1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
47 * Hold common code supporting the ARM7 and ARM9 core generations.
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
63 static int arm7_9_debug_entry(struct target *target);
66 * Clear watchpoints for an ARM7/9 target.
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
71 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
75 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
76 arm7_9->sw_breakpoint_count = 0;
77 arm7_9->sw_breakpoints_added = 0;
79 arm7_9->wp1_used = arm7_9->wp1_used_default;
80 arm7_9->wp_available = arm7_9->wp_available_max;
82 return jtag_execute_queue();
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
92 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
94 if (!arm7_9->wp0_used)
98 arm7_9->wp_available--;
100 else if (!arm7_9->wp1_used)
102 arm7_9->wp1_used = 1;
104 arm7_9->wp_available--;
108 LOG_ERROR("BUG: no hardware comparator available");
110 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
111 breakpoint->unique_id,
117 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
119 * @param arm7_9 Pointer to common struct for ARM7/9 targets
120 * @return Error codes if there is a problem finding a watchpoint or the result
121 * of executing the JTAG queue
123 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
125 if (arm7_9->sw_breakpoints_added)
129 if (arm7_9->wp_available < 1)
131 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
132 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
134 arm7_9->wp_available--;
136 /* pick a breakpoint unit */
137 if (!arm7_9->wp0_used)
139 arm7_9->sw_breakpoints_added = 1;
140 arm7_9->wp0_used = 3;
141 } else if (!arm7_9->wp1_used)
143 arm7_9->sw_breakpoints_added = 2;
144 arm7_9->wp1_used = 3;
148 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
152 if (arm7_9->sw_breakpoints_added == 1)
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
155 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
156 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
160 else if (arm7_9->sw_breakpoints_added == 2)
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
164 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
165 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
166 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
170 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
173 LOG_DEBUG("SW BP using hw wp: %d",
174 arm7_9->sw_breakpoints_added );
176 return jtag_execute_queue();
180 * Setup the common pieces for an ARM7/9 target after reset or on startup.
182 * @param target Pointer to an ARM7/9 target to setup
183 * @return Result of clearing the watchpoints on the target
185 int arm7_9_setup(struct target *target)
187 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
189 return arm7_9_clear_watchpoints(arm7_9);
193 * Set either a hardware or software breakpoint on an ARM7/9 target. The
194 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
195 * might have erased the values in Embedded ICE.
197 * @param target Pointer to the target device to set the breakpoints on
198 * @param breakpoint Pointer to the breakpoint to be set
199 * @return For hardware breakpoints, this is the result of executing the JTAG
200 * queue. For software breakpoints, this will be the status of the
201 * required memory reads and writes
203 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
205 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
206 int retval = ERROR_OK;
208 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
209 breakpoint->unique_id,
213 if (target->state != TARGET_HALTED)
215 LOG_WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED;
219 if (breakpoint->type == BKPT_HARD)
221 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
222 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
224 /* reassign a hw breakpoint */
225 if (breakpoint->set == 0)
227 arm7_9_assign_wp(arm7_9, breakpoint);
230 if (breakpoint->set == 1)
232 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
233 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
234 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
236 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
238 else if (breakpoint->set == 2)
240 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
248 LOG_ERROR("BUG: no hardware comparator available");
252 retval = jtag_execute_queue();
254 else if (breakpoint->type == BKPT_SOFT)
256 /* did we already set this breakpoint? */
260 if (breakpoint->length == 4)
262 uint32_t verify = 0xffffffff;
263 /* keep the original instruction in target endianness */
264 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
268 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
269 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
274 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
278 if (verify != arm7_9->arm_bkpt)
280 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
286 uint16_t verify = 0xffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
292 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
293 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
298 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
302 if (verify != arm7_9->thumb_bkpt)
304 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
309 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
312 arm7_9->sw_breakpoint_count++;
321 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
322 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
323 * will be updated. Otherwise, the software breakpoint will be restored to its
324 * original instruction if it hasn't already been modified.
326 * @param target Pointer to ARM7/9 target to unset the breakpoint from
327 * @param breakpoint Pointer to breakpoint to be unset
328 * @return For hardware breakpoints, this is the result of executing the JTAG
329 * queue. For software breakpoints, this will be the status of the
330 * required memory reads and writes
332 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
334 int retval = ERROR_OK;
335 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
337 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
338 breakpoint->unique_id,
339 breakpoint->address );
341 if (!breakpoint->set)
343 LOG_WARNING("breakpoint not set");
347 if (breakpoint->type == BKPT_HARD)
349 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
350 breakpoint->unique_id,
352 if (breakpoint->set == 1)
354 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
355 arm7_9->wp0_used = 0;
356 arm7_9->wp_available++;
358 else if (breakpoint->set == 2)
360 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
361 arm7_9->wp1_used = 0;
362 arm7_9->wp_available++;
364 retval = jtag_execute_queue();
369 /* restore original instruction (kept in target endianness) */
370 if (breakpoint->length == 4)
372 uint32_t current_instr;
373 /* check that user program as not modified breakpoint instruction */
374 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)¤t_instr)) != ERROR_OK)
378 if (current_instr == arm7_9->arm_bkpt)
379 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
386 uint16_t current_instr;
387 /* check that user program as not modified breakpoint instruction */
388 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)¤t_instr)) != ERROR_OK)
392 if (current_instr == arm7_9->thumb_bkpt)
393 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
399 if (--arm7_9->sw_breakpoint_count==0)
401 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
402 if (arm7_9->sw_breakpoints_added == 1)
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
406 else if (arm7_9->sw_breakpoints_added == 2)
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
419 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
420 * dangling breakpoints and that the desired breakpoint can be added.
422 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
423 * @param breakpoint Pointer to the breakpoint to be added
424 * @return An error status if there is a problem adding the breakpoint or the
425 * result of setting the breakpoint
427 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
429 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
431 if (arm7_9->breakpoint_count == 0)
433 /* make sure we don't have any dangling breakpoints. This is vital upon
434 * GDB connect/disconnect
436 arm7_9_clear_watchpoints(arm7_9);
439 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
441 LOG_INFO("no watchpoint unit available for hardware breakpoint");
442 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
445 if ((breakpoint->length != 2) && (breakpoint->length != 4))
447 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
448 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
451 if (breakpoint->type == BKPT_HARD)
453 arm7_9_assign_wp(arm7_9, breakpoint);
456 arm7_9->breakpoint_count++;
458 return arm7_9_set_breakpoint(target, breakpoint);
462 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
463 * dangling breakpoints and updates available watchpoints if it is a hardware
466 * @param target Pointer to the target to have a breakpoint removed
467 * @param breakpoint Pointer to the breakpoint to be removed
468 * @return Error status if there was a problem unsetting the breakpoint or the
469 * watchpoints could not be cleared
471 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
473 int retval = ERROR_OK;
474 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
476 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
481 if (breakpoint->type == BKPT_HARD)
482 arm7_9->wp_available++;
484 arm7_9->breakpoint_count--;
485 if (arm7_9->breakpoint_count == 0)
487 /* make sure we don't have any dangling breakpoints */
488 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
498 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
499 * considered a bug to call this function when there are no available watchpoint
502 * @param target Pointer to an ARM7/9 target to set a watchpoint on
503 * @param watchpoint Pointer to the watchpoint to be set
504 * @return Error status if watchpoint set fails or the result of executing the
507 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
509 int retval = ERROR_OK;
510 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
514 mask = watchpoint->length - 1;
516 if (target->state != TARGET_HALTED)
518 LOG_WARNING("target not halted");
519 return ERROR_TARGET_NOT_HALTED;
522 if (watchpoint->rw == WPT_ACCESS)
527 if (!arm7_9->wp0_used)
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
532 if (watchpoint->mask != 0xffffffffu)
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
537 if ((retval = jtag_execute_queue()) != ERROR_OK)
542 arm7_9->wp0_used = 2;
544 else if (!arm7_9->wp1_used)
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
549 if (watchpoint->mask != 0xffffffffu)
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
552 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
554 if ((retval = jtag_execute_queue()) != ERROR_OK)
559 arm7_9->wp1_used = 2;
563 LOG_ERROR("BUG: no hardware comparator available");
571 * Unset an existing watchpoint and clear the used watchpoint unit.
573 * @param target Pointer to the target to have the watchpoint removed
574 * @param watchpoint Pointer to the watchpoint to be removed
575 * @return Error status while trying to unset the watchpoint or the result of
576 * executing the JTAG queue
578 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
580 int retval = ERROR_OK;
581 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
583 if (target->state != TARGET_HALTED)
585 LOG_WARNING("target not halted");
586 return ERROR_TARGET_NOT_HALTED;
589 if (!watchpoint->set)
591 LOG_WARNING("breakpoint not set");
595 if (watchpoint->set == 1)
597 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
598 if ((retval = jtag_execute_queue()) != ERROR_OK)
602 arm7_9->wp0_used = 0;
604 else if (watchpoint->set == 2)
606 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
607 if ((retval = jtag_execute_queue()) != ERROR_OK)
611 arm7_9->wp1_used = 0;
619 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
620 * available, an error response is returned.
622 * @param target Pointer to the ARM7/9 target to add a watchpoint to
623 * @param watchpoint Pointer to the watchpoint to be added
624 * @return Error status while trying to add the watchpoint
626 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
628 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
630 if (arm7_9->wp_available < 1)
632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
635 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
640 arm7_9->wp_available--;
646 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
647 * the used watchpoint unit will be reopened.
649 * @param target Pointer to the target to remove a watchpoint from
650 * @param watchpoint Pointer to the watchpoint to be removed
651 * @return Result of trying to unset the watchpoint
653 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
655 int retval = ERROR_OK;
656 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
660 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
666 arm7_9->wp_available++;
672 * Restarts the target by sending a RESTART instruction and moving the JTAG
673 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
674 * asserted by the processor.
676 * @param target Pointer to target to issue commands to
677 * @return Error status if there is a timeout or a problem while executing the
680 int arm7_9_execute_sys_speed(struct target *target)
683 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
684 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
685 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
687 /* set RESTART instruction */
688 jtag_set_end_state(TAP_IDLE);
689 if (arm7_9->need_bypass_before_restart) {
690 arm7_9->need_bypass_before_restart = 0;
691 arm_jtag_set_instr(jtag_info, 0xf, NULL);
693 arm_jtag_set_instr(jtag_info, 0x4, NULL);
695 long long then = timeval_ms();
697 while (!(timeout = ((timeval_ms()-then) > 1000)))
699 /* read debug status register */
700 embeddedice_read_reg(dbg_stat);
701 if ((retval = jtag_execute_queue()) != ERROR_OK)
703 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
704 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
706 if (debug_level >= 3)
716 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
717 return ERROR_TARGET_TIMEOUT;
724 * Restarts the target by sending a RESTART instruction and moving the JTAG
725 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
726 * waiting until they are.
728 * @param target Pointer to the target to issue commands to
729 * @return Always ERROR_OK
731 int arm7_9_execute_fast_sys_speed(struct target *target)
734 static uint8_t check_value[4], check_mask[4];
736 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
737 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
738 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
740 /* set RESTART instruction */
741 jtag_set_end_state(TAP_IDLE);
742 if (arm7_9->need_bypass_before_restart) {
743 arm7_9->need_bypass_before_restart = 0;
744 arm_jtag_set_instr(jtag_info, 0xf, NULL);
746 arm_jtag_set_instr(jtag_info, 0x4, NULL);
750 /* check for DBGACK and SYSCOMP set (others don't care) */
752 /* NB! These are constants that must be available until after next jtag_execute() and
753 * we evaluate the values upon first execution in lieu of setting up these constants
754 * during early setup.
756 buf_set_u32(check_value, 0, 32, 0x9);
757 buf_set_u32(check_mask, 0, 32, 0x9);
761 /* read debug status register */
762 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
768 * Get some data from the ARM7/9 target.
770 * @param target Pointer to the ARM7/9 target to read data from
771 * @param size The number of 32bit words to be read
772 * @param buffer Pointer to the buffer that will hold the data
773 * @return The result of receiving data from the Embedded ICE unit
775 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
777 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
778 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
780 int retval = ERROR_OK;
783 data = malloc(size * (sizeof(uint32_t)));
785 retval = embeddedice_receive(jtag_info, data, size);
787 /* return the 32-bit ints in the 8-bit array */
788 for (i = 0; i < size; i++)
790 h_u32_to_le(buffer + (i * 4), data[i]);
799 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
800 * target is running and the DCC control register has the W bit high, this will
801 * execute the request on the target.
803 * @param priv Void pointer expected to be a struct target pointer
804 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
805 * from the Embedded ICE unit
807 int arm7_9_handle_target_request(void *priv)
809 int retval = ERROR_OK;
810 struct target *target = priv;
811 if (!target_was_examined(target))
813 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
814 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
815 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
817 if (!target->dbg_msg_enabled)
820 if (target->state == TARGET_RUNNING)
822 /* read DCC control register */
823 embeddedice_read_reg(dcc_control);
824 if ((retval = jtag_execute_queue()) != ERROR_OK)
830 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
834 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
838 if ((retval = target_request(target, request)) != ERROR_OK)
849 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
850 * is manipulated to the right halted state based on its current state. This is
854 * <tr><th > State</th><th > Action</th></tr>
855 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
856 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
857 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
858 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
861 * If the target does not end up in the halted state, a warning is produced. If
862 * DBGACK is cleared, then the target is expected to either be running or
865 * @param target Pointer to the ARM7/9 target to poll
866 * @return ERROR_OK or an error status if a command fails
868 int arm7_9_poll(struct target *target)
871 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
872 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
874 /* read debug status register */
875 embeddedice_read_reg(dbg_stat);
876 if ((retval = jtag_execute_queue()) != ERROR_OK)
881 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
883 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
884 if (target->state == TARGET_UNKNOWN)
886 /* Starting OpenOCD with target in debug-halt */
887 target->state = TARGET_RUNNING;
888 LOG_DEBUG("DBGACK already set during server startup.");
890 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
892 target->state = TARGET_HALTED;
894 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
897 if (arm_semihosting(target, &retval) != 0)
900 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
905 if (target->state == TARGET_DEBUG_RUNNING)
907 target->state = TARGET_HALTED;
908 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
911 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
916 if (target->state != TARGET_HALTED)
918 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
923 if (target->state != TARGET_DEBUG_RUNNING)
924 target->state = TARGET_RUNNING;
931 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
932 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
933 * affected) completely stop the JTAG clock while the core is held in reset
934 * (SRST). It isn't possible to program the halt condition once reset is
935 * asserted, hence a hook that allows the target to set up its reset-halt
936 * condition is setup prior to asserting reset.
938 * @param target Pointer to an ARM7/9 target to assert reset on
939 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
941 int arm7_9_assert_reset(struct target *target)
943 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
945 LOG_DEBUG("target->state: %s",
946 target_state_name(target));
948 enum reset_types jtag_reset_config = jtag_get_reset_config();
949 if (!(jtag_reset_config & RESET_HAS_SRST))
951 LOG_ERROR("Can't assert SRST");
955 /* At this point trst has been asserted/deasserted once. We would
956 * like to program EmbeddedICE while SRST is asserted, instead of
957 * depending on SRST to leave that module alone. However, many CPUs
958 * gate the JTAG clock while SRST is asserted; or JTAG may need
959 * clock stability guarantees (adaptive clocking might help).
961 * So we assume JTAG access during SRST is off the menu unless it's
962 * been specifically enabled.
964 bool srst_asserted = false;
966 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
967 && (jtag_reset_config & RESET_SRST_NO_GATING))
969 jtag_add_reset(0, 1);
970 srst_asserted = true;
973 if (target->reset_halt)
976 * Some targets do not support communication while SRST is asserted. We need to
977 * set up the reset vector catch here.
979 * If TRST is asserted, then these settings will be reset anyway, so setting them
982 if (arm7_9->has_vector_catch)
984 /* program vector catch register to catch reset vector */
985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
987 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
988 jtag_add_runtest(1, jtag_get_end_state());
992 /* program watchpoint unit to match on reset vector address */
993 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
995 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1001 /* here we should issue an SRST only, but we may have to assert TRST as well */
1002 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1004 jtag_add_reset(1, 1);
1005 } else if (!srst_asserted)
1007 jtag_add_reset(0, 1);
1010 target->state = TARGET_RESET;
1011 jtag_add_sleep(50000);
1013 register_cache_invalidate(arm7_9->armv4_5_common.core_cache);
1015 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1017 /* debug entry was already prepared in arm7_9_assert_reset() */
1018 target->debug_reason = DBG_REASON_DBGRQ;
1025 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1026 * and the target is being reset into a halt, a warning will be triggered
1027 * because it is not possible to reset into a halted mode in this case. The
1028 * target is halted using the target's functions.
1030 * @param target Pointer to the target to have the reset deasserted
1031 * @return ERROR_OK or an error from polling or halting the target
1033 int arm7_9_deassert_reset(struct target *target)
1035 int retval = ERROR_OK;
1036 LOG_DEBUG("target->state: %s",
1037 target_state_name(target));
1039 /* deassert reset lines */
1040 jtag_add_reset(0, 0);
1042 enum reset_types jtag_reset_config = jtag_get_reset_config();
1043 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1045 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1046 /* set up embedded ice registers again */
1047 if ((retval = target_examine_one(target)) != ERROR_OK)
1050 if ((retval = target_poll(target)) != ERROR_OK)
1055 if ((retval = target_halt(target)) != ERROR_OK)
1065 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1066 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1067 * vector catch was used, it is restored. Otherwise, the control value is
1068 * restored and the watchpoint unit is restored if it was in use.
1070 * @param target Pointer to the ARM7/9 target to have halt cleared
1071 * @return Always ERROR_OK
1073 int arm7_9_clear_halt(struct target *target)
1075 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1076 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1078 /* we used DBGRQ only if we didn't come out of reset */
1079 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1081 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1083 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1084 embeddedice_store_reg(dbg_ctrl);
1088 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1090 /* if we came out of reset, and vector catch is supported, we used
1091 * vector catch to enter debug state
1092 * restore the register in that case
1094 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1098 /* restore registers if watchpoint unit 0 was in use
1100 if (arm7_9->wp0_used)
1102 if (arm7_9->debug_entry_from_reset)
1104 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1106 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1107 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1108 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1110 /* control value always has to be restored, as it was either disabled,
1111 * or enabled with possibly different bits
1113 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1121 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1122 * and then there is a wait until the processor shows the halt. This wait can
1123 * timeout and results in an error being returned. The software reset involves
1124 * clearing the halt, updating the debug control register, changing to ARM mode,
1125 * reset of the program counter, and reset of all of the registers.
1127 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1128 * @return Error status if any of the commands fail, otherwise ERROR_OK
1130 int arm7_9_soft_reset_halt(struct target *target)
1132 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1133 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1134 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1135 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1139 /* FIX!!! replace some of this code with tcl commands
1141 * halt # the halt command is synchronous
1142 * armv4_5 core_state arm
1146 if ((retval = target_halt(target)) != ERROR_OK)
1149 long long then = timeval_ms();
1151 while (!(timeout = ((timeval_ms()-then) > 1000)))
1153 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1155 embeddedice_read_reg(dbg_stat);
1156 if ((retval = jtag_execute_queue()) != ERROR_OK)
1158 if (debug_level >= 3)
1168 LOG_ERROR("Failed to halt CPU after 1 sec");
1169 return ERROR_TARGET_TIMEOUT;
1171 target->state = TARGET_HALTED;
1173 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1174 * ensure that DBGRQ is cleared
1176 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1177 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1178 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1179 embeddedice_store_reg(dbg_ctrl);
1181 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1186 /* if the target is in Thumb state, change to ARM state */
1187 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1189 uint32_t r0_thumb, pc_thumb;
1190 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1191 /* Entered debug from Thumb mode */
1192 armv4_5->core_state = ARM_STATE_THUMB;
1193 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1196 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1198 /* all register content is now invalid */
1199 register_cache_invalidate(armv4_5->core_cache);
1201 /* SVC, ARM state, IRQ and FIQ disabled */
1204 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
1207 arm_set_cpsr(armv4_5, cpsr);
1208 armv4_5->cpsr->dirty = 1;
1210 /* start fetching from 0x0 */
1211 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1212 armv4_5->core_cache->reg_list[15].dirty = 1;
1213 armv4_5->core_cache->reg_list[15].valid = 1;
1215 /* reset registers */
1216 for (i = 0; i <= 14; i++)
1218 struct reg *r = arm_reg_current(armv4_5, i);
1220 buf_set_u32(r->value, 0, 32, 0xffffffff);
1225 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1234 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1235 * line or by programming a watchpoint to trigger on any address. It is
1236 * considered a bug to call this function while the target is in the
1237 * TARGET_RESET state.
1239 * @param target Pointer to the ARM7/9 target to be halted
1240 * @return Always ERROR_OK
1242 int arm7_9_halt(struct target *target)
1244 if (target->state == TARGET_RESET)
1246 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1250 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1251 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1253 LOG_DEBUG("target->state: %s",
1254 target_state_name(target));
1256 if (target->state == TARGET_HALTED)
1258 LOG_DEBUG("target was already halted");
1262 if (target->state == TARGET_UNKNOWN)
1264 LOG_WARNING("target was in unknown state when halt was requested");
1267 if (arm7_9->use_dbgrq)
1269 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1271 if (arm7_9->set_special_dbgrq) {
1272 arm7_9->set_special_dbgrq(target);
1274 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1275 embeddedice_store_reg(dbg_ctrl);
1280 /* program watchpoint unit to match on any address
1282 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1283 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1284 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1285 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1288 target->debug_reason = DBG_REASON_DBGRQ;
1294 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1295 * ARM. The JTAG queue is then executed and the reason for debug entry is
1296 * examined. Once done, the target is verified to be halted and the processor
1297 * is forced into ARM mode. The core registers are saved for the current core
1298 * mode and the program counter (register 15) is updated as needed. The core
1299 * registers and CPSR and SPSR are saved for restoration later.
1301 * @param target Pointer to target that is entering debug mode
1302 * @return Error code if anything fails, otherwise ERROR_OK
1304 static int arm7_9_debug_entry(struct target *target)
1307 uint32_t context[16];
1308 uint32_t* context_p[16];
1309 uint32_t r0_thumb, pc_thumb;
1310 uint32_t cpsr, cpsr_mask = 0;
1312 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1313 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1314 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1315 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1317 #ifdef _DEBUG_ARM7_9_
1321 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1322 * ensure that DBGRQ is cleared
1324 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1325 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1326 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1327 embeddedice_store_reg(dbg_ctrl);
1329 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1334 if ((retval = jtag_execute_queue()) != ERROR_OK)
1339 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1343 if (target->state != TARGET_HALTED)
1345 LOG_WARNING("target not halted");
1346 return ERROR_TARGET_NOT_HALTED;
1349 /* if the target is in Thumb state, change to ARM state */
1350 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1352 LOG_DEBUG("target entered debug from Thumb state");
1353 /* Entered debug from Thumb mode */
1354 armv4_5->core_state = ARM_STATE_THUMB;
1356 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1357 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1358 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1359 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1360 /* \todo Get some vaguely correct handling of Jazelle, if
1361 * anyone ever uses it and full info becomes available.
1362 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1363 * B.7.3 for the reverse. That'd be the bare minimum...
1365 LOG_DEBUG("target entered debug from Jazelle state");
1366 armv4_5->core_state = ARM_STATE_JAZELLE;
1367 cpsr_mask = 1 << 24;
1368 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1370 LOG_DEBUG("target entered debug from ARM state");
1371 /* Entered debug from ARM mode */
1372 armv4_5->core_state = ARM_STATE_ARM;
1375 for (i = 0; i < 16; i++)
1376 context_p[i] = &context[i];
1377 /* save core registers (r0 - r15 of current core mode) */
1378 arm7_9->read_core_regs(target, 0xffff, context_p);
1380 arm7_9->read_xpsr(target, &cpsr, 0);
1382 if ((retval = jtag_execute_queue()) != ERROR_OK)
1385 /* Sync our CPSR copy with J or T bits EICE reported, but
1386 * which we then erased by putting the core into ARM mode.
1388 arm_set_cpsr(armv4_5, cpsr | cpsr_mask);
1390 if (!is_arm_mode(armv4_5->core_mode))
1392 target->state = TARGET_UNKNOWN;
1393 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1394 return ERROR_TARGET_FAILURE;
1397 LOG_DEBUG("target entered debug state in %s mode",
1398 arm_mode_name(armv4_5->core_mode));
1400 if (armv4_5->core_state == ARM_STATE_THUMB)
1402 LOG_DEBUG("thumb state, applying fixups");
1403 context[0] = r0_thumb;
1404 context[15] = pc_thumb;
1405 } else if (armv4_5->core_state == ARM_STATE_ARM)
1407 /* adjust value stored by STM */
1408 context[15] -= 3 * 4;
1411 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1412 context[15] -= 3 * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1414 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1416 for (i = 0; i <= 15; i++)
1418 struct reg *r = arm_reg_current(armv4_5, i);
1420 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1422 buf_set_u32(r->value, 0, 32, context[i]);
1423 /* r0 and r15 (pc) have to be restored later */
1424 r->dirty = (i == 0) || (i == 15);
1428 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1430 /* exceptions other than USR & SYS have a saved program status register */
1431 if (armv4_5->spsr) {
1433 arm7_9->read_xpsr(target, &spsr, 1);
1434 if ((retval = jtag_execute_queue()) != ERROR_OK)
1438 buf_set_u32(armv4_5->spsr->value, 0, 32, spsr);
1439 armv4_5->spsr->dirty = 0;
1440 armv4_5->spsr->valid = 1;
1443 if ((retval = jtag_execute_queue()) != ERROR_OK)
1446 if (arm7_9->post_debug_entry)
1447 arm7_9->post_debug_entry(target);
1453 * Validate the full context for an ARM7/9 target in all processor modes. If
1454 * there are any invalid registers for the target, they will all be read. This
1457 * @param target Pointer to the ARM7/9 target to capture the full context from
1458 * @return Error if the target is not halted, has an invalid core mode, or if
1459 * the JTAG queue fails to execute
1461 int arm7_9_full_context(struct target *target)
1465 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1466 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1470 if (target->state != TARGET_HALTED)
1472 LOG_WARNING("target not halted");
1473 return ERROR_TARGET_NOT_HALTED;
1476 if (!is_arm_mode(armv4_5->core_mode))
1479 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1480 * SYS shares registers with User, so we don't touch SYS
1482 for (i = 0; i < 6; i++)
1485 uint32_t* reg_p[16];
1489 /* check if there are invalid registers in the current mode
1491 for (j = 0; j <= 16; j++)
1493 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1501 /* change processor mode (and mask T bit) */
1502 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8)
1504 tmp_cpsr |= armv4_5_number_to_mode(i);
1506 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1508 for (j = 0; j < 15; j++)
1510 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1512 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1514 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1515 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1519 /* if only the PSR is invalid, mask is all zeroes */
1521 arm7_9->read_core_regs(target, mask, reg_p);
1523 /* check if the PSR has to be read */
1524 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1526 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1527 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1528 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1533 /* restore processor mode (mask T bit) */
1534 arm7_9->write_xpsr_im8(target,
1535 buf_get_u32(armv4_5->cpsr->value, 0, 8) & ~0x20,
1538 if ((retval = jtag_execute_queue()) != ERROR_OK)
1546 * Restore the processor context on an ARM7/9 target. The full processor
1547 * context is analyzed to see if any of the registers are dirty on this end, but
1548 * have a valid new value. If this is the case, the processor is changed to the
1549 * appropriate mode and the new register values are written out to the
1550 * processor. If there happens to be a dirty register with an invalid value, an
1551 * error will be logged.
1553 * @param target Pointer to the ARM7/9 target to have its context restored
1554 * @return Error status if the target is not halted or the core mode in the
1555 * armv4_5 struct is invalid.
1557 int arm7_9_restore_context(struct target *target)
1559 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1560 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1562 struct arm_reg *reg_arch_info;
1563 enum arm_mode current_mode = armv4_5->core_mode;
1570 if (target->state != TARGET_HALTED)
1572 LOG_WARNING("target not halted");
1573 return ERROR_TARGET_NOT_HALTED;
1576 if (arm7_9->pre_restore_context)
1577 arm7_9->pre_restore_context(target);
1579 if (!is_arm_mode(armv4_5->core_mode))
1582 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1583 * SYS shares registers with User, so we don't touch SYS
1585 for (i = 0; i < 6; i++)
1587 LOG_DEBUG("examining %s mode",
1588 arm_mode_name(armv4_5->core_mode));
1591 /* check if there are dirty registers in the current mode
1593 for (j = 0; j <= 16; j++)
1595 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1596 reg_arch_info = reg->arch_info;
1597 if (reg->dirty == 1)
1599 if (reg->valid == 1)
1602 LOG_DEBUG("examining dirty reg: %s", reg->name);
1603 if ((reg_arch_info->mode != ARM_MODE_ANY)
1604 && (reg_arch_info->mode != current_mode)
1605 && !((reg_arch_info->mode == ARM_MODE_USR) && (armv4_5->core_mode == ARM_MODE_SYS))
1606 && !((reg_arch_info->mode == ARM_MODE_SYS) && (armv4_5->core_mode == ARM_MODE_USR)))
1609 LOG_DEBUG("require mode change");
1614 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1621 uint32_t mask = 0x0;
1629 /* change processor mode (mask T bit) */
1630 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value,
1632 tmp_cpsr |= armv4_5_number_to_mode(i);
1634 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1635 current_mode = armv4_5_number_to_mode(i);
1638 for (j = 0; j <= 14; j++)
1640 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1641 reg_arch_info = reg->arch_info;
1644 if (reg->dirty == 1)
1646 regs[j] = buf_get_u32(reg->value, 0, 32);
1651 LOG_DEBUG("writing register %i mode %s "
1652 "with value 0x%8.8" PRIx32, j,
1653 arm_mode_name(armv4_5->core_mode),
1660 arm7_9->write_core_regs(target, mask, regs);
1663 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1664 reg_arch_info = reg->arch_info;
1665 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY))
1667 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1668 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1673 if (!armv4_5->cpsr->dirty && (armv4_5->core_mode != current_mode))
1675 /* restore processor mode (mask T bit) */
1678 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
1679 tmp_cpsr |= armv4_5_number_to_mode(i);
1681 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1682 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1684 else if (armv4_5->cpsr->dirty)
1686 /* CPSR has been changed, full restore necessary (mask T bit) */
1687 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1688 buf_get_u32(armv4_5->cpsr->value, 0, 32));
1689 arm7_9->write_xpsr(target,
1690 buf_get_u32(armv4_5->cpsr->value, 0, 32)
1692 armv4_5->cpsr->dirty = 0;
1693 armv4_5->cpsr->valid = 1;
1697 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1698 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1699 armv4_5->core_cache->reg_list[15].dirty = 0;
1701 if (arm7_9->post_restore_context)
1702 arm7_9->post_restore_context(target);
1708 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1709 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1712 * @param target Pointer to the ARM7/9 target to be restarted
1713 * @return Result of executing the JTAG queue
1715 int arm7_9_restart_core(struct target *target)
1717 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1718 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1720 /* set RESTART instruction */
1721 jtag_set_end_state(TAP_IDLE);
1722 if (arm7_9->need_bypass_before_restart) {
1723 arm7_9->need_bypass_before_restart = 0;
1724 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1726 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1728 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1729 return jtag_execute_queue();
1733 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1734 * iterated through and are set on the target if they aren't already set.
1736 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1738 void arm7_9_enable_watchpoints(struct target *target)
1740 struct watchpoint *watchpoint = target->watchpoints;
1744 if (watchpoint->set == 0)
1745 arm7_9_set_watchpoint(target, watchpoint);
1746 watchpoint = watchpoint->next;
1751 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1752 * iterated through and are set on the target.
1754 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1756 void arm7_9_enable_breakpoints(struct target *target)
1758 struct breakpoint *breakpoint = target->breakpoints;
1760 /* set any pending breakpoints */
1763 arm7_9_set_breakpoint(target, breakpoint);
1764 breakpoint = breakpoint->next;
1768 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1770 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1771 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1772 struct breakpoint *breakpoint = target->breakpoints;
1773 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1774 int err, retval = ERROR_OK;
1778 if (target->state != TARGET_HALTED)
1780 LOG_WARNING("target not halted");
1781 return ERROR_TARGET_NOT_HALTED;
1784 if (!debug_execution)
1786 target_free_all_working_areas(target);
1789 /* current = 1: continue on current pc, otherwise continue at <address> */
1791 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1793 uint32_t current_pc;
1794 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1796 /* the front-end may request us not to handle breakpoints */
1797 if (handle_breakpoints)
1799 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1801 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1802 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1807 /* calculate PC of next instruction */
1809 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1811 uint32_t current_opcode;
1812 target_read_u32(target, current_pc, ¤t_opcode);
1813 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1817 LOG_DEBUG("enable single-step");
1818 arm7_9->enable_single_step(target, next_pc);
1820 target->debug_reason = DBG_REASON_SINGLESTEP;
1822 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1827 if (armv4_5->core_state == ARM_STATE_ARM)
1828 arm7_9->branch_resume(target);
1829 else if (armv4_5->core_state == ARM_STATE_THUMB)
1831 arm7_9->branch_resume_thumb(target);
1835 LOG_ERROR("unhandled core state");
1839 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1840 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1841 err = arm7_9_execute_sys_speed(target);
1843 LOG_DEBUG("disable single-step");
1844 arm7_9->disable_single_step(target);
1846 if (err != ERROR_OK)
1848 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1852 target->state = TARGET_UNKNOWN;
1856 arm7_9_debug_entry(target);
1857 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1859 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1860 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1867 /* enable any pending breakpoints and watchpoints */
1868 arm7_9_enable_breakpoints(target);
1869 arm7_9_enable_watchpoints(target);
1871 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1876 if (armv4_5->core_state == ARM_STATE_ARM)
1878 arm7_9->branch_resume(target);
1880 else if (armv4_5->core_state == ARM_STATE_THUMB)
1882 arm7_9->branch_resume_thumb(target);
1886 LOG_ERROR("unhandled core state");
1890 /* deassert DBGACK and INTDIS */
1891 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1892 /* INTDIS only when we really resume, not during debug execution */
1893 if (!debug_execution)
1894 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1895 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1897 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1902 target->debug_reason = DBG_REASON_NOTHALTED;
1904 if (!debug_execution)
1906 /* registers are now invalid */
1907 register_cache_invalidate(armv4_5->core_cache);
1908 target->state = TARGET_RUNNING;
1909 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1916 target->state = TARGET_DEBUG_RUNNING;
1917 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1923 LOG_DEBUG("target resumed");
1928 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1930 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1931 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1932 uint32_t current_pc;
1933 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1935 if (next_pc != current_pc)
1937 /* setup an inverse breakpoint on the current PC
1938 * - comparator 1 matches the current address
1939 * - rangeout from comparator 1 is connected to comparator 0 rangein
1940 * - comparator 0 matches any address, as long as rangein is low */
1941 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1942 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1943 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1944 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1945 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1946 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1947 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1948 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1949 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1957 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1958 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1959 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1965 void arm7_9_disable_eice_step(struct target *target)
1967 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1969 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1970 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1971 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1972 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1973 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1974 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1975 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1976 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1977 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1980 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1982 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1983 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1984 struct breakpoint *breakpoint = NULL;
1987 if (target->state != TARGET_HALTED)
1989 LOG_WARNING("target not halted");
1990 return ERROR_TARGET_NOT_HALTED;
1993 /* current = 1: continue on current pc, otherwise continue at <address> */
1995 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1997 uint32_t current_pc;
1998 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2000 /* the front-end may request us not to handle breakpoints */
2001 if (handle_breakpoints)
2002 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2003 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2008 target->debug_reason = DBG_REASON_SINGLESTEP;
2010 /* calculate PC of next instruction */
2012 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2014 uint32_t current_opcode;
2015 target_read_u32(target, current_pc, ¤t_opcode);
2016 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2020 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2025 arm7_9->enable_single_step(target, next_pc);
2027 if (armv4_5->core_state == ARM_STATE_ARM)
2029 arm7_9->branch_resume(target);
2031 else if (armv4_5->core_state == ARM_STATE_THUMB)
2033 arm7_9->branch_resume_thumb(target);
2037 LOG_ERROR("unhandled core state");
2041 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2046 err = arm7_9_execute_sys_speed(target);
2047 arm7_9->disable_single_step(target);
2049 /* registers are now invalid */
2050 register_cache_invalidate(armv4_5->core_cache);
2052 if (err != ERROR_OK)
2054 target->state = TARGET_UNKNOWN;
2056 arm7_9_debug_entry(target);
2057 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2061 LOG_DEBUG("target stepped");
2065 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2073 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
2074 int num, enum arm_mode mode)
2076 uint32_t* reg_p[16];
2079 struct arm_reg *areg = r->arch_info;
2080 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2081 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2083 if (!is_arm_mode(armv4_5->core_mode))
2085 if ((num < 0) || (num > 16))
2086 return ERROR_INVALID_ARGUMENTS;
2088 if ((mode != ARM_MODE_ANY)
2089 && (mode != armv4_5->core_mode)
2090 && (areg->mode != ARM_MODE_ANY))
2094 /* change processor mode (mask T bit) */
2095 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2098 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2101 if ((num >= 0) && (num <= 15))
2103 /* read a normal core register */
2104 reg_p[num] = &value;
2106 arm7_9->read_core_regs(target, 1 << num, reg_p);
2110 /* read a program status register
2111 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2113 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2116 if ((retval = jtag_execute_queue()) != ERROR_OK)
2123 buf_set_u32(r->value, 0, 32, value);
2125 if ((mode != ARM_MODE_ANY)
2126 && (mode != armv4_5->core_mode)
2127 && (areg->mode != ARM_MODE_ANY)) {
2128 /* restore processor mode (mask T bit) */
2129 arm7_9->write_xpsr_im8(target,
2130 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2137 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2138 int num, enum arm_mode mode, uint32_t value)
2141 struct arm_reg *areg = r->arch_info;
2142 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2143 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2145 if (!is_arm_mode(armv4_5->core_mode))
2147 if ((num < 0) || (num > 16))
2148 return ERROR_INVALID_ARGUMENTS;
2150 if ((mode != ARM_MODE_ANY)
2151 && (mode != armv4_5->core_mode)
2152 && (areg->mode != ARM_MODE_ANY)) {
2155 /* change processor mode (mask T bit) */
2156 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2159 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2162 if ((num >= 0) && (num <= 15))
2164 /* write a normal core register */
2167 arm7_9->write_core_regs(target, 1 << num, reg);
2171 /* write a program status register
2172 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2174 int spsr = (areg->mode != ARM_MODE_ANY);
2176 /* if we're writing the CPSR, mask the T bit */
2180 arm7_9->write_xpsr(target, value, spsr);
2186 if ((mode != ARM_MODE_ANY)
2187 && (mode != armv4_5->core_mode)
2188 && (areg->mode != ARM_MODE_ANY)) {
2189 /* restore processor mode (mask T bit) */
2190 arm7_9->write_xpsr_im8(target,
2191 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2195 return jtag_execute_queue();
2198 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2200 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2201 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2203 uint32_t num_accesses = 0;
2204 int thisrun_accesses;
2210 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2212 if (target->state != TARGET_HALTED)
2214 LOG_WARNING("target not halted");
2215 return ERROR_TARGET_NOT_HALTED;
2218 /* sanitize arguments */
2219 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2220 return ERROR_INVALID_ARGUMENTS;
2222 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2223 return ERROR_TARGET_UNALIGNED_ACCESS;
2225 /* load the base register with the address of the first word */
2227 arm7_9->write_core_regs(target, 0x1, reg);
2234 while (num_accesses < count)
2237 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2238 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2240 if (last_reg <= thisrun_accesses)
2241 last_reg = thisrun_accesses;
2243 arm7_9->load_word_regs(target, reg_list);
2245 /* fast memory reads are only safe when the target is running
2246 * from a sufficiently high clock (32 kHz is usually too slow)
2248 if (arm7_9->fast_memory_access)
2249 retval = arm7_9_execute_fast_sys_speed(target);
2251 retval = arm7_9_execute_sys_speed(target);
2252 if (retval != ERROR_OK)
2255 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2257 /* advance buffer, count number of accesses */
2258 buffer += thisrun_accesses * 4;
2259 num_accesses += thisrun_accesses;
2261 if ((j++%1024) == 0)
2268 while (num_accesses < count)
2271 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2272 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2274 for (i = 1; i <= thisrun_accesses; i++)
2278 arm7_9->load_hword_reg(target, i);
2279 /* fast memory reads are only safe when the target is running
2280 * from a sufficiently high clock (32 kHz is usually too slow)
2282 if (arm7_9->fast_memory_access)
2283 retval = arm7_9_execute_fast_sys_speed(target);
2285 retval = arm7_9_execute_sys_speed(target);
2286 if (retval != ERROR_OK)
2293 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2295 /* advance buffer, count number of accesses */
2296 buffer += thisrun_accesses * 2;
2297 num_accesses += thisrun_accesses;
2299 if ((j++%1024) == 0)
2306 while (num_accesses < count)
2309 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2310 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2312 for (i = 1; i <= thisrun_accesses; i++)
2316 arm7_9->load_byte_reg(target, i);
2317 /* fast memory reads are only safe when the target is running
2318 * from a sufficiently high clock (32 kHz is usually too slow)
2320 if (arm7_9->fast_memory_access)
2321 retval = arm7_9_execute_fast_sys_speed(target);
2323 retval = arm7_9_execute_sys_speed(target);
2324 if (retval != ERROR_OK)
2330 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2332 /* advance buffer, count number of accesses */
2333 buffer += thisrun_accesses * 1;
2334 num_accesses += thisrun_accesses;
2336 if ((j++%1024) == 0)
2344 if (!is_arm_mode(armv4_5->core_mode))
2347 for (i = 0; i <= last_reg; i++) {
2348 struct reg *r = arm_reg_current(armv4_5, i);
2350 r->dirty = r->valid;
2353 arm7_9->read_xpsr(target, &cpsr, 0);
2354 if ((retval = jtag_execute_queue()) != ERROR_OK)
2356 LOG_ERROR("JTAG error while reading cpsr");
2357 return ERROR_TARGET_DATA_ABORT;
2360 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2362 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2364 arm7_9->write_xpsr_im8(target,
2365 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2368 return ERROR_TARGET_DATA_ABORT;
2374 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2376 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2377 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2378 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2381 uint32_t num_accesses = 0;
2382 int thisrun_accesses;
2388 #ifdef _DEBUG_ARM7_9_
2389 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2392 if (target->state != TARGET_HALTED)
2394 LOG_WARNING("target not halted");
2395 return ERROR_TARGET_NOT_HALTED;
2398 /* sanitize arguments */
2399 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2400 return ERROR_INVALID_ARGUMENTS;
2402 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2403 return ERROR_TARGET_UNALIGNED_ACCESS;
2405 /* load the base register with the address of the first word */
2407 arm7_9->write_core_regs(target, 0x1, reg);
2409 /* Clear DBGACK, to make sure memory fetches work as expected */
2410 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2411 embeddedice_store_reg(dbg_ctrl);
2416 while (num_accesses < count)
2419 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2420 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2422 for (i = 1; i <= thisrun_accesses; i++)
2426 reg[i] = target_buffer_get_u32(target, buffer);
2430 arm7_9->write_core_regs(target, reg_list, reg);
2432 arm7_9->store_word_regs(target, reg_list);
2434 /* fast memory writes are only safe when the target is running
2435 * from a sufficiently high clock (32 kHz is usually too slow)
2437 if (arm7_9->fast_memory_access)
2438 retval = arm7_9_execute_fast_sys_speed(target);
2440 retval = arm7_9_execute_sys_speed(target);
2441 if (retval != ERROR_OK)
2446 num_accesses += thisrun_accesses;
2450 while (num_accesses < count)
2453 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2454 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2456 for (i = 1; i <= thisrun_accesses; i++)
2460 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2464 arm7_9->write_core_regs(target, reg_list, reg);
2466 for (i = 1; i <= thisrun_accesses; i++)
2468 arm7_9->store_hword_reg(target, i);
2470 /* fast memory writes are only safe when the target is running
2471 * from a sufficiently high clock (32 kHz is usually too slow)
2473 if (arm7_9->fast_memory_access)
2474 retval = arm7_9_execute_fast_sys_speed(target);
2476 retval = arm7_9_execute_sys_speed(target);
2477 if (retval != ERROR_OK)
2483 num_accesses += thisrun_accesses;
2487 while (num_accesses < count)
2490 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2491 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2493 for (i = 1; i <= thisrun_accesses; i++)
2497 reg[i] = *buffer++ & 0xff;
2500 arm7_9->write_core_regs(target, reg_list, reg);
2502 for (i = 1; i <= thisrun_accesses; i++)
2504 arm7_9->store_byte_reg(target, i);
2505 /* fast memory writes are only safe when the target is running
2506 * from a sufficiently high clock (32 kHz is usually too slow)
2508 if (arm7_9->fast_memory_access)
2509 retval = arm7_9_execute_fast_sys_speed(target);
2511 retval = arm7_9_execute_sys_speed(target);
2512 if (retval != ERROR_OK)
2519 num_accesses += thisrun_accesses;
2525 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2526 embeddedice_store_reg(dbg_ctrl);
2528 if (!is_arm_mode(armv4_5->core_mode))
2531 for (i = 0; i <= last_reg; i++) {
2532 struct reg *r = arm_reg_current(armv4_5, i);
2534 r->dirty = r->valid;
2537 arm7_9->read_xpsr(target, &cpsr, 0);
2538 if ((retval = jtag_execute_queue()) != ERROR_OK)
2540 LOG_ERROR("JTAG error while reading cpsr");
2541 return ERROR_TARGET_DATA_ABORT;
2544 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2546 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2548 arm7_9->write_xpsr_im8(target,
2549 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2552 return ERROR_TARGET_DATA_ABORT;
2558 static int dcc_count;
2559 static uint8_t *dcc_buffer;
2561 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2563 int retval = ERROR_OK;
2564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2566 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2569 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2570 int count = dcc_count;
2571 uint8_t *buffer = dcc_buffer;
2574 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2575 * core function repeated. */
2576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2579 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2580 uint8_t reg_addr = ice_reg->addr & 0x1f;
2581 struct jtag_tap *tap;
2582 tap = ice_reg->jtag_info->tap;
2584 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2585 buffer += (count-2)*4;
2587 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2591 for (i = 0; i < count; i++)
2593 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2598 if ((retval = target_halt(target))!= ERROR_OK)
2602 return target_wait_state(target, TARGET_HALTED, 500);
2605 static const uint32_t dcc_code[] =
2607 /* r0 == input, points to memory buffer
2611 /* spin until DCC control (c0) reports data arrived */
2612 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2613 0xe3110001, /* tst r1, #1 */
2614 0x0afffffc, /* bne w */
2616 /* read word from DCC (c1), write to memory */
2617 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2618 0xe4801004, /* str r1, [r0], #4 */
2621 0xeafffff9 /* b w */
2624 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2627 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2630 if (!arm7_9->dcc_downloads)
2631 return target_write_memory(target, address, 4, count, buffer);
2633 /* regrab previously allocated working_area, or allocate a new one */
2634 if (!arm7_9->dcc_working_area)
2636 uint8_t dcc_code_buf[6 * 4];
2638 /* make sure we have a working area */
2639 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2641 LOG_INFO("no working area available, falling back to memory writes");
2642 return target_write_memory(target, address, 4, count, buffer);
2645 /* copy target instructions to target endianness */
2646 for (i = 0; i < 6; i++)
2648 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2651 /* write DCC code to working area */
2652 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2658 struct arm_algorithm armv4_5_info;
2659 struct reg_param reg_params[1];
2661 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
2662 armv4_5_info.core_mode = ARM_MODE_SVC;
2663 armv4_5_info.core_state = ARM_STATE_ARM;
2665 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2667 buf_set_u32(reg_params[0].value, 0, 32, address);
2670 dcc_buffer = buffer;
2671 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2672 arm7_9->dcc_working_area->address,
2673 arm7_9->dcc_working_area->address + 6*4,
2674 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2676 if (retval == ERROR_OK)
2678 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2679 if (endaddress != (address + count*4))
2681 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2682 retval = ERROR_FAIL;
2686 destroy_reg_param(®_params[0]);
2692 * Perform per-target setup that requires JTAG access.
2694 int arm7_9_examine(struct target *target)
2696 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2699 if (!target_was_examined(target)) {
2700 struct reg_cache *t, **cache_p;
2702 t = embeddedice_build_reg_cache(target, arm7_9);
2706 cache_p = register_get_last_cache_p(&target->reg_cache);
2708 arm7_9->eice_cache = (*cache_p);
2710 if (arm7_9->armv4_5_common.etm)
2711 (*cache_p)->next = etm_build_reg_cache(target,
2713 arm7_9->armv4_5_common.etm);
2715 target_set_examined(target);
2718 retval = embeddedice_setup(target);
2719 if (retval == ERROR_OK)
2720 retval = arm7_9_setup(target);
2721 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2722 retval = etm_setup(target);
2726 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2728 struct target *target = get_current_target(CMD_CTX);
2729 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2731 if (!is_arm7_9(arm7_9))
2733 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2734 return ERROR_TARGET_INVALID;
2738 COMMAND_PARSE_ENABLE(CMD_ARGV[0],arm7_9->use_dbgrq);
2740 command_print(CMD_CTX, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2745 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2747 struct target *target = get_current_target(CMD_CTX);
2748 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2750 if (!is_arm7_9(arm7_9))
2752 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2753 return ERROR_TARGET_INVALID;
2757 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2759 command_print(CMD_CTX, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2764 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2766 struct target *target = get_current_target(CMD_CTX);
2767 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2769 if (!is_arm7_9(arm7_9))
2771 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2772 return ERROR_TARGET_INVALID;
2776 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2778 command_print(CMD_CTX, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2783 COMMAND_HANDLER(handle_arm7_9_semihosting_command)
2785 struct target *target = get_current_target(CMD_CTX);
2786 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2788 if (!is_arm7_9(arm7_9))
2790 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2791 return ERROR_TARGET_INVALID;
2798 COMMAND_PARSE_ENABLE(CMD_ARGV[0], semihosting);
2800 if (arm7_9->has_vector_catch) {
2801 struct reg *vector_catch = &arm7_9->eice_cache
2802 ->reg_list[EICE_VEC_CATCH];
2804 if (!vector_catch->valid)
2805 embeddedice_read_reg(vector_catch);
2806 buf_set_u32(vector_catch->value, 2, 1, semihosting);
2807 embeddedice_store_reg(vector_catch);
2809 /* TODO: allow optional high vectors and/or BKPT_HARD */
2811 breakpoint_add(target, 8, 4, BKPT_SOFT);
2813 breakpoint_remove(target, 8);
2816 /* FIXME never let that "catch" be dropped! */
2817 arm7_9->armv4_5_common.is_semihosting = semihosting;
2821 command_print(CMD_CTX, "semihosting is %s",
2822 arm7_9->armv4_5_common.is_semihosting
2823 ? "enabled" : "disabled");
2828 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2830 int retval = ERROR_OK;
2831 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2833 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2835 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2838 /* caller must have allocated via calloc(), so everything's zeroed */
2840 arm7_9->wp_available_max = 2;
2842 arm7_9->fast_memory_access = false;
2843 arm7_9->dcc_downloads = false;
2845 armv4_5->arch_info = arm7_9;
2846 armv4_5->read_core_reg = arm7_9_read_core_reg;
2847 armv4_5->write_core_reg = arm7_9_write_core_reg;
2848 armv4_5->full_context = arm7_9_full_context;
2850 retval = arm_init_arch_info(target, armv4_5);
2851 if (retval != ERROR_OK)
2854 return target_register_timer_callback(arm7_9_handle_target_request,
2858 static const struct command_registration arm7_9_any_command_handlers[] = {
2861 .handler = &handle_arm7_9_dbgrq_command,
2862 .mode = COMMAND_ANY,
2863 .usage = "<enable|disable>",
2864 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2865 "for target halt requests",
2868 "fast_memory_access",
2869 .handler = &handle_arm7_9_fast_memory_access_command,
2870 .mode = COMMAND_ANY,
2871 .usage = "<enable|disable>",
2872 .help = "use fast memory accesses instead of slower "
2873 "but potentially safer accesses",
2877 .handler = &handle_arm7_9_dcc_downloads_command,
2878 .mode = COMMAND_ANY,
2879 .usage = "<enable | disable>",
2880 .help = "use DCC downloads for larger memory writes",
2884 .handler = &handle_arm7_9_semihosting_command,
2885 .mode = COMMAND_EXEC,
2886 .usage = "<enable | disable>",
2887 .help = "activate support for semihosting operations",
2889 COMMAND_REGISTRATION_DONE
2891 const struct command_registration arm7_9_command_handlers[] = {
2893 .chain = arm_command_handlers,
2896 .chain = etm_command_handlers,
2900 .mode = COMMAND_ANY,
2901 .help = "arm7/9 specific commands",
2902 .chain = arm7_9_any_command_handlers,
2904 COMMAND_REGISTRATION_DONE
projects / fw / openocd / blob