Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
jim tests: use installed
[openocd.git] / src / target / arm920t.c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "arm920t.h"
26 #include <helper/time_support.h>
27 #include "target_type.h"
28 #include "register.h"
29 #include "arm_opcodes.h"
30
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92 int retval;
93
94 jtag_info = &arm920t->arm7_9_common.jtag_info;
95
96 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
97 if (retval != ERROR_OK)
98 return retval;
99 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
100 if (retval != ERROR_OK)
101 return retval;
102
103 fields[0].num_bits = 1;
104 fields[0].out_value = &access_type_buf;
105 fields[0].in_value = NULL;
106
107 fields[1].num_bits = 32;
108 fields[1].out_value = NULL;
109 fields[1].in_value = NULL;
110
111 fields[2].num_bits = 6;
112 fields[2].out_value = &reg_addr_buf;
113 fields[2].in_value = NULL;
114
115 fields[3].num_bits = 1;
116 fields[3].out_value = &nr_w_buf;
117 fields[3].in_value = NULL;
118
119 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
120
121 fields[1].in_value = (uint8_t *)value;
122
123 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
124
125 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
126
127 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
128 jtag_execute_queue();
129 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
130 #endif
131
132 return ERROR_OK;
133 }
134
135 static int arm920t_write_cp15_physical(struct target *target,
136 int reg_addr, uint32_t value)
137 {
138 struct arm920t_common *arm920t = target_to_arm920(target);
139 struct arm_jtag *jtag_info;
140 struct scan_field fields[4];
141 uint8_t access_type_buf = 1;
142 uint8_t reg_addr_buf = reg_addr & 0x3f;
143 uint8_t nr_w_buf = 1;
144 uint8_t value_buf[4];
145 int retval;
146
147 jtag_info = &arm920t->arm7_9_common.jtag_info;
148
149 buf_set_u32(value_buf, 0, 32, value);
150
151 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
152 if (retval != ERROR_OK)
153 return retval;
154 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
155 if (retval != ERROR_OK)
156 return retval;
157
158 fields[0].num_bits = 1;
159 fields[0].out_value = &access_type_buf;
160 fields[0].in_value = NULL;
161
162 fields[1].num_bits = 32;
163 fields[1].out_value = value_buf;
164 fields[1].in_value = NULL;
165
166 fields[2].num_bits = 6;
167 fields[2].out_value = &reg_addr_buf;
168 fields[2].in_value = NULL;
169
170 fields[3].num_bits = 1;
171 fields[3].out_value = &nr_w_buf;
172 fields[3].in_value = NULL;
173
174 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
175
176 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
177 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
178 #endif
179
180 return ERROR_OK;
181 }
182
183 /* See table 9-10 for scan chain 15 format during interpreted access mode.
184 * If the TESTSTATE register is set for interpreted access, certain CP15
185 * MRC and MCR instructions may be executed through scan chain 15.
186 *
187 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
188 * executed using scan chain 15 interpreted mode.
189 */
190 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
191 uint32_t arm_opcode)
192 {
193 int retval;
194 struct arm920t_common *arm920t = target_to_arm920(target);
195 struct arm_jtag *jtag_info;
196 struct scan_field fields[4];
197 uint8_t access_type_buf = 0; /* interpreted access */
198 uint8_t reg_addr_buf = 0x0;
199 uint8_t nr_w_buf = 0;
200 uint8_t cp15_opcode_buf[4];
201
202 jtag_info = &arm920t->arm7_9_common.jtag_info;
203
204 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
205 if (retval != ERROR_OK)
206 return retval;
207 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
208 if (retval != ERROR_OK)
209 return retval;
210
211 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
212
213 fields[0].num_bits = 1;
214 fields[0].out_value = &access_type_buf;
215 fields[0].in_value = NULL;
216
217 fields[1].num_bits = 32;
218 fields[1].out_value = cp15_opcode_buf;
219 fields[1].in_value = NULL;
220
221 fields[2].num_bits = 6;
222 fields[2].out_value = &reg_addr_buf;
223 fields[2].in_value = NULL;
224
225 fields[3].num_bits = 1;
226 fields[3].out_value = &nr_w_buf;
227 fields[3].in_value = NULL;
228
229 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
230
231 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
232 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
233 retval = arm7_9_execute_sys_speed(target);
234 if (retval != ERROR_OK)
235 return retval;
236
237 if ((retval = jtag_execute_queue()) != ERROR_OK)
238 {
239 LOG_ERROR("failed executing JTAG queue");
240 return retval;
241 }
242
243 return ERROR_OK;
244 }
245
246 static int arm920t_read_cp15_interpreted(struct target *target,
247 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
248 {
249 struct arm *armv4_5 = target_to_arm(target);
250 uint32_t* regs_p[1];
251 uint32_t regs[2];
252 uint32_t cp15c15 = 0x0;
253 struct reg *r = armv4_5->core_cache->reg_list;
254
255 /* load address into R1 */
256 regs[1] = address;
257 arm9tdmi_write_core_regs(target, 0x2, regs);
258
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
262 jtag_execute_queue();
263 cp15c15 |= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
265
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
268
269 /* disable interpreted access mode */
270 cp15c15 &= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
272
273 /* retrieve value from R0 */
274 regs_p[0] = value;
275 arm9tdmi_read_core_regs(target, 0x1, regs_p);
276 jtag_execute_queue();
277
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode, address, *value);
281 #endif
282
283 if (!is_arm_mode(armv4_5->core_mode))
284 {
285 LOG_ERROR("not a valid arm core mode - communication failure?");
286 return ERROR_FAIL;
287 }
288
289 r[0].dirty = 1;
290 r[1].dirty = 1;
291
292 return ERROR_OK;
293 }
294
295 static
296 int arm920t_write_cp15_interpreted(struct target *target,
297 uint32_t cp15_opcode, uint32_t value, uint32_t address)
298 {
299 uint32_t cp15c15 = 0x0;
300 struct arm *armv4_5 = target_to_arm(target);
301 uint32_t regs[2];
302 struct reg *r = armv4_5->core_cache->reg_list;
303
304 /* load value, address into R0, R1 */
305 regs[0] = value;
306 regs[1] = address;
307 arm9tdmi_write_core_regs(target, 0x3, regs);
308
309 /* read-modify-write CP15 test state register
310 * to enable interpreted access mode */
311 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
312 jtag_execute_queue();
313 cp15c15 |= 1; /* set interpret mode */
314 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
315
316 /* execute CP15 instruction and ARM store (writing to coprocessor) */
317 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
318
319 /* disable interpreted access mode */
320 cp15c15 &= ~1U; /* set interpret mode */
321 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
322
323 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
324 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
325 cp15_opcode, value, address);
326 #endif
327
328 if (!is_arm_mode(armv4_5->core_mode))
329 {
330 LOG_ERROR("not a valid arm core mode - communication failure?");
331 return ERROR_FAIL;
332 }
333
334 r[0].dirty = 1;
335 r[1].dirty = 1;
336
337 return ERROR_OK;
338 }
339
340 // EXPORTED to FA256
341 int arm920t_get_ttb(struct target *target, uint32_t *result)
342 {
343 int retval;
344 uint32_t ttb = 0x0;
345
346 if ((retval = arm920t_read_cp15_interpreted(target,
347 /* FIXME use opcode macro */
348 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
349 return retval;
350
351 *result = ttb;
352 return ERROR_OK;
353 }
354
355 // EXPORTED to FA256
356 int arm920t_disable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360 int retval;
361
362 /* read cp15 control register */
363 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
364 if (retval != ERROR_OK)
365 return retval;
366 retval = jtag_execute_queue();
367 if (retval != ERROR_OK)
368 return retval;
369
370 if (mmu)
371 cp15_control &= ~0x1U;
372
373 if (d_u_cache)
374 cp15_control &= ~0x4U;
375
376 if (i_cache)
377 cp15_control &= ~0x1000U;
378
379 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
380 return retval;
381 }
382
383 // EXPORTED to FA256
384 int arm920t_enable_mmu_caches(struct target *target, int mmu,
385 int d_u_cache, int i_cache)
386 {
387 uint32_t cp15_control;
388 int retval;
389
390 /* read cp15 control register */
391 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
392 if (retval != ERROR_OK)
393 return retval;
394 retval = jtag_execute_queue();
395 if (retval != ERROR_OK)
396 return retval;
397
398 if (mmu)
399 cp15_control |= 0x1U;
400
401 if (d_u_cache)
402 cp15_control |= 0x4U;
403
404 if (i_cache)
405 cp15_control |= 0x1000U;
406
407 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
408 return retval;
409 }
410
411 // EXPORTED to FA256
412 int arm920t_post_debug_entry(struct target *target)
413 {
414 uint32_t cp15c15;
415 struct arm920t_common *arm920t = target_to_arm920(target);
416 int retval;
417
418 /* examine cp15 control reg */
419 retval = arm920t_read_cp15_physical(target,
420 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
421 if (retval != ERROR_OK)
422 return retval;
423 retval = jtag_execute_queue();
424 if (retval != ERROR_OK)
425 return retval;
426 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
427
428 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
429 {
430 uint32_t cache_type_reg;
431 /* identify caches */
432 retval = arm920t_read_cp15_physical(target,
433 CP15PHYS_CACHETYPE, &cache_type_reg);
434 if (retval != ERROR_OK)
435 return retval;
436 retval = jtag_execute_queue();
437 if (retval != ERROR_OK)
438 return retval;
439 armv4_5_identify_cache(cache_type_reg,
440 &arm920t->armv4_5_mmu.armv4_5_cache);
441 }
442
443 arm920t->armv4_5_mmu.mmu_enabled =
444 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
445 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
446 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
447 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
448 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
449
450 /* save i/d fault status and address register */
451 /* FIXME use opcode macros */
452 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
453 if (retval != ERROR_OK)
454 return retval;
455 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
456 if (retval != ERROR_OK)
457 return retval;
458 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
459 if (retval != ERROR_OK)
460 return retval;
461 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
462 if (retval != ERROR_OK)
463 return retval;
464
465 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
466 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
467 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
468
469 if (arm920t->preserve_cache)
470 {
471 /* read-modify-write CP15 test state register
472 * to disable I/D-cache linefills */
473 retval = arm920t_read_cp15_physical(target,
474 CP15PHYS_TESTSTATE, &cp15c15);
475 if (retval != ERROR_OK)
476 return retval;
477 retval = jtag_execute_queue();
478 if (retval != ERROR_OK)
479 return retval;
480 cp15c15 |= 0x600;
481 retval = arm920t_write_cp15_physical(target,
482 CP15PHYS_TESTSTATE, cp15c15);
483 if (retval != ERROR_OK)
484 return retval;
485 }
486 return ERROR_OK;
487 }
488
489 // EXPORTED to FA256
490 void arm920t_pre_restore_context(struct target *target)
491 {
492 uint32_t cp15c15;
493 struct arm920t_common *arm920t = target_to_arm920(target);
494
495 /* restore i/d fault status and address register */
496 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
497 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
498 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
499 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
500
501 /* read-modify-write CP15 test state register
502 * to reenable I/D-cache linefills */
503 if (arm920t->preserve_cache)
504 {
505 arm920t_read_cp15_physical(target,
506 CP15PHYS_TESTSTATE, &cp15c15);
507 jtag_execute_queue();
508 cp15c15 &= ~0x600U;
509 arm920t_write_cp15_physical(target,
510 CP15PHYS_TESTSTATE, cp15c15);
511 }
512 }
513
514 static const char arm920_not[] = "target is not an ARM920";
515
516 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
517 struct arm920t_common *arm920t)
518 {
519 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
520 command_print(cmd_ctx, arm920_not);
521 return ERROR_TARGET_INVALID;
522 }
523
524 return ERROR_OK;
525 }
526
527 /** Logs summary of ARM920 state for a halted target. */
528 int arm920t_arch_state(struct target *target)
529 {
530 static const char *state[] =
531 {
532 "disabled", "enabled"
533 };
534
535 struct arm920t_common *arm920t = target_to_arm920(target);
536 struct arm *armv4_5;
537
538 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
539 {
540 LOG_ERROR("BUG: %s", arm920_not);
541 return ERROR_TARGET_INVALID;
542 }
543
544 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
545
546 arm_arch_state(target);
547 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
548 state[arm920t->armv4_5_mmu.mmu_enabled],
549 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
550 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
551
552 return ERROR_OK;
553 }
554
555 static int arm920_mmu(struct target *target, int *enabled)
556 {
557 if (target->state != TARGET_HALTED) {
558 LOG_ERROR("%s: target not halted", __func__);
559 return ERROR_TARGET_INVALID;
560 }
561
562 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
563 return ERROR_OK;
564 }
565
566 static int arm920_virt2phys(struct target *target,
567 uint32_t virt, uint32_t *phys)
568 {
569 uint32_t cb;
570 struct arm920t_common *arm920t = target_to_arm920(target);
571
572 uint32_t ret;
573 int retval = armv4_5_mmu_translate_va(target,
574 &arm920t->armv4_5_mmu, virt, &cb, &ret);
575 if (retval != ERROR_OK)
576 return retval;
577 *phys = ret;
578 return ERROR_OK;
579 }
580
581 /** Reads a buffer, in the specified word size, with current MMU settings. */
582 int arm920t_read_memory(struct target *target, uint32_t address,
583 uint32_t size, uint32_t count, uint8_t *buffer)
584 {
585 int retval;
586
587 retval = arm7_9_read_memory(target, address, size, count, buffer);
588
589 return retval;
590 }
591
592
593 static int arm920t_read_phys_memory(struct target *target,
594 uint32_t address, uint32_t size,
595 uint32_t count, uint8_t *buffer)
596 {
597 struct arm920t_common *arm920t = target_to_arm920(target);
598
599 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
600 address, size, count, buffer);
601 }
602
603 static int arm920t_write_phys_memory(struct target *target,
604 uint32_t address, uint32_t size,
605 uint32_t count, uint8_t *buffer)
606 {
607 struct arm920t_common *arm920t = target_to_arm920(target);
608
609 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
610 address, size, count, buffer);
611 }
612
613
614 /** Writes a buffer, in the specified word size, with current MMU settings. */
615 int arm920t_write_memory(struct target *target, uint32_t address,
616 uint32_t size, uint32_t count, uint8_t *buffer)
617 {
618 int retval;
619 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
620 struct arm920t_common *arm920t = target_to_arm920(target);
621
622 /* FIX!!!! this should be cleaned up and made much more general. The
623 * plan is to write up and test on arm920t specifically and
624 * then generalize and clean up afterwards.
625 *
626 * Also it should be moved to the callbacks that handle breakpoints
627 * specifically and not the generic memory write fn's. See XScale code.
628 */
629 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
630 ((size==2) || (size==4)))
631 {
632 /* special case the handling of single word writes to
633 * bypass MMU, to allow implementation of breakpoints
634 * in memory marked read only
635 * by MMU
636 */
637 uint32_t cb;
638 uint32_t pa;
639
640 /*
641 * We need physical address and cb
642 */
643 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
644 address, &cb, &pa);
645 if (retval != ERROR_OK)
646 return retval;
647
648 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
649 {
650 if (cb & 0x1)
651 {
652 LOG_DEBUG("D-Cache buffered, "
653 "drain write buffer");
654 /*
655 * Buffered ?
656 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
657 */
658
659 retval = arm920t_write_cp15_interpreted(target,
660 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
661 0x0, 0);
662 if (retval != ERROR_OK)
663 return retval;
664 }
665
666 if (cb == 0x3)
667 {
668 /*
669 * Write back memory ? -> clean cache
670 *
671 * There is no way to clean cache lines using
672 * cp15 scan chain, so copy the full cache
673 * line from cache to physical memory.
674 */
675 uint8_t data[32];
676
677 LOG_DEBUG("D-Cache in 'write back' mode, "
678 "flush cache line");
679
680 retval = target_read_memory(target,
681 address & cache_mask, 1,
682 sizeof(data), &data[0]);
683 if (retval != ERROR_OK)
684 return retval;
685
686 retval = armv4_5_mmu_write_physical(target,
687 &arm920t->armv4_5_mmu,
688 pa & cache_mask, 1,
689 sizeof(data), &data[0]);
690 if (retval != ERROR_OK)
691 return retval;
692 }
693
694 /* Cached ? */
695 if (cb & 0x2)
696 {
697 /*
698 * Cached ? -> Invalidate data cache using MVA
699 *
700 * MCR p15,0,Rd,c7,c6,1
701 */
702 LOG_DEBUG("D-Cache enabled, "
703 "invalidate cache line");
704
705 retval = arm920t_write_cp15_interpreted(target,
706 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
707 address & cache_mask);
708 if (retval != ERROR_OK)
709 return retval;
710 }
711 }
712
713 /* write directly to physical memory,
714 * bypassing any read only MMU bits, etc.
715 */
716 retval = armv4_5_mmu_write_physical(target,
717 &arm920t->armv4_5_mmu, pa, size,
718 count, buffer);
719 if (retval != ERROR_OK)
720 return retval;
721 } else
722 {
723 if ((retval = arm7_9_write_memory(target, address,
724 size, count, buffer)) != ERROR_OK)
725 return retval;
726 }
727
728 /* If ICache is enabled, we have to invalidate affected ICache lines
729 * the DCache is forced to write-through,
730 * so we don't have to clean it here
731 */
732 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
733 {
734 if (count <= 1)
735 {
736 /* invalidate ICache single entry with MVA
737 * mcr 15, 0, r0, cr7, cr5, {1}
738 */
739 LOG_DEBUG("I-Cache enabled, "
740 "invalidating affected I-Cache line");
741 retval = arm920t_write_cp15_interpreted(target,
742 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
743 0x0, address & cache_mask);
744 if (retval != ERROR_OK)
745 return retval;
746 }
747 else
748 {
749 /* invalidate ICache
750 * mcr 15, 0, r0, cr7, cr5, {0}
751 */
752 retval = arm920t_write_cp15_interpreted(target,
753 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
754 0x0, 0x0);
755 if (retval != ERROR_OK)
756 return retval;
757 }
758 }
759
760 return ERROR_OK;
761 }
762
763 // EXPORTED to FA256
764 int arm920t_soft_reset_halt(struct target *target)
765 {
766 int retval = ERROR_OK;
767 struct arm920t_common *arm920t = target_to_arm920(target);
768 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
769 struct arm *armv4_5 = &arm7_9->armv4_5_common;
770 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
771
772 if ((retval = target_halt(target)) != ERROR_OK)
773 {
774 return retval;
775 }
776
777 long long then = timeval_ms();
778 int timeout;
779 while (!(timeout = ((timeval_ms()-then) > 1000)))
780 {
781 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
782 == 0)
783 {
784 embeddedice_read_reg(dbg_stat);
785 if ((retval = jtag_execute_queue()) != ERROR_OK)
786 {
787 return retval;
788 }
789 } else
790 {
791 break;
792 }
793 if (debug_level >= 3)
794 {
795 /* do not eat all CPU, time out after 1 se*/
796 alive_sleep(100);
797 } else
798 {
799 keep_alive();
800 }
801 }
802 if (timeout)
803 {
804 LOG_ERROR("Failed to halt CPU after 1 sec");
805 return ERROR_TARGET_TIMEOUT;
806 }
807
808 target->state = TARGET_HALTED;
809
810 /* SVC, ARM state, IRQ and FIQ disabled */
811 uint32_t cpsr;
812
813 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
814 cpsr &= ~0xff;
815 cpsr |= 0xd3;
816 arm_set_cpsr(armv4_5, cpsr);
817 armv4_5->cpsr->dirty = 1;
818
819 /* start fetching from 0x0 */
820 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
821 armv4_5->pc->dirty = 1;
822 armv4_5->pc->valid = 1;
823
824 arm920t_disable_mmu_caches(target, 1, 1, 1);
825 arm920t->armv4_5_mmu.mmu_enabled = 0;
826 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
827 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
828
829 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
830 }
831
832 /* FIXME remove forward decls */
833 static int arm920t_mrc(struct target *target, int cpnum,
834 uint32_t op1, uint32_t op2,
835 uint32_t CRn, uint32_t CRm,
836 uint32_t *value);
837 static int arm920t_mcr(struct target *target, int cpnum,
838 uint32_t op1, uint32_t op2,
839 uint32_t CRn, uint32_t CRm,
840 uint32_t value);
841
842 static int arm920t_init_arch_info(struct target *target,
843 struct arm920t_common *arm920t, struct jtag_tap *tap)
844 {
845 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
846
847 arm7_9->armv4_5_common.mrc = arm920t_mrc;
848 arm7_9->armv4_5_common.mcr = arm920t_mcr;
849
850 /* initialize arm7/arm9 specific info (including armv4_5) */
851 arm9tdmi_init_arch_info(target, arm7_9, tap);
852
853 arm920t->common_magic = ARM920T_COMMON_MAGIC;
854
855 arm7_9->post_debug_entry = arm920t_post_debug_entry;
856 arm7_9->pre_restore_context = arm920t_pre_restore_context;
857
858 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
859 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
860 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
861 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
862 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
863 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
864 arm920t->armv4_5_mmu.has_tiny_pages = 1;
865 arm920t->armv4_5_mmu.mmu_enabled = 0;
866
867 /* disabling linefills leads to lockups, so keep them enabled for now
868 * this doesn't affect correctness, but might affect timing issues, if
869 * important data is evicted from the cache during the debug session
870 * */
871 arm920t->preserve_cache = 0;
872
873 /* override hw single-step capability from ARM9TDMI */
874 arm7_9->has_single_step = 1;
875
876 return ERROR_OK;
877 }
878
879 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
880 {
881 struct arm920t_common *arm920t;
882
883 arm920t = calloc(1,sizeof(struct arm920t_common));
884 return arm920t_init_arch_info(target, arm920t, target->tap);
885 }
886
887 COMMAND_HANDLER(arm920t_handle_read_cache_command)
888 {
889 int retval = ERROR_OK;
890 struct target *target = get_current_target(CMD_CTX);
891 struct arm920t_common *arm920t = target_to_arm920(target);
892 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
893 struct arm *armv4_5 = &arm7_9->armv4_5_common;
894 uint32_t cp15c15;
895 uint32_t cp15_ctrl, cp15_ctrl_saved;
896 uint32_t regs[16];
897 uint32_t *regs_p[16];
898 uint32_t C15_C_D_Ind, C15_C_I_Ind;
899 int i;
900 FILE *output;
901 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
902 int segment, index_t;
903 struct reg *r;
904
905 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
906 if (retval != ERROR_OK)
907 return retval;
908
909 if (CMD_ARGC != 1)
910 {
911 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
912 return ERROR_OK;
913 }
914
915 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
916 {
917 LOG_DEBUG("error opening cache content file");
918 return ERROR_OK;
919 }
920
921 for (i = 0; i < 16; i++)
922 regs_p[i] = &regs[i];
923
924 /* disable MMU and Caches */
925 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
926 if ((retval = jtag_execute_queue()) != ERROR_OK)
927 {
928 return retval;
929 }
930 cp15_ctrl_saved = cp15_ctrl;
931 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
932 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
933 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
934
935 /* read CP15 test state register */
936 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
937 jtag_execute_queue();
938
939 /* read DCache content */
940 fprintf(output, "DCache:\n");
941
942 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
943 for (segment = 0;
944 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
945 segment++)
946 {
947 fprintf(output, "\nsegment: %i\n----------", segment);
948
949 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
950 regs[0] = 0x0 | (segment << 5);
951 arm9tdmi_write_core_regs(target, 0x1, regs);
952
953 /* set interpret mode */
954 cp15c15 |= 0x1;
955 arm920t_write_cp15_physical(target,
956 CP15PHYS_TESTSTATE, cp15c15);
957
958 /* D CAM Read, loads current victim into C15.C.D.Ind */
959 arm920t_execute_cp15(target,
960 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
961
962 /* read current victim */
963 arm920t_read_cp15_physical(target,
964 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
965
966 /* clear interpret mode */
967 cp15c15 &= ~0x1;
968 arm920t_write_cp15_physical(target,
969 CP15PHYS_TESTSTATE, cp15c15);
970
971 for (index_t = 0; index_t < 64; index_t++)
972 {
973 /* Ra:
974 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
975 */
976 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
977 arm9tdmi_write_core_regs(target, 0x1, regs);
978
979 /* set interpret mode */
980 cp15c15 |= 0x1;
981 arm920t_write_cp15_physical(target,
982 CP15PHYS_TESTSTATE, cp15c15);
983
984 /* Write DCache victim */
985 arm920t_execute_cp15(target,
986 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
987
988 /* Read D RAM */
989 arm920t_execute_cp15(target,
990 ARMV4_5_MCR(15,2,0,15,10,2),
991 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
992
993 /* Read D CAM */
994 arm920t_execute_cp15(target,
995 ARMV4_5_MCR(15,2,0,15,6,2),
996 ARMV4_5_LDR(9, 0));
997
998 /* clear interpret mode */
999 cp15c15 &= ~0x1;
1000 arm920t_write_cp15_physical(target,
1001 CP15PHYS_TESTSTATE, cp15c15);
1002
1003 /* read D RAM and CAM content */
1004 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1005 if ((retval = jtag_execute_queue()) != ERROR_OK)
1006 {
1007 return retval;
1008 }
1009
1010 d_cache[segment][index_t].cam = regs[9];
1011
1012 /* mask LFSR[6] */
1013 regs[9] &= 0xfffffffe;
1014 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
1015 PRIx32 ", content (%s):\n",
1016 segment, index_t, regs[9],
1017 (regs[9] & 0x10) ? "valid" : "invalid");
1018
1019 for (i = 1; i < 9; i++)
1020 {
1021 d_cache[segment][index_t].data[i] = regs[i];
1022 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1023 i-1, regs[i]);
1024 }
1025
1026 }
1027
1028 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1029 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1030 arm9tdmi_write_core_regs(target, 0x1, regs);
1031
1032 /* set interpret mode */
1033 cp15c15 |= 0x1;
1034 arm920t_write_cp15_physical(target,
1035 CP15PHYS_TESTSTATE, cp15c15);
1036
1037 /* Write DCache victim */
1038 arm920t_execute_cp15(target,
1039 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1040
1041 /* clear interpret mode */
1042 cp15c15 &= ~0x1;
1043 arm920t_write_cp15_physical(target,
1044 CP15PHYS_TESTSTATE, cp15c15);
1045 }
1046
1047 /* read ICache content */
1048 fprintf(output, "ICache:\n");
1049
1050 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1051 for (segment = 0;
1052 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1053 segment++)
1054 {
1055 fprintf(output, "segment: %i\n----------", segment);
1056
1057 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1058 regs[0] = 0x0 | (segment << 5);
1059 arm9tdmi_write_core_regs(target, 0x1, regs);
1060
1061 /* set interpret mode */
1062 cp15c15 |= 0x1;
1063 arm920t_write_cp15_physical(target,
1064 CP15PHYS_TESTSTATE, cp15c15);
1065
1066 /* I CAM Read, loads current victim into C15.C.I.Ind */
1067 arm920t_execute_cp15(target,
1068 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1069
1070 /* read current victim */
1071 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1072 &C15_C_I_Ind);
1073
1074 /* clear interpret mode */
1075 cp15c15 &= ~0x1;
1076 arm920t_write_cp15_physical(target,
1077 CP15PHYS_TESTSTATE, cp15c15);
1078
1079 for (index_t = 0; index_t < 64; index_t++)
1080 {
1081 /* Ra:
1082 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1083 */
1084 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1085 arm9tdmi_write_core_regs(target, 0x1, regs);
1086
1087 /* set interpret mode */
1088 cp15c15 |= 0x1;
1089 arm920t_write_cp15_physical(target,
1090 CP15PHYS_TESTSTATE, cp15c15);
1091
1092 /* Write ICache victim */
1093 arm920t_execute_cp15(target,
1094 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1095
1096 /* Read I RAM */
1097 arm920t_execute_cp15(target,
1098 ARMV4_5_MCR(15,2,0,15,9,2),
1099 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1100
1101 /* Read I CAM */
1102 arm920t_execute_cp15(target,
1103 ARMV4_5_MCR(15,2,0,15,5,2),
1104 ARMV4_5_LDR(9, 0));
1105
1106 /* clear interpret mode */
1107 cp15c15 &= ~0x1;
1108 arm920t_write_cp15_physical(target,
1109 CP15PHYS_TESTSTATE, cp15c15);
1110
1111 /* read I RAM and CAM content */
1112 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1113 if ((retval = jtag_execute_queue()) != ERROR_OK)
1114 {
1115 return retval;
1116 }
1117
1118 i_cache[segment][index_t].cam = regs[9];
1119
1120 /* mask LFSR[6] */
1121 regs[9] &= 0xfffffffe;
1122 fprintf(output, "\nsegment: %i, index: %i, "
1123 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1124 segment, index_t, regs[9],
1125 (regs[9] & 0x10) ? "valid" : "invalid");
1126
1127 for (i = 1; i < 9; i++)
1128 {
1129 i_cache[segment][index_t].data[i] = regs[i];
1130 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1131 i-1, regs[i]);
1132 }
1133 }
1134
1135 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1136 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1137 arm9tdmi_write_core_regs(target, 0x1, regs);
1138
1139 /* set interpret mode */
1140 cp15c15 |= 0x1;
1141 arm920t_write_cp15_physical(target,
1142 CP15PHYS_TESTSTATE, cp15c15);
1143
1144 /* Write ICache victim */
1145 arm920t_execute_cp15(target,
1146 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1147
1148 /* clear interpret mode */
1149 cp15c15 &= ~0x1;
1150 arm920t_write_cp15_physical(target,
1151 CP15PHYS_TESTSTATE, cp15c15);
1152 }
1153
1154 /* restore CP15 MMU and Cache settings */
1155 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1156
1157 command_print(CMD_CTX, "cache content successfully output to %s",
1158 CMD_ARGV[0]);
1159
1160 fclose(output);
1161
1162 if (!is_arm_mode(armv4_5->core_mode))
1163 {
1164 LOG_ERROR("not a valid arm core mode - communication failure?");
1165 return ERROR_FAIL;
1166 }
1167
1168 /* force writeback of the valid data */
1169 r = armv4_5->core_cache->reg_list;
1170 r[0].dirty = r[0].valid;
1171 r[1].dirty = r[1].valid;
1172 r[2].dirty = r[2].valid;
1173 r[3].dirty = r[3].valid;
1174 r[4].dirty = r[4].valid;
1175 r[5].dirty = r[5].valid;
1176 r[6].dirty = r[6].valid;
1177 r[7].dirty = r[7].valid;
1178
1179 r = arm_reg_current(armv4_5, 8);
1180 r->dirty = r->valid;
1181
1182 r = arm_reg_current(armv4_5, 9);
1183 r->dirty = r->valid;
1184
1185 return ERROR_OK;
1186 }
1187
1188 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1189 {
1190 int retval = ERROR_OK;
1191 struct target *target = get_current_target(CMD_CTX);
1192 struct arm920t_common *arm920t = target_to_arm920(target);
1193 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1194 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1195 uint32_t cp15c15;
1196 uint32_t cp15_ctrl, cp15_ctrl_saved;
1197 uint32_t regs[16];
1198 uint32_t *regs_p[16];
1199 int i;
1200 FILE *output;
1201 uint32_t Dlockdown, Ilockdown;
1202 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1203 int victim;
1204 struct reg *r;
1205
1206 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1207 if (retval != ERROR_OK)
1208 return retval;
1209
1210 if (CMD_ARGC != 1)
1211 {
1212 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1213 return ERROR_OK;
1214 }
1215
1216 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1217 {
1218 LOG_DEBUG("error opening mmu content file");
1219 return ERROR_OK;
1220 }
1221
1222 for (i = 0; i < 16; i++)
1223 regs_p[i] = &regs[i];
1224
1225 /* disable MMU and Caches */
1226 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1227 if ((retval = jtag_execute_queue()) != ERROR_OK)
1228 {
1229 return retval;
1230 }
1231 cp15_ctrl_saved = cp15_ctrl;
1232 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1233 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1234 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1235
1236 /* read CP15 test state register */
1237 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1238 if ((retval = jtag_execute_queue()) != ERROR_OK)
1239 {
1240 return retval;
1241 }
1242
1243 /* prepare reading D TLB content
1244 * */
1245
1246 /* set interpret mode */
1247 cp15c15 |= 0x1;
1248 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1249
1250 /* Read D TLB lockdown */
1251 arm920t_execute_cp15(target,
1252 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1253
1254 /* clear interpret mode */
1255 cp15c15 &= ~0x1;
1256 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1257
1258 /* read D TLB lockdown stored to r1 */
1259 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1260 if ((retval = jtag_execute_queue()) != ERROR_OK)
1261 {
1262 return retval;
1263 }
1264 Dlockdown = regs[1];
1265
1266 for (victim = 0; victim < 64; victim += 8)
1267 {
1268 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1269 * base remains unchanged, victim goes through entries 0 to 63
1270 */
1271 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1272 arm9tdmi_write_core_regs(target, 0x2, regs);
1273
1274 /* set interpret mode */
1275 cp15c15 |= 0x1;
1276 arm920t_write_cp15_physical(target,
1277 CP15PHYS_TESTSTATE, cp15c15);
1278
1279 /* Write D TLB lockdown */
1280 arm920t_execute_cp15(target,
1281 ARMV4_5_MCR(15,0,0,10,0,0),
1282 ARMV4_5_STR(1, 0));
1283
1284 /* Read D TLB CAM */
1285 arm920t_execute_cp15(target,
1286 ARMV4_5_MCR(15,4,0,15,6,4),
1287 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1288
1289 /* clear interpret mode */
1290 cp15c15 &= ~0x1;
1291 arm920t_write_cp15_physical(target,
1292 CP15PHYS_TESTSTATE, cp15c15);
1293
1294 /* read D TLB CAM content stored to r2-r9 */
1295 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1296 if ((retval = jtag_execute_queue()) != ERROR_OK)
1297 {
1298 return retval;
1299 }
1300
1301 for (i = 0; i < 8; i++)
1302 d_tlb[victim + i].cam = regs[i + 2];
1303 }
1304
1305 for (victim = 0; victim < 64; victim++)
1306 {
1307 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1308 * base remains unchanged, victim goes through entries 0 to 63
1309 */
1310 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1311 arm9tdmi_write_core_regs(target, 0x2, regs);
1312
1313 /* set interpret mode */
1314 cp15c15 |= 0x1;
1315 arm920t_write_cp15_physical(target,
1316 CP15PHYS_TESTSTATE, cp15c15);
1317
1318 /* Write D TLB lockdown */
1319 arm920t_execute_cp15(target,
1320 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1321
1322 /* Read D TLB RAM1 */
1323 arm920t_execute_cp15(target,
1324 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1325
1326 /* Read D TLB RAM2 */
1327 arm920t_execute_cp15(target,
1328 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1329
1330 /* clear interpret mode */
1331 cp15c15 &= ~0x1;
1332 arm920t_write_cp15_physical(target,
1333 CP15PHYS_TESTSTATE, cp15c15);
1334
1335 /* read D TLB RAM content stored to r2 and r3 */
1336 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1337 if ((retval = jtag_execute_queue()) != ERROR_OK)
1338 {
1339 return retval;
1340 }
1341
1342 d_tlb[victim].ram1 = regs[2];
1343 d_tlb[victim].ram2 = regs[3];
1344 }
1345
1346 /* restore D TLB lockdown */
1347 regs[1] = Dlockdown;
1348 arm9tdmi_write_core_regs(target, 0x2, regs);
1349
1350 /* Write D TLB lockdown */
1351 arm920t_execute_cp15(target,
1352 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1353
1354 /* prepare reading I TLB content
1355 * */
1356
1357 /* set interpret mode */
1358 cp15c15 |= 0x1;
1359 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1360
1361 /* Read I TLB lockdown */
1362 arm920t_execute_cp15(target,
1363 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1364
1365 /* clear interpret mode */
1366 cp15c15 &= ~0x1;
1367 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1368
1369 /* read I TLB lockdown stored to r1 */
1370 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1371 if ((retval = jtag_execute_queue()) != ERROR_OK)
1372 {
1373 return retval;
1374 }
1375 Ilockdown = regs[1];
1376
1377 for (victim = 0; victim < 64; victim += 8)
1378 {
1379 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1380 * base remains unchanged, victim goes through entries 0 to 63
1381 */
1382 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1383 arm9tdmi_write_core_regs(target, 0x2, regs);
1384
1385 /* set interpret mode */
1386 cp15c15 |= 0x1;
1387 arm920t_write_cp15_physical(target,
1388 CP15PHYS_TESTSTATE, cp15c15);
1389
1390 /* Write I TLB lockdown */
1391 arm920t_execute_cp15(target,
1392 ARMV4_5_MCR(15,0,0,10,0,1),
1393 ARMV4_5_STR(1, 0));
1394
1395 /* Read I TLB CAM */
1396 arm920t_execute_cp15(target,
1397 ARMV4_5_MCR(15,4,0,15,5,4),
1398 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1399
1400 /* clear interpret mode */
1401 cp15c15 &= ~0x1;
1402 arm920t_write_cp15_physical(target,
1403 CP15PHYS_TESTSTATE, cp15c15);
1404
1405 /* read I TLB CAM content stored to r2-r9 */
1406 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1407 if ((retval = jtag_execute_queue()) != ERROR_OK)
1408 {
1409 return retval;
1410 }
1411
1412 for (i = 0; i < 8; i++)
1413 i_tlb[i + victim].cam = regs[i + 2];
1414 }
1415
1416 for (victim = 0; victim < 64; victim++)
1417 {
1418 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1419 * base remains unchanged, victim goes through entries 0 to 63
1420 */
1421 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1422 arm9tdmi_write_core_regs(target, 0x2, regs);
1423
1424 /* set interpret mode */
1425 cp15c15 |= 0x1;
1426 arm920t_write_cp15_physical(target,
1427 CP15PHYS_TESTSTATE, cp15c15);
1428
1429 /* Write I TLB lockdown */
1430 arm920t_execute_cp15(target,
1431 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1432
1433 /* Read I TLB RAM1 */
1434 arm920t_execute_cp15(target,
1435 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1436
1437 /* Read I TLB RAM2 */
1438 arm920t_execute_cp15(target,
1439 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1440
1441 /* clear interpret mode */
1442 cp15c15 &= ~0x1;
1443 arm920t_write_cp15_physical(target,
1444 CP15PHYS_TESTSTATE, cp15c15);
1445
1446 /* read I TLB RAM content stored to r2 and r3 */
1447 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1448 if ((retval = jtag_execute_queue()) != ERROR_OK)
1449 {
1450 return retval;
1451 }
1452
1453 i_tlb[victim].ram1 = regs[2];
1454 i_tlb[victim].ram2 = regs[3];
1455 }
1456
1457 /* restore I TLB lockdown */
1458 regs[1] = Ilockdown;
1459 arm9tdmi_write_core_regs(target, 0x2, regs);
1460
1461 /* Write I TLB lockdown */
1462 arm920t_execute_cp15(target,
1463 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1464
1465 /* restore CP15 MMU and Cache settings */
1466 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1467
1468 /* output data to file */
1469 fprintf(output, "D TLB content:\n");
1470 for (i = 0; i < 64; i++)
1471 {
1472 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1473 " 0x%8.8" PRIx32 " %s\n",
1474 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1475 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1476 }
1477
1478 fprintf(output, "\n\nI TLB content:\n");
1479 for (i = 0; i < 64; i++)
1480 {
1481 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1482 " 0x%8.8" PRIx32 " %s\n",
1483 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1484 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1485 }
1486
1487 command_print(CMD_CTX, "mmu content successfully output to %s",
1488 CMD_ARGV[0]);
1489
1490 fclose(output);
1491
1492 if (!is_arm_mode(armv4_5->core_mode))
1493 {
1494 LOG_ERROR("not a valid arm core mode - communication failure?");
1495 return ERROR_FAIL;
1496 }
1497
1498 /* force writeback of the valid data */
1499 r = armv4_5->core_cache->reg_list;
1500 r[0].dirty = r[0].valid;
1501 r[1].dirty = r[1].valid;
1502 r[2].dirty = r[2].valid;
1503 r[3].dirty = r[3].valid;
1504 r[4].dirty = r[4].valid;
1505 r[5].dirty = r[5].valid;
1506 r[6].dirty = r[6].valid;
1507 r[7].dirty = r[7].valid;
1508
1509 r = arm_reg_current(armv4_5, 8);
1510 r->dirty = r->valid;
1511
1512 r = arm_reg_current(armv4_5, 9);
1513 r->dirty = r->valid;
1514
1515 return ERROR_OK;
1516 }
1517
1518 COMMAND_HANDLER(arm920t_handle_cp15_command)
1519 {
1520 int retval;
1521 struct target *target = get_current_target(CMD_CTX);
1522 struct arm920t_common *arm920t = target_to_arm920(target);
1523
1524 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1525 if (retval != ERROR_OK)
1526 return retval;
1527
1528 if (target->state != TARGET_HALTED)
1529 {
1530 command_print(CMD_CTX, "target must be stopped for "
1531 "\"%s\" command", CMD_NAME);
1532 return ERROR_OK;
1533 }
1534
1535 /* one argument, read a register.
1536 * two arguments, write it.
1537 */
1538 if (CMD_ARGC >= 1)
1539 {
1540 int address;
1541 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1542
1543 if (CMD_ARGC == 1)
1544 {
1545 uint32_t value;
1546 if ((retval = arm920t_read_cp15_physical(target,
1547 address, &value)) != ERROR_OK)
1548 {
1549 command_print(CMD_CTX,
1550 "couldn't access reg %i", address);
1551 return ERROR_OK;
1552 }
1553 if ((retval = jtag_execute_queue()) != ERROR_OK)
1554 {
1555 return retval;
1556 }
1557
1558 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1559 address, value);
1560 }
1561 else if (CMD_ARGC == 2)
1562 {
1563 uint32_t value;
1564 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1565 retval = arm920t_write_cp15_physical(target,
1566 address, value);
1567 if (retval != ERROR_OK)
1568 {
1569 command_print(CMD_CTX,
1570 "couldn't access reg %i", address);
1571 /* REVISIT why lie? "return retval"? */
1572 return ERROR_OK;
1573 }
1574 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1575 address, value);
1576 }
1577 }
1578
1579 return ERROR_OK;
1580 }
1581
1582 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1583 {
1584 int retval;
1585 struct target *target = get_current_target(CMD_CTX);
1586 struct arm920t_common *arm920t = target_to_arm920(target);
1587
1588 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1589 if (retval != ERROR_OK)
1590 return retval;
1591
1592
1593 if (target->state != TARGET_HALTED)
1594 {
1595 command_print(CMD_CTX, "target must be stopped for "
1596 "\"%s\" command", CMD_NAME);
1597 return ERROR_OK;
1598 }
1599
1600 /* one argument, read a register.
1601 * two arguments, write it.
1602 */
1603 if (CMD_ARGC >= 1)
1604 {
1605 uint32_t opcode;
1606 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1607
1608 if (CMD_ARGC == 1)
1609 {
1610 uint32_t value;
1611 retval = arm920t_read_cp15_interpreted(target,
1612 opcode, 0x0, &value);
1613 if (retval != ERROR_OK)
1614 {
1615 command_print(CMD_CTX,
1616 "couldn't execute %8.8" PRIx32,
1617 opcode);
1618 /* REVISIT why lie? "return retval"? */
1619 return ERROR_OK;
1620 }
1621
1622 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1623 opcode, value);
1624 }
1625 else if (CMD_ARGC == 2)
1626 {
1627 uint32_t value;
1628 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1629 retval = arm920t_write_cp15_interpreted(target,
1630 opcode, value, 0);
1631 if (retval != ERROR_OK)
1632 {
1633 command_print(CMD_CTX,
1634 "couldn't execute %8.8" PRIx32,
1635 opcode);
1636 /* REVISIT why lie? "return retval"? */
1637 return ERROR_OK;
1638 }
1639 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1640 opcode, value);
1641 }
1642 else if (CMD_ARGC == 3)
1643 {
1644 uint32_t value;
1645 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1646 uint32_t address;
1647 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1648 retval = arm920t_write_cp15_interpreted(target,
1649 opcode, value, address);
1650 if (retval != ERROR_OK)
1651 {
1652 command_print(CMD_CTX,
1653 "couldn't execute %8.8" PRIx32, opcode);
1654 /* REVISIT why lie? "return retval"? */
1655 return ERROR_OK;
1656 }
1657 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1658 " %8.8" PRIx32, opcode, value, address);
1659 }
1660 }
1661 else
1662 {
1663 command_print(CMD_CTX,
1664 "usage: arm920t cp15i <opcode> [value] [address]");
1665 }
1666
1667 return ERROR_OK;
1668 }
1669
1670 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1671 {
1672 int retval;
1673 struct target *target = get_current_target(CMD_CTX);
1674 struct arm920t_common *arm920t = target_to_arm920(target);
1675
1676 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1677 if (retval != ERROR_OK)
1678 return retval;
1679
1680 return armv4_5_handle_cache_info_command(CMD_CTX,
1681 &arm920t->armv4_5_mmu.armv4_5_cache);
1682 }
1683
1684
1685 static int arm920t_mrc(struct target *target, int cpnum,
1686 uint32_t op1, uint32_t op2,
1687 uint32_t CRn, uint32_t CRm,
1688 uint32_t *value)
1689 {
1690 if (cpnum!=15)
1691 {
1692 LOG_ERROR("Only cp15 is supported");
1693 return ERROR_FAIL;
1694 }
1695
1696 /* read "to" r0 */
1697 return arm920t_read_cp15_interpreted(target,
1698 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1699 0, value);
1700 }
1701
1702 static int arm920t_mcr(struct target *target, int cpnum,
1703 uint32_t op1, uint32_t op2,
1704 uint32_t CRn, uint32_t CRm,
1705 uint32_t value)
1706 {
1707 if (cpnum!=15)
1708 {
1709 LOG_ERROR("Only cp15 is supported");
1710 return ERROR_FAIL;
1711 }
1712
1713 /* write "from" r0 */
1714 return arm920t_write_cp15_interpreted(target,
1715 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1716 0, value);
1717 }
1718
1719 static const struct command_registration arm920t_exec_command_handlers[] = {
1720 {
1721 .name = "cp15",
1722 .handler = arm920t_handle_cp15_command,
1723 .mode = COMMAND_EXEC,
1724 .help = "display/modify cp15 register",
1725 .usage = "regnum [value]",
1726 },
1727 {
1728 .name = "cp15i",
1729 .handler = arm920t_handle_cp15i_command,
1730 .mode = COMMAND_EXEC,
1731 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1732 .help = "display/modify cp15 register using ARM opcode"
1733 " (DEPRECATED)",
1734 .usage = "instruction [value [address]]",
1735 },
1736 {
1737 .name = "cache_info",
1738 .handler = arm920t_handle_cache_info_command,
1739 .mode = COMMAND_EXEC,
1740 .help = "display information about target caches",
1741 },
1742 {
1743 .name = "read_cache",
1744 .handler = arm920t_handle_read_cache_command,
1745 .mode = COMMAND_EXEC,
1746 .help = "dump I/D cache content to file",
1747 .usage = "filename",
1748 },
1749 {
1750 .name = "read_mmu",
1751 .handler = arm920t_handle_read_mmu_command,
1752 .mode = COMMAND_EXEC,
1753 .help = "dump I/D mmu content to file",
1754 .usage = "filename",
1755 },
1756 COMMAND_REGISTRATION_DONE
1757 };
1758 const struct command_registration arm920t_command_handlers[] = {
1759 {
1760 .chain = arm9tdmi_command_handlers,
1761 },
1762 {
1763 .name = "arm920t",
1764 .mode = COMMAND_ANY,
1765 .help = "arm920t command group",
1766 .chain = arm920t_exec_command_handlers,
1767 },
1768 COMMAND_REGISTRATION_DONE
1769 };
1770
1771 /** Holds methods for ARM920 targets. */
1772 struct target_type arm920t_target =
1773 {
1774 .name = "arm920t",
1775
1776 .poll = arm7_9_poll,
1777 .arch_state = arm920t_arch_state,
1778
1779 .target_request_data = arm7_9_target_request_data,
1780
1781 .halt = arm7_9_halt,
1782 .resume = arm7_9_resume,
1783 .step = arm7_9_step,
1784
1785 .assert_reset = arm7_9_assert_reset,
1786 .deassert_reset = arm7_9_deassert_reset,
1787 .soft_reset_halt = arm920t_soft_reset_halt,
1788
1789 .get_gdb_reg_list = arm_get_gdb_reg_list,
1790
1791 .read_memory = arm920t_read_memory,
1792 .write_memory = arm920t_write_memory,
1793 .read_phys_memory = arm920t_read_phys_memory,
1794 .write_phys_memory = arm920t_write_phys_memory,
1795 .mmu = arm920_mmu,
1796 .virt2phys = arm920_virt2phys,
1797
1798 .bulk_write_memory = arm7_9_bulk_write_memory,
1799
1800 .checksum_memory = arm_checksum_memory,
1801 .blank_check_memory = arm_blank_check_memory,
1802
1803 .run_algorithm = armv4_5_run_algorithm,
1804
1805 .add_breakpoint = arm7_9_add_breakpoint,
1806 .remove_breakpoint = arm7_9_remove_breakpoint,
1807 .add_watchpoint = arm7_9_add_watchpoint,
1808 .remove_watchpoint = arm7_9_remove_watchpoint,
1809
1810 .commands = arm920t_command_handlers,
1811 .target_create = arm920t_target_create,
1812 .init_target = arm9tdmi_init_target,
1813 .examine = arm7_9_examine,
1814 .check_reset = arm7_9_check_reset,
1815 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)