1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include "time_support.h"
34 #include "target_type.h"
35 #include "algorithm.h"
40 #define _DEBUG_INSTRUCTION_EXECUTION_
43 static bool arm11_config_memwrite_burst = true;
44 static bool arm11_config_memwrite_error_fatal = true;
45 static uint32_t arm11_vcr = 0;
46 static bool arm11_config_step_irq_enable = false;
47 static bool arm11_config_hardware_step = false;
63 enum arm11_regtype type;
66 /* update arm11_regcache_ids when changing this */
67 static const struct arm11_reg_defs arm11_reg_defs[] =
70 {"dscr", 0, -1, ARM11_REGISTER_DSCR},
71 {"wdtr", 0, -1, ARM11_REGISTER_WDTR},
72 {"rdtr", 0, -1, ARM11_REGISTER_RDTR},
75 enum arm11_regcache_ids
84 static int arm11_on_enter_debug_state(struct arm11_common *arm11);
85 static int arm11_step(struct target *target, int current,
86 uint32_t address, int handle_breakpoints);
88 static int arm11_build_reg_cache(struct target *target);
89 static int arm11_set_reg(struct reg *reg, uint8_t *buf);
90 static int arm11_get_reg(struct reg *reg);
93 /** Check and if necessary take control of the system
95 * \param arm11 Target state variable.
96 * \param dscr If the current DSCR content is
97 * available a pointer to a word holding the
98 * DSCR can be passed. Otherwise use NULL.
100 static int arm11_check_init(struct arm11_common *arm11, uint32_t *dscr)
102 uint32_t dscr_local_tmp_copy;
106 dscr = &dscr_local_tmp_copy;
108 CHECK_RETVAL(arm11_read_DSCR(arm11, dscr));
111 if (!(*dscr & ARM11_DSCR_MODE_SELECT))
113 LOG_DEBUG("Bringing target into debug mode");
115 *dscr |= ARM11_DSCR_MODE_SELECT; /* Halt debug-mode */
116 arm11_write_DSCR(arm11, *dscr);
118 /* add further reset initialization here */
120 arm11->simulate_reset_on_next_halt = true;
122 if (*dscr & ARM11_DSCR_CORE_HALTED)
124 /** \todo TODO: this needs further scrutiny because
125 * arm11_on_enter_debug_state() never gets properly called.
126 * As a result we don't read the actual register states from
130 arm11->target->state = TARGET_HALTED;
131 arm11->target->debug_reason = arm11_get_DSCR_debug_reason(*dscr);
135 arm11->target->state = TARGET_RUNNING;
136 arm11->target->debug_reason = DBG_REASON_NOTHALTED;
139 arm11_sc7_clear_vbw(arm11);
148 (arm11->reg_values[ARM11_RC_##x])
150 /** Save processor state.
152 * This is called when the HALT instruction has succeeded
153 * or on other occasions that stop the processor.
156 static int arm11_on_enter_debug_state(struct arm11_common *arm11)
160 /* REVISIT entire cache should already be invalid !!! */
161 register_cache_invalidate(arm11->arm.core_cache);
163 for (size_t i = 0; i < ARRAY_SIZE(arm11->reg_values); i++)
165 arm11->reg_list[i].valid = 1;
166 arm11->reg_list[i].dirty = 0;
169 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
172 CHECK_RETVAL(arm11_read_DSCR(arm11, &R(DSCR)));
176 if (R(DSCR) & ARM11_DSCR_WDTR_FULL)
178 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
180 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
182 struct scan_field chain5_fields[3];
184 arm11_setup_field(arm11, 32, NULL, &R(WDTR), chain5_fields + 0);
185 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 1);
186 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
188 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
192 arm11->reg_list[ARM11_RC_WDTR].valid = 0;
196 /* DSCR: set ARM11_DSCR_EXECUTE_ARM_INSTRUCTION_ENABLE
198 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
199 * but not to issue ITRs. ARM1136 seems to require this to issue
202 uint32_t new_dscr = R(DSCR) | ARM11_DSCR_EXECUTE_ARM_INSTRUCTION_ENABLE;
204 /* this executes JTAG queue: */
206 arm11_write_DSCR(arm11, new_dscr);
210 Before executing any instruction in debug state you have to drain the write buffer.
211 This ensures that no imprecise Data Aborts can return at a later point:*/
213 /** \todo TODO: Test drain write buffer. */
218 /* MRC p14,0,R0,c5,c10,0 */
219 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
221 /* mcr 15, 0, r0, cr7, cr10, {4} */
222 arm11_run_instr_no_data1(arm11, 0xee070f9a);
224 uint32_t dscr = arm11_read_DSCR(arm11);
226 LOG_DEBUG("DRAIN, DSCR %08x", dscr);
228 if (dscr & ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT)
230 arm11_run_instr_no_data1(arm11, 0xe320f000);
232 dscr = arm11_read_DSCR(arm11);
234 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr);
243 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
244 * CPSR and PC after the rDTR stuff. We do it all at once.
246 retval = arm_dpm_read_current_registers(&arm11->dpm);
247 if (retval != ERROR_OK)
248 LOG_ERROR("DPM REG READ -- fail %d", retval);
250 retval = arm11_run_instr_data_prepare(arm11);
251 if (retval != ERROR_OK)
254 /* maybe save rDTR */
256 /* check rDTRfull in DSCR */
258 if (R(DSCR) & ARM11_DSCR_RDTR_FULL)
260 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
261 retval = arm11_run_instr_data_from_core_via_r0(arm11, 0xEE100E15, &R(RDTR));
262 if (retval != ERROR_OK)
267 arm11->reg_list[ARM11_RC_RDTR].valid = 0;
270 /* REVISIT Now that we've saved core state, there's may also
271 * be MMU and cache state to care about ...
274 if (arm11->simulate_reset_on_next_halt)
276 arm11->simulate_reset_on_next_halt = false;
278 LOG_DEBUG("Reset c1 Control Register");
280 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
282 /* MCR p15,0,R0,c1,c0,0 */
283 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee010f10, 0);
284 if (retval != ERROR_OK)
289 retval = arm11_run_instr_data_finish(arm11);
290 if (retval != ERROR_OK)
297 * Restore processor state. This is called in preparation for
298 * the RESTART function.
300 static int arm11_leave_debug_state(struct arm11_common *arm11, bool bpwp)
304 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
306 /* NOTE: the ARM1136 TRM suggests restoring all registers
307 * except R0/PC/CPSR right now. Instead, we do them all
308 * at once, just a bit later on.
311 /* REVISIT once we start caring about MMU and cache state,
312 * address it here ...
315 /* spec says clear wDTR and rDTR; we assume they are clear as
316 otherwise our programming would be sloppy */
320 CHECK_RETVAL(arm11_read_DSCR(arm11, &DSCR));
322 if (DSCR & (ARM11_DSCR_RDTR_FULL | ARM11_DSCR_WDTR_FULL))
325 The wDTR/rDTR two registers that are used to send/receive data to/from
326 the core in tandem with corresponding instruction codes that are
327 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
328 registers hold data that was written by one side (CPU or JTAG) and not
329 read out by the other side.
331 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08" PRIx32 ")", DSCR);
336 /* maybe restore original wDTR */
337 if ((R(DSCR) & ARM11_DSCR_WDTR_FULL) || arm11->reg_list[ARM11_RC_WDTR].dirty)
339 retval = arm11_run_instr_data_prepare(arm11);
340 if (retval != ERROR_OK)
343 /* MCR p14,0,R0,c0,c5,0 */
344 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee000e15, R(WDTR));
345 if (retval != ERROR_OK)
348 retval = arm11_run_instr_data_finish(arm11);
349 if (retval != ERROR_OK)
353 /* restore CPSR, PC, and R0 ... after flushing any modified
356 retval = arm_dpm_write_dirty_registers(&arm11->dpm, bpwp);
358 register_cache_invalidate(arm11->arm.core_cache);
362 arm11_write_DSCR(arm11, R(DSCR));
364 /* maybe restore rDTR */
366 if (R(DSCR) & ARM11_DSCR_RDTR_FULL || arm11->reg_list[ARM11_RC_RDTR].dirty)
368 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
370 arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
372 struct scan_field chain5_fields[3];
374 uint8_t Ready = 0; /* ignored */
375 uint8_t Valid = 0; /* ignored */
377 arm11_setup_field(arm11, 32, &R(RDTR), NULL, chain5_fields + 0);
378 arm11_setup_field(arm11, 1, &Ready, NULL, chain5_fields + 1);
379 arm11_setup_field(arm11, 1, &Valid, NULL, chain5_fields + 2);
381 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
384 /* now processor is ready to RESTART */
389 /* poll current target status */
390 static int arm11_poll(struct target *target)
393 struct arm11_common *arm11 = target_to_arm11(target);
396 CHECK_RETVAL(arm11_read_DSCR(arm11, &dscr));
398 LOG_DEBUG("DSCR %08" PRIx32 "", dscr);
400 CHECK_RETVAL(arm11_check_init(arm11, &dscr));
402 if (dscr & ARM11_DSCR_CORE_HALTED)
404 if (target->state != TARGET_HALTED)
406 enum target_state old_state = target->state;
408 LOG_DEBUG("enter TARGET_HALTED");
409 target->state = TARGET_HALTED;
410 target->debug_reason = arm11_get_DSCR_debug_reason(dscr);
411 retval = arm11_on_enter_debug_state(arm11);
412 if (retval != ERROR_OK)
415 target_call_event_callbacks(target,
416 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED);
421 if (target->state != TARGET_RUNNING && target->state != TARGET_DEBUG_RUNNING)
423 LOG_DEBUG("enter TARGET_RUNNING");
424 target->state = TARGET_RUNNING;
425 target->debug_reason = DBG_REASON_NOTHALTED;
431 /* architecture specific status reply */
432 static int arm11_arch_state(struct target *target)
436 retval = armv4_5_arch_state(target);
438 /* REVISIT also display ARM11-specific MMU and cache status ... */
443 /* target request support */
444 static int arm11_target_request_data(struct target *target,
445 uint32_t size, uint8_t *buffer)
447 LOG_WARNING("Not implemented: %s", __func__);
452 /* target execution control */
453 static int arm11_halt(struct target *target)
455 struct arm11_common *arm11 = target_to_arm11(target);
457 LOG_DEBUG("target->state: %s",
458 target_state_name(target));
460 if (target->state == TARGET_UNKNOWN)
462 arm11->simulate_reset_on_next_halt = true;
465 if (target->state == TARGET_HALTED)
467 LOG_DEBUG("target was already halted");
471 arm11_add_IR(arm11, ARM11_HALT, TAP_IDLE);
473 CHECK_RETVAL(jtag_execute_queue());
480 CHECK_RETVAL(arm11_read_DSCR(arm11, &dscr));
482 if (dscr & ARM11_DSCR_CORE_HALTED)
493 if ((timeval_ms()-then) > 1000)
495 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
502 arm11_on_enter_debug_state(arm11);
504 enum target_state old_state = target->state;
506 target->state = TARGET_HALTED;
507 target->debug_reason = arm11_get_DSCR_debug_reason(dscr);
510 target_call_event_callbacks(target,
511 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED));
517 arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
519 void *value = arm11->arm.core_cache->reg_list[15].value;
522 buf_set_u32(value, 0, 32, address);
524 address = buf_get_u32(value, 0, 32);
529 static int arm11_resume(struct target *target, int current,
530 uint32_t address, int handle_breakpoints, int debug_execution)
532 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
533 // current, address, handle_breakpoints, debug_execution);
535 struct arm11_common *arm11 = target_to_arm11(target);
537 LOG_DEBUG("target->state: %s",
538 target_state_name(target));
541 if (target->state != TARGET_HALTED)
543 LOG_ERROR("Target not halted");
544 return ERROR_TARGET_NOT_HALTED;
547 address = arm11_nextpc(arm11, current, address);
549 LOG_DEBUG("RESUME PC %08" PRIx32 "%s", address, !current ? "!" : "");
551 /* clear breakpoints/watchpoints and VCR*/
552 arm11_sc7_clear_vbw(arm11);
554 if (!debug_execution)
555 target_free_all_working_areas(target);
557 /* Set up breakpoints */
558 if (handle_breakpoints)
560 /* check if one matches PC and step over it if necessary */
562 struct breakpoint * bp;
564 for (bp = target->breakpoints; bp; bp = bp->next)
566 if (bp->address == address)
568 LOG_DEBUG("must step over %08" PRIx32 "", bp->address);
569 arm11_step(target, 1, 0, 0);
574 /* set all breakpoints */
576 unsigned brp_num = 0;
578 for (bp = target->breakpoints; bp; bp = bp->next)
580 struct arm11_sc7_action brp[2];
583 brp[0].address = ARM11_SC7_BVR0 + brp_num;
584 brp[0].value = bp->address;
586 brp[1].address = ARM11_SC7_BCR0 + brp_num;
587 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
589 arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp));
591 LOG_DEBUG("Add BP %d at %08" PRIx32, brp_num,
597 arm11_sc7_set_vcr(arm11, arm11_vcr);
600 arm11_leave_debug_state(arm11, handle_breakpoints);
602 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
604 CHECK_RETVAL(jtag_execute_queue());
611 CHECK_RETVAL(arm11_read_DSCR(arm11, &dscr));
613 LOG_DEBUG("DSCR %08" PRIx32 "", dscr);
615 if (dscr & ARM11_DSCR_CORE_RESTARTED)
626 if ((timeval_ms()-then) > 1000)
628 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
635 if (!debug_execution)
637 target->state = TARGET_RUNNING;
638 target->debug_reason = DBG_REASON_NOTHALTED;
640 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
644 target->state = TARGET_DEBUG_RUNNING;
645 target->debug_reason = DBG_REASON_NOTHALTED;
647 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
653 static int arm11_step(struct target *target, int current,
654 uint32_t address, int handle_breakpoints)
656 LOG_DEBUG("target->state: %s",
657 target_state_name(target));
659 if (target->state != TARGET_HALTED)
661 LOG_WARNING("target was not halted");
662 return ERROR_TARGET_NOT_HALTED;
665 struct arm11_common *arm11 = target_to_arm11(target);
667 address = arm11_nextpc(arm11, current, address);
669 LOG_DEBUG("STEP PC %08" PRIx32 "%s", address, !current ? "!" : "");
672 /** \todo TODO: Thumb not supported here */
674 uint32_t next_instruction;
676 CHECK_RETVAL(arm11_read_memory_word(arm11, address, &next_instruction));
679 if ((next_instruction & 0xFFF00070) == 0xe1200070)
681 address = arm11_nextpc(arm11, 0, address + 4);
682 LOG_DEBUG("Skipping BKPT");
684 /* skip over Wait for interrupt / Standby */
685 /* mcr 15, 0, r?, cr7, cr0, {4} */
686 else if ((next_instruction & 0xFFFF0FFF) == 0xee070f90)
688 address = arm11_nextpc(arm11, 0, address + 4);
689 LOG_DEBUG("Skipping WFI");
691 /* ignore B to self */
692 else if ((next_instruction & 0xFEFFFFFF) == 0xeafffffe)
694 LOG_DEBUG("Not stepping jump to self");
698 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
701 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
702 * the VCR might be something worth looking into. */
705 /* Set up breakpoint for stepping */
707 struct arm11_sc7_action brp[2];
710 brp[0].address = ARM11_SC7_BVR0;
712 brp[1].address = ARM11_SC7_BCR0;
714 if (arm11_config_hardware_step)
716 /* Hardware single stepping ("instruction address
717 * mismatch") is used if enabled. It's not quite
718 * exactly "run one instruction"; "branch to here"
719 * loops won't break, neither will some other cases,
720 * but it's probably the best default.
722 * Hardware single stepping isn't supported on v6
723 * debug modules. ARM1176 and v7 can support it...
725 * FIXME Thumb stepping likely needs to use 0x03
726 * or 0xc0 byte masks, not 0x0f.
728 brp[0].value = address;
729 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
730 | (0 << 14) | (0 << 16) | (0 << 20)
734 /* Sets a breakpoint on the next PC, as calculated
735 * by instruction set simulation.
737 * REVISIT stepping Thumb on ARM1156 requires Thumb2
738 * support from the simulator.
743 retval = arm_simulate_step(target, &next_pc);
744 if (retval != ERROR_OK)
747 brp[0].value = next_pc;
748 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
749 | (0 << 14) | (0 << 16) | (0 << 20)
753 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
758 if (arm11_config_step_irq_enable)
759 R(DSCR) &= ~ARM11_DSCR_INTERRUPTS_DISABLE; /* should be redundant */
761 R(DSCR) |= ARM11_DSCR_INTERRUPTS_DISABLE;
764 CHECK_RETVAL(arm11_leave_debug_state(arm11, handle_breakpoints));
766 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
768 CHECK_RETVAL(jtag_execute_queue());
776 CHECK_RETVAL(arm11_read_DSCR(arm11, &dscr));
778 LOG_DEBUG("DSCR %08" PRIx32 "e", dscr);
780 if ((dscr & (ARM11_DSCR_CORE_RESTARTED | ARM11_DSCR_CORE_HALTED)) ==
781 (ARM11_DSCR_CORE_RESTARTED | ARM11_DSCR_CORE_HALTED))
791 if ((timeval_ms()-then) > 1000)
793 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
800 /* clear breakpoint */
801 arm11_sc7_clear_vbw(arm11);
804 CHECK_RETVAL(arm11_on_enter_debug_state(arm11));
806 /* restore default state */
807 R(DSCR) &= ~ARM11_DSCR_INTERRUPTS_DISABLE;
811 // target->state = TARGET_HALTED;
812 target->debug_reason = DBG_REASON_SINGLESTEP;
814 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_HALTED));
819 static int arm11_assert_reset(struct target *target)
822 struct arm11_common *arm11 = target_to_arm11(target);
824 retval = arm11_check_init(arm11, NULL);
825 if (retval != ERROR_OK)
828 target->state = TARGET_UNKNOWN;
830 /* we would very much like to reset into the halted, state,
831 * but resetting and halting is second best... */
832 if (target->reset_halt)
834 CHECK_RETVAL(target_halt(target));
838 /* srst is funny. We can not do *anything* else while it's asserted
839 * and it has unkonwn side effects. Make sure no other code runs
842 * Code below assumes srst:
844 * - Causes power-on-reset (but of what parts of the system?). Bug
847 * - Messes us TAP state without asserting trst.
849 * - There is another bug in the arm11 core. When you generate an access to
850 * external logic (for example ddr controller via AHB bus) and that block
851 * is not configured (perhaps it is still held in reset), that transaction
852 * will never complete. This will hang arm11 core but it will also hang
853 * JTAG controller. Nothing, short of srst assertion will bring it out of
858 * - What should the PC be after an srst reset when starting in the halted
862 jtag_add_reset(0, 1);
863 jtag_add_reset(0, 0);
865 /* How long do we have to wait? */
866 jtag_add_sleep(5000);
868 /* un-mess up TAP state */
871 retval = jtag_execute_queue();
872 if (retval != ERROR_OK)
880 static int arm11_deassert_reset(struct target *target)
885 static int arm11_soft_reset_halt(struct target *target)
887 LOG_WARNING("Not implemented: %s", __func__);
892 /* target memory access
893 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
894 * count: number of items of <size>
896 * arm11_config_memrw_no_increment - in the future we may want to be able
897 * to read/write a range of data to a "port". a "port" is an action on
898 * read memory address for some peripheral.
900 static int arm11_read_memory_inner(struct target *target,
901 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer,
902 bool arm11_config_memrw_no_increment)
904 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
907 if (target->state != TARGET_HALTED)
909 LOG_WARNING("target was not halted");
910 return ERROR_TARGET_NOT_HALTED;
913 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
915 struct arm11_common *arm11 = target_to_arm11(target);
917 retval = arm11_run_instr_data_prepare(arm11);
918 if (retval != ERROR_OK)
921 /* MRC p14,0,r0,c0,c5,0 */
922 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
923 if (retval != ERROR_OK)
929 arm11->arm.core_cache->reg_list[1].dirty = true;
931 for (size_t i = 0; i < count; i++)
933 /* ldrb r1, [r0], #1 */
935 arm11_run_instr_no_data1(arm11,
936 !arm11_config_memrw_no_increment ? 0xe4d01001 : 0xe5d01000);
939 /* MCR p14,0,R1,c0,c5,0 */
940 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
949 arm11->arm.core_cache->reg_list[1].dirty = true;
951 for (size_t i = 0; i < count; i++)
953 /* ldrh r1, [r0], #2 */
954 arm11_run_instr_no_data1(arm11,
955 !arm11_config_memrw_no_increment ? 0xe0d010b2 : 0xe1d010b0);
959 /* MCR p14,0,R1,c0,c5,0 */
960 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
962 uint16_t svalue = res;
963 memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
971 uint32_t instr = !arm11_config_memrw_no_increment ? 0xecb05e01 : 0xed905e00;
972 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
973 uint32_t *words = (uint32_t *)buffer;
975 /* LDC p14,c5,[R0],#4 */
976 /* LDC p14,c5,[R0] */
977 arm11_run_instr_data_from_core(arm11, instr, words, count);
982 return arm11_run_instr_data_finish(arm11);
985 static int arm11_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
987 return arm11_read_memory_inner(target, address, size, count, buffer, false);
991 * no_increment - in the future we may want to be able
992 * to read/write a range of data to a "port". a "port" is an action on
993 * read memory address for some peripheral.
995 static int arm11_write_memory_inner(struct target *target,
996 uint32_t address, uint32_t size,
997 uint32_t count, uint8_t *buffer,
1002 if (target->state != TARGET_HALTED)
1004 LOG_WARNING("target was not halted");
1005 return ERROR_TARGET_NOT_HALTED;
1008 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
1010 struct arm11_common *arm11 = target_to_arm11(target);
1012 retval = arm11_run_instr_data_prepare(arm11);
1013 if (retval != ERROR_OK)
1016 /* MRC p14,0,r0,c0,c5,0 */
1017 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
1018 if (retval != ERROR_OK)
1021 /* burst writes are not used for single words as those may well be
1022 * reset init script writes.
1024 * The other advantage is that as burst writes are default, we'll
1025 * now exercise both burst and non-burst code paths with the
1026 * default settings, increasing code coverage.
1028 bool burst = arm11_config_memwrite_burst && (count > 1);
1034 arm11->arm.core_cache->reg_list[1].dirty = true;
1036 for (size_t i = 0; i < count; i++)
1038 /* MRC p14,0,r1,c0,c5,0 */
1039 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, *buffer++);
1040 if (retval != ERROR_OK)
1043 /* strb r1, [r0], #1 */
1045 retval = arm11_run_instr_no_data1(arm11,
1049 if (retval != ERROR_OK)
1058 arm11->arm.core_cache->reg_list[1].dirty = true;
1060 for (size_t i = 0; i < count; i++)
1063 memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
1065 /* MRC p14,0,r1,c0,c5,0 */
1066 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, value);
1067 if (retval != ERROR_OK)
1070 /* strh r1, [r0], #2 */
1072 retval = arm11_run_instr_no_data1(arm11,
1076 if (retval != ERROR_OK)
1084 uint32_t instr = !no_increment ? 0xeca05e01 : 0xed805e00;
1086 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1087 uint32_t *words = (uint32_t*)buffer;
1091 /* STC p14,c5,[R0],#4 */
1092 /* STC p14,c5,[R0]*/
1093 retval = arm11_run_instr_data_to_core(arm11, instr, words, count);
1094 if (retval != ERROR_OK)
1099 /* STC p14,c5,[R0],#4 */
1100 /* STC p14,c5,[R0]*/
1101 retval = arm11_run_instr_data_to_core_noack(arm11, instr, words, count);
1102 if (retval != ERROR_OK)
1110 /* r0 verification */
1115 /* MCR p14,0,R0,c0,c5,0 */
1116 retval = arm11_run_instr_data_from_core(arm11, 0xEE000E15, &r0, 1);
1117 if (retval != ERROR_OK)
1120 if (address + size * count != r0)
1122 LOG_ERROR("Data transfer failed. Expected end "
1123 "address 0x%08x, got 0x%08x",
1124 (unsigned) (address + size * count),
1128 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1130 if (arm11_config_memwrite_error_fatal)
1135 return arm11_run_instr_data_finish(arm11);
1138 static int arm11_write_memory(struct target *target,
1139 uint32_t address, uint32_t size,
1140 uint32_t count, uint8_t *buffer)
1142 /* pointer increment matters only for multi-unit writes ...
1143 * not e.g. to a "reset the chip" controller.
1145 return arm11_write_memory_inner(target, address, size,
1146 count, buffer, count == 1);
1149 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1150 static int arm11_bulk_write_memory(struct target *target,
1151 uint32_t address, uint32_t count, uint8_t *buffer)
1153 if (target->state != TARGET_HALTED)
1155 LOG_WARNING("target was not halted");
1156 return ERROR_TARGET_NOT_HALTED;
1159 return arm11_write_memory(target, address, 4, count, buffer);
1162 /* target break-/watchpoint control
1163 * rw: 0 = write, 1 = read, 2 = access
1165 static int arm11_add_breakpoint(struct target *target,
1166 struct breakpoint *breakpoint)
1168 struct arm11_common *arm11 = target_to_arm11(target);
1171 if (breakpoint->type == BKPT_SOFT)
1173 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1174 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1178 if (!arm11->free_brps)
1180 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1181 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1184 if (breakpoint->length != 4)
1186 LOG_DEBUG("only breakpoints of four bytes length supported");
1187 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1195 static int arm11_remove_breakpoint(struct target *target,
1196 struct breakpoint *breakpoint)
1198 struct arm11_common *arm11 = target_to_arm11(target);
1205 static int arm11_target_create(struct target *target, Jim_Interp *interp)
1207 struct arm11_common *arm11;
1209 if (target->tap == NULL)
1212 if (target->tap->ir_length != 5)
1214 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1215 return ERROR_COMMAND_SYNTAX_ERROR;
1218 arm11 = calloc(1, sizeof *arm11);
1222 armv4_5_init_arch_info(target, &arm11->arm);
1224 arm11->target = target;
1226 arm11->jtag_info.tap = target->tap;
1227 arm11->jtag_info.scann_size = 5;
1228 arm11->jtag_info.scann_instr = ARM11_SCAN_N;
1229 /* cur_scan_chain == 0 */
1230 arm11->jtag_info.intest_instr = ARM11_INTEST;
1235 static int arm11_init_target(struct command_context *cmd_ctx,
1236 struct target *target)
1238 /* Initialize anything we can set up without talking to the target */
1240 /* REVISIT do we really want such a debug-registers-only cache?
1241 * If we do, it should probably be handled purely by the DPM code,
1242 * so it works identically on the v7a/v7r cores.
1244 return arm11_build_reg_cache(target);
1247 /* talk to the target and set things up */
1248 static int arm11_examine(struct target *target)
1252 struct arm11_common *arm11 = target_to_arm11(target);
1253 uint32_t didr, device_id;
1254 uint8_t implementor;
1256 /* FIXME split into do-first-time and do-every-time logic ... */
1260 arm11_add_IR(arm11, ARM11_IDCODE, ARM11_TAP_DEFAULT);
1262 struct scan_field idcode_field;
1264 arm11_setup_field(arm11, 32, NULL, &device_id, &idcode_field);
1266 arm11_add_dr_scan_vc(1, &idcode_field, TAP_DRPAUSE);
1270 arm11_add_debug_SCAN_N(arm11, 0x00, ARM11_TAP_DEFAULT);
1272 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
1274 struct scan_field chain0_fields[2];
1276 arm11_setup_field(arm11, 32, NULL, &didr, chain0_fields + 0);
1277 arm11_setup_field(arm11, 8, NULL, &implementor, chain0_fields + 1);
1279 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields), chain0_fields, TAP_IDLE);
1281 CHECK_RETVAL(jtag_execute_queue());
1283 switch (device_id & 0x0FFFF000)
1292 arm11->arm.core_type = ARM_MODE_MON;
1296 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1299 LOG_INFO("found %s", type);
1301 /* unlikely this could ever fail, but ... */
1302 switch ((didr >> 16) & 0x0F) {
1303 case ARM11_DEBUG_V6:
1304 case ARM11_DEBUG_V61: /* supports security extensions */
1307 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1311 arm11->brp = ((didr >> 24) & 0x0F) + 1;
1312 arm11->wrp = ((didr >> 28) & 0x0F) + 1;
1314 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1315 arm11->free_brps = arm11->brp;
1316 arm11->free_wrps = arm11->wrp;
1318 LOG_DEBUG("IDCODE %08" PRIx32 " IMPLEMENTOR %02x DIDR %08" PRIx32,
1319 device_id, implementor, didr);
1321 /* as a side-effect this reads DSCR and thus
1322 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1323 * as suggested by the spec.
1326 retval = arm11_check_init(arm11, NULL);
1327 if (retval != ERROR_OK)
1330 /* Build register cache "late", after target_init(), since we
1331 * want to know if this core supports Secure Monitor mode.
1333 if (!target_was_examined(target))
1334 retval = arm11_dpm_init(arm11, didr);
1336 /* ETM on ARM11 still uses original scanchain 6 access mode */
1337 if (arm11->arm.etm && !target_was_examined(target)) {
1338 *register_get_last_cache_p(&target->reg_cache) =
1339 etm_build_reg_cache(target, &arm11->jtag_info,
1341 retval = etm_setup(target);
1344 target_set_examined(target);
1350 /** Load a register that is marked !valid in the register cache */
1351 static int arm11_get_reg(struct reg *reg)
1353 struct target * target = ((struct arm11_reg_state *)reg->arch_info)->target;
1355 if (target->state != TARGET_HALTED)
1357 LOG_WARNING("target was not halted");
1358 return ERROR_TARGET_NOT_HALTED;
1361 /** \todo TODO: Check this. We assume that all registers are fetched at debug entry. */
1364 struct arm11_common *arm11 = target_to_arm11(target);
1365 const struct arm11_reg_defs *arm11_reg_info = arm11_reg_defs + ((struct arm11_reg_state *)reg->arch_info)->def_index;
1371 /** Change a value in the register cache */
1372 static int arm11_set_reg(struct reg *reg, uint8_t *buf)
1374 struct target *target = ((struct arm11_reg_state *)reg->arch_info)->target;
1375 struct arm11_common *arm11 = target_to_arm11(target);
1376 // const struct arm11_reg_defs *arm11_reg_info = arm11_reg_defs + ((struct arm11_reg_state *)reg->arch_info)->def_index;
1378 arm11->reg_values[((struct arm11_reg_state *)reg->arch_info)->def_index] = buf_get_u32(buf, 0, 32);
1385 static const struct reg_arch_type arm11_reg_type = {
1386 .get = arm11_get_reg,
1387 .set = arm11_set_reg,
1390 static int arm11_build_reg_cache(struct target *target)
1392 struct arm11_common *arm11 = target_to_arm11(target);
1393 struct reg_cache *cache;
1394 struct reg *reg_list;
1395 struct arm11_reg_state *arm11_reg_states;
1397 cache = calloc(1, sizeof *cache);
1398 reg_list = calloc(ARM11_REGCACHE_COUNT, sizeof *reg_list);
1399 arm11_reg_states = calloc(ARM11_REGCACHE_COUNT,
1400 sizeof *arm11_reg_states);
1401 if (!cache || !reg_list || !arm11_reg_states) {
1404 free(arm11_reg_states);
1408 arm11->reg_list = reg_list;
1410 /* build cache for some of the debug registers */
1411 cache->name = "arm11 debug registers";
1412 cache->reg_list = reg_list;
1413 cache->num_regs = ARM11_REGCACHE_COUNT;
1415 struct reg_cache **cache_p = register_get_last_cache_p(&target->reg_cache);
1418 arm11->core_cache = cache;
1422 /* Not very elegant assertion */
1423 if (ARM11_REGCACHE_COUNT != ARRAY_SIZE(arm11->reg_values) ||
1424 ARM11_REGCACHE_COUNT != ARRAY_SIZE(arm11_reg_defs) ||
1425 ARM11_REGCACHE_COUNT != ARM11_RC_MAX)
1427 LOG_ERROR("BUG: arm11->reg_values inconsistent (%d %u %u %d)",
1428 ARM11_REGCACHE_COUNT,
1429 (unsigned) ARRAY_SIZE(arm11->reg_values),
1430 (unsigned) ARRAY_SIZE(arm11_reg_defs),
1432 /* FIXME minimally, use a build_bug_on(X) mechanism;
1433 * runtime exit() here is bad!
1438 for (i = 0; i < ARM11_REGCACHE_COUNT; i++)
1440 struct reg * r = reg_list + i;
1441 const struct arm11_reg_defs * rd = arm11_reg_defs + i;
1442 struct arm11_reg_state * rs = arm11_reg_states + i;
1446 r->value = (uint8_t *)(arm11->reg_values + i);
1449 r->type = &arm11_reg_type;
1453 rs->target = target;
1459 /* FIXME all these BOOL_WRAPPER things should be modifying
1460 * per-instance state, not shared state; ditto the vector
1461 * catch register support. Scan chains with multiple cores
1462 * should be able to say "work with this core like this,
1463 * that core like that". Example, ARM11 MPCore ...
1466 #define ARM11_BOOL_WRAPPER(name, print_name) \
1467 COMMAND_HANDLER(arm11_handle_bool_##name) \
1469 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1470 &arm11_config_##name, print_name); \
1473 ARM11_BOOL_WRAPPER(memwrite_burst, "memory write burst mode")
1474 ARM11_BOOL_WRAPPER(memwrite_error_fatal, "fatal error mode for memory writes")
1475 ARM11_BOOL_WRAPPER(step_irq_enable, "IRQs while stepping")
1476 ARM11_BOOL_WRAPPER(hardware_step, "hardware single step")
1478 COMMAND_HANDLER(arm11_handle_vcr)
1484 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], arm11_vcr);
1487 return ERROR_COMMAND_SYNTAX_ERROR;
1490 LOG_INFO("VCR 0x%08" PRIx32 "", arm11_vcr);
1494 static const struct command_registration arm11_mw_command_handlers[] = {
1497 .handler = &arm11_handle_bool_memwrite_burst,
1498 .mode = COMMAND_ANY,
1499 .help = "Enable/Disable non-standard but fast burst mode"
1500 " (default: enabled)",
1503 .name = "error_fatal",
1504 .handler = &arm11_handle_bool_memwrite_error_fatal,
1505 .mode = COMMAND_ANY,
1506 .help = "Terminate program if transfer error was found"
1507 " (default: enabled)",
1509 COMMAND_REGISTRATION_DONE
1511 static const struct command_registration arm11_any_command_handlers[] = {
1513 /* "hardware_step" is only here to check if the default
1514 * simulate + breakpoint implementation is broken.
1515 * TEMPORARY! NOT DOCUMENTED! */
1516 .name = "hardware_step",
1517 .handler = &arm11_handle_bool_hardware_step,
1518 .mode = COMMAND_ANY,
1519 .help = "DEBUG ONLY - Hardware single stepping"
1520 " (default: disabled)",
1521 .usage = "(enable|disable)",
1525 .mode = COMMAND_ANY,
1526 .help = "memwrite command group",
1527 .chain = arm11_mw_command_handlers,
1530 .name = "step_irq_enable",
1531 .handler = &arm11_handle_bool_step_irq_enable,
1532 .mode = COMMAND_ANY,
1533 .help = "Enable interrupts while stepping"
1534 " (default: disabled)",
1538 .handler = &arm11_handle_vcr,
1539 .mode = COMMAND_ANY,
1540 .help = "Control (Interrupt) Vector Catch Register",
1542 COMMAND_REGISTRATION_DONE
1544 static const struct command_registration arm11_command_handlers[] = {
1546 .chain = arm_command_handlers,
1549 .chain = etm_command_handlers,
1553 .mode = COMMAND_ANY,
1554 .help = "ARM11 command group",
1555 .chain = arm11_any_command_handlers,
1557 COMMAND_REGISTRATION_DONE
1560 /** Holds methods for ARM11xx targets. */
1561 struct target_type arm11_target = {
1565 .arch_state = arm11_arch_state,
1567 .target_request_data = arm11_target_request_data,
1570 .resume = arm11_resume,
1573 .assert_reset = arm11_assert_reset,
1574 .deassert_reset = arm11_deassert_reset,
1575 .soft_reset_halt = arm11_soft_reset_halt,
1577 .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
1579 .read_memory = arm11_read_memory,
1580 .write_memory = arm11_write_memory,
1582 .bulk_write_memory = arm11_bulk_write_memory,
1584 .checksum_memory = arm_checksum_memory,
1585 .blank_check_memory = arm_blank_check_memory,
1587 .add_breakpoint = arm11_add_breakpoint,
1588 .remove_breakpoint = arm11_remove_breakpoint,
1590 .run_algorithm = armv4_5_run_algorithm,
1592 .commands = arm11_command_handlers,
1593 .target_create = arm11_target_create,
1594 .init_target = arm11_init_target,
1595 .examine = arm11_examine,
projects / fw / openocd / blob