Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
debug interface: get rid of unused pre_debug fn
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoint_count = 0;
65 arm7_9->sw_breakpoints_added = 0;
66 arm7_9->wp0_used = 0;
67 arm7_9->wp1_used = arm7_9->wp1_used_default;
68 arm7_9->wp_available = arm7_9->wp_available_max;
69
70 return jtag_execute_queue();
71 }
72
73 /**
74 * Assign a watchpoint to one of the two available hardware comparators in an
75 * ARM7 or ARM9 target.
76 *
77 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
78 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
79 */
80 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
81 {
82 if (!arm7_9->wp0_used)
83 {
84 arm7_9->wp0_used = 1;
85 breakpoint->set = 1;
86 arm7_9->wp_available--;
87 }
88 else if (!arm7_9->wp1_used)
89 {
90 arm7_9->wp1_used = 1;
91 breakpoint->set = 2;
92 arm7_9->wp_available--;
93 }
94 else
95 {
96 LOG_ERROR("BUG: no hardware comparator available");
97 }
98 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
99 breakpoint->unique_id,
100 breakpoint->address,
101 breakpoint->set );
102 }
103
104 /**
105 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
106 *
107 * @param arm7_9 Pointer to common struct for ARM7/9 targets
108 * @return Error codes if there is a problem finding a watchpoint or the result
109 * of executing the JTAG queue
110 */
111 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
112 {
113 if (arm7_9->sw_breakpoints_added)
114 {
115 return ERROR_OK;
116 }
117 if (arm7_9->wp_available < 1)
118 {
119 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
120 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
121 }
122 arm7_9->wp_available--;
123
124 /* pick a breakpoint unit */
125 if (!arm7_9->wp0_used)
126 {
127 arm7_9->sw_breakpoints_added = 1;
128 arm7_9->wp0_used = 3;
129 } else if (!arm7_9->wp1_used)
130 {
131 arm7_9->sw_breakpoints_added = 2;
132 arm7_9->wp1_used = 3;
133 }
134 else
135 {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1)
141 {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 }
148 else if (arm7_9->sw_breakpoints_added == 2)
149 {
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
155 }
156 else
157 {
158 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
159 return ERROR_FAIL;
160 }
161 LOG_DEBUG("SW BP using hw wp: %d",
162 arm7_9->sw_breakpoints_added );
163
164 return jtag_execute_queue();
165 }
166
167 /**
168 * Setup the common pieces for an ARM7/9 target after reset or on startup.
169 *
170 * @param target Pointer to an ARM7/9 target to setup
171 * @return Result of clearing the watchpoints on the target
172 */
173 int arm7_9_setup(target_t *target)
174 {
175 armv4_5_common_t *armv4_5 = target->arch_info;
176 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
177
178 return arm7_9_clear_watchpoints(arm7_9);
179 }
180
181 /**
182 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
183 * targets. A return of ERROR_OK signifies that the target is a valid target
184 * and that the pointers have been set properly.
185 *
186 * @param target Pointer to the target device to get the pointers from
187 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
188 * targets
189 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
190 * targets
191 * @return ERROR_OK if successful
192 */
193 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
194 {
195 armv4_5_common_t *armv4_5 = target->arch_info;
196 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
197
198 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
199 {
200 return -1;
201 }
202
203 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
204 {
205 return -1;
206 }
207
208 *armv4_5_p = armv4_5;
209 *arm7_9_p = arm7_9;
210
211 return ERROR_OK;
212 }
213
214 /**
215 * Set either a hardware or software breakpoint on an ARM7/9 target. The
216 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
217 * might have erased the values in Embedded ICE.
218 *
219 * @param target Pointer to the target device to set the breakpoints on
220 * @param breakpoint Pointer to the breakpoint to be set
221 * @return For hardware breakpoints, this is the result of executing the JTAG
222 * queue. For software breakpoints, this will be the status of the
223 * required memory reads and writes
224 */
225 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
226 {
227 armv4_5_common_t *armv4_5 = target->arch_info;
228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
229 int retval = ERROR_OK;
230
231 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
232 breakpoint->unique_id,
233 breakpoint->address,
234 breakpoint->type);
235
236 if (target->state != TARGET_HALTED)
237 {
238 LOG_WARNING("target not halted");
239 return ERROR_TARGET_NOT_HALTED;
240 }
241
242 if (breakpoint->type == BKPT_HARD)
243 {
244 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
245 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
246
247 /* reassign a hw breakpoint */
248 if (breakpoint->set == 0)
249 {
250 arm7_9_assign_wp(arm7_9, breakpoint);
251 }
252
253 if (breakpoint->set == 1)
254 {
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
258 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
259 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
260 }
261 else if (breakpoint->set == 2)
262 {
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
266 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
267 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
268 }
269 else
270 {
271 LOG_ERROR("BUG: no hardware comparator available");
272 return ERROR_OK;
273 }
274
275 retval = jtag_execute_queue();
276 }
277 else if (breakpoint->type == BKPT_SOFT)
278 {
279 /* did we already set this breakpoint? */
280 if (breakpoint->set)
281 return ERROR_OK;
282
283 if (breakpoint->length == 4)
284 {
285 uint32_t verify = 0xffffffff;
286 /* keep the original instruction in target endianness */
287 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
288 {
289 return retval;
290 }
291 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
292 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
293 {
294 return retval;
295 }
296
297 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
298 {
299 return retval;
300 }
301 if (verify != arm7_9->arm_bkpt)
302 {
303 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
304 return ERROR_OK;
305 }
306 }
307 else
308 {
309 uint16_t verify = 0xffff;
310 /* keep the original instruction in target endianness */
311 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
312 {
313 return retval;
314 }
315 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
316 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
317 {
318 return retval;
319 }
320
321 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
322 {
323 return retval;
324 }
325 if (verify != arm7_9->thumb_bkpt)
326 {
327 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
328 return ERROR_OK;
329 }
330 }
331
332 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
333 return retval;
334
335 arm7_9->sw_breakpoint_count++;
336
337 breakpoint->set = 1;
338 }
339
340 return retval;
341 }
342
343 /**
344 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
345 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
346 * will be updated. Otherwise, the software breakpoint will be restored to its
347 * original instruction if it hasn't already been modified.
348 *
349 * @param target Pointer to ARM7/9 target to unset the breakpoint from
350 * @param breakpoint Pointer to breakpoint to be unset
351 * @return For hardware breakpoints, this is the result of executing the JTAG
352 * queue. For software breakpoints, this will be the status of the
353 * required memory reads and writes
354 */
355 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
356 {
357 int retval = ERROR_OK;
358
359 armv4_5_common_t *armv4_5 = target->arch_info;
360 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
361
362 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
363 breakpoint->unique_id,
364 breakpoint->address );
365
366 if (!breakpoint->set)
367 {
368 LOG_WARNING("breakpoint not set");
369 return ERROR_OK;
370 }
371
372 if (breakpoint->type == BKPT_HARD)
373 {
374 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
375 breakpoint->unique_id,
376 breakpoint->set );
377 if (breakpoint->set == 1)
378 {
379 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
380 arm7_9->wp0_used = 0;
381 arm7_9->wp_available++;
382 }
383 else if (breakpoint->set == 2)
384 {
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
386 arm7_9->wp1_used = 0;
387 arm7_9->wp_available++;
388 }
389 retval = jtag_execute_queue();
390 breakpoint->set = 0;
391 }
392 else
393 {
394 /* restore original instruction (kept in target endianness) */
395 if (breakpoint->length == 4)
396 {
397 uint32_t current_instr;
398 /* check that user program as not modified breakpoint instruction */
399 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 if (current_instr == arm7_9->arm_bkpt)
404 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
405 {
406 return retval;
407 }
408 }
409 else
410 {
411 uint16_t current_instr;
412 /* check that user program as not modified breakpoint instruction */
413 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 if (current_instr == arm7_9->thumb_bkpt)
418 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
419 {
420 return retval;
421 }
422 }
423
424 if (--arm7_9->sw_breakpoint_count==0)
425 {
426 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
427 if (arm7_9->sw_breakpoints_added == 1)
428 {
429 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
430 }
431 else if (arm7_9->sw_breakpoints_added == 2)
432 {
433 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
434 }
435 }
436
437 breakpoint->set = 0;
438 }
439
440 return retval;
441 }
442
443 /**
444 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
445 * dangling breakpoints and that the desired breakpoint can be added.
446 *
447 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
448 * @param breakpoint Pointer to the breakpoint to be added
449 * @return An error status if there is a problem adding the breakpoint or the
450 * result of setting the breakpoint
451 */
452 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
453 {
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
456
457 if (target->state != TARGET_HALTED)
458 {
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
461 }
462
463 if (arm7_9->breakpoint_count == 0)
464 {
465 /* make sure we don't have any dangling breakpoints. This is vital upon
466 * GDB connect/disconnect
467 */
468 arm7_9_clear_watchpoints(arm7_9);
469 }
470
471 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
472 {
473 LOG_INFO("no watchpoint unit available for hardware breakpoint");
474 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
475 }
476
477 if ((breakpoint->length != 2) && (breakpoint->length != 4))
478 {
479 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
480 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
481 }
482
483 if (breakpoint->type == BKPT_HARD)
484 {
485 arm7_9_assign_wp(arm7_9, breakpoint);
486 }
487
488 arm7_9->breakpoint_count++;
489
490 return arm7_9_set_breakpoint(target, breakpoint);
491 }
492
493 /**
494 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
495 * dangling breakpoints and updates available watchpoints if it is a hardware
496 * breakpoint.
497 *
498 * @param target Pointer to the target to have a breakpoint removed
499 * @param breakpoint Pointer to the breakpoint to be removed
500 * @return Error status if there was a problem unsetting the breakpoint or the
501 * watchpoints could not be cleared
502 */
503 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
504 {
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
508
509 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
510 {
511 return retval;
512 }
513
514 if (breakpoint->type == BKPT_HARD)
515 arm7_9->wp_available++;
516
517 arm7_9->breakpoint_count--;
518 if (arm7_9->breakpoint_count == 0)
519 {
520 /* make sure we don't have any dangling breakpoints */
521 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
522 {
523 return retval;
524 }
525 }
526
527 return ERROR_OK;
528 }
529
530 /**
531 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
532 * considered a bug to call this function when there are no available watchpoint
533 * units.
534 *
535 * @param target Pointer to an ARM7/9 target to set a watchpoint on
536 * @param watchpoint Pointer to the watchpoint to be set
537 * @return Error status if watchpoint set fails or the result of executing the
538 * JTAG queue
539 */
540 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
541 {
542 int retval = ERROR_OK;
543 armv4_5_common_t *armv4_5 = target->arch_info;
544 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
545 int rw_mask = 1;
546 uint32_t mask;
547
548 mask = watchpoint->length - 1;
549
550 if (target->state != TARGET_HALTED)
551 {
552 LOG_WARNING("target not halted");
553 return ERROR_TARGET_NOT_HALTED;
554 }
555
556 if (watchpoint->rw == WPT_ACCESS)
557 rw_mask = 0;
558 else
559 rw_mask = 1;
560
561 if (!arm7_9->wp0_used)
562 {
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
564 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
566 if (watchpoint->mask != 0xffffffffu)
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
568 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
569 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
570
571 if ((retval = jtag_execute_queue()) != ERROR_OK)
572 {
573 return retval;
574 }
575 watchpoint->set = 1;
576 arm7_9->wp0_used = 2;
577 }
578 else if (!arm7_9->wp1_used)
579 {
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
581 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
582 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
583 if (watchpoint->mask != 0xffffffffu)
584 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
585 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
586 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
587
588 if ((retval = jtag_execute_queue()) != ERROR_OK)
589 {
590 return retval;
591 }
592 watchpoint->set = 2;
593 arm7_9->wp1_used = 2;
594 }
595 else
596 {
597 LOG_ERROR("BUG: no hardware comparator available");
598 return ERROR_OK;
599 }
600
601 return ERROR_OK;
602 }
603
604 /**
605 * Unset an existing watchpoint and clear the used watchpoint unit.
606 *
607 * @param target Pointer to the target to have the watchpoint removed
608 * @param watchpoint Pointer to the watchpoint to be removed
609 * @return Error status while trying to unset the watchpoint or the result of
610 * executing the JTAG queue
611 */
612 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
613 {
614 int retval = ERROR_OK;
615 armv4_5_common_t *armv4_5 = target->arch_info;
616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
617
618 if (target->state != TARGET_HALTED)
619 {
620 LOG_WARNING("target not halted");
621 return ERROR_TARGET_NOT_HALTED;
622 }
623
624 if (!watchpoint->set)
625 {
626 LOG_WARNING("breakpoint not set");
627 return ERROR_OK;
628 }
629
630 if (watchpoint->set == 1)
631 {
632 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
633 if ((retval = jtag_execute_queue()) != ERROR_OK)
634 {
635 return retval;
636 }
637 arm7_9->wp0_used = 0;
638 }
639 else if (watchpoint->set == 2)
640 {
641 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
642 if ((retval = jtag_execute_queue()) != ERROR_OK)
643 {
644 return retval;
645 }
646 arm7_9->wp1_used = 0;
647 }
648 watchpoint->set = 0;
649
650 return ERROR_OK;
651 }
652
653 /**
654 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
655 * available, an error response is returned.
656 *
657 * @param target Pointer to the ARM7/9 target to add a watchpoint to
658 * @param watchpoint Pointer to the watchpoint to be added
659 * @return Error status while trying to add the watchpoint
660 */
661 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
662 {
663 armv4_5_common_t *armv4_5 = target->arch_info;
664 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
665
666 if (target->state != TARGET_HALTED)
667 {
668 LOG_WARNING("target not halted");
669 return ERROR_TARGET_NOT_HALTED;
670 }
671
672 if (arm7_9->wp_available < 1)
673 {
674 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
675 }
676
677 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
678 {
679 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
680 }
681
682 arm7_9->wp_available--;
683
684 return ERROR_OK;
685 }
686
687 /**
688 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
689 * the used watchpoint unit will be reopened.
690 *
691 * @param target Pointer to the target to remove a watchpoint from
692 * @param watchpoint Pointer to the watchpoint to be removed
693 * @return Result of trying to unset the watchpoint
694 */
695 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
696 {
697 int retval = ERROR_OK;
698 armv4_5_common_t *armv4_5 = target->arch_info;
699 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
700
701 if (watchpoint->set)
702 {
703 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
704 {
705 return retval;
706 }
707 }
708
709 arm7_9->wp_available++;
710
711 return ERROR_OK;
712 }
713
714 /**
715 * Restarts the target by sending a RESTART instruction and moving the JTAG
716 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
717 * asserted by the processor.
718 *
719 * @param target Pointer to target to issue commands to
720 * @return Error status if there is a timeout or a problem while executing the
721 * JTAG queue
722 */
723 int arm7_9_execute_sys_speed(struct target_s *target)
724 {
725 int retval;
726
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
730 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
731
732 /* set RESTART instruction */
733 jtag_set_end_state(TAP_IDLE);
734 if (arm7_9->need_bypass_before_restart) {
735 arm7_9->need_bypass_before_restart = 0;
736 arm_jtag_set_instr(jtag_info, 0xf, NULL);
737 }
738 arm_jtag_set_instr(jtag_info, 0x4, NULL);
739
740 long long then = timeval_ms();
741 int timeout;
742 while (!(timeout = ((timeval_ms()-then) > 1000)))
743 {
744 /* read debug status register */
745 embeddedice_read_reg(dbg_stat);
746 if ((retval = jtag_execute_queue()) != ERROR_OK)
747 return retval;
748 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
749 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
750 break;
751 if (debug_level >= 3)
752 {
753 alive_sleep(100);
754 } else
755 {
756 keep_alive();
757 }
758 }
759 if (timeout)
760 {
761 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
762 return ERROR_TARGET_TIMEOUT;
763 }
764
765 return ERROR_OK;
766 }
767
768 /**
769 * Restarts the target by sending a RESTART instruction and moving the JTAG
770 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
771 * waiting until they are.
772 *
773 * @param target Pointer to the target to issue commands to
774 * @return Always ERROR_OK
775 */
776 int arm7_9_execute_fast_sys_speed(struct target_s *target)
777 {
778 static int set = 0;
779 static uint8_t check_value[4], check_mask[4];
780
781 armv4_5_common_t *armv4_5 = target->arch_info;
782 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
783 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
784 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
785
786 /* set RESTART instruction */
787 jtag_set_end_state(TAP_IDLE);
788 if (arm7_9->need_bypass_before_restart) {
789 arm7_9->need_bypass_before_restart = 0;
790 arm_jtag_set_instr(jtag_info, 0xf, NULL);
791 }
792 arm_jtag_set_instr(jtag_info, 0x4, NULL);
793
794 if (!set)
795 {
796 /* check for DBGACK and SYSCOMP set (others don't care) */
797
798 /* NB! These are constants that must be available until after next jtag_execute() and
799 * we evaluate the values upon first execution in lieu of setting up these constants
800 * during early setup.
801 * */
802 buf_set_u32(check_value, 0, 32, 0x9);
803 buf_set_u32(check_mask, 0, 32, 0x9);
804 set = 1;
805 }
806
807 /* read debug status register */
808 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
809
810 return ERROR_OK;
811 }
812
813 /**
814 * Get some data from the ARM7/9 target.
815 *
816 * @param target Pointer to the ARM7/9 target to read data from
817 * @param size The number of 32bit words to be read
818 * @param buffer Pointer to the buffer that will hold the data
819 * @return The result of receiving data from the Embedded ICE unit
820 */
821 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
822 {
823 armv4_5_common_t *armv4_5 = target->arch_info;
824 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
825 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
826 uint32_t *data;
827 int retval = ERROR_OK;
828 uint32_t i;
829
830 data = malloc(size * (sizeof(uint32_t)));
831
832 retval = embeddedice_receive(jtag_info, data, size);
833
834 /* return the 32-bit ints in the 8-bit array */
835 for (i = 0; i < size; i++)
836 {
837 h_u32_to_le(buffer + (i * 4), data[i]);
838 }
839
840 free(data);
841
842 return retval;
843 }
844
845 /**
846 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
847 * target is running and the DCC control register has the W bit high, this will
848 * execute the request on the target.
849 *
850 * @param priv Void pointer expected to be a target_t pointer
851 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
852 * from the Embedded ICE unit
853 */
854 int arm7_9_handle_target_request(void *priv)
855 {
856 int retval = ERROR_OK;
857 target_t *target = priv;
858 if (!target_was_examined(target))
859 return ERROR_OK;
860 armv4_5_common_t *armv4_5 = target->arch_info;
861 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
862 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
863 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
864
865 if (!target->dbg_msg_enabled)
866 return ERROR_OK;
867
868 if (target->state == TARGET_RUNNING)
869 {
870 /* read DCC control register */
871 embeddedice_read_reg(dcc_control);
872 if ((retval = jtag_execute_queue()) != ERROR_OK)
873 {
874 return retval;
875 }
876
877 /* check W bit */
878 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
879 {
880 uint32_t request;
881
882 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
883 {
884 return retval;
885 }
886 if ((retval = target_request(target, request)) != ERROR_OK)
887 {
888 return retval;
889 }
890 }
891 }
892
893 return ERROR_OK;
894 }
895
896 /**
897 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
898 * is manipulated to the right halted state based on its current state. This is
899 * what happens:
900 *
901 * <table>
902 * <tr><th > State</th><th > Action</th></tr>
903 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
904 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
905 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
906 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
907 * </table>
908 *
909 * If the target does not end up in the halted state, a warning is produced. If
910 * DBGACK is cleared, then the target is expected to either be running or
911 * running in debug.
912 *
913 * @param target Pointer to the ARM7/9 target to poll
914 * @return ERROR_OK or an error status if a command fails
915 */
916 int arm7_9_poll(target_t *target)
917 {
918 int retval;
919 armv4_5_common_t *armv4_5 = target->arch_info;
920 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
921 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
922
923 /* read debug status register */
924 embeddedice_read_reg(dbg_stat);
925 if ((retval = jtag_execute_queue()) != ERROR_OK)
926 {
927 return retval;
928 }
929
930 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
931 {
932 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
933 if (target->state == TARGET_UNKNOWN)
934 {
935 /* Starting OpenOCD with target in debug-halt */
936 target->state = TARGET_RUNNING;
937 LOG_DEBUG("DBGACK already set during server startup.");
938 }
939 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
940 {
941 int check_pc = 0;
942 if (target->state == TARGET_RESET)
943 {
944 if (target->reset_halt)
945 {
946 enum reset_types jtag_reset_config = jtag_get_reset_config();
947 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
948 {
949 check_pc = 1;
950 }
951 }
952 }
953
954 target->state = TARGET_HALTED;
955
956 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
957 return retval;
958
959 if (check_pc)
960 {
961 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
962 uint32_t t=*((uint32_t *)reg->value);
963 if (t != 0)
964 {
965 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
966 }
967 }
968
969 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
970 {
971 return retval;
972 }
973 }
974 if (target->state == TARGET_DEBUG_RUNNING)
975 {
976 target->state = TARGET_HALTED;
977 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
978 return retval;
979
980 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
981 {
982 return retval;
983 }
984 }
985 if (target->state != TARGET_HALTED)
986 {
987 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
988 }
989 }
990 else
991 {
992 if (target->state != TARGET_DEBUG_RUNNING)
993 target->state = TARGET_RUNNING;
994 }
995
996 return ERROR_OK;
997 }
998
999 /**
1000 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
1001 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
1002 * affected) completely stop the JTAG clock while the core is held in reset
1003 * (SRST). It isn't possible to program the halt condition once reset is
1004 * asserted, hence a hook that allows the target to set up its reset-halt
1005 * condition is setup prior to asserting reset.
1006 *
1007 * @param target Pointer to an ARM7/9 target to assert reset on
1008 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
1009 */
1010 int arm7_9_assert_reset(target_t *target)
1011 {
1012 armv4_5_common_t *armv4_5 = target->arch_info;
1013 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1014 LOG_DEBUG("target->state: %s",
1015 target_state_name(target));
1016
1017 enum reset_types jtag_reset_config = jtag_get_reset_config();
1018 if (!(jtag_reset_config & RESET_HAS_SRST))
1019 {
1020 LOG_ERROR("Can't assert SRST");
1021 return ERROR_FAIL;
1022 }
1023
1024 /* At this point trst has been asserted/deasserted once. We would
1025 * like to program EmbeddedICE while SRST is asserted, instead of
1026 * depending on SRST to leave that module alone. However, many CPUs
1027 * gate the JTAG clock while SRST is asserted; or JTAG may need
1028 * clock stability guarantees (adaptive clocking might help).
1029 *
1030 * So we assume JTAG access during SRST is off the menu unless it's
1031 * been specifically enabled.
1032 */
1033 bool srst_asserted = false;
1034
1035 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
1036 && (jtag_reset_config & RESET_SRST_NO_GATING))
1037 {
1038 jtag_add_reset(0, 1);
1039 srst_asserted = true;
1040 }
1041
1042 if (target->reset_halt)
1043 {
1044 /*
1045 * Some targets do not support communication while SRST is asserted. We need to
1046 * set up the reset vector catch here.
1047 *
1048 * If TRST is asserted, then these settings will be reset anyway, so setting them
1049 * here is harmless.
1050 */
1051 if (arm7_9->has_vector_catch)
1052 {
1053 /* program vector catch register to catch reset vector */
1054 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1055
1056 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1057 jtag_add_runtest(1, jtag_get_end_state());
1058 }
1059 else
1060 {
1061 /* program watchpoint unit to match on reset vector address */
1062 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1063 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1064 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1065 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1066 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1067 }
1068 }
1069
1070 /* here we should issue an SRST only, but we may have to assert TRST as well */
1071 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1072 {
1073 jtag_add_reset(1, 1);
1074 } else if (!srst_asserted)
1075 {
1076 jtag_add_reset(0, 1);
1077 }
1078
1079 target->state = TARGET_RESET;
1080 jtag_add_sleep(50000);
1081
1082 armv4_5_invalidate_core_regs(target);
1083
1084 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1085 {
1086 /* debug entry was already prepared in arm7_9_assert_reset() */
1087 target->debug_reason = DBG_REASON_DBGRQ;
1088 }
1089
1090 return ERROR_OK;
1091 }
1092
1093 /**
1094 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1095 * and the target is being reset into a halt, a warning will be triggered
1096 * because it is not possible to reset into a halted mode in this case. The
1097 * target is halted using the target's functions.
1098 *
1099 * @param target Pointer to the target to have the reset deasserted
1100 * @return ERROR_OK or an error from polling or halting the target
1101 */
1102 int arm7_9_deassert_reset(target_t *target)
1103 {
1104 int retval = ERROR_OK;
1105 LOG_DEBUG("target->state: %s",
1106 target_state_name(target));
1107
1108 /* deassert reset lines */
1109 jtag_add_reset(0, 0);
1110
1111 enum reset_types jtag_reset_config = jtag_get_reset_config();
1112 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1113 {
1114 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1115 /* set up embedded ice registers again */
1116 if ((retval = target_examine_one(target)) != ERROR_OK)
1117 return retval;
1118
1119 if ((retval = target_poll(target)) != ERROR_OK)
1120 {
1121 return retval;
1122 }
1123
1124 if ((retval = target_halt(target)) != ERROR_OK)
1125 {
1126 return retval;
1127 }
1128
1129 }
1130 return retval;
1131 }
1132
1133 /**
1134 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1135 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1136 * vector catch was used, it is restored. Otherwise, the control value is
1137 * restored and the watchpoint unit is restored if it was in use.
1138 *
1139 * @param target Pointer to the ARM7/9 target to have halt cleared
1140 * @return Always ERROR_OK
1141 */
1142 int arm7_9_clear_halt(target_t *target)
1143 {
1144 armv4_5_common_t *armv4_5 = target->arch_info;
1145 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1146 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1147
1148 /* we used DBGRQ only if we didn't come out of reset */
1149 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1150 {
1151 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1152 */
1153 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1154 embeddedice_store_reg(dbg_ctrl);
1155 }
1156 else
1157 {
1158 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1159 {
1160 /* if we came out of reset, and vector catch is supported, we used
1161 * vector catch to enter debug state
1162 * restore the register in that case
1163 */
1164 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1165 }
1166 else
1167 {
1168 /* restore registers if watchpoint unit 0 was in use
1169 */
1170 if (arm7_9->wp0_used)
1171 {
1172 if (arm7_9->debug_entry_from_reset)
1173 {
1174 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1175 }
1176 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1177 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1178 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1179 }
1180 /* control value always has to be restored, as it was either disabled,
1181 * or enabled with possibly different bits
1182 */
1183 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1184 }
1185 }
1186
1187 return ERROR_OK;
1188 }
1189
1190 /**
1191 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1192 * and then there is a wait until the processor shows the halt. This wait can
1193 * timeout and results in an error being returned. The software reset involves
1194 * clearing the halt, updating the debug control register, changing to ARM mode,
1195 * reset of the program counter, and reset of all of the registers.
1196 *
1197 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1198 * @return Error status if any of the commands fail, otherwise ERROR_OK
1199 */
1200 int arm7_9_soft_reset_halt(struct target_s *target)
1201 {
1202 armv4_5_common_t *armv4_5 = target->arch_info;
1203 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1204 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1205 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1206 int i;
1207 int retval;
1208
1209 /* FIX!!! replace some of this code with tcl commands
1210 *
1211 * halt # the halt command is synchronous
1212 * armv4_5 core_state arm
1213 *
1214 */
1215
1216 if ((retval = target_halt(target)) != ERROR_OK)
1217 return retval;
1218
1219 long long then = timeval_ms();
1220 int timeout;
1221 while (!(timeout = ((timeval_ms()-then) > 1000)))
1222 {
1223 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1224 break;
1225 embeddedice_read_reg(dbg_stat);
1226 if ((retval = jtag_execute_queue()) != ERROR_OK)
1227 return retval;
1228 if (debug_level >= 3)
1229 {
1230 alive_sleep(100);
1231 } else
1232 {
1233 keep_alive();
1234 }
1235 }
1236 if (timeout)
1237 {
1238 LOG_ERROR("Failed to halt CPU after 1 sec");
1239 return ERROR_TARGET_TIMEOUT;
1240 }
1241 target->state = TARGET_HALTED;
1242
1243 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1244 * ensure that DBGRQ is cleared
1245 */
1246 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1247 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1248 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1249 embeddedice_store_reg(dbg_ctrl);
1250
1251 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1252 {
1253 return retval;
1254 }
1255
1256 /* if the target is in Thumb state, change to ARM state */
1257 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1258 {
1259 uint32_t r0_thumb, pc_thumb;
1260 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1261 /* Entered debug from Thumb mode */
1262 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1263 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1264 }
1265
1266 /* all register content is now invalid */
1267 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1268 {
1269 return retval;
1270 }
1271
1272 /* SVC, ARM state, IRQ and FIQ disabled */
1273 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1274 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1275 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1276
1277 /* start fetching from 0x0 */
1278 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1279 armv4_5->core_cache->reg_list[15].dirty = 1;
1280 armv4_5->core_cache->reg_list[15].valid = 1;
1281
1282 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1283 armv4_5->core_state = ARMV4_5_STATE_ARM;
1284
1285 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1286 return ERROR_FAIL;
1287
1288 /* reset registers */
1289 for (i = 0; i <= 14; i++)
1290 {
1291 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1292 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1293 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1294 }
1295
1296 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1297 {
1298 return retval;
1299 }
1300
1301 return ERROR_OK;
1302 }
1303
1304 /**
1305 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1306 * line or by programming a watchpoint to trigger on any address. It is
1307 * considered a bug to call this function while the target is in the
1308 * TARGET_RESET state.
1309 *
1310 * @param target Pointer to the ARM7/9 target to be halted
1311 * @return Always ERROR_OK
1312 */
1313 int arm7_9_halt(target_t *target)
1314 {
1315 if (target->state == TARGET_RESET)
1316 {
1317 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1318 return ERROR_OK;
1319 }
1320
1321 armv4_5_common_t *armv4_5 = target->arch_info;
1322 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1323 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1324
1325 LOG_DEBUG("target->state: %s",
1326 target_state_name(target));
1327
1328 if (target->state == TARGET_HALTED)
1329 {
1330 LOG_DEBUG("target was already halted");
1331 return ERROR_OK;
1332 }
1333
1334 if (target->state == TARGET_UNKNOWN)
1335 {
1336 LOG_WARNING("target was in unknown state when halt was requested");
1337 }
1338
1339 if (arm7_9->use_dbgrq)
1340 {
1341 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1342 */
1343 if (arm7_9->set_special_dbgrq) {
1344 arm7_9->set_special_dbgrq(target);
1345 } else {
1346 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1347 embeddedice_store_reg(dbg_ctrl);
1348 }
1349 }
1350 else
1351 {
1352 /* program watchpoint unit to match on any address
1353 */
1354 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1355 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1356 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1357 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1358 }
1359
1360 target->debug_reason = DBG_REASON_DBGRQ;
1361
1362 return ERROR_OK;
1363 }
1364
1365 /**
1366 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1367 * ARM. The JTAG queue is then executed and the reason for debug entry is
1368 * examined. Once done, the target is verified to be halted and the processor
1369 * is forced into ARM mode. The core registers are saved for the current core
1370 * mode and the program counter (register 15) is updated as needed. The core
1371 * registers and CPSR and SPSR are saved for restoration later.
1372 *
1373 * @param target Pointer to target that is entering debug mode
1374 * @return Error code if anything fails, otherwise ERROR_OK
1375 */
1376 int arm7_9_debug_entry(target_t *target)
1377 {
1378 int i;
1379 uint32_t context[16];
1380 uint32_t* context_p[16];
1381 uint32_t r0_thumb, pc_thumb;
1382 uint32_t cpsr;
1383 int retval;
1384 /* get pointers to arch-specific information */
1385 armv4_5_common_t *armv4_5 = target->arch_info;
1386 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1387 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1388 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1389
1390 #ifdef _DEBUG_ARM7_9_
1391 LOG_DEBUG("-");
1392 #endif
1393
1394 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1395 * ensure that DBGRQ is cleared
1396 */
1397 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1398 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1399 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1400 embeddedice_store_reg(dbg_ctrl);
1401
1402 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1403 {
1404 return retval;
1405 }
1406
1407 if ((retval = jtag_execute_queue()) != ERROR_OK)
1408 {
1409 return retval;
1410 }
1411
1412 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1413 return retval;
1414
1415
1416 if (target->state != TARGET_HALTED)
1417 {
1418 LOG_WARNING("target not halted");
1419 return ERROR_TARGET_NOT_HALTED;
1420 }
1421
1422 /* if the target is in Thumb state, change to ARM state */
1423 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1424 {
1425 LOG_DEBUG("target entered debug from Thumb state");
1426 /* Entered debug from Thumb mode */
1427 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1428 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1429 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1430 }
1431 else
1432 {
1433 LOG_DEBUG("target entered debug from ARM state");
1434 /* Entered debug from ARM mode */
1435 armv4_5->core_state = ARMV4_5_STATE_ARM;
1436 }
1437
1438 for (i = 0; i < 16; i++)
1439 context_p[i] = &context[i];
1440 /* save core registers (r0 - r15 of current core mode) */
1441 arm7_9->read_core_regs(target, 0xffff, context_p);
1442
1443 arm7_9->read_xpsr(target, &cpsr, 0);
1444
1445 if ((retval = jtag_execute_queue()) != ERROR_OK)
1446 return retval;
1447
1448 /* if the core has been executing in Thumb state, set the T bit */
1449 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1450 cpsr |= 0x20;
1451
1452 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1453 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1454 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1455
1456 armv4_5->core_mode = cpsr & 0x1f;
1457
1458 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1459 {
1460 target->state = TARGET_UNKNOWN;
1461 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1462 return ERROR_TARGET_FAILURE;
1463 }
1464
1465 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1466
1467 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1468 {
1469 LOG_DEBUG("thumb state, applying fixups");
1470 context[0] = r0_thumb;
1471 context[15] = pc_thumb;
1472 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1473 {
1474 /* adjust value stored by STM */
1475 context[15] -= 3 * 4;
1476 }
1477
1478 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1479 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1480 else
1481 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1482
1483 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1484 return ERROR_FAIL;
1485
1486 for (i = 0; i <= 15; i++)
1487 {
1488 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1489 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1490 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1491 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1492 }
1493
1494 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1495
1496 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1497 return ERROR_FAIL;
1498
1499 /* exceptions other than USR & SYS have a saved program status register */
1500 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1501 {
1502 uint32_t spsr;
1503 arm7_9->read_xpsr(target, &spsr, 1);
1504 if ((retval = jtag_execute_queue()) != ERROR_OK)
1505 {
1506 return retval;
1507 }
1508 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1509 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1510 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1511 }
1512
1513 /* r0 and r15 (pc) have to be restored later */
1514 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1515 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1516
1517 if ((retval = jtag_execute_queue()) != ERROR_OK)
1518 return retval;
1519
1520 if (arm7_9->post_debug_entry)
1521 arm7_9->post_debug_entry(target);
1522
1523 return ERROR_OK;
1524 }
1525
1526 /**
1527 * Validate the full context for an ARM7/9 target in all processor modes. If
1528 * there are any invalid registers for the target, they will all be read. This
1529 * includes the PSR.
1530 *
1531 * @param target Pointer to the ARM7/9 target to capture the full context from
1532 * @return Error if the target is not halted, has an invalid core mode, or if
1533 * the JTAG queue fails to execute
1534 */
1535 int arm7_9_full_context(target_t *target)
1536 {
1537 int i;
1538 int retval;
1539 armv4_5_common_t *armv4_5 = target->arch_info;
1540 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1541
1542 LOG_DEBUG("-");
1543
1544 if (target->state != TARGET_HALTED)
1545 {
1546 LOG_WARNING("target not halted");
1547 return ERROR_TARGET_NOT_HALTED;
1548 }
1549
1550 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1551 return ERROR_FAIL;
1552
1553 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1554 * SYS shares registers with User, so we don't touch SYS
1555 */
1556 for (i = 0; i < 6; i++)
1557 {
1558 uint32_t mask = 0;
1559 uint32_t* reg_p[16];
1560 int j;
1561 int valid = 1;
1562
1563 /* check if there are invalid registers in the current mode
1564 */
1565 for (j = 0; j <= 16; j++)
1566 {
1567 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1568 valid = 0;
1569 }
1570
1571 if (!valid)
1572 {
1573 uint32_t tmp_cpsr;
1574
1575 /* change processor mode (and mask T bit) */
1576 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1577 tmp_cpsr |= armv4_5_number_to_mode(i);
1578 tmp_cpsr &= ~0x20;
1579 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1580
1581 for (j = 0; j < 15; j++)
1582 {
1583 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1584 {
1585 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1586 mask |= 1 << j;
1587 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1588 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1589 }
1590 }
1591
1592 /* if only the PSR is invalid, mask is all zeroes */
1593 if (mask)
1594 arm7_9->read_core_regs(target, mask, reg_p);
1595
1596 /* check if the PSR has to be read */
1597 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1598 {
1599 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1600 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1601 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1602 }
1603 }
1604 }
1605
1606 /* restore processor mode (mask T bit) */
1607 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1608
1609 if ((retval = jtag_execute_queue()) != ERROR_OK)
1610 {
1611 return retval;
1612 }
1613 return ERROR_OK;
1614 }
1615
1616 /**
1617 * Restore the processor context on an ARM7/9 target. The full processor
1618 * context is analyzed to see if any of the registers are dirty on this end, but
1619 * have a valid new value. If this is the case, the processor is changed to the
1620 * appropriate mode and the new register values are written out to the
1621 * processor. If there happens to be a dirty register with an invalid value, an
1622 * error will be logged.
1623 *
1624 * @param target Pointer to the ARM7/9 target to have its context restored
1625 * @return Error status if the target is not halted or the core mode in the
1626 * armv4_5 struct is invalid.
1627 */
1628 int arm7_9_restore_context(target_t *target)
1629 {
1630 armv4_5_common_t *armv4_5 = target->arch_info;
1631 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1632 reg_t *reg;
1633 armv4_5_core_reg_t *reg_arch_info;
1634 enum armv4_5_mode current_mode = armv4_5->core_mode;
1635 int i, j;
1636 int dirty;
1637 int mode_change;
1638
1639 LOG_DEBUG("-");
1640
1641 if (target->state != TARGET_HALTED)
1642 {
1643 LOG_WARNING("target not halted");
1644 return ERROR_TARGET_NOT_HALTED;
1645 }
1646
1647 if (arm7_9->pre_restore_context)
1648 arm7_9->pre_restore_context(target);
1649
1650 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1651 return ERROR_FAIL;
1652
1653 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1654 * SYS shares registers with User, so we don't touch SYS
1655 */
1656 for (i = 0; i < 6; i++)
1657 {
1658 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1659 dirty = 0;
1660 mode_change = 0;
1661 /* check if there are dirty registers in the current mode
1662 */
1663 for (j = 0; j <= 16; j++)
1664 {
1665 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1666 reg_arch_info = reg->arch_info;
1667 if (reg->dirty == 1)
1668 {
1669 if (reg->valid == 1)
1670 {
1671 dirty = 1;
1672 LOG_DEBUG("examining dirty reg: %s", reg->name);
1673 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1674 && (reg_arch_info->mode != current_mode)
1675 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1676 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1677 {
1678 mode_change = 1;
1679 LOG_DEBUG("require mode change");
1680 }
1681 }
1682 else
1683 {
1684 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1685 }
1686 }
1687 }
1688
1689 if (dirty)
1690 {
1691 uint32_t mask = 0x0;
1692 int num_regs = 0;
1693 uint32_t regs[16];
1694
1695 if (mode_change)
1696 {
1697 uint32_t tmp_cpsr;
1698
1699 /* change processor mode (mask T bit) */
1700 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1701 tmp_cpsr |= armv4_5_number_to_mode(i);
1702 tmp_cpsr &= ~0x20;
1703 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1704 current_mode = armv4_5_number_to_mode(i);
1705 }
1706
1707 for (j = 0; j <= 14; j++)
1708 {
1709 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1710 reg_arch_info = reg->arch_info;
1711
1712
1713 if (reg->dirty == 1)
1714 {
1715 regs[j] = buf_get_u32(reg->value, 0, 32);
1716 mask |= 1 << j;
1717 num_regs++;
1718 reg->dirty = 0;
1719 reg->valid = 1;
1720 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1721 }
1722 }
1723
1724 if (mask)
1725 {
1726 arm7_9->write_core_regs(target, mask, regs);
1727 }
1728
1729 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1730 reg_arch_info = reg->arch_info;
1731 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1732 {
1733 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1734 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1735 }
1736 }
1737 }
1738
1739 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1740 {
1741 /* restore processor mode (mask T bit) */
1742 uint32_t tmp_cpsr;
1743
1744 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1745 tmp_cpsr |= armv4_5_number_to_mode(i);
1746 tmp_cpsr &= ~0x20;
1747 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1748 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1749 }
1750 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1751 {
1752 /* CPSR has been changed, full restore necessary (mask T bit) */
1753 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1754 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1755 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1756 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1757 }
1758
1759 /* restore PC */
1760 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1761 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1762 armv4_5->core_cache->reg_list[15].dirty = 0;
1763
1764 if (arm7_9->post_restore_context)
1765 arm7_9->post_restore_context(target);
1766
1767 return ERROR_OK;
1768 }
1769
1770 /**
1771 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1772 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1773 * restart.
1774 *
1775 * @param target Pointer to the ARM7/9 target to be restarted
1776 * @return Result of executing the JTAG queue
1777 */
1778 int arm7_9_restart_core(struct target_s *target)
1779 {
1780 armv4_5_common_t *armv4_5 = target->arch_info;
1781 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1782 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1783
1784 /* set RESTART instruction */
1785 jtag_set_end_state(TAP_IDLE);
1786 if (arm7_9->need_bypass_before_restart) {
1787 arm7_9->need_bypass_before_restart = 0;
1788 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1789 }
1790 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1791
1792 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1793 return jtag_execute_queue();
1794 }
1795
1796 /**
1797 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1798 * iterated through and are set on the target if they aren't already set.
1799 *
1800 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1801 */
1802 void arm7_9_enable_watchpoints(struct target_s *target)
1803 {
1804 watchpoint_t *watchpoint = target->watchpoints;
1805
1806 while (watchpoint)
1807 {
1808 if (watchpoint->set == 0)
1809 arm7_9_set_watchpoint(target, watchpoint);
1810 watchpoint = watchpoint->next;
1811 }
1812 }
1813
1814 /**
1815 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1816 * iterated through and are set on the target.
1817 *
1818 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1819 */
1820 void arm7_9_enable_breakpoints(struct target_s *target)
1821 {
1822 breakpoint_t *breakpoint = target->breakpoints;
1823
1824 /* set any pending breakpoints */
1825 while (breakpoint)
1826 {
1827 arm7_9_set_breakpoint(target, breakpoint);
1828 breakpoint = breakpoint->next;
1829 }
1830 }
1831
1832 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1833 {
1834 armv4_5_common_t *armv4_5 = target->arch_info;
1835 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1836 breakpoint_t *breakpoint = target->breakpoints;
1837 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1838 int err, retval = ERROR_OK;
1839
1840 LOG_DEBUG("-");
1841
1842 if (target->state != TARGET_HALTED)
1843 {
1844 LOG_WARNING("target not halted");
1845 return ERROR_TARGET_NOT_HALTED;
1846 }
1847
1848 if (!debug_execution)
1849 {
1850 target_free_all_working_areas(target);
1851 }
1852
1853 /* current = 1: continue on current pc, otherwise continue at <address> */
1854 if (!current)
1855 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1856
1857 uint32_t current_pc;
1858 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1859
1860 /* the front-end may request us not to handle breakpoints */
1861 if (handle_breakpoints)
1862 {
1863 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1864 {
1865 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1866 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1867 {
1868 return retval;
1869 }
1870
1871 /* calculate PC of next instruction */
1872 uint32_t next_pc;
1873 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1874 {
1875 uint32_t current_opcode;
1876 target_read_u32(target, current_pc, &current_opcode);
1877 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1878 return retval;
1879 }
1880
1881 LOG_DEBUG("enable single-step");
1882 arm7_9->enable_single_step(target, next_pc);
1883
1884 target->debug_reason = DBG_REASON_SINGLESTEP;
1885
1886 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1887 {
1888 return retval;
1889 }
1890
1891 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1892 arm7_9->branch_resume(target);
1893 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1894 {
1895 arm7_9->branch_resume_thumb(target);
1896 }
1897 else
1898 {
1899 LOG_ERROR("unhandled core state");
1900 return ERROR_FAIL;
1901 }
1902
1903 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1904 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1905 err = arm7_9_execute_sys_speed(target);
1906
1907 LOG_DEBUG("disable single-step");
1908 arm7_9->disable_single_step(target);
1909
1910 if (err != ERROR_OK)
1911 {
1912 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1913 {
1914 return retval;
1915 }
1916 target->state = TARGET_UNKNOWN;
1917 return err;
1918 }
1919
1920 arm7_9_debug_entry(target);
1921 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1922
1923 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1924 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1925 {
1926 return retval;
1927 }
1928 }
1929 }
1930
1931 /* enable any pending breakpoints and watchpoints */
1932 arm7_9_enable_breakpoints(target);
1933 arm7_9_enable_watchpoints(target);
1934
1935 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1936 {
1937 return retval;
1938 }
1939
1940 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1941 {
1942 arm7_9->branch_resume(target);
1943 }
1944 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1945 {
1946 arm7_9->branch_resume_thumb(target);
1947 }
1948 else
1949 {
1950 LOG_ERROR("unhandled core state");
1951 return ERROR_FAIL;
1952 }
1953
1954 /* deassert DBGACK and INTDIS */
1955 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1956 /* INTDIS only when we really resume, not during debug execution */
1957 if (!debug_execution)
1958 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1959 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1960
1961 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1962 {
1963 return retval;
1964 }
1965
1966 target->debug_reason = DBG_REASON_NOTHALTED;
1967
1968 if (!debug_execution)
1969 {
1970 /* registers are now invalid */
1971 armv4_5_invalidate_core_regs(target);
1972 target->state = TARGET_RUNNING;
1973 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1974 {
1975 return retval;
1976 }
1977 }
1978 else
1979 {
1980 target->state = TARGET_DEBUG_RUNNING;
1981 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1982 {
1983 return retval;
1984 }
1985 }
1986
1987 LOG_DEBUG("target resumed");
1988
1989 return ERROR_OK;
1990 }
1991
1992 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1993 {
1994 armv4_5_common_t *armv4_5 = target->arch_info;
1995 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1996
1997 uint32_t current_pc;
1998 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1999
2000 if (next_pc != current_pc)
2001 {
2002 /* setup an inverse breakpoint on the current PC
2003 * - comparator 1 matches the current address
2004 * - rangeout from comparator 1 is connected to comparator 0 rangein
2005 * - comparator 0 matches any address, as long as rangein is low */
2006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
2007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
2008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
2010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
2011 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2012 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2013 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
2014 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2015 }
2016 else
2017 {
2018 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
2019 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
2020 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
2021 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
2022 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2023 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2024 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2025 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2026 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2027 }
2028 }
2029
2030 void arm7_9_disable_eice_step(target_t *target)
2031 {
2032 armv4_5_common_t *armv4_5 = target->arch_info;
2033 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2034
2035 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2036 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2037 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2038 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2039 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2040 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2041 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2042 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2043 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2044 }
2045
2046 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2047 {
2048 armv4_5_common_t *armv4_5 = target->arch_info;
2049 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2050 breakpoint_t *breakpoint = NULL;
2051 int err, retval;
2052
2053 if (target->state != TARGET_HALTED)
2054 {
2055 LOG_WARNING("target not halted");
2056 return ERROR_TARGET_NOT_HALTED;
2057 }
2058
2059 /* current = 1: continue on current pc, otherwise continue at <address> */
2060 if (!current)
2061 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2062
2063 uint32_t current_pc;
2064 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2065
2066 /* the front-end may request us not to handle breakpoints */
2067 if (handle_breakpoints)
2068 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2069 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2070 {
2071 return retval;
2072 }
2073
2074 target->debug_reason = DBG_REASON_SINGLESTEP;
2075
2076 /* calculate PC of next instruction */
2077 uint32_t next_pc;
2078 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2079 {
2080 uint32_t current_opcode;
2081 target_read_u32(target, current_pc, &current_opcode);
2082 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2083 return retval;
2084 }
2085
2086 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2087 {
2088 return retval;
2089 }
2090
2091 arm7_9->enable_single_step(target, next_pc);
2092
2093 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2094 {
2095 arm7_9->branch_resume(target);
2096 }
2097 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2098 {
2099 arm7_9->branch_resume_thumb(target);
2100 }
2101 else
2102 {
2103 LOG_ERROR("unhandled core state");
2104 return ERROR_FAIL;
2105 }
2106
2107 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2108 {
2109 return retval;
2110 }
2111
2112 err = arm7_9_execute_sys_speed(target);
2113 arm7_9->disable_single_step(target);
2114
2115 /* registers are now invalid */
2116 armv4_5_invalidate_core_regs(target);
2117
2118 if (err != ERROR_OK)
2119 {
2120 target->state = TARGET_UNKNOWN;
2121 } else {
2122 arm7_9_debug_entry(target);
2123 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2124 {
2125 return retval;
2126 }
2127 LOG_DEBUG("target stepped");
2128 }
2129
2130 if (breakpoint)
2131 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2132 {
2133 return retval;
2134 }
2135
2136 return err;
2137 }
2138
2139 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2140 {
2141 uint32_t* reg_p[16];
2142 uint32_t value;
2143 int retval;
2144 armv4_5_common_t *armv4_5 = target->arch_info;
2145 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2146
2147 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2148 return ERROR_FAIL;
2149
2150 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2151
2152 if ((num < 0) || (num > 16))
2153 return ERROR_INVALID_ARGUMENTS;
2154
2155 if ((mode != ARMV4_5_MODE_ANY)
2156 && (mode != armv4_5->core_mode)
2157 && (reg_mode != ARMV4_5_MODE_ANY))
2158 {
2159 uint32_t tmp_cpsr;
2160
2161 /* change processor mode (mask T bit) */
2162 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2163 tmp_cpsr |= mode;
2164 tmp_cpsr &= ~0x20;
2165 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2166 }
2167
2168 if ((num >= 0) && (num <= 15))
2169 {
2170 /* read a normal core register */
2171 reg_p[num] = &value;
2172
2173 arm7_9->read_core_regs(target, 1 << num, reg_p);
2174 }
2175 else
2176 {
2177 /* read a program status register
2178 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2179 */
2180 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2181 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2182
2183 arm7_9->read_xpsr(target, &value, spsr);
2184 }
2185
2186 if ((retval = jtag_execute_queue()) != ERROR_OK)
2187 {
2188 return retval;
2189 }
2190
2191 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2192 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2193 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2194
2195 if ((mode != ARMV4_5_MODE_ANY)
2196 && (mode != armv4_5->core_mode)
2197 && (reg_mode != ARMV4_5_MODE_ANY)) {
2198 /* restore processor mode (mask T bit) */
2199 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2200 }
2201
2202 return ERROR_OK;
2203 }
2204
2205 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2206 {
2207 uint32_t reg[16];
2208 armv4_5_common_t *armv4_5 = target->arch_info;
2209 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2210
2211 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2212 return ERROR_FAIL;
2213
2214 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2215
2216 if ((num < 0) || (num > 16))
2217 return ERROR_INVALID_ARGUMENTS;
2218
2219 if ((mode != ARMV4_5_MODE_ANY)
2220 && (mode != armv4_5->core_mode)
2221 && (reg_mode != ARMV4_5_MODE_ANY)) {
2222 uint32_t tmp_cpsr;
2223
2224 /* change processor mode (mask T bit) */
2225 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2226 tmp_cpsr |= mode;
2227 tmp_cpsr &= ~0x20;
2228 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2229 }
2230
2231 if ((num >= 0) && (num <= 15))
2232 {
2233 /* write a normal core register */
2234 reg[num] = value;
2235
2236 arm7_9->write_core_regs(target, 1 << num, reg);
2237 }
2238 else
2239 {
2240 /* write a program status register
2241 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2242 */
2243 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2244 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2245
2246 /* if we're writing the CPSR, mask the T bit */
2247 if (!spsr)
2248 value &= ~0x20;
2249
2250 arm7_9->write_xpsr(target, value, spsr);
2251 }
2252
2253 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2254 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2255
2256 if ((mode != ARMV4_5_MODE_ANY)
2257 && (mode != armv4_5->core_mode)
2258 && (reg_mode != ARMV4_5_MODE_ANY)) {
2259 /* restore processor mode (mask T bit) */
2260 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2261 }
2262
2263 return jtag_execute_queue();
2264 }
2265
2266 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2267 {
2268 armv4_5_common_t *armv4_5 = target->arch_info;
2269 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2270
2271 uint32_t reg[16];
2272 uint32_t num_accesses = 0;
2273 int thisrun_accesses;
2274 int i;
2275 uint32_t cpsr;
2276 int retval;
2277 int last_reg = 0;
2278
2279 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2280
2281 if (target->state != TARGET_HALTED)
2282 {
2283 LOG_WARNING("target not halted");
2284 return ERROR_TARGET_NOT_HALTED;
2285 }
2286
2287 /* sanitize arguments */
2288 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2289 return ERROR_INVALID_ARGUMENTS;
2290
2291 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2292 return ERROR_TARGET_UNALIGNED_ACCESS;
2293
2294 /* load the base register with the address of the first word */
2295 reg[0] = address;
2296 arm7_9->write_core_regs(target, 0x1, reg);
2297
2298 int j = 0;
2299
2300 switch (size)
2301 {
2302 case 4:
2303 while (num_accesses < count)
2304 {
2305 uint32_t reg_list;
2306 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2307 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2308
2309 if (last_reg <= thisrun_accesses)
2310 last_reg = thisrun_accesses;
2311
2312 arm7_9->load_word_regs(target, reg_list);
2313
2314 /* fast memory reads are only safe when the target is running
2315 * from a sufficiently high clock (32 kHz is usually too slow)
2316 */
2317 if (arm7_9->fast_memory_access)
2318 retval = arm7_9_execute_fast_sys_speed(target);
2319 else
2320 retval = arm7_9_execute_sys_speed(target);
2321 if (retval != ERROR_OK)
2322 return retval;
2323
2324 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2325
2326 /* advance buffer, count number of accesses */
2327 buffer += thisrun_accesses * 4;
2328 num_accesses += thisrun_accesses;
2329
2330 if ((j++%1024) == 0)
2331 {
2332 keep_alive();
2333 }
2334 }
2335 break;
2336 case 2:
2337 while (num_accesses < count)
2338 {
2339 uint32_t reg_list;
2340 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2341 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2342
2343 for (i = 1; i <= thisrun_accesses; i++)
2344 {
2345 if (i > last_reg)
2346 last_reg = i;
2347 arm7_9->load_hword_reg(target, i);
2348 /* fast memory reads are only safe when the target is running
2349 * from a sufficiently high clock (32 kHz is usually too slow)
2350 */
2351 if (arm7_9->fast_memory_access)
2352 retval = arm7_9_execute_fast_sys_speed(target);
2353 else
2354 retval = arm7_9_execute_sys_speed(target);
2355 if (retval != ERROR_OK)
2356 {
2357 return retval;
2358 }
2359
2360 }
2361
2362 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2363
2364 /* advance buffer, count number of accesses */
2365 buffer += thisrun_accesses * 2;
2366 num_accesses += thisrun_accesses;
2367
2368 if ((j++%1024) == 0)
2369 {
2370 keep_alive();
2371 }
2372 }
2373 break;
2374 case 1:
2375 while (num_accesses < count)
2376 {
2377 uint32_t reg_list;
2378 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2379 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2380
2381 for (i = 1; i <= thisrun_accesses; i++)
2382 {
2383 if (i > last_reg)
2384 last_reg = i;
2385 arm7_9->load_byte_reg(target, i);
2386 /* fast memory reads are only safe when the target is running
2387 * from a sufficiently high clock (32 kHz is usually too slow)
2388 */
2389 if (arm7_9->fast_memory_access)
2390 retval = arm7_9_execute_fast_sys_speed(target);
2391 else
2392 retval = arm7_9_execute_sys_speed(target);
2393 if (retval != ERROR_OK)
2394 {
2395 return retval;
2396 }
2397 }
2398
2399 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2400
2401 /* advance buffer, count number of accesses */
2402 buffer += thisrun_accesses * 1;
2403 num_accesses += thisrun_accesses;
2404
2405 if ((j++%1024) == 0)
2406 {
2407 keep_alive();
2408 }
2409 }
2410 break;
2411 default:
2412 LOG_ERROR("BUG: we shouldn't get here");
2413 exit(-1);
2414 break;
2415 }
2416
2417 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2418 return ERROR_FAIL;
2419
2420 for (i = 0; i <= last_reg; i++)
2421 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2422
2423 arm7_9->read_xpsr(target, &cpsr, 0);
2424 if ((retval = jtag_execute_queue()) != ERROR_OK)
2425 {
2426 LOG_ERROR("JTAG error while reading cpsr");
2427 return ERROR_TARGET_DATA_ABORT;
2428 }
2429
2430 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2431 {
2432 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2433
2434 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2435
2436 return ERROR_TARGET_DATA_ABORT;
2437 }
2438
2439 return ERROR_OK;
2440 }
2441
2442 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2443 {
2444 armv4_5_common_t *armv4_5 = target->arch_info;
2445 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2446 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2447
2448 uint32_t reg[16];
2449 uint32_t num_accesses = 0;
2450 int thisrun_accesses;
2451 int i;
2452 uint32_t cpsr;
2453 int retval;
2454 int last_reg = 0;
2455
2456 #ifdef _DEBUG_ARM7_9_
2457 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2458 #endif
2459
2460 if (target->state != TARGET_HALTED)
2461 {
2462 LOG_WARNING("target not halted");
2463 return ERROR_TARGET_NOT_HALTED;
2464 }
2465
2466 /* sanitize arguments */
2467 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2468 return ERROR_INVALID_ARGUMENTS;
2469
2470 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2471 return ERROR_TARGET_UNALIGNED_ACCESS;
2472
2473 /* load the base register with the address of the first word */
2474 reg[0] = address;
2475 arm7_9->write_core_regs(target, 0x1, reg);
2476
2477 /* Clear DBGACK, to make sure memory fetches work as expected */
2478 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2479 embeddedice_store_reg(dbg_ctrl);
2480
2481 switch (size)
2482 {
2483 case 4:
2484 while (num_accesses < count)
2485 {
2486 uint32_t reg_list;
2487 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2488 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2489
2490 for (i = 1; i <= thisrun_accesses; i++)
2491 {
2492 if (i > last_reg)
2493 last_reg = i;
2494 reg[i] = target_buffer_get_u32(target, buffer);
2495 buffer += 4;
2496 }
2497
2498 arm7_9->write_core_regs(target, reg_list, reg);
2499
2500 arm7_9->store_word_regs(target, reg_list);
2501
2502 /* fast memory writes are only safe when the target is running
2503 * from a sufficiently high clock (32 kHz is usually too slow)
2504 */
2505 if (arm7_9->fast_memory_access)
2506 retval = arm7_9_execute_fast_sys_speed(target);
2507 else
2508 retval = arm7_9_execute_sys_speed(target);
2509 if (retval != ERROR_OK)
2510 {
2511 return retval;
2512 }
2513
2514 num_accesses += thisrun_accesses;
2515 }
2516 break;
2517 case 2:
2518 while (num_accesses < count)
2519 {
2520 uint32_t reg_list;
2521 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2522 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2523
2524 for (i = 1; i <= thisrun_accesses; i++)
2525 {
2526 if (i > last_reg)
2527 last_reg = i;
2528 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2529 buffer += 2;
2530 }
2531
2532 arm7_9->write_core_regs(target, reg_list, reg);
2533
2534 for (i = 1; i <= thisrun_accesses; i++)
2535 {
2536 arm7_9->store_hword_reg(target, i);
2537
2538 /* fast memory writes are only safe when the target is running
2539 * from a sufficiently high clock (32 kHz is usually too slow)
2540 */
2541 if (arm7_9->fast_memory_access)
2542 retval = arm7_9_execute_fast_sys_speed(target);
2543 else
2544 retval = arm7_9_execute_sys_speed(target);
2545 if (retval != ERROR_OK)
2546 {
2547 return retval;
2548 }
2549 }
2550
2551 num_accesses += thisrun_accesses;
2552 }
2553 break;
2554 case 1:
2555 while (num_accesses < count)
2556 {
2557 uint32_t reg_list;
2558 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2559 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2560
2561 for (i = 1; i <= thisrun_accesses; i++)
2562 {
2563 if (i > last_reg)
2564 last_reg = i;
2565 reg[i] = *buffer++ & 0xff;
2566 }
2567
2568 arm7_9->write_core_regs(target, reg_list, reg);
2569
2570 for (i = 1; i <= thisrun_accesses; i++)
2571 {
2572 arm7_9->store_byte_reg(target, i);
2573 /* fast memory writes are only safe when the target is running
2574 * from a sufficiently high clock (32 kHz is usually too slow)
2575 */
2576 if (arm7_9->fast_memory_access)
2577 retval = arm7_9_execute_fast_sys_speed(target);
2578 else
2579 retval = arm7_9_execute_sys_speed(target);
2580 if (retval != ERROR_OK)
2581 {
2582 return retval;
2583 }
2584
2585 }
2586
2587 num_accesses += thisrun_accesses;
2588 }
2589 break;
2590 default:
2591 LOG_ERROR("BUG: we shouldn't get here");
2592 exit(-1);
2593 break;
2594 }
2595
2596 /* Re-Set DBGACK */
2597 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2598 embeddedice_store_reg(dbg_ctrl);
2599
2600 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2601 return ERROR_FAIL;
2602
2603 for (i = 0; i <= last_reg; i++)
2604 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2605
2606 arm7_9->read_xpsr(target, &cpsr, 0);
2607 if ((retval = jtag_execute_queue()) != ERROR_OK)
2608 {
2609 LOG_ERROR("JTAG error while reading cpsr");
2610 return ERROR_TARGET_DATA_ABORT;
2611 }
2612
2613 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2614 {
2615 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2616
2617 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2618
2619 return ERROR_TARGET_DATA_ABORT;
2620 }
2621
2622 return ERROR_OK;
2623 }
2624
2625 static int dcc_count;
2626 static uint8_t *dcc_buffer;
2627
2628 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2629 {
2630 int retval = ERROR_OK;
2631 armv4_5_common_t *armv4_5 = target->arch_info;
2632 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2633
2634 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2635 return retval;
2636
2637 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2638 int count = dcc_count;
2639 uint8_t *buffer = dcc_buffer;
2640 if (count > 2)
2641 {
2642 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2643 * core function repeated. */
2644 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2645 buffer += 4;
2646
2647 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2648 uint8_t reg_addr = ice_reg->addr & 0x1f;
2649 jtag_tap_t *tap;
2650 tap = ice_reg->jtag_info->tap;
2651
2652 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2653 buffer += (count-2)*4;
2654
2655 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2656 } else
2657 {
2658 int i;
2659 for (i = 0; i < count; i++)
2660 {
2661 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2662 buffer += 4;
2663 }
2664 }
2665
2666 if ((retval = target_halt(target))!= ERROR_OK)
2667 {
2668 return retval;
2669 }
2670 return target_wait_state(target, TARGET_HALTED, 500);
2671 }
2672
2673 static const uint32_t dcc_code[] =
2674 {
2675 /* r0 == input, points to memory buffer
2676 * r1 == scratch
2677 */
2678
2679 /* spin until DCC control (c0) reports data arrived */
2680 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2681 0xe3110001, /* tst r1, #1 */
2682 0x0afffffc, /* bne w */
2683
2684 /* read word from DCC (c1), write to memory */
2685 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2686 0xe4801004, /* str r1, [r0], #4 */
2687
2688 /* repeat */
2689 0xeafffff9 /* b w */
2690 };
2691
2692 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2693
2694 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2695 {
2696 int retval;
2697 armv4_5_common_t *armv4_5 = target->arch_info;
2698 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2699 int i;
2700
2701 if (!arm7_9->dcc_downloads)
2702 return target_write_memory(target, address, 4, count, buffer);
2703
2704 /* regrab previously allocated working_area, or allocate a new one */
2705 if (!arm7_9->dcc_working_area)
2706 {
2707 uint8_t dcc_code_buf[6 * 4];
2708
2709 /* make sure we have a working area */
2710 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2711 {
2712 LOG_INFO("no working area available, falling back to memory writes");
2713 return target_write_memory(target, address, 4, count, buffer);
2714 }
2715
2716 /* copy target instructions to target endianness */
2717 for (i = 0; i < 6; i++)
2718 {
2719 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2720 }
2721
2722 /* write DCC code to working area */
2723 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2724 {
2725 return retval;
2726 }
2727 }
2728
2729 armv4_5_algorithm_t armv4_5_info;
2730 reg_param_t reg_params[1];
2731
2732 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2733 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2734 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2735
2736 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2737
2738 buf_set_u32(reg_params[0].value, 0, 32, address);
2739
2740 dcc_count = count;
2741 dcc_buffer = buffer;
2742 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2743 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2744
2745 if (retval == ERROR_OK)
2746 {
2747 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2748 if (endaddress != (address + count*4))
2749 {
2750 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2751 retval = ERROR_FAIL;
2752 }
2753 }
2754
2755 destroy_reg_param(&reg_params[0]);
2756
2757 return retval;
2758 }
2759
2760 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2761 {
2762 working_area_t *crc_algorithm;
2763 armv4_5_algorithm_t armv4_5_info;
2764 reg_param_t reg_params[2];
2765 int retval;
2766
2767 static const uint32_t arm7_9_crc_code[] = {
2768 0xE1A02000, /* mov r2, r0 */
2769 0xE3E00000, /* mov r0, #0xffffffff */
2770 0xE1A03001, /* mov r3, r1 */
2771 0xE3A04000, /* mov r4, #0 */
2772 0xEA00000B, /* b ncomp */
2773 /* nbyte: */
2774 0xE7D21004, /* ldrb r1, [r2, r4] */
2775 0xE59F7030, /* ldr r7, CRC32XOR */
2776 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2777 0xE3A05000, /* mov r5, #0 */
2778 /* loop: */
2779 0xE3500000, /* cmp r0, #0 */
2780 0xE1A06080, /* mov r6, r0, asl #1 */
2781 0xE2855001, /* add r5, r5, #1 */
2782 0xE1A00006, /* mov r0, r6 */
2783 0xB0260007, /* eorlt r0, r6, r7 */
2784 0xE3550008, /* cmp r5, #8 */
2785 0x1AFFFFF8, /* bne loop */
2786 0xE2844001, /* add r4, r4, #1 */
2787 /* ncomp: */
2788 0xE1540003, /* cmp r4, r3 */
2789 0x1AFFFFF1, /* bne nbyte */
2790 /* end: */
2791 0xEAFFFFFE, /* b end */
2792 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2793 };
2794
2795 uint32_t i;
2796
2797 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2798 {
2799 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2800 }
2801
2802 /* convert flash writing code into a buffer in target endianness */
2803 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2804 {
2805 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2806 {
2807 return retval;
2808 }
2809 }
2810
2811 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2812 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2813 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2814
2815 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2816 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2817
2818 buf_set_u32(reg_params[0].value, 0, 32, address);
2819 buf_set_u32(reg_params[1].value, 0, 32, count);
2820
2821 /* 20 second timeout/megabyte */
2822 int timeout = 20000 * (1 + (count / (1024*1024)));
2823
2824 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2825 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2826 {
2827 LOG_ERROR("error executing arm7_9 crc algorithm");
2828 destroy_reg_param(&reg_params[0]);
2829 destroy_reg_param(&reg_params[1]);
2830 target_free_working_area(target, crc_algorithm);
2831 return retval;
2832 }
2833
2834 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2835
2836 destroy_reg_param(&reg_params[0]);
2837 destroy_reg_param(&reg_params[1]);
2838
2839 target_free_working_area(target, crc_algorithm);
2840
2841 return ERROR_OK;
2842 }
2843
2844 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2845 {
2846 working_area_t *erase_check_algorithm;
2847 reg_param_t reg_params[3];
2848 armv4_5_algorithm_t armv4_5_info;
2849 int retval;
2850 uint32_t i;
2851
2852 static const uint32_t erase_check_code[] =
2853 {
2854 /* loop: */
2855 0xe4d03001, /* ldrb r3, [r0], #1 */
2856 0xe0022003, /* and r2, r2, r3 */
2857 0xe2511001, /* subs r1, r1, #1 */
2858 0x1afffffb, /* bne loop */
2859 /* end: */
2860 0xeafffffe /* b end */
2861 };
2862
2863 /* make sure we have a working area */
2864 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2865 {
2866 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2867 }
2868
2869 /* convert flash writing code into a buffer in target endianness */
2870 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2871 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2872 {
2873 return retval;
2874 }
2875
2876 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2877 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2878 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2879
2880 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2881 buf_set_u32(reg_params[0].value, 0, 32, address);
2882
2883 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2884 buf_set_u32(reg_params[1].value, 0, 32, count);
2885
2886 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2887 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2888
2889 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2890 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2891 {
2892 destroy_reg_param(&reg_params[0]);
2893 destroy_reg_param(&reg_params[1]);
2894 destroy_reg_param(&reg_params[2]);
2895 target_free_working_area(target, erase_check_algorithm);
2896 return 0;
2897 }
2898
2899 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2900
2901 destroy_reg_param(&reg_params[0]);
2902 destroy_reg_param(&reg_params[1]);
2903 destroy_reg_param(&reg_params[2]);
2904
2905 target_free_working_area(target, erase_check_algorithm);
2906
2907 return ERROR_OK;
2908 }
2909
2910 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2911 {
2912 command_t *arm7_9_cmd;
2913
2914 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2915
2916 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2917 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2918
2919 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2920
2921 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2922 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2923 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2924 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2925 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2926 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2927
2928 armv4_5_register_commands(cmd_ctx);
2929
2930 etm_register_commands(cmd_ctx);
2931
2932 return ERROR_OK;
2933 }
2934
2935 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2936 {
2937 uint32_t value;
2938 int spsr;
2939 int retval;
2940 target_t *target = get_current_target(cmd_ctx);
2941 armv4_5_common_t *armv4_5;
2942 arm7_9_common_t *arm7_9;
2943
2944 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2945 {
2946 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2947 return ERROR_OK;
2948 }
2949
2950 if (target->state != TARGET_HALTED)
2951 {
2952 command_print(cmd_ctx, "can't write registers while running");
2953 return ERROR_OK;
2954 }
2955
2956 if (argc < 2)
2957 {
2958 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2959 return ERROR_OK;
2960 }
2961
2962 value = strtoul(args[0], NULL, 0);
2963 spsr = strtol(args[1], NULL, 0);
2964
2965 /* if we're writing the CPSR, mask the T bit */
2966 if (!spsr)
2967 value &= ~0x20;
2968
2969 arm7_9->write_xpsr(target, value, spsr);
2970 if ((retval = jtag_execute_queue()) != ERROR_OK)
2971 {
2972 LOG_ERROR("JTAG error while writing to xpsr");
2973 return retval;
2974 }
2975
2976 return ERROR_OK;
2977 }
2978
2979 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2980 {
2981 uint32_t value;
2982 int rotate;
2983 int spsr;
2984 int retval;
2985 target_t *target = get_current_target(cmd_ctx);
2986 armv4_5_common_t *armv4_5;
2987 arm7_9_common_t *arm7_9;
2988
2989 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2990 {
2991 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2992 return ERROR_OK;
2993 }
2994
2995 if (target->state != TARGET_HALTED)
2996 {
2997 command_print(cmd_ctx, "can't write registers while running");
2998 return ERROR_OK;
2999 }
3000
3001 if (argc < 3)
3002 {
3003 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
3004 return ERROR_OK;
3005 }
3006
3007 value = strtoul(args[0], NULL, 0);
3008 rotate = strtol(args[1], NULL, 0);
3009 spsr = strtol(args[2], NULL, 0);
3010
3011 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
3012 if ((retval = jtag_execute_queue()) != ERROR_OK)
3013 {
3014 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
3015 return retval;
3016 }
3017
3018 return ERROR_OK;
3019 }
3020
3021 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3022 {
3023 uint32_t value;
3024 uint32_t mode;
3025 int num;
3026 target_t *target = get_current_target(cmd_ctx);
3027 armv4_5_common_t *armv4_5;
3028 arm7_9_common_t *arm7_9;
3029
3030 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3031 {
3032 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3033 return ERROR_OK;
3034 }
3035
3036 if (target->state != TARGET_HALTED)
3037 {
3038 command_print(cmd_ctx, "can't write registers while running");
3039 return ERROR_OK;
3040 }
3041
3042 if (argc < 3)
3043 {
3044 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3045 return ERROR_OK;
3046 }
3047
3048 num = strtol(args[0], NULL, 0);
3049 mode = strtoul(args[1], NULL, 0);
3050 value = strtoul(args[2], NULL, 0);
3051
3052 return arm7_9_write_core_reg(target, num, mode, value);
3053 }
3054
3055 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3056 {
3057 target_t *target = get_current_target(cmd_ctx);
3058 armv4_5_common_t *armv4_5;
3059 arm7_9_common_t *arm7_9;
3060
3061 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3062 {
3063 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3064 return ERROR_OK;
3065 }
3066
3067 if (argc > 0)
3068 {
3069 if (strcmp("enable", args[0]) == 0)
3070 {
3071 arm7_9->use_dbgrq = 1;
3072 }
3073 else if (strcmp("disable", args[0]) == 0)
3074 {
3075 arm7_9->use_dbgrq = 0;
3076 }
3077 else
3078 {
3079 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3080 }
3081 }
3082
3083 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3084
3085 return ERROR_OK;
3086 }
3087
3088 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3089 {
3090 target_t *target = get_current_target(cmd_ctx);
3091 armv4_5_common_t *armv4_5;
3092 arm7_9_common_t *arm7_9;
3093
3094 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3095 {
3096 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3097 return ERROR_OK;
3098 }
3099
3100 if (argc > 0)
3101 {
3102 if (strcmp("enable", args[0]) == 0)
3103 {
3104 arm7_9->fast_memory_access = 1;
3105 }
3106 else if (strcmp("disable", args[0]) == 0)
3107 {
3108 arm7_9->fast_memory_access = 0;
3109 }
3110 else
3111 {
3112 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3113 }
3114 }
3115
3116 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3117
3118 return ERROR_OK;
3119 }
3120
3121 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3122 {
3123 target_t *target = get_current_target(cmd_ctx);
3124 armv4_5_common_t *armv4_5;
3125 arm7_9_common_t *arm7_9;
3126
3127 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3128 {
3129 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3130 return ERROR_OK;
3131 }
3132
3133 if (argc > 0)
3134 {
3135 if (strcmp("enable", args[0]) == 0)
3136 {
3137 arm7_9->dcc_downloads = 1;
3138 }
3139 else if (strcmp("disable", args[0]) == 0)
3140 {
3141 arm7_9->dcc_downloads = 0;
3142 }
3143 else
3144 {
3145 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3146 }
3147 }
3148
3149 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3150
3151 return ERROR_OK;
3152 }
3153
3154 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3155 {
3156 int retval = ERROR_OK;
3157 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3158
3159 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3160
3161 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3162 {
3163 return retval;
3164 }
3165
3166 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3167 arm7_9->wp_available_max = 2;
3168 arm7_9->sw_breakpoints_added = 0;
3169 arm7_9->sw_breakpoint_count = 0;
3170 arm7_9->breakpoint_count = 0;
3171 arm7_9->wp0_used = 0;
3172 arm7_9->wp1_used = 0;
3173 arm7_9->wp1_used_default = 0;
3174 arm7_9->use_dbgrq = 0;
3175
3176 arm7_9->etm_ctx = NULL;
3177 arm7_9->has_single_step = 0;
3178 arm7_9->has_monitor_mode = 0;
3179 arm7_9->has_vector_catch = 0;
3180
3181 arm7_9->debug_entry_from_reset = 0;
3182
3183 arm7_9->dcc_working_area = NULL;
3184
3185 arm7_9->fast_memory_access = fast_and_dangerous;
3186 arm7_9->dcc_downloads = fast_and_dangerous;
3187
3188 arm7_9->need_bypass_before_restart = 0;
3189
3190 armv4_5->arch_info = arm7_9;
3191 armv4_5->read_core_reg = arm7_9_read_core_reg;
3192 armv4_5->write_core_reg = arm7_9_write_core_reg;
3193 armv4_5->full_context = arm7_9_full_context;
3194
3195 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3196 {
3197 return retval;
3198 }
3199
3200 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3201 {
3202 return retval;
3203 }
3204
3205 return ERROR_OK;
3206 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)