1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2006 by Magnus Lundin *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
17 * This program is free software; you can redistribute it and/or modify *
18 * it under the terms of the GNU General Public License as published by *
19 * the Free Software Foundation; either version 2 of the License, or *
20 * (at your option) any later version. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the *
29 * Free Software Foundation, Inc., *
30 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
32 * Cortex-A8(tm) TRM, ARM DDI 0344H *
34 ***************************************************************************/
39 #include "breakpoints.h"
40 #include "cortex_a8.h"
42 #include "target_request.h"
43 #include "target_type.h"
44 #include "arm_opcodes.h"
45 #include <helper/time_support.h>
47 static int cortex_a8_poll(struct target
*target
);
48 static int cortex_a8_debug_entry(struct target
*target
);
49 static int cortex_a8_restore_context(struct target
*target
, bool bpwp
);
50 static int cortex_a8_set_breakpoint(struct target
*target
,
51 struct breakpoint
*breakpoint
, uint8_t matchmode
);
52 static int cortex_a8_unset_breakpoint(struct target
*target
,
53 struct breakpoint
*breakpoint
);
54 static int cortex_a8_dap_read_coreregister_u32(struct target
*target
,
55 uint32_t *value
, int regnum
);
56 static int cortex_a8_dap_write_coreregister_u32(struct target
*target
,
57 uint32_t value
, int regnum
);
58 static int cortex_a8_mmu(struct target
*target
, int *enabled
);
59 static int cortex_a8_virt2phys(struct target
*target
,
60 uint32_t virt
, uint32_t *phys
);
61 static void cortex_a8_disable_mmu_caches(struct target
*target
, int mmu
,
62 int d_u_cache
, int i_cache
);
63 static void cortex_a8_enable_mmu_caches(struct target
*target
, int mmu
,
64 int d_u_cache
, int i_cache
);
65 static uint32_t cortex_a8_get_ttb(struct target
*target
);
69 * FIXME do topology discovery using the ROM; don't
70 * assume this is an OMAP3. Also, allow for multiple ARMv7-A
71 * cores, with different AP numbering ... don't use a #define
72 * for these numbers, use per-core armv7a state.
74 #define swjdp_memoryap 0
75 #define swjdp_debugap 1
76 #define OMAP3530_DEBUG_BASE 0x54011000
79 * Cortex-A8 Basic debug access, very low level assumes state is saved
81 static int cortex_a8_init_debug_access(struct target
*target
)
83 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
84 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
91 /* Unlocking the debug registers for modification */
92 /* The debugport might be uninitialised so try twice */
93 retval
= mem_ap_write_atomic_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_LOCKACCESS
, 0xC5ACCE55);
94 if (retval
!= ERROR_OK
)
97 retval
= mem_ap_write_atomic_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_LOCKACCESS
, 0xC5ACCE55);
98 if (retval
== ERROR_OK
)
100 LOG_USER("Locking debug access failed on first, but succeeded on second try.");
103 if (retval
!= ERROR_OK
)
105 /* Clear Sticky Power Down status Bit in PRSR to enable access to
106 the registers in the Core Power Domain */
107 retval
= mem_ap_read_atomic_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_PRSR
, &dummy
);
108 if (retval
!= ERROR_OK
)
111 /* Enabling of instruction execution in debug mode is done in debug_entry code */
113 /* Resync breakpoint registers */
115 /* Since this is likely called from init or reset, update target state information*/
116 retval
= cortex_a8_poll(target
);
121 /* To reduce needless round-trips, pass in a pointer to the current
122 * DSCR value. Initialize it to zero if you just need to know the
123 * value on return from this function; or DSCR_INSTR_COMP if you
124 * happen to know that no instruction is pending.
126 static int cortex_a8_exec_opcode(struct target
*target
,
127 uint32_t opcode
, uint32_t *dscr_p
)
131 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
132 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
134 dscr
= dscr_p
? *dscr_p
: 0;
136 LOG_DEBUG("exec opcode 0x%08" PRIx32
, opcode
);
138 /* Wait for InstrCompl bit to be set */
139 while ((dscr
& DSCR_INSTR_COMP
) == 0)
141 retval
= mem_ap_read_atomic_u32(swjdp
,
142 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
143 if (retval
!= ERROR_OK
)
145 LOG_ERROR("Could not read DSCR register, opcode = 0x%08" PRIx32
, opcode
);
150 mem_ap_write_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_ITR
, opcode
);
154 retval
= mem_ap_read_atomic_u32(swjdp
,
155 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
156 if (retval
!= ERROR_OK
)
158 LOG_ERROR("Could not read DSCR register");
162 while ((dscr
& DSCR_INSTR_COMP
) == 0); /* Wait for InstrCompl bit to be set */
170 /**************************************************************************
171 Read core register with very few exec_opcode, fast but needs work_area.
172 This can cause problems with MMU active.
173 **************************************************************************/
174 static int cortex_a8_read_regs_through_mem(struct target
*target
, uint32_t address
,
177 int retval
= ERROR_OK
;
178 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
179 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
181 cortex_a8_dap_read_coreregister_u32(target
, regfile
, 0);
182 cortex_a8_dap_write_coreregister_u32(target
, address
, 0);
183 cortex_a8_exec_opcode(target
, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL
);
184 dap_ap_select(swjdp
, swjdp_memoryap
);
185 mem_ap_read_buf_u32(swjdp
, (uint8_t *)(®file
[1]), 4*15, address
);
186 dap_ap_select(swjdp
, swjdp_debugap
);
191 static int cortex_a8_dap_read_coreregister_u32(struct target
*target
,
192 uint32_t *value
, int regnum
)
194 int retval
= ERROR_OK
;
195 uint8_t reg
= regnum
&0xFF;
197 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
198 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
205 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
206 cortex_a8_exec_opcode(target
,
207 ARMV4_5_MCR(14, 0, reg
, 0, 5, 0),
212 /* "MOV r0, r15"; then move r0 to DCCTX */
213 cortex_a8_exec_opcode(target
, 0xE1A0000F, &dscr
);
214 cortex_a8_exec_opcode(target
,
215 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
220 /* "MRS r0, CPSR" or "MRS r0, SPSR"
221 * then move r0 to DCCTX
223 cortex_a8_exec_opcode(target
, ARMV4_5_MRS(0, reg
& 1), &dscr
);
224 cortex_a8_exec_opcode(target
,
225 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
229 /* Wait for DTRRXfull then read DTRRTX */
230 while ((dscr
& DSCR_DTR_TX_FULL
) == 0)
232 retval
= mem_ap_read_atomic_u32(swjdp
,
233 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
234 if (retval
!= ERROR_OK
)
238 retval
= mem_ap_read_atomic_u32(swjdp
,
239 armv7a
->debug_base
+ CPUDBG_DTRTX
, value
);
240 LOG_DEBUG("read DCC 0x%08" PRIx32
, *value
);
245 static int cortex_a8_dap_write_coreregister_u32(struct target
*target
,
246 uint32_t value
, int regnum
)
248 int retval
= ERROR_OK
;
249 uint8_t Rd
= regnum
&0xFF;
251 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
252 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
254 LOG_DEBUG("register %i, value 0x%08" PRIx32
, regnum
, value
);
256 /* Check that DCCRX is not full */
257 retval
= mem_ap_read_atomic_u32(swjdp
,
258 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
259 if (retval
!= ERROR_OK
)
261 if (dscr
& DSCR_DTR_RX_FULL
)
263 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32
, dscr
);
264 /* Clear DCCRX with MCR(p14, 0, Rd, c0, c5, 0), opcode 0xEE000E15 */
265 cortex_a8_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
272 /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
273 LOG_DEBUG("write DCC 0x%08" PRIx32
, value
);
274 retval
= mem_ap_write_u32(swjdp
,
275 armv7a
->debug_base
+ CPUDBG_DTRRX
, value
);
279 /* DCCRX to Rn, "MCR p14, 0, Rn, c0, c5, 0", 0xEE00nE15 */
280 cortex_a8_exec_opcode(target
, ARMV4_5_MRC(14, 0, Rd
, 0, 5, 0),
285 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15
288 cortex_a8_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
290 cortex_a8_exec_opcode(target
, 0xE1A0F000, &dscr
);
294 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15
295 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
297 cortex_a8_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
299 cortex_a8_exec_opcode(target
, ARMV4_5_MSR_GP(0, 0xF, Rd
& 1),
302 /* "Prefetch flush" after modifying execution status in CPSR */
304 cortex_a8_exec_opcode(target
,
305 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
312 /* Write to memory mapped registers directly with no cache or mmu handling */
313 static int cortex_a8_dap_write_memap_register_u32(struct target
*target
, uint32_t address
, uint32_t value
)
316 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
317 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
319 retval
= mem_ap_write_atomic_u32(swjdp
, address
, value
);
325 * Cortex-A8 implementation of Debug Programmer's Model
327 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
328 * so there's no need to poll for it before executing an instruction.
330 * NOTE that in several of these cases the "stall" mode might be useful.
331 * It'd let us queue a few operations together... prepare/finish might
332 * be the places to enable/disable that mode.
335 static inline struct cortex_a8_common
*dpm_to_a8(struct arm_dpm
*dpm
)
337 return container_of(dpm
, struct cortex_a8_common
, armv7a_common
.dpm
);
340 static int cortex_a8_write_dcc(struct cortex_a8_common
*a8
, uint32_t data
)
342 LOG_DEBUG("write DCC 0x%08" PRIx32
, data
);
343 return mem_ap_write_u32(&a8
->armv7a_common
.dap
,
344 a8
->armv7a_common
.debug_base
+ CPUDBG_DTRRX
, data
);
347 static int cortex_a8_read_dcc(struct cortex_a8_common
*a8
, uint32_t *data
,
350 struct adiv5_dap
*swjdp
= &a8
->armv7a_common
.dap
;
351 uint32_t dscr
= DSCR_INSTR_COMP
;
357 /* Wait for DTRRXfull */
358 while ((dscr
& DSCR_DTR_TX_FULL
) == 0) {
359 retval
= mem_ap_read_atomic_u32(swjdp
,
360 a8
->armv7a_common
.debug_base
+ CPUDBG_DSCR
,
362 if (retval
!= ERROR_OK
)
366 retval
= mem_ap_read_atomic_u32(swjdp
,
367 a8
->armv7a_common
.debug_base
+ CPUDBG_DTRTX
, data
);
368 if (retval
!= ERROR_OK
)
370 //LOG_DEBUG("read DCC 0x%08" PRIx32, *data);
378 static int cortex_a8_dpm_prepare(struct arm_dpm
*dpm
)
380 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
381 struct adiv5_dap
*swjdp
= &a8
->armv7a_common
.dap
;
385 /* set up invariant: INSTR_COMP is set after ever DPM operation */
386 long long then
= timeval_ms();
389 retval
= mem_ap_read_atomic_u32(swjdp
,
390 a8
->armv7a_common
.debug_base
+ CPUDBG_DSCR
,
392 if (retval
!= ERROR_OK
)
394 if ((dscr
& DSCR_INSTR_COMP
) != 0)
396 if (timeval_ms() > then
+ 1000)
398 LOG_ERROR("Timeout waiting for dpm prepare");
403 /* this "should never happen" ... */
404 if (dscr
& DSCR_DTR_RX_FULL
) {
405 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32
, dscr
);
407 retval
= cortex_a8_exec_opcode(
408 a8
->armv7a_common
.armv4_5_common
.target
,
409 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
416 static int cortex_a8_dpm_finish(struct arm_dpm
*dpm
)
418 /* REVISIT what could be done here? */
422 static int cortex_a8_instr_write_data_dcc(struct arm_dpm
*dpm
,
423 uint32_t opcode
, uint32_t data
)
425 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
427 uint32_t dscr
= DSCR_INSTR_COMP
;
429 retval
= cortex_a8_write_dcc(a8
, data
);
431 return cortex_a8_exec_opcode(
432 a8
->armv7a_common
.armv4_5_common
.target
,
437 static int cortex_a8_instr_write_data_r0(struct arm_dpm
*dpm
,
438 uint32_t opcode
, uint32_t data
)
440 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
441 uint32_t dscr
= DSCR_INSTR_COMP
;
444 retval
= cortex_a8_write_dcc(a8
, data
);
446 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
447 retval
= cortex_a8_exec_opcode(
448 a8
->armv7a_common
.armv4_5_common
.target
,
449 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
452 /* then the opcode, taking data from R0 */
453 retval
= cortex_a8_exec_opcode(
454 a8
->armv7a_common
.armv4_5_common
.target
,
461 static int cortex_a8_instr_cpsr_sync(struct arm_dpm
*dpm
)
463 struct target
*target
= dpm
->arm
->target
;
464 uint32_t dscr
= DSCR_INSTR_COMP
;
466 /* "Prefetch flush" after modifying execution status in CPSR */
467 return cortex_a8_exec_opcode(target
,
468 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
472 static int cortex_a8_instr_read_data_dcc(struct arm_dpm
*dpm
,
473 uint32_t opcode
, uint32_t *data
)
475 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
477 uint32_t dscr
= DSCR_INSTR_COMP
;
479 /* the opcode, writing data to DCC */
480 retval
= cortex_a8_exec_opcode(
481 a8
->armv7a_common
.armv4_5_common
.target
,
485 return cortex_a8_read_dcc(a8
, data
, &dscr
);
489 static int cortex_a8_instr_read_data_r0(struct arm_dpm
*dpm
,
490 uint32_t opcode
, uint32_t *data
)
492 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
493 uint32_t dscr
= DSCR_INSTR_COMP
;
496 /* the opcode, writing data to R0 */
497 retval
= cortex_a8_exec_opcode(
498 a8
->armv7a_common
.armv4_5_common
.target
,
502 /* write R0 to DCC */
503 retval
= cortex_a8_exec_opcode(
504 a8
->armv7a_common
.armv4_5_common
.target
,
505 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
508 return cortex_a8_read_dcc(a8
, data
, &dscr
);
511 static int cortex_a8_bpwp_enable(struct arm_dpm
*dpm
, unsigned index_t
,
512 uint32_t addr
, uint32_t control
)
514 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
515 uint32_t vr
= a8
->armv7a_common
.debug_base
;
516 uint32_t cr
= a8
->armv7a_common
.debug_base
;
520 case 0 ... 15: /* breakpoints */
521 vr
+= CPUDBG_BVR_BASE
;
522 cr
+= CPUDBG_BCR_BASE
;
524 case 16 ... 31: /* watchpoints */
525 vr
+= CPUDBG_WVR_BASE
;
526 cr
+= CPUDBG_WCR_BASE
;
535 LOG_DEBUG("A8: bpwp enable, vr %08x cr %08x",
536 (unsigned) vr
, (unsigned) cr
);
538 retval
= cortex_a8_dap_write_memap_register_u32(dpm
->arm
->target
,
540 if (retval
!= ERROR_OK
)
542 retval
= cortex_a8_dap_write_memap_register_u32(dpm
->arm
->target
,
547 static int cortex_a8_bpwp_disable(struct arm_dpm
*dpm
, unsigned index_t
)
549 struct cortex_a8_common
*a8
= dpm_to_a8(dpm
);
554 cr
= a8
->armv7a_common
.debug_base
+ CPUDBG_BCR_BASE
;
557 cr
= a8
->armv7a_common
.debug_base
+ CPUDBG_WCR_BASE
;
565 LOG_DEBUG("A8: bpwp disable, cr %08x", (unsigned) cr
);
567 /* clear control register */
568 return cortex_a8_dap_write_memap_register_u32(dpm
->arm
->target
, cr
, 0);
571 static int cortex_a8_dpm_setup(struct cortex_a8_common
*a8
, uint32_t didr
)
573 struct arm_dpm
*dpm
= &a8
->armv7a_common
.dpm
;
576 dpm
->arm
= &a8
->armv7a_common
.armv4_5_common
;
579 dpm
->prepare
= cortex_a8_dpm_prepare
;
580 dpm
->finish
= cortex_a8_dpm_finish
;
582 dpm
->instr_write_data_dcc
= cortex_a8_instr_write_data_dcc
;
583 dpm
->instr_write_data_r0
= cortex_a8_instr_write_data_r0
;
584 dpm
->instr_cpsr_sync
= cortex_a8_instr_cpsr_sync
;
586 dpm
->instr_read_data_dcc
= cortex_a8_instr_read_data_dcc
;
587 dpm
->instr_read_data_r0
= cortex_a8_instr_read_data_r0
;
589 dpm
->bpwp_enable
= cortex_a8_bpwp_enable
;
590 dpm
->bpwp_disable
= cortex_a8_bpwp_disable
;
592 retval
= arm_dpm_setup(dpm
);
593 if (retval
== ERROR_OK
)
594 retval
= arm_dpm_initialize(dpm
);
601 * Cortex-A8 Run control
604 static int cortex_a8_poll(struct target
*target
)
606 int retval
= ERROR_OK
;
608 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
609 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
610 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
611 enum target_state prev_target_state
= target
->state
;
612 uint8_t saved_apsel
= dap_ap_get_select(swjdp
);
614 dap_ap_select(swjdp
, swjdp_debugap
);
615 retval
= mem_ap_read_atomic_u32(swjdp
,
616 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
617 if (retval
!= ERROR_OK
)
619 dap_ap_select(swjdp
, saved_apsel
);
622 cortex_a8
->cpudbg_dscr
= dscr
;
624 if ((dscr
& 0x3) == 0x3)
626 if (prev_target_state
!= TARGET_HALTED
)
628 /* We have a halting debug event */
629 LOG_DEBUG("Target halted");
630 target
->state
= TARGET_HALTED
;
631 if ((prev_target_state
== TARGET_RUNNING
)
632 || (prev_target_state
== TARGET_RESET
))
634 retval
= cortex_a8_debug_entry(target
);
635 if (retval
!= ERROR_OK
)
638 target_call_event_callbacks(target
,
639 TARGET_EVENT_HALTED
);
641 if (prev_target_state
== TARGET_DEBUG_RUNNING
)
645 retval
= cortex_a8_debug_entry(target
);
646 if (retval
!= ERROR_OK
)
649 target_call_event_callbacks(target
,
650 TARGET_EVENT_DEBUG_HALTED
);
654 else if ((dscr
& 0x3) == 0x2)
656 target
->state
= TARGET_RUNNING
;
660 LOG_DEBUG("Unknown target state dscr = 0x%08" PRIx32
, dscr
);
661 target
->state
= TARGET_UNKNOWN
;
664 dap_ap_select(swjdp
, saved_apsel
);
669 static int cortex_a8_halt(struct target
*target
)
671 int retval
= ERROR_OK
;
673 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
674 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
675 uint8_t saved_apsel
= dap_ap_get_select(swjdp
);
676 dap_ap_select(swjdp
, swjdp_debugap
);
679 * Tell the core to be halted by writing DRCR with 0x1
680 * and then wait for the core to be halted.
682 retval
= mem_ap_write_atomic_u32(swjdp
,
683 armv7a
->debug_base
+ CPUDBG_DRCR
, 0x1);
684 if (retval
!= ERROR_OK
)
688 * enter halting debug mode
690 retval
= mem_ap_read_atomic_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
691 if (retval
!= ERROR_OK
)
694 retval
= mem_ap_write_atomic_u32(swjdp
,
695 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
| DSCR_HALT_DBG_MODE
);
696 if (retval
!= ERROR_OK
)
699 long long then
= timeval_ms();
702 retval
= mem_ap_read_atomic_u32(swjdp
,
703 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
704 if (retval
!= ERROR_OK
)
706 if ((dscr
& DSCR_CORE_HALTED
) != 0)
710 if (timeval_ms() > then
+ 1000)
712 LOG_ERROR("Timeout waiting for halt");
717 target
->debug_reason
= DBG_REASON_DBGRQ
;
720 dap_ap_select(swjdp
, saved_apsel
);
724 static int cortex_a8_resume(struct target
*target
, int current
,
725 uint32_t address
, int handle_breakpoints
, int debug_execution
)
727 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
728 struct arm
*armv4_5
= &armv7a
->armv4_5_common
;
729 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
732 // struct breakpoint *breakpoint = NULL;
733 uint32_t resume_pc
, dscr
;
735 uint8_t saved_apsel
= dap_ap_get_select(swjdp
);
736 dap_ap_select(swjdp
, swjdp_debugap
);
738 if (!debug_execution
)
739 target_free_all_working_areas(target
);
744 /* Disable interrupts */
745 /* We disable interrupts in the PRIMASK register instead of
746 * masking with C_MASKINTS,
747 * This is probably the same issue as Cortex-M3 Errata 377493:
748 * C_MASKINTS in parallel with disabled interrupts can cause
749 * local faults to not be taken. */
750 buf_set_u32(armv7m
->core_cache
->reg_list
[ARMV7M_PRIMASK
].value
, 0, 32, 1);
751 armv7m
->core_cache
->reg_list
[ARMV7M_PRIMASK
].dirty
= 1;
752 armv7m
->core_cache
->reg_list
[ARMV7M_PRIMASK
].valid
= 1;
754 /* Make sure we are in Thumb mode */
755 buf_set_u32(armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].value
, 0, 32,
756 buf_get_u32(armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].value
, 0, 32) | (1 << 24));
757 armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].dirty
= 1;
758 armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].valid
= 1;
762 /* current = 1: continue on current pc, otherwise continue at <address> */
763 resume_pc
= buf_get_u32(armv4_5
->pc
->value
, 0, 32);
767 /* Make sure that the Armv7 gdb thumb fixups does not
768 * kill the return address
770 switch (armv4_5
->core_state
)
773 resume_pc
&= 0xFFFFFFFC;
775 case ARM_STATE_THUMB
:
776 case ARM_STATE_THUMB_EE
:
777 /* When the return address is loaded into PC
778 * bit 0 must be 1 to stay in Thumb state
782 case ARM_STATE_JAZELLE
:
783 LOG_ERROR("How do I resume into Jazelle state??");
786 LOG_DEBUG("resume pc = 0x%08" PRIx32
, resume_pc
);
787 buf_set_u32(armv4_5
->pc
->value
, 0, 32, resume_pc
);
788 armv4_5
->pc
->dirty
= 1;
789 armv4_5
->pc
->valid
= 1;
791 cortex_a8_restore_context(target
, handle_breakpoints
);
794 /* the front-end may request us not to handle breakpoints */
795 if (handle_breakpoints
)
797 /* Single step past breakpoint at current address */
798 if ((breakpoint
= breakpoint_find(target
, resume_pc
)))
800 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint
->address
);
801 cortex_m3_unset_breakpoint(target
, breakpoint
);
802 cortex_m3_single_step_core(target
);
803 cortex_m3_set_breakpoint(target
, breakpoint
);
808 /* Restart core and wait for it to be started
809 * NOTE: this clears DSCR_ITR_EN and other bits.
811 * REVISIT: for single stepping, we probably want to
812 * disable IRQs by default, with optional override...
814 retval
= mem_ap_write_atomic_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_DRCR
, 0x2);
815 if (retval
!= ERROR_OK
)
818 long long then
= timeval_ms();
821 retval
= mem_ap_read_atomic_u32(swjdp
,
822 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
823 if (retval
!= ERROR_OK
)
825 if ((dscr
& DSCR_CORE_RESTARTED
) != 0)
827 if (timeval_ms() > then
+ 1000)
829 LOG_ERROR("Timeout waiting for resume");
834 target
->debug_reason
= DBG_REASON_NOTHALTED
;
835 target
->state
= TARGET_RUNNING
;
837 /* registers are now invalid */
838 register_cache_invalidate(armv4_5
->core_cache
);
840 if (!debug_execution
)
842 target
->state
= TARGET_RUNNING
;
843 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
844 LOG_DEBUG("target resumed at 0x%" PRIx32
, resume_pc
);
848 target
->state
= TARGET_DEBUG_RUNNING
;
849 target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
850 LOG_DEBUG("target debug resumed at 0x%" PRIx32
, resume_pc
);
853 dap_ap_select(swjdp
, saved_apsel
);
858 static int cortex_a8_debug_entry(struct target
*target
)
861 uint32_t regfile
[16], cpsr
, dscr
;
862 int retval
= ERROR_OK
;
863 struct working_area
*regfile_working_area
= NULL
;
864 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
865 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
866 struct arm
*armv4_5
= &armv7a
->armv4_5_common
;
867 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
870 LOG_DEBUG("dscr = 0x%08" PRIx32
, cortex_a8
->cpudbg_dscr
);
872 /* REVISIT surely we should not re-read DSCR !! */
873 retval
= mem_ap_read_atomic_u32(swjdp
,
874 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
875 if (retval
!= ERROR_OK
)
878 /* REVISIT see A8 TRM 12.11.4 steps 2..3 -- make sure that any
879 * imprecise data aborts get discarded by issuing a Data
880 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
883 /* Enable the ITR execution once we are in debug mode */
885 retval
= mem_ap_write_atomic_u32(swjdp
,
886 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
);
887 if (retval
!= ERROR_OK
)
890 /* Examine debug reason */
891 arm_dpm_report_dscr(&armv7a
->dpm
, cortex_a8
->cpudbg_dscr
);
893 /* save address of instruction that triggered the watchpoint? */
894 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
897 retval
= mem_ap_read_atomic_u32(swjdp
,
898 armv7a
->debug_base
+ CPUDBG_WFAR
,
900 if (retval
!= ERROR_OK
)
902 arm_dpm_report_wfar(&armv7a
->dpm
, wfar
);
905 /* REVISIT fast_reg_read is never set ... */
907 /* Examine target state and mode */
908 if (cortex_a8
->fast_reg_read
)
909 target_alloc_working_area(target
, 64, ®file_working_area
);
911 /* First load register acessible through core debug port*/
912 if (!regfile_working_area
)
914 retval
= arm_dpm_read_current_registers(&armv7a
->dpm
);
918 dap_ap_select(swjdp
, swjdp_memoryap
);
919 cortex_a8_read_regs_through_mem(target
,
920 regfile_working_area
->address
, regfile
);
921 dap_ap_select(swjdp
, swjdp_memoryap
);
922 target_free_working_area(target
, regfile_working_area
);
924 /* read Current PSR */
925 cortex_a8_dap_read_coreregister_u32(target
, &cpsr
, 16);
926 dap_ap_select(swjdp
, swjdp_debugap
);
927 LOG_DEBUG("cpsr: %8.8" PRIx32
, cpsr
);
929 arm_set_cpsr(armv4_5
, cpsr
);
932 for (i
= 0; i
<= ARM_PC
; i
++)
934 reg
= arm_reg_current(armv4_5
, i
);
936 buf_set_u32(reg
->value
, 0, 32, regfile
[i
]);
941 /* Fixup PC Resume Address */
944 // T bit set for Thumb or ThumbEE state
945 regfile
[ARM_PC
] -= 4;
950 regfile
[ARM_PC
] -= 8;
954 buf_set_u32(reg
->value
, 0, 32, regfile
[ARM_PC
]);
955 reg
->dirty
= reg
->valid
;
959 /* TODO, Move this */
960 uint32_t cp15_control_register
, cp15_cacr
, cp15_nacr
;
961 cortex_a8_read_cp(target
, &cp15_control_register
, 15, 0, 1, 0, 0);
962 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register
);
964 cortex_a8_read_cp(target
, &cp15_cacr
, 15, 0, 1, 0, 2);
965 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr
);
967 cortex_a8_read_cp(target
, &cp15_nacr
, 15, 0, 1, 1, 2);
968 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr
);
971 /* Are we in an exception handler */
972 // armv4_5->exception_number = 0;
973 if (armv7a
->post_debug_entry
)
974 armv7a
->post_debug_entry(target
);
979 static void cortex_a8_post_debug_entry(struct target
*target
)
981 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
982 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
985 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
986 retval
= armv7a
->armv4_5_common
.mrc(target
, 15,
989 &cortex_a8
->cp15_control_reg
);
990 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32
, cortex_a8
->cp15_control_reg
);
992 if (armv7a
->armv4_5_mmu
.armv4_5_cache
.ctype
== -1)
994 uint32_t cache_type_reg
;
996 /* MRC p15,0,<Rt>,c0,c0,1 ; Read CP15 Cache Type Register */
997 retval
= armv7a
->armv4_5_common
.mrc(target
, 15,
1001 LOG_DEBUG("cp15 cache type: %8.8x", (unsigned) cache_type_reg
);
1003 /* FIXME the armv4_4 cache info DOES NOT APPLY to Cortex-A8 */
1004 armv4_5_identify_cache(cache_type_reg
,
1005 &armv7a
->armv4_5_mmu
.armv4_5_cache
);
1008 armv7a
->armv4_5_mmu
.mmu_enabled
=
1009 (cortex_a8
->cp15_control_reg
& 0x1U
) ? 1 : 0;
1010 armv7a
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
=
1011 (cortex_a8
->cp15_control_reg
& 0x4U
) ? 1 : 0;
1012 armv7a
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
=
1013 (cortex_a8
->cp15_control_reg
& 0x1000U
) ? 1 : 0;
1018 static int cortex_a8_step(struct target
*target
, int current
, uint32_t address
,
1019 int handle_breakpoints
)
1021 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1022 struct arm
*armv4_5
= &armv7a
->armv4_5_common
;
1023 struct breakpoint
*breakpoint
= NULL
;
1024 struct breakpoint stepbreakpoint
;
1030 if (target
->state
!= TARGET_HALTED
)
1032 LOG_WARNING("target not halted");
1033 return ERROR_TARGET_NOT_HALTED
;
1036 /* current = 1: continue on current pc, otherwise continue at <address> */
1040 buf_set_u32(r
->value
, 0, 32, address
);
1044 address
= buf_get_u32(r
->value
, 0, 32);
1047 /* The front-end may request us not to handle breakpoints.
1048 * But since Cortex-A8 uses breakpoint for single step,
1049 * we MUST handle breakpoints.
1051 handle_breakpoints
= 1;
1052 if (handle_breakpoints
) {
1053 breakpoint
= breakpoint_find(target
, address
);
1055 cortex_a8_unset_breakpoint(target
, breakpoint
);
1058 /* Setup single step breakpoint */
1059 stepbreakpoint
.address
= address
;
1060 stepbreakpoint
.length
= (armv4_5
->core_state
== ARM_STATE_THUMB
)
1062 stepbreakpoint
.type
= BKPT_HARD
;
1063 stepbreakpoint
.set
= 0;
1065 /* Break on IVA mismatch */
1066 cortex_a8_set_breakpoint(target
, &stepbreakpoint
, 0x04);
1068 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1070 retval
= cortex_a8_resume(target
, 1, address
, 0, 0);
1071 if (retval
!= ERROR_OK
)
1074 while (target
->state
!= TARGET_HALTED
)
1076 retval
= cortex_a8_poll(target
);
1077 if (retval
!= ERROR_OK
)
1081 LOG_ERROR("timeout waiting for target halt");
1086 cortex_a8_unset_breakpoint(target
, &stepbreakpoint
);
1088 target
->debug_reason
= DBG_REASON_BREAKPOINT
;
1091 cortex_a8_set_breakpoint(target
, breakpoint
, 0);
1093 if (target
->state
!= TARGET_HALTED
)
1094 LOG_DEBUG("target stepped");
1099 static int cortex_a8_restore_context(struct target
*target
, bool bpwp
)
1101 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1105 if (armv7a
->pre_restore_context
)
1106 armv7a
->pre_restore_context(target
);
1108 arm_dpm_write_dirty_registers(&armv7a
->dpm
, bpwp
);
1115 * Cortex-A8 Breakpoint and watchpoint functions
1118 /* Setup hardware Breakpoint Register Pair */
1119 static int cortex_a8_set_breakpoint(struct target
*target
,
1120 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1125 uint8_t byte_addr_select
= 0x0F;
1126 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1127 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1128 struct cortex_a8_brp
* brp_list
= cortex_a8
->brp_list
;
1130 if (breakpoint
->set
)
1132 LOG_WARNING("breakpoint already set");
1136 if (breakpoint
->type
== BKPT_HARD
)
1138 while (brp_list
[brp_i
].used
&& (brp_i
< cortex_a8
->brp_num
))
1140 if (brp_i
>= cortex_a8
->brp_num
)
1142 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1145 breakpoint
->set
= brp_i
+ 1;
1146 if (breakpoint
->length
== 2)
1148 byte_addr_select
= (3 << (breakpoint
->address
& 0x02));
1150 control
= ((matchmode
& 0x7) << 20)
1151 | (byte_addr_select
<< 5)
1153 brp_list
[brp_i
].used
= 1;
1154 brp_list
[brp_i
].value
= (breakpoint
->address
& 0xFFFFFFFC);
1155 brp_list
[brp_i
].control
= control
;
1156 cortex_a8_dap_write_memap_register_u32(target
, armv7a
->debug_base
1157 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1158 brp_list
[brp_i
].value
);
1159 cortex_a8_dap_write_memap_register_u32(target
, armv7a
->debug_base
1160 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1161 brp_list
[brp_i
].control
);
1162 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_i
,
1163 brp_list
[brp_i
].control
,
1164 brp_list
[brp_i
].value
);
1166 else if (breakpoint
->type
== BKPT_SOFT
)
1169 if (breakpoint
->length
== 2)
1171 buf_set_u32(code
, 0, 32, ARMV5_T_BKPT(0x11));
1175 buf_set_u32(code
, 0, 32, ARMV5_BKPT(0x11));
1177 retval
= target
->type
->read_memory(target
,
1178 breakpoint
->address
& 0xFFFFFFFE,
1179 breakpoint
->length
, 1,
1180 breakpoint
->orig_instr
);
1181 if (retval
!= ERROR_OK
)
1183 retval
= target
->type
->write_memory(target
,
1184 breakpoint
->address
& 0xFFFFFFFE,
1185 breakpoint
->length
, 1, code
);
1186 if (retval
!= ERROR_OK
)
1188 breakpoint
->set
= 0x11; /* Any nice value but 0 */
1194 static int cortex_a8_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1197 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1198 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1199 struct cortex_a8_brp
* brp_list
= cortex_a8
->brp_list
;
1201 if (!breakpoint
->set
)
1203 LOG_WARNING("breakpoint not set");
1207 if (breakpoint
->type
== BKPT_HARD
)
1209 int brp_i
= breakpoint
->set
- 1;
1210 if ((brp_i
< 0) || (brp_i
>= cortex_a8
->brp_num
))
1212 LOG_DEBUG("Invalid BRP number in breakpoint");
1215 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_i
,
1216 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1217 brp_list
[brp_i
].used
= 0;
1218 brp_list
[brp_i
].value
= 0;
1219 brp_list
[brp_i
].control
= 0;
1220 cortex_a8_dap_write_memap_register_u32(target
, armv7a
->debug_base
1221 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1222 brp_list
[brp_i
].control
);
1223 cortex_a8_dap_write_memap_register_u32(target
, armv7a
->debug_base
1224 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1225 brp_list
[brp_i
].value
);
1229 /* restore original instruction (kept in target endianness) */
1230 if (breakpoint
->length
== 4)
1232 retval
= target
->type
->write_memory(target
,
1233 breakpoint
->address
& 0xFFFFFFFE,
1234 4, 1, breakpoint
->orig_instr
);
1235 if (retval
!= ERROR_OK
)
1240 retval
= target
->type
->write_memory(target
,
1241 breakpoint
->address
& 0xFFFFFFFE,
1242 2, 1, breakpoint
->orig_instr
);
1243 if (retval
!= ERROR_OK
)
1247 breakpoint
->set
= 0;
1252 static int cortex_a8_add_breakpoint(struct target
*target
,
1253 struct breakpoint
*breakpoint
)
1255 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1257 if ((breakpoint
->type
== BKPT_HARD
) && (cortex_a8
->brp_num_available
< 1))
1259 LOG_INFO("no hardware breakpoint available");
1260 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1263 if (breakpoint
->type
== BKPT_HARD
)
1264 cortex_a8
->brp_num_available
--;
1265 cortex_a8_set_breakpoint(target
, breakpoint
, 0x00); /* Exact match */
1270 static int cortex_a8_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1272 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1275 /* It is perfectly possible to remove breakpoints while the target is running */
1276 if (target
->state
!= TARGET_HALTED
)
1278 LOG_WARNING("target not halted");
1279 return ERROR_TARGET_NOT_HALTED
;
1283 if (breakpoint
->set
)
1285 cortex_a8_unset_breakpoint(target
, breakpoint
);
1286 if (breakpoint
->type
== BKPT_HARD
)
1287 cortex_a8
->brp_num_available
++ ;
1297 * Cortex-A8 Reset functions
1300 static int cortex_a8_assert_reset(struct target
*target
)
1302 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1306 /* FIXME when halt is requested, make it work somehow... */
1308 /* Issue some kind of warm reset. */
1309 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
)) {
1310 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
1311 } else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
1312 /* REVISIT handle "pulls" cases, if there's
1313 * hardware that needs them to work.
1315 jtag_add_reset(0, 1);
1317 LOG_ERROR("%s: how to reset?", target_name(target
));
1321 /* registers are now invalid */
1322 register_cache_invalidate(armv7a
->armv4_5_common
.core_cache
);
1324 target
->state
= TARGET_RESET
;
1329 static int cortex_a8_deassert_reset(struct target
*target
)
1335 /* be certain SRST is off */
1336 jtag_add_reset(0, 0);
1338 retval
= cortex_a8_poll(target
);
1339 if (retval
!= ERROR_OK
)
1342 if (target
->reset_halt
) {
1343 if (target
->state
!= TARGET_HALTED
) {
1344 LOG_WARNING("%s: ran after reset and before halt ...",
1345 target_name(target
));
1346 if ((retval
= target_halt(target
)) != ERROR_OK
)
1355 * Cortex-A8 Memory access
1357 * This is same Cortex M3 but we must also use the correct
1358 * ap number for every access.
1361 static int cortex_a8_read_phys_memory(struct target
*target
,
1362 uint32_t address
, uint32_t size
,
1363 uint32_t count
, uint8_t *buffer
)
1365 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1366 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
1367 int retval
= ERROR_INVALID_ARGUMENTS
;
1369 /* cortex_a8 handles unaligned memory access */
1371 // ??? dap_ap_select(swjdp, swjdp_memoryap);
1372 LOG_DEBUG("Reading memory at real address 0x%x; size %d; count %d", address
, size
, count
);
1373 if (count
&& buffer
) {
1376 retval
= mem_ap_read_buf_u32(swjdp
, buffer
, 4 * count
, address
);
1379 retval
= mem_ap_read_buf_u16(swjdp
, buffer
, 2 * count
, address
);
1382 retval
= mem_ap_read_buf_u8(swjdp
, buffer
, count
, address
);
1390 static int cortex_a8_read_memory(struct target
*target
, uint32_t address
,
1391 uint32_t size
, uint32_t count
, uint8_t *buffer
)
1394 uint32_t virt
, phys
;
1397 /* cortex_a8 handles unaligned memory access */
1399 // ??? dap_ap_select(swjdp, swjdp_memoryap);
1400 LOG_DEBUG("Reading memory at address 0x%x; size %d; count %d", address
, size
, count
);
1401 retval
= cortex_a8_mmu(target
, &enabled
);
1402 if (retval
!= ERROR_OK
)
1408 cortex_a8_virt2phys(target
, virt
, &phys
);
1409 LOG_DEBUG("Reading at virtual address. Translating v:0x%x to r:0x%x", virt
, phys
);
1413 return cortex_a8_read_phys_memory(target
, address
, size
, count
, buffer
);
1416 static int cortex_a8_write_phys_memory(struct target
*target
,
1417 uint32_t address
, uint32_t size
,
1418 uint32_t count
, uint8_t *buffer
)
1420 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1421 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
1422 int retval
= ERROR_INVALID_ARGUMENTS
;
1424 // ??? dap_ap_select(swjdp, swjdp_memoryap);
1426 LOG_DEBUG("Writing memory to real address 0x%x; size %d; count %d", address
, size
, count
);
1427 if (count
&& buffer
) {
1430 retval
= mem_ap_write_buf_u32(swjdp
, buffer
, 4 * count
, address
);
1433 retval
= mem_ap_write_buf_u16(swjdp
, buffer
, 2 * count
, address
);
1436 retval
= mem_ap_write_buf_u8(swjdp
, buffer
, count
, address
);
1441 /* REVISIT this op is generic ARMv7-A/R stuff */
1442 if (retval
== ERROR_OK
&& target
->state
== TARGET_HALTED
)
1444 struct arm_dpm
*dpm
= armv7a
->armv4_5_common
.dpm
;
1446 retval
= dpm
->prepare(dpm
);
1447 if (retval
!= ERROR_OK
)
1450 /* The Cache handling will NOT work with MMU active, the
1451 * wrong addresses will be invalidated!
1453 * For both ICache and DCache, walk all cache lines in the
1454 * address range. Cortex-A8 has fixed 64 byte line length.
1456 * REVISIT per ARMv7, these may trigger watchpoints ...
1459 /* invalidate I-Cache */
1460 if (armv7a
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
)
1462 /* ICIMVAU - Invalidate Cache single entry
1464 * MCR p15, 0, r0, c7, c5, 1
1466 for (uint32_t cacheline
= address
;
1467 cacheline
< address
+ size
* count
;
1469 retval
= dpm
->instr_write_data_r0(dpm
,
1470 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
1475 /* invalidate D-Cache */
1476 if (armv7a
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
)
1478 /* DCIMVAC - Invalidate data Cache line
1480 * MCR p15, 0, r0, c7, c6, 1
1482 for (uint32_t cacheline
= address
;
1483 cacheline
< address
+ size
* count
;
1485 retval
= dpm
->instr_write_data_r0(dpm
,
1486 ARMV4_5_MCR(15, 0, 0, 7, 6, 1),
1491 /* (void) */ dpm
->finish(dpm
);
1497 static int cortex_a8_write_memory(struct target
*target
, uint32_t address
,
1498 uint32_t size
, uint32_t count
, uint8_t *buffer
)
1501 uint32_t virt
, phys
;
1504 // ??? dap_ap_select(swjdp, swjdp_memoryap);
1506 LOG_DEBUG("Writing memory to address 0x%x; size %d; count %d", address
, size
, count
);
1507 retval
= cortex_a8_mmu(target
, &enabled
);
1508 if (retval
!= ERROR_OK
)
1513 cortex_a8_virt2phys(target
, virt
, &phys
);
1514 LOG_DEBUG("Writing to virtual address. Translating v:0x%x to r:0x%x", virt
, phys
);
1518 return cortex_a8_write_phys_memory(target
, address
, size
,
1522 static int cortex_a8_bulk_write_memory(struct target
*target
, uint32_t address
,
1523 uint32_t count
, uint8_t *buffer
)
1525 return cortex_a8_write_memory(target
, address
, 4, count
, buffer
);
1529 static int cortex_a8_dcc_read(struct adiv5_dap
*swjdp
, uint8_t *value
, uint8_t *ctrl
)
1534 mem_ap_read_buf_u16(swjdp
, (uint8_t*)&dcrdr
, 1, DCB_DCRDR
);
1535 *ctrl
= (uint8_t)dcrdr
;
1536 *value
= (uint8_t)(dcrdr
>> 8);
1538 LOG_DEBUG("data 0x%x ctrl 0x%x", *value
, *ctrl
);
1540 /* write ack back to software dcc register
1541 * signify we have read data */
1542 if (dcrdr
& (1 << 0))
1545 mem_ap_write_buf_u16(swjdp
, (uint8_t*)&dcrdr
, 1, DCB_DCRDR
);
1552 static int cortex_a8_handle_target_request(void *priv
)
1554 struct target
*target
= priv
;
1555 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1556 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
1558 if (!target_was_examined(target
))
1560 if (!target
->dbg_msg_enabled
)
1563 if (target
->state
== TARGET_RUNNING
)
1568 cortex_a8_dcc_read(swjdp
, &data
, &ctrl
);
1570 /* check if we have data */
1571 if (ctrl
& (1 << 0))
1575 /* we assume target is quick enough */
1577 cortex_a8_dcc_read(swjdp
, &data
, &ctrl
);
1578 request
|= (data
<< 8);
1579 cortex_a8_dcc_read(swjdp
, &data
, &ctrl
);
1580 request
|= (data
<< 16);
1581 cortex_a8_dcc_read(swjdp
, &data
, &ctrl
);
1582 request
|= (data
<< 24);
1583 target_request(target
, request
);
1591 * Cortex-A8 target information and configuration
1594 static int cortex_a8_examine_first(struct target
*target
)
1596 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1597 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1598 struct adiv5_dap
*swjdp
= &armv7a
->dap
;
1600 int retval
= ERROR_OK
;
1601 uint32_t didr
, ctypr
, ttypr
, cpuid
;
1603 /* stop assuming this is an OMAP! */
1604 LOG_DEBUG("TODO - autoconfigure");
1606 /* Here we shall insert a proper ROM Table scan */
1607 armv7a
->debug_base
= OMAP3530_DEBUG_BASE
;
1609 /* We do one extra read to ensure DAP is configured,
1610 * we call ahbap_debugport_init(swjdp) instead
1612 retval
= ahbap_debugport_init(swjdp
);
1613 if (retval
!= ERROR_OK
)
1616 retval
= mem_ap_read_atomic_u32(swjdp
, armv7a
->debug_base
+ CPUDBG_CPUID
, &cpuid
);
1617 if (retval
!= ERROR_OK
)
1620 if ((retval
= mem_ap_read_atomic_u32(swjdp
,
1621 armv7a
->debug_base
+ CPUDBG_CPUID
, &cpuid
)) != ERROR_OK
)
1623 LOG_DEBUG("Examine %s failed", "CPUID");
1627 if ((retval
= mem_ap_read_atomic_u32(swjdp
,
1628 armv7a
->debug_base
+ CPUDBG_CTYPR
, &ctypr
)) != ERROR_OK
)
1630 LOG_DEBUG("Examine %s failed", "CTYPR");
1634 if ((retval
= mem_ap_read_atomic_u32(swjdp
,
1635 armv7a
->debug_base
+ CPUDBG_TTYPR
, &ttypr
)) != ERROR_OK
)
1637 LOG_DEBUG("Examine %s failed", "TTYPR");
1641 if ((retval
= mem_ap_read_atomic_u32(swjdp
,
1642 armv7a
->debug_base
+ CPUDBG_DIDR
, &didr
)) != ERROR_OK
)
1644 LOG_DEBUG("Examine %s failed", "DIDR");
1648 LOG_DEBUG("cpuid = 0x%08" PRIx32
, cpuid
);
1649 LOG_DEBUG("ctypr = 0x%08" PRIx32
, ctypr
);
1650 LOG_DEBUG("ttypr = 0x%08" PRIx32
, ttypr
);
1651 LOG_DEBUG("didr = 0x%08" PRIx32
, didr
);
1653 armv7a
->armv4_5_common
.core_type
= ARM_MODE_MON
;
1654 retval
= cortex_a8_dpm_setup(cortex_a8
, didr
);
1655 if (retval
!= ERROR_OK
)
1658 /* Setup Breakpoint Register Pairs */
1659 cortex_a8
->brp_num
= ((didr
>> 24) & 0x0F) + 1;
1660 cortex_a8
->brp_num_context
= ((didr
>> 20) & 0x0F) + 1;
1661 cortex_a8
->brp_num_available
= cortex_a8
->brp_num
;
1662 cortex_a8
->brp_list
= calloc(cortex_a8
->brp_num
, sizeof(struct cortex_a8_brp
));
1663 // cortex_a8->brb_enabled = ????;
1664 for (i
= 0; i
< cortex_a8
->brp_num
; i
++)
1666 cortex_a8
->brp_list
[i
].used
= 0;
1667 if (i
< (cortex_a8
->brp_num
-cortex_a8
->brp_num_context
))
1668 cortex_a8
->brp_list
[i
].type
= BRP_NORMAL
;
1670 cortex_a8
->brp_list
[i
].type
= BRP_CONTEXT
;
1671 cortex_a8
->brp_list
[i
].value
= 0;
1672 cortex_a8
->brp_list
[i
].control
= 0;
1673 cortex_a8
->brp_list
[i
].BRPn
= i
;
1676 LOG_DEBUG("Configured %i hw breakpoints", cortex_a8
->brp_num
);
1678 target_set_examined(target
);
1682 static int cortex_a8_examine(struct target
*target
)
1684 int retval
= ERROR_OK
;
1686 /* don't re-probe hardware after each reset */
1687 if (!target_was_examined(target
))
1688 retval
= cortex_a8_examine_first(target
);
1690 /* Configure core debug access */
1691 if (retval
== ERROR_OK
)
1692 retval
= cortex_a8_init_debug_access(target
);
1698 * Cortex-A8 target creation and initialization
1701 static int cortex_a8_init_target(struct command_context
*cmd_ctx
,
1702 struct target
*target
)
1704 /* examine_first() does a bunch of this */
1708 static int cortex_a8_init_arch_info(struct target
*target
,
1709 struct cortex_a8_common
*cortex_a8
, struct jtag_tap
*tap
)
1711 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1712 struct arm
*armv4_5
= &armv7a
->armv4_5_common
;
1713 struct adiv5_dap
*dap
= &armv7a
->dap
;
1715 armv7a
->armv4_5_common
.dap
= dap
;
1717 /* Setup struct cortex_a8_common */
1718 cortex_a8
->common_magic
= CORTEX_A8_COMMON_MAGIC
;
1719 armv4_5
->arch_info
= armv7a
;
1721 /* prepare JTAG information for the new target */
1722 cortex_a8
->jtag_info
.tap
= tap
;
1723 cortex_a8
->jtag_info
.scann_size
= 4;
1725 /* Leave (only) generic DAP stuff for debugport_init() */
1726 dap
->jtag_info
= &cortex_a8
->jtag_info
;
1727 dap
->memaccess_tck
= 80;
1729 /* Number of bits for tar autoincrement, impl. dep. at least 10 */
1730 dap
->tar_autoincr_block
= (1 << 10);
1732 cortex_a8
->fast_reg_read
= 0;
1734 /* Set default value */
1735 cortex_a8
->current_address_mode
= ARM_MODE_ANY
;
1737 /* register arch-specific functions */
1738 armv7a
->examine_debug_reason
= NULL
;
1740 armv7a
->post_debug_entry
= cortex_a8_post_debug_entry
;
1742 armv7a
->pre_restore_context
= NULL
;
1743 armv7a
->armv4_5_mmu
.armv4_5_cache
.ctype
= -1;
1744 armv7a
->armv4_5_mmu
.get_ttb
= cortex_a8_get_ttb
;
1745 armv7a
->armv4_5_mmu
.read_memory
= cortex_a8_read_phys_memory
;
1746 armv7a
->armv4_5_mmu
.write_memory
= cortex_a8_write_phys_memory
;
1747 armv7a
->armv4_5_mmu
.disable_mmu_caches
= cortex_a8_disable_mmu_caches
;
1748 armv7a
->armv4_5_mmu
.enable_mmu_caches
= cortex_a8_enable_mmu_caches
;
1749 armv7a
->armv4_5_mmu
.has_tiny_pages
= 1;
1750 armv7a
->armv4_5_mmu
.mmu_enabled
= 0;
1753 // arm7_9->handle_target_request = cortex_a8_handle_target_request;
1755 /* REVISIT v7a setup should be in a v7a-specific routine */
1756 arm_init_arch_info(target
, armv4_5
);
1757 armv7a
->common_magic
= ARMV7_COMMON_MAGIC
;
1759 target_register_timer_callback(cortex_a8_handle_target_request
, 1, 1, target
);
1764 static int cortex_a8_target_create(struct target
*target
, Jim_Interp
*interp
)
1766 struct cortex_a8_common
*cortex_a8
= calloc(1, sizeof(struct cortex_a8_common
));
1768 cortex_a8_init_arch_info(target
, cortex_a8
, target
->tap
);
1773 static uint32_t cortex_a8_get_ttb(struct target
*target
)
1775 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1776 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1777 uint32_t ttb
= 0, retval
= ERROR_OK
;
1779 /* current_address_mode is set inside cortex_a8_virt2phys()
1780 where we can determine if address belongs to user or kernel */
1781 if(cortex_a8
->current_address_mode
== ARM_MODE_SVC
)
1783 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1784 retval
= armv7a
->armv4_5_common
.mrc(target
, 15,
1785 0, 1, /* op1, op2 */
1786 2, 0, /* CRn, CRm */
1789 else if(cortex_a8
->current_address_mode
== ARM_MODE_USR
)
1791 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1792 retval
= armv7a
->armv4_5_common
.mrc(target
, 15,
1793 0, 0, /* op1, op2 */
1794 2, 0, /* CRn, CRm */
1797 /* we don't know whose address is: user or kernel
1798 we assume that if we are in kernel mode then
1799 address belongs to kernel else if in user mode
1801 else if(armv7a
->armv4_5_common
.core_mode
== ARM_MODE_SVC
)
1803 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1804 retval
= armv7a
->armv4_5_common
.mrc(target
, 15,
1805 0, 1, /* op1, op2 */
1806 2, 0, /* CRn, CRm */
1809 else if(armv7a
->armv4_5_common
.core_mode
== ARM_MODE_USR
)
1811 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1812 retval
= armv7a
->armv4_5_common
.mrc(target
, 15,
1813 0, 0, /* op1, op2 */
1814 2, 0, /* CRn, CRm */
1817 /* finally we don't know whose ttb to use: user or kernel */
1819 LOG_ERROR("Don't know how to get ttb for current mode!!!");
1826 static void cortex_a8_disable_mmu_caches(struct target
*target
, int mmu
,
1827 int d_u_cache
, int i_cache
)
1829 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1830 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1831 uint32_t cp15_control
;
1833 /* read cp15 control register */
1834 armv7a
->armv4_5_common
.mrc(target
, 15,
1835 0, 0, /* op1, op2 */
1836 1, 0, /* CRn, CRm */
1841 cp15_control
&= ~0x1U
;
1844 cp15_control
&= ~0x4U
;
1847 cp15_control
&= ~0x1000U
;
1849 armv7a
->armv4_5_common
.mcr(target
, 15,
1850 0, 0, /* op1, op2 */
1851 1, 0, /* CRn, CRm */
1855 static void cortex_a8_enable_mmu_caches(struct target
*target
, int mmu
,
1856 int d_u_cache
, int i_cache
)
1858 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1859 struct armv7a_common
*armv7a
= &cortex_a8
->armv7a_common
;
1860 uint32_t cp15_control
;
1862 /* read cp15 control register */
1863 armv7a
->armv4_5_common
.mrc(target
, 15,
1864 0, 0, /* op1, op2 */
1865 1, 0, /* CRn, CRm */
1869 cp15_control
|= 0x1U
;
1872 cp15_control
|= 0x4U
;
1875 cp15_control
|= 0x1000U
;
1877 armv7a
->armv4_5_common
.mcr(target
, 15,
1878 0, 0, /* op1, op2 */
1879 1, 0, /* CRn, CRm */
1884 static int cortex_a8_mmu(struct target
*target
, int *enabled
)
1886 if (target
->state
!= TARGET_HALTED
) {
1887 LOG_ERROR("%s: target not halted", __func__
);
1888 return ERROR_TARGET_INVALID
;
1891 *enabled
= target_to_cortex_a8(target
)->armv7a_common
.armv4_5_mmu
.mmu_enabled
;
1895 static int cortex_a8_virt2phys(struct target
*target
,
1896 uint32_t virt
, uint32_t *phys
)
1899 struct cortex_a8_common
*cortex_a8
= target_to_cortex_a8(target
);
1900 // struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1901 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1903 /* We assume that virtual address is separated
1904 between user and kernel in Linux style:
1905 0x00000000-0xbfffffff - User space
1906 0xc0000000-0xffffffff - Kernel space */
1907 if( virt
< 0xc0000000 ) /* Linux user space */
1908 cortex_a8
->current_address_mode
= ARM_MODE_USR
;
1909 else /* Linux kernel */
1910 cortex_a8
->current_address_mode
= ARM_MODE_SVC
;
1912 int retval
= armv4_5_mmu_translate_va(target
,
1913 &armv7a
->armv4_5_mmu
, virt
, &cb
, &ret
);
1914 if (retval
!= ERROR_OK
)
1916 /* Reset the flag. We don't want someone else to use it by error */
1917 cortex_a8
->current_address_mode
= ARM_MODE_ANY
;
1923 COMMAND_HANDLER(cortex_a8_handle_cache_info_command
)
1925 struct target
*target
= get_current_target(CMD_CTX
);
1926 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1928 return armv4_5_handle_cache_info_command(CMD_CTX
,
1929 &armv7a
->armv4_5_mmu
.armv4_5_cache
);
1933 COMMAND_HANDLER(cortex_a8_handle_dbginit_command
)
1935 struct target
*target
= get_current_target(CMD_CTX
);
1936 if (!target_was_examined(target
))
1938 LOG_ERROR("target not examined yet");
1942 return cortex_a8_init_debug_access(target
);
1945 static const struct command_registration cortex_a8_exec_command_handlers
[] = {
1947 .name
= "cache_info",
1948 .handler
= cortex_a8_handle_cache_info_command
,
1949 .mode
= COMMAND_EXEC
,
1950 .help
= "display information about target caches",
1954 .handler
= cortex_a8_handle_dbginit_command
,
1955 .mode
= COMMAND_EXEC
,
1956 .help
= "Initialize core debug",
1958 COMMAND_REGISTRATION_DONE
1960 static const struct command_registration cortex_a8_command_handlers
[] = {
1962 .chain
= arm_command_handlers
,
1965 .chain
= armv7a_command_handlers
,
1968 .name
= "cortex_a8",
1969 .mode
= COMMAND_ANY
,
1970 .help
= "Cortex-A8 command group",
1971 .chain
= cortex_a8_exec_command_handlers
,
1973 COMMAND_REGISTRATION_DONE
1976 struct target_type cortexa8_target
= {
1977 .name
= "cortex_a8",
1979 .poll
= cortex_a8_poll
,
1980 .arch_state
= armv7a_arch_state
,
1982 .target_request_data
= NULL
,
1984 .halt
= cortex_a8_halt
,
1985 .resume
= cortex_a8_resume
,
1986 .step
= cortex_a8_step
,
1988 .assert_reset
= cortex_a8_assert_reset
,
1989 .deassert_reset
= cortex_a8_deassert_reset
,
1990 .soft_reset_halt
= NULL
,
1992 /* REVISIT allow exporting VFP3 registers ... */
1993 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1995 .read_memory
= cortex_a8_read_memory
,
1996 .write_memory
= cortex_a8_write_memory
,
1997 .bulk_write_memory
= cortex_a8_bulk_write_memory
,
1999 .checksum_memory
= arm_checksum_memory
,
2000 .blank_check_memory
= arm_blank_check_memory
,
2002 .run_algorithm
= armv4_5_run_algorithm
,
2004 .add_breakpoint
= cortex_a8_add_breakpoint
,
2005 .remove_breakpoint
= cortex_a8_remove_breakpoint
,
2006 .add_watchpoint
= NULL
,
2007 .remove_watchpoint
= NULL
,
2009 .commands
= cortex_a8_command_handlers
,
2010 .target_create
= cortex_a8_target_create
,
2011 .init_target
= cortex_a8_init_target
,
2012 .examine
= cortex_a8_examine
,
2014 .read_phys_memory
= cortex_a8_read_phys_memory
,
2015 .write_phys_memory
= cortex_a8_write_phys_memory
,
2016 .mmu
= cortex_a8_mmu
,
2017 .virt2phys
= cortex_a8_virt2phys
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)