1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
24 #include "replacements.h"
26 #include "embeddedice.h"
28 #include "target_request.h"
33 #include "arm7_9_common.h"
34 #include "breakpoints.h"
40 #include <sys/types.h>
45 int arm7_9_debug_entry(target_t *target);
46 int arm7_9_enable_sw_bkpts(struct target_s *target);
48 /* command handler forward declarations */
49 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int arm7_9_reinit_embeddedice(target_t *target)
62 armv4_5_common_t *armv4_5 = target->arch_info;
63 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
65 breakpoint_t *breakpoint = target->breakpoints;
67 arm7_9->wp_available = 2;
71 /* mark all hardware breakpoints as unset */
74 if (breakpoint->type == BKPT_HARD)
78 breakpoint = breakpoint->next;
81 if (arm7_9->sw_bkpts_enabled && arm7_9->sw_bkpts_use_wp)
83 arm7_9->sw_bkpts_enabled = 0;
84 arm7_9_enable_sw_bkpts(target);
90 /* set things up after a reset / on startup */
91 int arm7_9_setup(target_t *target)
93 /* a test-logic reset have occured
94 * the EmbeddedICE registers have been reset
95 * hardware breakpoints have been cleared
97 return arm7_9_reinit_embeddedice(target);
100 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
102 armv4_5_common_t *armv4_5 = target->arch_info;
103 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
105 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
110 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
115 *armv4_5_p = armv4_5;
121 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
123 armv4_5_common_t *armv4_5 = target->arch_info;
124 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
126 if (target->state != TARGET_HALTED)
128 LOG_WARNING("target not halted");
129 return ERROR_TARGET_NOT_HALTED;
132 if (arm7_9->force_hw_bkpts)
133 breakpoint->type = BKPT_HARD;
137 LOG_WARNING("breakpoint already set");
141 if (breakpoint->type == BKPT_HARD)
143 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
144 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
145 if (!arm7_9->wp0_used)
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
153 jtag_execute_queue();
154 arm7_9->wp0_used = 1;
157 else if (!arm7_9->wp1_used)
159 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
160 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
165 jtag_execute_queue();
166 arm7_9->wp1_used = 1;
171 LOG_ERROR("BUG: no hardware comparator available");
175 else if (breakpoint->type == BKPT_SOFT)
177 if (breakpoint->length == 4)
179 u32 verify = 0xffffffff;
180 /* keep the original instruction in target endianness */
181 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
182 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
183 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
185 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
186 if (verify != arm7_9->arm_bkpt)
188 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x", breakpoint->address);
195 /* keep the original instruction in target endianness */
196 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
197 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
198 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
200 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
201 if (verify != arm7_9->thumb_bkpt)
203 LOG_ERROR("Unable to set thumb software breakpoint at address %08x", breakpoint->address);
214 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
216 armv4_5_common_t *armv4_5 = target->arch_info;
217 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
219 if (target->state != TARGET_HALTED)
221 LOG_WARNING("target not halted");
222 return ERROR_TARGET_NOT_HALTED;
225 if (!breakpoint->set)
227 LOG_WARNING("breakpoint not set");
231 if (breakpoint->type == BKPT_HARD)
233 if (breakpoint->set == 1)
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
236 jtag_execute_queue();
237 arm7_9->wp0_used = 0;
239 else if (breakpoint->set == 2)
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
242 jtag_execute_queue();
243 arm7_9->wp1_used = 0;
249 /* restore original instruction (kept in target endianness) */
250 if (breakpoint->length == 4)
253 /* check that user program as not modified breakpoint instruction */
254 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
255 if (current_instr==arm7_9->arm_bkpt)
256 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
261 /* check that user program as not modified breakpoint instruction */
262 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
263 if (current_instr==arm7_9->thumb_bkpt)
264 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
272 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
274 armv4_5_common_t *armv4_5 = target->arch_info;
275 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
277 if (target->state != TARGET_HALTED)
279 LOG_WARNING("target not halted");
280 return ERROR_TARGET_NOT_HALTED;
283 if (arm7_9->force_hw_bkpts)
285 LOG_DEBUG("forcing use of hardware breakpoint at address 0x%8.8x", breakpoint->address);
286 breakpoint->type = BKPT_HARD;
289 if ((breakpoint->type == BKPT_SOFT) && (arm7_9->sw_bkpts_enabled == 0))
291 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
292 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
295 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
297 LOG_INFO("no watchpoint unit available for hardware breakpoint");
298 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
301 if ((breakpoint->length != 2) && (breakpoint->length != 4))
303 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
304 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
307 if (breakpoint->type == BKPT_HARD)
308 arm7_9->wp_available--;
313 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
315 armv4_5_common_t *armv4_5 = target->arch_info;
316 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
318 if (target->state != TARGET_HALTED)
320 LOG_WARNING("target not halted");
321 return ERROR_TARGET_NOT_HALTED;
326 arm7_9_unset_breakpoint(target, breakpoint);
329 if (breakpoint->type == BKPT_HARD)
330 arm7_9->wp_available++;
335 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
337 armv4_5_common_t *armv4_5 = target->arch_info;
338 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
342 mask = watchpoint->length - 1;
344 if (target->state != TARGET_HALTED)
346 LOG_WARNING("target not halted");
347 return ERROR_TARGET_NOT_HALTED;
350 if (watchpoint->rw == WPT_ACCESS)
355 if (!arm7_9->wp0_used)
357 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
358 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
359 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
360 if( watchpoint->mask != 0xffffffffu )
361 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
363 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
365 jtag_execute_queue();
367 arm7_9->wp0_used = 2;
369 else if (!arm7_9->wp1_used)
371 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
372 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
373 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
374 if( watchpoint->mask != 0xffffffffu )
375 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
376 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
377 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
379 jtag_execute_queue();
381 arm7_9->wp1_used = 2;
385 LOG_ERROR("BUG: no hardware comparator available");
392 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
394 armv4_5_common_t *armv4_5 = target->arch_info;
395 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
397 if (target->state != TARGET_HALTED)
399 LOG_WARNING("target not halted");
400 return ERROR_TARGET_NOT_HALTED;
403 if (!watchpoint->set)
405 LOG_WARNING("breakpoint not set");
409 if (watchpoint->set == 1)
411 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
412 jtag_execute_queue();
413 arm7_9->wp0_used = 0;
415 else if (watchpoint->set == 2)
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
418 jtag_execute_queue();
419 arm7_9->wp1_used = 0;
426 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
428 armv4_5_common_t *armv4_5 = target->arch_info;
429 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
431 if (target->state != TARGET_HALTED)
433 LOG_WARNING("target not halted");
434 return ERROR_TARGET_NOT_HALTED;
437 if (arm7_9->wp_available < 1)
439 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
442 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
444 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
447 arm7_9->wp_available--;
452 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
457 if (target->state != TARGET_HALTED)
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
465 arm7_9_unset_watchpoint(target, watchpoint);
468 arm7_9->wp_available++;
473 int arm7_9_enable_sw_bkpts(struct target_s *target)
475 armv4_5_common_t *armv4_5 = target->arch_info;
476 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
479 if (arm7_9->sw_bkpts_enabled)
482 if (arm7_9->wp_available < 1)
484 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
485 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
487 arm7_9->wp_available--;
489 if (!arm7_9->wp0_used)
491 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
492 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
493 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
494 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
495 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
496 arm7_9->sw_bkpts_enabled = 1;
497 arm7_9->wp0_used = 3;
499 else if (!arm7_9->wp1_used)
501 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
502 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
503 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
505 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
506 arm7_9->sw_bkpts_enabled = 2;
507 arm7_9->wp1_used = 3;
511 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
515 if ((retval = jtag_execute_queue()) != ERROR_OK)
517 LOG_ERROR("error writing EmbeddedICE registers to enable sw breakpoints");
524 int arm7_9_disable_sw_bkpts(struct target_s *target)
526 armv4_5_common_t *armv4_5 = target->arch_info;
527 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
529 if (!arm7_9->sw_bkpts_enabled)
532 if (arm7_9->sw_bkpts_enabled == 1)
534 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
535 arm7_9->sw_bkpts_enabled = 0;
536 arm7_9->wp0_used = 0;
537 arm7_9->wp_available++;
539 else if (arm7_9->sw_bkpts_enabled == 2)
541 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
542 arm7_9->sw_bkpts_enabled = 0;
543 arm7_9->wp1_used = 0;
544 arm7_9->wp_available++;
550 int arm7_9_execute_sys_speed(struct target_s *target)
555 armv4_5_common_t *armv4_5 = target->arch_info;
556 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
557 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
558 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
560 /* set RESTART instruction */
561 jtag_add_end_state(TAP_RTI);
562 arm_jtag_set_instr(jtag_info, 0x4, NULL);
564 for (timeout=0; timeout<50; timeout++)
566 /* read debug status register */
567 embeddedice_read_reg(dbg_stat);
568 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
571 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
577 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
578 return ERROR_TARGET_TIMEOUT;
584 int arm7_9_execute_fast_sys_speed(struct target_s *target)
587 static u8 check_value[4], check_mask[4];
589 armv4_5_common_t *armv4_5 = target->arch_info;
590 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
591 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
592 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
594 /* set RESTART instruction */
595 jtag_add_end_state(TAP_RTI);
596 arm_jtag_set_instr(jtag_info, 0x4, NULL);
600 /* check for DBGACK and SYSCOMP set (others don't care) */
602 /* NB! These are constants that must be available until after next jtag_execute() and
603 we evaluate the values upon first execution in lieu of setting up these constants
606 buf_set_u32(check_value, 0, 32, 0x9);
607 buf_set_u32(check_mask, 0, 32, 0x9);
611 /* read debug status register */
612 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
617 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
619 armv4_5_common_t *armv4_5 = target->arch_info;
620 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
621 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
625 data = malloc(size * (sizeof(u32)));
627 embeddedice_receive(jtag_info, data, size);
629 for (i = 0; i < size; i++)
631 h_u32_to_le(buffer + (i * 4), data[i]);
639 int arm7_9_handle_target_request(void *priv)
641 target_t *target = priv;
642 if (!target->type->examined)
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
647 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
650 if (!target->dbg_msg_enabled)
653 if (target->state == TARGET_RUNNING)
655 /* read DCC control register */
656 embeddedice_read_reg(dcc_control);
657 jtag_execute_queue();
660 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
664 embeddedice_receive(jtag_info, &request, 1);
665 target_request(target, request);
672 int arm7_9_poll(target_t *target)
675 armv4_5_common_t *armv4_5 = target->arch_info;
676 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
677 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
679 /* read debug status register */
680 embeddedice_read_reg(dbg_stat);
681 if ((retval = jtag_execute_queue()) != ERROR_OK)
686 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
688 LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));
689 if (target->state == TARGET_UNKNOWN)
691 target->state = TARGET_RUNNING;
692 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
694 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
696 target->state = TARGET_HALTED;
697 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
700 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
702 if (target->state == TARGET_DEBUG_RUNNING)
704 target->state = TARGET_HALTED;
705 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
708 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
710 if (target->state != TARGET_HALTED)
712 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
717 if (target->state != TARGET_DEBUG_RUNNING)
718 target->state = TARGET_RUNNING;
725 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
726 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
727 while the core is held in reset(SRST). It isn't possible to program the halt
728 condition once reset was asserted, hence a hook that allows the target to set
729 up its reset-halt condition prior to asserting reset.
732 int arm7_9_assert_reset(target_t *target)
734 armv4_5_common_t *armv4_5 = target->arch_info;
735 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
736 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
738 if (!(jtag_reset_config & RESET_HAS_SRST))
740 LOG_ERROR("Can't assert SRST");
744 if ((target->reset_mode == RESET_HALT) || (target->reset_mode == RESET_INIT))
747 * Some targets do not support communication while SRST is asserted. We need to
748 * set up the reset vector catch here.
750 * If TRST is asserted, then these settings will be reset anyway, so setting them
753 if (arm7_9->has_vector_catch)
755 /* program vector catch register to catch reset vector */
756 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
760 /* program watchpoint unit to match on reset vector address */
761 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
762 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
763 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
764 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
768 /* here we should issue a srst only, but we may have to assert trst as well */
769 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
771 jtag_add_reset(1, 1);
774 jtag_add_reset(0, 1);
778 target->state = TARGET_RESET;
779 jtag_add_sleep(50000);
781 armv4_5_invalidate_core_regs(target);
787 int arm7_9_deassert_reset(target_t *target)
789 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
791 /* deassert reset lines */
792 jtag_add_reset(0, 0);
797 int arm7_9_clear_halt(target_t *target)
799 armv4_5_common_t *armv4_5 = target->arch_info;
800 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
801 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
803 /* we used DBGRQ only if we didn't come out of reset */
804 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
806 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
808 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
809 embeddedice_store_reg(dbg_ctrl);
813 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
815 /* if we came out of reset, and vector catch is supported, we used
816 * vector catch to enter debug state
817 * restore the register in that case
819 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
823 /* restore registers if watchpoint unit 0 was in use
825 if (arm7_9->wp0_used)
827 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
828 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
829 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
831 /* control value always has to be restored, as it was either disabled,
832 * or enabled with possibly different bits
834 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
841 int arm7_9_soft_reset_halt(struct target_s *target)
843 armv4_5_common_t *armv4_5 = target->arch_info;
844 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
845 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
846 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
850 if ((retval=target_halt(target))!=ERROR_OK)
855 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
857 embeddedice_read_reg(dbg_stat);
858 if ((retval=jtag_execute_queue())!=ERROR_OK)
860 /* do not eat all CPU, time out after 1 se*/
866 LOG_ERROR("Failed to halt CPU after 1 sec");
867 return ERROR_TARGET_TIMEOUT;
869 target->state = TARGET_HALTED;
871 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
872 * ensure that DBGRQ is cleared
874 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
875 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
876 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
877 embeddedice_store_reg(dbg_ctrl);
879 arm7_9_clear_halt(target);
881 /* if the target is in Thumb state, change to ARM state */
882 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
884 u32 r0_thumb, pc_thumb;
885 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
886 /* Entered debug from Thumb mode */
887 armv4_5->core_state = ARMV4_5_STATE_THUMB;
888 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
891 /* all register content is now invalid */
892 armv4_5_invalidate_core_regs(target);
894 /* SVC, ARM state, IRQ and FIQ disabled */
895 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
896 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
897 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
899 /* start fetching from 0x0 */
900 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
901 armv4_5->core_cache->reg_list[15].dirty = 1;
902 armv4_5->core_cache->reg_list[15].valid = 1;
904 armv4_5->core_mode = ARMV4_5_MODE_SVC;
905 armv4_5->core_state = ARMV4_5_STATE_ARM;
907 /* reset registers */
908 for (i = 0; i <= 14; i++)
910 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
911 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
912 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
915 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
920 int arm7_9_halt(target_t *target)
922 armv4_5_common_t *armv4_5 = target->arch_info;
923 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
924 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
926 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
928 if (target->state == TARGET_HALTED)
930 LOG_DEBUG("target was already halted");
934 if (target->state == TARGET_UNKNOWN)
936 LOG_WARNING("target was in unknown state when halt was requested");
939 if (target->state == TARGET_RESET)
941 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) && jtag_srst)
943 LOG_ERROR("can't request a halt while in reset if nSRST pulls nTRST");
944 return ERROR_TARGET_FAILURE;
948 /* we came here in a reset_halt or reset_init sequence
949 * debug entry was already prepared in arm7_9_prepare_reset_halt()
951 target->debug_reason = DBG_REASON_DBGRQ;
957 if (arm7_9->use_dbgrq)
959 /* program EmbeddedICE Debug Control Register to assert DBGRQ
961 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
962 embeddedice_store_reg(dbg_ctrl);
966 /* program watchpoint unit to match on any address
968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
974 target->debug_reason = DBG_REASON_DBGRQ;
979 int arm7_9_debug_entry(target_t *target)
984 u32 r0_thumb, pc_thumb;
987 /* get pointers to arch-specific information */
988 armv4_5_common_t *armv4_5 = target->arch_info;
989 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
990 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
991 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
993 #ifdef _DEBUG_ARM7_9_
997 if (arm7_9->pre_debug_entry)
998 arm7_9->pre_debug_entry(target);
1000 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1001 * ensure that DBGRQ is cleared
1003 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1004 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1005 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1006 embeddedice_store_reg(dbg_ctrl);
1008 arm7_9_clear_halt(target);
1010 if ((retval = jtag_execute_queue()) != ERROR_OK)
1014 case ERROR_JTAG_QUEUE_FAILED:
1015 LOG_ERROR("JTAG queue failed while writing EmbeddedICE control register");
1023 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1027 if (target->state != TARGET_HALTED)
1029 LOG_WARNING("target not halted");
1030 return ERROR_TARGET_NOT_HALTED;
1033 /* if the target is in Thumb state, change to ARM state */
1034 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1036 LOG_DEBUG("target entered debug from Thumb state");
1037 /* Entered debug from Thumb mode */
1038 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1039 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1040 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1044 LOG_DEBUG("target entered debug from ARM state");
1045 /* Entered debug from ARM mode */
1046 armv4_5->core_state = ARMV4_5_STATE_ARM;
1049 for (i = 0; i < 16; i++)
1050 context_p[i] = &context[i];
1051 /* save core registers (r0 - r15 of current core mode) */
1052 arm7_9->read_core_regs(target, 0xffff, context_p);
1054 arm7_9->read_xpsr(target, &cpsr, 0);
1056 if ((retval = jtag_execute_queue()) != ERROR_OK)
1059 /* if the core has been executing in Thumb state, set the T bit */
1060 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1063 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1064 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1065 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1067 armv4_5->core_mode = cpsr & 0x1f;
1069 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1071 target->state = TARGET_UNKNOWN;
1072 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1073 return ERROR_TARGET_FAILURE;
1076 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1078 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1080 LOG_DEBUG("thumb state, applying fixups");
1081 context[0] = r0_thumb;
1082 context[15] = pc_thumb;
1083 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1085 /* adjust value stored by STM */
1086 context[15] -= 3 * 4;
1089 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1090 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1091 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1092 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1093 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1094 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1095 else if (target->debug_reason == DBG_REASON_DBGRQ)
1096 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1099 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1103 for (i=0; i<=15; i++)
1105 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1106 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1107 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1108 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1111 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1113 /* exceptions other than USR & SYS have a saved program status register */
1114 if ((armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_USR) && (armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_SYS))
1117 arm7_9->read_xpsr(target, &spsr, 1);
1118 jtag_execute_queue();
1119 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1120 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1121 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1124 /* r0 and r15 (pc) have to be restored later */
1125 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1126 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1128 if ((retval = jtag_execute_queue()) != ERROR_OK)
1131 if (arm7_9->post_debug_entry)
1132 arm7_9->post_debug_entry(target);
1137 int arm7_9_full_context(target_t *target)
1141 armv4_5_common_t *armv4_5 = target->arch_info;
1142 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1146 if (target->state != TARGET_HALTED)
1148 LOG_WARNING("target not halted");
1149 return ERROR_TARGET_NOT_HALTED;
1152 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1153 * SYS shares registers with User, so we don't touch SYS
1155 for(i = 0; i < 6; i++)
1162 /* check if there are invalid registers in the current mode
1164 for (j = 0; j <= 16; j++)
1166 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1174 /* change processor mode (and mask T bit) */
1175 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1176 tmp_cpsr |= armv4_5_number_to_mode(i);
1178 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1180 for (j = 0; j < 15; j++)
1182 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1184 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1186 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1187 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1191 /* if only the PSR is invalid, mask is all zeroes */
1193 arm7_9->read_core_regs(target, mask, reg_p);
1195 /* check if the PSR has to be read */
1196 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1198 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1199 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1200 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1205 /* restore processor mode (mask T bit) */
1206 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1208 if ((retval = jtag_execute_queue()) != ERROR_OK)
1215 int arm7_9_restore_context(target_t *target)
1217 armv4_5_common_t *armv4_5 = target->arch_info;
1218 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1220 armv4_5_core_reg_t *reg_arch_info;
1221 enum armv4_5_mode current_mode = armv4_5->core_mode;
1228 if (target->state != TARGET_HALTED)
1230 LOG_WARNING("target not halted");
1231 return ERROR_TARGET_NOT_HALTED;
1234 if (arm7_9->pre_restore_context)
1235 arm7_9->pre_restore_context(target);
1237 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1238 * SYS shares registers with User, so we don't touch SYS
1240 for (i = 0; i < 6; i++)
1242 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1245 /* check if there are dirty registers in the current mode
1247 for (j = 0; j <= 16; j++)
1249 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1250 reg_arch_info = reg->arch_info;
1251 if (reg->dirty == 1)
1253 if (reg->valid == 1)
1256 LOG_DEBUG("examining dirty reg: %s", reg->name);
1257 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1258 && (reg_arch_info->mode != current_mode)
1259 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1260 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1263 LOG_DEBUG("require mode change");
1268 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1283 /* change processor mode (mask T bit) */
1284 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1285 tmp_cpsr |= armv4_5_number_to_mode(i);
1287 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1288 current_mode = armv4_5_number_to_mode(i);
1291 for (j = 0; j <= 14; j++)
1293 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1294 reg_arch_info = reg->arch_info;
1297 if (reg->dirty == 1)
1299 regs[j] = buf_get_u32(reg->value, 0, 32);
1304 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1310 arm7_9->write_core_regs(target, mask, regs);
1313 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1314 reg_arch_info = reg->arch_info;
1315 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1317 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1318 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1323 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1325 /* restore processor mode (mask T bit) */
1328 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1329 tmp_cpsr |= armv4_5_number_to_mode(i);
1331 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1332 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1334 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1336 /* CPSR has been changed, full restore necessary (mask T bit) */
1337 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1338 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1339 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1340 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1344 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1345 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1346 armv4_5->core_cache->reg_list[15].dirty = 0;
1348 if (arm7_9->post_restore_context)
1349 arm7_9->post_restore_context(target);
1354 int arm7_9_restart_core(struct target_s *target)
1356 armv4_5_common_t *armv4_5 = target->arch_info;
1357 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1358 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1360 /* set RESTART instruction */
1361 jtag_add_end_state(TAP_RTI);
1362 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1364 jtag_add_runtest(1, TAP_RTI);
1365 return jtag_execute_queue();
1368 void arm7_9_enable_watchpoints(struct target_s *target)
1370 watchpoint_t *watchpoint = target->watchpoints;
1374 if (watchpoint->set == 0)
1375 arm7_9_set_watchpoint(target, watchpoint);
1376 watchpoint = watchpoint->next;
1380 void arm7_9_enable_breakpoints(struct target_s *target)
1382 breakpoint_t *breakpoint = target->breakpoints;
1384 /* set any pending breakpoints */
1387 if (breakpoint->set == 0)
1388 arm7_9_set_breakpoint(target, breakpoint);
1389 breakpoint = breakpoint->next;
1393 void arm7_9_disable_bkpts_and_wpts(struct target_s *target)
1395 breakpoint_t *breakpoint = target->breakpoints;
1396 watchpoint_t *watchpoint = target->watchpoints;
1398 /* set any pending breakpoints */
1401 if (breakpoint->set != 0)
1402 arm7_9_unset_breakpoint(target, breakpoint);
1403 breakpoint = breakpoint->next;
1408 if (watchpoint->set != 0)
1409 arm7_9_unset_watchpoint(target, watchpoint);
1410 watchpoint = watchpoint->next;
1414 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1416 armv4_5_common_t *armv4_5 = target->arch_info;
1417 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1418 breakpoint_t *breakpoint = target->breakpoints;
1419 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1424 if (target->state != TARGET_HALTED)
1426 LOG_WARNING("target not halted");
1427 return ERROR_TARGET_NOT_HALTED;
1430 if (!debug_execution)
1432 target_free_all_working_areas(target);
1435 /* current = 1: continue on current pc, otherwise continue at <address> */
1437 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1439 /* the front-end may request us not to handle breakpoints */
1440 if (handle_breakpoints)
1442 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1444 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1445 arm7_9_unset_breakpoint(target, breakpoint);
1447 LOG_DEBUG("enable single-step");
1448 arm7_9->enable_single_step(target);
1450 target->debug_reason = DBG_REASON_SINGLESTEP;
1452 arm7_9_restore_context(target);
1454 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1455 arm7_9->branch_resume(target);
1456 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1458 arm7_9->branch_resume_thumb(target);
1462 LOG_ERROR("unhandled core state");
1466 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1467 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1468 err = arm7_9_execute_sys_speed(target);
1470 LOG_DEBUG("disable single-step");
1471 arm7_9->disable_single_step(target);
1473 if (err != ERROR_OK)
1475 arm7_9_set_breakpoint(target, breakpoint);
1476 target->state = TARGET_UNKNOWN;
1480 arm7_9_debug_entry(target);
1481 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1483 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1484 arm7_9_set_breakpoint(target, breakpoint);
1488 /* enable any pending breakpoints and watchpoints */
1489 arm7_9_enable_breakpoints(target);
1490 arm7_9_enable_watchpoints(target);
1492 arm7_9_restore_context(target);
1494 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1496 arm7_9->branch_resume(target);
1498 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1500 arm7_9->branch_resume_thumb(target);
1504 LOG_ERROR("unhandled core state");
1508 /* deassert DBGACK and INTDIS */
1509 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1510 /* INTDIS only when we really resume, not during debug execution */
1511 if (!debug_execution)
1512 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1513 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1515 arm7_9_restart_core(target);
1517 target->debug_reason = DBG_REASON_NOTHALTED;
1519 if (!debug_execution)
1521 /* registers are now invalid */
1522 armv4_5_invalidate_core_regs(target);
1523 target->state = TARGET_RUNNING;
1524 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1528 target->state = TARGET_DEBUG_RUNNING;
1529 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1532 LOG_DEBUG("target resumed");
1537 void arm7_9_enable_eice_step(target_t *target)
1539 armv4_5_common_t *armv4_5 = target->arch_info;
1540 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1542 /* setup an inverse breakpoint on the current PC
1543 * - comparator 1 matches the current address
1544 * - rangeout from comparator 1 is connected to comparator 0 rangein
1545 * - comparator 0 matches any address, as long as rangein is low */
1546 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1547 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1548 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
1549 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0x77);
1550 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1551 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1552 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1553 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1554 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xf7);
1557 void arm7_9_disable_eice_step(target_t *target)
1559 armv4_5_common_t *armv4_5 = target->arch_info;
1560 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1562 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1563 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1564 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1565 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1566 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1567 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1568 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1569 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1570 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1573 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1575 armv4_5_common_t *armv4_5 = target->arch_info;
1576 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1577 breakpoint_t *breakpoint = NULL;
1580 if (target->state != TARGET_HALTED)
1582 LOG_WARNING("target not halted");
1583 return ERROR_TARGET_NOT_HALTED;
1586 /* current = 1: continue on current pc, otherwise continue at <address> */
1588 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1590 /* the front-end may request us not to handle breakpoints */
1591 if (handle_breakpoints)
1592 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1593 arm7_9_unset_breakpoint(target, breakpoint);
1595 target->debug_reason = DBG_REASON_SINGLESTEP;
1597 arm7_9_restore_context(target);
1599 arm7_9->enable_single_step(target);
1601 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1603 arm7_9->branch_resume(target);
1605 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1607 arm7_9->branch_resume_thumb(target);
1611 LOG_ERROR("unhandled core state");
1615 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1617 err = arm7_9_execute_sys_speed(target);
1618 arm7_9->disable_single_step(target);
1620 /* registers are now invalid */
1621 armv4_5_invalidate_core_regs(target);
1623 if (err != ERROR_OK)
1625 target->state = TARGET_UNKNOWN;
1627 arm7_9_debug_entry(target);
1628 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1629 LOG_DEBUG("target stepped");
1633 arm7_9_set_breakpoint(target, breakpoint);
1639 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1644 armv4_5_common_t *armv4_5 = target->arch_info;
1645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1646 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1648 if ((num < 0) || (num > 16))
1649 return ERROR_INVALID_ARGUMENTS;
1651 if ((mode != ARMV4_5_MODE_ANY)
1652 && (mode != armv4_5->core_mode)
1653 && (reg_mode != ARMV4_5_MODE_ANY))
1657 /* change processor mode (mask T bit) */
1658 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1661 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1664 if ((num >= 0) && (num <= 15))
1666 /* read a normal core register */
1667 reg_p[num] = &value;
1669 arm7_9->read_core_regs(target, 1 << num, reg_p);
1673 /* read a program status register
1674 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1676 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1677 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1679 arm7_9->read_xpsr(target, &value, spsr);
1682 if ((retval = jtag_execute_queue()) != ERROR_OK)
1687 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1688 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1689 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1691 if ((mode != ARMV4_5_MODE_ANY)
1692 && (mode != armv4_5->core_mode)
1693 && (reg_mode != ARMV4_5_MODE_ANY)) {
1694 /* restore processor mode (mask T bit) */
1695 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1702 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1705 armv4_5_common_t *armv4_5 = target->arch_info;
1706 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1707 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1709 if ((num < 0) || (num > 16))
1710 return ERROR_INVALID_ARGUMENTS;
1712 if ((mode != ARMV4_5_MODE_ANY)
1713 && (mode != armv4_5->core_mode)
1714 && (reg_mode != ARMV4_5_MODE_ANY)) {
1717 /* change processor mode (mask T bit) */
1718 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1721 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1724 if ((num >= 0) && (num <= 15))
1726 /* write a normal core register */
1729 arm7_9->write_core_regs(target, 1 << num, reg);
1733 /* write a program status register
1734 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1736 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1737 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1739 /* if we're writing the CPSR, mask the T bit */
1743 arm7_9->write_xpsr(target, value, spsr);
1746 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1747 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1749 if ((mode != ARMV4_5_MODE_ANY)
1750 && (mode != armv4_5->core_mode)
1751 && (reg_mode != ARMV4_5_MODE_ANY)) {
1752 /* restore processor mode (mask T bit) */
1753 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1756 return jtag_execute_queue();
1759 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1761 armv4_5_common_t *armv4_5 = target->arch_info;
1762 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1765 int num_accesses = 0;
1766 int thisrun_accesses;
1772 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1774 if (target->state != TARGET_HALTED)
1776 LOG_WARNING("target not halted");
1777 return ERROR_TARGET_NOT_HALTED;
1780 /* sanitize arguments */
1781 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1782 return ERROR_INVALID_ARGUMENTS;
1784 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1785 return ERROR_TARGET_UNALIGNED_ACCESS;
1787 /* load the base register with the address of the first word */
1789 arm7_9->write_core_regs(target, 0x1, reg);
1794 while (num_accesses < count)
1797 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1798 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1800 if (last_reg <= thisrun_accesses)
1801 last_reg = thisrun_accesses;
1803 arm7_9->load_word_regs(target, reg_list);
1805 /* fast memory reads are only safe when the target is running
1806 * from a sufficiently high clock (32 kHz is usually too slow)
1808 if (arm7_9->fast_memory_access)
1809 arm7_9_execute_fast_sys_speed(target);
1811 arm7_9_execute_sys_speed(target);
1813 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1815 /* advance buffer, count number of accesses */
1816 buffer += thisrun_accesses * 4;
1817 num_accesses += thisrun_accesses;
1821 while (num_accesses < count)
1824 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1825 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1827 for (i = 1; i <= thisrun_accesses; i++)
1831 arm7_9->load_hword_reg(target, i);
1832 /* fast memory reads are only safe when the target is running
1833 * from a sufficiently high clock (32 kHz is usually too slow)
1835 if (arm7_9->fast_memory_access)
1836 arm7_9_execute_fast_sys_speed(target);
1838 arm7_9_execute_sys_speed(target);
1841 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1843 /* advance buffer, count number of accesses */
1844 buffer += thisrun_accesses * 2;
1845 num_accesses += thisrun_accesses;
1849 while (num_accesses < count)
1852 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1853 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1855 for (i = 1; i <= thisrun_accesses; i++)
1859 arm7_9->load_byte_reg(target, i);
1860 /* fast memory reads are only safe when the target is running
1861 * from a sufficiently high clock (32 kHz is usually too slow)
1863 if (arm7_9->fast_memory_access)
1864 arm7_9_execute_fast_sys_speed(target);
1866 arm7_9_execute_sys_speed(target);
1869 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1871 /* advance buffer, count number of accesses */
1872 buffer += thisrun_accesses * 1;
1873 num_accesses += thisrun_accesses;
1877 LOG_ERROR("BUG: we shouldn't get here");
1882 for (i=0; i<=last_reg; i++)
1883 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1885 arm7_9->read_xpsr(target, &cpsr, 0);
1886 if ((retval = jtag_execute_queue()) != ERROR_OK)
1888 LOG_ERROR("JTAG error while reading cpsr");
1889 return ERROR_TARGET_DATA_ABORT;
1892 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1894 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1896 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1898 return ERROR_TARGET_DATA_ABORT;
1904 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1906 armv4_5_common_t *armv4_5 = target->arch_info;
1907 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1908 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1911 int num_accesses = 0;
1912 int thisrun_accesses;
1918 #ifdef _DEBUG_ARM7_9_
1919 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1922 if (target->state != TARGET_HALTED)
1924 LOG_WARNING("target not halted");
1925 return ERROR_TARGET_NOT_HALTED;
1928 /* sanitize arguments */
1929 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1930 return ERROR_INVALID_ARGUMENTS;
1932 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1933 return ERROR_TARGET_UNALIGNED_ACCESS;
1935 /* load the base register with the address of the first word */
1937 arm7_9->write_core_regs(target, 0x1, reg);
1939 /* Clear DBGACK, to make sure memory fetches work as expected */
1940 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1941 embeddedice_store_reg(dbg_ctrl);
1946 while (num_accesses < count)
1949 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1950 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1952 for (i = 1; i <= thisrun_accesses; i++)
1956 reg[i] = target_buffer_get_u32(target, buffer);
1960 arm7_9->write_core_regs(target, reg_list, reg);
1962 arm7_9->store_word_regs(target, reg_list);
1964 /* fast memory writes are only safe when the target is running
1965 * from a sufficiently high clock (32 kHz is usually too slow)
1967 if (arm7_9->fast_memory_access)
1968 arm7_9_execute_fast_sys_speed(target);
1970 arm7_9_execute_sys_speed(target);
1972 num_accesses += thisrun_accesses;
1976 while (num_accesses < count)
1979 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1980 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1982 for (i = 1; i <= thisrun_accesses; i++)
1986 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
1990 arm7_9->write_core_regs(target, reg_list, reg);
1992 for (i = 1; i <= thisrun_accesses; i++)
1994 arm7_9->store_hword_reg(target, i);
1996 /* fast memory writes are only safe when the target is running
1997 * from a sufficiently high clock (32 kHz is usually too slow)
1999 if (arm7_9->fast_memory_access)
2000 arm7_9_execute_fast_sys_speed(target);
2002 arm7_9_execute_sys_speed(target);
2005 num_accesses += thisrun_accesses;
2009 while (num_accesses < count)
2012 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2013 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2015 for (i = 1; i <= thisrun_accesses; i++)
2019 reg[i] = *buffer++ & 0xff;
2022 arm7_9->write_core_regs(target, reg_list, reg);
2024 for (i = 1; i <= thisrun_accesses; i++)
2026 arm7_9->store_byte_reg(target, i);
2027 /* fast memory writes are only safe when the target is running
2028 * from a sufficiently high clock (32 kHz is usually too slow)
2030 if (arm7_9->fast_memory_access)
2031 arm7_9_execute_fast_sys_speed(target);
2033 arm7_9_execute_sys_speed(target);
2036 num_accesses += thisrun_accesses;
2040 LOG_ERROR("BUG: we shouldn't get here");
2046 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2047 embeddedice_store_reg(dbg_ctrl);
2049 for (i=0; i<=last_reg; i++)
2050 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2052 arm7_9->read_xpsr(target, &cpsr, 0);
2053 if ((retval = jtag_execute_queue()) != ERROR_OK)
2055 LOG_ERROR("JTAG error while reading cpsr");
2056 return ERROR_TARGET_DATA_ABORT;
2059 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2061 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2063 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2065 return ERROR_TARGET_DATA_ABORT;
2071 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2073 armv4_5_common_t *armv4_5 = target->arch_info;
2074 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2075 enum armv4_5_state core_state = armv4_5->core_state;
2076 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2077 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2078 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2083 /* MRC TST BNE MRC STR B */
2084 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2087 if (!arm7_9->dcc_downloads)
2088 return target->type->write_memory(target, address, 4, count, buffer);
2090 /* regrab previously allocated working_area, or allocate a new one */
2091 if (!arm7_9->dcc_working_area)
2093 u8 dcc_code_buf[6 * 4];
2095 /* make sure we have a working area */
2096 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2098 LOG_INFO("no working area available, falling back to memory writes");
2099 return target->type->write_memory(target, address, 4, count, buffer);
2102 /* copy target instructions to target endianness */
2103 for (i = 0; i < 6; i++)
2105 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2108 /* write DCC code to working area */
2109 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2112 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2113 armv4_5->core_cache->reg_list[0].valid = 1;
2114 armv4_5->core_cache->reg_list[0].dirty = 1;
2115 armv4_5->core_state = ARMV4_5_STATE_ARM;
2117 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2119 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2122 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2123 core function repeated.
2125 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2128 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2129 u8 reg_addr = ice_reg->addr & 0x1f;
2130 int chain_pos = ice_reg->jtag_info->chain_pos;
2131 /* we want the compiler to duplicate the code, which it does not
2136 for (i = 1; i < count - 1; i++)
2138 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2143 for (i = 1; i < count - 1; i++)
2145 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2149 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2152 for (i = 0; i < count; i++)
2154 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2159 target_halt(target);
2161 for (i=0; i<100; i++)
2163 target_poll(target);
2164 if (target->state == TARGET_HALTED)
2166 usleep(1000); /* sleep 1ms */
2170 LOG_ERROR("bulk write timed out, target not halted");
2171 return ERROR_TARGET_TIMEOUT;
2174 /* restore target state */
2175 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2176 armv4_5->core_cache->reg_list[0].valid = 1;
2177 armv4_5->core_cache->reg_list[0].dirty = 1;
2178 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2179 armv4_5->core_cache->reg_list[1].valid = 1;
2180 armv4_5->core_cache->reg_list[1].dirty = 1;
2181 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2182 armv4_5->core_cache->reg_list[15].valid = 1;
2183 armv4_5->core_cache->reg_list[15].dirty = 1;
2184 armv4_5->core_state = core_state;
2189 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2191 working_area_t *crc_algorithm;
2192 armv4_5_algorithm_t armv4_5_info;
2193 reg_param_t reg_params[2];
2196 u32 arm7_9_crc_code[] = {
2197 0xE1A02000, /* mov r2, r0 */
2198 0xE3E00000, /* mov r0, #0xffffffff */
2199 0xE1A03001, /* mov r3, r1 */
2200 0xE3A04000, /* mov r4, #0 */
2201 0xEA00000B, /* b ncomp */
2203 0xE7D21004, /* ldrb r1, [r2, r4] */
2204 0xE59F7030, /* ldr r7, CRC32XOR */
2205 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2206 0xE3A05000, /* mov r5, #0 */
2208 0xE3500000, /* cmp r0, #0 */
2209 0xE1A06080, /* mov r6, r0, asl #1 */
2210 0xE2855001, /* add r5, r5, #1 */
2211 0xE1A00006, /* mov r0, r6 */
2212 0xB0260007, /* eorlt r0, r6, r7 */
2213 0xE3550008, /* cmp r5, #8 */
2214 0x1AFFFFF8, /* bne loop */
2215 0xE2844001, /* add r4, r4, #1 */
2217 0xE1540003, /* cmp r4, r3 */
2218 0x1AFFFFF1, /* bne nbyte */
2220 0xEAFFFFFE, /* b end */
2221 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2226 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2228 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2231 /* convert flash writing code into a buffer in target endianness */
2232 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2233 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2235 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2236 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2237 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2239 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2240 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2242 buf_set_u32(reg_params[0].value, 0, 32, address);
2243 buf_set_u32(reg_params[1].value, 0, 32, count);
2245 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2246 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2248 LOG_ERROR("error executing arm7_9 crc algorithm");
2249 destroy_reg_param(®_params[0]);
2250 destroy_reg_param(®_params[1]);
2251 target_free_working_area(target, crc_algorithm);
2255 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2257 destroy_reg_param(®_params[0]);
2258 destroy_reg_param(®_params[1]);
2260 target_free_working_area(target, crc_algorithm);
2265 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2267 command_t *arm7_9_cmd;
2269 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2271 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2272 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2274 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2276 register_command(cmd_ctx, arm7_9_cmd, "sw_bkpts", handle_arm7_9_sw_bkpts_command, COMMAND_EXEC, "support for software breakpoints <enable|disable>");
2277 register_command(cmd_ctx, arm7_9_cmd, "force_hw_bkpts", handle_arm7_9_force_hw_bkpts_command, COMMAND_EXEC, "use hardware breakpoints for all breakpoints (disables sw breakpoint support) <enable|disable>");
2278 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2279 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2280 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2281 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2282 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2283 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2284 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2285 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2287 armv4_5_register_commands(cmd_ctx);
2289 etm_register_commands(cmd_ctx);
2294 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2299 target_t *target = get_current_target(cmd_ctx);
2300 armv4_5_common_t *armv4_5;
2301 arm7_9_common_t *arm7_9;
2303 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2305 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2309 if (target->state != TARGET_HALTED)
2311 command_print(cmd_ctx, "can't write registers while running");
2317 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2321 value = strtoul(args[0], NULL, 0);
2322 spsr = strtol(args[1], NULL, 0);
2324 /* if we're writing the CPSR, mask the T bit */
2328 arm7_9->write_xpsr(target, value, spsr);
2329 if ((retval = jtag_execute_queue()) != ERROR_OK)
2331 LOG_ERROR("JTAG error while writing to xpsr");
2338 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2344 target_t *target = get_current_target(cmd_ctx);
2345 armv4_5_common_t *armv4_5;
2346 arm7_9_common_t *arm7_9;
2348 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2350 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2354 if (target->state != TARGET_HALTED)
2356 command_print(cmd_ctx, "can't write registers while running");
2362 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2366 value = strtoul(args[0], NULL, 0);
2367 rotate = strtol(args[1], NULL, 0);
2368 spsr = strtol(args[2], NULL, 0);
2370 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2371 if ((retval = jtag_execute_queue()) != ERROR_OK)
2373 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2380 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2385 target_t *target = get_current_target(cmd_ctx);
2386 armv4_5_common_t *armv4_5;
2387 arm7_9_common_t *arm7_9;
2389 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2391 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2395 if (target->state != TARGET_HALTED)
2397 command_print(cmd_ctx, "can't write registers while running");
2403 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2407 num = strtol(args[0], NULL, 0);
2408 mode = strtoul(args[1], NULL, 0);
2409 value = strtoul(args[2], NULL, 0);
2411 arm7_9_write_core_reg(target, num, mode, value);
2416 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2418 target_t *target = get_current_target(cmd_ctx);
2419 armv4_5_common_t *armv4_5;
2420 arm7_9_common_t *arm7_9;
2422 if (target->state != TARGET_HALTED)
2424 LOG_ERROR("target not halted");
2425 return ERROR_TARGET_NOT_HALTED;
2428 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2430 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2436 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2440 if (strcmp("enable", args[0]) == 0)
2442 if (arm7_9->sw_bkpts_use_wp)
2444 arm7_9_enable_sw_bkpts(target);
2448 arm7_9->sw_bkpts_enabled = 1;
2451 else if (strcmp("disable", args[0]) == 0)
2453 if (arm7_9->sw_bkpts_use_wp)
2455 arm7_9_disable_sw_bkpts(target);
2459 arm7_9->sw_bkpts_enabled = 0;
2464 command_print(cmd_ctx, "usage: arm7_9 sw_bkpts <enable|disable>");
2467 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2472 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2474 target_t *target = get_current_target(cmd_ctx);
2475 armv4_5_common_t *armv4_5;
2476 arm7_9_common_t *arm7_9;
2478 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2480 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2484 if ((argc >= 1) && (strcmp("enable", args[0]) == 0))
2486 arm7_9->force_hw_bkpts = 1;
2487 if (arm7_9->sw_bkpts_use_wp)
2489 arm7_9_disable_sw_bkpts(target);
2492 else if ((argc >= 1) && (strcmp("disable", args[0]) == 0))
2494 arm7_9->force_hw_bkpts = 0;
2498 command_print(cmd_ctx, "usage: arm7_9 force_hw_bkpts <enable|disable>");
2501 command_print(cmd_ctx, "force hardware breakpoints %s", (arm7_9->force_hw_bkpts) ? "enabled" : "disabled");
2506 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2508 target_t *target = get_current_target(cmd_ctx);
2509 armv4_5_common_t *armv4_5;
2510 arm7_9_common_t *arm7_9;
2512 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2514 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2520 if (strcmp("enable", args[0]) == 0)
2522 arm7_9->use_dbgrq = 1;
2524 else if (strcmp("disable", args[0]) == 0)
2526 arm7_9->use_dbgrq = 0;
2530 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2534 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2539 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2541 target_t *target = get_current_target(cmd_ctx);
2542 armv4_5_common_t *armv4_5;
2543 arm7_9_common_t *arm7_9;
2545 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2547 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2553 if (strcmp("enable", args[0]) == 0)
2555 arm7_9->fast_memory_access = 1;
2557 else if (strcmp("disable", args[0]) == 0)
2559 arm7_9->fast_memory_access = 0;
2563 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2567 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2572 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2574 target_t *target = get_current_target(cmd_ctx);
2575 armv4_5_common_t *armv4_5;
2576 arm7_9_common_t *arm7_9;
2578 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2580 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2586 if (strcmp("enable", args[0]) == 0)
2588 arm7_9->dcc_downloads = 1;
2590 else if (strcmp("disable", args[0]) == 0)
2592 arm7_9->dcc_downloads = 0;
2596 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2600 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2605 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2607 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2609 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2611 arm_jtag_setup_connection(&arm7_9->jtag_info);
2612 arm7_9->wp_available = 2;
2613 arm7_9->wp0_used = 0;
2614 arm7_9->wp1_used = 0;
2615 arm7_9->force_hw_bkpts = 0;
2616 arm7_9->use_dbgrq = 0;
2618 arm7_9->etm_ctx = NULL;
2619 arm7_9->has_single_step = 0;
2620 arm7_9->has_monitor_mode = 0;
2621 arm7_9->has_vector_catch = 0;
2623 arm7_9->debug_entry_from_reset = 0;
2625 arm7_9->dcc_working_area = NULL;
2627 arm7_9->fast_memory_access = 0;
2628 arm7_9->dcc_downloads = 0;
2630 armv4_5->arch_info = arm7_9;
2631 armv4_5->read_core_reg = arm7_9_read_core_reg;
2632 armv4_5->write_core_reg = arm7_9_write_core_reg;
2633 armv4_5->full_context = arm7_9_full_context;
2635 armv4_5_init_arch_info(target, armv4_5);
2637 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / fw / openocd / blob