Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
arm7/9: add fn to check if dcc downloads have been enabled
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007-2009 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
36 #include "etm.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
41 #include "register.h"
42 #include "armv4_5.h"
43
44
45 /**
46 * @file
47 * Hold common code supporting the ARM7 and ARM9 core generations.
48 *
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
56 *
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
61 */
62
63 static int arm7_9_debug_entry(struct target *target);
64
65 /**
66 * Clear watchpoints for an ARM7/9 target.
67 *
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
70 */
71 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
72 {
73 LOG_DEBUG("-");
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
75 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
76 arm7_9->sw_breakpoint_count = 0;
77 arm7_9->sw_breakpoints_added = 0;
78 arm7_9->wp0_used = 0;
79 arm7_9->wp1_used = arm7_9->wp1_used_default;
80 arm7_9->wp_available = arm7_9->wp_available_max;
81
82 return jtag_execute_queue();
83 }
84
85 /**
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
88 *
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
91 */
92 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
93 {
94 if (!arm7_9->wp0_used)
95 {
96 arm7_9->wp0_used = 1;
97 breakpoint->set = 1;
98 arm7_9->wp_available--;
99 }
100 else if (!arm7_9->wp1_used)
101 {
102 arm7_9->wp1_used = 1;
103 breakpoint->set = 2;
104 arm7_9->wp_available--;
105 }
106 else
107 {
108 LOG_ERROR("BUG: no hardware comparator available");
109 }
110 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
111 breakpoint->unique_id,
112 breakpoint->address,
113 breakpoint->set );
114 }
115
116 /**
117 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
118 *
119 * @param arm7_9 Pointer to common struct for ARM7/9 targets
120 * @return Error codes if there is a problem finding a watchpoint or the result
121 * of executing the JTAG queue
122 */
123 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
124 {
125 if (arm7_9->sw_breakpoints_added)
126 {
127 return ERROR_OK;
128 }
129 if (arm7_9->wp_available < 1)
130 {
131 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
132 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
133 }
134 arm7_9->wp_available--;
135
136 /* pick a breakpoint unit */
137 if (!arm7_9->wp0_used)
138 {
139 arm7_9->sw_breakpoints_added = 1;
140 arm7_9->wp0_used = 3;
141 } else if (!arm7_9->wp1_used)
142 {
143 arm7_9->sw_breakpoints_added = 2;
144 arm7_9->wp1_used = 3;
145 }
146 else
147 {
148 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
149 return ERROR_FAIL;
150 }
151
152 if (arm7_9->sw_breakpoints_added == 1)
153 {
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
155 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
156 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
159 }
160 else if (arm7_9->sw_breakpoints_added == 2)
161 {
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
164 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
165 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
166 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
167 }
168 else
169 {
170 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
171 return ERROR_FAIL;
172 }
173 LOG_DEBUG("SW BP using hw wp: %d",
174 arm7_9->sw_breakpoints_added );
175
176 return jtag_execute_queue();
177 }
178
179 /**
180 * Setup the common pieces for an ARM7/9 target after reset or on startup.
181 *
182 * @param target Pointer to an ARM7/9 target to setup
183 * @return Result of clearing the watchpoints on the target
184 */
185 int arm7_9_setup(struct target *target)
186 {
187 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
188
189 return arm7_9_clear_watchpoints(arm7_9);
190 }
191
192 /**
193 * Set either a hardware or software breakpoint on an ARM7/9 target. The
194 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
195 * might have erased the values in Embedded ICE.
196 *
197 * @param target Pointer to the target device to set the breakpoints on
198 * @param breakpoint Pointer to the breakpoint to be set
199 * @return For hardware breakpoints, this is the result of executing the JTAG
200 * queue. For software breakpoints, this will be the status of the
201 * required memory reads and writes
202 */
203 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
204 {
205 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
206 int retval = ERROR_OK;
207
208 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
209 breakpoint->unique_id,
210 breakpoint->address,
211 breakpoint->type);
212
213 if (target->state != TARGET_HALTED)
214 {
215 LOG_WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED;
217 }
218
219 if (breakpoint->type == BKPT_HARD)
220 {
221 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
222 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
223
224 /* reassign a hw breakpoint */
225 if (breakpoint->set == 0)
226 {
227 arm7_9_assign_wp(arm7_9, breakpoint);
228 }
229
230 if (breakpoint->set == 1)
231 {
232 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
233 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
234 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
236 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
237 }
238 else if (breakpoint->set == 2)
239 {
240 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
245 }
246 else
247 {
248 LOG_ERROR("BUG: no hardware comparator available");
249 return ERROR_OK;
250 }
251
252 retval = jtag_execute_queue();
253 }
254 else if (breakpoint->type == BKPT_SOFT)
255 {
256 /* did we already set this breakpoint? */
257 if (breakpoint->set)
258 return ERROR_OK;
259
260 if (breakpoint->length == 4)
261 {
262 uint32_t verify = 0xffffffff;
263 /* keep the original instruction in target endianness */
264 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
265 {
266 return retval;
267 }
268 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
269 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
270 {
271 return retval;
272 }
273
274 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
275 {
276 return retval;
277 }
278 if (verify != arm7_9->arm_bkpt)
279 {
280 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
281 return ERROR_OK;
282 }
283 }
284 else
285 {
286 uint16_t verify = 0xffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
293 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->thumb_bkpt)
303 {
304 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308
309 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
310 return retval;
311
312 arm7_9->sw_breakpoint_count++;
313
314 breakpoint->set = 1;
315 }
316
317 return retval;
318 }
319
320 /**
321 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
322 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
323 * will be updated. Otherwise, the software breakpoint will be restored to its
324 * original instruction if it hasn't already been modified.
325 *
326 * @param target Pointer to ARM7/9 target to unset the breakpoint from
327 * @param breakpoint Pointer to breakpoint to be unset
328 * @return For hardware breakpoints, this is the result of executing the JTAG
329 * queue. For software breakpoints, this will be the status of the
330 * required memory reads and writes
331 */
332 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
333 {
334 int retval = ERROR_OK;
335 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
336
337 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
338 breakpoint->unique_id,
339 breakpoint->address );
340
341 if (!breakpoint->set)
342 {
343 LOG_WARNING("breakpoint not set");
344 return ERROR_OK;
345 }
346
347 if (breakpoint->type == BKPT_HARD)
348 {
349 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
350 breakpoint->unique_id,
351 breakpoint->set );
352 if (breakpoint->set == 1)
353 {
354 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
355 arm7_9->wp0_used = 0;
356 arm7_9->wp_available++;
357 }
358 else if (breakpoint->set == 2)
359 {
360 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
361 arm7_9->wp1_used = 0;
362 arm7_9->wp_available++;
363 }
364 retval = jtag_execute_queue();
365 breakpoint->set = 0;
366 }
367 else
368 {
369 /* restore original instruction (kept in target endianness) */
370 if (breakpoint->length == 4)
371 {
372 uint32_t current_instr;
373 /* check that user program as not modified breakpoint instruction */
374 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
375 {
376 return retval;
377 }
378 if (current_instr == arm7_9->arm_bkpt)
379 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
380 {
381 return retval;
382 }
383 }
384 else
385 {
386 uint16_t current_instr;
387 /* check that user program as not modified breakpoint instruction */
388 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
389 {
390 return retval;
391 }
392 if (current_instr == arm7_9->thumb_bkpt)
393 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
394 {
395 return retval;
396 }
397 }
398
399 if (--arm7_9->sw_breakpoint_count==0)
400 {
401 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
402 if (arm7_9->sw_breakpoints_added == 1)
403 {
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
405 }
406 else if (arm7_9->sw_breakpoints_added == 2)
407 {
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
409 }
410 }
411
412 breakpoint->set = 0;
413 }
414
415 return retval;
416 }
417
418 /**
419 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
420 * dangling breakpoints and that the desired breakpoint can be added.
421 *
422 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
423 * @param breakpoint Pointer to the breakpoint to be added
424 * @return An error status if there is a problem adding the breakpoint or the
425 * result of setting the breakpoint
426 */
427 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
428 {
429 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
430
431 if (arm7_9->breakpoint_count == 0)
432 {
433 /* make sure we don't have any dangling breakpoints. This is vital upon
434 * GDB connect/disconnect
435 */
436 arm7_9_clear_watchpoints(arm7_9);
437 }
438
439 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
440 {
441 LOG_INFO("no watchpoint unit available for hardware breakpoint");
442 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
443 }
444
445 if ((breakpoint->length != 2) && (breakpoint->length != 4))
446 {
447 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
448 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
449 }
450
451 if (breakpoint->type == BKPT_HARD)
452 {
453 arm7_9_assign_wp(arm7_9, breakpoint);
454 }
455
456 arm7_9->breakpoint_count++;
457
458 return arm7_9_set_breakpoint(target, breakpoint);
459 }
460
461 /**
462 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
463 * dangling breakpoints and updates available watchpoints if it is a hardware
464 * breakpoint.
465 *
466 * @param target Pointer to the target to have a breakpoint removed
467 * @param breakpoint Pointer to the breakpoint to be removed
468 * @return Error status if there was a problem unsetting the breakpoint or the
469 * watchpoints could not be cleared
470 */
471 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
472 {
473 int retval = ERROR_OK;
474 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
475
476 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
477 {
478 return retval;
479 }
480
481 if (breakpoint->type == BKPT_HARD)
482 arm7_9->wp_available++;
483
484 arm7_9->breakpoint_count--;
485 if (arm7_9->breakpoint_count == 0)
486 {
487 /* make sure we don't have any dangling breakpoints */
488 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
489 {
490 return retval;
491 }
492 }
493
494 return ERROR_OK;
495 }
496
497 /**
498 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
499 * considered a bug to call this function when there are no available watchpoint
500 * units.
501 *
502 * @param target Pointer to an ARM7/9 target to set a watchpoint on
503 * @param watchpoint Pointer to the watchpoint to be set
504 * @return Error status if watchpoint set fails or the result of executing the
505 * JTAG queue
506 */
507 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
508 {
509 int retval = ERROR_OK;
510 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
511 int rw_mask = 1;
512 uint32_t mask;
513
514 mask = watchpoint->length - 1;
515
516 if (target->state != TARGET_HALTED)
517 {
518 LOG_WARNING("target not halted");
519 return ERROR_TARGET_NOT_HALTED;
520 }
521
522 if (watchpoint->rw == WPT_ACCESS)
523 rw_mask = 0;
524 else
525 rw_mask = 1;
526
527 if (!arm7_9->wp0_used)
528 {
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
532 if (watchpoint->mask != 0xffffffffu)
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
536
537 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 {
539 return retval;
540 }
541 watchpoint->set = 1;
542 arm7_9->wp0_used = 2;
543 }
544 else if (!arm7_9->wp1_used)
545 {
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
549 if (watchpoint->mask != 0xffffffffu)
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
552 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
553
554 if ((retval = jtag_execute_queue()) != ERROR_OK)
555 {
556 return retval;
557 }
558 watchpoint->set = 2;
559 arm7_9->wp1_used = 2;
560 }
561 else
562 {
563 LOG_ERROR("BUG: no hardware comparator available");
564 return ERROR_OK;
565 }
566
567 return ERROR_OK;
568 }
569
570 /**
571 * Unset an existing watchpoint and clear the used watchpoint unit.
572 *
573 * @param target Pointer to the target to have the watchpoint removed
574 * @param watchpoint Pointer to the watchpoint to be removed
575 * @return Error status while trying to unset the watchpoint or the result of
576 * executing the JTAG queue
577 */
578 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
579 {
580 int retval = ERROR_OK;
581 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
582
583 if (target->state != TARGET_HALTED)
584 {
585 LOG_WARNING("target not halted");
586 return ERROR_TARGET_NOT_HALTED;
587 }
588
589 if (!watchpoint->set)
590 {
591 LOG_WARNING("breakpoint not set");
592 return ERROR_OK;
593 }
594
595 if (watchpoint->set == 1)
596 {
597 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
598 if ((retval = jtag_execute_queue()) != ERROR_OK)
599 {
600 return retval;
601 }
602 arm7_9->wp0_used = 0;
603 }
604 else if (watchpoint->set == 2)
605 {
606 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
607 if ((retval = jtag_execute_queue()) != ERROR_OK)
608 {
609 return retval;
610 }
611 arm7_9->wp1_used = 0;
612 }
613 watchpoint->set = 0;
614
615 return ERROR_OK;
616 }
617
618 /**
619 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
620 * available, an error response is returned.
621 *
622 * @param target Pointer to the ARM7/9 target to add a watchpoint to
623 * @param watchpoint Pointer to the watchpoint to be added
624 * @return Error status while trying to add the watchpoint
625 */
626 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
627 {
628 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
629
630 if (arm7_9->wp_available < 1)
631 {
632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
633 }
634
635 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
636 {
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
638 }
639
640 arm7_9->wp_available--;
641
642 return ERROR_OK;
643 }
644
645 /**
646 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
647 * the used watchpoint unit will be reopened.
648 *
649 * @param target Pointer to the target to remove a watchpoint from
650 * @param watchpoint Pointer to the watchpoint to be removed
651 * @return Result of trying to unset the watchpoint
652 */
653 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
654 {
655 int retval = ERROR_OK;
656 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
657
658 if (watchpoint->set)
659 {
660 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
661 {
662 return retval;
663 }
664 }
665
666 arm7_9->wp_available++;
667
668 return ERROR_OK;
669 }
670
671 /**
672 * Restarts the target by sending a RESTART instruction and moving the JTAG
673 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
674 * asserted by the processor.
675 *
676 * @param target Pointer to target to issue commands to
677 * @return Error status if there is a timeout or a problem while executing the
678 * JTAG queue
679 */
680 int arm7_9_execute_sys_speed(struct target *target)
681 {
682 int retval;
683 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
684 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
685 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
686
687 /* set RESTART instruction */
688 jtag_set_end_state(TAP_IDLE);
689 if (arm7_9->need_bypass_before_restart) {
690 arm7_9->need_bypass_before_restart = 0;
691 arm_jtag_set_instr(jtag_info, 0xf, NULL);
692 }
693 arm_jtag_set_instr(jtag_info, 0x4, NULL);
694
695 long long then = timeval_ms();
696 int timeout;
697 while (!(timeout = ((timeval_ms()-then) > 1000)))
698 {
699 /* read debug status register */
700 embeddedice_read_reg(dbg_stat);
701 if ((retval = jtag_execute_queue()) != ERROR_OK)
702 return retval;
703 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
704 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
705 break;
706 if (debug_level >= 3)
707 {
708 alive_sleep(100);
709 } else
710 {
711 keep_alive();
712 }
713 }
714 if (timeout)
715 {
716 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
717 return ERROR_TARGET_TIMEOUT;
718 }
719
720 return ERROR_OK;
721 }
722
723 /**
724 * Restarts the target by sending a RESTART instruction and moving the JTAG
725 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
726 * waiting until they are.
727 *
728 * @param target Pointer to the target to issue commands to
729 * @return Always ERROR_OK
730 */
731 int arm7_9_execute_fast_sys_speed(struct target *target)
732 {
733 static int set = 0;
734 static uint8_t check_value[4], check_mask[4];
735
736 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
737 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
738 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
739
740 /* set RESTART instruction */
741 jtag_set_end_state(TAP_IDLE);
742 if (arm7_9->need_bypass_before_restart) {
743 arm7_9->need_bypass_before_restart = 0;
744 arm_jtag_set_instr(jtag_info, 0xf, NULL);
745 }
746 arm_jtag_set_instr(jtag_info, 0x4, NULL);
747
748 if (!set)
749 {
750 /* check for DBGACK and SYSCOMP set (others don't care) */
751
752 /* NB! These are constants that must be available until after next jtag_execute() and
753 * we evaluate the values upon first execution in lieu of setting up these constants
754 * during early setup.
755 * */
756 buf_set_u32(check_value, 0, 32, 0x9);
757 buf_set_u32(check_mask, 0, 32, 0x9);
758 set = 1;
759 }
760
761 /* read debug status register */
762 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
763
764 return ERROR_OK;
765 }
766
767 /**
768 * Get some data from the ARM7/9 target.
769 *
770 * @param target Pointer to the ARM7/9 target to read data from
771 * @param size The number of 32bit words to be read
772 * @param buffer Pointer to the buffer that will hold the data
773 * @return The result of receiving data from the Embedded ICE unit
774 */
775 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
776 {
777 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
778 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
779 uint32_t *data;
780 int retval = ERROR_OK;
781 uint32_t i;
782
783 data = malloc(size * (sizeof(uint32_t)));
784
785 retval = embeddedice_receive(jtag_info, data, size);
786
787 /* return the 32-bit ints in the 8-bit array */
788 for (i = 0; i < size; i++)
789 {
790 h_u32_to_le(buffer + (i * 4), data[i]);
791 }
792
793 free(data);
794
795 return retval;
796 }
797
798 /**
799 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
800 * target is running and the DCC control register has the W bit high, this will
801 * execute the request on the target.
802 *
803 * @param priv Void pointer expected to be a struct target pointer
804 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
805 * from the Embedded ICE unit
806 */
807 int arm7_9_handle_target_request(void *priv)
808 {
809 int retval = ERROR_OK;
810 struct target *target = priv;
811 if (!target_was_examined(target))
812 return ERROR_OK;
813 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
814 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
815 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
816
817 if (!target->dbg_msg_enabled)
818 return ERROR_OK;
819
820 if (target->state == TARGET_RUNNING)
821 {
822 /* read DCC control register */
823 embeddedice_read_reg(dcc_control);
824 if ((retval = jtag_execute_queue()) != ERROR_OK)
825 {
826 return retval;
827 }
828
829 /* check W bit */
830 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
831 {
832 uint32_t request;
833
834 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
835 {
836 return retval;
837 }
838 if ((retval = target_request(target, request)) != ERROR_OK)
839 {
840 return retval;
841 }
842 }
843 }
844
845 return ERROR_OK;
846 }
847
848 /**
849 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
850 * is manipulated to the right halted state based on its current state. This is
851 * what happens:
852 *
853 * <table>
854 * <tr><th > State</th><th > Action</th></tr>
855 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
856 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
857 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
858 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
859 * </table>
860 *
861 * If the target does not end up in the halted state, a warning is produced. If
862 * DBGACK is cleared, then the target is expected to either be running or
863 * running in debug.
864 *
865 * @param target Pointer to the ARM7/9 target to poll
866 * @return ERROR_OK or an error status if a command fails
867 */
868 int arm7_9_poll(struct target *target)
869 {
870 int retval;
871 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
872 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
873
874 /* read debug status register */
875 embeddedice_read_reg(dbg_stat);
876 if ((retval = jtag_execute_queue()) != ERROR_OK)
877 {
878 return retval;
879 }
880
881 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
882 {
883 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
884 if (target->state == TARGET_UNKNOWN)
885 {
886 /* Starting OpenOCD with target in debug-halt */
887 target->state = TARGET_RUNNING;
888 LOG_DEBUG("DBGACK already set during server startup.");
889 }
890 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
891 {
892 target->state = TARGET_HALTED;
893
894 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
895 return retval;
896
897 if (arm_semihosting(target, &retval) != 0)
898 return retval;
899
900 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
901 {
902 return retval;
903 }
904 }
905 if (target->state == TARGET_DEBUG_RUNNING)
906 {
907 target->state = TARGET_HALTED;
908 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
909 return retval;
910
911 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
912 {
913 return retval;
914 }
915 }
916 if (target->state != TARGET_HALTED)
917 {
918 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
919 }
920 }
921 else
922 {
923 if (target->state != TARGET_DEBUG_RUNNING)
924 target->state = TARGET_RUNNING;
925 }
926
927 return ERROR_OK;
928 }
929
930 /**
931 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
932 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
933 * affected) completely stop the JTAG clock while the core is held in reset
934 * (SRST). It isn't possible to program the halt condition once reset is
935 * asserted, hence a hook that allows the target to set up its reset-halt
936 * condition is setup prior to asserting reset.
937 *
938 * @param target Pointer to an ARM7/9 target to assert reset on
939 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
940 */
941 int arm7_9_assert_reset(struct target *target)
942 {
943 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
944
945 LOG_DEBUG("target->state: %s",
946 target_state_name(target));
947
948 enum reset_types jtag_reset_config = jtag_get_reset_config();
949 if (!(jtag_reset_config & RESET_HAS_SRST))
950 {
951 LOG_ERROR("Can't assert SRST");
952 return ERROR_FAIL;
953 }
954
955 /* At this point trst has been asserted/deasserted once. We would
956 * like to program EmbeddedICE while SRST is asserted, instead of
957 * depending on SRST to leave that module alone. However, many CPUs
958 * gate the JTAG clock while SRST is asserted; or JTAG may need
959 * clock stability guarantees (adaptive clocking might help).
960 *
961 * So we assume JTAG access during SRST is off the menu unless it's
962 * been specifically enabled.
963 */
964 bool srst_asserted = false;
965
966 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
967 && (jtag_reset_config & RESET_SRST_NO_GATING))
968 {
969 jtag_add_reset(0, 1);
970 srst_asserted = true;
971 }
972
973 if (target->reset_halt)
974 {
975 /*
976 * Some targets do not support communication while SRST is asserted. We need to
977 * set up the reset vector catch here.
978 *
979 * If TRST is asserted, then these settings will be reset anyway, so setting them
980 * here is harmless.
981 */
982 if (arm7_9->has_vector_catch)
983 {
984 /* program vector catch register to catch reset vector */
985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
986
987 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
988 jtag_add_runtest(1, jtag_get_end_state());
989 }
990 else
991 {
992 /* program watchpoint unit to match on reset vector address */
993 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
995 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
998 }
999 }
1000
1001 /* here we should issue an SRST only, but we may have to assert TRST as well */
1002 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1003 {
1004 jtag_add_reset(1, 1);
1005 } else if (!srst_asserted)
1006 {
1007 jtag_add_reset(0, 1);
1008 }
1009
1010 target->state = TARGET_RESET;
1011 jtag_add_sleep(50000);
1012
1013 register_cache_invalidate(arm7_9->armv4_5_common.core_cache);
1014
1015 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1016 {
1017 /* debug entry was already prepared in arm7_9_assert_reset() */
1018 target->debug_reason = DBG_REASON_DBGRQ;
1019 }
1020
1021 return ERROR_OK;
1022 }
1023
1024 /**
1025 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1026 * and the target is being reset into a halt, a warning will be triggered
1027 * because it is not possible to reset into a halted mode in this case. The
1028 * target is halted using the target's functions.
1029 *
1030 * @param target Pointer to the target to have the reset deasserted
1031 * @return ERROR_OK or an error from polling or halting the target
1032 */
1033 int arm7_9_deassert_reset(struct target *target)
1034 {
1035 int retval = ERROR_OK;
1036 LOG_DEBUG("target->state: %s",
1037 target_state_name(target));
1038
1039 /* deassert reset lines */
1040 jtag_add_reset(0, 0);
1041
1042 enum reset_types jtag_reset_config = jtag_get_reset_config();
1043 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1044 {
1045 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1046 /* set up embedded ice registers again */
1047 if ((retval = target_examine_one(target)) != ERROR_OK)
1048 return retval;
1049
1050 if ((retval = target_poll(target)) != ERROR_OK)
1051 {
1052 return retval;
1053 }
1054
1055 if ((retval = target_halt(target)) != ERROR_OK)
1056 {
1057 return retval;
1058 }
1059
1060 }
1061 return retval;
1062 }
1063
1064 /**
1065 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1066 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1067 * vector catch was used, it is restored. Otherwise, the control value is
1068 * restored and the watchpoint unit is restored if it was in use.
1069 *
1070 * @param target Pointer to the ARM7/9 target to have halt cleared
1071 * @return Always ERROR_OK
1072 */
1073 int arm7_9_clear_halt(struct target *target)
1074 {
1075 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1076 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1077
1078 /* we used DBGRQ only if we didn't come out of reset */
1079 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1080 {
1081 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1082 */
1083 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1084 embeddedice_store_reg(dbg_ctrl);
1085 }
1086 else
1087 {
1088 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1089 {
1090 /* if we came out of reset, and vector catch is supported, we used
1091 * vector catch to enter debug state
1092 * restore the register in that case
1093 */
1094 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1095 }
1096 else
1097 {
1098 /* restore registers if watchpoint unit 0 was in use
1099 */
1100 if (arm7_9->wp0_used)
1101 {
1102 if (arm7_9->debug_entry_from_reset)
1103 {
1104 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1105 }
1106 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1107 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1108 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1109 }
1110 /* control value always has to be restored, as it was either disabled,
1111 * or enabled with possibly different bits
1112 */
1113 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1114 }
1115 }
1116
1117 return ERROR_OK;
1118 }
1119
1120 /**
1121 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1122 * and then there is a wait until the processor shows the halt. This wait can
1123 * timeout and results in an error being returned. The software reset involves
1124 * clearing the halt, updating the debug control register, changing to ARM mode,
1125 * reset of the program counter, and reset of all of the registers.
1126 *
1127 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1128 * @return Error status if any of the commands fail, otherwise ERROR_OK
1129 */
1130 int arm7_9_soft_reset_halt(struct target *target)
1131 {
1132 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1133 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1134 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1135 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1136 int i;
1137 int retval;
1138
1139 /* FIX!!! replace some of this code with tcl commands
1140 *
1141 * halt # the halt command is synchronous
1142 * armv4_5 core_state arm
1143 *
1144 */
1145
1146 if ((retval = target_halt(target)) != ERROR_OK)
1147 return retval;
1148
1149 long long then = timeval_ms();
1150 int timeout;
1151 while (!(timeout = ((timeval_ms()-then) > 1000)))
1152 {
1153 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1154 break;
1155 embeddedice_read_reg(dbg_stat);
1156 if ((retval = jtag_execute_queue()) != ERROR_OK)
1157 return retval;
1158 if (debug_level >= 3)
1159 {
1160 alive_sleep(100);
1161 } else
1162 {
1163 keep_alive();
1164 }
1165 }
1166 if (timeout)
1167 {
1168 LOG_ERROR("Failed to halt CPU after 1 sec");
1169 return ERROR_TARGET_TIMEOUT;
1170 }
1171 target->state = TARGET_HALTED;
1172
1173 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1174 * ensure that DBGRQ is cleared
1175 */
1176 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1177 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1178 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1179 embeddedice_store_reg(dbg_ctrl);
1180
1181 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1182 {
1183 return retval;
1184 }
1185
1186 /* if the target is in Thumb state, change to ARM state */
1187 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1188 {
1189 uint32_t r0_thumb, pc_thumb;
1190 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1191 /* Entered debug from Thumb mode */
1192 armv4_5->core_state = ARM_STATE_THUMB;
1193 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1194 }
1195
1196 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1197
1198 /* all register content is now invalid */
1199 register_cache_invalidate(armv4_5->core_cache);
1200
1201 /* SVC, ARM state, IRQ and FIQ disabled */
1202 uint32_t cpsr;
1203
1204 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
1205 cpsr &= ~0xff;
1206 cpsr |= 0xd3;
1207 arm_set_cpsr(armv4_5, cpsr);
1208 armv4_5->cpsr->dirty = 1;
1209
1210 /* start fetching from 0x0 */
1211 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1212 armv4_5->core_cache->reg_list[15].dirty = 1;
1213 armv4_5->core_cache->reg_list[15].valid = 1;
1214
1215 /* reset registers */
1216 for (i = 0; i <= 14; i++)
1217 {
1218 struct reg *r = arm_reg_current(armv4_5, i);
1219
1220 buf_set_u32(r->value, 0, 32, 0xffffffff);
1221 r->dirty = 1;
1222 r->valid = 1;
1223 }
1224
1225 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1226 {
1227 return retval;
1228 }
1229
1230 return ERROR_OK;
1231 }
1232
1233 /**
1234 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1235 * line or by programming a watchpoint to trigger on any address. It is
1236 * considered a bug to call this function while the target is in the
1237 * TARGET_RESET state.
1238 *
1239 * @param target Pointer to the ARM7/9 target to be halted
1240 * @return Always ERROR_OK
1241 */
1242 int arm7_9_halt(struct target *target)
1243 {
1244 if (target->state == TARGET_RESET)
1245 {
1246 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1247 return ERROR_OK;
1248 }
1249
1250 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1251 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1252
1253 LOG_DEBUG("target->state: %s",
1254 target_state_name(target));
1255
1256 if (target->state == TARGET_HALTED)
1257 {
1258 LOG_DEBUG("target was already halted");
1259 return ERROR_OK;
1260 }
1261
1262 if (target->state == TARGET_UNKNOWN)
1263 {
1264 LOG_WARNING("target was in unknown state when halt was requested");
1265 }
1266
1267 if (arm7_9->use_dbgrq)
1268 {
1269 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1270 */
1271 if (arm7_9->set_special_dbgrq) {
1272 arm7_9->set_special_dbgrq(target);
1273 } else {
1274 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1275 embeddedice_store_reg(dbg_ctrl);
1276 }
1277 }
1278 else
1279 {
1280 /* program watchpoint unit to match on any address
1281 */
1282 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1283 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1284 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1285 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1286 }
1287
1288 target->debug_reason = DBG_REASON_DBGRQ;
1289
1290 return ERROR_OK;
1291 }
1292
1293 /**
1294 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1295 * ARM. The JTAG queue is then executed and the reason for debug entry is
1296 * examined. Once done, the target is verified to be halted and the processor
1297 * is forced into ARM mode. The core registers are saved for the current core
1298 * mode and the program counter (register 15) is updated as needed. The core
1299 * registers and CPSR and SPSR are saved for restoration later.
1300 *
1301 * @param target Pointer to target that is entering debug mode
1302 * @return Error code if anything fails, otherwise ERROR_OK
1303 */
1304 static int arm7_9_debug_entry(struct target *target)
1305 {
1306 int i;
1307 uint32_t context[16];
1308 uint32_t* context_p[16];
1309 uint32_t r0_thumb, pc_thumb;
1310 uint32_t cpsr, cpsr_mask = 0;
1311 int retval;
1312 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1313 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1314 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1315 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1316
1317 #ifdef _DEBUG_ARM7_9_
1318 LOG_DEBUG("-");
1319 #endif
1320
1321 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1322 * ensure that DBGRQ is cleared
1323 */
1324 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1325 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1326 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1327 embeddedice_store_reg(dbg_ctrl);
1328
1329 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1330 {
1331 return retval;
1332 }
1333
1334 if ((retval = jtag_execute_queue()) != ERROR_OK)
1335 {
1336 return retval;
1337 }
1338
1339 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1340 return retval;
1341
1342
1343 if (target->state != TARGET_HALTED)
1344 {
1345 LOG_WARNING("target not halted");
1346 return ERROR_TARGET_NOT_HALTED;
1347 }
1348
1349 /* if the target is in Thumb state, change to ARM state */
1350 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1351 {
1352 LOG_DEBUG("target entered debug from Thumb state");
1353 /* Entered debug from Thumb mode */
1354 armv4_5->core_state = ARM_STATE_THUMB;
1355 cpsr_mask = 1 << 5;
1356 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1357 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1358 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1359 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1360 /* \todo Get some vaguely correct handling of Jazelle, if
1361 * anyone ever uses it and full info becomes available.
1362 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1363 * B.7.3 for the reverse. That'd be the bare minimum...
1364 */
1365 LOG_DEBUG("target entered debug from Jazelle state");
1366 armv4_5->core_state = ARM_STATE_JAZELLE;
1367 cpsr_mask = 1 << 24;
1368 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1369 } else {
1370 LOG_DEBUG("target entered debug from ARM state");
1371 /* Entered debug from ARM mode */
1372 armv4_5->core_state = ARM_STATE_ARM;
1373 }
1374
1375 for (i = 0; i < 16; i++)
1376 context_p[i] = &context[i];
1377 /* save core registers (r0 - r15 of current core mode) */
1378 arm7_9->read_core_regs(target, 0xffff, context_p);
1379
1380 arm7_9->read_xpsr(target, &cpsr, 0);
1381
1382 if ((retval = jtag_execute_queue()) != ERROR_OK)
1383 return retval;
1384
1385 /* Sync our CPSR copy with J or T bits EICE reported, but
1386 * which we then erased by putting the core into ARM mode.
1387 */
1388 arm_set_cpsr(armv4_5, cpsr | cpsr_mask);
1389
1390 if (!is_arm_mode(armv4_5->core_mode))
1391 {
1392 target->state = TARGET_UNKNOWN;
1393 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1394 return ERROR_TARGET_FAILURE;
1395 }
1396
1397 LOG_DEBUG("target entered debug state in %s mode",
1398 arm_mode_name(armv4_5->core_mode));
1399
1400 if (armv4_5->core_state == ARM_STATE_THUMB)
1401 {
1402 LOG_DEBUG("thumb state, applying fixups");
1403 context[0] = r0_thumb;
1404 context[15] = pc_thumb;
1405 } else if (armv4_5->core_state == ARM_STATE_ARM)
1406 {
1407 /* adjust value stored by STM */
1408 context[15] -= 3 * 4;
1409 }
1410
1411 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1412 context[15] -= 3 * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1413 else
1414 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1415
1416 for (i = 0; i <= 15; i++)
1417 {
1418 struct reg *r = arm_reg_current(armv4_5, i);
1419
1420 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1421
1422 buf_set_u32(r->value, 0, 32, context[i]);
1423 /* r0 and r15 (pc) have to be restored later */
1424 r->dirty = (i == 0) || (i == 15);
1425 r->valid = 1;
1426 }
1427
1428 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1429
1430 /* exceptions other than USR & SYS have a saved program status register */
1431 if (armv4_5->spsr) {
1432 uint32_t spsr;
1433 arm7_9->read_xpsr(target, &spsr, 1);
1434 if ((retval = jtag_execute_queue()) != ERROR_OK)
1435 {
1436 return retval;
1437 }
1438 buf_set_u32(armv4_5->spsr->value, 0, 32, spsr);
1439 armv4_5->spsr->dirty = 0;
1440 armv4_5->spsr->valid = 1;
1441 }
1442
1443 if ((retval = jtag_execute_queue()) != ERROR_OK)
1444 return retval;
1445
1446 if (arm7_9->post_debug_entry)
1447 arm7_9->post_debug_entry(target);
1448
1449 return ERROR_OK;
1450 }
1451
1452 /**
1453 * Validate the full context for an ARM7/9 target in all processor modes. If
1454 * there are any invalid registers for the target, they will all be read. This
1455 * includes the PSR.
1456 *
1457 * @param target Pointer to the ARM7/9 target to capture the full context from
1458 * @return Error if the target is not halted, has an invalid core mode, or if
1459 * the JTAG queue fails to execute
1460 */
1461 int arm7_9_full_context(struct target *target)
1462 {
1463 int i;
1464 int retval;
1465 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1466 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1467
1468 LOG_DEBUG("-");
1469
1470 if (target->state != TARGET_HALTED)
1471 {
1472 LOG_WARNING("target not halted");
1473 return ERROR_TARGET_NOT_HALTED;
1474 }
1475
1476 if (!is_arm_mode(armv4_5->core_mode))
1477 return ERROR_FAIL;
1478
1479 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1480 * SYS shares registers with User, so we don't touch SYS
1481 */
1482 for (i = 0; i < 6; i++)
1483 {
1484 uint32_t mask = 0;
1485 uint32_t* reg_p[16];
1486 int j;
1487 int valid = 1;
1488
1489 /* check if there are invalid registers in the current mode
1490 */
1491 for (j = 0; j <= 16; j++)
1492 {
1493 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1494 valid = 0;
1495 }
1496
1497 if (!valid)
1498 {
1499 uint32_t tmp_cpsr;
1500
1501 /* change processor mode (and mask T bit) */
1502 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8)
1503 & 0xe0;
1504 tmp_cpsr |= armv4_5_number_to_mode(i);
1505 tmp_cpsr &= ~0x20;
1506 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1507
1508 for (j = 0; j < 15; j++)
1509 {
1510 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1511 {
1512 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1513 mask |= 1 << j;
1514 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1515 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1516 }
1517 }
1518
1519 /* if only the PSR is invalid, mask is all zeroes */
1520 if (mask)
1521 arm7_9->read_core_regs(target, mask, reg_p);
1522
1523 /* check if the PSR has to be read */
1524 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1525 {
1526 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1527 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1528 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1529 }
1530 }
1531 }
1532
1533 /* restore processor mode (mask T bit) */
1534 arm7_9->write_xpsr_im8(target,
1535 buf_get_u32(armv4_5->cpsr->value, 0, 8) & ~0x20,
1536 0, 0);
1537
1538 if ((retval = jtag_execute_queue()) != ERROR_OK)
1539 {
1540 return retval;
1541 }
1542 return ERROR_OK;
1543 }
1544
1545 /**
1546 * Restore the processor context on an ARM7/9 target. The full processor
1547 * context is analyzed to see if any of the registers are dirty on this end, but
1548 * have a valid new value. If this is the case, the processor is changed to the
1549 * appropriate mode and the new register values are written out to the
1550 * processor. If there happens to be a dirty register with an invalid value, an
1551 * error will be logged.
1552 *
1553 * @param target Pointer to the ARM7/9 target to have its context restored
1554 * @return Error status if the target is not halted or the core mode in the
1555 * armv4_5 struct is invalid.
1556 */
1557 int arm7_9_restore_context(struct target *target)
1558 {
1559 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1560 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1561 struct reg *reg;
1562 struct arm_reg *reg_arch_info;
1563 enum arm_mode current_mode = armv4_5->core_mode;
1564 int i, j;
1565 int dirty;
1566 int mode_change;
1567
1568 LOG_DEBUG("-");
1569
1570 if (target->state != TARGET_HALTED)
1571 {
1572 LOG_WARNING("target not halted");
1573 return ERROR_TARGET_NOT_HALTED;
1574 }
1575
1576 if (arm7_9->pre_restore_context)
1577 arm7_9->pre_restore_context(target);
1578
1579 if (!is_arm_mode(armv4_5->core_mode))
1580 return ERROR_FAIL;
1581
1582 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1583 * SYS shares registers with User, so we don't touch SYS
1584 */
1585 for (i = 0; i < 6; i++)
1586 {
1587 LOG_DEBUG("examining %s mode",
1588 arm_mode_name(armv4_5->core_mode));
1589 dirty = 0;
1590 mode_change = 0;
1591 /* check if there are dirty registers in the current mode
1592 */
1593 for (j = 0; j <= 16; j++)
1594 {
1595 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1596 reg_arch_info = reg->arch_info;
1597 if (reg->dirty == 1)
1598 {
1599 if (reg->valid == 1)
1600 {
1601 dirty = 1;
1602 LOG_DEBUG("examining dirty reg: %s", reg->name);
1603 if ((reg_arch_info->mode != ARM_MODE_ANY)
1604 && (reg_arch_info->mode != current_mode)
1605 && !((reg_arch_info->mode == ARM_MODE_USR) && (armv4_5->core_mode == ARM_MODE_SYS))
1606 && !((reg_arch_info->mode == ARM_MODE_SYS) && (armv4_5->core_mode == ARM_MODE_USR)))
1607 {
1608 mode_change = 1;
1609 LOG_DEBUG("require mode change");
1610 }
1611 }
1612 else
1613 {
1614 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1615 }
1616 }
1617 }
1618
1619 if (dirty)
1620 {
1621 uint32_t mask = 0x0;
1622 int num_regs = 0;
1623 uint32_t regs[16];
1624
1625 if (mode_change)
1626 {
1627 uint32_t tmp_cpsr;
1628
1629 /* change processor mode (mask T bit) */
1630 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value,
1631 0, 8) & 0xe0;
1632 tmp_cpsr |= armv4_5_number_to_mode(i);
1633 tmp_cpsr &= ~0x20;
1634 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1635 current_mode = armv4_5_number_to_mode(i);
1636 }
1637
1638 for (j = 0; j <= 14; j++)
1639 {
1640 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1641 reg_arch_info = reg->arch_info;
1642
1643
1644 if (reg->dirty == 1)
1645 {
1646 regs[j] = buf_get_u32(reg->value, 0, 32);
1647 mask |= 1 << j;
1648 num_regs++;
1649 reg->dirty = 0;
1650 reg->valid = 1;
1651 LOG_DEBUG("writing register %i mode %s "
1652 "with value 0x%8.8" PRIx32, j,
1653 arm_mode_name(armv4_5->core_mode),
1654 regs[j]);
1655 }
1656 }
1657
1658 if (mask)
1659 {
1660 arm7_9->write_core_regs(target, mask, regs);
1661 }
1662
1663 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1664 reg_arch_info = reg->arch_info;
1665 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY))
1666 {
1667 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1668 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1669 }
1670 }
1671 }
1672
1673 if (!armv4_5->cpsr->dirty && (armv4_5->core_mode != current_mode))
1674 {
1675 /* restore processor mode (mask T bit) */
1676 uint32_t tmp_cpsr;
1677
1678 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
1679 tmp_cpsr |= armv4_5_number_to_mode(i);
1680 tmp_cpsr &= ~0x20;
1681 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1682 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1683 }
1684 else if (armv4_5->cpsr->dirty)
1685 {
1686 /* CPSR has been changed, full restore necessary (mask T bit) */
1687 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1688 buf_get_u32(armv4_5->cpsr->value, 0, 32));
1689 arm7_9->write_xpsr(target,
1690 buf_get_u32(armv4_5->cpsr->value, 0, 32)
1691 & ~0x20, 0);
1692 armv4_5->cpsr->dirty = 0;
1693 armv4_5->cpsr->valid = 1;
1694 }
1695
1696 /* restore PC */
1697 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1698 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1699 armv4_5->core_cache->reg_list[15].dirty = 0;
1700
1701 if (arm7_9->post_restore_context)
1702 arm7_9->post_restore_context(target);
1703
1704 return ERROR_OK;
1705 }
1706
1707 /**
1708 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1709 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1710 * restart.
1711 *
1712 * @param target Pointer to the ARM7/9 target to be restarted
1713 * @return Result of executing the JTAG queue
1714 */
1715 int arm7_9_restart_core(struct target *target)
1716 {
1717 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1718 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1719
1720 /* set RESTART instruction */
1721 jtag_set_end_state(TAP_IDLE);
1722 if (arm7_9->need_bypass_before_restart) {
1723 arm7_9->need_bypass_before_restart = 0;
1724 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1725 }
1726 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1727
1728 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1729 return jtag_execute_queue();
1730 }
1731
1732 /**
1733 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1734 * iterated through and are set on the target if they aren't already set.
1735 *
1736 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1737 */
1738 void arm7_9_enable_watchpoints(struct target *target)
1739 {
1740 struct watchpoint *watchpoint = target->watchpoints;
1741
1742 while (watchpoint)
1743 {
1744 if (watchpoint->set == 0)
1745 arm7_9_set_watchpoint(target, watchpoint);
1746 watchpoint = watchpoint->next;
1747 }
1748 }
1749
1750 /**
1751 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1752 * iterated through and are set on the target.
1753 *
1754 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1755 */
1756 void arm7_9_enable_breakpoints(struct target *target)
1757 {
1758 struct breakpoint *breakpoint = target->breakpoints;
1759
1760 /* set any pending breakpoints */
1761 while (breakpoint)
1762 {
1763 arm7_9_set_breakpoint(target, breakpoint);
1764 breakpoint = breakpoint->next;
1765 }
1766 }
1767
1768 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1769 {
1770 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1771 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1772 struct breakpoint *breakpoint = target->breakpoints;
1773 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1774 int err, retval = ERROR_OK;
1775
1776 LOG_DEBUG("-");
1777
1778 if (target->state != TARGET_HALTED)
1779 {
1780 LOG_WARNING("target not halted");
1781 return ERROR_TARGET_NOT_HALTED;
1782 }
1783
1784 if (!debug_execution)
1785 {
1786 target_free_all_working_areas(target);
1787 }
1788
1789 /* current = 1: continue on current pc, otherwise continue at <address> */
1790 if (!current)
1791 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1792
1793 uint32_t current_pc;
1794 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1795
1796 /* the front-end may request us not to handle breakpoints */
1797 if (handle_breakpoints)
1798 {
1799 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1800 {
1801 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1802 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1803 {
1804 return retval;
1805 }
1806
1807 /* calculate PC of next instruction */
1808 uint32_t next_pc;
1809 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1810 {
1811 uint32_t current_opcode;
1812 target_read_u32(target, current_pc, &current_opcode);
1813 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1814 return retval;
1815 }
1816
1817 LOG_DEBUG("enable single-step");
1818 arm7_9->enable_single_step(target, next_pc);
1819
1820 target->debug_reason = DBG_REASON_SINGLESTEP;
1821
1822 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1823 {
1824 return retval;
1825 }
1826
1827 if (armv4_5->core_state == ARM_STATE_ARM)
1828 arm7_9->branch_resume(target);
1829 else if (armv4_5->core_state == ARM_STATE_THUMB)
1830 {
1831 arm7_9->branch_resume_thumb(target);
1832 }
1833 else
1834 {
1835 LOG_ERROR("unhandled core state");
1836 return ERROR_FAIL;
1837 }
1838
1839 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1840 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1841 err = arm7_9_execute_sys_speed(target);
1842
1843 LOG_DEBUG("disable single-step");
1844 arm7_9->disable_single_step(target);
1845
1846 if (err != ERROR_OK)
1847 {
1848 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1849 {
1850 return retval;
1851 }
1852 target->state = TARGET_UNKNOWN;
1853 return err;
1854 }
1855
1856 arm7_9_debug_entry(target);
1857 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1858
1859 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1860 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1861 {
1862 return retval;
1863 }
1864 }
1865 }
1866
1867 /* enable any pending breakpoints and watchpoints */
1868 arm7_9_enable_breakpoints(target);
1869 arm7_9_enable_watchpoints(target);
1870
1871 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875
1876 if (armv4_5->core_state == ARM_STATE_ARM)
1877 {
1878 arm7_9->branch_resume(target);
1879 }
1880 else if (armv4_5->core_state == ARM_STATE_THUMB)
1881 {
1882 arm7_9->branch_resume_thumb(target);
1883 }
1884 else
1885 {
1886 LOG_ERROR("unhandled core state");
1887 return ERROR_FAIL;
1888 }
1889
1890 /* deassert DBGACK and INTDIS */
1891 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1892 /* INTDIS only when we really resume, not during debug execution */
1893 if (!debug_execution)
1894 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1895 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1896
1897 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1898 {
1899 return retval;
1900 }
1901
1902 target->debug_reason = DBG_REASON_NOTHALTED;
1903
1904 if (!debug_execution)
1905 {
1906 /* registers are now invalid */
1907 register_cache_invalidate(armv4_5->core_cache);
1908 target->state = TARGET_RUNNING;
1909 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1910 {
1911 return retval;
1912 }
1913 }
1914 else
1915 {
1916 target->state = TARGET_DEBUG_RUNNING;
1917 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1918 {
1919 return retval;
1920 }
1921 }
1922
1923 LOG_DEBUG("target resumed");
1924
1925 return ERROR_OK;
1926 }
1927
1928 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1929 {
1930 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1931 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1932 uint32_t current_pc;
1933 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1934
1935 if (next_pc != current_pc)
1936 {
1937 /* setup an inverse breakpoint on the current PC
1938 * - comparator 1 matches the current address
1939 * - rangeout from comparator 1 is connected to comparator 0 rangein
1940 * - comparator 0 matches any address, as long as rangein is low */
1941 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1942 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1943 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1944 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1945 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1946 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1947 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1948 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1949 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1950 }
1951 else
1952 {
1953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1957 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1958 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1959 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1962 }
1963 }
1964
1965 void arm7_9_disable_eice_step(struct target *target)
1966 {
1967 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1968
1969 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1970 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1971 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1972 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1973 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1974 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1975 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1976 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1977 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1978 }
1979
1980 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1981 {
1982 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1983 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1984 struct breakpoint *breakpoint = NULL;
1985 int err, retval;
1986
1987 if (target->state != TARGET_HALTED)
1988 {
1989 LOG_WARNING("target not halted");
1990 return ERROR_TARGET_NOT_HALTED;
1991 }
1992
1993 /* current = 1: continue on current pc, otherwise continue at <address> */
1994 if (!current)
1995 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1996
1997 uint32_t current_pc;
1998 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1999
2000 /* the front-end may request us not to handle breakpoints */
2001 if (handle_breakpoints)
2002 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2003 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2004 {
2005 return retval;
2006 }
2007
2008 target->debug_reason = DBG_REASON_SINGLESTEP;
2009
2010 /* calculate PC of next instruction */
2011 uint32_t next_pc;
2012 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2013 {
2014 uint32_t current_opcode;
2015 target_read_u32(target, current_pc, &current_opcode);
2016 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2017 return retval;
2018 }
2019
2020 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2021 {
2022 return retval;
2023 }
2024
2025 arm7_9->enable_single_step(target, next_pc);
2026
2027 if (armv4_5->core_state == ARM_STATE_ARM)
2028 {
2029 arm7_9->branch_resume(target);
2030 }
2031 else if (armv4_5->core_state == ARM_STATE_THUMB)
2032 {
2033 arm7_9->branch_resume_thumb(target);
2034 }
2035 else
2036 {
2037 LOG_ERROR("unhandled core state");
2038 return ERROR_FAIL;
2039 }
2040
2041 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2042 {
2043 return retval;
2044 }
2045
2046 err = arm7_9_execute_sys_speed(target);
2047 arm7_9->disable_single_step(target);
2048
2049 /* registers are now invalid */
2050 register_cache_invalidate(armv4_5->core_cache);
2051
2052 if (err != ERROR_OK)
2053 {
2054 target->state = TARGET_UNKNOWN;
2055 } else {
2056 arm7_9_debug_entry(target);
2057 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2058 {
2059 return retval;
2060 }
2061 LOG_DEBUG("target stepped");
2062 }
2063
2064 if (breakpoint)
2065 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2066 {
2067 return retval;
2068 }
2069
2070 return err;
2071 }
2072
2073 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
2074 int num, enum arm_mode mode)
2075 {
2076 uint32_t* reg_p[16];
2077 uint32_t value;
2078 int retval;
2079 struct arm_reg *areg = r->arch_info;
2080 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2081 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2082
2083 if (!is_arm_mode(armv4_5->core_mode))
2084 return ERROR_FAIL;
2085 if ((num < 0) || (num > 16))
2086 return ERROR_INVALID_ARGUMENTS;
2087
2088 if ((mode != ARM_MODE_ANY)
2089 && (mode != armv4_5->core_mode)
2090 && (areg->mode != ARM_MODE_ANY))
2091 {
2092 uint32_t tmp_cpsr;
2093
2094 /* change processor mode (mask T bit) */
2095 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2096 tmp_cpsr |= mode;
2097 tmp_cpsr &= ~0x20;
2098 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2099 }
2100
2101 if ((num >= 0) && (num <= 15))
2102 {
2103 /* read a normal core register */
2104 reg_p[num] = &value;
2105
2106 arm7_9->read_core_regs(target, 1 << num, reg_p);
2107 }
2108 else
2109 {
2110 /* read a program status register
2111 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2112 */
2113 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2114 }
2115
2116 if ((retval = jtag_execute_queue()) != ERROR_OK)
2117 {
2118 return retval;
2119 }
2120
2121 r->valid = 1;
2122 r->dirty = 0;
2123 buf_set_u32(r->value, 0, 32, value);
2124
2125 if ((mode != ARM_MODE_ANY)
2126 && (mode != armv4_5->core_mode)
2127 && (areg->mode != ARM_MODE_ANY)) {
2128 /* restore processor mode (mask T bit) */
2129 arm7_9->write_xpsr_im8(target,
2130 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2131 & ~0x20, 0, 0);
2132 }
2133
2134 return ERROR_OK;
2135 }
2136
2137 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2138 int num, enum arm_mode mode, uint32_t value)
2139 {
2140 uint32_t reg[16];
2141 struct arm_reg *areg = r->arch_info;
2142 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2143 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2144
2145 if (!is_arm_mode(armv4_5->core_mode))
2146 return ERROR_FAIL;
2147 if ((num < 0) || (num > 16))
2148 return ERROR_INVALID_ARGUMENTS;
2149
2150 if ((mode != ARM_MODE_ANY)
2151 && (mode != armv4_5->core_mode)
2152 && (areg->mode != ARM_MODE_ANY)) {
2153 uint32_t tmp_cpsr;
2154
2155 /* change processor mode (mask T bit) */
2156 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2157 tmp_cpsr |= mode;
2158 tmp_cpsr &= ~0x20;
2159 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2160 }
2161
2162 if ((num >= 0) && (num <= 15))
2163 {
2164 /* write a normal core register */
2165 reg[num] = value;
2166
2167 arm7_9->write_core_regs(target, 1 << num, reg);
2168 }
2169 else
2170 {
2171 /* write a program status register
2172 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2173 */
2174 int spsr = (areg->mode != ARM_MODE_ANY);
2175
2176 /* if we're writing the CPSR, mask the T bit */
2177 if (!spsr)
2178 value &= ~0x20;
2179
2180 arm7_9->write_xpsr(target, value, spsr);
2181 }
2182
2183 r->valid = 1;
2184 r->dirty = 0;
2185
2186 if ((mode != ARM_MODE_ANY)
2187 && (mode != armv4_5->core_mode)
2188 && (areg->mode != ARM_MODE_ANY)) {
2189 /* restore processor mode (mask T bit) */
2190 arm7_9->write_xpsr_im8(target,
2191 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2192 & ~0x20, 0, 0);
2193 }
2194
2195 return jtag_execute_queue();
2196 }
2197
2198 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2199 {
2200 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2201 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2202 uint32_t reg[16];
2203 uint32_t num_accesses = 0;
2204 int thisrun_accesses;
2205 int i;
2206 uint32_t cpsr;
2207 int retval;
2208 int last_reg = 0;
2209
2210 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2211
2212 if (target->state != TARGET_HALTED)
2213 {
2214 LOG_WARNING("target not halted");
2215 return ERROR_TARGET_NOT_HALTED;
2216 }
2217
2218 /* sanitize arguments */
2219 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2220 return ERROR_INVALID_ARGUMENTS;
2221
2222 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2223 return ERROR_TARGET_UNALIGNED_ACCESS;
2224
2225 /* load the base register with the address of the first word */
2226 reg[0] = address;
2227 arm7_9->write_core_regs(target, 0x1, reg);
2228
2229 int j = 0;
2230
2231 switch (size)
2232 {
2233 case 4:
2234 while (num_accesses < count)
2235 {
2236 uint32_t reg_list;
2237 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2238 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2239
2240 if (last_reg <= thisrun_accesses)
2241 last_reg = thisrun_accesses;
2242
2243 arm7_9->load_word_regs(target, reg_list);
2244
2245 /* fast memory reads are only safe when the target is running
2246 * from a sufficiently high clock (32 kHz is usually too slow)
2247 */
2248 if (arm7_9->fast_memory_access)
2249 retval = arm7_9_execute_fast_sys_speed(target);
2250 else
2251 retval = arm7_9_execute_sys_speed(target);
2252 if (retval != ERROR_OK)
2253 return retval;
2254
2255 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2256
2257 /* advance buffer, count number of accesses */
2258 buffer += thisrun_accesses * 4;
2259 num_accesses += thisrun_accesses;
2260
2261 if ((j++%1024) == 0)
2262 {
2263 keep_alive();
2264 }
2265 }
2266 break;
2267 case 2:
2268 while (num_accesses < count)
2269 {
2270 uint32_t reg_list;
2271 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2272 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2273
2274 for (i = 1; i <= thisrun_accesses; i++)
2275 {
2276 if (i > last_reg)
2277 last_reg = i;
2278 arm7_9->load_hword_reg(target, i);
2279 /* fast memory reads are only safe when the target is running
2280 * from a sufficiently high clock (32 kHz is usually too slow)
2281 */
2282 if (arm7_9->fast_memory_access)
2283 retval = arm7_9_execute_fast_sys_speed(target);
2284 else
2285 retval = arm7_9_execute_sys_speed(target);
2286 if (retval != ERROR_OK)
2287 {
2288 return retval;
2289 }
2290
2291 }
2292
2293 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2294
2295 /* advance buffer, count number of accesses */
2296 buffer += thisrun_accesses * 2;
2297 num_accesses += thisrun_accesses;
2298
2299 if ((j++%1024) == 0)
2300 {
2301 keep_alive();
2302 }
2303 }
2304 break;
2305 case 1:
2306 while (num_accesses < count)
2307 {
2308 uint32_t reg_list;
2309 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2310 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2311
2312 for (i = 1; i <= thisrun_accesses; i++)
2313 {
2314 if (i > last_reg)
2315 last_reg = i;
2316 arm7_9->load_byte_reg(target, i);
2317 /* fast memory reads are only safe when the target is running
2318 * from a sufficiently high clock (32 kHz is usually too slow)
2319 */
2320 if (arm7_9->fast_memory_access)
2321 retval = arm7_9_execute_fast_sys_speed(target);
2322 else
2323 retval = arm7_9_execute_sys_speed(target);
2324 if (retval != ERROR_OK)
2325 {
2326 return retval;
2327 }
2328 }
2329
2330 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2331
2332 /* advance buffer, count number of accesses */
2333 buffer += thisrun_accesses * 1;
2334 num_accesses += thisrun_accesses;
2335
2336 if ((j++%1024) == 0)
2337 {
2338 keep_alive();
2339 }
2340 }
2341 break;
2342 }
2343
2344 if (!is_arm_mode(armv4_5->core_mode))
2345 return ERROR_FAIL;
2346
2347 for (i = 0; i <= last_reg; i++) {
2348 struct reg *r = arm_reg_current(armv4_5, i);
2349
2350 r->dirty = r->valid;
2351 }
2352
2353 arm7_9->read_xpsr(target, &cpsr, 0);
2354 if ((retval = jtag_execute_queue()) != ERROR_OK)
2355 {
2356 LOG_ERROR("JTAG error while reading cpsr");
2357 return ERROR_TARGET_DATA_ABORT;
2358 }
2359
2360 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2361 {
2362 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2363
2364 arm7_9->write_xpsr_im8(target,
2365 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2366 & ~0x20, 0, 0);
2367
2368 return ERROR_TARGET_DATA_ABORT;
2369 }
2370
2371 return ERROR_OK;
2372 }
2373
2374 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2375 {
2376 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2377 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2378 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2379
2380 uint32_t reg[16];
2381 uint32_t num_accesses = 0;
2382 int thisrun_accesses;
2383 int i;
2384 uint32_t cpsr;
2385 int retval;
2386 int last_reg = 0;
2387
2388 #ifdef _DEBUG_ARM7_9_
2389 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2390 #endif
2391
2392 if (target->state != TARGET_HALTED)
2393 {
2394 LOG_WARNING("target not halted");
2395 return ERROR_TARGET_NOT_HALTED;
2396 }
2397
2398 /* sanitize arguments */
2399 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2400 return ERROR_INVALID_ARGUMENTS;
2401
2402 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2403 return ERROR_TARGET_UNALIGNED_ACCESS;
2404
2405 /* load the base register with the address of the first word */
2406 reg[0] = address;
2407 arm7_9->write_core_regs(target, 0x1, reg);
2408
2409 /* Clear DBGACK, to make sure memory fetches work as expected */
2410 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2411 embeddedice_store_reg(dbg_ctrl);
2412
2413 switch (size)
2414 {
2415 case 4:
2416 while (num_accesses < count)
2417 {
2418 uint32_t reg_list;
2419 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2420 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2421
2422 for (i = 1; i <= thisrun_accesses; i++)
2423 {
2424 if (i > last_reg)
2425 last_reg = i;
2426 reg[i] = target_buffer_get_u32(target, buffer);
2427 buffer += 4;
2428 }
2429
2430 arm7_9->write_core_regs(target, reg_list, reg);
2431
2432 arm7_9->store_word_regs(target, reg_list);
2433
2434 /* fast memory writes are only safe when the target is running
2435 * from a sufficiently high clock (32 kHz is usually too slow)
2436 */
2437 if (arm7_9->fast_memory_access)
2438 retval = arm7_9_execute_fast_sys_speed(target);
2439 else
2440 retval = arm7_9_execute_sys_speed(target);
2441 if (retval != ERROR_OK)
2442 {
2443 return retval;
2444 }
2445
2446 num_accesses += thisrun_accesses;
2447 }
2448 break;
2449 case 2:
2450 while (num_accesses < count)
2451 {
2452 uint32_t reg_list;
2453 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2454 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2455
2456 for (i = 1; i <= thisrun_accesses; i++)
2457 {
2458 if (i > last_reg)
2459 last_reg = i;
2460 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2461 buffer += 2;
2462 }
2463
2464 arm7_9->write_core_regs(target, reg_list, reg);
2465
2466 for (i = 1; i <= thisrun_accesses; i++)
2467 {
2468 arm7_9->store_hword_reg(target, i);
2469
2470 /* fast memory writes are only safe when the target is running
2471 * from a sufficiently high clock (32 kHz is usually too slow)
2472 */
2473 if (arm7_9->fast_memory_access)
2474 retval = arm7_9_execute_fast_sys_speed(target);
2475 else
2476 retval = arm7_9_execute_sys_speed(target);
2477 if (retval != ERROR_OK)
2478 {
2479 return retval;
2480 }
2481 }
2482
2483 num_accesses += thisrun_accesses;
2484 }
2485 break;
2486 case 1:
2487 while (num_accesses < count)
2488 {
2489 uint32_t reg_list;
2490 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2491 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2492
2493 for (i = 1; i <= thisrun_accesses; i++)
2494 {
2495 if (i > last_reg)
2496 last_reg = i;
2497 reg[i] = *buffer++ & 0xff;
2498 }
2499
2500 arm7_9->write_core_regs(target, reg_list, reg);
2501
2502 for (i = 1; i <= thisrun_accesses; i++)
2503 {
2504 arm7_9->store_byte_reg(target, i);
2505 /* fast memory writes are only safe when the target is running
2506 * from a sufficiently high clock (32 kHz is usually too slow)
2507 */
2508 if (arm7_9->fast_memory_access)
2509 retval = arm7_9_execute_fast_sys_speed(target);
2510 else
2511 retval = arm7_9_execute_sys_speed(target);
2512 if (retval != ERROR_OK)
2513 {
2514 return retval;
2515 }
2516
2517 }
2518
2519 num_accesses += thisrun_accesses;
2520 }
2521 break;
2522 }
2523
2524 /* Re-Set DBGACK */
2525 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2526 embeddedice_store_reg(dbg_ctrl);
2527
2528 if (!is_arm_mode(armv4_5->core_mode))
2529 return ERROR_FAIL;
2530
2531 for (i = 0; i <= last_reg; i++) {
2532 struct reg *r = arm_reg_current(armv4_5, i);
2533
2534 r->dirty = r->valid;
2535 }
2536
2537 arm7_9->read_xpsr(target, &cpsr, 0);
2538 if ((retval = jtag_execute_queue()) != ERROR_OK)
2539 {
2540 LOG_ERROR("JTAG error while reading cpsr");
2541 return ERROR_TARGET_DATA_ABORT;
2542 }
2543
2544 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2545 {
2546 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2547
2548 arm7_9->write_xpsr_im8(target,
2549 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2550 & ~0x20, 0, 0);
2551
2552 return ERROR_TARGET_DATA_ABORT;
2553 }
2554
2555 return ERROR_OK;
2556 }
2557
2558 static int dcc_count;
2559 static uint8_t *dcc_buffer;
2560
2561 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2562 {
2563 int retval = ERROR_OK;
2564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2565
2566 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2567 return retval;
2568
2569 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2570 int count = dcc_count;
2571 uint8_t *buffer = dcc_buffer;
2572 if (count > 2)
2573 {
2574 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2575 * core function repeated. */
2576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2577 buffer += 4;
2578
2579 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2580 uint8_t reg_addr = ice_reg->addr & 0x1f;
2581 struct jtag_tap *tap;
2582 tap = ice_reg->jtag_info->tap;
2583
2584 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2585 buffer += (count-2)*4;
2586
2587 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2588 } else
2589 {
2590 int i;
2591 for (i = 0; i < count; i++)
2592 {
2593 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2594 buffer += 4;
2595 }
2596 }
2597
2598 if ((retval = target_halt(target))!= ERROR_OK)
2599 {
2600 return retval;
2601 }
2602 return target_wait_state(target, TARGET_HALTED, 500);
2603 }
2604
2605 static const uint32_t dcc_code[] =
2606 {
2607 /* r0 == input, points to memory buffer
2608 * r1 == scratch
2609 */
2610
2611 /* spin until DCC control (c0) reports data arrived */
2612 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2613 0xe3110001, /* tst r1, #1 */
2614 0x0afffffc, /* bne w */
2615
2616 /* read word from DCC (c1), write to memory */
2617 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2618 0xe4801004, /* str r1, [r0], #4 */
2619
2620 /* repeat */
2621 0xeafffff9 /* b w */
2622 };
2623
2624 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2625 {
2626 int retval;
2627 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2628 int i;
2629
2630 if (!arm7_9->dcc_downloads)
2631 return target_write_memory(target, address, 4, count, buffer);
2632
2633 /* regrab previously allocated working_area, or allocate a new one */
2634 if (!arm7_9->dcc_working_area)
2635 {
2636 uint8_t dcc_code_buf[6 * 4];
2637
2638 /* make sure we have a working area */
2639 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2640 {
2641 LOG_INFO("no working area available, falling back to memory writes");
2642 return target_write_memory(target, address, 4, count, buffer);
2643 }
2644
2645 /* copy target instructions to target endianness */
2646 for (i = 0; i < 6; i++)
2647 {
2648 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2649 }
2650
2651 /* write DCC code to working area */
2652 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2653 {
2654 return retval;
2655 }
2656 }
2657
2658 struct arm_algorithm armv4_5_info;
2659 struct reg_param reg_params[1];
2660
2661 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
2662 armv4_5_info.core_mode = ARM_MODE_SVC;
2663 armv4_5_info.core_state = ARM_STATE_ARM;
2664
2665 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2666
2667 buf_set_u32(reg_params[0].value, 0, 32, address);
2668
2669 dcc_count = count;
2670 dcc_buffer = buffer;
2671 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2672 arm7_9->dcc_working_area->address,
2673 arm7_9->dcc_working_area->address + 6*4,
2674 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2675
2676 if (retval == ERROR_OK)
2677 {
2678 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2679 if (endaddress != (address + count*4))
2680 {
2681 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2682 retval = ERROR_FAIL;
2683 }
2684 }
2685
2686 destroy_reg_param(&reg_params[0]);
2687
2688 return retval;
2689 }
2690
2691 /**
2692 * Perform per-target setup that requires JTAG access.
2693 */
2694 int arm7_9_examine(struct target *target)
2695 {
2696 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2697 int retval;
2698
2699 if (!target_was_examined(target)) {
2700 struct reg_cache *t, **cache_p;
2701
2702 t = embeddedice_build_reg_cache(target, arm7_9);
2703 if (t == NULL)
2704 return ERROR_FAIL;
2705
2706 cache_p = register_get_last_cache_p(&target->reg_cache);
2707 (*cache_p) = t;
2708 arm7_9->eice_cache = (*cache_p);
2709
2710 if (arm7_9->armv4_5_common.etm)
2711 (*cache_p)->next = etm_build_reg_cache(target,
2712 &arm7_9->jtag_info,
2713 arm7_9->armv4_5_common.etm);
2714
2715 target_set_examined(target);
2716 }
2717
2718 retval = embeddedice_setup(target);
2719 if (retval == ERROR_OK)
2720 retval = arm7_9_setup(target);
2721 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2722 retval = etm_setup(target);
2723 return retval;
2724 }
2725
2726
2727 int arm7_9_check_reset(struct target *target)
2728 {
2729 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2730
2731 if (get_target_reset_nag() && !arm7_9->dcc_downloads)
2732 {
2733 LOG_WARNING("NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2734 }
2735 }
2736
2737 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2738 {
2739 struct target *target = get_current_target(CMD_CTX);
2740 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2741
2742 if (!is_arm7_9(arm7_9))
2743 {
2744 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2745 return ERROR_TARGET_INVALID;
2746 }
2747
2748 if (CMD_ARGC > 0)
2749 COMMAND_PARSE_ENABLE(CMD_ARGV[0],arm7_9->use_dbgrq);
2750
2751 command_print(CMD_CTX, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2752
2753 return ERROR_OK;
2754 }
2755
2756 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2757 {
2758 struct target *target = get_current_target(CMD_CTX);
2759 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2760
2761 if (!is_arm7_9(arm7_9))
2762 {
2763 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2764 return ERROR_TARGET_INVALID;
2765 }
2766
2767 if (CMD_ARGC > 0)
2768 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2769
2770 command_print(CMD_CTX, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2771
2772 return ERROR_OK;
2773 }
2774
2775 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2776 {
2777 struct target *target = get_current_target(CMD_CTX);
2778 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2779
2780 if (!is_arm7_9(arm7_9))
2781 {
2782 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2783 return ERROR_TARGET_INVALID;
2784 }
2785
2786 if (CMD_ARGC > 0)
2787 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2788
2789 command_print(CMD_CTX, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2790
2791 return ERROR_OK;
2792 }
2793
2794 COMMAND_HANDLER(handle_arm7_9_semihosting_command)
2795 {
2796 struct target *target = get_current_target(CMD_CTX);
2797 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2798
2799 if (!is_arm7_9(arm7_9))
2800 {
2801 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2802 return ERROR_TARGET_INVALID;
2803 }
2804
2805 if (CMD_ARGC > 0)
2806 {
2807 int semihosting;
2808
2809 COMMAND_PARSE_ENABLE(CMD_ARGV[0], semihosting);
2810
2811 if (!target_was_examined(target))
2812 {
2813 LOG_ERROR("Target not examined yet");
2814 return ERROR_FAIL;
2815 }
2816
2817 if (arm7_9->has_vector_catch) {
2818 struct reg *vector_catch = &arm7_9->eice_cache
2819 ->reg_list[EICE_VEC_CATCH];
2820
2821 if (!vector_catch->valid)
2822 embeddedice_read_reg(vector_catch);
2823 buf_set_u32(vector_catch->value, 2, 1, semihosting);
2824 embeddedice_store_reg(vector_catch);
2825 } else {
2826 /* TODO: allow optional high vectors and/or BKPT_HARD */
2827 if (semihosting)
2828 breakpoint_add(target, 8, 4, BKPT_SOFT);
2829 else
2830 breakpoint_remove(target, 8);
2831 }
2832
2833 /* FIXME never let that "catch" be dropped! */
2834 arm7_9->armv4_5_common.is_semihosting = semihosting;
2835
2836 }
2837
2838 command_print(CMD_CTX, "semihosting is %s",
2839 arm7_9->armv4_5_common.is_semihosting
2840 ? "enabled" : "disabled");
2841
2842 return ERROR_OK;
2843 }
2844
2845 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2846 {
2847 int retval = ERROR_OK;
2848 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2849
2850 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2851
2852 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2853 return retval;
2854
2855 /* caller must have allocated via calloc(), so everything's zeroed */
2856
2857 arm7_9->wp_available_max = 2;
2858
2859 arm7_9->fast_memory_access = false;
2860 arm7_9->dcc_downloads = false;
2861
2862 armv4_5->arch_info = arm7_9;
2863 armv4_5->read_core_reg = arm7_9_read_core_reg;
2864 armv4_5->write_core_reg = arm7_9_write_core_reg;
2865 armv4_5->full_context = arm7_9_full_context;
2866
2867 retval = arm_init_arch_info(target, armv4_5);
2868 if (retval != ERROR_OK)
2869 return retval;
2870
2871 return target_register_timer_callback(arm7_9_handle_target_request,
2872 1, 1, target);
2873 }
2874
2875 static const struct command_registration arm7_9_any_command_handlers[] = {
2876 {
2877 "dbgrq",
2878 .handler = handle_arm7_9_dbgrq_command,
2879 .mode = COMMAND_ANY,
2880 .usage = "['enable'|'disable']",
2881 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2882 "for target halt requests",
2883 },
2884 {
2885 "fast_memory_access",
2886 .handler = handle_arm7_9_fast_memory_access_command,
2887 .mode = COMMAND_ANY,
2888 .usage = "['enable'|'disable']",
2889 .help = "use fast memory accesses instead of slower "
2890 "but potentially safer accesses",
2891 },
2892 {
2893 "dcc_downloads",
2894 .handler = handle_arm7_9_dcc_downloads_command,
2895 .mode = COMMAND_ANY,
2896 .usage = "['enable'|'disable']",
2897 .help = "use DCC downloads for larger memory writes",
2898 },
2899 {
2900 "semihosting",
2901 .handler = handle_arm7_9_semihosting_command,
2902 .mode = COMMAND_EXEC,
2903 .usage = "['enable'|'disable']",
2904 .help = "activate support for semihosting operations",
2905 },
2906 COMMAND_REGISTRATION_DONE
2907 };
2908 const struct command_registration arm7_9_command_handlers[] = {
2909 {
2910 .chain = arm_command_handlers,
2911 },
2912 {
2913 .chain = etm_command_handlers,
2914 },
2915 {
2916 .name = "arm7_9",
2917 .mode = COMMAND_ANY,
2918 .help = "arm7/9 specific commands",
2919 .chain = arm7_9_any_command_handlers,
2920 },
2921 COMMAND_REGISTRATION_DONE
2922 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)