1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "replacements.h"
32 #include "embeddedice.h"
34 #include "target_request.h"
39 #include "arm7_9_common.h"
40 #include "breakpoints.h"
41 #include "time_support.h"
47 #include <sys/types.h>
52 int arm7_9_debug_entry(target_t *target);
53 int arm7_9_enable_sw_bkpts(struct target_s *target);
55 /* command handler forward declarations */
56 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
61 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
66 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
68 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
69 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
70 arm7_9->sw_breakpoints_added = 0;
72 arm7_9->wp1_used = arm7_9->wp1_used_default;
73 arm7_9->wp_available = arm7_9->wp_available_max;
75 return jtag_execute_queue();
78 /* set up embedded ice registers */
79 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
81 if (arm7_9->sw_breakpoints_added)
85 if (arm7_9->wp_available < 1)
87 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
88 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
90 arm7_9->wp_available--;
92 /* pick a breakpoint unit */
93 if (!arm7_9->wp0_used)
95 arm7_9->sw_breakpoints_added=1;
97 } else if (!arm7_9->wp1_used)
99 arm7_9->sw_breakpoints_added=2;
100 arm7_9->wp1_used = 3;
104 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
108 if (arm7_9->sw_breakpoints_added==1)
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
112 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
113 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
116 else if (arm7_9->sw_breakpoints_added==2)
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
120 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
121 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
122 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
130 return jtag_execute_queue();
133 /* set things up after a reset / on startup */
134 int arm7_9_setup(target_t *target)
136 armv4_5_common_t *armv4_5 = target->arch_info;
137 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
139 return arm7_9_clear_watchpoints(arm7_9);
143 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
145 armv4_5_common_t *armv4_5 = target->arch_info;
146 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
148 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
153 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
158 *armv4_5_p = armv4_5;
164 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
165 * might have erased the values in embedded ice
167 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
169 armv4_5_common_t *armv4_5 = target->arch_info;
170 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
173 if (target->state != TARGET_HALTED)
175 LOG_WARNING("target not halted");
176 return ERROR_TARGET_NOT_HALTED;
179 if (breakpoint->type == BKPT_HARD)
181 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
182 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
183 if (breakpoint->set==1)
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
187 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
188 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
191 else if (breakpoint->set==2)
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
195 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
196 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
197 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
201 LOG_ERROR("BUG: no hardware comparator available");
205 retval=jtag_execute_queue();
207 else if (breakpoint->type == BKPT_SOFT)
209 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
212 /* did we already set this breakpoint? */
216 if (breakpoint->length == 4)
218 u32 verify = 0xffffffff;
219 /* keep the original instruction in target endianness */
220 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
221 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
222 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
227 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
228 if (verify != arm7_9->arm_bkpt)
230 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
237 /* keep the original instruction in target endianness */
238 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
239 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
240 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
245 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
246 if (verify != arm7_9->thumb_bkpt)
248 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
259 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
261 int retval = ERROR_OK;
263 armv4_5_common_t *armv4_5 = target->arch_info;
264 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
266 if (!breakpoint->set)
268 LOG_WARNING("breakpoint not set");
272 if (breakpoint->type == BKPT_HARD)
274 if (breakpoint->set == 1)
276 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
277 arm7_9->wp0_used = 0;
279 else if (breakpoint->set == 2)
281 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
282 arm7_9->wp1_used = 0;
284 retval = jtag_execute_queue();
289 /* restore original instruction (kept in target endianness) */
290 if (breakpoint->length == 4)
293 /* check that user program as not modified breakpoint instruction */
294 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
295 if (current_instr==arm7_9->arm_bkpt)
296 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
301 /* check that user program as not modified breakpoint instruction */
302 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
303 if (current_instr==arm7_9->thumb_bkpt)
304 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
312 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
314 armv4_5_common_t *armv4_5 = target->arch_info;
315 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
317 if (target->state != TARGET_HALTED)
319 LOG_WARNING("target not halted");
320 return ERROR_TARGET_NOT_HALTED;
323 if (arm7_9->breakpoint_count==0)
325 /* make sure we don't have any dangling breakpoints. This is vital upon
326 * GDB connect/disconnect
328 arm7_9_clear_watchpoints(arm7_9);
331 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
333 LOG_INFO("no watchpoint unit available for hardware breakpoint");
334 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
337 if ((breakpoint->length != 2) && (breakpoint->length != 4))
339 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
340 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
343 if (breakpoint->type == BKPT_HARD)
345 arm7_9->wp_available--;
347 if (!arm7_9->wp0_used)
349 arm7_9->wp0_used = 1;
352 else if (!arm7_9->wp1_used)
354 arm7_9->wp1_used = 1;
359 LOG_ERROR("BUG: no hardware comparator available");
364 arm7_9->breakpoint_count++;
366 return arm7_9_set_breakpoint(target, breakpoint);
369 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
371 int retval = ERROR_OK;
372 armv4_5_common_t *armv4_5 = target->arch_info;
373 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
375 if((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
380 if (breakpoint->type == BKPT_HARD)
381 arm7_9->wp_available++;
383 arm7_9->breakpoint_count--;
384 if (arm7_9->breakpoint_count==0)
386 /* make sure we don't have any dangling breakpoints */
387 if((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
396 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
398 int retval = ERROR_OK;
399 armv4_5_common_t *armv4_5 = target->arch_info;
400 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
404 mask = watchpoint->length - 1;
406 if (target->state != TARGET_HALTED)
408 LOG_WARNING("target not halted");
409 return ERROR_TARGET_NOT_HALTED;
412 if (watchpoint->rw == WPT_ACCESS)
417 if (!arm7_9->wp0_used)
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
420 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
421 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
422 if( watchpoint->mask != 0xffffffffu )
423 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
424 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
425 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
427 if((retval = jtag_execute_queue()) != ERROR_OK)
432 arm7_9->wp0_used = 2;
434 else if (!arm7_9->wp1_used)
436 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
437 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
438 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
439 if( watchpoint->mask != 0xffffffffu )
440 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
441 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
442 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
444 if((retval = jtag_execute_queue()) != ERROR_OK)
449 arm7_9->wp1_used = 2;
453 LOG_ERROR("BUG: no hardware comparator available");
460 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
462 int retval = ERROR_OK;
463 armv4_5_common_t *armv4_5 = target->arch_info;
464 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
466 if (target->state != TARGET_HALTED)
468 LOG_WARNING("target not halted");
469 return ERROR_TARGET_NOT_HALTED;
472 if (!watchpoint->set)
474 LOG_WARNING("breakpoint not set");
478 if (watchpoint->set == 1)
480 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
481 if((retval = jtag_execute_queue()) != ERROR_OK)
485 arm7_9->wp0_used = 0;
487 else if (watchpoint->set == 2)
489 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
490 if((retval = jtag_execute_queue()) != ERROR_OK)
494 arm7_9->wp1_used = 0;
501 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
503 armv4_5_common_t *armv4_5 = target->arch_info;
504 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
506 if (target->state != TARGET_HALTED)
508 LOG_WARNING("target not halted");
509 return ERROR_TARGET_NOT_HALTED;
512 if (arm7_9->wp_available < 1)
514 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
517 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
519 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
522 arm7_9->wp_available--;
527 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
529 int retval = ERROR_OK;
530 armv4_5_common_t *armv4_5 = target->arch_info;
531 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
535 if((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
541 arm7_9->wp_available++;
549 int arm7_9_execute_sys_speed(struct target_s *target)
553 armv4_5_common_t *armv4_5 = target->arch_info;
554 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
555 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
556 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
558 /* set RESTART instruction */
559 jtag_add_end_state(TAP_RTI);
560 if (arm7_9->need_bypass_before_restart) {
561 arm7_9->need_bypass_before_restart = 0;
562 arm_jtag_set_instr(jtag_info, 0xf, NULL);
564 arm_jtag_set_instr(jtag_info, 0x4, NULL);
566 long long then=timeval_ms();
568 while (!(timeout=((timeval_ms()-then)>1000)))
570 /* read debug status register */
571 embeddedice_read_reg(dbg_stat);
572 if ((retval = jtag_execute_queue()) != ERROR_OK)
574 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
575 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
587 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
588 return ERROR_TARGET_TIMEOUT;
594 int arm7_9_execute_fast_sys_speed(struct target_s *target)
597 static u8 check_value[4], check_mask[4];
599 armv4_5_common_t *armv4_5 = target->arch_info;
600 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
601 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
602 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
604 /* set RESTART instruction */
605 jtag_add_end_state(TAP_RTI);
606 if (arm7_9->need_bypass_before_restart) {
607 arm7_9->need_bypass_before_restart = 0;
608 arm_jtag_set_instr(jtag_info, 0xf, NULL);
610 arm_jtag_set_instr(jtag_info, 0x4, NULL);
614 /* check for DBGACK and SYSCOMP set (others don't care) */
616 /* NB! These are constants that must be available until after next jtag_execute() and
617 we evaluate the values upon first execution in lieu of setting up these constants
620 buf_set_u32(check_value, 0, 32, 0x9);
621 buf_set_u32(check_mask, 0, 32, 0x9);
625 /* read debug status register */
626 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
631 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
633 armv4_5_common_t *armv4_5 = target->arch_info;
634 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
635 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
637 int i, retval = ERROR_OK;
639 data = malloc(size * (sizeof(u32)));
641 retval = embeddedice_receive(jtag_info, data, size);
643 for (i = 0; i < size; i++)
645 h_u32_to_le(buffer + (i * 4), data[i]);
653 int arm7_9_handle_target_request(void *priv)
655 int retval = ERROR_OK;
656 target_t *target = priv;
657 if (!target->type->examined)
659 armv4_5_common_t *armv4_5 = target->arch_info;
660 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
661 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
662 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
665 if (!target->dbg_msg_enabled)
668 if (target->state == TARGET_RUNNING)
670 /* read DCC control register */
671 embeddedice_read_reg(dcc_control);
672 if ((retval = jtag_execute_queue()) != ERROR_OK)
678 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
682 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
686 if ((retval = target_request(target, request)) != ERROR_OK)
696 int arm7_9_poll(target_t *target)
699 armv4_5_common_t *armv4_5 = target->arch_info;
700 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
701 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
703 /* read debug status register */
704 embeddedice_read_reg(dbg_stat);
705 if ((retval = jtag_execute_queue()) != ERROR_OK)
710 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
712 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
713 if (target->state == TARGET_UNKNOWN)
715 target->state = TARGET_RUNNING;
716 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
718 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
721 if (target->state == TARGET_RESET)
723 if (target->reset_halt)
725 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
732 target->state = TARGET_HALTED;
734 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
739 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
740 u32 t=*((u32 *)reg->value);
743 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
747 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
752 if (target->state == TARGET_DEBUG_RUNNING)
754 target->state = TARGET_HALTED;
755 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
758 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
763 if (target->state != TARGET_HALTED)
765 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
770 if (target->state != TARGET_DEBUG_RUNNING)
771 target->state = TARGET_RUNNING;
778 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
779 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
780 while the core is held in reset(SRST). It isn't possible to program the halt
781 condition once reset was asserted, hence a hook that allows the target to set
782 up its reset-halt condition prior to asserting reset.
785 int arm7_9_assert_reset(target_t *target)
787 armv4_5_common_t *armv4_5 = target->arch_info;
788 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
789 LOG_DEBUG("target->state: %s",
790 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
792 if (!(jtag_reset_config & RESET_HAS_SRST))
794 LOG_ERROR("Can't assert SRST");
798 if (target->reset_halt)
801 * Some targets do not support communication while SRST is asserted. We need to
802 * set up the reset vector catch here.
804 * If TRST is asserted, then these settings will be reset anyway, so setting them
807 if (arm7_9->has_vector_catch)
809 /* program vector catch register to catch reset vector */
810 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
814 /* program watchpoint unit to match on reset vector address */
815 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
816 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
817 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
818 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
819 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
823 /* here we should issue a srst only, but we may have to assert trst as well */
824 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
826 jtag_add_reset(1, 1);
829 jtag_add_reset(0, 1);
833 target->state = TARGET_RESET;
834 jtag_add_sleep(50000);
836 armv4_5_invalidate_core_regs(target);
838 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
840 /* debug entry was already prepared in arm7_9_assert_reset() */
841 target->debug_reason = DBG_REASON_DBGRQ;
848 int arm7_9_deassert_reset(target_t *target)
851 LOG_DEBUG("target->state: %s",
852 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
855 /* deassert reset lines */
856 jtag_add_reset(0, 0);
858 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
860 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
861 /* set up embedded ice registers again */
862 if ((retval=target->type->examine(target))!=ERROR_OK)
865 if ((retval=target_poll(target))!=ERROR_OK)
870 if ((retval=target_halt(target))!=ERROR_OK)
879 int arm7_9_clear_halt(target_t *target)
881 armv4_5_common_t *armv4_5 = target->arch_info;
882 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
883 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
885 /* we used DBGRQ only if we didn't come out of reset */
886 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
888 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
890 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
891 embeddedice_store_reg(dbg_ctrl);
895 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
897 /* if we came out of reset, and vector catch is supported, we used
898 * vector catch to enter debug state
899 * restore the register in that case
901 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
905 /* restore registers if watchpoint unit 0 was in use
907 if (arm7_9->wp0_used)
909 if (arm7_9->debug_entry_from_reset)
911 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
913 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
914 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
915 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
917 /* control value always has to be restored, as it was either disabled,
918 * or enabled with possibly different bits
920 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
927 int arm7_9_soft_reset_halt(struct target_s *target)
929 armv4_5_common_t *armv4_5 = target->arch_info;
930 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
931 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
932 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
936 if ((retval=target_halt(target))!=ERROR_OK)
939 long long then=timeval_ms();
941 while (!(timeout=((timeval_ms()-then)>1000)))
943 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
945 embeddedice_read_reg(dbg_stat);
946 if ((retval=jtag_execute_queue())!=ERROR_OK)
958 LOG_ERROR("Failed to halt CPU after 1 sec");
959 return ERROR_TARGET_TIMEOUT;
961 target->state = TARGET_HALTED;
963 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
964 * ensure that DBGRQ is cleared
966 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
967 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
968 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
969 embeddedice_store_reg(dbg_ctrl);
971 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
976 /* if the target is in Thumb state, change to ARM state */
977 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
979 u32 r0_thumb, pc_thumb;
980 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
981 /* Entered debug from Thumb mode */
982 armv4_5->core_state = ARMV4_5_STATE_THUMB;
983 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
986 /* all register content is now invalid */
987 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
992 /* SVC, ARM state, IRQ and FIQ disabled */
993 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
994 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
995 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
997 /* start fetching from 0x0 */
998 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
999 armv4_5->core_cache->reg_list[15].dirty = 1;
1000 armv4_5->core_cache->reg_list[15].valid = 1;
1002 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1003 armv4_5->core_state = ARMV4_5_STATE_ARM;
1005 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1008 /* reset registers */
1009 for (i = 0; i <= 14; i++)
1011 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1012 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1013 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1016 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1024 int arm7_9_halt(target_t *target)
1026 if (target->state==TARGET_RESET)
1028 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1032 armv4_5_common_t *armv4_5 = target->arch_info;
1033 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1034 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1036 LOG_DEBUG("target->state: %s",
1037 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1039 if (target->state == TARGET_HALTED)
1041 LOG_DEBUG("target was already halted");
1045 if (target->state == TARGET_UNKNOWN)
1047 LOG_WARNING("target was in unknown state when halt was requested");
1050 if (arm7_9->use_dbgrq)
1052 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1054 if (arm7_9->set_special_dbgrq) {
1055 arm7_9->set_special_dbgrq(target);
1057 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1058 embeddedice_store_reg(dbg_ctrl);
1063 /* program watchpoint unit to match on any address
1065 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1066 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1067 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1068 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1071 target->debug_reason = DBG_REASON_DBGRQ;
1076 int arm7_9_debug_entry(target_t *target)
1081 u32 r0_thumb, pc_thumb;
1084 /* get pointers to arch-specific information */
1085 armv4_5_common_t *armv4_5 = target->arch_info;
1086 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1087 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1088 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1090 #ifdef _DEBUG_ARM7_9_
1094 if (arm7_9->pre_debug_entry)
1095 arm7_9->pre_debug_entry(target);
1097 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1098 * ensure that DBGRQ is cleared
1100 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1101 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1102 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1103 embeddedice_store_reg(dbg_ctrl);
1105 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1110 if ((retval = jtag_execute_queue()) != ERROR_OK)
1115 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1119 if (target->state != TARGET_HALTED)
1121 LOG_WARNING("target not halted");
1122 return ERROR_TARGET_NOT_HALTED;
1125 /* if the target is in Thumb state, change to ARM state */
1126 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1128 LOG_DEBUG("target entered debug from Thumb state");
1129 /* Entered debug from Thumb mode */
1130 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1131 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1132 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1136 LOG_DEBUG("target entered debug from ARM state");
1137 /* Entered debug from ARM mode */
1138 armv4_5->core_state = ARMV4_5_STATE_ARM;
1141 for (i = 0; i < 16; i++)
1142 context_p[i] = &context[i];
1143 /* save core registers (r0 - r15 of current core mode) */
1144 arm7_9->read_core_regs(target, 0xffff, context_p);
1146 arm7_9->read_xpsr(target, &cpsr, 0);
1148 if ((retval = jtag_execute_queue()) != ERROR_OK)
1151 /* if the core has been executing in Thumb state, set the T bit */
1152 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1155 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1156 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1157 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1159 armv4_5->core_mode = cpsr & 0x1f;
1161 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1163 target->state = TARGET_UNKNOWN;
1164 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1165 return ERROR_TARGET_FAILURE;
1168 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1170 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1172 LOG_DEBUG("thumb state, applying fixups");
1173 context[0] = r0_thumb;
1174 context[15] = pc_thumb;
1175 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1177 /* adjust value stored by STM */
1178 context[15] -= 3 * 4;
1181 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1182 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1183 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1184 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1185 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1186 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1187 else if (target->debug_reason == DBG_REASON_DBGRQ)
1188 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1191 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1194 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1197 for (i=0; i<=15; i++)
1199 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1200 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1201 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1202 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1205 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1207 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1210 /* exceptions other than USR & SYS have a saved program status register */
1211 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1214 arm7_9->read_xpsr(target, &spsr, 1);
1215 if ((retval = jtag_execute_queue()) != ERROR_OK)
1219 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1220 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1221 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1224 /* r0 and r15 (pc) have to be restored later */
1225 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1228 if ((retval = jtag_execute_queue()) != ERROR_OK)
1231 if (arm7_9->post_debug_entry)
1232 arm7_9->post_debug_entry(target);
1237 int arm7_9_full_context(target_t *target)
1241 armv4_5_common_t *armv4_5 = target->arch_info;
1242 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1246 if (target->state != TARGET_HALTED)
1248 LOG_WARNING("target not halted");
1249 return ERROR_TARGET_NOT_HALTED;
1252 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1255 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1256 * SYS shares registers with User, so we don't touch SYS
1258 for(i = 0; i < 6; i++)
1265 /* check if there are invalid registers in the current mode
1267 for (j = 0; j <= 16; j++)
1269 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1277 /* change processor mode (and mask T bit) */
1278 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1279 tmp_cpsr |= armv4_5_number_to_mode(i);
1281 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1283 for (j = 0; j < 15; j++)
1285 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1287 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1289 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1290 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1294 /* if only the PSR is invalid, mask is all zeroes */
1296 arm7_9->read_core_regs(target, mask, reg_p);
1298 /* check if the PSR has to be read */
1299 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1301 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1302 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1303 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1308 /* restore processor mode (mask T bit) */
1309 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1311 if ((retval = jtag_execute_queue()) != ERROR_OK)
1318 int arm7_9_restore_context(target_t *target)
1320 armv4_5_common_t *armv4_5 = target->arch_info;
1321 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1323 armv4_5_core_reg_t *reg_arch_info;
1324 enum armv4_5_mode current_mode = armv4_5->core_mode;
1331 if (target->state != TARGET_HALTED)
1333 LOG_WARNING("target not halted");
1334 return ERROR_TARGET_NOT_HALTED;
1337 if (arm7_9->pre_restore_context)
1338 arm7_9->pre_restore_context(target);
1340 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1343 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1344 * SYS shares registers with User, so we don't touch SYS
1346 for (i = 0; i < 6; i++)
1348 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1351 /* check if there are dirty registers in the current mode
1353 for (j = 0; j <= 16; j++)
1355 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1356 reg_arch_info = reg->arch_info;
1357 if (reg->dirty == 1)
1359 if (reg->valid == 1)
1362 LOG_DEBUG("examining dirty reg: %s", reg->name);
1363 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1364 && (reg_arch_info->mode != current_mode)
1365 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1366 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1369 LOG_DEBUG("require mode change");
1374 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1389 /* change processor mode (mask T bit) */
1390 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1391 tmp_cpsr |= armv4_5_number_to_mode(i);
1393 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1394 current_mode = armv4_5_number_to_mode(i);
1397 for (j = 0; j <= 14; j++)
1399 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1400 reg_arch_info = reg->arch_info;
1403 if (reg->dirty == 1)
1405 regs[j] = buf_get_u32(reg->value, 0, 32);
1410 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1416 arm7_9->write_core_regs(target, mask, regs);
1419 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1420 reg_arch_info = reg->arch_info;
1421 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1423 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1424 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1429 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1431 /* restore processor mode (mask T bit) */
1434 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1435 tmp_cpsr |= armv4_5_number_to_mode(i);
1437 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1438 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1440 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1442 /* CPSR has been changed, full restore necessary (mask T bit) */
1443 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1444 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1445 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1446 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1450 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1451 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1452 armv4_5->core_cache->reg_list[15].dirty = 0;
1454 if (arm7_9->post_restore_context)
1455 arm7_9->post_restore_context(target);
1460 int arm7_9_restart_core(struct target_s *target)
1462 armv4_5_common_t *armv4_5 = target->arch_info;
1463 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1464 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1466 /* set RESTART instruction */
1467 jtag_add_end_state(TAP_RTI);
1468 if (arm7_9->need_bypass_before_restart) {
1469 arm7_9->need_bypass_before_restart = 0;
1470 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1472 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1474 jtag_add_runtest(1, TAP_RTI);
1475 return jtag_execute_queue();
1478 void arm7_9_enable_watchpoints(struct target_s *target)
1480 watchpoint_t *watchpoint = target->watchpoints;
1484 if (watchpoint->set == 0)
1485 arm7_9_set_watchpoint(target, watchpoint);
1486 watchpoint = watchpoint->next;
1490 void arm7_9_enable_breakpoints(struct target_s *target)
1492 breakpoint_t *breakpoint = target->breakpoints;
1494 /* set any pending breakpoints */
1497 arm7_9_set_breakpoint(target, breakpoint);
1498 breakpoint = breakpoint->next;
1503 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1505 armv4_5_common_t *armv4_5 = target->arch_info;
1506 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1507 breakpoint_t *breakpoint = target->breakpoints;
1508 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1509 int err, retval = ERROR_OK;
1513 if (target->state != TARGET_HALTED)
1515 LOG_WARNING("target not halted");
1516 return ERROR_TARGET_NOT_HALTED;
1519 if (!debug_execution)
1521 target_free_all_working_areas(target);
1524 /* current = 1: continue on current pc, otherwise continue at <address> */
1526 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1528 /* the front-end may request us not to handle breakpoints */
1529 if (handle_breakpoints)
1531 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1533 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1534 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1539 LOG_DEBUG("enable single-step");
1540 arm7_9->enable_single_step(target);
1542 target->debug_reason = DBG_REASON_SINGLESTEP;
1544 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1549 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1550 arm7_9->branch_resume(target);
1551 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1553 arm7_9->branch_resume_thumb(target);
1557 LOG_ERROR("unhandled core state");
1561 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1562 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1563 err = arm7_9_execute_sys_speed(target);
1565 LOG_DEBUG("disable single-step");
1566 arm7_9->disable_single_step(target);
1568 if (err != ERROR_OK)
1570 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1574 target->state = TARGET_UNKNOWN;
1578 arm7_9_debug_entry(target);
1579 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1581 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1582 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1589 /* enable any pending breakpoints and watchpoints */
1590 arm7_9_enable_breakpoints(target);
1591 arm7_9_enable_watchpoints(target);
1593 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1598 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1600 arm7_9->branch_resume(target);
1602 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1604 arm7_9->branch_resume_thumb(target);
1608 LOG_ERROR("unhandled core state");
1612 /* deassert DBGACK and INTDIS */
1613 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1614 /* INTDIS only when we really resume, not during debug execution */
1615 if (!debug_execution)
1616 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1617 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1619 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1624 target->debug_reason = DBG_REASON_NOTHALTED;
1626 if (!debug_execution)
1628 /* registers are now invalid */
1629 armv4_5_invalidate_core_regs(target);
1630 target->state = TARGET_RUNNING;
1631 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1638 target->state = TARGET_DEBUG_RUNNING;
1639 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1645 LOG_DEBUG("target resumed");
1650 void arm7_9_enable_eice_step(target_t *target)
1652 armv4_5_common_t *armv4_5 = target->arch_info;
1653 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1655 /* setup an inverse breakpoint on the current PC
1656 * - comparator 1 matches the current address
1657 * - rangeout from comparator 1 is connected to comparator 0 rangein
1658 * - comparator 0 matches any address, as long as rangein is low */
1659 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1660 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1661 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1662 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1663 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1664 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1665 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1666 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1667 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1670 void arm7_9_disable_eice_step(target_t *target)
1672 armv4_5_common_t *armv4_5 = target->arch_info;
1673 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1675 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1676 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1677 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1678 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1679 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1680 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1681 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1682 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1683 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1686 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1688 armv4_5_common_t *armv4_5 = target->arch_info;
1689 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1690 breakpoint_t *breakpoint = NULL;
1693 if (target->state != TARGET_HALTED)
1695 LOG_WARNING("target not halted");
1696 return ERROR_TARGET_NOT_HALTED;
1699 /* current = 1: continue on current pc, otherwise continue at <address> */
1701 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1703 /* the front-end may request us not to handle breakpoints */
1704 if (handle_breakpoints)
1705 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1706 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1711 target->debug_reason = DBG_REASON_SINGLESTEP;
1713 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1718 arm7_9->enable_single_step(target);
1720 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1722 arm7_9->branch_resume(target);
1724 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1726 arm7_9->branch_resume_thumb(target);
1730 LOG_ERROR("unhandled core state");
1734 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1739 err = arm7_9_execute_sys_speed(target);
1740 arm7_9->disable_single_step(target);
1742 /* registers are now invalid */
1743 armv4_5_invalidate_core_regs(target);
1745 if (err != ERROR_OK)
1747 target->state = TARGET_UNKNOWN;
1749 arm7_9_debug_entry(target);
1750 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1754 LOG_DEBUG("target stepped");
1758 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1767 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1772 armv4_5_common_t *armv4_5 = target->arch_info;
1773 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1775 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1778 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1780 if ((num < 0) || (num > 16))
1781 return ERROR_INVALID_ARGUMENTS;
1783 if ((mode != ARMV4_5_MODE_ANY)
1784 && (mode != armv4_5->core_mode)
1785 && (reg_mode != ARMV4_5_MODE_ANY))
1789 /* change processor mode (mask T bit) */
1790 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1793 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1796 if ((num >= 0) && (num <= 15))
1798 /* read a normal core register */
1799 reg_p[num] = &value;
1801 arm7_9->read_core_regs(target, 1 << num, reg_p);
1805 /* read a program status register
1806 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1808 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1809 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1811 arm7_9->read_xpsr(target, &value, spsr);
1814 if ((retval = jtag_execute_queue()) != ERROR_OK)
1819 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1820 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1821 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1823 if ((mode != ARMV4_5_MODE_ANY)
1824 && (mode != armv4_5->core_mode)
1825 && (reg_mode != ARMV4_5_MODE_ANY)) {
1826 /* restore processor mode (mask T bit) */
1827 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1834 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1837 armv4_5_common_t *armv4_5 = target->arch_info;
1838 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1840 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1843 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1845 if ((num < 0) || (num > 16))
1846 return ERROR_INVALID_ARGUMENTS;
1848 if ((mode != ARMV4_5_MODE_ANY)
1849 && (mode != armv4_5->core_mode)
1850 && (reg_mode != ARMV4_5_MODE_ANY)) {
1853 /* change processor mode (mask T bit) */
1854 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1857 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1860 if ((num >= 0) && (num <= 15))
1862 /* write a normal core register */
1865 arm7_9->write_core_regs(target, 1 << num, reg);
1869 /* write a program status register
1870 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1872 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1873 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1875 /* if we're writing the CPSR, mask the T bit */
1879 arm7_9->write_xpsr(target, value, spsr);
1882 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1883 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1885 if ((mode != ARMV4_5_MODE_ANY)
1886 && (mode != armv4_5->core_mode)
1887 && (reg_mode != ARMV4_5_MODE_ANY)) {
1888 /* restore processor mode (mask T bit) */
1889 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1892 return jtag_execute_queue();
1895 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1897 armv4_5_common_t *armv4_5 = target->arch_info;
1898 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1901 int num_accesses = 0;
1902 int thisrun_accesses;
1908 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1910 if (target->state != TARGET_HALTED)
1912 LOG_WARNING("target not halted");
1913 return ERROR_TARGET_NOT_HALTED;
1916 /* sanitize arguments */
1917 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1918 return ERROR_INVALID_ARGUMENTS;
1920 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1921 return ERROR_TARGET_UNALIGNED_ACCESS;
1923 /* load the base register with the address of the first word */
1925 arm7_9->write_core_regs(target, 0x1, reg);
1932 while (num_accesses < count)
1935 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1936 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1938 if (last_reg <= thisrun_accesses)
1939 last_reg = thisrun_accesses;
1941 arm7_9->load_word_regs(target, reg_list);
1943 /* fast memory reads are only safe when the target is running
1944 * from a sufficiently high clock (32 kHz is usually too slow)
1946 if (arm7_9->fast_memory_access)
1947 arm7_9_execute_fast_sys_speed(target);
1949 arm7_9_execute_sys_speed(target);
1951 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1953 /* advance buffer, count number of accesses */
1954 buffer += thisrun_accesses * 4;
1955 num_accesses += thisrun_accesses;
1964 while (num_accesses < count)
1967 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1968 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1970 for (i = 1; i <= thisrun_accesses; i++)
1974 arm7_9->load_hword_reg(target, i);
1975 /* fast memory reads are only safe when the target is running
1976 * from a sufficiently high clock (32 kHz is usually too slow)
1978 if (arm7_9->fast_memory_access)
1979 retval = arm7_9_execute_fast_sys_speed(target);
1981 retval = arm7_9_execute_sys_speed(target);
1982 if(retval != ERROR_OK)
1989 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1991 /* advance buffer, count number of accesses */
1992 buffer += thisrun_accesses * 2;
1993 num_accesses += thisrun_accesses;
2002 while (num_accesses < count)
2005 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2006 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2008 for (i = 1; i <= thisrun_accesses; i++)
2012 arm7_9->load_byte_reg(target, i);
2013 /* fast memory reads are only safe when the target is running
2014 * from a sufficiently high clock (32 kHz is usually too slow)
2016 if (arm7_9->fast_memory_access)
2017 retval = arm7_9_execute_fast_sys_speed(target);
2019 retval = arm7_9_execute_sys_speed(target);
2020 if(retval != ERROR_OK)
2026 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2028 /* advance buffer, count number of accesses */
2029 buffer += thisrun_accesses * 1;
2030 num_accesses += thisrun_accesses;
2039 LOG_ERROR("BUG: we shouldn't get here");
2044 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2047 for (i=0; i<=last_reg; i++)
2048 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2050 arm7_9->read_xpsr(target, &cpsr, 0);
2051 if ((retval = jtag_execute_queue()) != ERROR_OK)
2053 LOG_ERROR("JTAG error while reading cpsr");
2054 return ERROR_TARGET_DATA_ABORT;
2057 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2059 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2061 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2063 return ERROR_TARGET_DATA_ABORT;
2069 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2071 armv4_5_common_t *armv4_5 = target->arch_info;
2072 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2073 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2076 int num_accesses = 0;
2077 int thisrun_accesses;
2083 #ifdef _DEBUG_ARM7_9_
2084 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2087 if (target->state != TARGET_HALTED)
2089 LOG_WARNING("target not halted");
2090 return ERROR_TARGET_NOT_HALTED;
2093 /* sanitize arguments */
2094 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2095 return ERROR_INVALID_ARGUMENTS;
2097 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2098 return ERROR_TARGET_UNALIGNED_ACCESS;
2100 /* load the base register with the address of the first word */
2102 arm7_9->write_core_regs(target, 0x1, reg);
2104 /* Clear DBGACK, to make sure memory fetches work as expected */
2105 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2106 embeddedice_store_reg(dbg_ctrl);
2111 while (num_accesses < count)
2114 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2115 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2117 for (i = 1; i <= thisrun_accesses; i++)
2121 reg[i] = target_buffer_get_u32(target, buffer);
2125 arm7_9->write_core_regs(target, reg_list, reg);
2127 arm7_9->store_word_regs(target, reg_list);
2129 /* fast memory writes are only safe when the target is running
2130 * from a sufficiently high clock (32 kHz is usually too slow)
2132 if (arm7_9->fast_memory_access)
2133 retval = arm7_9_execute_fast_sys_speed(target);
2135 retval = arm7_9_execute_sys_speed(target);
2136 if(retval != ERROR_OK)
2141 num_accesses += thisrun_accesses;
2145 while (num_accesses < count)
2148 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2149 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2151 for (i = 1; i <= thisrun_accesses; i++)
2155 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2159 arm7_9->write_core_regs(target, reg_list, reg);
2161 for (i = 1; i <= thisrun_accesses; i++)
2163 arm7_9->store_hword_reg(target, i);
2165 /* fast memory writes are only safe when the target is running
2166 * from a sufficiently high clock (32 kHz is usually too slow)
2168 if (arm7_9->fast_memory_access)
2169 retval = arm7_9_execute_fast_sys_speed(target);
2171 retval = arm7_9_execute_sys_speed(target);
2172 if(retval != ERROR_OK)
2178 num_accesses += thisrun_accesses;
2182 while (num_accesses < count)
2185 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2186 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2188 for (i = 1; i <= thisrun_accesses; i++)
2192 reg[i] = *buffer++ & 0xff;
2195 arm7_9->write_core_regs(target, reg_list, reg);
2197 for (i = 1; i <= thisrun_accesses; i++)
2199 arm7_9->store_byte_reg(target, i);
2200 /* fast memory writes are only safe when the target is running
2201 * from a sufficiently high clock (32 kHz is usually too slow)
2203 if (arm7_9->fast_memory_access)
2204 retval = arm7_9_execute_fast_sys_speed(target);
2206 retval = arm7_9_execute_sys_speed(target);
2207 if(retval != ERROR_OK)
2214 num_accesses += thisrun_accesses;
2218 LOG_ERROR("BUG: we shouldn't get here");
2224 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2225 embeddedice_store_reg(dbg_ctrl);
2227 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2230 for (i=0; i<=last_reg; i++)
2231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2233 arm7_9->read_xpsr(target, &cpsr, 0);
2234 if ((retval = jtag_execute_queue()) != ERROR_OK)
2236 LOG_ERROR("JTAG error while reading cpsr");
2237 return ERROR_TARGET_DATA_ABORT;
2240 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2242 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2244 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2246 return ERROR_TARGET_DATA_ABORT;
2252 static int dcc_count;
2253 static u8 *dcc_buffer;
2256 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2258 int retval = ERROR_OK;
2259 armv4_5_common_t *armv4_5 = target->arch_info;
2260 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2261 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2262 int count=dcc_count;
2263 u8 *buffer=dcc_buffer;
2266 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2267 core function repeated.
2269 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2272 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2273 u8 reg_addr = ice_reg->addr & 0x1f;
2274 int chain_pos = ice_reg->jtag_info->chain_pos;
2276 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2277 buffer += (count-2)*4;
2279 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2283 for (i = 0; i < count; i++)
2285 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2290 if((retval = target_halt(target))!= ERROR_OK)
2294 return target_wait_state(target, TARGET_HALTED, 500);
2298 static const u32 dcc_code[] =
2300 /* MRC TST BNE MRC STR B */
2301 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2304 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2307 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2309 armv4_5_common_t *armv4_5 = target->arch_info;
2310 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2313 if (!arm7_9->dcc_downloads)
2314 return target->type->write_memory(target, address, 4, count, buffer);
2316 /* regrab previously allocated working_area, or allocate a new one */
2317 if (!arm7_9->dcc_working_area)
2319 u8 dcc_code_buf[6 * 4];
2321 /* make sure we have a working area */
2322 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2324 LOG_INFO("no working area available, falling back to memory writes");
2325 return target->type->write_memory(target, address, 4, count, buffer);
2328 /* copy target instructions to target endianness */
2329 for (i = 0; i < 6; i++)
2331 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2334 /* write DCC code to working area */
2335 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2338 armv4_5_algorithm_t armv4_5_info;
2339 reg_param_t reg_params[1];
2341 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2342 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2343 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2345 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2347 buf_set_u32(reg_params[0].value, 0, 32, address);
2349 //armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params,
2350 // int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info))
2354 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2355 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2357 if (retval==ERROR_OK)
2359 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2360 if (endaddress!=(address+count*4))
2362 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2367 destroy_reg_param(®_params[0]);
2372 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2374 working_area_t *crc_algorithm;
2375 armv4_5_algorithm_t armv4_5_info;
2376 reg_param_t reg_params[2];
2379 u32 arm7_9_crc_code[] = {
2380 0xE1A02000, /* mov r2, r0 */
2381 0xE3E00000, /* mov r0, #0xffffffff */
2382 0xE1A03001, /* mov r3, r1 */
2383 0xE3A04000, /* mov r4, #0 */
2384 0xEA00000B, /* b ncomp */
2386 0xE7D21004, /* ldrb r1, [r2, r4] */
2387 0xE59F7030, /* ldr r7, CRC32XOR */
2388 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2389 0xE3A05000, /* mov r5, #0 */
2391 0xE3500000, /* cmp r0, #0 */
2392 0xE1A06080, /* mov r6, r0, asl #1 */
2393 0xE2855001, /* add r5, r5, #1 */
2394 0xE1A00006, /* mov r0, r6 */
2395 0xB0260007, /* eorlt r0, r6, r7 */
2396 0xE3550008, /* cmp r5, #8 */
2397 0x1AFFFFF8, /* bne loop */
2398 0xE2844001, /* add r4, r4, #1 */
2400 0xE1540003, /* cmp r4, r3 */
2401 0x1AFFFFF1, /* bne nbyte */
2403 0xEAFFFFFE, /* b end */
2404 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2409 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2411 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2414 /* convert flash writing code into a buffer in target endianness */
2415 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2417 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2423 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2424 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2425 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2427 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2428 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2430 buf_set_u32(reg_params[0].value, 0, 32, address);
2431 buf_set_u32(reg_params[1].value, 0, 32, count);
2433 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2434 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2436 LOG_ERROR("error executing arm7_9 crc algorithm");
2437 destroy_reg_param(®_params[0]);
2438 destroy_reg_param(®_params[1]);
2439 target_free_working_area(target, crc_algorithm);
2443 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2445 destroy_reg_param(®_params[0]);
2446 destroy_reg_param(®_params[1]);
2448 target_free_working_area(target, crc_algorithm);
2453 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2455 working_area_t *erase_check_algorithm;
2456 reg_param_t reg_params[3];
2457 armv4_5_algorithm_t armv4_5_info;
2461 u32 erase_check_code[] =
2464 0xe4d03001, /* ldrb r3, [r0], #1 */
2465 0xe0022003, /* and r2, r2, r3 */
2466 0xe2511001, /* subs r1, r1, #1 */
2467 0x1afffffb, /* bne loop */
2469 0xeafffffe /* b end */
2472 /* make sure we have a working area */
2473 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2475 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2478 /* convert flash writing code into a buffer in target endianness */
2479 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2480 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i])) != ERROR_OK)
2485 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2486 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2487 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2489 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2490 buf_set_u32(reg_params[0].value, 0, 32, address);
2492 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2493 buf_set_u32(reg_params[1].value, 0, 32, count);
2495 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2496 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2498 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2499 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2501 destroy_reg_param(®_params[0]);
2502 destroy_reg_param(®_params[1]);
2503 destroy_reg_param(®_params[2]);
2504 target_free_working_area(target, erase_check_algorithm);
2508 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2510 destroy_reg_param(®_params[0]);
2511 destroy_reg_param(®_params[1]);
2512 destroy_reg_param(®_params[2]);
2514 target_free_working_area(target, erase_check_algorithm);
2519 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2521 command_t *arm7_9_cmd;
2523 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2525 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2526 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2528 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2530 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2531 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2532 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2533 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2534 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2535 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2536 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2537 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2539 armv4_5_register_commands(cmd_ctx);
2541 etm_register_commands(cmd_ctx);
2546 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2551 target_t *target = get_current_target(cmd_ctx);
2552 armv4_5_common_t *armv4_5;
2553 arm7_9_common_t *arm7_9;
2555 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2557 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2561 if (target->state != TARGET_HALTED)
2563 command_print(cmd_ctx, "can't write registers while running");
2569 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2573 value = strtoul(args[0], NULL, 0);
2574 spsr = strtol(args[1], NULL, 0);
2576 /* if we're writing the CPSR, mask the T bit */
2580 arm7_9->write_xpsr(target, value, spsr);
2581 if ((retval = jtag_execute_queue()) != ERROR_OK)
2583 LOG_ERROR("JTAG error while writing to xpsr");
2590 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2596 target_t *target = get_current_target(cmd_ctx);
2597 armv4_5_common_t *armv4_5;
2598 arm7_9_common_t *arm7_9;
2600 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2602 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2606 if (target->state != TARGET_HALTED)
2608 command_print(cmd_ctx, "can't write registers while running");
2614 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2618 value = strtoul(args[0], NULL, 0);
2619 rotate = strtol(args[1], NULL, 0);
2620 spsr = strtol(args[2], NULL, 0);
2622 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2623 if ((retval = jtag_execute_queue()) != ERROR_OK)
2625 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2632 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2637 target_t *target = get_current_target(cmd_ctx);
2638 armv4_5_common_t *armv4_5;
2639 arm7_9_common_t *arm7_9;
2641 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2643 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2647 if (target->state != TARGET_HALTED)
2649 command_print(cmd_ctx, "can't write registers while running");
2655 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2659 num = strtol(args[0], NULL, 0);
2660 mode = strtoul(args[1], NULL, 0);
2661 value = strtoul(args[2], NULL, 0);
2663 return arm7_9_write_core_reg(target, num, mode, value);
2668 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2670 target_t *target = get_current_target(cmd_ctx);
2671 armv4_5_common_t *armv4_5;
2672 arm7_9_common_t *arm7_9;
2674 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2676 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2682 if (strcmp("enable", args[0]) == 0)
2684 arm7_9->use_dbgrq = 1;
2686 else if (strcmp("disable", args[0]) == 0)
2688 arm7_9->use_dbgrq = 0;
2692 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2696 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2701 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2703 target_t *target = get_current_target(cmd_ctx);
2704 armv4_5_common_t *armv4_5;
2705 arm7_9_common_t *arm7_9;
2707 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2709 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2715 if (strcmp("enable", args[0]) == 0)
2717 arm7_9->fast_memory_access = 1;
2719 else if (strcmp("disable", args[0]) == 0)
2721 arm7_9->fast_memory_access = 0;
2725 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2729 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2734 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2736 target_t *target = get_current_target(cmd_ctx);
2737 armv4_5_common_t *armv4_5;
2738 arm7_9_common_t *arm7_9;
2740 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2742 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2748 if (strcmp("enable", args[0]) == 0)
2750 arm7_9->dcc_downloads = 1;
2752 else if (strcmp("disable", args[0]) == 0)
2754 arm7_9->dcc_downloads = 0;
2758 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2762 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2767 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2769 int retval = ERROR_OK;
2770 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2772 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2774 if((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2779 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2780 arm7_9->wp_available_max = 2;
2781 arm7_9->sw_breakpoints_added = 0;
2782 arm7_9->breakpoint_count = 0;
2783 arm7_9->wp0_used = 0;
2784 arm7_9->wp1_used = 0;
2785 arm7_9->wp1_used_default = 0;
2786 arm7_9->use_dbgrq = 0;
2788 arm7_9->etm_ctx = NULL;
2789 arm7_9->has_single_step = 0;
2790 arm7_9->has_monitor_mode = 0;
2791 arm7_9->has_vector_catch = 0;
2793 arm7_9->debug_entry_from_reset = 0;
2795 arm7_9->dcc_working_area = NULL;
2797 arm7_9->fast_memory_access = fast_and_dangerous;
2798 arm7_9->dcc_downloads = fast_and_dangerous;
2800 arm7_9->need_bypass_before_restart = 0;
2802 armv4_5->arch_info = arm7_9;
2803 armv4_5->read_core_reg = arm7_9_read_core_reg;
2804 armv4_5->write_core_reg = arm7_9_write_core_reg;
2805 armv4_5->full_context = arm7_9_full_context;
2807 if((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
2812 if((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
projects / fw / openocd / blob