1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm11_dbgtap.h"
34 #include "arm_simulator.h"
35 #include <helper/time_support.h>
36 #include "target_type.h"
37 #include "algorithm.h"
39 #include "arm_opcodes.h"
42 #define _DEBUG_INSTRUCTION_EXECUTION_
46 static int arm11_step(struct target *target, int current,
47 uint32_t address, int handle_breakpoints);
50 /** Check and if necessary take control of the system
52 * \param arm11 Target state variable.
54 static int arm11_check_init(struct arm11_common *arm11)
56 CHECK_RETVAL(arm11_read_DSCR(arm11));
58 if (!(arm11->dscr & DSCR_HALT_DBG_MODE)) {
59 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
60 LOG_DEBUG("Bringing target into debug mode");
62 arm11->dscr |= DSCR_HALT_DBG_MODE;
63 CHECK_RETVAL(arm11_write_DSCR(arm11, arm11->dscr));
65 /* add further reset initialization here */
67 arm11->simulate_reset_on_next_halt = true;
69 if (arm11->dscr & DSCR_CORE_HALTED) {
70 /** \todo TODO: this needs further scrutiny because
71 * arm11_debug_entry() never gets called. (WHY NOT?)
72 * As a result we don't read the actual register states from
76 arm11->arm.target->state = TARGET_HALTED;
77 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
79 arm11->arm.target->state = TARGET_RUNNING;
80 arm11->arm.target->debug_reason = DBG_REASON_NOTHALTED;
83 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11));
90 * Save processor state. This is called after a HALT instruction
91 * succeeds, and on other occasions the processor enters debug mode
92 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
94 static int arm11_debug_entry(struct arm11_common *arm11)
98 arm11->arm.target->state = TARGET_HALTED;
99 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
101 /* REVISIT entire cache should already be invalid !!! */
102 register_cache_invalidate(arm11->arm.core_cache);
104 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
106 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
107 arm11->is_wdtr_saved = !!(arm11->dscr & DSCR_DTR_TX_FULL);
108 if (arm11->is_wdtr_saved) {
109 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
111 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
113 struct scan_field chain5_fields[3];
115 arm11_setup_field(arm11, 32, NULL,
116 &arm11->saved_wdtr, chain5_fields + 0);
117 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 1);
118 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
120 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
121 chain5_fields), chain5_fields, TAP_DRPAUSE);
125 /* DSCR: set the Execute ARM instruction enable bit.
127 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
128 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
129 * for executing instructions via ITR.
131 CHECK_RETVAL(arm11_write_DSCR(arm11, DSCR_ITR_EN | arm11->dscr));
135 Before executing any instruction in debug state you have to drain the write buffer.
136 This ensures that no imprecise Data Aborts can return at a later point:*/
138 /** \todo TODO: Test drain write buffer. */
142 /* MRC p14,0,R0,c5,c10,0 */
143 /* arm11_run_instr_no_data1(arm11, / *0xee150e1a* /0xe320f000); */
145 /* mcr 15, 0, r0, cr7, cr10, {4} */
146 arm11_run_instr_no_data1(arm11, 0xee070f9a);
148 uint32_t dscr = arm11_read_DSCR(arm11);
150 LOG_DEBUG("DRAIN, DSCR %08x", dscr);
152 if (dscr & ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT) {
153 arm11_run_instr_no_data1(arm11, 0xe320f000);
155 dscr = arm11_read_DSCR(arm11);
157 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr);
166 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
167 * CPSR and PC after the rDTR stuff. We do it all at once.
169 retval = arm_dpm_read_current_registers(&arm11->dpm);
170 if (retval != ERROR_OK)
171 LOG_ERROR("DPM REG READ -- fail");
173 retval = arm11_run_instr_data_prepare(arm11);
174 if (retval != ERROR_OK)
177 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
178 arm11->is_rdtr_saved = !!(arm11->dscr & DSCR_DTR_RX_FULL);
179 if (arm11->is_rdtr_saved) {
180 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
181 retval = arm11_run_instr_data_from_core_via_r0(arm11,
182 0xEE100E15, &arm11->saved_rdtr);
183 if (retval != ERROR_OK)
187 /* REVISIT Now that we've saved core state, there's may also
188 * be MMU and cache state to care about ...
191 if (arm11->simulate_reset_on_next_halt) {
192 arm11->simulate_reset_on_next_halt = false;
194 LOG_DEBUG("Reset c1 Control Register");
196 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
198 /* MCR p15,0,R0,c1,c0,0 */
199 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee010f10, 0);
200 if (retval != ERROR_OK)
205 if (arm11->arm.target->debug_reason == DBG_REASON_WATCHPOINT) {
208 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
209 retval = arm11_run_instr_data_from_core_via_r0(arm11,
210 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
212 if (retval != ERROR_OK)
214 arm_dpm_report_wfar(arm11->arm.dpm, wfar);
218 retval = arm11_run_instr_data_finish(arm11);
219 if (retval != ERROR_OK)
226 * Restore processor state. This is called in preparation for
227 * the RESTART function.
229 static int arm11_leave_debug_state(struct arm11_common *arm11, bool bpwp)
233 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
235 /* NOTE: the ARM1136 TRM suggests restoring all registers
236 * except R0/PC/CPSR right now. Instead, we do them all
237 * at once, just a bit later on.
240 /* REVISIT once we start caring about MMU and cache state,
241 * address it here ...
244 /* spec says clear wDTR and rDTR; we assume they are clear as
245 otherwise our programming would be sloppy */
247 CHECK_RETVAL(arm11_read_DSCR(arm11));
249 if (arm11->dscr & (DSCR_DTR_RX_FULL | DSCR_DTR_TX_FULL)) {
251 The wDTR/rDTR two registers that are used to send/receive data to/from
252 the core in tandem with corresponding instruction codes that are
253 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
254 registers hold data that was written by one side (CPU or JTAG) and not
255 read out by the other side.
257 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
258 (unsigned) arm11->dscr);
263 /* maybe restore original wDTR */
264 if (arm11->is_wdtr_saved) {
265 retval = arm11_run_instr_data_prepare(arm11);
266 if (retval != ERROR_OK)
269 /* MCR p14,0,R0,c0,c5,0 */
270 retval = arm11_run_instr_data_to_core_via_r0(arm11,
271 0xee000e15, arm11->saved_wdtr);
272 if (retval != ERROR_OK)
275 retval = arm11_run_instr_data_finish(arm11);
276 if (retval != ERROR_OK)
280 /* restore CPSR, PC, and R0 ... after flushing any modified
283 CHECK_RETVAL(arm_dpm_write_dirty_registers(&arm11->dpm, bpwp));
285 CHECK_RETVAL(arm11_bpwp_flush(arm11));
287 register_cache_invalidate(arm11->arm.core_cache);
290 CHECK_RETVAL(arm11_write_DSCR(arm11, arm11->dscr));
292 /* maybe restore rDTR */
293 if (arm11->is_rdtr_saved) {
294 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
296 arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
298 struct scan_field chain5_fields[3];
300 uint8_t Ready = 0; /* ignored */
301 uint8_t Valid = 0; /* ignored */
303 arm11_setup_field(arm11, 32, &arm11->saved_rdtr,
304 NULL, chain5_fields + 0);
305 arm11_setup_field(arm11, 1, &Ready, NULL, chain5_fields + 1);
306 arm11_setup_field(arm11, 1, &Valid, NULL, chain5_fields + 2);
308 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
309 chain5_fields), chain5_fields, TAP_DRPAUSE);
312 /* now processor is ready to RESTART */
317 /* poll current target status */
318 static int arm11_poll(struct target *target)
321 struct arm11_common *arm11 = target_to_arm11(target);
323 CHECK_RETVAL(arm11_check_init(arm11));
325 if (arm11->dscr & DSCR_CORE_HALTED) {
326 if (target->state != TARGET_HALTED) {
327 enum target_state old_state = target->state;
329 LOG_DEBUG("enter TARGET_HALTED");
330 retval = arm11_debug_entry(arm11);
331 if (retval != ERROR_OK)
334 target_call_event_callbacks(target,
335 (old_state == TARGET_DEBUG_RUNNING)
336 ? TARGET_EVENT_DEBUG_HALTED
337 : TARGET_EVENT_HALTED);
340 if (target->state != TARGET_RUNNING && target->state != TARGET_DEBUG_RUNNING) {
341 LOG_DEBUG("enter TARGET_RUNNING");
342 target->state = TARGET_RUNNING;
343 target->debug_reason = DBG_REASON_NOTHALTED;
349 /* architecture specific status reply */
350 static int arm11_arch_state(struct target *target)
352 struct arm11_common *arm11 = target_to_arm11(target);
355 retval = arm_arch_state(target);
357 /* REVISIT also display ARM11-specific MMU and cache status ... */
359 if (target->debug_reason == DBG_REASON_WATCHPOINT)
360 LOG_USER("Watchpoint triggered at PC %#08x",
361 (unsigned) arm11->dpm.wp_pc);
366 /* target execution control */
367 static int arm11_halt(struct target *target)
369 struct arm11_common *arm11 = target_to_arm11(target);
371 LOG_DEBUG("target->state: %s",
372 target_state_name(target));
374 if (target->state == TARGET_UNKNOWN)
375 arm11->simulate_reset_on_next_halt = true;
377 if (target->state == TARGET_HALTED) {
378 LOG_DEBUG("target was already halted");
382 arm11_add_IR(arm11, ARM11_HALT, TAP_IDLE);
384 CHECK_RETVAL(jtag_execute_queue());
389 CHECK_RETVAL(arm11_read_DSCR(arm11));
391 if (arm11->dscr & DSCR_CORE_HALTED)
399 if ((timeval_ms()-then) > 1000) {
400 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
407 enum target_state old_state = target->state;
409 CHECK_RETVAL(arm11_debug_entry(arm11));
412 target_call_event_callbacks(target,
414 TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED));
419 static uint32_t arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
421 void *value = arm11->arm.pc->value;
424 buf_set_u32(value, 0, 32, address);
426 address = buf_get_u32(value, 0, 32);
431 static int arm11_resume(struct target *target, int current,
432 uint32_t address, int handle_breakpoints, int debug_execution)
434 /* LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d", */
435 /* current, address, handle_breakpoints, debug_execution); */
437 struct arm11_common *arm11 = target_to_arm11(target);
439 LOG_DEBUG("target->state: %s",
440 target_state_name(target));
443 if (target->state != TARGET_HALTED) {
444 LOG_ERROR("Target not halted");
445 return ERROR_TARGET_NOT_HALTED;
448 address = arm11_nextpc(arm11, current, address);
450 LOG_DEBUG("RESUME PC %08" PRIx32 "%s", address, !current ? "!" : "");
452 /* clear breakpoints/watchpoints and VCR*/
453 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11));
455 if (!debug_execution)
456 target_free_all_working_areas(target);
458 /* Should we skip over breakpoints matching the PC? */
459 if (handle_breakpoints) {
460 struct breakpoint *bp;
462 for (bp = target->breakpoints; bp; bp = bp->next) {
463 if (bp->address == address) {
464 LOG_DEBUG("must step over %08" PRIx32 "", bp->address);
465 arm11_step(target, 1, 0, 0);
471 /* activate all breakpoints */
473 struct breakpoint *bp;
474 unsigned brp_num = 0;
476 for (bp = target->breakpoints; bp; bp = bp->next) {
477 struct arm11_sc7_action brp[2];
480 brp[0].address = ARM11_SC7_BVR0 + brp_num;
481 brp[0].value = bp->address;
483 brp[1].address = ARM11_SC7_BCR0 + brp_num;
486 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
488 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
490 LOG_DEBUG("Add BP %d at %08" PRIx32, brp_num,
497 CHECK_RETVAL(arm11_sc7_set_vcr(arm11, arm11->vcr));
500 /* activate all watchpoints and breakpoints */
501 CHECK_RETVAL(arm11_leave_debug_state(arm11, true));
503 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
505 CHECK_RETVAL(jtag_execute_queue());
509 CHECK_RETVAL(arm11_read_DSCR(arm11));
511 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
513 if (arm11->dscr & DSCR_CORE_RESTARTED)
521 if ((timeval_ms()-then) > 1000) {
522 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
529 target->debug_reason = DBG_REASON_NOTHALTED;
530 if (!debug_execution)
531 target->state = TARGET_RUNNING;
533 target->state = TARGET_DEBUG_RUNNING;
534 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
539 static int arm11_step(struct target *target, int current,
540 uint32_t address, int handle_breakpoints)
542 LOG_DEBUG("target->state: %s",
543 target_state_name(target));
545 if (target->state != TARGET_HALTED) {
546 LOG_WARNING("target was not halted");
547 return ERROR_TARGET_NOT_HALTED;
550 struct arm11_common *arm11 = target_to_arm11(target);
552 address = arm11_nextpc(arm11, current, address);
554 LOG_DEBUG("STEP PC %08" PRIx32 "%s", address, !current ? "!" : "");
557 /** \todo TODO: Thumb not supported here */
559 uint32_t next_instruction;
561 CHECK_RETVAL(arm11_read_memory_word(arm11, address, &next_instruction));
564 if ((next_instruction & 0xFFF00070) == 0xe1200070) {
565 address = arm11_nextpc(arm11, 0, address + 4);
566 LOG_DEBUG("Skipping BKPT %08" PRIx32, address);
568 /* skip over Wait for interrupt / Standby
569 * mcr 15, 0, r?, cr7, cr0, {4} */
570 else if ((next_instruction & 0xFFFF0FFF) == 0xee070f90) {
571 address = arm11_nextpc(arm11, 0, address + 4);
572 LOG_DEBUG("Skipping WFI %08" PRIx32, address);
574 /* ignore B to self */
575 else if ((next_instruction & 0xFEFFFFFF) == 0xeafffffe)
576 LOG_DEBUG("Not stepping jump to self");
578 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
581 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
582 * the VCR might be something worth looking into. */
585 /* Set up breakpoint for stepping */
587 struct arm11_sc7_action brp[2];
590 brp[0].address = ARM11_SC7_BVR0;
592 brp[1].address = ARM11_SC7_BCR0;
594 if (arm11->hardware_step) {
595 /* Hardware single stepping ("instruction address
596 * mismatch") is used if enabled. It's not quite
597 * exactly "run one instruction"; "branch to here"
598 * loops won't break, neither will some other cases,
599 * but it's probably the best default.
601 * Hardware single stepping isn't supported on v6
602 * debug modules. ARM1176 and v7 can support it...
604 * FIXME Thumb stepping likely needs to use 0x03
605 * or 0xc0 byte masks, not 0x0f.
607 brp[0].value = address;
608 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
609 | (0 << 14) | (0 << 16) | (0 << 20)
612 /* Sets a breakpoint on the next PC, as calculated
613 * by instruction set simulation.
615 * REVISIT stepping Thumb on ARM1156 requires Thumb2
616 * support from the simulator.
621 retval = arm_simulate_step(target, &next_pc);
622 if (retval != ERROR_OK)
625 brp[0].value = next_pc;
626 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
627 | (0 << 14) | (0 << 16) | (0 << 20)
631 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
636 if (arm11->step_irq_enable)
637 /* this disable should be redundant ... */
638 arm11->dscr &= ~DSCR_INT_DIS;
640 arm11->dscr |= DSCR_INT_DIS;
643 CHECK_RETVAL(arm11_leave_debug_state(arm11, handle_breakpoints));
645 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
647 CHECK_RETVAL(jtag_execute_queue());
653 const uint32_t mask = DSCR_CORE_RESTARTED
656 CHECK_RETVAL(arm11_read_DSCR(arm11));
657 LOG_DEBUG("DSCR %08x e", (unsigned) arm11->dscr);
659 if ((arm11->dscr & mask) == mask)
666 if ((timeval_ms()-then) > 1000) {
668 "Timeout (1000ms) waiting for instructions to complete");
675 /* clear breakpoint */
676 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11));
679 CHECK_RETVAL(arm11_debug_entry(arm11));
681 /* restore default state */
682 arm11->dscr &= ~DSCR_INT_DIS;
686 target->debug_reason = DBG_REASON_SINGLESTEP;
688 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_HALTED));
693 static int arm11_assert_reset(struct target *target)
695 struct arm11_common *arm11 = target_to_arm11(target);
697 /* optionally catch reset vector */
698 if (target->reset_halt && !(arm11->vcr & 1))
699 CHECK_RETVAL(arm11_sc7_set_vcr(arm11, arm11->vcr | 1));
701 /* Issue some kind of warm reset. */
702 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
703 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
704 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
705 /* REVISIT handle "pulls" cases, if there's
706 * hardware that needs them to work.
708 jtag_add_reset(0, 1);
710 LOG_ERROR("%s: how to reset?", target_name(target));
714 /* registers are now invalid */
715 register_cache_invalidate(arm11->arm.core_cache);
717 target->state = TARGET_RESET;
723 * - There is another bug in the arm11 core. (iMX31 specific again?)
724 * When you generate an access to external logic (for example DDR
725 * controller via AHB bus) and that block is not configured (perhaps
726 * it is still held in reset), that transaction will never complete.
727 * This will hang arm11 core but it will also hang JTAG controller.
728 * Nothing short of srst assertion will bring it out of this.
731 static int arm11_deassert_reset(struct target *target)
733 struct arm11_common *arm11 = target_to_arm11(target);
736 /* be certain SRST is off */
737 jtag_add_reset(0, 0);
739 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
740 * at least DSCR. OMAP24xx doesn't show that problem, though
741 * SRST-only reset seems to be problematic for other reasons.
742 * (Secure boot sequences being one likelihood!)
746 CHECK_RETVAL(arm11_poll(target));
748 if (target->reset_halt) {
749 if (target->state != TARGET_HALTED) {
750 LOG_WARNING("%s: ran after reset and before halt ...",
751 target_name(target));
752 retval = target_halt(target);
753 if (retval != ERROR_OK)
758 /* maybe restore vector catch config */
759 if (target->reset_halt && !(arm11->vcr & 1))
760 CHECK_RETVAL(arm11_sc7_set_vcr(arm11, arm11->vcr));
765 /* target memory access
766 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
767 * count: number of items of <size>
769 * arm11_config_memrw_no_increment - in the future we may want to be able
770 * to read/write a range of data to a "port". a "port" is an action on
771 * read memory address for some peripheral.
773 static int arm11_read_memory_inner(struct target *target,
774 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer,
775 bool arm11_config_memrw_no_increment)
777 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment
781 if (target->state != TARGET_HALTED) {
782 LOG_WARNING("target was not halted");
783 return ERROR_TARGET_NOT_HALTED;
786 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "",
791 struct arm11_common *arm11 = target_to_arm11(target);
793 retval = arm11_run_instr_data_prepare(arm11);
794 if (retval != ERROR_OK)
797 /* MRC p14,0,r0,c0,c5,0 */
798 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
799 if (retval != ERROR_OK)
804 arm11->arm.core_cache->reg_list[1].dirty = true;
806 for (size_t i = 0; i < count; i++) {
807 /* ldrb r1, [r0], #1 */
809 CHECK_RETVAL(arm11_run_instr_no_data1(arm11,
810 !arm11_config_memrw_no_increment ? 0xe4d01001 : 0xe5d01000));
813 /* MCR p14,0,R1,c0,c5,0 */
814 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1));
823 arm11->arm.core_cache->reg_list[1].dirty = true;
825 for (size_t i = 0; i < count; i++) {
826 /* ldrh r1, [r0], #2 */
827 CHECK_RETVAL(arm11_run_instr_no_data1(arm11,
828 !arm11_config_memrw_no_increment ? 0xe0d010b2 : 0xe1d010b0));
832 /* MCR p14,0,R1,c0,c5,0 */
833 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1));
835 uint16_t svalue = res;
836 memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
844 uint32_t instr = !arm11_config_memrw_no_increment ? 0xecb05e01 : 0xed905e00;
845 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
846 uint32_t *words = (uint32_t *)(void *)buffer;
848 /* LDC p14,c5,[R0],#4 */
849 /* LDC p14,c5,[R0] */
850 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, instr, words, count));
855 return arm11_run_instr_data_finish(arm11);
858 static int arm11_read_memory(struct target *target,
864 return arm11_read_memory_inner(target, address, size, count, buffer, false);
868 * no_increment - in the future we may want to be able
869 * to read/write a range of data to a "port". a "port" is an action on
870 * read memory address for some peripheral.
872 static int arm11_write_memory_inner(struct target *target,
873 uint32_t address, uint32_t size,
874 uint32_t count, const uint8_t *buffer,
879 if (target->state != TARGET_HALTED) {
880 LOG_WARNING("target was not halted");
881 return ERROR_TARGET_NOT_HALTED;
884 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "",
889 struct arm11_common *arm11 = target_to_arm11(target);
891 retval = arm11_run_instr_data_prepare(arm11);
892 if (retval != ERROR_OK)
895 /* load r0 with buffer address
896 * MRC p14,0,r0,c0,c5,0 */
897 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
898 if (retval != ERROR_OK)
901 /* burst writes are not used for single words as those may well be
902 * reset init script writes.
904 * The other advantage is that as burst writes are default, we'll
905 * now exercise both burst and non-burst code paths with the
906 * default settings, increasing code coverage.
908 bool burst = arm11->memwrite_burst && (count > 1);
913 arm11->arm.core_cache->reg_list[1].dirty = true;
915 for (size_t i = 0; i < count; i++) {
916 /* load r1 from DCC with byte data */
917 /* MRC p14,0,r1,c0,c5,0 */
918 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, *buffer++);
919 if (retval != ERROR_OK)
922 /* write r1 to memory */
923 /* strb r1, [r0], #1 */
925 retval = arm11_run_instr_no_data1(arm11,
926 !no_increment ? 0xe4c01001 : 0xe5c01000);
927 if (retval != ERROR_OK)
936 arm11->arm.core_cache->reg_list[1].dirty = true;
938 for (size_t i = 0; i < count; i++) {
940 memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
942 /* load r1 from DCC with halfword data */
943 /* MRC p14,0,r1,c0,c5,0 */
944 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, value);
945 if (retval != ERROR_OK)
948 /* write r1 to memory */
949 /* strh r1, [r0], #2 */
951 retval = arm11_run_instr_no_data1(arm11,
952 !no_increment ? 0xe0c010b2 : 0xe1c010b0);
953 if (retval != ERROR_OK)
961 /* stream word data through DCC directly to memory */
962 /* increment: STC p14,c5,[R0],#4 */
963 /* no increment: STC p14,c5,[R0]*/
964 uint32_t instr = !no_increment ? 0xeca05e01 : 0xed805e00;
966 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
967 uint32_t *words = (uint32_t *)(void *)buffer;
969 /* "burst" here just means trusting each instruction executes
970 * fully before we run the next one: per-word roundtrips, to
971 * check the Ready flag, are not used.
974 retval = arm11_run_instr_data_to_core(arm11,
975 instr, words, count);
977 retval = arm11_run_instr_data_to_core_noack(arm11,
978 instr, words, count);
979 if (retval != ERROR_OK)
986 /* r0 verification */
990 /* MCR p14,0,R0,c0,c5,0 */
991 retval = arm11_run_instr_data_from_core(arm11, 0xEE000E15, &r0, 1);
992 if (retval != ERROR_OK)
995 if (address + size * count != r0) {
996 LOG_ERROR("Data transfer failed. Expected end "
997 "address 0x%08x, got 0x%08x",
998 (unsigned) (address + size * count),
1003 "use 'arm11 memwrite burst disable' to disable fast burst mode");
1006 if (arm11->memwrite_error_fatal)
1011 return arm11_run_instr_data_finish(arm11);
1014 static int arm11_write_memory(struct target *target,
1015 uint32_t address, uint32_t size,
1016 uint32_t count, const uint8_t *buffer)
1018 /* pointer increment matters only for multi-unit writes ...
1019 * not e.g. to a "reset the chip" controller.
1021 return arm11_write_memory_inner(target, address, size,
1022 count, buffer, count == 1);
1025 /* target break-/watchpoint control
1026 * rw: 0 = write, 1 = read, 2 = access
1028 static int arm11_add_breakpoint(struct target *target,
1029 struct breakpoint *breakpoint)
1031 struct arm11_common *arm11 = target_to_arm11(target);
1034 if (breakpoint->type == BKPT_SOFT) {
1035 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1036 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1040 if (!arm11->free_brps) {
1041 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1042 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1045 if (breakpoint->length != 4) {
1046 LOG_DEBUG("only breakpoints of four bytes length supported");
1047 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1055 static int arm11_remove_breakpoint(struct target *target,
1056 struct breakpoint *breakpoint)
1058 struct arm11_common *arm11 = target_to_arm11(target);
1065 static int arm11_target_create(struct target *target, Jim_Interp *interp)
1067 struct arm11_common *arm11;
1069 if (target->tap == NULL)
1072 if (target->tap->ir_length != 5) {
1073 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1074 return ERROR_COMMAND_SYNTAX_ERROR;
1077 arm11 = calloc(1, sizeof *arm11);
1081 arm11->arm.core_type = ARM_MODE_ANY;
1082 arm_init_arch_info(target, &arm11->arm);
1084 arm11->jtag_info.tap = target->tap;
1085 arm11->jtag_info.scann_size = 5;
1086 arm11->jtag_info.scann_instr = ARM11_SCAN_N;
1087 arm11->jtag_info.cur_scan_chain = ~0; /* invalid/unknown */
1088 arm11->jtag_info.intest_instr = ARM11_INTEST;
1090 arm11->memwrite_burst = true;
1091 arm11->memwrite_error_fatal = true;
1096 static int arm11_init_target(struct command_context *cmd_ctx,
1097 struct target *target)
1099 /* Initialize anything we can set up without talking to the target */
1103 /* talk to the target and set things up */
1104 static int arm11_examine(struct target *target)
1108 struct arm11_common *arm11 = target_to_arm11(target);
1109 uint32_t didr, device_id;
1110 uint8_t implementor;
1112 /* FIXME split into do-first-time and do-every-time logic ... */
1116 arm11_add_IR(arm11, ARM11_IDCODE, ARM11_TAP_DEFAULT);
1118 struct scan_field idcode_field;
1120 arm11_setup_field(arm11, 32, NULL, &device_id, &idcode_field);
1122 arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &idcode_field, TAP_DRPAUSE);
1126 arm11_add_debug_SCAN_N(arm11, 0x00, ARM11_TAP_DEFAULT);
1128 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
1130 struct scan_field chain0_fields[2];
1132 arm11_setup_field(arm11, 32, NULL, &didr, chain0_fields + 0);
1133 arm11_setup_field(arm11, 8, NULL, &implementor, chain0_fields + 1);
1135 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
1136 chain0_fields), chain0_fields, TAP_IDLE);
1138 CHECK_RETVAL(jtag_execute_queue());
1140 /* assume the manufacturer id is ok; check the part # */
1141 switch ((device_id >> 12) & 0xFFFF) {
1146 type = "ARM11 MPCore";
1152 arm11->arm.core_type = ARM_MODE_MON;
1153 /* NOTE: could default arm11->hardware_step to true */
1157 LOG_ERROR("unexpected ARM11 ID code");
1160 LOG_INFO("found %s", type);
1162 /* unlikely this could ever fail, but ... */
1163 switch ((didr >> 16) & 0x0F) {
1164 case ARM11_DEBUG_V6:
1165 case ARM11_DEBUG_V61: /* supports security extensions */
1168 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1172 arm11->brp = ((didr >> 24) & 0x0F) + 1;
1174 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1175 arm11->free_brps = arm11->brp;
1177 LOG_DEBUG("IDCODE %08" PRIx32 " IMPLEMENTOR %02x DIDR %08" PRIx32,
1178 device_id, implementor, didr);
1180 /* Build register cache "late", after target_init(), since we
1181 * want to know if this core supports Secure Monitor mode.
1183 if (!target_was_examined(target))
1184 CHECK_RETVAL(arm11_dpm_init(arm11, didr));
1186 /* as a side-effect this reads DSCR and thus
1187 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1188 * as suggested by the spec.
1191 retval = arm11_check_init(arm11);
1192 if (retval != ERROR_OK)
1195 /* ETM on ARM11 still uses original scanchain 6 access mode */
1196 if (arm11->arm.etm && !target_was_examined(target)) {
1197 *register_get_last_cache_p(&target->reg_cache) =
1198 etm_build_reg_cache(target, &arm11->jtag_info,
1200 CHECK_RETVAL(etm_setup(target));
1203 target_set_examined(target);
1208 #define ARM11_BOOL_WRAPPER(name, print_name) \
1209 COMMAND_HANDLER(arm11_handle_bool_ ## name) \
1211 struct target *target = get_current_target(CMD_CTX); \
1212 struct arm11_common *arm11 = target_to_arm11(target); \
1214 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1215 &arm11->name, print_name); \
1218 ARM11_BOOL_WRAPPER(memwrite_burst, "memory write burst mode")
1219 ARM11_BOOL_WRAPPER(memwrite_error_fatal, "fatal error mode for memory writes")
1220 ARM11_BOOL_WRAPPER(step_irq_enable, "IRQs while stepping")
1221 ARM11_BOOL_WRAPPER(hardware_step, "hardware single step")
1223 /* REVISIT handle the VCR bits like other ARMs: use symbols for
1224 * input and output values.
1227 COMMAND_HANDLER(arm11_handle_vcr)
1229 struct target *target = get_current_target(CMD_CTX);
1230 struct arm11_common *arm11 = target_to_arm11(target);
1236 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], arm11->vcr);
1239 return ERROR_COMMAND_SYNTAX_ERROR;
1242 LOG_INFO("VCR 0x%08" PRIx32 "", arm11->vcr);
1246 static const struct command_registration arm11_mw_command_handlers[] = {
1249 .handler = arm11_handle_bool_memwrite_burst,
1250 .mode = COMMAND_ANY,
1251 .help = "Display or modify flag controlling potentially "
1252 "risky fast burst mode (default: enabled)",
1253 .usage = "['enable'|'disable']",
1256 .name = "error_fatal",
1257 .handler = arm11_handle_bool_memwrite_error_fatal,
1258 .mode = COMMAND_ANY,
1259 .help = "Display or modify flag controlling transfer "
1260 "termination on transfer errors"
1261 " (default: enabled)",
1262 .usage = "['enable'|'disable']",
1264 COMMAND_REGISTRATION_DONE
1266 static const struct command_registration arm11_any_command_handlers[] = {
1268 /* "hardware_step" is only here to check if the default
1269 * simulate + breakpoint implementation is broken.
1270 * TEMPORARY! NOT DOCUMENTED! */
1271 .name = "hardware_step",
1272 .handler = arm11_handle_bool_hardware_step,
1273 .mode = COMMAND_ANY,
1274 .help = "DEBUG ONLY - Hardware single stepping"
1275 " (default: disabled)",
1276 .usage = "['enable'|'disable']",
1280 .mode = COMMAND_ANY,
1281 .help = "memwrite command group",
1283 .chain = arm11_mw_command_handlers,
1286 .name = "step_irq_enable",
1287 .handler = arm11_handle_bool_step_irq_enable,
1288 .mode = COMMAND_ANY,
1289 .help = "Display or modify flag controlling interrupt "
1290 "enable while stepping (default: disabled)",
1291 .usage = "['enable'|'disable']",
1295 .handler = arm11_handle_vcr,
1296 .mode = COMMAND_ANY,
1297 .help = "Display or modify Vector Catch Register",
1300 COMMAND_REGISTRATION_DONE
1303 static const struct command_registration arm11_command_handlers[] = {
1305 .chain = arm_command_handlers,
1308 .chain = etm_command_handlers,
1312 .mode = COMMAND_ANY,
1313 .help = "ARM11 command group",
1315 .chain = arm11_any_command_handlers,
1317 COMMAND_REGISTRATION_DONE
1320 /** Holds methods for ARM11xx targets. */
1321 struct target_type arm11_target = {
1325 .arch_state = arm11_arch_state,
1328 .resume = arm11_resume,
1331 .assert_reset = arm11_assert_reset,
1332 .deassert_reset = arm11_deassert_reset,
1334 .get_gdb_reg_list = arm_get_gdb_reg_list,
1336 .read_memory = arm11_read_memory,
1337 .write_memory = arm11_write_memory,
1339 .checksum_memory = arm_checksum_memory,
1340 .blank_check_memory = arm_blank_check_memory,
1342 .add_breakpoint = arm11_add_breakpoint,
1343 .remove_breakpoint = arm11_remove_breakpoint,
1345 .run_algorithm = armv4_5_run_algorithm,
1347 .commands = arm11_command_handlers,
1348 .target_create = arm11_target_create,
1349 .init_target = arm11_init_target,
1350 .examine = arm11_examine,
projects / fw / openocd / blob