1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
27 #include "replacements.h"
29 #include "embeddedice.h"
31 #include "target_request.h"
36 #include "arm7_9_common.h"
37 #include "breakpoints.h"
38 #include "time_support.h"
44 #include <sys/types.h>
49 int arm7_9_debug_entry(target_t *target);
50 int arm7_9_enable_sw_bkpts(struct target_s *target);
52 /* command handler forward declarations */
53 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
65 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
66 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
67 arm7_9->sw_breakpoints_added = 0;
69 arm7_9->wp1_used = arm7_9->wp1_used_default;
70 arm7_9->wp_available = arm7_9->wp_available_max;
72 return jtag_execute_queue();
75 /* set up embedded ice registers */
76 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
78 if (arm7_9->sw_breakpoints_added)
82 if (arm7_9->wp_available < 1)
84 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
85 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
87 arm7_9->wp_available--;
89 /* pick a breakpoint unit */
90 if (!arm7_9->wp0_used)
92 arm7_9->sw_breakpoints_added=1;
94 } else if (!arm7_9->wp1_used)
96 arm7_9->sw_breakpoints_added=2;
101 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
105 if (arm7_9->sw_breakpoints_added==1)
107 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
108 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
109 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
113 else if (arm7_9->sw_breakpoints_added==2)
115 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
116 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
117 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
123 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
127 return jtag_execute_queue();
130 /* set things up after a reset / on startup */
131 int arm7_9_setup(target_t *target)
133 armv4_5_common_t *armv4_5 = target->arch_info;
134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
136 return arm7_9_clear_watchpoints(arm7_9);
140 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
142 armv4_5_common_t *armv4_5 = target->arch_info;
143 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
145 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
150 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
155 *armv4_5_p = armv4_5;
161 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
162 * might have erased the values in embedded ice
164 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
166 armv4_5_common_t *armv4_5 = target->arch_info;
167 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
170 if (target->state != TARGET_HALTED)
172 LOG_WARNING("target not halted");
173 return ERROR_TARGET_NOT_HALTED;
176 if (breakpoint->type == BKPT_HARD)
178 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
179 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
180 if (breakpoint->set==1)
182 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
183 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
184 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
188 else if (breakpoint->set==2)
190 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
191 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
192 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
198 LOG_ERROR("BUG: no hardware comparator available");
202 retval=jtag_execute_queue();
204 else if (breakpoint->type == BKPT_SOFT)
206 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
209 /* did we already set this breakpoint? */
213 if (breakpoint->length == 4)
215 u32 verify = 0xffffffff;
216 /* keep the original instruction in target endianness */
217 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
218 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
219 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
221 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
222 if (verify != arm7_9->arm_bkpt)
224 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
231 /* keep the original instruction in target endianness */
232 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
233 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
234 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
236 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
237 if (verify != arm7_9->thumb_bkpt)
239 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
250 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
252 armv4_5_common_t *armv4_5 = target->arch_info;
253 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
255 if (!breakpoint->set)
257 LOG_WARNING("breakpoint not set");
261 if (breakpoint->type == BKPT_HARD)
263 if (breakpoint->set == 1)
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
266 arm7_9->wp0_used = 0;
268 else if (breakpoint->set == 2)
270 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
271 arm7_9->wp1_used = 0;
273 jtag_execute_queue();
278 /* restore original instruction (kept in target endianness) */
279 if (breakpoint->length == 4)
282 /* check that user program as not modified breakpoint instruction */
283 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
284 if (current_instr==arm7_9->arm_bkpt)
285 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
290 /* check that user program as not modified breakpoint instruction */
291 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
292 if (current_instr==arm7_9->thumb_bkpt)
293 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
301 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
303 armv4_5_common_t *armv4_5 = target->arch_info;
304 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
306 if (target->state != TARGET_HALTED)
308 LOG_WARNING("target not halted");
309 return ERROR_TARGET_NOT_HALTED;
312 if (arm7_9->breakpoint_count==0)
314 /* make sure we don't have any dangling breakpoints. This is vital upon
315 * GDB connect/disconnect
317 arm7_9_clear_watchpoints(arm7_9);
320 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
322 LOG_INFO("no watchpoint unit available for hardware breakpoint");
323 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
326 if ((breakpoint->length != 2) && (breakpoint->length != 4))
328 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
329 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
332 if (breakpoint->type == BKPT_HARD)
334 arm7_9->wp_available--;
336 if (!arm7_9->wp0_used)
338 arm7_9->wp0_used = 1;
341 else if (!arm7_9->wp1_used)
343 arm7_9->wp1_used = 1;
348 LOG_ERROR("BUG: no hardware comparator available");
353 arm7_9->breakpoint_count++;
355 return arm7_9_set_breakpoint(target, breakpoint);
358 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
360 armv4_5_common_t *armv4_5 = target->arch_info;
361 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
363 arm7_9_unset_breakpoint(target, breakpoint);
365 if (breakpoint->type == BKPT_HARD)
366 arm7_9->wp_available++;
368 arm7_9->breakpoint_count--;
369 if (arm7_9->breakpoint_count==0)
371 /* make sure we don't have any dangling breakpoints */
372 arm7_9_clear_watchpoints(arm7_9);
378 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
380 armv4_5_common_t *armv4_5 = target->arch_info;
381 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
385 mask = watchpoint->length - 1;
387 if (target->state != TARGET_HALTED)
389 LOG_WARNING("target not halted");
390 return ERROR_TARGET_NOT_HALTED;
393 if (watchpoint->rw == WPT_ACCESS)
398 if (!arm7_9->wp0_used)
400 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
401 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
402 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
403 if( watchpoint->mask != 0xffffffffu )
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
406 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
408 jtag_execute_queue();
410 arm7_9->wp0_used = 2;
412 else if (!arm7_9->wp1_used)
414 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
415 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
416 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
417 if( watchpoint->mask != 0xffffffffu )
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
420 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
422 jtag_execute_queue();
424 arm7_9->wp1_used = 2;
428 LOG_ERROR("BUG: no hardware comparator available");
435 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
437 armv4_5_common_t *armv4_5 = target->arch_info;
438 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
440 if (target->state != TARGET_HALTED)
442 LOG_WARNING("target not halted");
443 return ERROR_TARGET_NOT_HALTED;
446 if (!watchpoint->set)
448 LOG_WARNING("breakpoint not set");
452 if (watchpoint->set == 1)
454 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
455 jtag_execute_queue();
456 arm7_9->wp0_used = 0;
458 else if (watchpoint->set == 2)
460 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
461 jtag_execute_queue();
462 arm7_9->wp1_used = 0;
469 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
471 armv4_5_common_t *armv4_5 = target->arch_info;
472 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
474 if (target->state != TARGET_HALTED)
476 LOG_WARNING("target not halted");
477 return ERROR_TARGET_NOT_HALTED;
480 if (arm7_9->wp_available < 1)
482 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
485 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
487 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
490 arm7_9->wp_available--;
495 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
497 armv4_5_common_t *armv4_5 = target->arch_info;
498 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
502 arm7_9_unset_watchpoint(target, watchpoint);
505 arm7_9->wp_available++;
513 int arm7_9_execute_sys_speed(struct target_s *target)
517 armv4_5_common_t *armv4_5 = target->arch_info;
518 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
519 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
520 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
522 /* set RESTART instruction */
523 jtag_add_end_state(TAP_RTI);
524 if (arm7_9->need_bypass_before_restart) {
525 arm7_9->need_bypass_before_restart = 0;
526 arm_jtag_set_instr(jtag_info, 0xf, NULL);
528 arm_jtag_set_instr(jtag_info, 0x4, NULL);
530 long long then=timeval_ms();
532 while (!(timeout=((timeval_ms()-then)>1000)))
534 /* read debug status register */
535 embeddedice_read_reg(dbg_stat);
536 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
539 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
551 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
552 return ERROR_TARGET_TIMEOUT;
558 int arm7_9_execute_fast_sys_speed(struct target_s *target)
561 static u8 check_value[4], check_mask[4];
563 armv4_5_common_t *armv4_5 = target->arch_info;
564 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
565 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
566 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
568 /* set RESTART instruction */
569 jtag_add_end_state(TAP_RTI);
570 if (arm7_9->need_bypass_before_restart) {
571 arm7_9->need_bypass_before_restart = 0;
572 arm_jtag_set_instr(jtag_info, 0xf, NULL);
574 arm_jtag_set_instr(jtag_info, 0x4, NULL);
578 /* check for DBGACK and SYSCOMP set (others don't care) */
580 /* NB! These are constants that must be available until after next jtag_execute() and
581 we evaluate the values upon first execution in lieu of setting up these constants
584 buf_set_u32(check_value, 0, 32, 0x9);
585 buf_set_u32(check_mask, 0, 32, 0x9);
589 /* read debug status register */
590 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
595 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
597 armv4_5_common_t *armv4_5 = target->arch_info;
598 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
599 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
603 data = malloc(size * (sizeof(u32)));
605 embeddedice_receive(jtag_info, data, size);
607 for (i = 0; i < size; i++)
609 h_u32_to_le(buffer + (i * 4), data[i]);
617 int arm7_9_handle_target_request(void *priv)
619 target_t *target = priv;
620 if (!target->type->examined)
622 armv4_5_common_t *armv4_5 = target->arch_info;
623 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
624 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
625 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
628 if (!target->dbg_msg_enabled)
631 if (target->state == TARGET_RUNNING)
633 /* read DCC control register */
634 embeddedice_read_reg(dcc_control);
635 jtag_execute_queue();
638 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
642 embeddedice_receive(jtag_info, &request, 1);
643 target_request(target, request);
650 int arm7_9_poll(target_t *target)
653 armv4_5_common_t *armv4_5 = target->arch_info;
654 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
655 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
657 /* read debug status register */
658 embeddedice_read_reg(dbg_stat);
659 if ((retval = jtag_execute_queue()) != ERROR_OK)
664 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
666 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
667 if (target->state == TARGET_UNKNOWN)
669 target->state = TARGET_RUNNING;
670 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
672 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
675 if (target->state == TARGET_RESET)
677 if (target->reset_halt)
679 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
686 target->state = TARGET_HALTED;
688 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
693 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
694 u32 t=*((u32 *)reg->value);
697 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
701 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
703 if (target->state == TARGET_DEBUG_RUNNING)
705 target->state = TARGET_HALTED;
706 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
709 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
711 if (target->state != TARGET_HALTED)
713 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
718 if (target->state != TARGET_DEBUG_RUNNING)
719 target->state = TARGET_RUNNING;
726 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
727 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
728 while the core is held in reset(SRST). It isn't possible to program the halt
729 condition once reset was asserted, hence a hook that allows the target to set
730 up its reset-halt condition prior to asserting reset.
733 int arm7_9_assert_reset(target_t *target)
735 armv4_5_common_t *armv4_5 = target->arch_info;
736 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
737 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
739 if (!(jtag_reset_config & RESET_HAS_SRST))
741 LOG_ERROR("Can't assert SRST");
745 if (target->reset_halt)
748 * Some targets do not support communication while SRST is asserted. We need to
749 * set up the reset vector catch here.
751 * If TRST is asserted, then these settings will be reset anyway, so setting them
754 if (arm7_9->has_vector_catch)
756 /* program vector catch register to catch reset vector */
757 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
761 /* program watchpoint unit to match on reset vector address */
762 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
763 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
764 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
765 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
766 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
770 /* here we should issue a srst only, but we may have to assert trst as well */
771 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
773 jtag_add_reset(1, 1);
776 jtag_add_reset(0, 1);
780 target->state = TARGET_RESET;
781 jtag_add_sleep(50000);
783 armv4_5_invalidate_core_regs(target);
785 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
787 /* debug entry was already prepared in arm7_9_assert_reset() */
788 target->debug_reason = DBG_REASON_DBGRQ;
795 int arm7_9_deassert_reset(target_t *target)
798 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
800 /* deassert reset lines */
801 jtag_add_reset(0, 0);
803 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
805 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
806 /* set up embedded ice registers again */
807 if ((retval=target->type->examine(target))!=ERROR_OK)
810 if ((retval=target_poll(target))!=ERROR_OK)
815 if ((retval=target_halt(target))!=ERROR_OK)
824 int arm7_9_clear_halt(target_t *target)
826 armv4_5_common_t *armv4_5 = target->arch_info;
827 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
828 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
830 /* we used DBGRQ only if we didn't come out of reset */
831 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
833 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
835 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
836 embeddedice_store_reg(dbg_ctrl);
840 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
842 /* if we came out of reset, and vector catch is supported, we used
843 * vector catch to enter debug state
844 * restore the register in that case
846 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
850 /* restore registers if watchpoint unit 0 was in use
852 if (arm7_9->wp0_used)
854 if (arm7_9->debug_entry_from_reset)
856 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
858 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
859 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
860 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
862 /* control value always has to be restored, as it was either disabled,
863 * or enabled with possibly different bits
865 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
872 int arm7_9_soft_reset_halt(struct target_s *target)
874 armv4_5_common_t *armv4_5 = target->arch_info;
875 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
876 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
877 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
881 if ((retval=target_halt(target))!=ERROR_OK)
884 long long then=timeval_ms();
886 while (!(timeout=((timeval_ms()-then)>1000)))
888 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
890 embeddedice_read_reg(dbg_stat);
891 if ((retval=jtag_execute_queue())!=ERROR_OK)
903 LOG_ERROR("Failed to halt CPU after 1 sec");
904 return ERROR_TARGET_TIMEOUT;
906 target->state = TARGET_HALTED;
908 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
909 * ensure that DBGRQ is cleared
911 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
912 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
913 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
914 embeddedice_store_reg(dbg_ctrl);
916 arm7_9_clear_halt(target);
918 /* if the target is in Thumb state, change to ARM state */
919 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
921 u32 r0_thumb, pc_thumb;
922 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
923 /* Entered debug from Thumb mode */
924 armv4_5->core_state = ARMV4_5_STATE_THUMB;
925 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
928 /* all register content is now invalid */
929 armv4_5_invalidate_core_regs(target);
931 /* SVC, ARM state, IRQ and FIQ disabled */
932 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
933 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
934 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
936 /* start fetching from 0x0 */
937 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
938 armv4_5->core_cache->reg_list[15].dirty = 1;
939 armv4_5->core_cache->reg_list[15].valid = 1;
941 armv4_5->core_mode = ARMV4_5_MODE_SVC;
942 armv4_5->core_state = ARMV4_5_STATE_ARM;
944 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
947 /* reset registers */
948 for (i = 0; i <= 14; i++)
950 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
951 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
952 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
955 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
960 int arm7_9_halt(target_t *target)
962 if (target->state==TARGET_RESET)
964 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
968 armv4_5_common_t *armv4_5 = target->arch_info;
969 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
970 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
972 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
974 if (target->state == TARGET_HALTED)
976 LOG_DEBUG("target was already halted");
980 if (target->state == TARGET_UNKNOWN)
982 LOG_WARNING("target was in unknown state when halt was requested");
985 if (arm7_9->use_dbgrq)
987 /* program EmbeddedICE Debug Control Register to assert DBGRQ
989 if (arm7_9->set_special_dbgrq) {
990 arm7_9->set_special_dbgrq(target);
992 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
993 embeddedice_store_reg(dbg_ctrl);
998 /* program watchpoint unit to match on any address
1000 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1001 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1006 target->debug_reason = DBG_REASON_DBGRQ;
1011 int arm7_9_debug_entry(target_t *target)
1016 u32 r0_thumb, pc_thumb;
1019 /* get pointers to arch-specific information */
1020 armv4_5_common_t *armv4_5 = target->arch_info;
1021 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1022 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1023 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1025 #ifdef _DEBUG_ARM7_9_
1029 if (arm7_9->pre_debug_entry)
1030 arm7_9->pre_debug_entry(target);
1032 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1033 * ensure that DBGRQ is cleared
1035 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1036 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1037 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1038 embeddedice_store_reg(dbg_ctrl);
1040 arm7_9_clear_halt(target);
1042 if ((retval = jtag_execute_queue()) != ERROR_OK)
1047 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1051 if (target->state != TARGET_HALTED)
1053 LOG_WARNING("target not halted");
1054 return ERROR_TARGET_NOT_HALTED;
1057 /* if the target is in Thumb state, change to ARM state */
1058 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1060 LOG_DEBUG("target entered debug from Thumb state");
1061 /* Entered debug from Thumb mode */
1062 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1063 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1064 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1068 LOG_DEBUG("target entered debug from ARM state");
1069 /* Entered debug from ARM mode */
1070 armv4_5->core_state = ARMV4_5_STATE_ARM;
1073 for (i = 0; i < 16; i++)
1074 context_p[i] = &context[i];
1075 /* save core registers (r0 - r15 of current core mode) */
1076 arm7_9->read_core_regs(target, 0xffff, context_p);
1078 arm7_9->read_xpsr(target, &cpsr, 0);
1080 if ((retval = jtag_execute_queue()) != ERROR_OK)
1083 /* if the core has been executing in Thumb state, set the T bit */
1084 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1087 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1088 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1089 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1091 armv4_5->core_mode = cpsr & 0x1f;
1093 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1095 target->state = TARGET_UNKNOWN;
1096 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1097 return ERROR_TARGET_FAILURE;
1100 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1102 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1104 LOG_DEBUG("thumb state, applying fixups");
1105 context[0] = r0_thumb;
1106 context[15] = pc_thumb;
1107 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1109 /* adjust value stored by STM */
1110 context[15] -= 3 * 4;
1113 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1114 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1115 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1116 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1117 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1118 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1119 else if (target->debug_reason == DBG_REASON_DBGRQ)
1120 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1123 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1126 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1129 for (i=0; i<=15; i++)
1131 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1132 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1133 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1134 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1137 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1139 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1142 /* exceptions other than USR & SYS have a saved program status register */
1143 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1146 arm7_9->read_xpsr(target, &spsr, 1);
1147 jtag_execute_queue();
1148 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1149 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1150 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1153 /* r0 and r15 (pc) have to be restored later */
1154 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1155 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1157 if ((retval = jtag_execute_queue()) != ERROR_OK)
1160 if (arm7_9->post_debug_entry)
1161 arm7_9->post_debug_entry(target);
1166 int arm7_9_full_context(target_t *target)
1170 armv4_5_common_t *armv4_5 = target->arch_info;
1171 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1175 if (target->state != TARGET_HALTED)
1177 LOG_WARNING("target not halted");
1178 return ERROR_TARGET_NOT_HALTED;
1181 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1184 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1185 * SYS shares registers with User, so we don't touch SYS
1187 for(i = 0; i < 6; i++)
1194 /* check if there are invalid registers in the current mode
1196 for (j = 0; j <= 16; j++)
1198 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1206 /* change processor mode (and mask T bit) */
1207 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1208 tmp_cpsr |= armv4_5_number_to_mode(i);
1210 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1212 for (j = 0; j < 15; j++)
1214 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1216 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1218 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1219 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1223 /* if only the PSR is invalid, mask is all zeroes */
1225 arm7_9->read_core_regs(target, mask, reg_p);
1227 /* check if the PSR has to be read */
1228 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1230 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1232 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1237 /* restore processor mode (mask T bit) */
1238 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1240 if ((retval = jtag_execute_queue()) != ERROR_OK)
1247 int arm7_9_restore_context(target_t *target)
1249 armv4_5_common_t *armv4_5 = target->arch_info;
1250 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1252 armv4_5_core_reg_t *reg_arch_info;
1253 enum armv4_5_mode current_mode = armv4_5->core_mode;
1260 if (target->state != TARGET_HALTED)
1262 LOG_WARNING("target not halted");
1263 return ERROR_TARGET_NOT_HALTED;
1266 if (arm7_9->pre_restore_context)
1267 arm7_9->pre_restore_context(target);
1269 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1272 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1273 * SYS shares registers with User, so we don't touch SYS
1275 for (i = 0; i < 6; i++)
1277 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1280 /* check if there are dirty registers in the current mode
1282 for (j = 0; j <= 16; j++)
1284 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1285 reg_arch_info = reg->arch_info;
1286 if (reg->dirty == 1)
1288 if (reg->valid == 1)
1291 LOG_DEBUG("examining dirty reg: %s", reg->name);
1292 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1293 && (reg_arch_info->mode != current_mode)
1294 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1295 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1298 LOG_DEBUG("require mode change");
1303 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1318 /* change processor mode (mask T bit) */
1319 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1320 tmp_cpsr |= armv4_5_number_to_mode(i);
1322 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1323 current_mode = armv4_5_number_to_mode(i);
1326 for (j = 0; j <= 14; j++)
1328 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1329 reg_arch_info = reg->arch_info;
1332 if (reg->dirty == 1)
1334 regs[j] = buf_get_u32(reg->value, 0, 32);
1339 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1345 arm7_9->write_core_regs(target, mask, regs);
1348 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1349 reg_arch_info = reg->arch_info;
1350 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1352 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1353 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1358 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1360 /* restore processor mode (mask T bit) */
1363 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1364 tmp_cpsr |= armv4_5_number_to_mode(i);
1366 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1367 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1369 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1371 /* CPSR has been changed, full restore necessary (mask T bit) */
1372 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1373 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1374 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1375 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1379 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1380 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1381 armv4_5->core_cache->reg_list[15].dirty = 0;
1383 if (arm7_9->post_restore_context)
1384 arm7_9->post_restore_context(target);
1389 int arm7_9_restart_core(struct target_s *target)
1391 armv4_5_common_t *armv4_5 = target->arch_info;
1392 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1393 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1395 /* set RESTART instruction */
1396 jtag_add_end_state(TAP_RTI);
1397 if (arm7_9->need_bypass_before_restart) {
1398 arm7_9->need_bypass_before_restart = 0;
1399 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1401 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1403 jtag_add_runtest(1, TAP_RTI);
1404 return jtag_execute_queue();
1407 void arm7_9_enable_watchpoints(struct target_s *target)
1409 watchpoint_t *watchpoint = target->watchpoints;
1413 if (watchpoint->set == 0)
1414 arm7_9_set_watchpoint(target, watchpoint);
1415 watchpoint = watchpoint->next;
1419 void arm7_9_enable_breakpoints(struct target_s *target)
1421 breakpoint_t *breakpoint = target->breakpoints;
1423 /* set any pending breakpoints */
1426 arm7_9_set_breakpoint(target, breakpoint);
1427 breakpoint = breakpoint->next;
1432 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1434 armv4_5_common_t *armv4_5 = target->arch_info;
1435 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1436 breakpoint_t *breakpoint = target->breakpoints;
1437 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1442 if (target->state != TARGET_HALTED)
1444 LOG_WARNING("target not halted");
1445 return ERROR_TARGET_NOT_HALTED;
1448 if (!debug_execution)
1450 target_free_all_working_areas(target);
1453 /* current = 1: continue on current pc, otherwise continue at <address> */
1455 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1457 /* the front-end may request us not to handle breakpoints */
1458 if (handle_breakpoints)
1460 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1462 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1463 arm7_9_unset_breakpoint(target, breakpoint);
1465 LOG_DEBUG("enable single-step");
1466 arm7_9->enable_single_step(target);
1468 target->debug_reason = DBG_REASON_SINGLESTEP;
1470 arm7_9_restore_context(target);
1472 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1473 arm7_9->branch_resume(target);
1474 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1476 arm7_9->branch_resume_thumb(target);
1480 LOG_ERROR("unhandled core state");
1484 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1485 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1486 err = arm7_9_execute_sys_speed(target);
1488 LOG_DEBUG("disable single-step");
1489 arm7_9->disable_single_step(target);
1491 if (err != ERROR_OK)
1493 arm7_9_set_breakpoint(target, breakpoint);
1494 target->state = TARGET_UNKNOWN;
1498 arm7_9_debug_entry(target);
1499 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1501 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1502 arm7_9_set_breakpoint(target, breakpoint);
1506 /* enable any pending breakpoints and watchpoints */
1507 arm7_9_enable_breakpoints(target);
1508 arm7_9_enable_watchpoints(target);
1510 arm7_9_restore_context(target);
1512 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1514 arm7_9->branch_resume(target);
1516 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1518 arm7_9->branch_resume_thumb(target);
1522 LOG_ERROR("unhandled core state");
1526 /* deassert DBGACK and INTDIS */
1527 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1528 /* INTDIS only when we really resume, not during debug execution */
1529 if (!debug_execution)
1530 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1531 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1533 arm7_9_restart_core(target);
1535 target->debug_reason = DBG_REASON_NOTHALTED;
1537 if (!debug_execution)
1539 /* registers are now invalid */
1540 armv4_5_invalidate_core_regs(target);
1541 target->state = TARGET_RUNNING;
1542 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1546 target->state = TARGET_DEBUG_RUNNING;
1547 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1550 LOG_DEBUG("target resumed");
1555 void arm7_9_enable_eice_step(target_t *target)
1557 armv4_5_common_t *armv4_5 = target->arch_info;
1558 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1560 /* setup an inverse breakpoint on the current PC
1561 * - comparator 1 matches the current address
1562 * - rangeout from comparator 1 is connected to comparator 0 rangein
1563 * - comparator 0 matches any address, as long as rangein is low */
1564 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1565 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1566 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1567 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1568 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1569 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1570 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1571 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1572 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1575 void arm7_9_disable_eice_step(target_t *target)
1577 armv4_5_common_t *armv4_5 = target->arch_info;
1578 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1580 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1581 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1582 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1583 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1584 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1585 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1586 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1587 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1588 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1591 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1593 armv4_5_common_t *armv4_5 = target->arch_info;
1594 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1595 breakpoint_t *breakpoint = NULL;
1598 if (target->state != TARGET_HALTED)
1600 LOG_WARNING("target not halted");
1601 return ERROR_TARGET_NOT_HALTED;
1604 /* current = 1: continue on current pc, otherwise continue at <address> */
1606 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1608 /* the front-end may request us not to handle breakpoints */
1609 if (handle_breakpoints)
1610 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1611 arm7_9_unset_breakpoint(target, breakpoint);
1613 target->debug_reason = DBG_REASON_SINGLESTEP;
1615 arm7_9_restore_context(target);
1617 arm7_9->enable_single_step(target);
1619 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1621 arm7_9->branch_resume(target);
1623 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1625 arm7_9->branch_resume_thumb(target);
1629 LOG_ERROR("unhandled core state");
1633 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1635 err = arm7_9_execute_sys_speed(target);
1636 arm7_9->disable_single_step(target);
1638 /* registers are now invalid */
1639 armv4_5_invalidate_core_regs(target);
1641 if (err != ERROR_OK)
1643 target->state = TARGET_UNKNOWN;
1645 arm7_9_debug_entry(target);
1646 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1647 LOG_DEBUG("target stepped");
1651 arm7_9_set_breakpoint(target, breakpoint);
1657 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1662 armv4_5_common_t *armv4_5 = target->arch_info;
1663 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1665 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1668 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1670 if ((num < 0) || (num > 16))
1671 return ERROR_INVALID_ARGUMENTS;
1673 if ((mode != ARMV4_5_MODE_ANY)
1674 && (mode != armv4_5->core_mode)
1675 && (reg_mode != ARMV4_5_MODE_ANY))
1679 /* change processor mode (mask T bit) */
1680 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1683 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1686 if ((num >= 0) && (num <= 15))
1688 /* read a normal core register */
1689 reg_p[num] = &value;
1691 arm7_9->read_core_regs(target, 1 << num, reg_p);
1695 /* read a program status register
1696 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1698 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1699 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1701 arm7_9->read_xpsr(target, &value, spsr);
1704 if ((retval = jtag_execute_queue()) != ERROR_OK)
1709 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1710 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1711 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1713 if ((mode != ARMV4_5_MODE_ANY)
1714 && (mode != armv4_5->core_mode)
1715 && (reg_mode != ARMV4_5_MODE_ANY)) {
1716 /* restore processor mode (mask T bit) */
1717 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1724 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1727 armv4_5_common_t *armv4_5 = target->arch_info;
1728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1730 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1733 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1735 if ((num < 0) || (num > 16))
1736 return ERROR_INVALID_ARGUMENTS;
1738 if ((mode != ARMV4_5_MODE_ANY)
1739 && (mode != armv4_5->core_mode)
1740 && (reg_mode != ARMV4_5_MODE_ANY)) {
1743 /* change processor mode (mask T bit) */
1744 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1747 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1750 if ((num >= 0) && (num <= 15))
1752 /* write a normal core register */
1755 arm7_9->write_core_regs(target, 1 << num, reg);
1759 /* write a program status register
1760 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1762 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1763 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1765 /* if we're writing the CPSR, mask the T bit */
1769 arm7_9->write_xpsr(target, value, spsr);
1772 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1773 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1775 if ((mode != ARMV4_5_MODE_ANY)
1776 && (mode != armv4_5->core_mode)
1777 && (reg_mode != ARMV4_5_MODE_ANY)) {
1778 /* restore processor mode (mask T bit) */
1779 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1782 return jtag_execute_queue();
1785 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1787 armv4_5_common_t *armv4_5 = target->arch_info;
1788 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1791 int num_accesses = 0;
1792 int thisrun_accesses;
1798 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1800 if (target->state != TARGET_HALTED)
1802 LOG_WARNING("target not halted");
1803 return ERROR_TARGET_NOT_HALTED;
1806 /* sanitize arguments */
1807 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1808 return ERROR_INVALID_ARGUMENTS;
1810 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1811 return ERROR_TARGET_UNALIGNED_ACCESS;
1813 /* load the base register with the address of the first word */
1815 arm7_9->write_core_regs(target, 0x1, reg);
1820 while (num_accesses < count)
1823 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1824 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1826 if (last_reg <= thisrun_accesses)
1827 last_reg = thisrun_accesses;
1829 arm7_9->load_word_regs(target, reg_list);
1831 /* fast memory reads are only safe when the target is running
1832 * from a sufficiently high clock (32 kHz is usually too slow)
1834 if (arm7_9->fast_memory_access)
1835 arm7_9_execute_fast_sys_speed(target);
1837 arm7_9_execute_sys_speed(target);
1839 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1841 /* advance buffer, count number of accesses */
1842 buffer += thisrun_accesses * 4;
1843 num_accesses += thisrun_accesses;
1847 while (num_accesses < count)
1850 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1851 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1853 for (i = 1; i <= thisrun_accesses; i++)
1857 arm7_9->load_hword_reg(target, i);
1858 /* fast memory reads are only safe when the target is running
1859 * from a sufficiently high clock (32 kHz is usually too slow)
1861 if (arm7_9->fast_memory_access)
1862 arm7_9_execute_fast_sys_speed(target);
1864 arm7_9_execute_sys_speed(target);
1867 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1869 /* advance buffer, count number of accesses */
1870 buffer += thisrun_accesses * 2;
1871 num_accesses += thisrun_accesses;
1875 while (num_accesses < count)
1878 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1879 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1881 for (i = 1; i <= thisrun_accesses; i++)
1885 arm7_9->load_byte_reg(target, i);
1886 /* fast memory reads are only safe when the target is running
1887 * from a sufficiently high clock (32 kHz is usually too slow)
1889 if (arm7_9->fast_memory_access)
1890 arm7_9_execute_fast_sys_speed(target);
1892 arm7_9_execute_sys_speed(target);
1895 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1897 /* advance buffer, count number of accesses */
1898 buffer += thisrun_accesses * 1;
1899 num_accesses += thisrun_accesses;
1903 LOG_ERROR("BUG: we shouldn't get here");
1908 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1911 for (i=0; i<=last_reg; i++)
1912 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1914 arm7_9->read_xpsr(target, &cpsr, 0);
1915 if ((retval = jtag_execute_queue()) != ERROR_OK)
1917 LOG_ERROR("JTAG error while reading cpsr");
1918 return ERROR_TARGET_DATA_ABORT;
1921 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1923 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1925 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1927 return ERROR_TARGET_DATA_ABORT;
1933 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1935 armv4_5_common_t *armv4_5 = target->arch_info;
1936 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1937 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1940 int num_accesses = 0;
1941 int thisrun_accesses;
1947 #ifdef _DEBUG_ARM7_9_
1948 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1951 if (target->state != TARGET_HALTED)
1953 LOG_WARNING("target not halted");
1954 return ERROR_TARGET_NOT_HALTED;
1957 /* sanitize arguments */
1958 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1959 return ERROR_INVALID_ARGUMENTS;
1961 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1962 return ERROR_TARGET_UNALIGNED_ACCESS;
1964 /* load the base register with the address of the first word */
1966 arm7_9->write_core_regs(target, 0x1, reg);
1968 /* Clear DBGACK, to make sure memory fetches work as expected */
1969 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1970 embeddedice_store_reg(dbg_ctrl);
1975 while (num_accesses < count)
1978 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1979 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1981 for (i = 1; i <= thisrun_accesses; i++)
1985 reg[i] = target_buffer_get_u32(target, buffer);
1989 arm7_9->write_core_regs(target, reg_list, reg);
1991 arm7_9->store_word_regs(target, reg_list);
1993 /* fast memory writes are only safe when the target is running
1994 * from a sufficiently high clock (32 kHz is usually too slow)
1996 if (arm7_9->fast_memory_access)
1997 arm7_9_execute_fast_sys_speed(target);
1999 arm7_9_execute_sys_speed(target);
2001 num_accesses += thisrun_accesses;
2005 while (num_accesses < count)
2008 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2009 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2011 for (i = 1; i <= thisrun_accesses; i++)
2015 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2019 arm7_9->write_core_regs(target, reg_list, reg);
2021 for (i = 1; i <= thisrun_accesses; i++)
2023 arm7_9->store_hword_reg(target, i);
2025 /* fast memory writes are only safe when the target is running
2026 * from a sufficiently high clock (32 kHz is usually too slow)
2028 if (arm7_9->fast_memory_access)
2029 arm7_9_execute_fast_sys_speed(target);
2031 arm7_9_execute_sys_speed(target);
2034 num_accesses += thisrun_accesses;
2038 while (num_accesses < count)
2041 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2042 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2044 for (i = 1; i <= thisrun_accesses; i++)
2048 reg[i] = *buffer++ & 0xff;
2051 arm7_9->write_core_regs(target, reg_list, reg);
2053 for (i = 1; i <= thisrun_accesses; i++)
2055 arm7_9->store_byte_reg(target, i);
2056 /* fast memory writes are only safe when the target is running
2057 * from a sufficiently high clock (32 kHz is usually too slow)
2059 if (arm7_9->fast_memory_access)
2060 arm7_9_execute_fast_sys_speed(target);
2062 arm7_9_execute_sys_speed(target);
2065 num_accesses += thisrun_accesses;
2069 LOG_ERROR("BUG: we shouldn't get here");
2075 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2076 embeddedice_store_reg(dbg_ctrl);
2078 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2081 for (i=0; i<=last_reg; i++)
2082 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2084 arm7_9->read_xpsr(target, &cpsr, 0);
2085 if ((retval = jtag_execute_queue()) != ERROR_OK)
2087 LOG_ERROR("JTAG error while reading cpsr");
2088 return ERROR_TARGET_DATA_ABORT;
2091 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2093 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2095 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2097 return ERROR_TARGET_DATA_ABORT;
2103 static const u32 dcc_code[] =
2105 /* MRC TST BNE MRC STR B */
2106 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2109 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2111 armv4_5_common_t *armv4_5 = target->arch_info;
2112 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2113 enum armv4_5_state core_state = armv4_5->core_state;
2114 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2115 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2116 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2119 if (!arm7_9->dcc_downloads)
2120 return target->type->write_memory(target, address, 4, count, buffer);
2122 /* regrab previously allocated working_area, or allocate a new one */
2123 if (!arm7_9->dcc_working_area)
2125 u8 dcc_code_buf[6 * 4];
2127 /* make sure we have a working area */
2128 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2130 LOG_INFO("no working area available, falling back to memory writes");
2131 return target->type->write_memory(target, address, 4, count, buffer);
2134 /* copy target instructions to target endianness */
2135 for (i = 0; i < 6; i++)
2137 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2140 /* write DCC code to working area */
2141 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2144 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2145 armv4_5->core_cache->reg_list[0].valid = 1;
2146 armv4_5->core_cache->reg_list[0].dirty = 1;
2147 armv4_5->core_state = ARMV4_5_STATE_ARM;
2149 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2151 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2154 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2155 core function repeated.
2157 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2160 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2161 u8 reg_addr = ice_reg->addr & 0x1f;
2162 int chain_pos = ice_reg->jtag_info->chain_pos;
2164 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2165 buffer += (count-2)*4;
2167 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2170 for (i = 0; i < count; i++)
2172 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2177 target_halt(target);
2179 long long then=timeval_ms();
2181 while (!(timeout=((timeval_ms()-then)>100)))
2183 target_poll(target);
2184 if (target->state == TARGET_HALTED)
2196 LOG_ERROR("bulk write timed out, target not halted");
2197 return ERROR_TARGET_TIMEOUT;
2200 /* restore target state */
2201 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2202 armv4_5->core_cache->reg_list[0].valid = 1;
2203 armv4_5->core_cache->reg_list[0].dirty = 1;
2204 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2205 armv4_5->core_cache->reg_list[1].valid = 1;
2206 armv4_5->core_cache->reg_list[1].dirty = 1;
2207 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2208 armv4_5->core_cache->reg_list[15].valid = 1;
2209 armv4_5->core_cache->reg_list[15].dirty = 1;
2210 armv4_5->core_state = core_state;
2215 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2217 working_area_t *crc_algorithm;
2218 armv4_5_algorithm_t armv4_5_info;
2219 reg_param_t reg_params[2];
2222 u32 arm7_9_crc_code[] = {
2223 0xE1A02000, /* mov r2, r0 */
2224 0xE3E00000, /* mov r0, #0xffffffff */
2225 0xE1A03001, /* mov r3, r1 */
2226 0xE3A04000, /* mov r4, #0 */
2227 0xEA00000B, /* b ncomp */
2229 0xE7D21004, /* ldrb r1, [r2, r4] */
2230 0xE59F7030, /* ldr r7, CRC32XOR */
2231 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2232 0xE3A05000, /* mov r5, #0 */
2234 0xE3500000, /* cmp r0, #0 */
2235 0xE1A06080, /* mov r6, r0, asl #1 */
2236 0xE2855001, /* add r5, r5, #1 */
2237 0xE1A00006, /* mov r0, r6 */
2238 0xB0260007, /* eorlt r0, r6, r7 */
2239 0xE3550008, /* cmp r5, #8 */
2240 0x1AFFFFF8, /* bne loop */
2241 0xE2844001, /* add r4, r4, #1 */
2243 0xE1540003, /* cmp r4, r3 */
2244 0x1AFFFFF1, /* bne nbyte */
2246 0xEAFFFFFE, /* b end */
2247 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2252 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2254 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2257 /* convert flash writing code into a buffer in target endianness */
2258 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2259 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2261 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2262 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2263 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2265 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2266 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2268 buf_set_u32(reg_params[0].value, 0, 32, address);
2269 buf_set_u32(reg_params[1].value, 0, 32, count);
2271 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2272 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2274 LOG_ERROR("error executing arm7_9 crc algorithm");
2275 destroy_reg_param(®_params[0]);
2276 destroy_reg_param(®_params[1]);
2277 target_free_working_area(target, crc_algorithm);
2281 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2283 destroy_reg_param(®_params[0]);
2284 destroy_reg_param(®_params[1]);
2286 target_free_working_area(target, crc_algorithm);
2291 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2293 working_area_t *erase_check_algorithm;
2294 reg_param_t reg_params[3];
2295 armv4_5_algorithm_t armv4_5_info;
2299 u32 erase_check_code[] =
2302 0xe4d03001, /* ldrb r3, [r0], #1 */
2303 0xe0022003, /* and r2, r2, r3 */
2304 0xe2511001, /* subs r1, r1, #1 */
2305 0x1afffffb, /* bne loop */
2307 0xeafffffe /* b end */
2310 /* make sure we have a working area */
2311 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2313 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2316 /* convert flash writing code into a buffer in target endianness */
2317 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2318 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2320 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2321 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2322 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2324 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2325 buf_set_u32(reg_params[0].value, 0, 32, address);
2327 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2328 buf_set_u32(reg_params[1].value, 0, 32, count);
2330 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2331 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2333 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2334 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2336 destroy_reg_param(®_params[0]);
2337 destroy_reg_param(®_params[1]);
2338 destroy_reg_param(®_params[2]);
2339 target_free_working_area(target, erase_check_algorithm);
2343 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2345 destroy_reg_param(®_params[0]);
2346 destroy_reg_param(®_params[1]);
2347 destroy_reg_param(®_params[2]);
2349 target_free_working_area(target, erase_check_algorithm);
2354 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2356 command_t *arm7_9_cmd;
2358 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2360 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2361 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2363 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2365 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2366 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2367 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2368 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2369 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2370 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2371 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2372 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2374 armv4_5_register_commands(cmd_ctx);
2376 etm_register_commands(cmd_ctx);
2381 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2386 target_t *target = get_current_target(cmd_ctx);
2387 armv4_5_common_t *armv4_5;
2388 arm7_9_common_t *arm7_9;
2390 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2392 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2396 if (target->state != TARGET_HALTED)
2398 command_print(cmd_ctx, "can't write registers while running");
2404 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2408 value = strtoul(args[0], NULL, 0);
2409 spsr = strtol(args[1], NULL, 0);
2411 /* if we're writing the CPSR, mask the T bit */
2415 arm7_9->write_xpsr(target, value, spsr);
2416 if ((retval = jtag_execute_queue()) != ERROR_OK)
2418 LOG_ERROR("JTAG error while writing to xpsr");
2425 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2431 target_t *target = get_current_target(cmd_ctx);
2432 armv4_5_common_t *armv4_5;
2433 arm7_9_common_t *arm7_9;
2435 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2437 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2441 if (target->state != TARGET_HALTED)
2443 command_print(cmd_ctx, "can't write registers while running");
2449 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2453 value = strtoul(args[0], NULL, 0);
2454 rotate = strtol(args[1], NULL, 0);
2455 spsr = strtol(args[2], NULL, 0);
2457 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2458 if ((retval = jtag_execute_queue()) != ERROR_OK)
2460 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2467 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2472 target_t *target = get_current_target(cmd_ctx);
2473 armv4_5_common_t *armv4_5;
2474 arm7_9_common_t *arm7_9;
2476 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2478 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2482 if (target->state != TARGET_HALTED)
2484 command_print(cmd_ctx, "can't write registers while running");
2490 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2494 num = strtol(args[0], NULL, 0);
2495 mode = strtoul(args[1], NULL, 0);
2496 value = strtoul(args[2], NULL, 0);
2498 arm7_9_write_core_reg(target, num, mode, value);
2504 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2506 target_t *target = get_current_target(cmd_ctx);
2507 armv4_5_common_t *armv4_5;
2508 arm7_9_common_t *arm7_9;
2510 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2512 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2518 if (strcmp("enable", args[0]) == 0)
2520 arm7_9->use_dbgrq = 1;
2522 else if (strcmp("disable", args[0]) == 0)
2524 arm7_9->use_dbgrq = 0;
2528 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2532 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2537 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2539 target_t *target = get_current_target(cmd_ctx);
2540 armv4_5_common_t *armv4_5;
2541 arm7_9_common_t *arm7_9;
2543 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2545 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2551 if (strcmp("enable", args[0]) == 0)
2553 arm7_9->fast_memory_access = 1;
2555 else if (strcmp("disable", args[0]) == 0)
2557 arm7_9->fast_memory_access = 0;
2561 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2565 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2570 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2572 target_t *target = get_current_target(cmd_ctx);
2573 armv4_5_common_t *armv4_5;
2574 arm7_9_common_t *arm7_9;
2576 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2578 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2584 if (strcmp("enable", args[0]) == 0)
2586 arm7_9->dcc_downloads = 1;
2588 else if (strcmp("disable", args[0]) == 0)
2590 arm7_9->dcc_downloads = 0;
2594 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2598 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2603 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2605 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2607 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2609 arm_jtag_setup_connection(&arm7_9->jtag_info);
2610 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2611 arm7_9->wp_available_max = 2;
2612 arm7_9->sw_breakpoints_added = 0;
2613 arm7_9->breakpoint_count = 0;
2614 arm7_9->wp0_used = 0;
2615 arm7_9->wp1_used = 0;
2616 arm7_9->wp1_used_default = 0;
2617 arm7_9->use_dbgrq = 0;
2619 arm7_9->etm_ctx = NULL;
2620 arm7_9->has_single_step = 0;
2621 arm7_9->has_monitor_mode = 0;
2622 arm7_9->has_vector_catch = 0;
2624 arm7_9->debug_entry_from_reset = 0;
2626 arm7_9->dcc_working_area = NULL;
2628 arm7_9->fast_memory_access = fast_and_dangerous;
2629 arm7_9->dcc_downloads = fast_and_dangerous;
2631 arm7_9->need_bypass_before_restart = 0;
2633 armv4_5->arch_info = arm7_9;
2634 armv4_5->read_core_reg = arm7_9_read_core_reg;
2635 armv4_5->write_core_reg = arm7_9_write_core_reg;
2636 armv4_5->full_context = arm7_9_full_context;
2638 armv4_5_init_arch_info(target, armv4_5);
2640 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / fw / openocd / blob