1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
36 #include "arm7_9_common.h"
38 #include "time_support.h"
39 #include "arm_simulator.h"
40 #include "algorithm.h"
46 * Hold common code supporting the ARM7 and ARM9 core generations.
48 * While the ARM core implementations evolved substantially during these
49 * two generations, they look quite similar from the JTAG perspective.
50 * Both have similar debug facilities, based on the same two scan chains
51 * providing access to the core and to an EmbeddedICE module. Both can
52 * support similar ETM and ETB modules, for tracing. And both expose
53 * what could be viewed as "ARM Classic", with multiple processor modes,
54 * shadowed registers, and support for the Thumb instruction set.
56 * Processor differences include things like presence or absence of MMU
57 * and cache, pipeline sizes, use of a modified Harvard Architecure
58 * (with separate instruction and data busses from the CPU), support
59 * for cpu clock gating during idle, and more.
62 static int arm7_9_debug_entry(struct target *target);
65 * Clear watchpoints for an ARM7/9 target.
67 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
68 * @return JTAG error status after executing queue
70 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
73 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
75 arm7_9->sw_breakpoint_count = 0;
76 arm7_9->sw_breakpoints_added = 0;
78 arm7_9->wp1_used = arm7_9->wp1_used_default;
79 arm7_9->wp_available = arm7_9->wp_available_max;
81 return jtag_execute_queue();
85 * Assign a watchpoint to one of the two available hardware comparators in an
86 * ARM7 or ARM9 target.
88 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
89 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
91 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
93 if (!arm7_9->wp0_used)
97 arm7_9->wp_available--;
99 else if (!arm7_9->wp1_used)
101 arm7_9->wp1_used = 1;
103 arm7_9->wp_available--;
107 LOG_ERROR("BUG: no hardware comparator available");
109 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
110 breakpoint->unique_id,
116 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
118 * @param arm7_9 Pointer to common struct for ARM7/9 targets
119 * @return Error codes if there is a problem finding a watchpoint or the result
120 * of executing the JTAG queue
122 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
124 if (arm7_9->sw_breakpoints_added)
128 if (arm7_9->wp_available < 1)
130 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
131 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
133 arm7_9->wp_available--;
135 /* pick a breakpoint unit */
136 if (!arm7_9->wp0_used)
138 arm7_9->sw_breakpoints_added = 1;
139 arm7_9->wp0_used = 3;
140 } else if (!arm7_9->wp1_used)
142 arm7_9->sw_breakpoints_added = 2;
143 arm7_9->wp1_used = 3;
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
151 if (arm7_9->sw_breakpoints_added == 1)
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
155 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
156 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
159 else if (arm7_9->sw_breakpoints_added == 2)
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
164 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
165 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
169 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
172 LOG_DEBUG("SW BP using hw wp: %d",
173 arm7_9->sw_breakpoints_added );
175 return jtag_execute_queue();
179 * Setup the common pieces for an ARM7/9 target after reset or on startup.
181 * @param target Pointer to an ARM7/9 target to setup
182 * @return Result of clearing the watchpoints on the target
184 int arm7_9_setup(struct target *target)
186 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
188 return arm7_9_clear_watchpoints(arm7_9);
192 * Set either a hardware or software breakpoint on an ARM7/9 target. The
193 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
194 * might have erased the values in Embedded ICE.
196 * @param target Pointer to the target device to set the breakpoints on
197 * @param breakpoint Pointer to the breakpoint to be set
198 * @return For hardware breakpoints, this is the result of executing the JTAG
199 * queue. For software breakpoints, this will be the status of the
200 * required memory reads and writes
202 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
204 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
205 int retval = ERROR_OK;
207 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
208 breakpoint->unique_id,
212 if (target->state != TARGET_HALTED)
214 LOG_WARNING("target not halted");
215 return ERROR_TARGET_NOT_HALTED;
218 if (breakpoint->type == BKPT_HARD)
220 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
221 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
223 /* reassign a hw breakpoint */
224 if (breakpoint->set == 0)
226 arm7_9_assign_wp(arm7_9, breakpoint);
229 if (breakpoint->set == 1)
231 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
232 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
233 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
234 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
237 else if (breakpoint->set == 2)
239 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
240 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
247 LOG_ERROR("BUG: no hardware comparator available");
251 retval = jtag_execute_queue();
253 else if (breakpoint->type == BKPT_SOFT)
255 /* did we already set this breakpoint? */
259 if (breakpoint->length == 4)
261 uint32_t verify = 0xffffffff;
262 /* keep the original instruction in target endianness */
263 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
267 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
268 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
273 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
277 if (verify != arm7_9->arm_bkpt)
279 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
285 uint16_t verify = 0xffff;
286 /* keep the original instruction in target endianness */
287 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
291 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
292 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
297 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
301 if (verify != arm7_9->thumb_bkpt)
303 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
308 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
311 arm7_9->sw_breakpoint_count++;
320 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
321 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
322 * will be updated. Otherwise, the software breakpoint will be restored to its
323 * original instruction if it hasn't already been modified.
325 * @param target Pointer to ARM7/9 target to unset the breakpoint from
326 * @param breakpoint Pointer to breakpoint to be unset
327 * @return For hardware breakpoints, this is the result of executing the JTAG
328 * queue. For software breakpoints, this will be the status of the
329 * required memory reads and writes
331 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
333 int retval = ERROR_OK;
334 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
336 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
337 breakpoint->unique_id,
338 breakpoint->address );
340 if (!breakpoint->set)
342 LOG_WARNING("breakpoint not set");
346 if (breakpoint->type == BKPT_HARD)
348 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
349 breakpoint->unique_id,
351 if (breakpoint->set == 1)
353 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
354 arm7_9->wp0_used = 0;
355 arm7_9->wp_available++;
357 else if (breakpoint->set == 2)
359 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
360 arm7_9->wp1_used = 0;
361 arm7_9->wp_available++;
363 retval = jtag_execute_queue();
368 /* restore original instruction (kept in target endianness) */
369 if (breakpoint->length == 4)
371 uint32_t current_instr;
372 /* check that user program as not modified breakpoint instruction */
373 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)¤t_instr)) != ERROR_OK)
377 if (current_instr == arm7_9->arm_bkpt)
378 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
385 uint16_t current_instr;
386 /* check that user program as not modified breakpoint instruction */
387 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)¤t_instr)) != ERROR_OK)
391 if (current_instr == arm7_9->thumb_bkpt)
392 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
398 if (--arm7_9->sw_breakpoint_count==0)
400 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
401 if (arm7_9->sw_breakpoints_added == 1)
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
405 else if (arm7_9->sw_breakpoints_added == 2)
407 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
418 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
419 * dangling breakpoints and that the desired breakpoint can be added.
421 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
422 * @param breakpoint Pointer to the breakpoint to be added
423 * @return An error status if there is a problem adding the breakpoint or the
424 * result of setting the breakpoint
426 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
428 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
430 if (target->state != TARGET_HALTED)
432 LOG_WARNING("target not halted");
433 return ERROR_TARGET_NOT_HALTED;
436 if (arm7_9->breakpoint_count == 0)
438 /* make sure we don't have any dangling breakpoints. This is vital upon
439 * GDB connect/disconnect
441 arm7_9_clear_watchpoints(arm7_9);
444 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
446 LOG_INFO("no watchpoint unit available for hardware breakpoint");
447 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
450 if ((breakpoint->length != 2) && (breakpoint->length != 4))
452 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
453 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
456 if (breakpoint->type == BKPT_HARD)
458 arm7_9_assign_wp(arm7_9, breakpoint);
461 arm7_9->breakpoint_count++;
463 return arm7_9_set_breakpoint(target, breakpoint);
467 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
468 * dangling breakpoints and updates available watchpoints if it is a hardware
471 * @param target Pointer to the target to have a breakpoint removed
472 * @param breakpoint Pointer to the breakpoint to be removed
473 * @return Error status if there was a problem unsetting the breakpoint or the
474 * watchpoints could not be cleared
476 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
478 int retval = ERROR_OK;
479 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
481 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
486 if (breakpoint->type == BKPT_HARD)
487 arm7_9->wp_available++;
489 arm7_9->breakpoint_count--;
490 if (arm7_9->breakpoint_count == 0)
492 /* make sure we don't have any dangling breakpoints */
493 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
503 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
504 * considered a bug to call this function when there are no available watchpoint
507 * @param target Pointer to an ARM7/9 target to set a watchpoint on
508 * @param watchpoint Pointer to the watchpoint to be set
509 * @return Error status if watchpoint set fails or the result of executing the
512 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
514 int retval = ERROR_OK;
515 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
519 mask = watchpoint->length - 1;
521 if (target->state != TARGET_HALTED)
523 LOG_WARNING("target not halted");
524 return ERROR_TARGET_NOT_HALTED;
527 if (watchpoint->rw == WPT_ACCESS)
532 if (!arm7_9->wp0_used)
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
536 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
537 if (watchpoint->mask != 0xffffffffu)
538 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
539 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
540 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
542 if ((retval = jtag_execute_queue()) != ERROR_OK)
547 arm7_9->wp0_used = 2;
549 else if (!arm7_9->wp1_used)
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
552 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
553 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
554 if (watchpoint->mask != 0xffffffffu)
555 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
556 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
557 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
559 if ((retval = jtag_execute_queue()) != ERROR_OK)
564 arm7_9->wp1_used = 2;
568 LOG_ERROR("BUG: no hardware comparator available");
576 * Unset an existing watchpoint and clear the used watchpoint unit.
578 * @param target Pointer to the target to have the watchpoint removed
579 * @param watchpoint Pointer to the watchpoint to be removed
580 * @return Error status while trying to unset the watchpoint or the result of
581 * executing the JTAG queue
583 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
585 int retval = ERROR_OK;
586 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
588 if (target->state != TARGET_HALTED)
590 LOG_WARNING("target not halted");
591 return ERROR_TARGET_NOT_HALTED;
594 if (!watchpoint->set)
596 LOG_WARNING("breakpoint not set");
600 if (watchpoint->set == 1)
602 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
603 if ((retval = jtag_execute_queue()) != ERROR_OK)
607 arm7_9->wp0_used = 0;
609 else if (watchpoint->set == 2)
611 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
612 if ((retval = jtag_execute_queue()) != ERROR_OK)
616 arm7_9->wp1_used = 0;
624 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
625 * available, an error response is returned.
627 * @param target Pointer to the ARM7/9 target to add a watchpoint to
628 * @param watchpoint Pointer to the watchpoint to be added
629 * @return Error status while trying to add the watchpoint
631 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
633 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
635 if (target->state != TARGET_HALTED)
637 LOG_WARNING("target not halted");
638 return ERROR_TARGET_NOT_HALTED;
641 if (arm7_9->wp_available < 1)
643 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
646 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
648 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
651 arm7_9->wp_available--;
657 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
658 * the used watchpoint unit will be reopened.
660 * @param target Pointer to the target to remove a watchpoint from
661 * @param watchpoint Pointer to the watchpoint to be removed
662 * @return Result of trying to unset the watchpoint
664 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
666 int retval = ERROR_OK;
667 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
671 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
677 arm7_9->wp_available++;
683 * Restarts the target by sending a RESTART instruction and moving the JTAG
684 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
685 * asserted by the processor.
687 * @param target Pointer to target to issue commands to
688 * @return Error status if there is a timeout or a problem while executing the
691 int arm7_9_execute_sys_speed(struct target *target)
694 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
695 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
696 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
698 /* set RESTART instruction */
699 jtag_set_end_state(TAP_IDLE);
700 if (arm7_9->need_bypass_before_restart) {
701 arm7_9->need_bypass_before_restart = 0;
702 arm_jtag_set_instr(jtag_info, 0xf, NULL);
704 arm_jtag_set_instr(jtag_info, 0x4, NULL);
706 long long then = timeval_ms();
708 while (!(timeout = ((timeval_ms()-then) > 1000)))
710 /* read debug status register */
711 embeddedice_read_reg(dbg_stat);
712 if ((retval = jtag_execute_queue()) != ERROR_OK)
714 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
715 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
717 if (debug_level >= 3)
727 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
728 return ERROR_TARGET_TIMEOUT;
735 * Restarts the target by sending a RESTART instruction and moving the JTAG
736 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
737 * waiting until they are.
739 * @param target Pointer to the target to issue commands to
740 * @return Always ERROR_OK
742 int arm7_9_execute_fast_sys_speed(struct target *target)
745 static uint8_t check_value[4], check_mask[4];
747 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
748 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
749 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
751 /* set RESTART instruction */
752 jtag_set_end_state(TAP_IDLE);
753 if (arm7_9->need_bypass_before_restart) {
754 arm7_9->need_bypass_before_restart = 0;
755 arm_jtag_set_instr(jtag_info, 0xf, NULL);
757 arm_jtag_set_instr(jtag_info, 0x4, NULL);
761 /* check for DBGACK and SYSCOMP set (others don't care) */
763 /* NB! These are constants that must be available until after next jtag_execute() and
764 * we evaluate the values upon first execution in lieu of setting up these constants
765 * during early setup.
767 buf_set_u32(check_value, 0, 32, 0x9);
768 buf_set_u32(check_mask, 0, 32, 0x9);
772 /* read debug status register */
773 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
779 * Get some data from the ARM7/9 target.
781 * @param target Pointer to the ARM7/9 target to read data from
782 * @param size The number of 32bit words to be read
783 * @param buffer Pointer to the buffer that will hold the data
784 * @return The result of receiving data from the Embedded ICE unit
786 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
788 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
789 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
791 int retval = ERROR_OK;
794 data = malloc(size * (sizeof(uint32_t)));
796 retval = embeddedice_receive(jtag_info, data, size);
798 /* return the 32-bit ints in the 8-bit array */
799 for (i = 0; i < size; i++)
801 h_u32_to_le(buffer + (i * 4), data[i]);
810 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
811 * target is running and the DCC control register has the W bit high, this will
812 * execute the request on the target.
814 * @param priv Void pointer expected to be a struct target pointer
815 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
816 * from the Embedded ICE unit
818 int arm7_9_handle_target_request(void *priv)
820 int retval = ERROR_OK;
821 struct target *target = priv;
822 if (!target_was_examined(target))
824 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
825 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
826 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
828 if (!target->dbg_msg_enabled)
831 if (target->state == TARGET_RUNNING)
833 /* read DCC control register */
834 embeddedice_read_reg(dcc_control);
835 if ((retval = jtag_execute_queue()) != ERROR_OK)
841 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
845 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
849 if ((retval = target_request(target, request)) != ERROR_OK)
860 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
861 * is manipulated to the right halted state based on its current state. This is
865 * <tr><th > State</th><th > Action</th></tr>
866 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
867 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
868 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
869 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
872 * If the target does not end up in the halted state, a warning is produced. If
873 * DBGACK is cleared, then the target is expected to either be running or
876 * @param target Pointer to the ARM7/9 target to poll
877 * @return ERROR_OK or an error status if a command fails
879 int arm7_9_poll(struct target *target)
882 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
883 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
885 /* read debug status register */
886 embeddedice_read_reg(dbg_stat);
887 if ((retval = jtag_execute_queue()) != ERROR_OK)
892 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
894 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
895 if (target->state == TARGET_UNKNOWN)
897 /* Starting OpenOCD with target in debug-halt */
898 target->state = TARGET_RUNNING;
899 LOG_DEBUG("DBGACK already set during server startup.");
901 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
904 if (target->state == TARGET_RESET)
906 if (target->reset_halt)
908 enum reset_types jtag_reset_config = jtag_get_reset_config();
909 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
916 target->state = TARGET_HALTED;
918 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
923 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
924 uint32_t t=*((uint32_t *)reg->value);
927 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
931 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
936 if (target->state == TARGET_DEBUG_RUNNING)
938 target->state = TARGET_HALTED;
939 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
942 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
947 if (target->state != TARGET_HALTED)
949 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
954 if (target->state != TARGET_DEBUG_RUNNING)
955 target->state = TARGET_RUNNING;
962 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
963 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
964 * affected) completely stop the JTAG clock while the core is held in reset
965 * (SRST). It isn't possible to program the halt condition once reset is
966 * asserted, hence a hook that allows the target to set up its reset-halt
967 * condition is setup prior to asserting reset.
969 * @param target Pointer to an ARM7/9 target to assert reset on
970 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
972 int arm7_9_assert_reset(struct target *target)
974 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
976 LOG_DEBUG("target->state: %s",
977 target_state_name(target));
979 enum reset_types jtag_reset_config = jtag_get_reset_config();
980 if (!(jtag_reset_config & RESET_HAS_SRST))
982 LOG_ERROR("Can't assert SRST");
986 /* At this point trst has been asserted/deasserted once. We would
987 * like to program EmbeddedICE while SRST is asserted, instead of
988 * depending on SRST to leave that module alone. However, many CPUs
989 * gate the JTAG clock while SRST is asserted; or JTAG may need
990 * clock stability guarantees (adaptive clocking might help).
992 * So we assume JTAG access during SRST is off the menu unless it's
993 * been specifically enabled.
995 bool srst_asserted = false;
997 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
998 && (jtag_reset_config & RESET_SRST_NO_GATING))
1000 jtag_add_reset(0, 1);
1001 srst_asserted = true;
1004 if (target->reset_halt)
1007 * Some targets do not support communication while SRST is asserted. We need to
1008 * set up the reset vector catch here.
1010 * If TRST is asserted, then these settings will be reset anyway, so setting them
1013 if (arm7_9->has_vector_catch)
1015 /* program vector catch register to catch reset vector */
1016 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1018 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1019 jtag_add_runtest(1, jtag_get_end_state());
1023 /* program watchpoint unit to match on reset vector address */
1024 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1025 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1026 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1027 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1028 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1032 /* here we should issue an SRST only, but we may have to assert TRST as well */
1033 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1035 jtag_add_reset(1, 1);
1036 } else if (!srst_asserted)
1038 jtag_add_reset(0, 1);
1041 target->state = TARGET_RESET;
1042 jtag_add_sleep(50000);
1044 armv4_5_invalidate_core_regs(target);
1046 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1048 /* debug entry was already prepared in arm7_9_assert_reset() */
1049 target->debug_reason = DBG_REASON_DBGRQ;
1056 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1057 * and the target is being reset into a halt, a warning will be triggered
1058 * because it is not possible to reset into a halted mode in this case. The
1059 * target is halted using the target's functions.
1061 * @param target Pointer to the target to have the reset deasserted
1062 * @return ERROR_OK or an error from polling or halting the target
1064 int arm7_9_deassert_reset(struct target *target)
1066 int retval = ERROR_OK;
1067 LOG_DEBUG("target->state: %s",
1068 target_state_name(target));
1070 /* deassert reset lines */
1071 jtag_add_reset(0, 0);
1073 enum reset_types jtag_reset_config = jtag_get_reset_config();
1074 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1076 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1077 /* set up embedded ice registers again */
1078 if ((retval = target_examine_one(target)) != ERROR_OK)
1081 if ((retval = target_poll(target)) != ERROR_OK)
1086 if ((retval = target_halt(target)) != ERROR_OK)
1096 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1097 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1098 * vector catch was used, it is restored. Otherwise, the control value is
1099 * restored and the watchpoint unit is restored if it was in use.
1101 * @param target Pointer to the ARM7/9 target to have halt cleared
1102 * @return Always ERROR_OK
1104 int arm7_9_clear_halt(struct target *target)
1106 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1107 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1109 /* we used DBGRQ only if we didn't come out of reset */
1110 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1112 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1114 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1115 embeddedice_store_reg(dbg_ctrl);
1119 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1121 /* if we came out of reset, and vector catch is supported, we used
1122 * vector catch to enter debug state
1123 * restore the register in that case
1125 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1129 /* restore registers if watchpoint unit 0 was in use
1131 if (arm7_9->wp0_used)
1133 if (arm7_9->debug_entry_from_reset)
1135 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1137 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1138 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1139 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1141 /* control value always has to be restored, as it was either disabled,
1142 * or enabled with possibly different bits
1144 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1152 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1153 * and then there is a wait until the processor shows the halt. This wait can
1154 * timeout and results in an error being returned. The software reset involves
1155 * clearing the halt, updating the debug control register, changing to ARM mode,
1156 * reset of the program counter, and reset of all of the registers.
1158 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1159 * @return Error status if any of the commands fail, otherwise ERROR_OK
1161 int arm7_9_soft_reset_halt(struct target *target)
1163 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1164 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1165 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1166 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1170 /* FIX!!! replace some of this code with tcl commands
1172 * halt # the halt command is synchronous
1173 * armv4_5 core_state arm
1177 if ((retval = target_halt(target)) != ERROR_OK)
1180 long long then = timeval_ms();
1182 while (!(timeout = ((timeval_ms()-then) > 1000)))
1184 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1186 embeddedice_read_reg(dbg_stat);
1187 if ((retval = jtag_execute_queue()) != ERROR_OK)
1189 if (debug_level >= 3)
1199 LOG_ERROR("Failed to halt CPU after 1 sec");
1200 return ERROR_TARGET_TIMEOUT;
1202 target->state = TARGET_HALTED;
1204 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1205 * ensure that DBGRQ is cleared
1207 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1208 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1209 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1210 embeddedice_store_reg(dbg_ctrl);
1212 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1217 /* if the target is in Thumb state, change to ARM state */
1218 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1220 uint32_t r0_thumb, pc_thumb;
1221 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1222 /* Entered debug from Thumb mode */
1223 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1224 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1227 /* all register content is now invalid */
1228 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1233 /* SVC, ARM state, IRQ and FIQ disabled */
1234 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1235 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1236 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1238 /* start fetching from 0x0 */
1239 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1240 armv4_5->core_cache->reg_list[15].dirty = 1;
1241 armv4_5->core_cache->reg_list[15].valid = 1;
1243 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1244 armv4_5->core_state = ARMV4_5_STATE_ARM;
1246 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1249 /* reset registers */
1250 for (i = 0; i <= 14; i++)
1252 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1253 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1254 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1257 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1266 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1267 * line or by programming a watchpoint to trigger on any address. It is
1268 * considered a bug to call this function while the target is in the
1269 * TARGET_RESET state.
1271 * @param target Pointer to the ARM7/9 target to be halted
1272 * @return Always ERROR_OK
1274 int arm7_9_halt(struct target *target)
1276 if (target->state == TARGET_RESET)
1278 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1282 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1283 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1285 LOG_DEBUG("target->state: %s",
1286 target_state_name(target));
1288 if (target->state == TARGET_HALTED)
1290 LOG_DEBUG("target was already halted");
1294 if (target->state == TARGET_UNKNOWN)
1296 LOG_WARNING("target was in unknown state when halt was requested");
1299 if (arm7_9->use_dbgrq)
1301 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1303 if (arm7_9->set_special_dbgrq) {
1304 arm7_9->set_special_dbgrq(target);
1306 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1307 embeddedice_store_reg(dbg_ctrl);
1312 /* program watchpoint unit to match on any address
1314 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1315 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1316 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1317 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1320 target->debug_reason = DBG_REASON_DBGRQ;
1326 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1327 * ARM. The JTAG queue is then executed and the reason for debug entry is
1328 * examined. Once done, the target is verified to be halted and the processor
1329 * is forced into ARM mode. The core registers are saved for the current core
1330 * mode and the program counter (register 15) is updated as needed. The core
1331 * registers and CPSR and SPSR are saved for restoration later.
1333 * @param target Pointer to target that is entering debug mode
1334 * @return Error code if anything fails, otherwise ERROR_OK
1336 static int arm7_9_debug_entry(struct target *target)
1339 uint32_t context[16];
1340 uint32_t* context_p[16];
1341 uint32_t r0_thumb, pc_thumb;
1344 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1345 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1346 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1347 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1349 #ifdef _DEBUG_ARM7_9_
1353 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1354 * ensure that DBGRQ is cleared
1356 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1357 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1358 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1359 embeddedice_store_reg(dbg_ctrl);
1361 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1366 if ((retval = jtag_execute_queue()) != ERROR_OK)
1371 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1375 if (target->state != TARGET_HALTED)
1377 LOG_WARNING("target not halted");
1378 return ERROR_TARGET_NOT_HALTED;
1381 /* if the target is in Thumb state, change to ARM state */
1382 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1384 LOG_DEBUG("target entered debug from Thumb state");
1385 /* Entered debug from Thumb mode */
1386 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1387 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1388 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1392 LOG_DEBUG("target entered debug from ARM state");
1393 /* Entered debug from ARM mode */
1394 armv4_5->core_state = ARMV4_5_STATE_ARM;
1397 for (i = 0; i < 16; i++)
1398 context_p[i] = &context[i];
1399 /* save core registers (r0 - r15 of current core mode) */
1400 arm7_9->read_core_regs(target, 0xffff, context_p);
1402 arm7_9->read_xpsr(target, &cpsr, 0);
1404 if ((retval = jtag_execute_queue()) != ERROR_OK)
1407 /* if the core has been executing in Thumb state, set the T bit */
1408 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1411 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1412 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1413 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1415 armv4_5->core_mode = cpsr & 0x1f;
1417 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1419 target->state = TARGET_UNKNOWN;
1420 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1421 return ERROR_TARGET_FAILURE;
1424 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1426 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1428 LOG_DEBUG("thumb state, applying fixups");
1429 context[0] = r0_thumb;
1430 context[15] = pc_thumb;
1431 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1433 /* adjust value stored by STM */
1434 context[15] -= 3 * 4;
1437 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1438 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1440 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1442 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1445 for (i = 0; i <= 15; i++)
1447 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1448 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1449 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1450 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1453 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1455 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1458 /* exceptions other than USR & SYS have a saved program status register */
1459 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1462 arm7_9->read_xpsr(target, &spsr, 1);
1463 if ((retval = jtag_execute_queue()) != ERROR_OK)
1467 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1468 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1469 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1472 /* r0 and r15 (pc) have to be restored later */
1473 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1474 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1476 if ((retval = jtag_execute_queue()) != ERROR_OK)
1479 if (arm7_9->post_debug_entry)
1480 arm7_9->post_debug_entry(target);
1486 * Validate the full context for an ARM7/9 target in all processor modes. If
1487 * there are any invalid registers for the target, they will all be read. This
1490 * @param target Pointer to the ARM7/9 target to capture the full context from
1491 * @return Error if the target is not halted, has an invalid core mode, or if
1492 * the JTAG queue fails to execute
1494 int arm7_9_full_context(struct target *target)
1498 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1499 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1503 if (target->state != TARGET_HALTED)
1505 LOG_WARNING("target not halted");
1506 return ERROR_TARGET_NOT_HALTED;
1509 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1512 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1513 * SYS shares registers with User, so we don't touch SYS
1515 for (i = 0; i < 6; i++)
1518 uint32_t* reg_p[16];
1522 /* check if there are invalid registers in the current mode
1524 for (j = 0; j <= 16; j++)
1526 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1534 /* change processor mode (and mask T bit) */
1535 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1536 tmp_cpsr |= armv4_5_number_to_mode(i);
1538 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1540 for (j = 0; j < 15; j++)
1542 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1544 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1546 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1547 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1551 /* if only the PSR is invalid, mask is all zeroes */
1553 arm7_9->read_core_regs(target, mask, reg_p);
1555 /* check if the PSR has to be read */
1556 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1558 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1559 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1560 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1565 /* restore processor mode (mask T bit) */
1566 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1568 if ((retval = jtag_execute_queue()) != ERROR_OK)
1576 * Restore the processor context on an ARM7/9 target. The full processor
1577 * context is analyzed to see if any of the registers are dirty on this end, but
1578 * have a valid new value. If this is the case, the processor is changed to the
1579 * appropriate mode and the new register values are written out to the
1580 * processor. If there happens to be a dirty register with an invalid value, an
1581 * error will be logged.
1583 * @param target Pointer to the ARM7/9 target to have its context restored
1584 * @return Error status if the target is not halted or the core mode in the
1585 * armv4_5 struct is invalid.
1587 int arm7_9_restore_context(struct target *target)
1589 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1590 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1592 struct armv4_5_core_reg *reg_arch_info;
1593 enum armv4_5_mode current_mode = armv4_5->core_mode;
1600 if (target->state != TARGET_HALTED)
1602 LOG_WARNING("target not halted");
1603 return ERROR_TARGET_NOT_HALTED;
1606 if (arm7_9->pre_restore_context)
1607 arm7_9->pre_restore_context(target);
1609 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1612 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1613 * SYS shares registers with User, so we don't touch SYS
1615 for (i = 0; i < 6; i++)
1617 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1620 /* check if there are dirty registers in the current mode
1622 for (j = 0; j <= 16; j++)
1624 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1625 reg_arch_info = reg->arch_info;
1626 if (reg->dirty == 1)
1628 if (reg->valid == 1)
1631 LOG_DEBUG("examining dirty reg: %s", reg->name);
1632 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1633 && (reg_arch_info->mode != current_mode)
1634 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1635 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1638 LOG_DEBUG("require mode change");
1643 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1650 uint32_t mask = 0x0;
1658 /* change processor mode (mask T bit) */
1659 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1660 tmp_cpsr |= armv4_5_number_to_mode(i);
1662 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1663 current_mode = armv4_5_number_to_mode(i);
1666 for (j = 0; j <= 14; j++)
1668 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1669 reg_arch_info = reg->arch_info;
1672 if (reg->dirty == 1)
1674 regs[j] = buf_get_u32(reg->value, 0, 32);
1679 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1685 arm7_9->write_core_regs(target, mask, regs);
1688 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1689 reg_arch_info = reg->arch_info;
1690 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1692 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1693 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1698 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1700 /* restore processor mode (mask T bit) */
1703 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1704 tmp_cpsr |= armv4_5_number_to_mode(i);
1706 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1707 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1709 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1711 /* CPSR has been changed, full restore necessary (mask T bit) */
1712 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1713 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1714 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1715 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1719 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1720 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1721 armv4_5->core_cache->reg_list[15].dirty = 0;
1723 if (arm7_9->post_restore_context)
1724 arm7_9->post_restore_context(target);
1730 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1731 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1734 * @param target Pointer to the ARM7/9 target to be restarted
1735 * @return Result of executing the JTAG queue
1737 int arm7_9_restart_core(struct target *target)
1739 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1740 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1742 /* set RESTART instruction */
1743 jtag_set_end_state(TAP_IDLE);
1744 if (arm7_9->need_bypass_before_restart) {
1745 arm7_9->need_bypass_before_restart = 0;
1746 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1748 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1750 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1751 return jtag_execute_queue();
1755 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1756 * iterated through and are set on the target if they aren't already set.
1758 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1760 void arm7_9_enable_watchpoints(struct target *target)
1762 struct watchpoint *watchpoint = target->watchpoints;
1766 if (watchpoint->set == 0)
1767 arm7_9_set_watchpoint(target, watchpoint);
1768 watchpoint = watchpoint->next;
1773 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1774 * iterated through and are set on the target.
1776 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1778 void arm7_9_enable_breakpoints(struct target *target)
1780 struct breakpoint *breakpoint = target->breakpoints;
1782 /* set any pending breakpoints */
1785 arm7_9_set_breakpoint(target, breakpoint);
1786 breakpoint = breakpoint->next;
1790 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1792 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1793 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1794 struct breakpoint *breakpoint = target->breakpoints;
1795 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1796 int err, retval = ERROR_OK;
1800 if (target->state != TARGET_HALTED)
1802 LOG_WARNING("target not halted");
1803 return ERROR_TARGET_NOT_HALTED;
1806 if (!debug_execution)
1808 target_free_all_working_areas(target);
1811 /* current = 1: continue on current pc, otherwise continue at <address> */
1813 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1815 uint32_t current_pc;
1816 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1818 /* the front-end may request us not to handle breakpoints */
1819 if (handle_breakpoints)
1821 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1823 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1824 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1829 /* calculate PC of next instruction */
1831 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1833 uint32_t current_opcode;
1834 target_read_u32(target, current_pc, ¤t_opcode);
1835 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1839 LOG_DEBUG("enable single-step");
1840 arm7_9->enable_single_step(target, next_pc);
1842 target->debug_reason = DBG_REASON_SINGLESTEP;
1844 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1849 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1850 arm7_9->branch_resume(target);
1851 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1853 arm7_9->branch_resume_thumb(target);
1857 LOG_ERROR("unhandled core state");
1861 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1862 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1863 err = arm7_9_execute_sys_speed(target);
1865 LOG_DEBUG("disable single-step");
1866 arm7_9->disable_single_step(target);
1868 if (err != ERROR_OK)
1870 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1874 target->state = TARGET_UNKNOWN;
1878 arm7_9_debug_entry(target);
1879 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1881 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1882 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1889 /* enable any pending breakpoints and watchpoints */
1890 arm7_9_enable_breakpoints(target);
1891 arm7_9_enable_watchpoints(target);
1893 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1898 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1900 arm7_9->branch_resume(target);
1902 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1904 arm7_9->branch_resume_thumb(target);
1908 LOG_ERROR("unhandled core state");
1912 /* deassert DBGACK and INTDIS */
1913 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1914 /* INTDIS only when we really resume, not during debug execution */
1915 if (!debug_execution)
1916 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1917 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1919 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1924 target->debug_reason = DBG_REASON_NOTHALTED;
1926 if (!debug_execution)
1928 /* registers are now invalid */
1929 armv4_5_invalidate_core_regs(target);
1930 target->state = TARGET_RUNNING;
1931 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1938 target->state = TARGET_DEBUG_RUNNING;
1939 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1945 LOG_DEBUG("target resumed");
1950 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1952 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1953 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1954 uint32_t current_pc;
1955 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1957 if (next_pc != current_pc)
1959 /* setup an inverse breakpoint on the current PC
1960 * - comparator 1 matches the current address
1961 * - rangeout from comparator 1 is connected to comparator 0 rangein
1962 * - comparator 0 matches any address, as long as rangein is low */
1963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1987 void arm7_9_disable_eice_step(struct target *target)
1989 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1991 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1992 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1993 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1996 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1997 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2002 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
2004 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2005 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2006 struct breakpoint *breakpoint = NULL;
2009 if (target->state != TARGET_HALTED)
2011 LOG_WARNING("target not halted");
2012 return ERROR_TARGET_NOT_HALTED;
2015 /* current = 1: continue on current pc, otherwise continue at <address> */
2017 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2019 uint32_t current_pc;
2020 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2022 /* the front-end may request us not to handle breakpoints */
2023 if (handle_breakpoints)
2024 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2025 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2030 target->debug_reason = DBG_REASON_SINGLESTEP;
2032 /* calculate PC of next instruction */
2034 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2036 uint32_t current_opcode;
2037 target_read_u32(target, current_pc, ¤t_opcode);
2038 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2042 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2047 arm7_9->enable_single_step(target, next_pc);
2049 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2051 arm7_9->branch_resume(target);
2053 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2055 arm7_9->branch_resume_thumb(target);
2059 LOG_ERROR("unhandled core state");
2063 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2068 err = arm7_9_execute_sys_speed(target);
2069 arm7_9->disable_single_step(target);
2071 /* registers are now invalid */
2072 armv4_5_invalidate_core_regs(target);
2074 if (err != ERROR_OK)
2076 target->state = TARGET_UNKNOWN;
2078 arm7_9_debug_entry(target);
2079 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2083 LOG_DEBUG("target stepped");
2087 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2095 int arm7_9_read_core_reg(struct target *target, int num, enum armv4_5_mode mode)
2097 uint32_t* reg_p[16];
2100 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2101 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2103 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2106 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2108 if ((num < 0) || (num > 16))
2109 return ERROR_INVALID_ARGUMENTS;
2111 if ((mode != ARMV4_5_MODE_ANY)
2112 && (mode != armv4_5->core_mode)
2113 && (reg_mode != ARMV4_5_MODE_ANY))
2117 /* change processor mode (mask T bit) */
2118 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2121 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2124 if ((num >= 0) && (num <= 15))
2126 /* read a normal core register */
2127 reg_p[num] = &value;
2129 arm7_9->read_core_regs(target, 1 << num, reg_p);
2133 /* read a program status register
2134 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2136 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2137 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2139 arm7_9->read_xpsr(target, &value, spsr);
2142 if ((retval = jtag_execute_queue()) != ERROR_OK)
2147 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2148 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2149 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2151 if ((mode != ARMV4_5_MODE_ANY)
2152 && (mode != armv4_5->core_mode)
2153 && (reg_mode != ARMV4_5_MODE_ANY)) {
2154 /* restore processor mode (mask T bit) */
2155 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2161 int arm7_9_write_core_reg(struct target *target, int num, enum armv4_5_mode mode, uint32_t value)
2164 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2165 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2167 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2170 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2172 if ((num < 0) || (num > 16))
2173 return ERROR_INVALID_ARGUMENTS;
2175 if ((mode != ARMV4_5_MODE_ANY)
2176 && (mode != armv4_5->core_mode)
2177 && (reg_mode != ARMV4_5_MODE_ANY)) {
2180 /* change processor mode (mask T bit) */
2181 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2184 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2187 if ((num >= 0) && (num <= 15))
2189 /* write a normal core register */
2192 arm7_9->write_core_regs(target, 1 << num, reg);
2196 /* write a program status register
2197 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2199 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2200 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2202 /* if we're writing the CPSR, mask the T bit */
2206 arm7_9->write_xpsr(target, value, spsr);
2209 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2210 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2212 if ((mode != ARMV4_5_MODE_ANY)
2213 && (mode != armv4_5->core_mode)
2214 && (reg_mode != ARMV4_5_MODE_ANY)) {
2215 /* restore processor mode (mask T bit) */
2216 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2219 return jtag_execute_queue();
2222 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2224 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2225 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2227 uint32_t num_accesses = 0;
2228 int thisrun_accesses;
2234 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2236 if (target->state != TARGET_HALTED)
2238 LOG_WARNING("target not halted");
2239 return ERROR_TARGET_NOT_HALTED;
2242 /* sanitize arguments */
2243 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2244 return ERROR_INVALID_ARGUMENTS;
2246 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2247 return ERROR_TARGET_UNALIGNED_ACCESS;
2249 /* load the base register with the address of the first word */
2251 arm7_9->write_core_regs(target, 0x1, reg);
2258 while (num_accesses < count)
2261 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2262 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2264 if (last_reg <= thisrun_accesses)
2265 last_reg = thisrun_accesses;
2267 arm7_9->load_word_regs(target, reg_list);
2269 /* fast memory reads are only safe when the target is running
2270 * from a sufficiently high clock (32 kHz is usually too slow)
2272 if (arm7_9->fast_memory_access)
2273 retval = arm7_9_execute_fast_sys_speed(target);
2275 retval = arm7_9_execute_sys_speed(target);
2276 if (retval != ERROR_OK)
2279 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2281 /* advance buffer, count number of accesses */
2282 buffer += thisrun_accesses * 4;
2283 num_accesses += thisrun_accesses;
2285 if ((j++%1024) == 0)
2292 while (num_accesses < count)
2295 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2296 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2298 for (i = 1; i <= thisrun_accesses; i++)
2302 arm7_9->load_hword_reg(target, i);
2303 /* fast memory reads are only safe when the target is running
2304 * from a sufficiently high clock (32 kHz is usually too slow)
2306 if (arm7_9->fast_memory_access)
2307 retval = arm7_9_execute_fast_sys_speed(target);
2309 retval = arm7_9_execute_sys_speed(target);
2310 if (retval != ERROR_OK)
2317 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2319 /* advance buffer, count number of accesses */
2320 buffer += thisrun_accesses * 2;
2321 num_accesses += thisrun_accesses;
2323 if ((j++%1024) == 0)
2330 while (num_accesses < count)
2333 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2334 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2336 for (i = 1; i <= thisrun_accesses; i++)
2340 arm7_9->load_byte_reg(target, i);
2341 /* fast memory reads are only safe when the target is running
2342 * from a sufficiently high clock (32 kHz is usually too slow)
2344 if (arm7_9->fast_memory_access)
2345 retval = arm7_9_execute_fast_sys_speed(target);
2347 retval = arm7_9_execute_sys_speed(target);
2348 if (retval != ERROR_OK)
2354 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2356 /* advance buffer, count number of accesses */
2357 buffer += thisrun_accesses * 1;
2358 num_accesses += thisrun_accesses;
2360 if ((j++%1024) == 0)
2367 LOG_ERROR("BUG: we shouldn't get here");
2372 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2375 for (i = 0; i <= last_reg; i++)
2376 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2378 arm7_9->read_xpsr(target, &cpsr, 0);
2379 if ((retval = jtag_execute_queue()) != ERROR_OK)
2381 LOG_ERROR("JTAG error while reading cpsr");
2382 return ERROR_TARGET_DATA_ABORT;
2385 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2387 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2389 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2391 return ERROR_TARGET_DATA_ABORT;
2397 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2399 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2400 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2401 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2404 uint32_t num_accesses = 0;
2405 int thisrun_accesses;
2411 #ifdef _DEBUG_ARM7_9_
2412 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2415 if (target->state != TARGET_HALTED)
2417 LOG_WARNING("target not halted");
2418 return ERROR_TARGET_NOT_HALTED;
2421 /* sanitize arguments */
2422 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2423 return ERROR_INVALID_ARGUMENTS;
2425 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2426 return ERROR_TARGET_UNALIGNED_ACCESS;
2428 /* load the base register with the address of the first word */
2430 arm7_9->write_core_regs(target, 0x1, reg);
2432 /* Clear DBGACK, to make sure memory fetches work as expected */
2433 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2434 embeddedice_store_reg(dbg_ctrl);
2439 while (num_accesses < count)
2442 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2443 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2445 for (i = 1; i <= thisrun_accesses; i++)
2449 reg[i] = target_buffer_get_u32(target, buffer);
2453 arm7_9->write_core_regs(target, reg_list, reg);
2455 arm7_9->store_word_regs(target, reg_list);
2457 /* fast memory writes are only safe when the target is running
2458 * from a sufficiently high clock (32 kHz is usually too slow)
2460 if (arm7_9->fast_memory_access)
2461 retval = arm7_9_execute_fast_sys_speed(target);
2463 retval = arm7_9_execute_sys_speed(target);
2464 if (retval != ERROR_OK)
2469 num_accesses += thisrun_accesses;
2473 while (num_accesses < count)
2476 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2477 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2479 for (i = 1; i <= thisrun_accesses; i++)
2483 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2487 arm7_9->write_core_regs(target, reg_list, reg);
2489 for (i = 1; i <= thisrun_accesses; i++)
2491 arm7_9->store_hword_reg(target, i);
2493 /* fast memory writes are only safe when the target is running
2494 * from a sufficiently high clock (32 kHz is usually too slow)
2496 if (arm7_9->fast_memory_access)
2497 retval = arm7_9_execute_fast_sys_speed(target);
2499 retval = arm7_9_execute_sys_speed(target);
2500 if (retval != ERROR_OK)
2506 num_accesses += thisrun_accesses;
2510 while (num_accesses < count)
2513 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2514 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2516 for (i = 1; i <= thisrun_accesses; i++)
2520 reg[i] = *buffer++ & 0xff;
2523 arm7_9->write_core_regs(target, reg_list, reg);
2525 for (i = 1; i <= thisrun_accesses; i++)
2527 arm7_9->store_byte_reg(target, i);
2528 /* fast memory writes are only safe when the target is running
2529 * from a sufficiently high clock (32 kHz is usually too slow)
2531 if (arm7_9->fast_memory_access)
2532 retval = arm7_9_execute_fast_sys_speed(target);
2534 retval = arm7_9_execute_sys_speed(target);
2535 if (retval != ERROR_OK)
2542 num_accesses += thisrun_accesses;
2546 LOG_ERROR("BUG: we shouldn't get here");
2552 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2553 embeddedice_store_reg(dbg_ctrl);
2555 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2558 for (i = 0; i <= last_reg; i++)
2559 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2561 arm7_9->read_xpsr(target, &cpsr, 0);
2562 if ((retval = jtag_execute_queue()) != ERROR_OK)
2564 LOG_ERROR("JTAG error while reading cpsr");
2565 return ERROR_TARGET_DATA_ABORT;
2568 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2570 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2572 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2574 return ERROR_TARGET_DATA_ABORT;
2580 static int dcc_count;
2581 static uint8_t *dcc_buffer;
2583 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2585 int retval = ERROR_OK;
2586 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2588 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2591 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2592 int count = dcc_count;
2593 uint8_t *buffer = dcc_buffer;
2596 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2597 * core function repeated. */
2598 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2601 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2602 uint8_t reg_addr = ice_reg->addr & 0x1f;
2603 struct jtag_tap *tap;
2604 tap = ice_reg->jtag_info->tap;
2606 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2607 buffer += (count-2)*4;
2609 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2613 for (i = 0; i < count; i++)
2615 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2620 if ((retval = target_halt(target))!= ERROR_OK)
2624 return target_wait_state(target, TARGET_HALTED, 500);
2627 static const uint32_t dcc_code[] =
2629 /* r0 == input, points to memory buffer
2633 /* spin until DCC control (c0) reports data arrived */
2634 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2635 0xe3110001, /* tst r1, #1 */
2636 0x0afffffc, /* bne w */
2638 /* read word from DCC (c1), write to memory */
2639 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2640 0xe4801004, /* str r1, [r0], #4 */
2643 0xeafffff9 /* b w */
2646 int armv4_5_run_algorithm_inner(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2648 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2651 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2654 if (!arm7_9->dcc_downloads)
2655 return target_write_memory(target, address, 4, count, buffer);
2657 /* regrab previously allocated working_area, or allocate a new one */
2658 if (!arm7_9->dcc_working_area)
2660 uint8_t dcc_code_buf[6 * 4];
2662 /* make sure we have a working area */
2663 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2665 LOG_INFO("no working area available, falling back to memory writes");
2666 return target_write_memory(target, address, 4, count, buffer);
2669 /* copy target instructions to target endianness */
2670 for (i = 0; i < 6; i++)
2672 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2675 /* write DCC code to working area */
2676 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2682 struct armv4_5_algorithm armv4_5_info;
2683 struct reg_param reg_params[1];
2685 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2686 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2687 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2689 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2691 buf_set_u32(reg_params[0].value, 0, 32, address);
2694 dcc_buffer = buffer;
2695 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2696 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2698 if (retval == ERROR_OK)
2700 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2701 if (endaddress != (address + count*4))
2703 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2704 retval = ERROR_FAIL;
2708 destroy_reg_param(®_params[0]);
2714 * Perform per-target setup that requires JTAG access.
2716 int arm7_9_examine(struct target *target)
2718 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2721 if (!target_was_examined(target)) {
2722 struct reg_cache *t, **cache_p;
2724 t = embeddedice_build_reg_cache(target, arm7_9);
2728 cache_p = register_get_last_cache_p(&target->reg_cache);
2730 arm7_9->eice_cache = (*cache_p);
2732 if (arm7_9->armv4_5_common.etm)
2733 (*cache_p)->next = etm_build_reg_cache(target,
2735 arm7_9->armv4_5_common.etm);
2737 target_set_examined(target);
2740 retval = embeddedice_setup(target);
2741 if (retval == ERROR_OK)
2742 retval = arm7_9_setup(target);
2743 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2744 retval = etm_setup(target);
2749 COMMAND_HANDLER(handle_arm7_9_write_xpsr_command)
2754 struct target *target = get_current_target(cmd_ctx);
2755 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2757 if (!is_arm7_9(arm7_9))
2759 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2760 return ERROR_TARGET_INVALID;
2763 if (target->state != TARGET_HALTED)
2765 command_print(cmd_ctx, "can't write registers while running");
2771 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2775 COMMAND_PARSE_NUMBER(u32, args[0], value);
2776 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2778 /* if we're writing the CPSR, mask the T bit */
2782 arm7_9->write_xpsr(target, value, spsr);
2783 if ((retval = jtag_execute_queue()) != ERROR_OK)
2785 LOG_ERROR("JTAG error while writing to xpsr");
2792 COMMAND_HANDLER(handle_arm7_9_write_xpsr_im8_command)
2798 struct target *target = get_current_target(cmd_ctx);
2799 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2801 if (!is_arm7_9(arm7_9))
2803 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2804 return ERROR_TARGET_INVALID;
2807 if (target->state != TARGET_HALTED)
2809 command_print(cmd_ctx, "can't write registers while running");
2815 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2819 COMMAND_PARSE_NUMBER(u32, args[0], value);
2820 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2821 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2823 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2824 if ((retval = jtag_execute_queue()) != ERROR_OK)
2826 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2833 COMMAND_HANDLER(handle_arm7_9_write_core_reg_command)
2838 struct target *target = get_current_target(cmd_ctx);
2839 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2841 if (!is_arm7_9(arm7_9))
2843 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2844 return ERROR_TARGET_INVALID;
2847 if (target->state != TARGET_HALTED)
2849 command_print(cmd_ctx, "can't write registers while running");
2855 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2859 COMMAND_PARSE_NUMBER(int, args[0], num);
2860 COMMAND_PARSE_NUMBER(u32, args[1], mode);
2861 COMMAND_PARSE_NUMBER(u32, args[2], value);
2863 return arm7_9_write_core_reg(target, num, mode, value);
2866 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2868 struct target *target = get_current_target(cmd_ctx);
2869 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2871 if (!is_arm7_9(arm7_9))
2873 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2874 return ERROR_TARGET_INVALID;
2879 if (strcmp("enable", args[0]) == 0)
2881 arm7_9->use_dbgrq = 1;
2883 else if (strcmp("disable", args[0]) == 0)
2885 arm7_9->use_dbgrq = 0;
2889 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
2893 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2898 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2900 struct target *target = get_current_target(cmd_ctx);
2901 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2903 if (!is_arm7_9(arm7_9))
2905 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2906 return ERROR_TARGET_INVALID;
2911 if (strcmp("enable", args[0]) == 0)
2913 arm7_9->fast_memory_access = 1;
2915 else if (strcmp("disable", args[0]) == 0)
2917 arm7_9->fast_memory_access = 0;
2921 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
2925 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2930 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2932 struct target *target = get_current_target(cmd_ctx);
2933 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2935 if (!is_arm7_9(arm7_9))
2937 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2938 return ERROR_TARGET_INVALID;
2943 if (strcmp("enable", args[0]) == 0)
2945 arm7_9->dcc_downloads = 1;
2947 else if (strcmp("disable", args[0]) == 0)
2949 arm7_9->dcc_downloads = 0;
2953 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
2957 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2962 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2964 int retval = ERROR_OK;
2965 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2967 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2969 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2972 /* caller must have allocated via calloc(), so everything's zeroed */
2974 arm7_9->wp_available_max = 2;
2976 arm7_9->fast_memory_access = fast_and_dangerous;
2977 arm7_9->dcc_downloads = fast_and_dangerous;
2979 armv4_5->arch_info = arm7_9;
2980 armv4_5->read_core_reg = arm7_9_read_core_reg;
2981 armv4_5->write_core_reg = arm7_9_write_core_reg;
2982 armv4_5->full_context = arm7_9_full_context;
2984 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
2987 return target_register_timer_callback(arm7_9_handle_target_request,
2991 int arm7_9_register_commands(struct command_context *cmd_ctx)
2993 struct command *arm7_9_cmd;
2995 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9",
2996 NULL, COMMAND_ANY, "arm7/9 specific commands");
2998 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr",
2999 handle_arm7_9_write_xpsr_command, COMMAND_EXEC,
3000 "write program status register <value> <not cpsr | spsr>");
3001 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8",
3002 handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC,
3003 "write program status register "
3004 "<8bit immediate> <rotate> <not cpsr | spsr>");
3006 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg",
3007 handle_arm7_9_write_core_reg_command, COMMAND_EXEC,
3008 "write core register <num> <mode> <value>");
3010 register_command(cmd_ctx, arm7_9_cmd, "dbgrq",
3011 handle_arm7_9_dbgrq_command, COMMAND_ANY,
3012 "use EmbeddedICE dbgrq instead of breakpoint "
3013 "for target halt requests <enable | disable>");
3014 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access",
3015 handle_arm7_9_fast_memory_access_command, COMMAND_ANY,
3016 "use fast memory accesses instead of slower "
3017 "but potentially safer accesses <enable | disable>");
3018 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads",
3019 handle_arm7_9_dcc_downloads_command, COMMAND_ANY,
3020 "use DCC downloads for larger memory writes <enable | disable>");
3022 armv4_5_register_commands(cmd_ctx);
3024 etm_register_commands(cmd_ctx);
projects / fw / openocd / blob