reg(dbg_stat);
1178 if ((retval = jtag_execute_queue()) != ERROR_OK)
1179 return retval;
1180 if (debug_level >= 3)
1181 {
1182 alive_sleep(100);
1183 } else
1184 {
1185 keep_alive();
1186 }
1187 }
1188 if (timeout)
1189 {
1190 LOG_ERROR("Failed to halt CPU after 1 sec");
1191 return ERROR_TARGET_TIMEOUT;
1192 }
1193 target->state = TARGET_HALTED;
1194
1195 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1196 * ensure that DBGRQ is cleared
1197 */
1198 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1200 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1201 embeddedice_store_reg(dbg_ctrl);
1202
1203 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1204 {
1205 return retval;
1206 }
1207
1208 /* if the target is in Thumb state, change to ARM state */
1209 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1210 {
1211 uint32_t r0_thumb, pc_thumb;
1212 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1213 /* Entered debug from Thumb mode */
1214 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1215 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1216 }
1217
1218 /* all register content is now invalid */
1219 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1220 {
1221 return retval;
1222 }
1223
1224 /* SVC, ARM state, IRQ and FIQ disabled */
1225 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1226 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1227 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1228
1229 /* start fetching from 0x0 */
1230 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1231 armv4_5->core_cache->reg_list[15].dirty = 1;
1232 armv4_5->core_cache->reg_list[15].valid = 1;
1233
1234 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1235 armv4_5->core_state = ARMV4_5_STATE_ARM;
1236
1237 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1238 return ERROR_FAIL;
1239
1240 /* reset registers */
1241 for (i = 0; i <= 14; i++)
1242 {
1243 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1244 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1245 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1246 }
1247
1248 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1249 {
1250 return retval;
1251 }
1252
1253 return ERROR_OK;
1254 }
1255
1256 /**
1257 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1258 * line or by programming a watchpoint to trigger on any address. It is
1259 * considered a bug to call this function while the target is in the
1260 * TARGET_RESET state.
1261 *
1262 * @param target Pointer to the ARM7/9 target to be halted
1263 * @return Always ERROR_OK
1264 */
1265 int arm7_9_halt(target_t *target)
1266 {
1267 if (target->state == TARGET_RESET)
1268 {
1269 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1270 return ERROR_OK;
1271 }
1272
1273 armv4_5_common_t *armv4_5 = target->arch_info;
1274 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1275 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1276
1277 LOG_DEBUG("target->state: %s",
1278 target_state_name(target));
1279
1280 if (target->state == TARGET_HALTED)
1281 {
1282 LOG_DEBUG("target was already halted");
1283 return ERROR_OK;
1284 }
1285
1286 if (target->state == TARGET_UNKNOWN)
1287 {
1288 LOG_WARNING("target was in unknown state when halt was requested");
1289 }
1290
1291 if (arm7_9->use_dbgrq)
1292 {
1293 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1294 */
1295 if (arm7_9->set_special_dbgrq) {
1296 arm7_9->set_special_dbgrq(target);
1297 } else {
1298 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1299 embeddedice_store_reg(dbg_ctrl);
1300 }
1301 }
1302 else
1303 {
1304 /* program watchpoint unit to match on any address
1305 */
1306 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1307 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1308 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1309 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1310 }
1311
1312 target->debug_reason = DBG_REASON_DBGRQ;
1313
1314 return ERROR_OK;
1315 }
1316
1317 /**
1318 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1319 * ARM. The JTAG queue is then executed and the reason for debug entry is
1320 * examined. Once done, the target is verified to be halted and the processor
1321 * is forced into ARM mode. The core registers are saved for the current core
1322 * mode and the program counter (register 15) is updated as needed. The core
1323 * registers and CPSR and SPSR are saved for restoration later.
1324 *
1325 * @param target Pointer to target that is entering debug mode
1326 * @return Error code if anything fails, otherwise ERROR_OK
1327 */
1328 int arm7_9_debug_entry(target_t *target)
1329 {
1330 int i;
1331 uint32_t context[16];
1332 uint32_t* context_p[16];
1333 uint32_t r0_thumb, pc_thumb;
1334 uint32_t cpsr;
1335 int retval;
1336 /* get pointers to arch-specific information */
1337 armv4_5_common_t *armv4_5 = target->arch_info;
1338 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1339 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1340 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1341
1342 #ifdef _DEBUG_ARM7_9_
1343 LOG_DEBUG("-");
1344 #endif
1345
1346 if (arm7_9->pre_debug_entry)
1347 arm7_9->pre_debug_entry(target);
1348
1349 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1350 * ensure that DBGRQ is cleared
1351 */
1352 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1353 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1354 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1355 embeddedice_store_reg(dbg_ctrl);
1356
1357 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1358 {
1359 return retval;
1360 }
1361
1362 if ((retval = jtag_execute_queue()) != ERROR_OK)
1363 {
1364 return retval;
1365 }
1366
1367 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1368 return retval;
1369
1370
1371 if (target->state != TARGET_HALTED)
1372 {
1373 LOG_WARNING("target not halted");
1374 return ERROR_TARGET_NOT_HALTED;
1375 }
1376
1377 /* if the target is in Thumb state, change to ARM state */
1378 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1379 {
1380 LOG_DEBUG("target entered debug from Thumb state");
1381 /* Entered debug from Thumb mode */
1382 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1383 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1384 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1385 }
1386 else
1387 {
1388 LOG_DEBUG("target entered debug from ARM state");
1389 /* Entered debug from ARM mode */
1390 armv4_5->core_state = ARMV4_5_STATE_ARM;
1391 }
1392
1393 for (i = 0; i < 16; i++)
1394 context_p[i] = &context[i];
1395 /* save core registers (r0 - r15 of current core mode) */
1396 arm7_9->read_core_regs(target, 0xffff, context_p);
1397
1398 arm7_9->read_xpsr(target, &cpsr, 0);
1399
1400 if ((retval = jtag_execute_queue()) != ERROR_OK)
1401 return retval;
1402
1403 /* if the core has been executing in Thumb state, set the T bit */
1404 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1405 cpsr |= 0x20;
1406
1407 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1408 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1409 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1410
1411 armv4_5->core_mode = cpsr & 0x1f;
1412
1413 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1414 {
1415 target->state = TARGET_UNKNOWN;
1416 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1417 return ERROR_TARGET_FAILURE;
1418 }
1419
1420 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1421
1422 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1423 {
1424 LOG_DEBUG("thumb state, applying fixups");
1425 context[0] = r0_thumb;
1426 context[15] = pc_thumb;
1427 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1428 {
1429 /* adjust value stored by STM */
1430 context[15] -= 3 * 4;
1431 }
1432
1433 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1434 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1435 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1436 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1437 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1438 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1439 else if (target->debug_reason == DBG_REASON_DBGRQ)
1440 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1441 else
1442 {
1443 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1444 }
1445
1446 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1447 return ERROR_FAIL;
1448
1449 for (i = 0; i <= 15; i++)
1450 {
1451 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1452 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1453 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1454 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1455 }
1456
1457 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1458
1459 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1460 return ERROR_FAIL;
1461
1462 /* exceptions other than USR & SYS have a saved program status register */
1463 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1464 {
1465 uint32_t spsr;
1466 arm7_9->read_xpsr(target, &spsr, 1);
1467 if ((retval = jtag_execute_queue()) != ERROR_OK)
1468 {
1469 return retval;
1470 }
1471 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1472 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1473 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1474 }
1475
1476 /* r0 and r15 (pc) have to be restored later */
1477 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1478 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1479
1480 if ((retval = jtag_execute_queue()) != ERROR_OK)
1481 return retval;
1482
1483 if (arm7_9->post_debug_entry)
1484 arm7_9->post_debug_entry(target);
1485
1486 return ERROR_OK;
1487 }
1488
1489 /**
1490 * Validate the full context for an ARM7/9 target in all processor modes. If
1491 * there are any invalid registers for the target, they will all be read. This
1492 * includes the PSR.
1493 *
1494 * @param target Pointer to the ARM7/9 target to capture the full context from
1495 * @return Error if the target is not halted, has an invalid core mode, or if
1496 * the JTAG queue fails to execute
1497 */
1498 int arm7_9_full_context(target_t *target)
1499 {
1500 int i;
1501 int retval;
1502 armv4_5_common_t *armv4_5 = target->arch_info;
1503 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1504
1505 LOG_DEBUG("-");
1506
1507 if (target->state != TARGET_HALTED)
1508 {
1509 LOG_WARNING("target not halted");
1510 return ERROR_TARGET_NOT_HALTED;
1511 }
1512
1513 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1514 return ERROR_FAIL;
1515
1516 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1517 * SYS shares registers with User, so we don't touch SYS
1518 */
1519 for (i = 0; i < 6; i++)
1520 {
1521 uint32_t mask = 0;
1522 uint32_t* reg_p[16];
1523 int j;
1524 int valid = 1;
1525
1526 /* check if there are invalid registers in the current mode
1527 */
1528 for (j = 0; j <= 16; j++)
1529 {
1530 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1531 valid = 0;
1532 }
1533
1534 if (!valid)
1535 {
1536 uint32_t tmp_cpsr;
1537
1538 /* change processor mode (and mask T bit) */
1539 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1540 tmp_cpsr |= armv4_5_number_to_mode(i);
1541 tmp_cpsr &= ~0x20;
1542 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1543
1544 for (j = 0; j < 15; j++)
1545 {
1546 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1547 {
1548 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1549 mask |= 1 << j;
1550 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1551 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1552 }
1553 }
1554
1555 /* if only the PSR is invalid, mask is all zeroes */
1556 if (mask)
1557 arm7_9->read_core_regs(target, mask, reg_p);
1558
1559 /* check if the PSR has to be read */
1560 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1561 {
1562 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1563 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1564 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1565 }
1566 }
1567 }
1568
1569 /* restore processor mode (mask T bit) */
1570 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1571
1572 if ((retval = jtag_execute_queue()) != ERROR_OK)
1573 {
1574 return retval;
1575 }
1576 return ERROR_OK;
1577 }
1578
1579 /**
1580 * Restore the processor context on an ARM7/9 target. The full processor
1581 * context is analyzed to see if any of the registers are dirty on this end, but
1582 * have a valid new value. If this is the case, the processor is changed to the
1583 * appropriate mode and the new register values are written out to the
1584 * processor. If there happens to be a dirty register with an invalid value, an
1585 * error will be logged.
1586 *
1587 * @param target Pointer to the ARM7/9 target to have its context restored
1588 * @return Error status if the target is not halted or the core mode in the
1589 * armv4_5 struct is invalid.
1590 */
1591 int arm7_9_restore_context(target_t *target)
1592 {
1593 armv4_5_common_t *armv4_5 = target->arch_info;
1594 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1595 reg_t *reg;
1596 armv4_5_core_reg_t *reg_arch_info;
1597 enum armv4_5_mode current_mode = armv4_5->core_mode;
1598 int i, j;
1599 int dirty;
1600 int mode_change;
1601
1602 LOG_DEBUG("-");
1603
1604 if (target->state != TARGET_HALTED)
1605 {
1606 LOG_WARNING("target not halted");
1607 return ERROR_TARGET_NOT_HALTED;
1608 }
1609
1610 if (arm7_9->pre_restore_context)
1611 arm7_9->pre_restore_context(target);
1612
1613 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1614 return ERROR_FAIL;
1615
1616 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1617 * SYS shares registers with User, so we don't touch SYS
1618 */
1619 for (i = 0; i < 6; i++)
1620 {
1621 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1622 dirty = 0;
1623 mode_change = 0;
1624 /* check if there are dirty registers in the current mode
1625 */
1626 for (j = 0; j <= 16; j++)
1627 {
1628 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1629 reg_arch_info = reg->arch_info;
1630 if (reg->dirty == 1)
1631 {
1632 if (reg->valid == 1)
1633 {
1634 dirty = 1;
1635 LOG_DEBUG("examining dirty reg: %s", reg->name);
1636 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1637 && (reg_arch_info->mode != current_mode)
1638 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1639 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1640 {
1641 mode_change = 1;
1642 LOG_DEBUG("require mode change");
1643 }
1644 }
1645 else
1646 {
1647 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1648 }
1649 }
1650 }
1651
1652 if (dirty)
1653 {
1654 uint32_t mask = 0x0;
1655 int num_regs = 0;
1656 uint32_t regs[16];
1657
1658 if (mode_change)
1659 {
1660 uint32_t tmp_cpsr;
1661
1662 /* change processor mode (mask T bit) */
1663 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1664 tmp_cpsr |= armv4_5_number_to_mode(i);
1665 tmp_cpsr &= ~0x20;
1666 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1667 current_mode = armv4_5_number_to_mode(i);
1668 }
1669
1670 for (j = 0; j <= 14; j++)
1671 {
1672 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1673 reg_arch_info = reg->arch_info;
1674
1675
1676 if (reg->dirty == 1)
1677 {
1678 regs[j] = buf_get_u32(reg->value, 0, 32);
1679 mask |= 1 << j;
1680 num_regs++;
1681 reg->dirty = 0;
1682 reg->valid = 1;
1683 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1684 }
1685 }
1686
1687 if (mask)
1688 {
1689 arm7_9->write_core_regs(target, mask, regs);
1690 }
1691
1692 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1693 reg_arch_info = reg->arch_info;
1694 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1695 {
1696 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1697 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1698 }
1699 }
1700 }
1701
1702 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1703 {
1704 /* restore processor mode (mask T bit) */
1705 uint32_t tmp_cpsr;
1706
1707 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1708 tmp_cpsr |= armv4_5_number_to_mode(i);
1709 tmp_cpsr &= ~0x20;
1710 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1711 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1712 }
1713 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1714 {
1715 /* CPSR has been changed, full restore necessary (mask T bit) */
1716 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1717 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1718 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1719 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1720 }
1721
1722 /* restore PC */
1723 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1724 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1725 armv4_5->core_cache->reg_list[15].dirty = 0;
1726
1727 if (arm7_9->post_restore_context)
1728 arm7_9->post_restore_context(target);
1729
1730 return ERROR_OK;
1731 }
1732
1733 /**
1734 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1735 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1736 * restart.
1737 *
1738 * @param target Pointer to the ARM7/9 target to be restarted
1739 * @return Result of executing the JTAG queue
1740 */
1741 int arm7_9_restart_core(struct target_s *target)
1742 {
1743 armv4_5_common_t *armv4_5 = target->arch_info;
1744 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1745 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1746
1747 /* set RESTART instruction */
1748 jtag_set_end_state(TAP_IDLE);
1749 if (arm7_9->need_bypass_before_restart) {
1750 arm7_9->need_bypass_before_restart = 0;
1751 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1752 }
1753 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1754
1755 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1756 return jtag_execute_queue();
1757 }
1758
1759 /**
1760 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1761 * iterated through and are set on the target if they aren't already set.
1762 *
1763 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1764 */
1765 void arm7_9_enable_watchpoints(struct target_s *target)
1766 {
1767 watchpoint_t *watchpoint = target->watchpoints;
1768
1769 while (watchpoint)
1770 {
1771 if (watchpoint->set == 0)
1772 arm7_9_set_watchpoint(target, watchpoint);
1773 watchpoint = watchpoint->next;
1774 }
1775 }
1776
1777 /**
1778 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1779 * iterated through and are set on the target.
1780 *
1781 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1782 */
1783 void arm7_9_enable_breakpoints(struct target_s *target)
1784 {
1785 breakpoint_t *breakpoint = target->breakpoints;
1786
1787 /* set any pending breakpoints */
1788 while (breakpoint)
1789 {
1790 arm7_9_set_breakpoint(target, breakpoint);
1791 breakpoint = breakpoint->next;
1792 }
1793 }
1794
1795 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1796 {
1797 armv4_5_common_t *armv4_5 = target->arch_info;
1798 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1799 breakpoint_t *breakpoint = target->breakpoints;
1800 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1801 int err, retval = ERROR_OK;
1802
1803 LOG_DEBUG("-");
1804
1805 if (target->state != TARGET_HALTED)
1806 {
1807 LOG_WARNING("target not halted");
1808 return ERROR_TARGET_NOT_HALTED;
1809 }
1810
1811 if (!debug_execution)
1812 {
1813 target_free_all_working_areas(target);
1814 }
1815
1816 /* current = 1: continue on current pc, otherwise continue at <address> */
1817 if (!current)
1818 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1819
1820 uint32_t current_pc;
1821 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1822
1823 /* the front-end may request us not to handle breakpoints */
1824 if (handle_breakpoints)
1825 {
1826 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1827 {
1828 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1829 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1830 {
1831 return retval;
1832 }
1833
1834 /* calculate PC of next instruction */
1835 uint32_t next_pc;
1836 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1837 {
1838 uint32_t current_opcode;
1839 target_read_u32(target, current_pc, &current_opcode);
1840 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1841 return retval;
1842 }
1843
1844 LOG_DEBUG("enable single-step");
1845 arm7_9->enable_single_step(target, next_pc);
1846
1847 target->debug_reason = DBG_REASON_SINGLESTEP;
1848
1849 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1850 {
1851 return retval;
1852 }
1853
1854 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1855 arm7_9->branch_resume(target);
1856 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1857 {
1858 arm7_9->branch_resume_thumb(target);
1859 }
1860 else
1861 {
1862 LOG_ERROR("unhandled core state");
1863 return ERROR_FAIL;
1864 }
1865
1866 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1867 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1868 err = arm7_9_execute_sys_speed(target);
1869
1870 LOG_DEBUG("disable single-step");
1871 arm7_9->disable_single_step(target);
1872
1873 if (err != ERROR_OK)
1874 {
1875 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1876 {
1877 return retval;
1878 }
1879 target->state = TARGET_UNKNOWN;
1880 return err;
1881 }
1882
1883 arm7_9_debug_entry(target);
1884 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1885
1886 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1887 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1888 {
1889 return retval;
1890 }
1891 }
1892 }
1893
1894 /* enable any pending breakpoints and watchpoints */
1895 arm7_9_enable_breakpoints(target);
1896 arm7_9_enable_watchpoints(target);
1897
1898 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1899 {
1900 return retval;
1901 }
1902
1903 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1904 {
1905 arm7_9->branch_resume(target);
1906 }
1907 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1908 {
1909 arm7_9->branch_resume_thumb(target);
1910 }
1911 else
1912 {
1913 LOG_ERROR("unhandled core state");
1914 return ERROR_FAIL;
1915 }
1916
1917 /* deassert DBGACK and INTDIS */
1918 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1919 /* INTDIS only when we really resume, not during debug execution */
1920 if (!debug_execution)
1921 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1922 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1923
1924 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1925 {
1926 return retval;
1927 }
1928
1929 target->debug_reason = DBG_REASON_NOTHALTED;
1930
1931 if (!debug_execution)
1932 {
1933 /* registers are now invalid */
1934 armv4_5_invalidate_core_regs(target);
1935 target->state = TARGET_RUNNING;
1936 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1937 {
1938 return retval;
1939 }
1940 }
1941 else
1942 {
1943 target->state = TARGET_DEBUG_RUNNING;
1944 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1945 {
1946 return retval;
1947 }
1948 }
1949
1950 LOG_DEBUG("target resumed");
1951
1952 return ERROR_OK;
1953 }
1954
1955 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1956 {
1957 armv4_5_common_t *armv4_5 = target->arch_info;
1958 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1959
1960 uint32_t current_pc;
1961 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1962
1963 if (next_pc != current_pc)
1964 {
1965 /* setup an inverse breakpoint on the current PC
1966 * - comparator 1 matches the current address
1967 * - rangeout from comparator 1 is connected to comparator 0 rangein
1968 * - comparator 0 matches any address, as long as rangein is low */
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1973 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1974 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1978 }
1979 else
1980 {
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1990 }
1991 }
1992
1993 void arm7_9_disable_eice_step(target_t *target)
1994 {
1995 armv4_5_common_t *armv4_5 = target->arch_info;
1996 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1997
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2000 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2001 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2002 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2003 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2004 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2005 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2006 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2007 }
2008
2009 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2010 {
2011 armv4_5_common_t *armv4_5 = target->arch_info;
2012 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2013 breakpoint_t *breakpoint = NULL;
2014 int err, retval;
2015
2016 if (target->state != TARGET_HALTED)
2017 {
2018 LOG_WARNING("target not halted");
2019 return ERROR_TARGET_NOT_HALTED;
2020 }
2021
2022 /* current = 1: continue on current pc, otherwise continue at <address> */
2023 if (!current)
2024 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2025
2026 uint32_t current_pc;
2027 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2028
2029 /* the front-end may request us not to handle breakpoints */
2030 if (handle_breakpoints)
2031 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2032 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2033 {
2034 return retval;
2035 }
2036
2037 target->debug_reason = DBG_REASON_SINGLESTEP;
2038
2039 /* calculate PC of next instruction */
2040 uint32_t next_pc;
2041 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2042 {
2043 uint32_t current_opcode;
2044 target_read_u32(target, current_pc, &current_opcode);
2045 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2046 return retval;
2047 }
2048
2049 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2050 {
2051 return retval;
2052 }
2053
2054 arm7_9->enable_single_step(target, next_pc);
2055
2056 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2057 {
2058 arm7_9->branch_resume(target);
2059 }
2060 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2061 {
2062 arm7_9->branch_resume_thumb(target);
2063 }
2064 else
2065 {
2066 LOG_ERROR("unhandled core state");
2067 return ERROR_FAIL;
2068 }
2069
2070 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2071 {
2072 return retval;
2073 }
2074
2075 err = arm7_9_execute_sys_speed(target);
2076 arm7_9->disable_single_step(target);
2077
2078 /* registers are now invalid */
2079 armv4_5_invalidate_core_regs(target);
2080
2081 if (err != ERROR_OK)
2082 {
2083 target->state = TARGET_UNKNOWN;
2084 } else {
2085 arm7_9_debug_entry(target);
2086 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2087 {
2088 return retval;
2089 }
2090 LOG_DEBUG("target stepped");
2091 }
2092
2093 if (breakpoint)
2094 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2095 {
2096 return retval;
2097 }
2098
2099 return err;
2100 }
2101
2102 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2103 {
2104 uint32_t* reg_p[16];
2105 uint32_t value;
2106 int retval;
2107 armv4_5_common_t *armv4_5 = target->arch_info;
2108 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2109
2110 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2111 return ERROR_FAIL;
2112
2113 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2114
2115 if ((num < 0) || (num > 16))
2116 return ERROR_INVALID_ARGUMENTS;
2117
2118 if ((mode != ARMV4_5_MODE_ANY)
2119 && (mode != armv4_5->core_mode)
2120 && (reg_mode != ARMV4_5_MODE_ANY))
2121 {
2122 uint32_t tmp_cpsr;
2123
2124 /* change processor mode (mask T bit) */
2125 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2126 tmp_cpsr |= mode;
2127 tmp_cpsr &= ~0x20;
2128 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2129 }
2130
2131 if ((num >= 0) && (num <= 15))
2132 {
2133 /* read a normal core register */
2134 reg_p[num] = &value;
2135
2136 arm7_9->read_core_regs(target, 1 << num, reg_p);
2137 }
2138 else
2139 {
2140 /* read a program status register
2141 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2142 */
2143 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2144 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2145
2146 arm7_9->read_xpsr(target, &value, spsr);
2147 }
2148
2149 if ((retval = jtag_execute_queue()) != ERROR_OK)
2150 {
2151 return retval;
2152 }
2153
2154 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2155 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2156 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2157
2158 if ((mode != ARMV4_5_MODE_ANY)
2159 && (mode != armv4_5->core_mode)
2160 && (reg_mode != ARMV4_5_MODE_ANY)) {
2161 /* restore processor mode (mask T bit) */
2162 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2163 }
2164
2165 return ERROR_OK;
2166 }
2167
2168 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2169 {
2170 uint32_t reg[16];
2171 armv4_5_common_t *armv4_5 = target->arch_info;
2172 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2173
2174 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2175 return ERROR_FAIL;
2176
2177 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2178
2179 if ((num < 0) || (num > 16))
2180 return ERROR_INVALID_ARGUMENTS;
2181
2182 if ((mode != ARMV4_5_MODE_ANY)
2183 && (mode != armv4_5->core_mode)
2184 && (reg_mode != ARMV4_5_MODE_ANY)) {
2185 uint32_t tmp_cpsr;
2186
2187 /* change processor mode (mask T bit) */
2188 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2189 tmp_cpsr |= mode;
2190 tmp_cpsr &= ~0x20;
2191 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2192 }
2193
2194 if ((num >= 0) && (num <= 15))
2195 {
2196 /* write a normal core register */
2197 reg[num] = value;
2198
2199 arm7_9->write_core_regs(target, 1 << num, reg);
2200 }
2201 else
2202 {
2203 /* write a program status register
2204 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2205 */
2206 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2207 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2208
2209 /* if we're writing the CPSR, mask the T bit */
2210 if (!spsr)
2211 value &= ~0x20;
2212
2213 arm7_9->write_xpsr(target, value, spsr);
2214 }
2215
2216 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2217 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2218
2219 if ((mode != ARMV4_5_MODE_ANY)
2220 && (mode != armv4_5->core_mode)
2221 && (reg_mode != ARMV4_5_MODE_ANY)) {
2222 /* restore processor mode (mask T bit) */
2223 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2224 }
2225
2226 return jtag_execute_queue();
2227 }
2228
2229 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2230 {
2231 armv4_5_common_t *armv4_5 = target->arch_info;
2232 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2233
2234 uint32_t reg[16];
2235 uint32_t num_accesses = 0;
2236 int thisrun_accesses;
2237 int i;
2238 uint32_t cpsr;
2239 int retval;
2240 int last_reg = 0;
2241
2242 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2243
2244 if (target->state != TARGET_HALTED)
2245 {
2246 LOG_WARNING("target not halted");
2247 return ERROR_TARGET_NOT_HALTED;
2248 }
2249
2250 /* sanitize arguments */
2251 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2252 return ERROR_INVALID_ARGUMENTS;
2253
2254 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2255 return ERROR_TARGET_UNALIGNED_ACCESS;
2256
2257 /* load the base register with the address of the first word */
2258 reg[0] = address;
2259 arm7_9->write_core_regs(target, 0x1, reg);
2260
2261 int j = 0;
2262
2263 switch (size)
2264 {
2265 case 4:
2266 while (num_accesses < count)
2267 {
2268 uint32_t reg_list;
2269 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2270 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2271
2272 if (last_reg <= thisrun_accesses)
2273 last_reg = thisrun_accesses;
2274
2275 arm7_9->load_word_regs(target, reg_list);
2276
2277 /* fast memory reads are only safe when the target is running
2278 * from a sufficiently high clock (32 kHz is usually too slow)
2279 */
2280 if (arm7_9->fast_memory_access)
2281 retval = arm7_9_execute_fast_sys_speed(target);
2282 else
2283 retval = arm7_9_execute_sys_speed(target);
2284 if (retval != ERROR_OK)
2285 return retval;
2286
2287 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2288
2289 /* advance buffer, count number of accesses */
2290 buffer += thisrun_accesses * 4;
2291 num_accesses += thisrun_accesses;
2292
2293 if ((j++%1024) == 0)
2294 {
2295 keep_alive();
2296 }
2297 }
2298 break;
2299 case 2:
2300 while (num_accesses < count)
2301 {
2302 uint32_t reg_list;
2303 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2304 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2305
2306 for (i = 1; i <= thisrun_accesses; i++)
2307 {
2308 if (i > last_reg)
2309 last_reg = i;
2310 arm7_9->load_hword_reg(target, i);
2311 /* fast memory reads are only safe when the target is running
2312 * from a sufficiently high clock (32 kHz is usually too slow)
2313 */
2314 if (arm7_9->fast_memory_access)
2315 retval = arm7_9_execute_fast_sys_speed(target);
2316 else
2317 retval = arm7_9_execute_sys_speed(target);
2318 if (retval != ERROR_OK)
2319 {
2320 return retval;
2321 }
2322
2323 }
2324
2325 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2326
2327 /* advance buffer, count number of accesses */
2328 buffer += thisrun_accesses * 2;
2329 num_accesses += thisrun_accesses;
2330
2331 if ((j++%1024) == 0)
2332 {
2333 keep_alive();
2334 }
2335 }
2336 break;
2337 case 1:
2338 while (num_accesses < count)
2339 {
2340 uint32_t reg_list;
2341 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2342 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2343
2344 for (i = 1; i <= thisrun_accesses; i++)
2345 {
2346 if (i > last_reg)
2347 last_reg = i;
2348 arm7_9->load_byte_reg(target, i);
2349 /* fast memory reads are only safe when the target is running
2350 * from a sufficiently high clock (32 kHz is usually too slow)
2351 */
2352 if (arm7_9->fast_memory_access)
2353 retval = arm7_9_execute_fast_sys_speed(target);
2354 else
2355 retval = arm7_9_execute_sys_speed(target);
2356 if (retval != ERROR_OK)
2357 {
2358 return retval;
2359 }
2360 }
2361
2362 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2363
2364 /* advance buffer, count number of accesses */
2365 buffer += thisrun_accesses * 1;
2366 num_accesses += thisrun_accesses;
2367
2368 if ((j++%1024) == 0)
2369 {
2370 keep_alive();
2371 }
2372 }
2373 break;
2374 default:
2375 LOG_ERROR("BUG: we shouldn't get here");
2376 exit(-1);
2377 break;
2378 }
2379
2380 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2381 return ERROR_FAIL;
2382
2383 for (i = 0; i <= last_reg; i++)
2384 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2385
2386 arm7_9->read_xpsr(target, &cpsr, 0);
2387 if ((retval = jtag_execute_queue()) != ERROR_OK)
2388 {
2389 LOG_ERROR("JTAG error while reading cpsr");
2390 return ERROR_TARGET_DATA_ABORT;
2391 }
2392
2393 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2394 {
2395 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2396
2397 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2398
2399 return ERROR_TARGET_DATA_ABORT;
2400 }
2401
2402 return ERROR_OK;
2403 }
2404
2405 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2406 {
2407 armv4_5_common_t *armv4_5 = target->arch_info;
2408 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2409 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2410
2411 uint32_t reg[16];
2412 uint32_t num_accesses = 0;
2413 int thisrun_accesses;
2414 int i;
2415 uint32_t cpsr;
2416 int retval;
2417 int last_reg = 0;
2418
2419 #ifdef _DEBUG_ARM7_9_
2420 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2421 #endif
2422
2423 if (target->state != TARGET_HALTED)
2424 {
2425 LOG_WARNING("target not halted");
2426 return ERROR_TARGET_NOT_HALTED;
2427 }
2428
2429 /* sanitize arguments */
2430 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2431 return ERROR_INVALID_ARGUMENTS;
2432
2433 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2434 return ERROR_TARGET_UNALIGNED_ACCESS;
2435
2436 /* load the base register with the address of the first word */
2437 reg[0] = address;
2438 arm7_9->write_core_regs(target, 0x1, reg);
2439
2440 /* Clear DBGACK, to make sure memory fetches work as expected */
2441 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2442 embeddedice_store_reg(dbg_ctrl);
2443
2444 switch (size)
2445 {
2446 case 4:
2447 while (num_accesses < count)
2448 {
2449 uint32_t reg_list;
2450 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2451 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2452
2453 for (i = 1; i <= thisrun_accesses; i++)
2454 {
2455 if (i > last_reg)
2456 last_reg = i;
2457 reg[i] = target_buffer_get_u32(target, buffer);
2458 buffer += 4;
2459 }
2460
2461 arm7_9->write_core_regs(target, reg_list, reg);
2462
2463 arm7_9->store_word_regs(target, reg_list);
2464
2465 /* fast memory writes are only safe when the target is running
2466 * from a sufficiently high clock (32 kHz is usually too slow)
2467 */
2468 if (arm7_9->fast_memory_access)
2469 retval = arm7_9_execute_fast_sys_speed(target);
2470 else
2471 retval = arm7_9_execute_sys_speed(target);
2472 if (retval != ERROR_OK)
2473 {
2474 return retval;
2475 }
2476
2477 num_accesses += thisrun_accesses;
2478 }
2479 break;
2480 case 2:
2481 while (num_accesses < count)
2482 {
2483 uint32_t reg_list;
2484 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2485 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2486
2487 for (i = 1; i <= thisrun_accesses; i++)
2488 {
2489 if (i > last_reg)
2490 last_reg = i;
2491 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2492 buffer += 2;
2493 }
2494
2495 arm7_9->write_core_regs(target, reg_list, reg);
2496
2497 for (i = 1; i <= thisrun_accesses; i++)
2498 {
2499 arm7_9->store_hword_reg(target, i);
2500
2501 /* fast memory writes are only safe when the target is running
2502 * from a sufficiently high clock (32 kHz is usually too slow)
2503 */
2504 if (arm7_9->fast_memory_access)
2505 retval = arm7_9_execute_fast_sys_speed(target);
2506 else
2507 retval = arm7_9_execute_sys_speed(target);
2508 if (retval != ERROR_OK)
2509 {
2510 return retval;
2511 }
2512 }
2513
2514 num_accesses += thisrun_accesses;
2515 }
2516 break;
2517 case 1:
2518 while (num_accesses < count)
2519 {
2520 uint32_t reg_list;
2521 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2522 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2523
2524 for (i = 1; i <= thisrun_accesses; i++)
2525 {
2526 if (i > last_reg)
2527 last_reg = i;
2528 reg[i] = *buffer++ & 0xff;
2529 }
2530
2531 arm7_9->write_core_regs(target, reg_list, reg);
2532
2533 for (i = 1; i <= thisrun_accesses; i++)
2534 {
2535 arm7_9->store_byte_reg(target, i);
2536 /* fast memory writes are only safe when the target is running
2537 * from a sufficiently high clock (32 kHz is usually too slow)
2538 */
2539 if (arm7_9->fast_memory_access)
2540 retval = arm7_9_execute_fast_sys_speed(target);
2541 else
2542 retval = arm7_9_execute_sys_speed(target);
2543 if (retval != ERROR_OK)
2544 {
2545 return retval;
2546 }
2547
2548 }
2549
2550 num_accesses += thisrun_accesses;
2551 }
2552 break;
2553 default:
2554 LOG_ERROR("BUG: we shouldn't get here");
2555 exit(-1);
2556 break;
2557 }
2558
2559 /* Re-Set DBGACK */
2560 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2561 embeddedice_store_reg(dbg_ctrl);
2562
2563 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2564 return ERROR_FAIL;
2565
2566 for (i = 0; i <= last_reg; i++)
2567 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2568
2569 arm7_9->read_xpsr(target, &cpsr, 0);
2570 if ((retval = jtag_execute_queue()) != ERROR_OK)
2571 {
2572 LOG_ERROR("JTAG error while reading cpsr");
2573 return ERROR_TARGET_DATA_ABORT;
2574 }
2575
2576 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2577 {
2578 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2579
2580 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2581
2582 return ERROR_TARGET_DATA_ABORT;
2583 }
2584
2585 return ERROR_OK;
2586 }
2587
2588 static int dcc_count;
2589 static uint8_t *dcc_buffer;
2590
2591 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2592 {
2593 int retval = ERROR_OK;
2594 armv4_5_common_t *armv4_5 = target->arch_info;
2595 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2596
2597 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2598 return retval;
2599
2600 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2601 int count = dcc_count;
2602 uint8_t *buffer = dcc_buffer;
2603 if (count > 2)
2604 {
2605 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2606 * core function repeated. */
2607 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2608 buffer += 4;
2609
2610 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2611 uint8_t reg_addr = ice_reg->addr & 0x1f;
2612 jtag_tap_t *tap;
2613 tap = ice_reg->jtag_info->tap;
2614
2615 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2616 buffer += (count-2)*4;
2617
2618 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2619 } else
2620 {
2621 int i;
2622 for (i = 0; i < count; i++)
2623 {
2624 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2625 buffer += 4;
2626 }
2627 }
2628
2629 if ((retval = target_halt(target))!= ERROR_OK)
2630 {
2631 return retval;
2632 }
2633 return target_wait_state(target, TARGET_HALTED, 500);
2634 }
2635
2636 static const uint32_t dcc_code[] =
2637 {
2638 /* MRC TST BNE MRC STR B */
2639 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2640 };
2641
2642 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2643
2644 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2645 {
2646 int retval;
2647 armv4_5_common_t *armv4_5 = target->arch_info;
2648 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2649 int i;
2650
2651 if (!arm7_9->dcc_downloads)
2652 return target_write_memory(target, address, 4, count, buffer);
2653
2654 /* regrab previously allocated working_area, or allocate a new one */
2655 if (!arm7_9->dcc_working_area)
2656 {
2657 uint8_t dcc_code_buf[6 * 4];
2658
2659 /* make sure we have a working area */
2660 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2661 {
2662 LOG_INFO("no working area available, falling back to memory writes");
2663 return target_write_memory(target, address, 4, count, buffer);
2664 }
2665
2666 /* copy target instructions to target endianness */
2667 for (i = 0; i < 6; i++)
2668 {
2669 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2670 }
2671
2672 /* write DCC code to working area */
2673 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2674 {
2675 return retval;
2676 }
2677 }
2678
2679 armv4_5_algorithm_t armv4_5_info;
2680 reg_param_t reg_params[1];
2681
2682 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2683 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2684 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2685
2686 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2687
2688 buf_set_u32(reg_params[0].value, 0, 32, address);
2689
2690 dcc_count = count;
2691 dcc_buffer = buffer;
2692 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2693 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2694
2695 if (retval == ERROR_OK)
2696 {
2697 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2698 if (endaddress != (address + count*4))
2699 {
2700 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2701 retval = ERROR_FAIL;
2702 }
2703 }
2704
2705 destroy_reg_param(&reg_params[0]);
2706
2707 return retval;
2708 }
2709
2710 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2711 {
2712 working_area_t *crc_algorithm;
2713 armv4_5_algorithm_t armv4_5_info;
2714 reg_param_t reg_params[2];
2715 int retval;
2716
2717 uint32_t arm7_9_crc_code[] = {
2718 0xE1A02000, /* mov r2, r0 */
2719 0xE3E00000, /* mov r0, #0xffffffff */
2720 0xE1A03001, /* mov r3, r1 */
2721 0xE3A04000, /* mov r4, #0 */
2722 0xEA00000B, /* b ncomp */
2723 /* nbyte: */
2724 0xE7D21004, /* ldrb r1, [r2, r4] */
2725 0xE59F7030, /* ldr r7, CRC32XOR */
2726 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2727 0xE3A05000, /* mov r5, #0 */
2728 /* loop: */
2729 0xE3500000, /* cmp r0, #0 */
2730 0xE1A06080, /* mov r6, r0, asl #1 */
2731 0xE2855001, /* add r5, r5, #1 */
2732 0xE1A00006, /* mov r0, r6 */
2733 0xB0260007, /* eorlt r0, r6, r7 */
2734 0xE3550008, /* cmp r5, #8 */
2735 0x1AFFFFF8, /* bne loop */
2736 0xE2844001, /* add r4, r4, #1 */
2737 /* ncomp: */
2738 0xE1540003, /* cmp r4, r3 */
2739 0x1AFFFFF1, /* bne nbyte */
2740 /* end: */
2741 0xEAFFFFFE, /* b end */
2742 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2743 };
2744
2745 uint32_t i;
2746
2747 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2748 {
2749 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2750 }
2751
2752 /* convert flash writing code into a buffer in target endianness */
2753 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2754 {
2755 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2756 {
2757 return retval;
2758 }
2759 }
2760
2761 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2762 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2763 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2764
2765 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2766 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2767
2768 buf_set_u32(reg_params[0].value, 0, 32, address);
2769 buf_set_u32(reg_params[1].value, 0, 32, count);
2770
2771 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2772 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2773 {
2774 LOG_ERROR("error executing arm7_9 crc algorithm");
2775 destroy_reg_param(&reg_params[0]);
2776 destroy_reg_param(&reg_params[1]);
2777 target_free_working_area(target, crc_algorithm);
2778 return retval;
2779 }
2780
2781 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2782
2783 destroy_reg_param(&reg_params[0]);
2784 destroy_reg_param(&reg_params[1]);
2785
2786 target_free_working_area(target, crc_algorithm);
2787
2788 return ERROR_OK;
2789 }
2790
2791 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2792 {
2793 working_area_t *erase_check_algorithm;
2794 reg_param_t reg_params[3];
2795 armv4_5_algorithm_t armv4_5_info;
2796 int retval;
2797 uint32_t i;
2798
2799 uint32_t erase_check_code[] =
2800 {
2801 /* loop: */
2802 0xe4d03001, /* ldrb r3, [r0], #1 */
2803 0xe0022003, /* and r2, r2, r3 */
2804 0xe2511001, /* subs r1, r1, #1 */
2805 0x1afffffb, /* bne loop */
2806 /* end: */
2807 0xeafffffe /* b end */
2808 };
2809
2810 /* make sure we have a working area */
2811 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2812 {
2813 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2814 }
2815
2816 /* convert flash writing code into a buffer in target endianness */
2817 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2818 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2819 {
2820 return retval;
2821 }
2822
2823 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2824 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2825 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2826
2827 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2828 buf_set_u32(reg_params[0].value, 0, 32, address);
2829
2830 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2831 buf_set_u32(reg_params[1].value, 0, 32, count);
2832
2833 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2834 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2835
2836 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2837 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2838 {
2839 destroy_reg_param(&reg_params[0]);
2840 destroy_reg_param(&reg_params[1]);
2841 destroy_reg_param(&reg_params[2]);
2842 target_free_working_area(target, erase_check_algorithm);
2843 return 0;
2844 }
2845
2846 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2847
2848 destroy_reg_param(&reg_params[0]);
2849 destroy_reg_param(&reg_params[1]);
2850 destroy_reg_param(&reg_params[2]);
2851
2852 target_free_working_area(target, erase_check_algorithm);
2853
2854 return ERROR_OK;
2855 }
2856
2857 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2858 {
2859 command_t *arm7_9_cmd;
2860
2861 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2862
2863 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2864 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2865
2866 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2867
2868 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2869 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2870 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2871 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2872 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2873 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2874
2875 armv4_5_register_commands(cmd_ctx);
2876
2877 etm_register_commands(cmd_ctx);
2878
2879 return ERROR_OK;
2880 }
2881
2882 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2883 {
2884 uint32_t value;
2885 int spsr;
2886 int retval;
2887 target_t *target = get_current_target(cmd_ctx);
2888 armv4_5_common_t *armv4_5;
2889 arm7_9_common_t *arm7_9;
2890
2891 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2892 {
2893 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2894 return ERROR_OK;
2895 }
2896
2897 if (target->state != TARGET_HALTED)
2898 {
2899 command_print(cmd_ctx, "can't write registers while running");
2900 return ERROR_OK;
2901 }
2902
2903 if (argc < 2)
2904 {
2905 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2906 return ERROR_OK;
2907 }
2908
2909 value = strtoul(args[0], NULL, 0);
2910 spsr = strtol(args[1], NULL, 0);
2911
2912 /* if we're writing the CPSR, mask the T bit */
2913 if (!spsr)
2914 value &= ~0x20;
2915
2916 arm7_9->write_xpsr(target, value, spsr);
2917 if ((retval = jtag_execute_queue()) != ERROR_OK)
2918 {
2919 LOG_ERROR("JTAG error while writing to xpsr");
2920 return retval;
2921 }
2922
2923 return ERROR_OK;
2924 }
2925
2926 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2927 {
2928 uint32_t value;
2929 int rotate;
2930 int spsr;
2931 int retval;
2932 target_t *target = get_current_target(cmd_ctx);
2933 armv4_5_common_t *armv4_5;
2934 arm7_9_common_t *arm7_9;
2935
2936 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2937 {
2938 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2939 return ERROR_OK;
2940 }
2941
2942 if (target->state != TARGET_HALTED)
2943 {
2944 command_print(cmd_ctx, "can't write registers while running");
2945 return ERROR_OK;
2946 }
2947
2948 if (argc < 3)
2949 {
2950 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2951 return ERROR_OK;
2952 }
2953
2954 value = strtoul(args[0], NULL, 0);
2955 rotate = strtol(args[1], NULL, 0);
2956 spsr = strtol(args[2], NULL, 0);
2957
2958 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2959 if ((retval = jtag_execute_queue()) != ERROR_OK)
2960 {
2961 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2962 return retval;
2963 }
2964
2965 return ERROR_OK;
2966 }
2967
2968 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2969 {
2970 uint32_t value;
2971 uint32_t mode;
2972 int num;
2973 target_t *target = get_current_target(cmd_ctx);
2974 armv4_5_common_t *armv4_5;
2975 arm7_9_common_t *arm7_9;
2976
2977 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2978 {
2979 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2980 return ERROR_OK;
2981 }
2982
2983 if (target->state != TARGET_HALTED)
2984 {
2985 command_print(cmd_ctx, "can't write registers while running");
2986 return ERROR_OK;
2987 }
2988
2989 if (argc < 3)
2990 {
2991 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2992 return ERROR_OK;
2993 }
2994
2995 num = strtol(args[0], NULL, 0);
2996 mode = strtoul(args[1], NULL, 0);
2997 value = strtoul(args[2], NULL, 0);
2998
2999 return arm7_9_write_core_reg(target, num, mode, value);
3000 }
3001
3002 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3003 {
3004 target_t *target = get_current_target(cmd_ctx);
3005 armv4_5_common_t *armv4_5;
3006 arm7_9_common_t *arm7_9;
3007
3008 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3009 {
3010 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3011 return ERROR_OK;
3012 }
3013
3014 if (argc > 0)
3015 {
3016 if (strcmp("enable", args[0]) == 0)
3017 {
3018 arm7_9->use_dbgrq = 1;
3019 }
3020 else if (strcmp("disable", args[0]) == 0)
3021 {
3022 arm7_9->use_dbgrq = 0;
3023 }
3024 else
3025 {
3026 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3027 }
3028 }
3029
3030 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3031
3032 return ERROR_OK;
3033 }
3034
3035 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3036 {
3037 target_t *target = get_current_target(cmd_ctx);
3038 armv4_5_common_t *armv4_5;
3039 arm7_9_common_t *arm7_9;
3040
3041 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3042 {
3043 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3044 return ERROR_OK;
3045 }
3046
3047 if (argc > 0)
3048 {
3049 if (strcmp("enable", args[0]) == 0)
3050 {
3051 arm7_9->fast_memory_access = 1;
3052 }
3053 else if (strcmp("disable", args[0]) == 0)
3054 {
3055 arm7_9->fast_memory_access = 0;
3056 }
3057 else
3058 {
3059 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3060 }
3061 }
3062
3063 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3064
3065 return ERROR_OK;
3066 }
3067
3068 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3069 {
3070 target_t *target = get_current_target(cmd_ctx);
3071 armv4_5_common_t *armv4_5;
3072 arm7_9_common_t *arm7_9;
3073
3074 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3075 {
3076 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3077 return ERROR_OK;
3078 }
3079
3080 if (argc > 0)
3081 {
3082 if (strcmp("enable", args[0]) == 0)
3083 {
3084 arm7_9->dcc_downloads = 1;
3085 }
3086 else if (strcmp("disable", args[0]) == 0)
3087 {
3088 arm7_9->dcc_downloads = 0;
3089 }
3090 else
3091 {
3092 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3093 }
3094 }
3095
3096 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3097
3098 return ERROR_OK;
3099 }
3100
3101 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3102 {
3103 int retval = ERROR_OK;
3104 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3105
3106 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3107
3108 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3109 {
3110 return retval;
3111 }
3112
3113 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3114 arm7_9->wp_available_max = 2;
3115 arm7_9->sw_breakpoints_added = 0;
3116 arm7_9->breakpoint_count = 0;
3117 arm7_9->wp0_used = 0;
3118 arm7_9->wp1_used = 0;
3119 arm7_9->wp1_used_default = 0;
3120 arm7_9->use_dbgrq = 0;
3121
3122 arm7_9->etm_ctx = NULL;
3123 arm7_9->has_single_step = 0;
3124 arm7_9->has_monitor_mode = 0;
3125 arm7_9->has_vector_catch = 0;
3126
3127 arm7_9->debug_entry_from_reset = 0;
3128
3129 arm7_9->dcc_working_area = NULL;
3130
3131 arm7_9->fast_memory_access = fast_and_dangerous;
3132 arm7_9->dcc_downloads = fast_and_dangerous;
3133
3134 arm7_9->need_bypass_before_restart = 0;
3135
3136 armv4_5->arch_info = arm7_9;
3137 armv4_5->read_core_reg = arm7_9_read_core_reg;
3138 armv4_5->write_core_reg = arm7_9_write_core_reg;
3139 armv4_5->full_context = arm7_9_full_context;
3140
3141 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3142 {
3143 return retval;
3144 }
3145
3146 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3147 {
3148 return retval;
3149 }
3150
3151 return ERROR_OK;
3152 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)