1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2008 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm_disassembler.h"
34 #include "binarybuffer.h"
35 #include "algorithm.h"
39 /* offsets into armv4_5 core register cache */
42 ARMV4_5_SPSR_FIQ
= 32,
43 ARMV4_5_SPSR_IRQ
= 33,
44 ARMV4_5_SPSR_SVC
= 34,
45 ARMV4_5_SPSR_ABT
= 35,
46 ARMV4_5_SPSR_UND
= 36,
50 static const uint8_t arm_usr_indices
[17] = {
51 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, ARMV4_5_CPSR
,
54 static const uint8_t arm_fiq_indices
[8] = {
55 16, 17, 18, 19, 20, 21, 22, ARMV4_5_SPSR_FIQ
,
58 static const uint8_t arm_irq_indices
[3] = {
59 23, 24, ARMV4_5_SPSR_IRQ
,
62 static const uint8_t arm_svc_indices
[3] = {
63 25, 26, ARMV4_5_SPSR_SVC
,
66 static const uint8_t arm_abt_indices
[3] = {
67 27, 28, ARMV4_5_SPSR_ABT
,
70 static const uint8_t arm_und_indices
[3] = {
71 29, 30, ARMV4_5_SPSR_UND
,
74 static const uint8_t arm_mon_indices
[3] = {
81 /* For user and system modes, these list indices for all registers.
82 * otherwise they're just indices for the shadow registers and SPSR.
84 unsigned short n_indices
;
85 const uint8_t *indices
;
87 /* Seven modes are standard from ARM7 on. "System" and "User" share
88 * the same registers; other modes shadow from 3 to 8 registers.
92 .psr
= ARMV4_5_MODE_USR
,
93 .n_indices
= ARRAY_SIZE(arm_usr_indices
),
94 .indices
= arm_usr_indices
,
98 .psr
= ARMV4_5_MODE_FIQ
,
99 .n_indices
= ARRAY_SIZE(arm_fiq_indices
),
100 .indices
= arm_fiq_indices
,
103 .name
= "Supervisor",
104 .psr
= ARMV4_5_MODE_SVC
,
105 .n_indices
= ARRAY_SIZE(arm_svc_indices
),
106 .indices
= arm_svc_indices
,
110 .psr
= ARMV4_5_MODE_ABT
,
111 .n_indices
= ARRAY_SIZE(arm_abt_indices
),
112 .indices
= arm_abt_indices
,
116 .psr
= ARMV4_5_MODE_IRQ
,
117 .n_indices
= ARRAY_SIZE(arm_irq_indices
),
118 .indices
= arm_irq_indices
,
121 .name
= "Undefined instruction",
122 .psr
= ARMV4_5_MODE_UND
,
123 .n_indices
= ARRAY_SIZE(arm_und_indices
),
124 .indices
= arm_und_indices
,
128 .psr
= ARMV4_5_MODE_SYS
,
129 .n_indices
= ARRAY_SIZE(arm_usr_indices
),
130 .indices
= arm_usr_indices
,
132 /* TrustZone "Security Extensions" add a secure monitor mode.
133 * This is distinct from a "debug monitor" which can support
134 * non-halting debug, in conjunction with some debuggers.
137 .name
= "Secure Monitor",
139 .n_indices
= ARRAY_SIZE(arm_mon_indices
),
140 .indices
= arm_mon_indices
,
144 /** Map PSR mode bits to the name of an ARM processor operating mode. */
145 const char *arm_mode_name(unsigned psr_mode
)
147 for (unsigned i
= 0; i
< ARRAY_SIZE(arm_mode_data
); i
++) {
148 if (arm_mode_data
[i
].psr
== psr_mode
)
149 return arm_mode_data
[i
].name
;
151 LOG_ERROR("unrecognized psr mode: %#02x", psr_mode
);
152 return "UNRECOGNIZED";
155 /** Return true iff the parameter denotes a valid ARM processor mode. */
156 bool is_arm_mode(unsigned psr_mode
)
158 for (unsigned i
= 0; i
< ARRAY_SIZE(arm_mode_data
); i
++) {
159 if (arm_mode_data
[i
].psr
== psr_mode
)
165 /** Map PSR mode bits to linear number indexing armv4_5_core_reg_map */
166 int armv4_5_mode_to_number(enum armv4_5_mode mode
)
169 case ARMV4_5_MODE_ANY
:
170 /* map MODE_ANY to user mode */
171 case ARMV4_5_MODE_USR
:
173 case ARMV4_5_MODE_FIQ
:
175 case ARMV4_5_MODE_IRQ
:
177 case ARMV4_5_MODE_SVC
:
179 case ARMV4_5_MODE_ABT
:
181 case ARMV4_5_MODE_UND
:
183 case ARMV4_5_MODE_SYS
:
188 LOG_ERROR("invalid mode value encountered %d", mode
);
193 /** Map linear number indexing armv4_5_core_reg_map to PSR mode bits. */
194 enum armv4_5_mode
armv4_5_number_to_mode(int number
)
198 return ARMV4_5_MODE_USR
;
200 return ARMV4_5_MODE_FIQ
;
202 return ARMV4_5_MODE_IRQ
;
204 return ARMV4_5_MODE_SVC
;
206 return ARMV4_5_MODE_ABT
;
208 return ARMV4_5_MODE_UND
;
210 return ARMV4_5_MODE_SYS
;
214 LOG_ERROR("mode index out of bounds %d", number
);
215 return ARMV4_5_MODE_ANY
;
219 char* armv4_5_state_strings
[] =
221 "ARM", "Thumb", "Jazelle", "ThumbEE",
224 /* Templates for ARM core registers.
226 * NOTE: offsets in this table are coupled to the arm_mode_data
227 * table above, the armv4_5_core_reg_map array below, and also to
228 * the ARMV4_5_CPSR symbol (which should vanish after ARM11 updates).
230 static const struct {
231 /* The name is used for e.g. the "regs" command. */
234 /* The {cookie, mode} tuple uniquely identifies one register.
235 * In a given mode, cookies 0..15 map to registers R0..R15,
236 * with R13..R15 usually called SP, LR, PC.
238 * MODE_ANY is used as *input* to the mapping, and indicates
239 * various special cases (sigh) and errors.
241 * Cookie 16 is (currently) confusing, since it indicates
242 * CPSR -or- SPSR depending on whether 'mode' is MODE_ANY.
243 * (Exception modes have both CPSR and SPSR registers ...)
246 enum armv4_5_mode mode
;
247 } arm_core_regs
[] = {
248 /* IMPORTANT: we guarantee that the first eight cached registers
249 * correspond to r0..r7, and the fifteenth to PC, so that callers
250 * don't need to map them.
252 { .name
= "r0", .cookie
= 0, .mode
= ARMV4_5_MODE_ANY
, },
253 { .name
= "r1", .cookie
= 1, .mode
= ARMV4_5_MODE_ANY
, },
254 { .name
= "r2", .cookie
= 2, .mode
= ARMV4_5_MODE_ANY
, },
255 { .name
= "r3", .cookie
= 3, .mode
= ARMV4_5_MODE_ANY
, },
256 { .name
= "r4", .cookie
= 4, .mode
= ARMV4_5_MODE_ANY
, },
257 { .name
= "r5", .cookie
= 5, .mode
= ARMV4_5_MODE_ANY
, },
258 { .name
= "r6", .cookie
= 6, .mode
= ARMV4_5_MODE_ANY
, },
259 { .name
= "r7", .cookie
= 7, .mode
= ARMV4_5_MODE_ANY
, },
261 /* NOTE: regs 8..12 might be shadowed by FIQ ... flagging
262 * them as MODE_ANY creates special cases. (ANY means
263 * "not mapped" elsewhere; here it's "everything but FIQ".)
265 { .name
= "r8", .cookie
= 8, .mode
= ARMV4_5_MODE_ANY
, },
266 { .name
= "r9", .cookie
= 9, .mode
= ARMV4_5_MODE_ANY
, },
267 { .name
= "r10", .cookie
= 10, .mode
= ARMV4_5_MODE_ANY
, },
268 { .name
= "r11", .cookie
= 11, .mode
= ARMV4_5_MODE_ANY
, },
269 { .name
= "r12", .cookie
= 12, .mode
= ARMV4_5_MODE_ANY
, },
271 /* NOTE all MODE_USR registers are equivalent to MODE_SYS ones */
272 { .name
= "sp_usr", .cookie
= 13, .mode
= ARMV4_5_MODE_USR
, },
273 { .name
= "lr_usr", .cookie
= 14, .mode
= ARMV4_5_MODE_USR
, },
275 /* guaranteed to be at index 15 */
276 { .name
= "pc", .cookie
= 15, .mode
= ARMV4_5_MODE_ANY
, },
278 { .name
= "r8_fiq", .cookie
= 8, .mode
= ARMV4_5_MODE_FIQ
, },
279 { .name
= "r9_fiq", .cookie
= 9, .mode
= ARMV4_5_MODE_FIQ
, },
280 { .name
= "r10_fiq", .cookie
= 10, .mode
= ARMV4_5_MODE_FIQ
, },
281 { .name
= "r11_fiq", .cookie
= 11, .mode
= ARMV4_5_MODE_FIQ
, },
282 { .name
= "r12_fiq", .cookie
= 12, .mode
= ARMV4_5_MODE_FIQ
, },
284 { .name
= "lr_fiq", .cookie
= 13, .mode
= ARMV4_5_MODE_FIQ
, },
285 { .name
= "sp_fiq", .cookie
= 14, .mode
= ARMV4_5_MODE_FIQ
, },
287 { .name
= "lr_irq", .cookie
= 13, .mode
= ARMV4_5_MODE_IRQ
, },
288 { .name
= "sp_irq", .cookie
= 14, .mode
= ARMV4_5_MODE_IRQ
, },
290 { .name
= "lr_svc", .cookie
= 13, .mode
= ARMV4_5_MODE_SVC
, },
291 { .name
= "sp_svc", .cookie
= 14, .mode
= ARMV4_5_MODE_SVC
, },
293 { .name
= "lr_abt", .cookie
= 13, .mode
= ARMV4_5_MODE_ABT
, },
294 { .name
= "sp_abt", .cookie
= 14, .mode
= ARMV4_5_MODE_ABT
, },
296 { .name
= "lr_und", .cookie
= 13, .mode
= ARMV4_5_MODE_UND
, },
297 { .name
= "sp_und", .cookie
= 14, .mode
= ARMV4_5_MODE_UND
, },
299 { .name
= "cpsr", .cookie
= 16, .mode
= ARMV4_5_MODE_ANY
, },
300 { .name
= "spsr_fiq", .cookie
= 16, .mode
= ARMV4_5_MODE_FIQ
, },
301 { .name
= "spsr_irq", .cookie
= 16, .mode
= ARMV4_5_MODE_IRQ
, },
302 { .name
= "spsr_svc", .cookie
= 16, .mode
= ARMV4_5_MODE_SVC
, },
303 { .name
= "spsr_abt", .cookie
= 16, .mode
= ARMV4_5_MODE_ABT
, },
304 { .name
= "spsr_und", .cookie
= 16, .mode
= ARMV4_5_MODE_UND
, },
306 { .name
= "lr_mon", .cookie
= 13, .mode
= ARM_MODE_MON
, },
307 { .name
= "sp_mon", .cookie
= 14, .mode
= ARM_MODE_MON
, },
308 { .name
= "spsr_mon", .cookie
= 16, .mode
= ARM_MODE_MON
, },
311 /* map core mode (USR, FIQ, ...) and register number to
312 * indices into the register cache
314 const int armv4_5_core_reg_map
[8][17] =
317 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31
319 { /* FIQ (8 shadows of USR, vs normal 3) */
320 0, 1, 2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20, 21, 22, 15, 32
323 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 23, 24, 15, 33
326 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25, 26, 15, 34
329 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27, 28, 15, 35
332 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 29, 30, 15, 36
334 { /* SYS (same registers as USR) */
335 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31
338 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 37, 38, 15, 39,
343 * Configures host-side ARM records to reflect the specified CPSR.
344 * Later, code can use arm_reg_current() to map register numbers
345 * according to how they are exposed by this mode.
347 void arm_set_cpsr(struct arm
*arm
, uint32_t cpsr
)
349 enum armv4_5_mode mode
= cpsr
& 0x1f;
352 /* NOTE: this may be called very early, before the register
353 * cache is set up. We can't defend against many errors, in
354 * particular against CPSRs that aren't valid *here* ...
357 buf_set_u32(arm
->cpsr
->value
, 0, 32, cpsr
);
358 arm
->cpsr
->valid
= 1;
359 arm
->cpsr
->dirty
= 0;
362 arm
->core_mode
= mode
;
364 /* mode_to_number() warned; set up a somewhat-sane mapping */
365 num
= armv4_5_mode_to_number(mode
);
367 mode
= ARMV4_5_MODE_USR
;
371 arm
->map
= &armv4_5_core_reg_map
[num
][0];
372 arm
->spsr
= (mode
== ARMV4_5_MODE_USR
|| mode
== ARMV4_5_MODE_SYS
)
374 : arm
->core_cache
->reg_list
+ arm
->map
[16];
376 /* Older ARMs won't have the J bit */
377 enum armv4_5_state state
;
379 if (cpsr
& (1 << 5)) { /* T */
380 if (cpsr
& (1 << 24)) { /* J */
381 LOG_WARNING("ThumbEE -- incomplete support");
382 state
= ARM_STATE_THUMB_EE
;
384 state
= ARMV4_5_STATE_THUMB
;
386 if (cpsr
& (1 << 24)) { /* J */
387 LOG_ERROR("Jazelle state handling is BROKEN!");
388 state
= ARMV4_5_STATE_JAZELLE
;
390 state
= ARMV4_5_STATE_ARM
;
392 arm
->core_state
= state
;
396 * Returns handle to the register currently mapped to a given number.
397 * Someone must have called arm_set_cpsr() before.
399 * \param arm This core's state and registers are used.
400 * \param regnum From 0..15 corresponding to R0..R14 and PC.
401 * Note that R0..R7 don't require mapping; you may access those
402 * as the first eight entries in the register cache. Likewise
403 * R15 (PC) doesn't need mapping; you may also access it directly.
404 * However, R8..R14, and SPSR (arm->spsr) *must* be mapped.
405 * CPSR (arm->cpsr) is also not mapped.
407 struct reg
*arm_reg_current(struct arm
*arm
, unsigned regnum
)
414 r
= arm
->core_cache
->reg_list
+ arm
->map
[regnum
];
416 /* e.g. invalid CPSR said "secure monitor" mode on a core
417 * that doesn't support it...
420 LOG_ERROR("Invalid CPSR mode");
421 r
= arm
->core_cache
->reg_list
+ regnum
;
427 static const uint8_t arm_gdb_dummy_fp_value
[12];
430 * Dummy FPA registers are required to support GDB on ARM.
431 * Register packets require eight obsolete FPA register values.
432 * Modern ARM cores use Vector Floating Point (VFP), if they
433 * have any floating point support. VFP is not FPA-compatible.
435 struct reg arm_gdb_dummy_fp_reg
=
437 .name
= "GDB dummy FPA register",
438 .value
= (uint8_t *) arm_gdb_dummy_fp_value
,
443 static const uint8_t arm_gdb_dummy_fps_value
[4];
446 * Dummy FPA status registers are required to support GDB on ARM.
447 * Register packets require an obsolete FPA status register.
449 struct reg arm_gdb_dummy_fps_reg
=
451 .name
= "GDB dummy FPA status register",
452 .value
= (uint8_t *) arm_gdb_dummy_fps_value
,
457 static void arm_gdb_dummy_init(void) __attribute__ ((constructor
));
459 static void arm_gdb_dummy_init(void)
461 register_init_dummy(&arm_gdb_dummy_fp_reg
);
462 register_init_dummy(&arm_gdb_dummy_fps_reg
);
465 static int armv4_5_get_core_reg(struct reg
*reg
)
468 struct arm_reg
*armv4_5
= reg
->arch_info
;
469 struct target
*target
= armv4_5
->target
;
471 if (target
->state
!= TARGET_HALTED
)
473 LOG_ERROR("Target not halted");
474 return ERROR_TARGET_NOT_HALTED
;
477 retval
= armv4_5
->armv4_5_common
->read_core_reg(target
, reg
, armv4_5
->num
, armv4_5
->mode
);
478 if (retval
== ERROR_OK
) {
486 static int armv4_5_set_core_reg(struct reg
*reg
, uint8_t *buf
)
488 struct arm_reg
*armv4_5
= reg
->arch_info
;
489 struct target
*target
= armv4_5
->target
;
490 struct arm
*armv4_5_target
= target_to_armv4_5(target
);
491 uint32_t value
= buf_get_u32(buf
, 0, 32);
493 if (target
->state
!= TARGET_HALTED
)
495 LOG_ERROR("Target not halted");
496 return ERROR_TARGET_NOT_HALTED
;
499 /* Except for CPSR, the "reg" command exposes a writeback model
500 * for the register cache.
502 if (reg
== armv4_5_target
->cpsr
) {
503 arm_set_cpsr(armv4_5_target
, value
);
505 /* Older cores need help to be in ARM mode during halt
506 * mode debug, so we clear the J and T bits if we flush.
507 * For newer cores (v6/v7a/v7r) we don't need that, but
508 * it won't hurt since CPSR is always flushed anyway.
510 if (armv4_5_target
->core_mode
!=
511 (enum armv4_5_mode
)(value
& 0x1f)) {
512 LOG_DEBUG("changing ARM core mode to '%s'",
513 arm_mode_name(value
& 0x1f));
514 value
&= ~((1 << 24) | (1 << 5));
515 armv4_5_target
->write_core_reg(target
, reg
,
516 16, ARMV4_5_MODE_ANY
, value
);
519 buf_set_u32(reg
->value
, 0, 32, value
);
527 static const struct reg_arch_type arm_reg_type
= {
528 .get
= armv4_5_get_core_reg
,
529 .set
= armv4_5_set_core_reg
,
532 struct reg_cache
* armv4_5_build_reg_cache(struct target
*target
, struct arm
*armv4_5_common
)
534 int num_regs
= ARRAY_SIZE(arm_core_regs
);
535 struct reg_cache
*cache
= malloc(sizeof(struct reg_cache
));
536 struct reg
*reg_list
= calloc(num_regs
, sizeof(struct reg
));
537 struct arm_reg
*arch_info
= calloc(num_regs
, sizeof(struct arm_reg
));
540 if (!cache
|| !reg_list
|| !arch_info
) {
547 cache
->name
= "ARM registers";
549 cache
->reg_list
= reg_list
;
552 for (i
= 0; i
< num_regs
; i
++)
554 /* Skip registers this core doesn't expose */
555 if (arm_core_regs
[i
].mode
== ARM_MODE_MON
556 && armv4_5_common
->core_type
!= ARM_MODE_MON
)
559 /* REVISIT handle Cortex-M, which only shadows R13/SP */
561 arch_info
[i
].num
= arm_core_regs
[i
].cookie
;
562 arch_info
[i
].mode
= arm_core_regs
[i
].mode
;
563 arch_info
[i
].target
= target
;
564 arch_info
[i
].armv4_5_common
= armv4_5_common
;
566 reg_list
[i
].name
= (char *) arm_core_regs
[i
].name
;
567 reg_list
[i
].size
= 32;
568 reg_list
[i
].value
= &arch_info
[i
].value
;
569 reg_list
[i
].type
= &arm_reg_type
;
570 reg_list
[i
].arch_info
= &arch_info
[i
];
575 armv4_5_common
->cpsr
= reg_list
+ ARMV4_5_CPSR
;
576 armv4_5_common
->core_cache
= cache
;
580 int armv4_5_arch_state(struct target
*target
)
582 struct arm
*armv4_5
= target_to_armv4_5(target
);
584 if (armv4_5
->common_magic
!= ARMV4_5_COMMON_MAGIC
)
586 LOG_ERROR("BUG: called for a non-ARMv4/5 target");
590 LOG_USER("target halted in %s state due to %s, current mode: %s\ncpsr: 0x%8.8" PRIx32
" pc: 0x%8.8" PRIx32
"",
591 armv4_5_state_strings
[armv4_5
->core_state
],
592 Jim_Nvp_value2name_simple(nvp_target_debug_reason
, target
->debug_reason
)->name
,
593 arm_mode_name(armv4_5
->core_mode
),
594 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32),
595 buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
600 #define ARMV4_5_CORE_REG_MODENUM(cache, mode, num) \
601 cache->reg_list[armv4_5_core_reg_map[mode][num]]
603 COMMAND_HANDLER(handle_armv4_5_reg_command
)
605 struct target
*target
= get_current_target(CMD_CTX
);
606 struct arm
*armv4_5
= target_to_armv4_5(target
);
610 if (!is_arm(armv4_5
))
612 command_print(CMD_CTX
, "current target isn't an ARM");
616 if (target
->state
!= TARGET_HALTED
)
618 command_print(CMD_CTX
, "error: target must be halted for register accesses");
622 if (!is_arm_mode(armv4_5
->core_mode
))
625 if (!armv4_5
->full_context
) {
626 command_print(CMD_CTX
, "error: target doesn't support %s",
631 num_regs
= armv4_5
->core_cache
->num_regs
;
632 regs
= armv4_5
->core_cache
->reg_list
;
634 for (unsigned mode
= 0; mode
< ARRAY_SIZE(arm_mode_data
); mode
++) {
639 /* label this bank of registers (or shadows) */
640 switch (arm_mode_data
[mode
].psr
) {
641 case ARMV4_5_MODE_SYS
:
643 case ARMV4_5_MODE_USR
:
644 name
= "System and User";
648 if (armv4_5
->core_type
!= ARM_MODE_MON
)
652 name
= arm_mode_data
[mode
].name
;
656 command_print(CMD_CTX
, "%s%s mode %sregisters",
659 /* display N rows of up to 4 registers each */
660 for (unsigned i
= 0; i
< arm_mode_data
[mode
].n_indices
;) {
664 for (unsigned j
= 0; j
< 4; j
++, i
++) {
666 struct reg
*reg
= regs
;
668 if (i
>= arm_mode_data
[mode
].n_indices
)
671 reg
+= arm_mode_data
[mode
].indices
[i
];
673 /* REVISIT be smarter about faults... */
675 armv4_5
->full_context(target
);
677 value
= buf_get_u32(reg
->value
, 0, 32);
678 output_len
+= snprintf(output
+ output_len
,
679 sizeof(output
) - output_len
,
680 "%8s: %8.8" PRIx32
" ",
683 command_print(CMD_CTX
, "%s", output
);
690 COMMAND_HANDLER(handle_armv4_5_core_state_command
)
692 struct target
*target
= get_current_target(CMD_CTX
);
693 struct arm
*armv4_5
= target_to_armv4_5(target
);
695 if (!is_arm(armv4_5
))
697 command_print(CMD_CTX
, "current target isn't an ARM");
703 if (strcmp(CMD_ARGV
[0], "arm") == 0)
705 armv4_5
->core_state
= ARMV4_5_STATE_ARM
;
707 if (strcmp(CMD_ARGV
[0], "thumb") == 0)
709 armv4_5
->core_state
= ARMV4_5_STATE_THUMB
;
713 command_print(CMD_CTX
, "core state: %s", armv4_5_state_strings
[armv4_5
->core_state
]);
718 COMMAND_HANDLER(handle_armv4_5_disassemble_command
)
720 int retval
= ERROR_OK
;
721 struct target
*target
= get_current_target(CMD_CTX
);
722 struct arm
*arm
= target
? target_to_arm(target
) : NULL
;
728 command_print(CMD_CTX
, "current target isn't an ARM");
734 if (strcmp(CMD_ARGV
[2], "thumb") != 0)
739 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[1], count
);
742 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], address
);
743 if (address
& 0x01) {
745 command_print(CMD_CTX
, "Disassemble as Thumb");
753 command_print(CMD_CTX
,
754 "usage: arm disassemble <address> [<count> ['thumb']]");
759 while (count
-- > 0) {
760 struct arm_instruction cur_instruction
;
763 /* Always use Thumb2 disassembly for best handling
764 * of 32-bit BL/BLX, and to work with newer cores
765 * (some ARMv6, all ARMv7) that use Thumb2.
767 retval
= thumb2_opcode(target
, address
,
769 if (retval
!= ERROR_OK
)
774 retval
= target_read_u32(target
, address
, &opcode
);
775 if (retval
!= ERROR_OK
)
777 retval
= arm_evaluate_opcode(opcode
, address
,
778 &cur_instruction
) != ERROR_OK
;
779 if (retval
!= ERROR_OK
)
782 command_print(CMD_CTX
, "%s", cur_instruction
.text
);
783 address
+= cur_instruction
.instruction_size
;
789 static const struct command_registration arm_exec_command_handlers
[] = {
792 .handler
= &handle_armv4_5_reg_command
,
793 .mode
= COMMAND_EXEC
,
794 .help
= "display ARM core registers",
797 .name
= "core_state",
798 .handler
= &handle_armv4_5_core_state_command
,
799 .mode
= COMMAND_EXEC
,
800 .usage
= "<arm | thumb>",
801 .help
= "display/change ARM core state",
804 .name
= "disassemble",
805 .handler
= &handle_armv4_5_disassemble_command
,
806 .mode
= COMMAND_EXEC
,
807 .usage
= "<address> [<count> ['thumb']]",
808 .help
= "disassemble instructions ",
810 COMMAND_REGISTRATION_DONE
812 const struct command_registration arm_command_handlers
[] = {
816 .help
= "ARM command group",
817 .chain
= arm_exec_command_handlers
,
819 COMMAND_REGISTRATION_DONE
822 int armv4_5_get_gdb_reg_list(struct target
*target
, struct reg
**reg_list
[], int *reg_list_size
)
824 struct arm
*armv4_5
= target_to_armv4_5(target
);
827 if (!is_arm_mode(armv4_5
->core_mode
))
831 *reg_list
= malloc(sizeof(struct reg
*) * (*reg_list_size
));
833 for (i
= 0; i
< 16; i
++)
834 (*reg_list
)[i
] = arm_reg_current(armv4_5
, i
);
836 for (i
= 16; i
< 24; i
++)
837 (*reg_list
)[i
] = &arm_gdb_dummy_fp_reg
;
839 (*reg_list
)[24] = &arm_gdb_dummy_fps_reg
;
840 (*reg_list
)[25] = armv4_5
->cpsr
;
845 /* wait for execution to complete and check exit point */
846 static int armv4_5_run_algorithm_completion(struct target
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
)
849 struct arm
*armv4_5
= target_to_armv4_5(target
);
851 if ((retval
= target_wait_state(target
, TARGET_HALTED
, timeout_ms
)) != ERROR_OK
)
855 if (target
->state
!= TARGET_HALTED
)
857 if ((retval
= target_halt(target
)) != ERROR_OK
)
859 if ((retval
= target_wait_state(target
, TARGET_HALTED
, 500)) != ERROR_OK
)
863 return ERROR_TARGET_TIMEOUT
;
866 /* fast exit: ARMv5+ code can use BKPT */
867 if (exit_point
&& buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
,
868 0, 32) != exit_point
)
870 LOG_WARNING("target reentered debug state, but not at the desired exit point: 0x%4.4" PRIx32
"",
871 buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
872 return ERROR_TARGET_TIMEOUT
;
878 int armv4_5_run_algorithm_inner(struct target
*target
, int num_mem_params
, struct mem_param
*mem_params
, int num_reg_params
, struct reg_param
*reg_params
, uint32_t entry_point
, uint32_t exit_point
, int timeout_ms
, void *arch_info
, int (*run_it
)(struct target
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
))
880 struct arm
*armv4_5
= target_to_armv4_5(target
);
881 struct armv4_5_algorithm
*armv4_5_algorithm_info
= arch_info
;
882 enum armv4_5_state core_state
= armv4_5
->core_state
;
883 uint32_t context
[17];
885 int exit_breakpoint_size
= 0;
887 int retval
= ERROR_OK
;
888 LOG_DEBUG("Running algorithm");
890 if (armv4_5_algorithm_info
->common_magic
!= ARMV4_5_COMMON_MAGIC
)
892 LOG_ERROR("current target isn't an ARMV4/5 target");
893 return ERROR_TARGET_INVALID
;
896 if (target
->state
!= TARGET_HALTED
)
898 LOG_WARNING("target not halted");
899 return ERROR_TARGET_NOT_HALTED
;
902 if (!is_arm_mode(armv4_5
->core_mode
))
905 /* armv5 and later can terminate with BKPT instruction; less overhead */
906 if (!exit_point
&& armv4_5
->is_armv4
)
908 LOG_ERROR("ARMv4 target needs HW breakpoint location");
912 /* save r0..pc, cpsr-or-spsr, and then cpsr-for-sure;
913 * they'll be restored later.
915 for (i
= 0; i
<= 16; i
++)
919 r
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
,
920 armv4_5_algorithm_info
->core_mode
, i
);
922 armv4_5
->read_core_reg(target
, r
, i
,
923 armv4_5_algorithm_info
->core_mode
);
924 context
[i
] = buf_get_u32(r
->value
, 0, 32);
926 cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 32);
928 for (i
= 0; i
< num_mem_params
; i
++)
930 if ((retval
= target_write_buffer(target
, mem_params
[i
].address
, mem_params
[i
].size
, mem_params
[i
].value
)) != ERROR_OK
)
936 for (i
= 0; i
< num_reg_params
; i
++)
938 struct reg
*reg
= register_get_by_name(armv4_5
->core_cache
, reg_params
[i
].reg_name
, 0);
941 LOG_ERROR("BUG: register '%s' not found", reg_params
[i
].reg_name
);
942 return ERROR_INVALID_ARGUMENTS
;
945 if (reg
->size
!= reg_params
[i
].size
)
947 LOG_ERROR("BUG: register '%s' size doesn't match reg_params[i].size", reg_params
[i
].reg_name
);
948 return ERROR_INVALID_ARGUMENTS
;
951 if ((retval
= armv4_5_set_core_reg(reg
, reg_params
[i
].value
)) != ERROR_OK
)
957 armv4_5
->core_state
= armv4_5_algorithm_info
->core_state
;
958 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
959 exit_breakpoint_size
= 4;
960 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
961 exit_breakpoint_size
= 2;
964 LOG_ERROR("BUG: can't execute algorithms when not in ARM or Thumb state");
965 return ERROR_INVALID_ARGUMENTS
;
968 if (armv4_5_algorithm_info
->core_mode
!= ARMV4_5_MODE_ANY
)
970 LOG_DEBUG("setting core_mode: 0x%2.2x",
971 armv4_5_algorithm_info
->core_mode
);
972 buf_set_u32(armv4_5
->cpsr
->value
, 0, 5,
973 armv4_5_algorithm_info
->core_mode
);
974 armv4_5
->cpsr
->dirty
= 1;
975 armv4_5
->cpsr
->valid
= 1;
978 /* terminate using a hardware or (ARMv5+) software breakpoint */
979 if (exit_point
&& (retval
= breakpoint_add(target
, exit_point
,
980 exit_breakpoint_size
, BKPT_HARD
)) != ERROR_OK
)
982 LOG_ERROR("can't add HW breakpoint to terminate algorithm");
983 return ERROR_TARGET_FAILURE
;
986 if ((retval
= target_resume(target
, 0, entry_point
, 1, 1)) != ERROR_OK
)
991 retval
= run_it(target
, exit_point
, timeout_ms
, arch_info
);
994 breakpoint_remove(target
, exit_point
);
996 if (retval
!= ERROR_OK
)
999 for (i
= 0; i
< num_mem_params
; i
++)
1001 if (mem_params
[i
].direction
!= PARAM_OUT
)
1002 if ((retvaltemp
= target_read_buffer(target
, mem_params
[i
].address
, mem_params
[i
].size
, mem_params
[i
].value
)) != ERROR_OK
)
1004 retval
= retvaltemp
;
1008 for (i
= 0; i
< num_reg_params
; i
++)
1010 if (reg_params
[i
].direction
!= PARAM_OUT
)
1013 struct reg
*reg
= register_get_by_name(armv4_5
->core_cache
, reg_params
[i
].reg_name
, 0);
1016 LOG_ERROR("BUG: register '%s' not found", reg_params
[i
].reg_name
);
1017 retval
= ERROR_INVALID_ARGUMENTS
;
1021 if (reg
->size
!= reg_params
[i
].size
)
1023 LOG_ERROR("BUG: register '%s' size doesn't match reg_params[i].size", reg_params
[i
].reg_name
);
1024 retval
= ERROR_INVALID_ARGUMENTS
;
1028 buf_set_u32(reg_params
[i
].value
, 0, 32, buf_get_u32(reg
->value
, 0, 32));
1032 /* restore everything we saved before (17 or 18 registers) */
1033 for (i
= 0; i
<= 16; i
++)
1036 regvalue
= buf_get_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_algorithm_info
->core_mode
, i
).value
, 0, 32);
1037 if (regvalue
!= context
[i
])
1039 LOG_DEBUG("restoring register %s with value 0x%8.8" PRIx32
"", ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_algorithm_info
->core_mode
, i
).name
, context
[i
]);
1040 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_algorithm_info
->core_mode
, i
).value
, 0, 32, context
[i
]);
1041 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_algorithm_info
->core_mode
, i
).valid
= 1;
1042 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_algorithm_info
->core_mode
, i
).dirty
= 1;
1046 arm_set_cpsr(armv4_5
, cpsr
);
1047 armv4_5
->cpsr
->dirty
= 1;
1049 armv4_5
->core_state
= core_state
;
1054 int armv4_5_run_algorithm(struct target
*target
, int num_mem_params
, struct mem_param
*mem_params
, int num_reg_params
, struct reg_param
*reg_params
, uint32_t entry_point
, uint32_t exit_point
, int timeout_ms
, void *arch_info
)
1056 return armv4_5_run_algorithm_inner(target
, num_mem_params
, mem_params
, num_reg_params
, reg_params
, entry_point
, exit_point
, timeout_ms
, arch_info
, armv4_5_run_algorithm_completion
);
1060 * Runs ARM code in the target to calculate a CRC32 checksum.
1062 * \todo On ARMv5+, rely on BKPT termination for reduced overhead.
1064 int arm_checksum_memory(struct target
*target
,
1065 uint32_t address
, uint32_t count
, uint32_t *checksum
)
1067 struct working_area
*crc_algorithm
;
1068 struct armv4_5_algorithm armv4_5_info
;
1069 struct reg_param reg_params
[2];
1073 static const uint32_t arm_crc_code
[] = {
1074 0xE1A02000, /* mov r2, r0 */
1075 0xE3E00000, /* mov r0, #0xffffffff */
1076 0xE1A03001, /* mov r3, r1 */
1077 0xE3A04000, /* mov r4, #0 */
1078 0xEA00000B, /* b ncomp */
1080 0xE7D21004, /* ldrb r1, [r2, r4] */
1081 0xE59F7030, /* ldr r7, CRC32XOR */
1082 0xE0200C01, /* eor r0, r0, r1, asl 24 */
1083 0xE3A05000, /* mov r5, #0 */
1085 0xE3500000, /* cmp r0, #0 */
1086 0xE1A06080, /* mov r6, r0, asl #1 */
1087 0xE2855001, /* add r5, r5, #1 */
1088 0xE1A00006, /* mov r0, r6 */
1089 0xB0260007, /* eorlt r0, r6, r7 */
1090 0xE3550008, /* cmp r5, #8 */
1091 0x1AFFFFF8, /* bne loop */
1092 0xE2844001, /* add r4, r4, #1 */
1094 0xE1540003, /* cmp r4, r3 */
1095 0x1AFFFFF1, /* bne nbyte */
1097 0xEAFFFFFE, /* b end */
1099 0x04C11DB7 /* .word 0x04C11DB7 */
1102 retval
= target_alloc_working_area(target
,
1103 sizeof(arm_crc_code
), &crc_algorithm
);
1104 if (retval
!= ERROR_OK
)
1107 /* convert code into a buffer in target endianness */
1108 for (i
= 0; i
< ARRAY_SIZE(arm_crc_code
); i
++) {
1109 retval
= target_write_u32(target
,
1110 crc_algorithm
->address
+ i
* sizeof(uint32_t),
1112 if (retval
!= ERROR_OK
)
1116 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
1117 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
1118 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
1120 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
1121 init_reg_param(®_params
[1], "r1", 32, PARAM_OUT
);
1123 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
1124 buf_set_u32(reg_params
[1].value
, 0, 32, count
);
1126 /* 20 second timeout/megabyte */
1127 int timeout
= 20000 * (1 + (count
/ (1024 * 1024)));
1129 retval
= target_run_algorithm(target
, 0, NULL
, 2, reg_params
,
1130 crc_algorithm
->address
,
1131 crc_algorithm
->address
+ sizeof(arm_crc_code
) - 8,
1132 timeout
, &armv4_5_info
);
1133 if (retval
!= ERROR_OK
) {
1134 LOG_ERROR("error executing ARM crc algorithm");
1135 destroy_reg_param(®_params
[0]);
1136 destroy_reg_param(®_params
[1]);
1137 target_free_working_area(target
, crc_algorithm
);
1141 *checksum
= buf_get_u32(reg_params
[0].value
, 0, 32);
1143 destroy_reg_param(®_params
[0]);
1144 destroy_reg_param(®_params
[1]);
1146 target_free_working_area(target
, crc_algorithm
);
1152 * Runs ARM code in the target to check whether a memory block holds
1153 * all ones. NOR flash which has been erased, and thus may be written,
1156 * \todo On ARMv5+, rely on BKPT termination for reduced overhead.
1158 int arm_blank_check_memory(struct target
*target
,
1159 uint32_t address
, uint32_t count
, uint32_t *blank
)
1161 struct working_area
*check_algorithm
;
1162 struct reg_param reg_params
[3];
1163 struct armv4_5_algorithm armv4_5_info
;
1167 static const uint32_t check_code
[] = {
1169 0xe4d03001, /* ldrb r3, [r0], #1 */
1170 0xe0022003, /* and r2, r2, r3 */
1171 0xe2511001, /* subs r1, r1, #1 */
1172 0x1afffffb, /* bne loop */
1174 0xeafffffe /* b end */
1177 /* make sure we have a working area */
1178 retval
= target_alloc_working_area(target
,
1179 sizeof(check_code
), &check_algorithm
);
1180 if (retval
!= ERROR_OK
)
1183 /* convert code into a buffer in target endianness */
1184 for (i
= 0; i
< ARRAY_SIZE(check_code
); i
++) {
1185 retval
= target_write_u32(target
,
1186 check_algorithm
->address
1187 + i
* sizeof(uint32_t),
1189 if (retval
!= ERROR_OK
)
1193 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
1194 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
1195 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
1197 init_reg_param(®_params
[0], "r0", 32, PARAM_OUT
);
1198 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
1200 init_reg_param(®_params
[1], "r1", 32, PARAM_OUT
);
1201 buf_set_u32(reg_params
[1].value
, 0, 32, count
);
1203 init_reg_param(®_params
[2], "r2", 32, PARAM_IN_OUT
);
1204 buf_set_u32(reg_params
[2].value
, 0, 32, 0xff);
1206 retval
= target_run_algorithm(target
, 0, NULL
, 3, reg_params
,
1207 check_algorithm
->address
,
1208 check_algorithm
->address
+ sizeof(check_code
) - 4,
1209 10000, &armv4_5_info
);
1210 if (retval
!= ERROR_OK
) {
1211 destroy_reg_param(®_params
[0]);
1212 destroy_reg_param(®_params
[1]);
1213 destroy_reg_param(®_params
[2]);
1214 target_free_working_area(target
, check_algorithm
);
1218 *blank
= buf_get_u32(reg_params
[2].value
, 0, 32);
1220 destroy_reg_param(®_params
[0]);
1221 destroy_reg_param(®_params
[1]);
1222 destroy_reg_param(®_params
[2]);
1224 target_free_working_area(target
, check_algorithm
);
1229 static int arm_full_context(struct target
*target
)
1231 struct arm
*armv4_5
= target_to_armv4_5(target
);
1232 unsigned num_regs
= armv4_5
->core_cache
->num_regs
;
1233 struct reg
*reg
= armv4_5
->core_cache
->reg_list
;
1234 int retval
= ERROR_OK
;
1236 for (; num_regs
&& retval
== ERROR_OK
; num_regs
--, reg
++) {
1239 retval
= armv4_5_get_core_reg(reg
);
1244 int armv4_5_init_arch_info(struct target
*target
, struct arm
*armv4_5
)
1246 target
->arch_info
= armv4_5
;
1247 armv4_5
->target
= target
;
1249 armv4_5
->common_magic
= ARMV4_5_COMMON_MAGIC
;
1250 arm_set_cpsr(armv4_5
, ARMV4_5_MODE_USR
);
1252 /* core_type may be overridden by subtype logic */
1253 armv4_5
->core_type
= ARMV4_5_MODE_ANY
;
1255 /* default full_context() has no core-specific optimizations */
1256 if (!armv4_5
->full_context
&& armv4_5
->read_core_reg
)
1257 armv4_5
->full_context
= arm_full_context
;
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)