1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
24 #include "replacements.h"
26 #include "embeddedice.h"
28 #include "target_request.h"
33 #include "arm7_9_common.h"
34 #include "breakpoints.h"
40 #include <sys/types.h>
45 int arm7_9_debug_entry(target_t *target);
46 int arm7_9_enable_sw_bkpts(struct target_s *target);
48 /* command handler forward declarations */
49 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int arm7_9_reinit_embeddedice(target_t *target)
62 armv4_5_common_t *armv4_5 = target->arch_info;
63 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
65 breakpoint_t *breakpoint = target->breakpoints;
67 arm7_9->wp_available = 2;
71 /* mark all hardware breakpoints as unset */
74 if (breakpoint->type == BKPT_HARD)
78 breakpoint = breakpoint->next;
81 if (arm7_9->sw_bkpts_enabled && arm7_9->sw_bkpts_use_wp)
83 arm7_9->sw_bkpts_enabled = 0;
84 arm7_9_enable_sw_bkpts(target);
87 arm7_9->reinit_embeddedice = 0;
92 int arm7_9_jtag_callback(enum jtag_event event, void *priv)
94 target_t *target = priv;
95 armv4_5_common_t *armv4_5 = target->arch_info;
96 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
98 /* a test-logic reset occured
99 * the EmbeddedICE registers have been reset
100 * hardware breakpoints have been cleared
102 if (event == JTAG_TRST_ASSERTED)
104 arm7_9->reinit_embeddedice = 1;
110 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
112 armv4_5_common_t *armv4_5 = target->arch_info;
113 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
115 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
120 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
125 *armv4_5_p = armv4_5;
131 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
133 armv4_5_common_t *armv4_5 = target->arch_info;
134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
136 if (target->state != TARGET_HALTED)
138 LOG_WARNING("target not halted");
139 return ERROR_TARGET_NOT_HALTED;
142 if (arm7_9->force_hw_bkpts)
143 breakpoint->type = BKPT_HARD;
147 LOG_WARNING("breakpoint already set");
151 if (breakpoint->type == BKPT_HARD)
153 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
154 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
155 if (!arm7_9->wp0_used)
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
159 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
160 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
163 jtag_execute_queue();
164 arm7_9->wp0_used = 1;
167 else if (!arm7_9->wp1_used)
169 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
170 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
171 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
172 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
173 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
175 jtag_execute_queue();
176 arm7_9->wp1_used = 1;
181 LOG_ERROR("BUG: no hardware comparator available");
185 else if (breakpoint->type == BKPT_SOFT)
187 if (breakpoint->length == 4)
189 u32 verify = 0xffffffff;
190 /* keep the original instruction in target endianness */
191 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
192 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
193 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
195 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
196 if (verify != arm7_9->arm_bkpt)
198 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x", breakpoint->address);
205 /* keep the original instruction in target endianness */
206 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
207 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
208 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
210 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
211 if (verify != arm7_9->thumb_bkpt)
213 LOG_ERROR("Unable to set thumb software breakpoint at address %08x", breakpoint->address);
224 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
226 armv4_5_common_t *armv4_5 = target->arch_info;
227 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
229 if (target->state != TARGET_HALTED)
231 LOG_WARNING("target not halted");
232 return ERROR_TARGET_NOT_HALTED;
235 if (!breakpoint->set)
237 LOG_WARNING("breakpoint not set");
241 if (breakpoint->type == BKPT_HARD)
243 if (breakpoint->set == 1)
245 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
246 jtag_execute_queue();
247 arm7_9->wp0_used = 0;
249 else if (breakpoint->set == 2)
251 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
252 jtag_execute_queue();
253 arm7_9->wp1_used = 0;
259 /* restore original instruction (kept in target endianness) */
260 if (breakpoint->length == 4)
263 /* check that user program as not modified breakpoint instruction */
264 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
265 if (current_instr==arm7_9->arm_bkpt)
266 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
271 /* check that user program as not modified breakpoint instruction */
272 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
273 if (current_instr==arm7_9->thumb_bkpt)
274 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
282 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
284 armv4_5_common_t *armv4_5 = target->arch_info;
285 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
287 if (target->state != TARGET_HALTED)
289 LOG_WARNING("target not halted");
290 return ERROR_TARGET_NOT_HALTED;
293 if (arm7_9->force_hw_bkpts)
295 LOG_DEBUG("forcing use of hardware breakpoint at address 0x%8.8x", breakpoint->address);
296 breakpoint->type = BKPT_HARD;
299 if ((breakpoint->type == BKPT_SOFT) && (arm7_9->sw_bkpts_enabled == 0))
301 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
302 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
305 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
307 LOG_INFO("no watchpoint unit available for hardware breakpoint");
308 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
311 if ((breakpoint->length != 2) && (breakpoint->length != 4))
313 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
314 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
317 if (breakpoint->type == BKPT_HARD)
318 arm7_9->wp_available--;
323 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
325 armv4_5_common_t *armv4_5 = target->arch_info;
326 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
328 if (target->state != TARGET_HALTED)
330 LOG_WARNING("target not halted");
331 return ERROR_TARGET_NOT_HALTED;
336 arm7_9_unset_breakpoint(target, breakpoint);
339 if (breakpoint->type == BKPT_HARD)
340 arm7_9->wp_available++;
345 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
347 armv4_5_common_t *armv4_5 = target->arch_info;
348 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
352 mask = watchpoint->length - 1;
354 if (target->state != TARGET_HALTED)
356 LOG_WARNING("target not halted");
357 return ERROR_TARGET_NOT_HALTED;
360 if (watchpoint->rw == WPT_ACCESS)
365 if (!arm7_9->wp0_used)
367 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
368 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
369 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
370 if( watchpoint->mask != 0xffffffffu )
371 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
372 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
373 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
375 jtag_execute_queue();
377 arm7_9->wp0_used = 2;
379 else if (!arm7_9->wp1_used)
381 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
382 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
383 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
384 if( watchpoint->mask != 0xffffffffu )
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
386 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
387 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
389 jtag_execute_queue();
391 arm7_9->wp1_used = 2;
395 LOG_ERROR("BUG: no hardware comparator available");
402 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
404 armv4_5_common_t *armv4_5 = target->arch_info;
405 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
407 if (target->state != TARGET_HALTED)
409 LOG_WARNING("target not halted");
410 return ERROR_TARGET_NOT_HALTED;
413 if (!watchpoint->set)
415 LOG_WARNING("breakpoint not set");
419 if (watchpoint->set == 1)
421 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
422 jtag_execute_queue();
423 arm7_9->wp0_used = 0;
425 else if (watchpoint->set == 2)
427 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
428 jtag_execute_queue();
429 arm7_9->wp1_used = 0;
436 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
438 armv4_5_common_t *armv4_5 = target->arch_info;
439 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
441 if (target->state != TARGET_HALTED)
443 LOG_WARNING("target not halted");
444 return ERROR_TARGET_NOT_HALTED;
447 if (arm7_9->wp_available < 1)
449 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
452 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
454 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
457 arm7_9->wp_available--;
462 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
464 armv4_5_common_t *armv4_5 = target->arch_info;
465 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
467 if (target->state != TARGET_HALTED)
469 LOG_WARNING("target not halted");
470 return ERROR_TARGET_NOT_HALTED;
475 arm7_9_unset_watchpoint(target, watchpoint);
478 arm7_9->wp_available++;
483 int arm7_9_enable_sw_bkpts(struct target_s *target)
485 armv4_5_common_t *armv4_5 = target->arch_info;
486 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
489 if (arm7_9->sw_bkpts_enabled)
492 if (arm7_9->wp_available < 1)
494 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
495 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
497 arm7_9->wp_available--;
499 if (!arm7_9->wp0_used)
501 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
502 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
503 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
505 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
506 arm7_9->sw_bkpts_enabled = 1;
507 arm7_9->wp0_used = 3;
509 else if (!arm7_9->wp1_used)
511 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
512 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
513 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
514 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
515 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
516 arm7_9->sw_bkpts_enabled = 2;
517 arm7_9->wp1_used = 3;
521 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
525 if ((retval = jtag_execute_queue()) != ERROR_OK)
527 LOG_ERROR("error writing EmbeddedICE registers to enable sw breakpoints");
534 int arm7_9_disable_sw_bkpts(struct target_s *target)
536 armv4_5_common_t *armv4_5 = target->arch_info;
537 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
539 if (!arm7_9->sw_bkpts_enabled)
542 if (arm7_9->sw_bkpts_enabled == 1)
544 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
545 arm7_9->sw_bkpts_enabled = 0;
546 arm7_9->wp0_used = 0;
547 arm7_9->wp_available++;
549 else if (arm7_9->sw_bkpts_enabled == 2)
551 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
552 arm7_9->sw_bkpts_enabled = 0;
553 arm7_9->wp1_used = 0;
554 arm7_9->wp_available++;
560 int arm7_9_execute_sys_speed(struct target_s *target)
565 armv4_5_common_t *armv4_5 = target->arch_info;
566 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
567 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
568 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
570 /* set RESTART instruction */
571 jtag_add_end_state(TAP_RTI);
572 arm_jtag_set_instr(jtag_info, 0x4, NULL);
574 for (timeout=0; timeout<50; timeout++)
576 /* read debug status register */
577 embeddedice_read_reg(dbg_stat);
578 if ((retval = jtag_execute_queue()) != ERROR_OK)
580 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
581 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
587 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
588 return ERROR_TARGET_TIMEOUT;
594 int arm7_9_execute_fast_sys_speed(struct target_s *target)
597 static u8 check_value[4], check_mask[4];
599 armv4_5_common_t *armv4_5 = target->arch_info;
600 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
601 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
602 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
604 /* set RESTART instruction */
605 jtag_add_end_state(TAP_RTI);
606 arm_jtag_set_instr(jtag_info, 0x4, NULL);
610 /* check for DBGACK and SYSCOMP set (others don't care) */
612 /* NB! These are constants that must be available until after next jtag_execute() and
613 we evaluate the values upon first execution in lieu of setting up these constants
616 buf_set_u32(check_value, 0, 32, 0x9);
617 buf_set_u32(check_mask, 0, 32, 0x9);
621 /* read debug status register */
622 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
627 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
629 armv4_5_common_t *armv4_5 = target->arch_info;
630 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
631 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
635 data = malloc(size * (sizeof(u32)));
637 embeddedice_receive(jtag_info, data, size);
639 for (i = 0; i < size; i++)
641 h_u32_to_le(buffer + (i * 4), data[i]);
649 int arm7_9_handle_target_request(void *priv)
651 target_t *target = priv;
652 armv4_5_common_t *armv4_5 = target->arch_info;
653 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
654 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
655 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
657 if (!target->dbg_msg_enabled)
660 if (target->state == TARGET_RUNNING)
662 /* read DCC control register */
663 embeddedice_read_reg(dcc_control);
664 jtag_execute_queue();
667 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
671 embeddedice_receive(jtag_info, &request, 1);
672 target_request(target, request);
679 int arm7_9_poll(target_t *target)
682 armv4_5_common_t *armv4_5 = target->arch_info;
683 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
684 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
686 if (arm7_9->reinit_embeddedice)
688 arm7_9_reinit_embeddedice(target);
691 /* read debug status register */
692 embeddedice_read_reg(dbg_stat);
693 if ((retval = jtag_execute_queue()) != ERROR_OK)
698 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
700 LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));
701 if (target->state == TARGET_UNKNOWN)
703 target->state = TARGET_RUNNING;
704 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
706 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
708 target->state = TARGET_HALTED;
709 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
712 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
714 if (target->state == TARGET_DEBUG_RUNNING)
716 target->state = TARGET_HALTED;
717 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
720 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
722 if (target->state != TARGET_HALTED)
724 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
729 if (target->state != TARGET_DEBUG_RUNNING)
730 target->state = TARGET_RUNNING;
736 int arm7_9_assert_reset(target_t *target)
740 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
742 if (target->state == TARGET_HALTED || target->state == TARGET_UNKNOWN)
744 /* if the target wasn't running, there might be working areas allocated */
745 target_free_all_working_areas(target);
747 /* assert SRST and TRST */
748 /* system would get ouf sync if we didn't reset test-logic, too */
749 if ((retval = jtag_add_reset(1, 1)) != ERROR_OK)
751 if (retval == ERROR_JTAG_RESET_CANT_SRST)
757 LOG_ERROR("unknown error");
761 jtag_add_sleep(5000);
762 if ((retval = jtag_add_reset(0, 1)) != ERROR_OK)
764 if (retval == ERROR_JTAG_RESET_WOULD_ASSERT_TRST)
766 retval = jtag_add_reset(1, 1);
772 if ((retval = jtag_add_reset(0, 1)) != ERROR_OK)
774 if (retval == ERROR_JTAG_RESET_WOULD_ASSERT_TRST)
776 retval = jtag_add_reset(1, 1);
779 if (retval == ERROR_JTAG_RESET_CANT_SRST)
783 else if (retval != ERROR_OK)
785 LOG_ERROR("unknown error");
791 target->state = TARGET_RESET;
792 jtag_add_sleep(50000);
794 armv4_5_invalidate_core_regs(target);
800 int arm7_9_deassert_reset(target_t *target)
802 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
804 /* deassert reset lines */
805 jtag_add_reset(0, 0);
810 int arm7_9_clear_halt(target_t *target)
812 armv4_5_common_t *armv4_5 = target->arch_info;
813 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
814 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
816 /* we used DBGRQ only if we didn't come out of reset */
817 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
819 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
821 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
822 embeddedice_store_reg(dbg_ctrl);
826 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
828 /* if we came out of reset, and vector catch is supported, we used
829 * vector catch to enter debug state
830 * restore the register in that case
832 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
836 /* restore registers if watchpoint unit 0 was in use
838 if (arm7_9->wp0_used)
840 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
841 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
842 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
844 /* control value always has to be restored, as it was either disabled,
845 * or enabled with possibly different bits
847 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
854 int arm7_9_soft_reset_halt(struct target_s *target)
856 armv4_5_common_t *armv4_5 = target->arch_info;
857 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
858 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
859 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
863 if ((retval=target->type->halt(target))!=ERROR_OK)
868 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
870 embeddedice_read_reg(dbg_stat);
871 if ((retval=jtag_execute_queue())!=ERROR_OK)
873 /* do not eat all CPU, time out after 1 se*/
879 LOG_ERROR("Failed to halt CPU after 1 sec");
880 return ERROR_TARGET_TIMEOUT;
882 target->state = TARGET_HALTED;
884 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
885 * ensure that DBGRQ is cleared
887 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
888 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
889 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
890 embeddedice_store_reg(dbg_ctrl);
892 arm7_9_clear_halt(target);
894 /* if the target is in Thumb state, change to ARM state */
895 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
897 u32 r0_thumb, pc_thumb;
898 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
899 /* Entered debug from Thumb mode */
900 armv4_5->core_state = ARMV4_5_STATE_THUMB;
901 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
904 /* all register content is now invalid */
905 armv4_5_invalidate_core_regs(target);
907 /* SVC, ARM state, IRQ and FIQ disabled */
908 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
909 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
910 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
912 /* start fetching from 0x0 */
913 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
914 armv4_5->core_cache->reg_list[15].dirty = 1;
915 armv4_5->core_cache->reg_list[15].valid = 1;
917 armv4_5->core_mode = ARMV4_5_MODE_SVC;
918 armv4_5->core_state = ARMV4_5_STATE_ARM;
920 /* reset registers */
921 for (i = 0; i <= 14; i++)
923 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
924 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
925 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
928 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
933 int arm7_9_prepare_reset_halt(target_t *target)
935 armv4_5_common_t *armv4_5 = target->arch_info;
936 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
938 /* poll the target, and resume if it was currently halted */
940 if (target->state == TARGET_HALTED)
942 arm7_9_resume(target, 1, 0x0, 0, 1);
945 if (arm7_9->has_vector_catch)
947 /* program vector catch register to catch reset vector */
948 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
952 /* program watchpoint unit to match on reset vector address */
953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
962 int arm7_9_halt(target_t *target)
964 armv4_5_common_t *armv4_5 = target->arch_info;
965 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
966 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
968 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
970 if (target->state == TARGET_HALTED)
972 LOG_WARNING("target was already halted");
976 if (target->state == TARGET_UNKNOWN)
978 LOG_WARNING("target was in unknown state when halt was requested");
981 if (target->state == TARGET_RESET)
983 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) && jtag_srst)
985 LOG_ERROR("can't request a halt while in reset if nSRST pulls nTRST");
986 return ERROR_TARGET_FAILURE;
990 /* we came here in a reset_halt or reset_init sequence
991 * debug entry was already prepared in arm7_9_prepare_reset_halt()
993 target->debug_reason = DBG_REASON_DBGRQ;
999 if (arm7_9->use_dbgrq)
1001 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1003 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1004 embeddedice_store_reg(dbg_ctrl);
1008 /* program watchpoint unit to match on any address
1010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1011 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1012 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
1013 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
1016 target->debug_reason = DBG_REASON_DBGRQ;
1021 int arm7_9_debug_entry(target_t *target)
1026 u32 r0_thumb, pc_thumb;
1029 /* get pointers to arch-specific information */
1030 armv4_5_common_t *armv4_5 = target->arch_info;
1031 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1032 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1033 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1035 #ifdef _DEBUG_ARM7_9_
1039 if (arm7_9->pre_debug_entry)
1040 arm7_9->pre_debug_entry(target);
1042 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1043 * ensure that DBGRQ is cleared
1045 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1046 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1047 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1048 embeddedice_store_reg(dbg_ctrl);
1050 arm7_9_clear_halt(target);
1052 if ((retval = jtag_execute_queue()) != ERROR_OK)
1056 case ERROR_JTAG_QUEUE_FAILED:
1057 LOG_ERROR("JTAG queue failed while writing EmbeddedICE control register");
1065 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1069 if (target->state != TARGET_HALTED)
1071 LOG_WARNING("target not halted");
1072 return ERROR_TARGET_NOT_HALTED;
1075 /* if the target is in Thumb state, change to ARM state */
1076 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1078 LOG_DEBUG("target entered debug from Thumb state");
1079 /* Entered debug from Thumb mode */
1080 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1081 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1082 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1086 LOG_DEBUG("target entered debug from ARM state");
1087 /* Entered debug from ARM mode */
1088 armv4_5->core_state = ARMV4_5_STATE_ARM;
1091 for (i = 0; i < 16; i++)
1092 context_p[i] = &context[i];
1093 /* save core registers (r0 - r15 of current core mode) */
1094 arm7_9->read_core_regs(target, 0xffff, context_p);
1096 arm7_9->read_xpsr(target, &cpsr, 0);
1098 if ((retval = jtag_execute_queue()) != ERROR_OK)
1101 /* if the core has been executing in Thumb state, set the T bit */
1102 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1105 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1106 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1107 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1109 armv4_5->core_mode = cpsr & 0x1f;
1111 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1113 target->state = TARGET_UNKNOWN;
1114 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1115 return ERROR_TARGET_FAILURE;
1118 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1120 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1122 LOG_DEBUG("thumb state, applying fixups");
1123 context[0] = r0_thumb;
1124 context[15] = pc_thumb;
1125 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1127 /* adjust value stored by STM */
1128 context[15] -= 3 * 4;
1131 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1132 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1133 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1134 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1135 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1136 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1137 else if (target->debug_reason == DBG_REASON_DBGRQ)
1138 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1141 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1145 for (i=0; i<=15; i++)
1147 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1148 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1149 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1150 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1153 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1155 /* exceptions other than USR & SYS have a saved program status register */
1156 if ((armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_USR) && (armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_SYS))
1159 arm7_9->read_xpsr(target, &spsr, 1);
1160 jtag_execute_queue();
1161 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1162 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1163 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1166 /* r0 and r15 (pc) have to be restored later */
1167 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1168 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1170 if ((retval = jtag_execute_queue()) != ERROR_OK)
1173 if (arm7_9->post_debug_entry)
1174 arm7_9->post_debug_entry(target);
1179 int arm7_9_full_context(target_t *target)
1183 armv4_5_common_t *armv4_5 = target->arch_info;
1184 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1188 if (target->state != TARGET_HALTED)
1190 LOG_WARNING("target not halted");
1191 return ERROR_TARGET_NOT_HALTED;
1194 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1195 * SYS shares registers with User, so we don't touch SYS
1197 for(i = 0; i < 6; i++)
1204 /* check if there are invalid registers in the current mode
1206 for (j = 0; j <= 16; j++)
1208 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1216 /* change processor mode (and mask T bit) */
1217 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1218 tmp_cpsr |= armv4_5_number_to_mode(i);
1220 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1222 for (j = 0; j < 15; j++)
1224 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1226 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1228 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1229 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1233 /* if only the PSR is invalid, mask is all zeroes */
1235 arm7_9->read_core_regs(target, mask, reg_p);
1237 /* check if the PSR has to be read */
1238 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1240 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1241 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1242 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1247 /* restore processor mode (mask T bit) */
1248 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1250 if ((retval = jtag_execute_queue()) != ERROR_OK)
1252 LOG_ERROR("JTAG failure");
1258 int arm7_9_restore_context(target_t *target)
1260 armv4_5_common_t *armv4_5 = target->arch_info;
1261 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1263 armv4_5_core_reg_t *reg_arch_info;
1264 enum armv4_5_mode current_mode = armv4_5->core_mode;
1271 if (target->state != TARGET_HALTED)
1273 LOG_WARNING("target not halted");
1274 return ERROR_TARGET_NOT_HALTED;
1277 if (arm7_9->pre_restore_context)
1278 arm7_9->pre_restore_context(target);
1280 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1281 * SYS shares registers with User, so we don't touch SYS
1283 for (i = 0; i < 6; i++)
1285 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1288 /* check if there are dirty registers in the current mode
1290 for (j = 0; j <= 16; j++)
1292 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1293 reg_arch_info = reg->arch_info;
1294 if (reg->dirty == 1)
1296 if (reg->valid == 1)
1299 LOG_DEBUG("examining dirty reg: %s", reg->name);
1300 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1301 && (reg_arch_info->mode != current_mode)
1302 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1303 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1306 LOG_DEBUG("require mode change");
1311 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1326 /* change processor mode (mask T bit) */
1327 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1328 tmp_cpsr |= armv4_5_number_to_mode(i);
1330 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1331 current_mode = armv4_5_number_to_mode(i);
1334 for (j = 0; j <= 14; j++)
1336 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1337 reg_arch_info = reg->arch_info;
1340 if (reg->dirty == 1)
1342 regs[j] = buf_get_u32(reg->value, 0, 32);
1347 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1353 arm7_9->write_core_regs(target, mask, regs);
1356 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1357 reg_arch_info = reg->arch_info;
1358 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1360 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1361 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1366 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1368 /* restore processor mode (mask T bit) */
1371 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1372 tmp_cpsr |= armv4_5_number_to_mode(i);
1374 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1375 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1377 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1379 /* CPSR has been changed, full restore necessary (mask T bit) */
1380 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1381 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1382 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1383 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1387 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1388 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1389 armv4_5->core_cache->reg_list[15].dirty = 0;
1391 if (arm7_9->post_restore_context)
1392 arm7_9->post_restore_context(target);
1397 int arm7_9_restart_core(struct target_s *target)
1399 armv4_5_common_t *armv4_5 = target->arch_info;
1400 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1401 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1403 /* set RESTART instruction */
1404 jtag_add_end_state(TAP_RTI);
1405 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1407 jtag_add_runtest(1, TAP_RTI);
1408 if ((jtag_execute_queue()) != ERROR_OK)
1416 void arm7_9_enable_watchpoints(struct target_s *target)
1418 watchpoint_t *watchpoint = target->watchpoints;
1422 if (watchpoint->set == 0)
1423 arm7_9_set_watchpoint(target, watchpoint);
1424 watchpoint = watchpoint->next;
1428 void arm7_9_enable_breakpoints(struct target_s *target)
1430 breakpoint_t *breakpoint = target->breakpoints;
1432 /* set any pending breakpoints */
1435 if (breakpoint->set == 0)
1436 arm7_9_set_breakpoint(target, breakpoint);
1437 breakpoint = breakpoint->next;
1441 void arm7_9_disable_bkpts_and_wpts(struct target_s *target)
1443 breakpoint_t *breakpoint = target->breakpoints;
1444 watchpoint_t *watchpoint = target->watchpoints;
1446 /* set any pending breakpoints */
1449 if (breakpoint->set != 0)
1450 arm7_9_unset_breakpoint(target, breakpoint);
1451 breakpoint = breakpoint->next;
1456 if (watchpoint->set != 0)
1457 arm7_9_unset_watchpoint(target, watchpoint);
1458 watchpoint = watchpoint->next;
1462 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1464 armv4_5_common_t *armv4_5 = target->arch_info;
1465 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1466 breakpoint_t *breakpoint = target->breakpoints;
1467 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1472 if (target->state != TARGET_HALTED)
1474 LOG_WARNING("target not halted");
1475 return ERROR_TARGET_NOT_HALTED;
1478 if (!debug_execution)
1480 target_free_all_working_areas(target);
1483 /* current = 1: continue on current pc, otherwise continue at <address> */
1485 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1487 /* the front-end may request us not to handle breakpoints */
1488 if (handle_breakpoints)
1490 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1492 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1493 arm7_9_unset_breakpoint(target, breakpoint);
1495 LOG_DEBUG("enable single-step");
1496 arm7_9->enable_single_step(target);
1498 target->debug_reason = DBG_REASON_SINGLESTEP;
1500 arm7_9_restore_context(target);
1502 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1503 arm7_9->branch_resume(target);
1504 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1506 arm7_9->branch_resume_thumb(target);
1510 LOG_ERROR("unhandled core state");
1514 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1515 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1516 err = arm7_9_execute_sys_speed(target);
1518 LOG_DEBUG("disable single-step");
1519 arm7_9->disable_single_step(target);
1521 if (err != ERROR_OK)
1523 arm7_9_set_breakpoint(target, breakpoint);
1524 target->state = TARGET_UNKNOWN;
1528 arm7_9_debug_entry(target);
1529 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1531 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1532 arm7_9_set_breakpoint(target, breakpoint);
1536 /* enable any pending breakpoints and watchpoints */
1537 arm7_9_enable_breakpoints(target);
1538 arm7_9_enable_watchpoints(target);
1540 arm7_9_restore_context(target);
1542 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1544 arm7_9->branch_resume(target);
1546 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1548 arm7_9->branch_resume_thumb(target);
1552 LOG_ERROR("unhandled core state");
1556 /* deassert DBGACK and INTDIS */
1557 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1558 /* INTDIS only when we really resume, not during debug execution */
1559 if (!debug_execution)
1560 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1561 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1563 arm7_9_restart_core(target);
1565 target->debug_reason = DBG_REASON_NOTHALTED;
1567 if (!debug_execution)
1569 /* registers are now invalid */
1570 armv4_5_invalidate_core_regs(target);
1571 target->state = TARGET_RUNNING;
1572 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1576 target->state = TARGET_DEBUG_RUNNING;
1577 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1580 LOG_DEBUG("target resumed");
1585 void arm7_9_enable_eice_step(target_t *target)
1587 armv4_5_common_t *armv4_5 = target->arch_info;
1588 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1590 /* setup an inverse breakpoint on the current PC
1591 * - comparator 1 matches the current address
1592 * - rangeout from comparator 1 is connected to comparator 0 rangein
1593 * - comparator 0 matches any address, as long as rangein is low */
1594 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1595 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1596 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
1597 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0x77);
1598 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1599 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1600 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1601 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1602 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xf7);
1605 void arm7_9_disable_eice_step(target_t *target)
1607 armv4_5_common_t *armv4_5 = target->arch_info;
1608 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1610 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1611 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1612 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1613 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1614 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1615 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1616 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1617 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1618 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1621 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1623 armv4_5_common_t *armv4_5 = target->arch_info;
1624 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1625 breakpoint_t *breakpoint = NULL;
1628 if (target->state != TARGET_HALTED)
1630 LOG_WARNING("target not halted");
1631 return ERROR_TARGET_NOT_HALTED;
1634 /* current = 1: continue on current pc, otherwise continue at <address> */
1636 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1638 /* the front-end may request us not to handle breakpoints */
1639 if (handle_breakpoints)
1640 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1641 arm7_9_unset_breakpoint(target, breakpoint);
1643 target->debug_reason = DBG_REASON_SINGLESTEP;
1645 arm7_9_restore_context(target);
1647 arm7_9->enable_single_step(target);
1649 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1651 arm7_9->branch_resume(target);
1653 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1655 arm7_9->branch_resume_thumb(target);
1659 LOG_ERROR("unhandled core state");
1663 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1665 err = arm7_9_execute_sys_speed(target);
1666 arm7_9->disable_single_step(target);
1668 /* registers are now invalid */
1669 armv4_5_invalidate_core_regs(target);
1671 if (err != ERROR_OK)
1673 target->state = TARGET_UNKNOWN;
1675 arm7_9_debug_entry(target);
1676 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1677 LOG_DEBUG("target stepped");
1681 arm7_9_set_breakpoint(target, breakpoint);
1687 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1692 armv4_5_common_t *armv4_5 = target->arch_info;
1693 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1694 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1696 if ((num < 0) || (num > 16))
1697 return ERROR_INVALID_ARGUMENTS;
1699 if ((mode != ARMV4_5_MODE_ANY)
1700 && (mode != armv4_5->core_mode)
1701 && (reg_mode != ARMV4_5_MODE_ANY))
1705 /* change processor mode (mask T bit) */
1706 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1709 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1712 if ((num >= 0) && (num <= 15))
1714 /* read a normal core register */
1715 reg_p[num] = &value;
1717 arm7_9->read_core_regs(target, 1 << num, reg_p);
1721 /* read a program status register
1722 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1724 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1725 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1727 arm7_9->read_xpsr(target, &value, spsr);
1730 if ((retval = jtag_execute_queue()) != ERROR_OK)
1732 LOG_ERROR("JTAG failure");
1736 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1737 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1738 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1740 if ((mode != ARMV4_5_MODE_ANY)
1741 && (mode != armv4_5->core_mode)
1742 && (reg_mode != ARMV4_5_MODE_ANY)) {
1743 /* restore processor mode (mask T bit) */
1744 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1751 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1754 armv4_5_common_t *armv4_5 = target->arch_info;
1755 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1756 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1758 if ((num < 0) || (num > 16))
1759 return ERROR_INVALID_ARGUMENTS;
1761 if ((mode != ARMV4_5_MODE_ANY)
1762 && (mode != armv4_5->core_mode)
1763 && (reg_mode != ARMV4_5_MODE_ANY)) {
1766 /* change processor mode (mask T bit) */
1767 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1770 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1773 if ((num >= 0) && (num <= 15))
1775 /* write a normal core register */
1778 arm7_9->write_core_regs(target, 1 << num, reg);
1782 /* write a program status register
1783 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1785 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1786 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1788 /* if we're writing the CPSR, mask the T bit */
1792 arm7_9->write_xpsr(target, value, spsr);
1795 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1796 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1798 if ((mode != ARMV4_5_MODE_ANY)
1799 && (mode != armv4_5->core_mode)
1800 && (reg_mode != ARMV4_5_MODE_ANY)) {
1801 /* restore processor mode (mask T bit) */
1802 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1805 return jtag_execute_queue();
1808 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1810 armv4_5_common_t *armv4_5 = target->arch_info;
1811 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1814 int num_accesses = 0;
1815 int thisrun_accesses;
1821 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1823 if (target->state != TARGET_HALTED)
1825 LOG_WARNING("target not halted");
1826 return ERROR_TARGET_NOT_HALTED;
1829 /* sanitize arguments */
1830 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1831 return ERROR_INVALID_ARGUMENTS;
1833 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1834 return ERROR_TARGET_UNALIGNED_ACCESS;
1836 /* load the base register with the address of the first word */
1838 arm7_9->write_core_regs(target, 0x1, reg);
1843 while (num_accesses < count)
1846 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1847 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1849 if (last_reg <= thisrun_accesses)
1850 last_reg = thisrun_accesses;
1852 arm7_9->load_word_regs(target, reg_list);
1854 /* fast memory reads are only safe when the target is running
1855 * from a sufficiently high clock (32 kHz is usually too slow)
1857 if (arm7_9->fast_memory_access)
1858 arm7_9_execute_fast_sys_speed(target);
1860 arm7_9_execute_sys_speed(target);
1862 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1864 /* advance buffer, count number of accesses */
1865 buffer += thisrun_accesses * 4;
1866 num_accesses += thisrun_accesses;
1870 while (num_accesses < count)
1873 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1874 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1876 for (i = 1; i <= thisrun_accesses; i++)
1880 arm7_9->load_hword_reg(target, i);
1881 /* fast memory reads are only safe when the target is running
1882 * from a sufficiently high clock (32 kHz is usually too slow)
1884 if (arm7_9->fast_memory_access)
1885 arm7_9_execute_fast_sys_speed(target);
1887 arm7_9_execute_sys_speed(target);
1890 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1892 /* advance buffer, count number of accesses */
1893 buffer += thisrun_accesses * 2;
1894 num_accesses += thisrun_accesses;
1898 while (num_accesses < count)
1901 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1902 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1904 for (i = 1; i <= thisrun_accesses; i++)
1908 arm7_9->load_byte_reg(target, i);
1909 /* fast memory reads are only safe when the target is running
1910 * from a sufficiently high clock (32 kHz is usually too slow)
1912 if (arm7_9->fast_memory_access)
1913 arm7_9_execute_fast_sys_speed(target);
1915 arm7_9_execute_sys_speed(target);
1918 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1920 /* advance buffer, count number of accesses */
1921 buffer += thisrun_accesses * 1;
1922 num_accesses += thisrun_accesses;
1926 LOG_ERROR("BUG: we shouldn't get here");
1931 for (i=0; i<=last_reg; i++)
1932 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1934 arm7_9->read_xpsr(target, &cpsr, 0);
1935 if ((retval = jtag_execute_queue()) != ERROR_OK)
1937 LOG_ERROR("JTAG error while reading cpsr");
1938 return ERROR_TARGET_DATA_ABORT;
1941 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1943 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1945 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1947 return ERROR_TARGET_DATA_ABORT;
1953 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1955 armv4_5_common_t *armv4_5 = target->arch_info;
1956 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1957 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1960 int num_accesses = 0;
1961 int thisrun_accesses;
1967 #ifdef _DEBUG_ARM7_9_
1968 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1971 if (target->state != TARGET_HALTED)
1973 LOG_WARNING("target not halted");
1974 return ERROR_TARGET_NOT_HALTED;
1977 /* sanitize arguments */
1978 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1979 return ERROR_INVALID_ARGUMENTS;
1981 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1982 return ERROR_TARGET_UNALIGNED_ACCESS;
1984 /* load the base register with the address of the first word */
1986 arm7_9->write_core_regs(target, 0x1, reg);
1988 /* Clear DBGACK, to make sure memory fetches work as expected */
1989 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1990 embeddedice_store_reg(dbg_ctrl);
1995 while (num_accesses < count)
1998 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1999 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2001 for (i = 1; i <= thisrun_accesses; i++)
2005 reg[i] = target_buffer_get_u32(target, buffer);
2009 arm7_9->write_core_regs(target, reg_list, reg);
2011 arm7_9->store_word_regs(target, reg_list);
2013 /* fast memory writes are only safe when the target is running
2014 * from a sufficiently high clock (32 kHz is usually too slow)
2016 if (arm7_9->fast_memory_access)
2017 arm7_9_execute_fast_sys_speed(target);
2019 arm7_9_execute_sys_speed(target);
2021 num_accesses += thisrun_accesses;
2025 while (num_accesses < count)
2028 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2029 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2031 for (i = 1; i <= thisrun_accesses; i++)
2035 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2039 arm7_9->write_core_regs(target, reg_list, reg);
2041 for (i = 1; i <= thisrun_accesses; i++)
2043 arm7_9->store_hword_reg(target, i);
2045 /* fast memory writes are only safe when the target is running
2046 * from a sufficiently high clock (32 kHz is usually too slow)
2048 if (arm7_9->fast_memory_access)
2049 arm7_9_execute_fast_sys_speed(target);
2051 arm7_9_execute_sys_speed(target);
2054 num_accesses += thisrun_accesses;
2058 while (num_accesses < count)
2061 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2062 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2064 for (i = 1; i <= thisrun_accesses; i++)
2068 reg[i] = *buffer++ & 0xff;
2071 arm7_9->write_core_regs(target, reg_list, reg);
2073 for (i = 1; i <= thisrun_accesses; i++)
2075 arm7_9->store_byte_reg(target, i);
2076 /* fast memory writes are only safe when the target is running
2077 * from a sufficiently high clock (32 kHz is usually too slow)
2079 if (arm7_9->fast_memory_access)
2080 arm7_9_execute_fast_sys_speed(target);
2082 arm7_9_execute_sys_speed(target);
2085 num_accesses += thisrun_accesses;
2089 LOG_ERROR("BUG: we shouldn't get here");
2095 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2096 embeddedice_store_reg(dbg_ctrl);
2098 for (i=0; i<=last_reg; i++)
2099 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2101 arm7_9->read_xpsr(target, &cpsr, 0);
2102 if ((retval = jtag_execute_queue()) != ERROR_OK)
2104 LOG_ERROR("JTAG error while reading cpsr");
2105 return ERROR_TARGET_DATA_ABORT;
2108 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2110 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2112 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2114 return ERROR_TARGET_DATA_ABORT;
2120 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2122 armv4_5_common_t *armv4_5 = target->arch_info;
2123 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2124 enum armv4_5_state core_state = armv4_5->core_state;
2125 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2126 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2127 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2132 /* MRC TST BNE MRC STR B */
2133 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2136 if (!arm7_9->dcc_downloads)
2137 return target->type->write_memory(target, address, 4, count, buffer);
2139 /* regrab previously allocated working_area, or allocate a new one */
2140 if (!arm7_9->dcc_working_area)
2142 u8 dcc_code_buf[6 * 4];
2144 /* make sure we have a working area */
2145 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2147 LOG_INFO("no working area available, falling back to memory writes");
2148 return target->type->write_memory(target, address, 4, count, buffer);
2151 /* copy target instructions to target endianness */
2152 for (i = 0; i < 6; i++)
2154 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2157 /* write DCC code to working area */
2158 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2161 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2162 armv4_5->core_cache->reg_list[0].valid = 1;
2163 armv4_5->core_cache->reg_list[0].dirty = 1;
2164 armv4_5->core_state = ARMV4_5_STATE_ARM;
2166 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2168 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2171 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2172 core function repeated.
2174 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2177 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2178 u8 reg_addr = ice_reg->addr & 0x1f;
2179 int chain_pos = ice_reg->jtag_info->chain_pos;
2180 /* we want the compiler to duplicate the code, which it does not
2185 for (i = 1; i < count - 1; i++)
2187 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2192 for (i = 1; i < count - 1; i++)
2194 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2198 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2201 for (i = 0; i < count; i++)
2203 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2208 target->type->halt(target);
2210 for (i=0; i<100; i++)
2212 target->type->poll(target);
2213 if (target->state == TARGET_HALTED)
2215 usleep(1000); /* sleep 1ms */
2219 LOG_ERROR("bulk write timed out, target not halted");
2220 return ERROR_TARGET_TIMEOUT;
2223 /* restore target state */
2224 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2225 armv4_5->core_cache->reg_list[0].valid = 1;
2226 armv4_5->core_cache->reg_list[0].dirty = 1;
2227 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2228 armv4_5->core_cache->reg_list[1].valid = 1;
2229 armv4_5->core_cache->reg_list[1].dirty = 1;
2230 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2231 armv4_5->core_cache->reg_list[15].valid = 1;
2232 armv4_5->core_cache->reg_list[15].dirty = 1;
2233 armv4_5->core_state = core_state;
2238 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2240 working_area_t *crc_algorithm;
2241 armv4_5_algorithm_t armv4_5_info;
2242 reg_param_t reg_params[2];
2245 u32 arm7_9_crc_code[] = {
2246 0xE1A02000, /* mov r2, r0 */
2247 0xE3E00000, /* mov r0, #0xffffffff */
2248 0xE1A03001, /* mov r3, r1 */
2249 0xE3A04000, /* mov r4, #0 */
2250 0xEA00000B, /* b ncomp */
2252 0xE7D21004, /* ldrb r1, [r2, r4] */
2253 0xE59F7030, /* ldr r7, CRC32XOR */
2254 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2255 0xE3A05000, /* mov r5, #0 */
2257 0xE3500000, /* cmp r0, #0 */
2258 0xE1A06080, /* mov r6, r0, asl #1 */
2259 0xE2855001, /* add r5, r5, #1 */
2260 0xE1A00006, /* mov r0, r6 */
2261 0xB0260007, /* eorlt r0, r6, r7 */
2262 0xE3550008, /* cmp r5, #8 */
2263 0x1AFFFFF8, /* bne loop */
2264 0xE2844001, /* add r4, r4, #1 */
2266 0xE1540003, /* cmp r4, r3 */
2267 0x1AFFFFF1, /* bne nbyte */
2269 0xEAFFFFFE, /* b end */
2270 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2275 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2277 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2280 /* convert flash writing code into a buffer in target endianness */
2281 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2282 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2284 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2285 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2286 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2288 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2289 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2291 buf_set_u32(reg_params[0].value, 0, 32, address);
2292 buf_set_u32(reg_params[1].value, 0, 32, count);
2294 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2295 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2297 LOG_ERROR("error executing arm7_9 crc algorithm");
2298 destroy_reg_param(®_params[0]);
2299 destroy_reg_param(®_params[1]);
2300 target_free_working_area(target, crc_algorithm);
2304 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2306 destroy_reg_param(®_params[0]);
2307 destroy_reg_param(®_params[1]);
2309 target_free_working_area(target, crc_algorithm);
2314 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2316 command_t *arm7_9_cmd;
2318 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2320 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2321 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2323 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2325 register_command(cmd_ctx, arm7_9_cmd, "sw_bkpts", handle_arm7_9_sw_bkpts_command, COMMAND_EXEC, "support for software breakpoints <enable|disable>");
2326 register_command(cmd_ctx, arm7_9_cmd, "force_hw_bkpts", handle_arm7_9_force_hw_bkpts_command, COMMAND_EXEC, "use hardware breakpoints for all breakpoints (disables sw breakpoint support) <enable|disable>");
2327 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2328 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2329 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2330 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2331 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2332 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2333 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2334 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2336 armv4_5_register_commands(cmd_ctx);
2338 etm_register_commands(cmd_ctx);
2343 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2348 target_t *target = get_current_target(cmd_ctx);
2349 armv4_5_common_t *armv4_5;
2350 arm7_9_common_t *arm7_9;
2352 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2354 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2358 if (target->state != TARGET_HALTED)
2360 command_print(cmd_ctx, "can't write registers while running");
2366 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2370 value = strtoul(args[0], NULL, 0);
2371 spsr = strtol(args[1], NULL, 0);
2373 /* if we're writing the CPSR, mask the T bit */
2377 arm7_9->write_xpsr(target, value, spsr);
2378 if ((retval = jtag_execute_queue()) != ERROR_OK)
2380 LOG_ERROR("JTAG error while writing to xpsr");
2387 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2393 target_t *target = get_current_target(cmd_ctx);
2394 armv4_5_common_t *armv4_5;
2395 arm7_9_common_t *arm7_9;
2397 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2399 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2403 if (target->state != TARGET_HALTED)
2405 command_print(cmd_ctx, "can't write registers while running");
2411 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2415 value = strtoul(args[0], NULL, 0);
2416 rotate = strtol(args[1], NULL, 0);
2417 spsr = strtol(args[2], NULL, 0);
2419 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2420 if ((retval = jtag_execute_queue()) != ERROR_OK)
2422 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2429 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2434 target_t *target = get_current_target(cmd_ctx);
2435 armv4_5_common_t *armv4_5;
2436 arm7_9_common_t *arm7_9;
2438 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2440 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2444 if (target->state != TARGET_HALTED)
2446 command_print(cmd_ctx, "can't write registers while running");
2452 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2456 num = strtol(args[0], NULL, 0);
2457 mode = strtoul(args[1], NULL, 0);
2458 value = strtoul(args[2], NULL, 0);
2460 arm7_9_write_core_reg(target, num, mode, value);
2465 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2467 target_t *target = get_current_target(cmd_ctx);
2468 armv4_5_common_t *armv4_5;
2469 arm7_9_common_t *arm7_9;
2471 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2473 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2479 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2483 if (strcmp("enable", args[0]) == 0)
2485 if (arm7_9->sw_bkpts_use_wp)
2487 arm7_9_enable_sw_bkpts(target);
2491 arm7_9->sw_bkpts_enabled = 1;
2494 else if (strcmp("disable", args[0]) == 0)
2496 if (arm7_9->sw_bkpts_use_wp)
2498 arm7_9_disable_sw_bkpts(target);
2502 arm7_9->sw_bkpts_enabled = 0;
2507 command_print(cmd_ctx, "usage: arm7_9 sw_bkpts <enable|disable>");
2510 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2515 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2517 target_t *target = get_current_target(cmd_ctx);
2518 armv4_5_common_t *armv4_5;
2519 arm7_9_common_t *arm7_9;
2521 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2523 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2527 if ((argc >= 1) && (strcmp("enable", args[0]) == 0))
2529 arm7_9->force_hw_bkpts = 1;
2530 if (arm7_9->sw_bkpts_use_wp)
2532 arm7_9_disable_sw_bkpts(target);
2535 else if ((argc >= 1) && (strcmp("disable", args[0]) == 0))
2537 arm7_9->force_hw_bkpts = 0;
2541 command_print(cmd_ctx, "usage: arm7_9 force_hw_bkpts <enable|disable>");
2544 command_print(cmd_ctx, "force hardware breakpoints %s", (arm7_9->force_hw_bkpts) ? "enabled" : "disabled");
2549 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2551 target_t *target = get_current_target(cmd_ctx);
2552 armv4_5_common_t *armv4_5;
2553 arm7_9_common_t *arm7_9;
2555 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2557 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2563 if (strcmp("enable", args[0]) == 0)
2565 arm7_9->use_dbgrq = 1;
2567 else if (strcmp("disable", args[0]) == 0)
2569 arm7_9->use_dbgrq = 0;
2573 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2577 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2582 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2584 target_t *target = get_current_target(cmd_ctx);
2585 armv4_5_common_t *armv4_5;
2586 arm7_9_common_t *arm7_9;
2588 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2590 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2596 if (strcmp("enable", args[0]) == 0)
2598 arm7_9->fast_memory_access = 1;
2600 else if (strcmp("disable", args[0]) == 0)
2602 arm7_9->fast_memory_access = 0;
2606 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2610 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2615 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2617 target_t *target = get_current_target(cmd_ctx);
2618 armv4_5_common_t *armv4_5;
2619 arm7_9_common_t *arm7_9;
2621 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2623 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2629 if (strcmp("enable", args[0]) == 0)
2631 arm7_9->dcc_downloads = 1;
2633 else if (strcmp("disable", args[0]) == 0)
2635 arm7_9->dcc_downloads = 0;
2639 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2643 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2648 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2650 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2652 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2654 arm_jtag_setup_connection(&arm7_9->jtag_info);
2655 arm7_9->wp_available = 2;
2656 arm7_9->wp0_used = 0;
2657 arm7_9->wp1_used = 0;
2658 arm7_9->force_hw_bkpts = 0;
2659 arm7_9->use_dbgrq = 0;
2661 arm7_9->etm_ctx = NULL;
2662 arm7_9->has_single_step = 0;
2663 arm7_9->has_monitor_mode = 0;
2664 arm7_9->has_vector_catch = 0;
2666 arm7_9->reinit_embeddedice = 0;
2668 arm7_9->debug_entry_from_reset = 0;
2670 arm7_9->dcc_working_area = NULL;
2672 arm7_9->fast_memory_access = 0;
2673 arm7_9->dcc_downloads = 0;
2675 jtag_register_event_callback(arm7_9_jtag_callback, target);
2677 armv4_5->arch_info = arm7_9;
2678 armv4_5->read_core_reg = arm7_9_read_core_reg;
2679 armv4_5->write_core_reg = arm7_9_write_core_reg;
2680 armv4_5->full_context = arm7_9_full_context;
2682 armv4_5_init_arch_info(target, armv4_5);
2684 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / fw / openocd / blob