1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
24 #include "replacements.h"
26 #include "embeddedice.h"
28 #include "target_request.h"
33 #include "arm7_9_common.h"
34 #include "breakpoints.h"
40 #include <sys/types.h>
45 int arm7_9_debug_entry(target_t *target);
46 int arm7_9_enable_sw_bkpts(struct target_s *target);
48 /* command handler forward declarations */
49 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int arm7_9_reinit_embeddedice(target_t *target)
62 armv4_5_common_t *armv4_5 = target->arch_info;
63 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
65 breakpoint_t *breakpoint = target->breakpoints;
67 arm7_9->wp_available = 2;
71 /* mark all hardware breakpoints as unset */
74 if (breakpoint->type == BKPT_HARD)
78 breakpoint = breakpoint->next;
81 if (arm7_9->sw_bkpts_enabled && arm7_9->sw_bkpts_use_wp)
83 arm7_9->sw_bkpts_enabled = 0;
84 arm7_9_enable_sw_bkpts(target);
90 /* set things up after a reset / on startup */
91 int arm7_9_setup(target_t *target)
93 /* a test-logic reset have occured
94 * the EmbeddedICE registers have been reset
95 * hardware breakpoints have been cleared
97 return arm7_9_reinit_embeddedice(target);
100 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
102 armv4_5_common_t *armv4_5 = target->arch_info;
103 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
105 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
110 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
115 *armv4_5_p = armv4_5;
121 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
123 armv4_5_common_t *armv4_5 = target->arch_info;
124 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
126 if (target->state != TARGET_HALTED)
128 LOG_WARNING("target not halted");
129 return ERROR_TARGET_NOT_HALTED;
132 if (arm7_9->force_hw_bkpts)
133 breakpoint->type = BKPT_HARD;
137 LOG_WARNING("breakpoint already set");
141 if (breakpoint->type == BKPT_HARD)
143 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
144 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
145 if (!arm7_9->wp0_used)
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
153 jtag_execute_queue();
154 arm7_9->wp0_used = 1;
157 else if (!arm7_9->wp1_used)
159 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
160 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
165 jtag_execute_queue();
166 arm7_9->wp1_used = 1;
171 LOG_ERROR("BUG: no hardware comparator available");
175 else if (breakpoint->type == BKPT_SOFT)
177 if (breakpoint->length == 4)
179 u32 verify = 0xffffffff;
180 /* keep the original instruction in target endianness */
181 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
182 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
183 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
185 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
186 if (verify != arm7_9->arm_bkpt)
188 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x", breakpoint->address);
195 /* keep the original instruction in target endianness */
196 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
197 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
198 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
200 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
201 if (verify != arm7_9->thumb_bkpt)
203 LOG_ERROR("Unable to set thumb software breakpoint at address %08x", breakpoint->address);
214 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
216 armv4_5_common_t *armv4_5 = target->arch_info;
217 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
219 if (target->state != TARGET_HALTED)
221 LOG_WARNING("target not halted");
222 return ERROR_TARGET_NOT_HALTED;
225 if (!breakpoint->set)
227 LOG_WARNING("breakpoint not set");
231 if (breakpoint->type == BKPT_HARD)
233 if (breakpoint->set == 1)
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
236 jtag_execute_queue();
237 arm7_9->wp0_used = 0;
239 else if (breakpoint->set == 2)
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
242 jtag_execute_queue();
243 arm7_9->wp1_used = 0;
249 /* restore original instruction (kept in target endianness) */
250 if (breakpoint->length == 4)
253 /* check that user program as not modified breakpoint instruction */
254 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
255 if (current_instr==arm7_9->arm_bkpt)
256 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
261 /* check that user program as not modified breakpoint instruction */
262 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
263 if (current_instr==arm7_9->thumb_bkpt)
264 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
272 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
274 armv4_5_common_t *armv4_5 = target->arch_info;
275 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
277 if (target->state != TARGET_HALTED)
279 LOG_WARNING("target not halted");
280 return ERROR_TARGET_NOT_HALTED;
283 if (arm7_9->force_hw_bkpts)
285 LOG_DEBUG("forcing use of hardware breakpoint at address 0x%8.8x", breakpoint->address);
286 breakpoint->type = BKPT_HARD;
289 if ((breakpoint->type == BKPT_SOFT) && (arm7_9->sw_bkpts_enabled == 0))
291 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
292 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
295 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
297 LOG_INFO("no watchpoint unit available for hardware breakpoint");
298 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
301 if ((breakpoint->length != 2) && (breakpoint->length != 4))
303 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
304 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
307 if (breakpoint->type == BKPT_HARD)
308 arm7_9->wp_available--;
313 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
315 armv4_5_common_t *armv4_5 = target->arch_info;
316 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
318 if (target->state != TARGET_HALTED)
320 LOG_WARNING("target not halted");
321 return ERROR_TARGET_NOT_HALTED;
326 arm7_9_unset_breakpoint(target, breakpoint);
329 if (breakpoint->type == BKPT_HARD)
330 arm7_9->wp_available++;
335 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
337 armv4_5_common_t *armv4_5 = target->arch_info;
338 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
342 mask = watchpoint->length - 1;
344 if (target->state != TARGET_HALTED)
346 LOG_WARNING("target not halted");
347 return ERROR_TARGET_NOT_HALTED;
350 if (watchpoint->rw == WPT_ACCESS)
355 if (!arm7_9->wp0_used)
357 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
358 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
359 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
360 if( watchpoint->mask != 0xffffffffu )
361 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
363 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
365 jtag_execute_queue();
367 arm7_9->wp0_used = 2;
369 else if (!arm7_9->wp1_used)
371 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
372 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
373 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
374 if( watchpoint->mask != 0xffffffffu )
375 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
376 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
377 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
379 jtag_execute_queue();
381 arm7_9->wp1_used = 2;
385 LOG_ERROR("BUG: no hardware comparator available");
392 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
394 armv4_5_common_t *armv4_5 = target->arch_info;
395 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
397 if (target->state != TARGET_HALTED)
399 LOG_WARNING("target not halted");
400 return ERROR_TARGET_NOT_HALTED;
403 if (!watchpoint->set)
405 LOG_WARNING("breakpoint not set");
409 if (watchpoint->set == 1)
411 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
412 jtag_execute_queue();
413 arm7_9->wp0_used = 0;
415 else if (watchpoint->set == 2)
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
418 jtag_execute_queue();
419 arm7_9->wp1_used = 0;
426 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
428 armv4_5_common_t *armv4_5 = target->arch_info;
429 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
431 if (target->state != TARGET_HALTED)
433 LOG_WARNING("target not halted");
434 return ERROR_TARGET_NOT_HALTED;
437 if (arm7_9->wp_available < 1)
439 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
442 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
444 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
447 arm7_9->wp_available--;
452 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
457 if (target->state != TARGET_HALTED)
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
465 arm7_9_unset_watchpoint(target, watchpoint);
468 arm7_9->wp_available++;
473 int arm7_9_enable_sw_bkpts(struct target_s *target)
475 armv4_5_common_t *armv4_5 = target->arch_info;
476 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
479 if (arm7_9->sw_bkpts_enabled)
482 if (arm7_9->wp_available < 1)
484 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
485 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
487 arm7_9->wp_available--;
489 if (!arm7_9->wp0_used)
491 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
492 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
493 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
494 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
495 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
496 arm7_9->sw_bkpts_enabled = 1;
497 arm7_9->wp0_used = 3;
499 else if (!arm7_9->wp1_used)
501 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
502 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
503 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
505 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
506 arm7_9->sw_bkpts_enabled = 2;
507 arm7_9->wp1_used = 3;
511 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
515 if ((retval = jtag_execute_queue()) != ERROR_OK)
517 LOG_ERROR("error writing EmbeddedICE registers to enable sw breakpoints");
524 int arm7_9_disable_sw_bkpts(struct target_s *target)
526 armv4_5_common_t *armv4_5 = target->arch_info;
527 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
529 if (!arm7_9->sw_bkpts_enabled)
532 if (arm7_9->sw_bkpts_enabled == 1)
534 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
535 arm7_9->sw_bkpts_enabled = 0;
536 arm7_9->wp0_used = 0;
537 arm7_9->wp_available++;
539 else if (arm7_9->sw_bkpts_enabled == 2)
541 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
542 arm7_9->sw_bkpts_enabled = 0;
543 arm7_9->wp1_used = 0;
544 arm7_9->wp_available++;
550 int arm7_9_execute_sys_speed(struct target_s *target)
555 armv4_5_common_t *armv4_5 = target->arch_info;
556 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
557 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
558 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
560 /* set RESTART instruction */
561 jtag_add_end_state(TAP_RTI);
562 arm_jtag_set_instr(jtag_info, 0x4, NULL);
564 for (timeout=0; timeout<50; timeout++)
566 /* read debug status register */
567 embeddedice_read_reg(dbg_stat);
568 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
571 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
577 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
578 return ERROR_TARGET_TIMEOUT;
584 int arm7_9_execute_fast_sys_speed(struct target_s *target)
587 static u8 check_value[4], check_mask[4];
589 armv4_5_common_t *armv4_5 = target->arch_info;
590 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
591 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
592 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
594 /* set RESTART instruction */
595 jtag_add_end_state(TAP_RTI);
596 arm_jtag_set_instr(jtag_info, 0x4, NULL);
600 /* check for DBGACK and SYSCOMP set (others don't care) */
602 /* NB! These are constants that must be available until after next jtag_execute() and
603 we evaluate the values upon first execution in lieu of setting up these constants
606 buf_set_u32(check_value, 0, 32, 0x9);
607 buf_set_u32(check_mask, 0, 32, 0x9);
611 /* read debug status register */
612 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
617 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
619 armv4_5_common_t *armv4_5 = target->arch_info;
620 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
621 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
625 data = malloc(size * (sizeof(u32)));
627 embeddedice_receive(jtag_info, data, size);
629 for (i = 0; i < size; i++)
631 h_u32_to_le(buffer + (i * 4), data[i]);
639 int arm7_9_handle_target_request(void *priv)
641 target_t *target = priv;
642 if (!target->type->examined)
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
647 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
650 if (!target->dbg_msg_enabled)
653 if (target->state == TARGET_RUNNING)
655 /* read DCC control register */
656 embeddedice_read_reg(dcc_control);
657 jtag_execute_queue();
660 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
664 embeddedice_receive(jtag_info, &request, 1);
665 target_request(target, request);
672 int arm7_9_poll(target_t *target)
675 armv4_5_common_t *armv4_5 = target->arch_info;
676 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
677 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
679 /* read debug status register */
680 embeddedice_read_reg(dbg_stat);
681 if ((retval = jtag_execute_queue()) != ERROR_OK)
686 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
688 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
689 if (target->state == TARGET_UNKNOWN)
691 target->state = TARGET_RUNNING;
692 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
694 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
697 target->state = TARGET_HALTED;
699 if (target->state == TARGET_RESET)
701 if ((target->reset_mode == RESET_HALT) || (target->reset_mode == RESET_INIT))
703 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
710 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
715 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
716 u32 t=*((u32 *)reg->value);
719 LOG_ERROR("PC was not 0. Does this target does target need srst_pulls_trst?");
723 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
725 if (target->state == TARGET_DEBUG_RUNNING)
727 target->state = TARGET_HALTED;
728 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
731 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
733 if (target->state != TARGET_HALTED)
735 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
740 if (target->state != TARGET_DEBUG_RUNNING)
741 target->state = TARGET_RUNNING;
748 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
749 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
750 while the core is held in reset(SRST). It isn't possible to program the halt
751 condition once reset was asserted, hence a hook that allows the target to set
752 up its reset-halt condition prior to asserting reset.
755 int arm7_9_assert_reset(target_t *target)
757 armv4_5_common_t *armv4_5 = target->arch_info;
758 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
759 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
761 if (!(jtag_reset_config & RESET_HAS_SRST))
763 LOG_ERROR("Can't assert SRST");
767 if ((target->reset_mode == RESET_HALT) || (target->reset_mode == RESET_INIT))
770 * Some targets do not support communication while SRST is asserted. We need to
771 * set up the reset vector catch here.
773 * If TRST is asserted, then these settings will be reset anyway, so setting them
776 if (arm7_9->has_vector_catch)
778 /* program vector catch register to catch reset vector */
779 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
783 /* program watchpoint unit to match on reset vector address */
784 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
785 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
786 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
787 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
791 /* here we should issue a srst only, but we may have to assert trst as well */
792 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
794 jtag_add_reset(1, 1);
797 jtag_add_reset(0, 1);
801 target->state = TARGET_RESET;
802 jtag_add_sleep(50000);
804 armv4_5_invalidate_core_regs(target);
810 int arm7_9_deassert_reset(target_t *target)
812 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
814 /* deassert reset lines */
815 jtag_add_reset(0, 0);
820 int arm7_9_clear_halt(target_t *target)
822 armv4_5_common_t *armv4_5 = target->arch_info;
823 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
824 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
826 /* we used DBGRQ only if we didn't come out of reset */
827 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
829 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
831 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
832 embeddedice_store_reg(dbg_ctrl);
836 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
838 /* if we came out of reset, and vector catch is supported, we used
839 * vector catch to enter debug state
840 * restore the register in that case
842 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
846 /* restore registers if watchpoint unit 0 was in use
848 if (arm7_9->wp0_used)
850 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
851 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
854 /* control value always has to be restored, as it was either disabled,
855 * or enabled with possibly different bits
857 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
864 int arm7_9_soft_reset_halt(struct target_s *target)
866 armv4_5_common_t *armv4_5 = target->arch_info;
867 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
868 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
869 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
873 if ((retval=target_halt(target))!=ERROR_OK)
878 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
880 embeddedice_read_reg(dbg_stat);
881 if ((retval=jtag_execute_queue())!=ERROR_OK)
883 /* do not eat all CPU, time out after 1 se*/
889 LOG_ERROR("Failed to halt CPU after 1 sec");
890 return ERROR_TARGET_TIMEOUT;
892 target->state = TARGET_HALTED;
894 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
895 * ensure that DBGRQ is cleared
897 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
898 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
899 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
900 embeddedice_store_reg(dbg_ctrl);
902 arm7_9_clear_halt(target);
904 /* if the target is in Thumb state, change to ARM state */
905 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
907 u32 r0_thumb, pc_thumb;
908 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
909 /* Entered debug from Thumb mode */
910 armv4_5->core_state = ARMV4_5_STATE_THUMB;
911 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
914 /* all register content is now invalid */
915 armv4_5_invalidate_core_regs(target);
917 /* SVC, ARM state, IRQ and FIQ disabled */
918 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
919 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
920 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
922 /* start fetching from 0x0 */
923 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
924 armv4_5->core_cache->reg_list[15].dirty = 1;
925 armv4_5->core_cache->reg_list[15].valid = 1;
927 armv4_5->core_mode = ARMV4_5_MODE_SVC;
928 armv4_5->core_state = ARMV4_5_STATE_ARM;
930 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
933 /* reset registers */
934 for (i = 0; i <= 14; i++)
936 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
937 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
938 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
941 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
946 int arm7_9_halt(target_t *target)
948 armv4_5_common_t *armv4_5 = target->arch_info;
949 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
950 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
952 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
954 if (target->state == TARGET_HALTED)
956 LOG_DEBUG("target was already halted");
960 if (target->state == TARGET_UNKNOWN)
962 LOG_WARNING("target was in unknown state when halt was requested");
965 if (target->state == TARGET_RESET)
967 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) && jtag_srst)
969 LOG_ERROR("can't request a halt while in reset if nSRST pulls nTRST");
970 return ERROR_TARGET_FAILURE;
974 /* we came here in a reset_halt or reset_init sequence
975 * debug entry was already prepared in arm7_9_prepare_reset_halt()
977 target->debug_reason = DBG_REASON_DBGRQ;
983 if (arm7_9->use_dbgrq)
985 /* program EmbeddedICE Debug Control Register to assert DBGRQ
987 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
988 embeddedice_store_reg(dbg_ctrl);
992 /* program watchpoint unit to match on any address
994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
995 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
1000 target->debug_reason = DBG_REASON_DBGRQ;
1005 int arm7_9_debug_entry(target_t *target)
1010 u32 r0_thumb, pc_thumb;
1013 /* get pointers to arch-specific information */
1014 armv4_5_common_t *armv4_5 = target->arch_info;
1015 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1016 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1017 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1019 #ifdef _DEBUG_ARM7_9_
1023 if (arm7_9->pre_debug_entry)
1024 arm7_9->pre_debug_entry(target);
1026 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1027 * ensure that DBGRQ is cleared
1029 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1030 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1031 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1032 embeddedice_store_reg(dbg_ctrl);
1034 arm7_9_clear_halt(target);
1036 if ((retval = jtag_execute_queue()) != ERROR_OK)
1041 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1045 if (target->state != TARGET_HALTED)
1047 LOG_WARNING("target not halted");
1048 return ERROR_TARGET_NOT_HALTED;
1051 /* if the target is in Thumb state, change to ARM state */
1052 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1054 LOG_DEBUG("target entered debug from Thumb state");
1055 /* Entered debug from Thumb mode */
1056 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1057 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1058 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1062 LOG_DEBUG("target entered debug from ARM state");
1063 /* Entered debug from ARM mode */
1064 armv4_5->core_state = ARMV4_5_STATE_ARM;
1067 for (i = 0; i < 16; i++)
1068 context_p[i] = &context[i];
1069 /* save core registers (r0 - r15 of current core mode) */
1070 arm7_9->read_core_regs(target, 0xffff, context_p);
1072 arm7_9->read_xpsr(target, &cpsr, 0);
1074 if ((retval = jtag_execute_queue()) != ERROR_OK)
1077 /* if the core has been executing in Thumb state, set the T bit */
1078 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1081 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1082 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1083 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1085 armv4_5->core_mode = cpsr & 0x1f;
1087 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1089 target->state = TARGET_UNKNOWN;
1090 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1091 return ERROR_TARGET_FAILURE;
1094 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1096 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1098 LOG_DEBUG("thumb state, applying fixups");
1099 context[0] = r0_thumb;
1100 context[15] = pc_thumb;
1101 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1103 /* adjust value stored by STM */
1104 context[15] -= 3 * 4;
1107 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1108 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1109 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1110 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1111 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1112 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1113 else if (target->debug_reason == DBG_REASON_DBGRQ)
1114 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1117 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1120 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1123 for (i=0; i<=15; i++)
1125 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1126 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1127 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1128 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1131 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1133 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1136 /* exceptions other than USR & SYS have a saved program status register */
1137 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1140 arm7_9->read_xpsr(target, &spsr, 1);
1141 jtag_execute_queue();
1142 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1143 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1144 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1147 /* r0 and r15 (pc) have to be restored later */
1148 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1149 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1151 if ((retval = jtag_execute_queue()) != ERROR_OK)
1154 if (arm7_9->post_debug_entry)
1155 arm7_9->post_debug_entry(target);
1160 int arm7_9_full_context(target_t *target)
1164 armv4_5_common_t *armv4_5 = target->arch_info;
1165 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1169 if (target->state != TARGET_HALTED)
1171 LOG_WARNING("target not halted");
1172 return ERROR_TARGET_NOT_HALTED;
1175 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1178 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1179 * SYS shares registers with User, so we don't touch SYS
1181 for(i = 0; i < 6; i++)
1188 /* check if there are invalid registers in the current mode
1190 for (j = 0; j <= 16; j++)
1192 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1200 /* change processor mode (and mask T bit) */
1201 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1202 tmp_cpsr |= armv4_5_number_to_mode(i);
1204 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1206 for (j = 0; j < 15; j++)
1208 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1210 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1212 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1213 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1217 /* if only the PSR is invalid, mask is all zeroes */
1219 arm7_9->read_core_regs(target, mask, reg_p);
1221 /* check if the PSR has to be read */
1222 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1224 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1225 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1231 /* restore processor mode (mask T bit) */
1232 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1234 if ((retval = jtag_execute_queue()) != ERROR_OK)
1241 int arm7_9_restore_context(target_t *target)
1243 armv4_5_common_t *armv4_5 = target->arch_info;
1244 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1246 armv4_5_core_reg_t *reg_arch_info;
1247 enum armv4_5_mode current_mode = armv4_5->core_mode;
1254 if (target->state != TARGET_HALTED)
1256 LOG_WARNING("target not halted");
1257 return ERROR_TARGET_NOT_HALTED;
1260 if (arm7_9->pre_restore_context)
1261 arm7_9->pre_restore_context(target);
1263 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1266 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1267 * SYS shares registers with User, so we don't touch SYS
1269 for (i = 0; i < 6; i++)
1271 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1274 /* check if there are dirty registers in the current mode
1276 for (j = 0; j <= 16; j++)
1278 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1279 reg_arch_info = reg->arch_info;
1280 if (reg->dirty == 1)
1282 if (reg->valid == 1)
1285 LOG_DEBUG("examining dirty reg: %s", reg->name);
1286 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1287 && (reg_arch_info->mode != current_mode)
1288 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1289 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1292 LOG_DEBUG("require mode change");
1297 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1312 /* change processor mode (mask T bit) */
1313 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1314 tmp_cpsr |= armv4_5_number_to_mode(i);
1316 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1317 current_mode = armv4_5_number_to_mode(i);
1320 for (j = 0; j <= 14; j++)
1322 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1323 reg_arch_info = reg->arch_info;
1326 if (reg->dirty == 1)
1328 regs[j] = buf_get_u32(reg->value, 0, 32);
1333 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1339 arm7_9->write_core_regs(target, mask, regs);
1342 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1343 reg_arch_info = reg->arch_info;
1344 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1346 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1347 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1352 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1354 /* restore processor mode (mask T bit) */
1357 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1358 tmp_cpsr |= armv4_5_number_to_mode(i);
1360 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1361 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1363 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1365 /* CPSR has been changed, full restore necessary (mask T bit) */
1366 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1367 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1368 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1369 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1373 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1374 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1375 armv4_5->core_cache->reg_list[15].dirty = 0;
1377 if (arm7_9->post_restore_context)
1378 arm7_9->post_restore_context(target);
1383 int arm7_9_restart_core(struct target_s *target)
1385 armv4_5_common_t *armv4_5 = target->arch_info;
1386 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1387 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1389 /* set RESTART instruction */
1390 jtag_add_end_state(TAP_RTI);
1391 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1393 jtag_add_runtest(1, TAP_RTI);
1394 return jtag_execute_queue();
1397 void arm7_9_enable_watchpoints(struct target_s *target)
1399 watchpoint_t *watchpoint = target->watchpoints;
1403 if (watchpoint->set == 0)
1404 arm7_9_set_watchpoint(target, watchpoint);
1405 watchpoint = watchpoint->next;
1409 void arm7_9_enable_breakpoints(struct target_s *target)
1411 breakpoint_t *breakpoint = target->breakpoints;
1413 /* set any pending breakpoints */
1416 if (breakpoint->set == 0)
1417 arm7_9_set_breakpoint(target, breakpoint);
1418 breakpoint = breakpoint->next;
1422 void arm7_9_disable_bkpts_and_wpts(struct target_s *target)
1424 breakpoint_t *breakpoint = target->breakpoints;
1425 watchpoint_t *watchpoint = target->watchpoints;
1427 /* set any pending breakpoints */
1430 if (breakpoint->set != 0)
1431 arm7_9_unset_breakpoint(target, breakpoint);
1432 breakpoint = breakpoint->next;
1437 if (watchpoint->set != 0)
1438 arm7_9_unset_watchpoint(target, watchpoint);
1439 watchpoint = watchpoint->next;
1443 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1445 armv4_5_common_t *armv4_5 = target->arch_info;
1446 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1447 breakpoint_t *breakpoint = target->breakpoints;
1448 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1453 if (target->state != TARGET_HALTED)
1455 LOG_WARNING("target not halted");
1456 return ERROR_TARGET_NOT_HALTED;
1459 if (!debug_execution)
1461 target_free_all_working_areas(target);
1464 /* current = 1: continue on current pc, otherwise continue at <address> */
1466 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1468 /* the front-end may request us not to handle breakpoints */
1469 if (handle_breakpoints)
1471 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1473 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1474 arm7_9_unset_breakpoint(target, breakpoint);
1476 LOG_DEBUG("enable single-step");
1477 arm7_9->enable_single_step(target);
1479 target->debug_reason = DBG_REASON_SINGLESTEP;
1481 arm7_9_restore_context(target);
1483 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1484 arm7_9->branch_resume(target);
1485 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1487 arm7_9->branch_resume_thumb(target);
1491 LOG_ERROR("unhandled core state");
1495 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1496 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1497 err = arm7_9_execute_sys_speed(target);
1499 LOG_DEBUG("disable single-step");
1500 arm7_9->disable_single_step(target);
1502 if (err != ERROR_OK)
1504 arm7_9_set_breakpoint(target, breakpoint);
1505 target->state = TARGET_UNKNOWN;
1509 arm7_9_debug_entry(target);
1510 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1512 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1513 arm7_9_set_breakpoint(target, breakpoint);
1517 /* enable any pending breakpoints and watchpoints */
1518 arm7_9_enable_breakpoints(target);
1519 arm7_9_enable_watchpoints(target);
1521 arm7_9_restore_context(target);
1523 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1525 arm7_9->branch_resume(target);
1527 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1529 arm7_9->branch_resume_thumb(target);
1533 LOG_ERROR("unhandled core state");
1537 /* deassert DBGACK and INTDIS */
1538 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1539 /* INTDIS only when we really resume, not during debug execution */
1540 if (!debug_execution)
1541 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1542 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1544 arm7_9_restart_core(target);
1546 target->debug_reason = DBG_REASON_NOTHALTED;
1548 if (!debug_execution)
1550 /* registers are now invalid */
1551 armv4_5_invalidate_core_regs(target);
1552 target->state = TARGET_RUNNING;
1553 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1557 target->state = TARGET_DEBUG_RUNNING;
1558 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1561 LOG_DEBUG("target resumed");
1566 void arm7_9_enable_eice_step(target_t *target)
1568 armv4_5_common_t *armv4_5 = target->arch_info;
1569 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1571 /* setup an inverse breakpoint on the current PC
1572 * - comparator 1 matches the current address
1573 * - rangeout from comparator 1 is connected to comparator 0 rangein
1574 * - comparator 0 matches any address, as long as rangein is low */
1575 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1577 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
1578 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0x77);
1579 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1580 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1581 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1582 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1583 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xf7);
1586 void arm7_9_disable_eice_step(target_t *target)
1588 armv4_5_common_t *armv4_5 = target->arch_info;
1589 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1591 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1592 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1593 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1594 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1595 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1596 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1597 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1598 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1599 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1602 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1604 armv4_5_common_t *armv4_5 = target->arch_info;
1605 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1606 breakpoint_t *breakpoint = NULL;
1609 if (target->state != TARGET_HALTED)
1611 LOG_WARNING("target not halted");
1612 return ERROR_TARGET_NOT_HALTED;
1615 /* current = 1: continue on current pc, otherwise continue at <address> */
1617 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1619 /* the front-end may request us not to handle breakpoints */
1620 if (handle_breakpoints)
1621 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1622 arm7_9_unset_breakpoint(target, breakpoint);
1624 target->debug_reason = DBG_REASON_SINGLESTEP;
1626 arm7_9_restore_context(target);
1628 arm7_9->enable_single_step(target);
1630 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1632 arm7_9->branch_resume(target);
1634 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1636 arm7_9->branch_resume_thumb(target);
1640 LOG_ERROR("unhandled core state");
1644 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1646 err = arm7_9_execute_sys_speed(target);
1647 arm7_9->disable_single_step(target);
1649 /* registers are now invalid */
1650 armv4_5_invalidate_core_regs(target);
1652 if (err != ERROR_OK)
1654 target->state = TARGET_UNKNOWN;
1656 arm7_9_debug_entry(target);
1657 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1658 LOG_DEBUG("target stepped");
1662 arm7_9_set_breakpoint(target, breakpoint);
1668 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1673 armv4_5_common_t *armv4_5 = target->arch_info;
1674 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1676 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1679 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1681 if ((num < 0) || (num > 16))
1682 return ERROR_INVALID_ARGUMENTS;
1684 if ((mode != ARMV4_5_MODE_ANY)
1685 && (mode != armv4_5->core_mode)
1686 && (reg_mode != ARMV4_5_MODE_ANY))
1690 /* change processor mode (mask T bit) */
1691 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1694 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1697 if ((num >= 0) && (num <= 15))
1699 /* read a normal core register */
1700 reg_p[num] = &value;
1702 arm7_9->read_core_regs(target, 1 << num, reg_p);
1706 /* read a program status register
1707 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1709 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1710 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1712 arm7_9->read_xpsr(target, &value, spsr);
1715 if ((retval = jtag_execute_queue()) != ERROR_OK)
1720 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1721 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1722 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1724 if ((mode != ARMV4_5_MODE_ANY)
1725 && (mode != armv4_5->core_mode)
1726 && (reg_mode != ARMV4_5_MODE_ANY)) {
1727 /* restore processor mode (mask T bit) */
1728 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1735 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1738 armv4_5_common_t *armv4_5 = target->arch_info;
1739 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1741 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1744 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1746 if ((num < 0) || (num > 16))
1747 return ERROR_INVALID_ARGUMENTS;
1749 if ((mode != ARMV4_5_MODE_ANY)
1750 && (mode != armv4_5->core_mode)
1751 && (reg_mode != ARMV4_5_MODE_ANY)) {
1754 /* change processor mode (mask T bit) */
1755 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1758 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1761 if ((num >= 0) && (num <= 15))
1763 /* write a normal core register */
1766 arm7_9->write_core_regs(target, 1 << num, reg);
1770 /* write a program status register
1771 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1773 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1774 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1776 /* if we're writing the CPSR, mask the T bit */
1780 arm7_9->write_xpsr(target, value, spsr);
1783 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1784 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1786 if ((mode != ARMV4_5_MODE_ANY)
1787 && (mode != armv4_5->core_mode)
1788 && (reg_mode != ARMV4_5_MODE_ANY)) {
1789 /* restore processor mode (mask T bit) */
1790 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1793 return jtag_execute_queue();
1796 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1798 armv4_5_common_t *armv4_5 = target->arch_info;
1799 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1802 int num_accesses = 0;
1803 int thisrun_accesses;
1809 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1811 if (target->state != TARGET_HALTED)
1813 LOG_WARNING("target not halted");
1814 return ERROR_TARGET_NOT_HALTED;
1817 /* sanitize arguments */
1818 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1819 return ERROR_INVALID_ARGUMENTS;
1821 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1822 return ERROR_TARGET_UNALIGNED_ACCESS;
1824 /* load the base register with the address of the first word */
1826 arm7_9->write_core_regs(target, 0x1, reg);
1831 while (num_accesses < count)
1834 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1835 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1837 if (last_reg <= thisrun_accesses)
1838 last_reg = thisrun_accesses;
1840 arm7_9->load_word_regs(target, reg_list);
1842 /* fast memory reads are only safe when the target is running
1843 * from a sufficiently high clock (32 kHz is usually too slow)
1845 if (arm7_9->fast_memory_access)
1846 arm7_9_execute_fast_sys_speed(target);
1848 arm7_9_execute_sys_speed(target);
1850 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1852 /* advance buffer, count number of accesses */
1853 buffer += thisrun_accesses * 4;
1854 num_accesses += thisrun_accesses;
1858 while (num_accesses < count)
1861 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1862 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1864 for (i = 1; i <= thisrun_accesses; i++)
1868 arm7_9->load_hword_reg(target, i);
1869 /* fast memory reads are only safe when the target is running
1870 * from a sufficiently high clock (32 kHz is usually too slow)
1872 if (arm7_9->fast_memory_access)
1873 arm7_9_execute_fast_sys_speed(target);
1875 arm7_9_execute_sys_speed(target);
1878 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1880 /* advance buffer, count number of accesses */
1881 buffer += thisrun_accesses * 2;
1882 num_accesses += thisrun_accesses;
1886 while (num_accesses < count)
1889 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1890 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1892 for (i = 1; i <= thisrun_accesses; i++)
1896 arm7_9->load_byte_reg(target, i);
1897 /* fast memory reads are only safe when the target is running
1898 * from a sufficiently high clock (32 kHz is usually too slow)
1900 if (arm7_9->fast_memory_access)
1901 arm7_9_execute_fast_sys_speed(target);
1903 arm7_9_execute_sys_speed(target);
1906 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1908 /* advance buffer, count number of accesses */
1909 buffer += thisrun_accesses * 1;
1910 num_accesses += thisrun_accesses;
1914 LOG_ERROR("BUG: we shouldn't get here");
1919 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1922 for (i=0; i<=last_reg; i++)
1923 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1925 arm7_9->read_xpsr(target, &cpsr, 0);
1926 if ((retval = jtag_execute_queue()) != ERROR_OK)
1928 LOG_ERROR("JTAG error while reading cpsr");
1929 return ERROR_TARGET_DATA_ABORT;
1932 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1934 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1936 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1938 return ERROR_TARGET_DATA_ABORT;
1944 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1946 armv4_5_common_t *armv4_5 = target->arch_info;
1947 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1948 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1951 int num_accesses = 0;
1952 int thisrun_accesses;
1958 #ifdef _DEBUG_ARM7_9_
1959 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1962 if (target->state != TARGET_HALTED)
1964 LOG_WARNING("target not halted");
1965 return ERROR_TARGET_NOT_HALTED;
1968 /* sanitize arguments */
1969 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1970 return ERROR_INVALID_ARGUMENTS;
1972 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1973 return ERROR_TARGET_UNALIGNED_ACCESS;
1975 /* load the base register with the address of the first word */
1977 arm7_9->write_core_regs(target, 0x1, reg);
1979 /* Clear DBGACK, to make sure memory fetches work as expected */
1980 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1981 embeddedice_store_reg(dbg_ctrl);
1986 while (num_accesses < count)
1989 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1990 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1992 for (i = 1; i <= thisrun_accesses; i++)
1996 reg[i] = target_buffer_get_u32(target, buffer);
2000 arm7_9->write_core_regs(target, reg_list, reg);
2002 arm7_9->store_word_regs(target, reg_list);
2004 /* fast memory writes are only safe when the target is running
2005 * from a sufficiently high clock (32 kHz is usually too slow)
2007 if (arm7_9->fast_memory_access)
2008 arm7_9_execute_fast_sys_speed(target);
2010 arm7_9_execute_sys_speed(target);
2012 num_accesses += thisrun_accesses;
2016 while (num_accesses < count)
2019 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2020 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2022 for (i = 1; i <= thisrun_accesses; i++)
2026 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2030 arm7_9->write_core_regs(target, reg_list, reg);
2032 for (i = 1; i <= thisrun_accesses; i++)
2034 arm7_9->store_hword_reg(target, i);
2036 /* fast memory writes are only safe when the target is running
2037 * from a sufficiently high clock (32 kHz is usually too slow)
2039 if (arm7_9->fast_memory_access)
2040 arm7_9_execute_fast_sys_speed(target);
2042 arm7_9_execute_sys_speed(target);
2045 num_accesses += thisrun_accesses;
2049 while (num_accesses < count)
2052 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2053 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2055 for (i = 1; i <= thisrun_accesses; i++)
2059 reg[i] = *buffer++ & 0xff;
2062 arm7_9->write_core_regs(target, reg_list, reg);
2064 for (i = 1; i <= thisrun_accesses; i++)
2066 arm7_9->store_byte_reg(target, i);
2067 /* fast memory writes are only safe when the target is running
2068 * from a sufficiently high clock (32 kHz is usually too slow)
2070 if (arm7_9->fast_memory_access)
2071 arm7_9_execute_fast_sys_speed(target);
2073 arm7_9_execute_sys_speed(target);
2076 num_accesses += thisrun_accesses;
2080 LOG_ERROR("BUG: we shouldn't get here");
2086 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2087 embeddedice_store_reg(dbg_ctrl);
2089 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2092 for (i=0; i<=last_reg; i++)
2093 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2095 arm7_9->read_xpsr(target, &cpsr, 0);
2096 if ((retval = jtag_execute_queue()) != ERROR_OK)
2098 LOG_ERROR("JTAG error while reading cpsr");
2099 return ERROR_TARGET_DATA_ABORT;
2102 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2104 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2106 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2108 return ERROR_TARGET_DATA_ABORT;
2114 static const u32 dcc_code[] =
2116 /* MRC TST BNE MRC STR B */
2117 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2120 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2122 armv4_5_common_t *armv4_5 = target->arch_info;
2123 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2124 enum armv4_5_state core_state = armv4_5->core_state;
2125 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2126 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2127 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2130 if (!arm7_9->dcc_downloads)
2131 return target->type->write_memory(target, address, 4, count, buffer);
2133 /* regrab previously allocated working_area, or allocate a new one */
2134 if (!arm7_9->dcc_working_area)
2136 u8 dcc_code_buf[6 * 4];
2138 /* make sure we have a working area */
2139 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2141 LOG_INFO("no working area available, falling back to memory writes");
2142 return target->type->write_memory(target, address, 4, count, buffer);
2145 /* copy target instructions to target endianness */
2146 for (i = 0; i < 6; i++)
2148 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2151 /* write DCC code to working area */
2152 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2155 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2156 armv4_5->core_cache->reg_list[0].valid = 1;
2157 armv4_5->core_cache->reg_list[0].dirty = 1;
2158 armv4_5->core_state = ARMV4_5_STATE_ARM;
2160 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2162 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2165 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2166 core function repeated.
2168 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2171 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2172 u8 reg_addr = ice_reg->addr & 0x1f;
2173 int chain_pos = ice_reg->jtag_info->chain_pos;
2174 /* we want the compiler to duplicate the code, which it does not
2179 for (i = 1; i < count - 1; i++)
2181 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2186 for (i = 1; i < count - 1; i++)
2188 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2192 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2195 for (i = 0; i < count; i++)
2197 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2202 target_halt(target);
2204 for (i=0; i<100; i++)
2206 target_poll(target);
2207 if (target->state == TARGET_HALTED)
2209 usleep(1000); /* sleep 1ms */
2213 LOG_ERROR("bulk write timed out, target not halted");
2214 return ERROR_TARGET_TIMEOUT;
2217 /* restore target state */
2218 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2219 armv4_5->core_cache->reg_list[0].valid = 1;
2220 armv4_5->core_cache->reg_list[0].dirty = 1;
2221 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2222 armv4_5->core_cache->reg_list[1].valid = 1;
2223 armv4_5->core_cache->reg_list[1].dirty = 1;
2224 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2225 armv4_5->core_cache->reg_list[15].valid = 1;
2226 armv4_5->core_cache->reg_list[15].dirty = 1;
2227 armv4_5->core_state = core_state;
2232 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2234 working_area_t *crc_algorithm;
2235 armv4_5_algorithm_t armv4_5_info;
2236 reg_param_t reg_params[2];
2239 u32 arm7_9_crc_code[] = {
2240 0xE1A02000, /* mov r2, r0 */
2241 0xE3E00000, /* mov r0, #0xffffffff */
2242 0xE1A03001, /* mov r3, r1 */
2243 0xE3A04000, /* mov r4, #0 */
2244 0xEA00000B, /* b ncomp */
2246 0xE7D21004, /* ldrb r1, [r2, r4] */
2247 0xE59F7030, /* ldr r7, CRC32XOR */
2248 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2249 0xE3A05000, /* mov r5, #0 */
2251 0xE3500000, /* cmp r0, #0 */
2252 0xE1A06080, /* mov r6, r0, asl #1 */
2253 0xE2855001, /* add r5, r5, #1 */
2254 0xE1A00006, /* mov r0, r6 */
2255 0xB0260007, /* eorlt r0, r6, r7 */
2256 0xE3550008, /* cmp r5, #8 */
2257 0x1AFFFFF8, /* bne loop */
2258 0xE2844001, /* add r4, r4, #1 */
2260 0xE1540003, /* cmp r4, r3 */
2261 0x1AFFFFF1, /* bne nbyte */
2263 0xEAFFFFFE, /* b end */
2264 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2269 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2271 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2274 /* convert flash writing code into a buffer in target endianness */
2275 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2276 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2278 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2279 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2280 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2282 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2283 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2285 buf_set_u32(reg_params[0].value, 0, 32, address);
2286 buf_set_u32(reg_params[1].value, 0, 32, count);
2288 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2289 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2291 LOG_ERROR("error executing arm7_9 crc algorithm");
2292 destroy_reg_param(®_params[0]);
2293 destroy_reg_param(®_params[1]);
2294 target_free_working_area(target, crc_algorithm);
2298 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2300 destroy_reg_param(®_params[0]);
2301 destroy_reg_param(®_params[1]);
2303 target_free_working_area(target, crc_algorithm);
2308 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2310 command_t *arm7_9_cmd;
2312 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2314 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2315 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2317 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2319 register_command(cmd_ctx, arm7_9_cmd, "sw_bkpts", handle_arm7_9_sw_bkpts_command, COMMAND_EXEC, "support for software breakpoints <enable|disable>");
2320 register_command(cmd_ctx, arm7_9_cmd, "force_hw_bkpts", handle_arm7_9_force_hw_bkpts_command, COMMAND_EXEC, "use hardware breakpoints for all breakpoints (disables sw breakpoint support) <enable|disable>");
2321 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2322 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2323 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2324 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2325 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2326 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2327 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2328 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2330 armv4_5_register_commands(cmd_ctx);
2332 etm_register_commands(cmd_ctx);
2337 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2342 target_t *target = get_current_target(cmd_ctx);
2343 armv4_5_common_t *armv4_5;
2344 arm7_9_common_t *arm7_9;
2346 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2348 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2352 if (target->state != TARGET_HALTED)
2354 command_print(cmd_ctx, "can't write registers while running");
2360 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2364 value = strtoul(args[0], NULL, 0);
2365 spsr = strtol(args[1], NULL, 0);
2367 /* if we're writing the CPSR, mask the T bit */
2371 arm7_9->write_xpsr(target, value, spsr);
2372 if ((retval = jtag_execute_queue()) != ERROR_OK)
2374 LOG_ERROR("JTAG error while writing to xpsr");
2381 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2387 target_t *target = get_current_target(cmd_ctx);
2388 armv4_5_common_t *armv4_5;
2389 arm7_9_common_t *arm7_9;
2391 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2393 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2397 if (target->state != TARGET_HALTED)
2399 command_print(cmd_ctx, "can't write registers while running");
2405 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2409 value = strtoul(args[0], NULL, 0);
2410 rotate = strtol(args[1], NULL, 0);
2411 spsr = strtol(args[2], NULL, 0);
2413 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2414 if ((retval = jtag_execute_queue()) != ERROR_OK)
2416 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2423 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2428 target_t *target = get_current_target(cmd_ctx);
2429 armv4_5_common_t *armv4_5;
2430 arm7_9_common_t *arm7_9;
2432 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2434 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2438 if (target->state != TARGET_HALTED)
2440 command_print(cmd_ctx, "can't write registers while running");
2446 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2450 num = strtol(args[0], NULL, 0);
2451 mode = strtoul(args[1], NULL, 0);
2452 value = strtoul(args[2], NULL, 0);
2454 arm7_9_write_core_reg(target, num, mode, value);
2459 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2461 target_t *target = get_current_target(cmd_ctx);
2462 armv4_5_common_t *armv4_5;
2463 arm7_9_common_t *arm7_9;
2465 if (target->state != TARGET_HALTED)
2467 LOG_ERROR("target not halted");
2468 return ERROR_TARGET_NOT_HALTED;
2471 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2473 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2479 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2483 if (strcmp("enable", args[0]) == 0)
2485 if (arm7_9->sw_bkpts_use_wp)
2487 arm7_9_enable_sw_bkpts(target);
2491 arm7_9->sw_bkpts_enabled = 1;
2494 else if (strcmp("disable", args[0]) == 0)
2496 if (arm7_9->sw_bkpts_use_wp)
2498 arm7_9_disable_sw_bkpts(target);
2502 arm7_9->sw_bkpts_enabled = 0;
2507 command_print(cmd_ctx, "usage: arm7_9 sw_bkpts <enable|disable>");
2510 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2515 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2517 target_t *target = get_current_target(cmd_ctx);
2518 armv4_5_common_t *armv4_5;
2519 arm7_9_common_t *arm7_9;
2521 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2523 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2527 if ((argc >= 1) && (strcmp("enable", args[0]) == 0))
2529 arm7_9->force_hw_bkpts = 1;
2530 if (arm7_9->sw_bkpts_use_wp)
2532 arm7_9_disable_sw_bkpts(target);
2535 else if ((argc >= 1) && (strcmp("disable", args[0]) == 0))
2537 arm7_9->force_hw_bkpts = 0;
2541 command_print(cmd_ctx, "usage: arm7_9 force_hw_bkpts <enable|disable>");
2544 command_print(cmd_ctx, "force hardware breakpoints %s", (arm7_9->force_hw_bkpts) ? "enabled" : "disabled");
2549 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2551 target_t *target = get_current_target(cmd_ctx);
2552 armv4_5_common_t *armv4_5;
2553 arm7_9_common_t *arm7_9;
2555 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2557 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2563 if (strcmp("enable", args[0]) == 0)
2565 arm7_9->use_dbgrq = 1;
2567 else if (strcmp("disable", args[0]) == 0)
2569 arm7_9->use_dbgrq = 0;
2573 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2577 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2582 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2584 target_t *target = get_current_target(cmd_ctx);
2585 armv4_5_common_t *armv4_5;
2586 arm7_9_common_t *arm7_9;
2588 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2590 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2596 if (strcmp("enable", args[0]) == 0)
2598 arm7_9->fast_memory_access = 1;
2600 else if (strcmp("disable", args[0]) == 0)
2602 arm7_9->fast_memory_access = 0;
2606 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2610 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2615 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2617 target_t *target = get_current_target(cmd_ctx);
2618 armv4_5_common_t *armv4_5;
2619 arm7_9_common_t *arm7_9;
2621 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2623 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2629 if (strcmp("enable", args[0]) == 0)
2631 arm7_9->dcc_downloads = 1;
2633 else if (strcmp("disable", args[0]) == 0)
2635 arm7_9->dcc_downloads = 0;
2639 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2643 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2648 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2650 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2652 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2654 arm_jtag_setup_connection(&arm7_9->jtag_info);
2655 arm7_9->wp_available = 2;
2656 arm7_9->wp0_used = 0;
2657 arm7_9->wp1_used = 0;
2658 arm7_9->force_hw_bkpts = 0;
2659 arm7_9->use_dbgrq = 0;
2661 arm7_9->etm_ctx = NULL;
2662 arm7_9->has_single_step = 0;
2663 arm7_9->has_monitor_mode = 0;
2664 arm7_9->has_vector_catch = 0;
2666 arm7_9->debug_entry_from_reset = 0;
2668 arm7_9->dcc_working_area = NULL;
2670 arm7_9->fast_memory_access = fast_and_dangerous;
2671 arm7_9->dcc_downloads = fast_and_dangerous;
2673 armv4_5->arch_info = arm7_9;
2674 armv4_5->read_core_reg = arm7_9_read_core_reg;
2675 armv4_5->write_core_reg = arm7_9_write_core_reg;
2676 armv4_5->full_context = arm7_9_full_context;
2678 armv4_5_init_arch_info(target, armv4_5);
2680 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / fw / openocd / blob