1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
24 #include "replacements.h"
26 #include "embeddedice.h"
28 #include "target_request.h"
33 #include "arm7_9_common.h"
34 #include "breakpoints.h"
40 #include <sys/types.h>
45 int arm7_9_debug_entry(target_t *target);
46 int arm7_9_enable_sw_bkpts(struct target_s *target);
48 /* command handler forward declarations */
49 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int arm7_9_reinit_embeddedice(target_t *target)
62 armv4_5_common_t *armv4_5 = target->arch_info;
63 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
65 breakpoint_t *breakpoint = target->breakpoints;
67 arm7_9->wp_available = 2;
71 /* mark all hardware breakpoints as unset */
74 if (breakpoint->type == BKPT_HARD)
78 breakpoint = breakpoint->next;
81 if (arm7_9->sw_bkpts_enabled && arm7_9->sw_bkpts_use_wp)
83 arm7_9->sw_bkpts_enabled = 0;
84 arm7_9_enable_sw_bkpts(target);
87 arm7_9->reinit_embeddedice = 0;
92 int arm7_9_jtag_callback(enum jtag_event event, void *priv)
94 target_t *target = priv;
95 armv4_5_common_t *armv4_5 = target->arch_info;
96 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
98 /* a test-logic reset occured
99 * the EmbeddedICE registers have been reset
100 * hardware breakpoints have been cleared
102 if (event == JTAG_TRST_ASSERTED)
104 arm7_9->reinit_embeddedice = 1;
110 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
112 armv4_5_common_t *armv4_5 = target->arch_info;
113 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
115 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
120 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
125 *armv4_5_p = armv4_5;
131 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
133 armv4_5_common_t *armv4_5 = target->arch_info;
134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
136 if (target->state != TARGET_HALTED)
138 WARNING("target not halted");
139 return ERROR_TARGET_NOT_HALTED;
142 if (arm7_9->force_hw_bkpts)
143 breakpoint->type = BKPT_HARD;
147 WARNING("breakpoint already set");
151 if (breakpoint->type == BKPT_HARD)
153 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
154 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
155 if (!arm7_9->wp0_used)
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
159 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
160 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
163 jtag_execute_queue();
164 arm7_9->wp0_used = 1;
167 else if (!arm7_9->wp1_used)
169 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
170 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
171 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
172 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
173 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
175 jtag_execute_queue();
176 arm7_9->wp1_used = 1;
181 ERROR("BUG: no hardware comparator available");
185 else if (breakpoint->type == BKPT_SOFT)
187 if (breakpoint->length == 4)
189 /* keep the original instruction in target endianness */
190 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
191 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
192 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
196 /* keep the original instruction in target endianness */
197 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
198 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
199 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
208 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
210 armv4_5_common_t *armv4_5 = target->arch_info;
211 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
213 if (target->state != TARGET_HALTED)
215 WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED;
219 if (!breakpoint->set)
221 WARNING("breakpoint not set");
225 if (breakpoint->type == BKPT_HARD)
227 if (breakpoint->set == 1)
229 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
230 jtag_execute_queue();
231 arm7_9->wp0_used = 0;
233 else if (breakpoint->set == 2)
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
236 jtag_execute_queue();
237 arm7_9->wp1_used = 0;
243 /* restore original instruction (kept in target endianness) */
244 if (breakpoint->length == 4)
246 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
250 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
258 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
260 armv4_5_common_t *armv4_5 = target->arch_info;
261 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
263 if (target->state != TARGET_HALTED)
265 WARNING("target not halted");
266 return ERROR_TARGET_NOT_HALTED;
269 if (arm7_9->force_hw_bkpts)
271 DEBUG("forcing use of hardware breakpoint at address 0x%8.8x", breakpoint->address);
272 breakpoint->type = BKPT_HARD;
275 if ((breakpoint->type == BKPT_SOFT) && (arm7_9->sw_bkpts_enabled == 0))
277 INFO("sw breakpoint requested, but software breakpoints not enabled");
278 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
281 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
283 INFO("no watchpoint unit available for hardware breakpoint");
284 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
287 if ((breakpoint->length != 2) && (breakpoint->length != 4))
289 INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
290 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
293 if (breakpoint->type == BKPT_HARD)
294 arm7_9->wp_available--;
299 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
301 armv4_5_common_t *armv4_5 = target->arch_info;
302 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
304 if (target->state != TARGET_HALTED)
306 WARNING("target not halted");
307 return ERROR_TARGET_NOT_HALTED;
312 arm7_9_unset_breakpoint(target, breakpoint);
315 if (breakpoint->type == BKPT_HARD)
316 arm7_9->wp_available++;
321 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
323 armv4_5_common_t *armv4_5 = target->arch_info;
324 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
328 mask = watchpoint->length - 1;
330 if (target->state != TARGET_HALTED)
332 WARNING("target not halted");
333 return ERROR_TARGET_NOT_HALTED;
336 if (watchpoint->rw == WPT_ACCESS)
341 if (!arm7_9->wp0_used)
343 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
344 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
345 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
346 if( watchpoint->mask != 0xffffffffu )
347 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
348 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
349 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
351 jtag_execute_queue();
353 arm7_9->wp0_used = 2;
355 else if (!arm7_9->wp1_used)
357 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
358 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
359 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
360 if( watchpoint->mask != 0xffffffffu )
361 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
363 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
365 jtag_execute_queue();
367 arm7_9->wp1_used = 2;
371 ERROR("BUG: no hardware comparator available");
378 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
380 armv4_5_common_t *armv4_5 = target->arch_info;
381 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
383 if (target->state != TARGET_HALTED)
385 WARNING("target not halted");
386 return ERROR_TARGET_NOT_HALTED;
389 if (!watchpoint->set)
391 WARNING("breakpoint not set");
395 if (watchpoint->set == 1)
397 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
398 jtag_execute_queue();
399 arm7_9->wp0_used = 0;
401 else if (watchpoint->set == 2)
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
404 jtag_execute_queue();
405 arm7_9->wp1_used = 0;
412 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
414 armv4_5_common_t *armv4_5 = target->arch_info;
415 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
417 if (target->state != TARGET_HALTED)
419 WARNING("target not halted");
420 return ERROR_TARGET_NOT_HALTED;
423 if (arm7_9->wp_available < 1)
425 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
428 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
430 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
433 arm7_9->wp_available--;
438 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
440 armv4_5_common_t *armv4_5 = target->arch_info;
441 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
443 if (target->state != TARGET_HALTED)
445 WARNING("target not halted");
446 return ERROR_TARGET_NOT_HALTED;
451 arm7_9_unset_watchpoint(target, watchpoint);
454 arm7_9->wp_available++;
459 int arm7_9_enable_sw_bkpts(struct target_s *target)
461 armv4_5_common_t *armv4_5 = target->arch_info;
462 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
465 if (arm7_9->sw_bkpts_enabled)
468 if (arm7_9->wp_available < 1)
470 WARNING("can't enable sw breakpoints with no watchpoint unit available");
471 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
473 arm7_9->wp_available--;
475 if (!arm7_9->wp0_used)
477 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
478 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
479 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
480 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
481 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
482 arm7_9->sw_bkpts_enabled = 1;
483 arm7_9->wp0_used = 3;
485 else if (!arm7_9->wp1_used)
487 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
488 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
489 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
490 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
491 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
492 arm7_9->sw_bkpts_enabled = 2;
493 arm7_9->wp1_used = 3;
497 ERROR("BUG: both watchpoints used, but wp_available >= 1");
501 if ((retval = jtag_execute_queue()) != ERROR_OK)
503 ERROR("error writing EmbeddedICE registers to enable sw breakpoints");
510 int arm7_9_disable_sw_bkpts(struct target_s *target)
512 armv4_5_common_t *armv4_5 = target->arch_info;
513 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
515 if (!arm7_9->sw_bkpts_enabled)
518 if (arm7_9->sw_bkpts_enabled == 1)
520 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
521 arm7_9->sw_bkpts_enabled = 0;
522 arm7_9->wp0_used = 0;
523 arm7_9->wp_available++;
525 else if (arm7_9->sw_bkpts_enabled == 2)
527 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
528 arm7_9->sw_bkpts_enabled = 0;
529 arm7_9->wp1_used = 0;
530 arm7_9->wp_available++;
536 int arm7_9_execute_sys_speed(struct target_s *target)
541 armv4_5_common_t *armv4_5 = target->arch_info;
542 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
543 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
544 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
546 /* set RESTART instruction */
547 jtag_add_end_state(TAP_RTI);
548 arm_jtag_set_instr(jtag_info, 0x4, NULL);
550 for (timeout=0; timeout<50; timeout++)
552 /* read debug status register */
553 embeddedice_read_reg(dbg_stat);
554 if ((retval = jtag_execute_queue()) != ERROR_OK)
556 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
557 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
563 ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
564 return ERROR_TARGET_TIMEOUT;
570 int arm7_9_execute_fast_sys_speed(struct target_s *target)
572 u8 check_value[4], check_mask[4];
574 armv4_5_common_t *armv4_5 = target->arch_info;
575 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
576 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
577 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
579 /* set RESTART instruction */
580 jtag_add_end_state(TAP_RTI);
581 arm_jtag_set_instr(jtag_info, 0x4, NULL);
583 /* check for DBGACK and SYSCOMP set (others don't care) */
584 buf_set_u32(check_value, 0, 32, 0x9);
585 buf_set_u32(check_mask, 0, 32, 0x9);
587 /* read debug status register */
588 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
593 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
595 armv4_5_common_t *armv4_5 = target->arch_info;
596 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
597 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
601 data = malloc(size * (sizeof(u32)));
603 embeddedice_receive(jtag_info, data, size);
605 for (i = 0; i < size; i++)
607 h_u32_to_le(buffer + (i * 4), data[i]);
615 int arm7_9_handle_target_request(void *priv)
617 target_t *target = priv;
618 armv4_5_common_t *armv4_5 = target->arch_info;
619 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
620 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
621 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
623 if (target->state == TARGET_RUNNING)
625 /* read DCC control register */
626 embeddedice_read_reg(dcc_control);
627 jtag_execute_queue();
630 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
634 embeddedice_receive(jtag_info, &request, 1);
635 target_request(target, request);
642 enum target_state arm7_9_poll(target_t *target)
645 armv4_5_common_t *armv4_5 = target->arch_info;
646 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
647 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
649 if (arm7_9->reinit_embeddedice)
651 arm7_9_reinit_embeddedice(target);
654 /* read debug status register */
655 embeddedice_read_reg(dbg_stat);
656 if ((retval = jtag_execute_queue()) != ERROR_OK)
660 case ERROR_JTAG_QUEUE_FAILED:
661 ERROR("JTAG queue failed while reading EmbeddedICE status register");
669 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
671 DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));
672 if ((target->state == TARGET_UNKNOWN))
674 WARNING("DBGACK set while target was in unknown state. Reset or initialize target before resuming");
675 target->state = TARGET_RUNNING;
677 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
679 target->state = TARGET_HALTED;
680 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
683 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
685 if (target->state == TARGET_DEBUG_RUNNING)
687 target->state = TARGET_HALTED;
688 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
691 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
696 if (target->state != TARGET_DEBUG_RUNNING)
697 target->state = TARGET_RUNNING;
700 return target->state;
703 int arm7_9_assert_reset(target_t *target)
707 DEBUG("target->state: %s", target_state_strings[target->state]);
709 if (target->state == TARGET_HALTED || target->state == TARGET_UNKNOWN)
711 /* if the target wasn't running, there might be working areas allocated */
712 target_free_all_working_areas(target);
714 /* assert SRST and TRST */
715 /* system would get ouf sync if we didn't reset test-logic, too */
716 if ((retval = jtag_add_reset(1, 1)) != ERROR_OK)
718 if (retval == ERROR_JTAG_RESET_CANT_SRST)
720 WARNING("can't assert srst");
725 ERROR("unknown error");
729 jtag_add_sleep(5000);
730 if ((retval = jtag_add_reset(0, 1)) != ERROR_OK)
732 if (retval == ERROR_JTAG_RESET_WOULD_ASSERT_TRST)
734 WARNING("srst resets test logic, too");
735 retval = jtag_add_reset(1, 1);
741 if ((retval = jtag_add_reset(0, 1)) != ERROR_OK)
743 if (retval == ERROR_JTAG_RESET_WOULD_ASSERT_TRST)
745 WARNING("srst resets test logic, too");
746 retval = jtag_add_reset(1, 1);
749 if (retval == ERROR_JTAG_RESET_CANT_SRST)
751 WARNING("can't assert srst");
754 else if (retval != ERROR_OK)
756 ERROR("unknown error");
762 target->state = TARGET_RESET;
763 jtag_add_sleep(50000);
765 armv4_5_invalidate_core_regs(target);
771 int arm7_9_deassert_reset(target_t *target)
773 DEBUG("target->state: %s", target_state_strings[target->state]);
775 /* deassert reset lines */
776 jtag_add_reset(0, 0);
781 int arm7_9_clear_halt(target_t *target)
783 armv4_5_common_t *armv4_5 = target->arch_info;
784 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
785 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
787 /* we used DBGRQ only if we didn't come out of reset */
788 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
790 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
792 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
793 embeddedice_store_reg(dbg_ctrl);
797 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
799 /* if we came out of reset, and vector catch is supported, we used
800 * vector catch to enter debug state
801 * restore the register in that case
803 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
807 /* restore registers if watchpoint unit 0 was in use
809 if (arm7_9->wp0_used)
811 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
812 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
813 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
815 /* control value always has to be restored, as it was either disabled,
816 * or enabled with possibly different bits
818 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
825 int arm7_9_soft_reset_halt(struct target_s *target)
827 armv4_5_common_t *armv4_5 = target->arch_info;
828 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
829 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
830 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
833 if (target->state == TARGET_RUNNING)
835 target->type->halt(target);
838 while (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0)
840 embeddedice_read_reg(dbg_stat);
841 jtag_execute_queue();
843 target->state = TARGET_HALTED;
845 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
846 * ensure that DBGRQ is cleared
848 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
849 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
850 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
851 embeddedice_store_reg(dbg_ctrl);
853 arm7_9_clear_halt(target);
855 /* if the target is in Thumb state, change to ARM state */
856 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
858 u32 r0_thumb, pc_thumb;
859 DEBUG("target entered debug from Thumb state, changing to ARM");
860 /* Entered debug from Thumb mode */
861 armv4_5->core_state = ARMV4_5_STATE_THUMB;
862 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
865 /* all register content is now invalid */
866 armv4_5_invalidate_core_regs(target);
868 /* SVC, ARM state, IRQ and FIQ disabled */
869 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
870 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
871 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
873 /* start fetching from 0x0 */
874 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
875 armv4_5->core_cache->reg_list[15].dirty = 1;
876 armv4_5->core_cache->reg_list[15].valid = 1;
878 armv4_5->core_mode = ARMV4_5_MODE_SVC;
879 armv4_5->core_state = ARMV4_5_STATE_ARM;
881 /* reset registers */
882 for (i = 0; i <= 14; i++)
884 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
885 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
886 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
889 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
894 int arm7_9_prepare_reset_halt(target_t *target)
896 armv4_5_common_t *armv4_5 = target->arch_info;
897 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
899 /* poll the target, and resume if it was currently halted */
901 if (target->state == TARGET_HALTED)
903 arm7_9_resume(target, 1, 0x0, 0, 1);
906 if (arm7_9->has_vector_catch)
908 /* program vector catch register to catch reset vector */
909 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
913 /* program watchpoint unit to match on reset vector address */
914 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
915 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
916 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
917 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
923 int arm7_9_halt(target_t *target)
925 armv4_5_common_t *armv4_5 = target->arch_info;
926 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
927 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
929 DEBUG("target->state: %s", target_state_strings[target->state]);
931 if (target->state == TARGET_HALTED)
933 WARNING("target was already halted");
934 return ERROR_TARGET_ALREADY_HALTED;
937 if (target->state == TARGET_UNKNOWN)
939 WARNING("target was in unknown state when halt was requested");
942 if (target->state == TARGET_RESET)
944 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) && jtag_srst)
946 ERROR("can't request a halt while in reset if nSRST pulls nTRST");
947 return ERROR_TARGET_FAILURE;
951 /* we came here in a reset_halt or reset_init sequence
952 * debug entry was already prepared in arm7_9_prepare_reset_halt()
954 target->debug_reason = DBG_REASON_DBGRQ;
960 if (arm7_9->use_dbgrq)
962 /* program EmbeddedICE Debug Control Register to assert DBGRQ
964 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
965 embeddedice_store_reg(dbg_ctrl);
969 /* program watchpoint unit to match on any address
971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
973 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
974 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
977 target->debug_reason = DBG_REASON_DBGRQ;
982 int arm7_9_debug_entry(target_t *target)
987 u32 r0_thumb, pc_thumb;
990 /* get pointers to arch-specific information */
991 armv4_5_common_t *armv4_5 = target->arch_info;
992 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
993 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
994 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
996 #ifdef _DEBUG_ARM7_9_
1000 if (arm7_9->pre_debug_entry)
1001 arm7_9->pre_debug_entry(target);
1003 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1004 * ensure that DBGRQ is cleared
1006 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1007 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1008 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1009 embeddedice_store_reg(dbg_ctrl);
1011 arm7_9_clear_halt(target);
1013 if ((retval = jtag_execute_queue()) != ERROR_OK)
1017 case ERROR_JTAG_QUEUE_FAILED:
1018 ERROR("JTAG queue failed while writing EmbeddedICE control register");
1026 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1030 if (target->state != TARGET_HALTED)
1032 WARNING("target not halted");
1033 return ERROR_TARGET_NOT_HALTED;
1036 /* if the target is in Thumb state, change to ARM state */
1037 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1039 DEBUG("target entered debug from Thumb state");
1040 /* Entered debug from Thumb mode */
1041 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1042 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1043 DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1047 DEBUG("target entered debug from ARM state");
1048 /* Entered debug from ARM mode */
1049 armv4_5->core_state = ARMV4_5_STATE_ARM;
1052 for (i = 0; i < 16; i++)
1053 context_p[i] = &context[i];
1054 /* save core registers (r0 - r15 of current core mode) */
1055 arm7_9->read_core_regs(target, 0xffff, context_p);
1057 arm7_9->read_xpsr(target, &cpsr, 0);
1059 if ((retval = jtag_execute_queue()) != ERROR_OK)
1062 /* if the core has been executing in Thumb state, set the T bit */
1063 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1066 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1067 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1068 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1070 armv4_5->core_mode = cpsr & 0x1f;
1072 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1074 target->state = TARGET_UNKNOWN;
1075 ERROR("cpsr contains invalid mode value - communication failure");
1076 return ERROR_TARGET_FAILURE;
1079 DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1081 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1083 DEBUG("thumb state, applying fixups");
1084 context[0] = r0_thumb;
1085 context[15] = pc_thumb;
1086 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1088 /* adjust value stored by STM */
1089 context[15] -= 3 * 4;
1092 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1093 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1094 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1095 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1096 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1097 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1098 else if (target->debug_reason == DBG_REASON_DBGRQ)
1099 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1102 ERROR("unknown debug reason: %i", target->debug_reason);
1106 for (i=0; i<=15; i++)
1108 DEBUG("r%i: 0x%8.8x", i, context[i]);
1109 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1110 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1111 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1114 DEBUG("entered debug state at PC 0x%x", context[15]);
1116 /* exceptions other than USR & SYS have a saved program status register */
1117 if ((armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_USR) && (armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_SYS))
1120 arm7_9->read_xpsr(target, &spsr, 1);
1121 jtag_execute_queue();
1122 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1123 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1124 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1127 /* r0 and r15 (pc) have to be restored later */
1128 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = 1;
1129 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = 1;
1131 if ((retval = jtag->execute_queue()) != ERROR_OK)
1134 if (arm7_9->post_debug_entry)
1135 arm7_9->post_debug_entry(target);
1140 int arm7_9_full_context(target_t *target)
1144 armv4_5_common_t *armv4_5 = target->arch_info;
1145 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1149 if (target->state != TARGET_HALTED)
1151 WARNING("target not halted");
1152 return ERROR_TARGET_NOT_HALTED;
1155 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1156 * SYS shares registers with User, so we don't touch SYS
1158 for(i = 0; i < 6; i++)
1165 /* check if there are invalid registers in the current mode
1167 for (j = 0; j <= 16; j++)
1169 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1177 /* change processor mode (and mask T bit) */
1178 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1179 tmp_cpsr |= armv4_5_number_to_mode(i);
1181 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1183 for (j = 0; j < 15; j++)
1185 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1187 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1189 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1190 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1194 /* if only the PSR is invalid, mask is all zeroes */
1196 arm7_9->read_core_regs(target, mask, reg_p);
1198 /* check if the PSR has to be read */
1199 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1201 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1202 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1203 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1208 /* restore processor mode (mask T bit) */
1209 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1211 if ((retval = jtag_execute_queue()) != ERROR_OK)
1213 ERROR("JTAG failure");
1219 int arm7_9_restore_context(target_t *target)
1221 armv4_5_common_t *armv4_5 = target->arch_info;
1222 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1224 armv4_5_core_reg_t *reg_arch_info;
1225 enum armv4_5_mode current_mode = armv4_5->core_mode;
1232 if (target->state != TARGET_HALTED)
1234 WARNING("target not halted");
1235 return ERROR_TARGET_NOT_HALTED;
1238 if (arm7_9->pre_restore_context)
1239 arm7_9->pre_restore_context(target);
1241 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1242 * SYS shares registers with User, so we don't touch SYS
1244 for (i = 0; i < 6; i++)
1246 DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1249 /* check if there are dirty registers in the current mode
1251 for (j = 0; j <= 16; j++)
1253 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1254 reg_arch_info = reg->arch_info;
1255 if (reg->dirty == 1)
1257 if (reg->valid == 1)
1260 DEBUG("examining dirty reg: %s", reg->name);
1261 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1262 && (reg_arch_info->mode != current_mode)
1263 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1264 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1267 DEBUG("require mode change");
1272 ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1288 /* change processor mode (mask T bit) */
1289 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1290 tmp_cpsr |= armv4_5_number_to_mode(i);
1292 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1293 current_mode = armv4_5_number_to_mode(i);
1296 for (j = 0; j <= 14; j++)
1298 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1299 reg_arch_info = reg->arch_info;
1302 if (reg->dirty == 1)
1304 regs[j] = buf_get_u32(reg->value, 0, 32);
1309 DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1315 arm7_9->write_core_regs(target, mask, regs);
1318 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1319 reg_arch_info = reg->arch_info;
1320 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1322 DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1323 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1328 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1330 /* restore processor mode (mask T bit) */
1333 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1334 tmp_cpsr |= armv4_5_number_to_mode(i);
1336 DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1337 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1339 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1341 /* CPSR has been changed, full restore necessary (mask T bit) */
1342 DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1343 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1344 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1345 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1349 DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1350 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1351 armv4_5->core_cache->reg_list[15].dirty = 0;
1353 if (arm7_9->post_restore_context)
1354 arm7_9->post_restore_context(target);
1359 int arm7_9_restart_core(struct target_s *target)
1361 armv4_5_common_t *armv4_5 = target->arch_info;
1362 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1363 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1365 /* set RESTART instruction */
1366 jtag_add_end_state(TAP_RTI);
1367 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1369 jtag_add_runtest(1, TAP_RTI);
1370 if ((jtag_execute_queue()) != ERROR_OK)
1378 void arm7_9_enable_watchpoints(struct target_s *target)
1380 watchpoint_t *watchpoint = target->watchpoints;
1384 if (watchpoint->set == 0)
1385 arm7_9_set_watchpoint(target, watchpoint);
1386 watchpoint = watchpoint->next;
1390 void arm7_9_enable_breakpoints(struct target_s *target)
1392 breakpoint_t *breakpoint = target->breakpoints;
1394 /* set any pending breakpoints */
1397 if (breakpoint->set == 0)
1398 arm7_9_set_breakpoint(target, breakpoint);
1399 breakpoint = breakpoint->next;
1403 void arm7_9_disable_bkpts_and_wpts(struct target_s *target)
1405 breakpoint_t *breakpoint = target->breakpoints;
1406 watchpoint_t *watchpoint = target->watchpoints;
1408 /* set any pending breakpoints */
1411 if (breakpoint->set != 0)
1412 arm7_9_unset_breakpoint(target, breakpoint);
1413 breakpoint = breakpoint->next;
1418 if (watchpoint->set != 0)
1419 arm7_9_unset_watchpoint(target, watchpoint);
1420 watchpoint = watchpoint->next;
1424 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1426 armv4_5_common_t *armv4_5 = target->arch_info;
1427 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1428 breakpoint_t *breakpoint = target->breakpoints;
1429 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1433 if (target->state != TARGET_HALTED)
1435 WARNING("target not halted");
1436 return ERROR_TARGET_NOT_HALTED;
1439 if (!debug_execution)
1441 target_free_all_working_areas(target);
1444 /* current = 1: continue on current pc, otherwise continue at <address> */
1446 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1448 /* the front-end may request us not to handle breakpoints */
1449 if (handle_breakpoints)
1451 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1453 DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1454 arm7_9_unset_breakpoint(target, breakpoint);
1456 DEBUG("enable single-step");
1457 arm7_9->enable_single_step(target);
1459 target->debug_reason = DBG_REASON_SINGLESTEP;
1461 arm7_9_restore_context(target);
1463 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1464 arm7_9->branch_resume(target);
1465 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1467 arm7_9->branch_resume_thumb(target);
1471 ERROR("unhandled core state");
1475 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1476 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1477 arm7_9_execute_sys_speed(target);
1479 DEBUG("disable single-step");
1480 arm7_9->disable_single_step(target);
1482 arm7_9_debug_entry(target);
1483 DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1485 DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1486 arm7_9_set_breakpoint(target, breakpoint);
1490 /* enable any pending breakpoints and watchpoints */
1491 arm7_9_enable_breakpoints(target);
1492 arm7_9_enable_watchpoints(target);
1494 arm7_9_restore_context(target);
1496 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1498 arm7_9->branch_resume(target);
1500 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1502 arm7_9->branch_resume_thumb(target);
1506 ERROR("unhandled core state");
1510 /* deassert DBGACK and INTDIS */
1511 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1512 /* INTDIS only when we really resume, not during debug execution */
1513 if (!debug_execution)
1514 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1515 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1517 arm7_9_restart_core(target);
1519 target->debug_reason = DBG_REASON_NOTHALTED;
1521 if (!debug_execution)
1523 /* registers are now invalid */
1524 armv4_5_invalidate_core_regs(target);
1525 target->state = TARGET_RUNNING;
1526 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1530 target->state = TARGET_DEBUG_RUNNING;
1531 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1534 DEBUG("target resumed");
1539 void arm7_9_enable_eice_step(target_t *target)
1541 armv4_5_common_t *armv4_5 = target->arch_info;
1542 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1544 /* setup an inverse breakpoint on the current PC
1545 * - comparator 1 matches the current address
1546 * - rangeout from comparator 1 is connected to comparator 0 rangein
1547 * - comparator 0 matches any address, as long as rangein is low */
1548 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1549 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1550 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
1551 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0x77);
1552 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1553 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1554 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1555 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1556 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xf7);
1559 void arm7_9_disable_eice_step(target_t *target)
1561 armv4_5_common_t *armv4_5 = target->arch_info;
1562 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1564 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1565 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1566 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1567 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1568 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1569 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1570 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1571 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1572 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1575 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1577 armv4_5_common_t *armv4_5 = target->arch_info;
1578 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1579 breakpoint_t *breakpoint = NULL;
1581 if (target->state != TARGET_HALTED)
1583 WARNING("target not halted");
1584 return ERROR_TARGET_NOT_HALTED;
1587 /* current = 1: continue on current pc, otherwise continue at <address> */
1589 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1591 /* the front-end may request us not to handle breakpoints */
1592 if (handle_breakpoints)
1593 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1594 arm7_9_unset_breakpoint(target, breakpoint);
1596 target->debug_reason = DBG_REASON_SINGLESTEP;
1598 arm7_9_restore_context(target);
1600 arm7_9->enable_single_step(target);
1602 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1604 arm7_9->branch_resume(target);
1606 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1608 arm7_9->branch_resume_thumb(target);
1612 ERROR("unhandled core state");
1616 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1618 arm7_9_execute_sys_speed(target);
1619 arm7_9->disable_single_step(target);
1621 /* registers are now invalid */
1622 armv4_5_invalidate_core_regs(target);
1624 arm7_9_debug_entry(target);
1626 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1629 arm7_9_set_breakpoint(target, breakpoint);
1631 DEBUG("target stepped");
1637 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1642 armv4_5_common_t *armv4_5 = target->arch_info;
1643 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1644 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1646 if ((num < 0) || (num > 16))
1647 return ERROR_INVALID_ARGUMENTS;
1649 if ((mode != ARMV4_5_MODE_ANY)
1650 && (mode != armv4_5->core_mode)
1651 && (reg_mode != ARMV4_5_MODE_ANY))
1655 /* change processor mode (mask T bit) */
1656 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1659 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1662 if ((num >= 0) && (num <= 15))
1664 /* read a normal core register */
1665 reg_p[num] = &value;
1667 arm7_9->read_core_regs(target, 1 << num, reg_p);
1671 /* read a program status register
1672 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1674 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1675 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1677 arm7_9->read_xpsr(target, &value, spsr);
1680 if ((retval = jtag_execute_queue()) != ERROR_OK)
1682 ERROR("JTAG failure");
1686 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1687 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1688 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1690 if ((mode != ARMV4_5_MODE_ANY)
1691 && (mode != armv4_5->core_mode)
1692 && (reg_mode != ARMV4_5_MODE_ANY)) {
1693 /* restore processor mode (mask T bit) */
1694 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1701 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1705 armv4_5_common_t *armv4_5 = target->arch_info;
1706 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1707 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1709 if ((num < 0) || (num > 16))
1710 return ERROR_INVALID_ARGUMENTS;
1712 if ((mode != ARMV4_5_MODE_ANY)
1713 && (mode != armv4_5->core_mode)
1714 && (reg_mode != ARMV4_5_MODE_ANY)) {
1717 /* change processor mode (mask T bit) */
1718 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1721 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1724 if ((num >= 0) && (num <= 15))
1726 /* write a normal core register */
1729 arm7_9->write_core_regs(target, 1 << num, reg);
1733 /* write a program status register
1734 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1736 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1737 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1739 /* if we're writing the CPSR, mask the T bit */
1743 arm7_9->write_xpsr(target, value, spsr);
1746 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1747 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1749 if ((mode != ARMV4_5_MODE_ANY)
1750 && (mode != armv4_5->core_mode)
1751 && (reg_mode != ARMV4_5_MODE_ANY)) {
1752 /* restore processor mode (mask T bit) */
1753 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1756 if ((retval = jtag_execute_queue()) != ERROR_OK)
1758 ERROR("JTAG failure");
1766 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1768 armv4_5_common_t *armv4_5 = target->arch_info;
1769 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1772 int num_accesses = 0;
1773 int thisrun_accesses;
1779 DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1781 if (target->state != TARGET_HALTED)
1783 WARNING("target not halted");
1784 return ERROR_TARGET_NOT_HALTED;
1787 /* sanitize arguments */
1788 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1789 return ERROR_INVALID_ARGUMENTS;
1791 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1792 return ERROR_TARGET_UNALIGNED_ACCESS;
1794 /* load the base register with the address of the first word */
1796 arm7_9->write_core_regs(target, 0x1, reg);
1801 while (num_accesses < count)
1804 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1805 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1807 if (last_reg <= thisrun_accesses)
1808 last_reg = thisrun_accesses;
1810 arm7_9->load_word_regs(target, reg_list);
1812 /* fast memory reads are only safe when the target is running
1813 * from a sufficiently high clock (32 kHz is usually too slow)
1815 if (arm7_9->fast_memory_access)
1816 arm7_9_execute_fast_sys_speed(target);
1818 arm7_9_execute_sys_speed(target);
1820 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1822 /* advance buffer, count number of accesses */
1823 buffer += thisrun_accesses * 4;
1824 num_accesses += thisrun_accesses;
1828 while (num_accesses < count)
1831 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1832 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1834 for (i = 1; i <= thisrun_accesses; i++)
1838 arm7_9->load_hword_reg(target, i);
1839 /* fast memory reads are only safe when the target is running
1840 * from a sufficiently high clock (32 kHz is usually too slow)
1842 if (arm7_9->fast_memory_access)
1843 arm7_9_execute_fast_sys_speed(target);
1845 arm7_9_execute_sys_speed(target);
1848 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1850 /* advance buffer, count number of accesses */
1851 buffer += thisrun_accesses * 2;
1852 num_accesses += thisrun_accesses;
1856 while (num_accesses < count)
1859 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1860 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1862 for (i = 1; i <= thisrun_accesses; i++)
1866 arm7_9->load_byte_reg(target, i);
1867 /* fast memory reads are only safe when the target is running
1868 * from a sufficiently high clock (32 kHz is usually too slow)
1870 if (arm7_9->fast_memory_access)
1871 arm7_9_execute_fast_sys_speed(target);
1873 arm7_9_execute_sys_speed(target);
1876 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1878 /* advance buffer, count number of accesses */
1879 buffer += thisrun_accesses * 1;
1880 num_accesses += thisrun_accesses;
1884 ERROR("BUG: we shouldn't get here");
1889 for (i=0; i<=last_reg; i++)
1890 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1892 arm7_9->read_xpsr(target, &cpsr, 0);
1893 if ((retval = jtag_execute_queue()) != ERROR_OK)
1895 ERROR("JTAG error while reading cpsr");
1899 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1901 WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1903 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1905 return ERROR_TARGET_DATA_ABORT;
1911 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1913 armv4_5_common_t *armv4_5 = target->arch_info;
1914 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1915 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1918 int num_accesses = 0;
1919 int thisrun_accesses;
1925 DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1927 if (target->state != TARGET_HALTED)
1929 WARNING("target not halted");
1930 return ERROR_TARGET_NOT_HALTED;
1933 /* sanitize arguments */
1934 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1935 return ERROR_INVALID_ARGUMENTS;
1937 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1938 return ERROR_TARGET_UNALIGNED_ACCESS;
1940 /* load the base register with the address of the first word */
1942 arm7_9->write_core_regs(target, 0x1, reg);
1944 /* Clear DBGACK, to make sure memory fetches work as expected */
1945 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1946 embeddedice_store_reg(dbg_ctrl);
1951 while (num_accesses < count)
1954 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1955 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1957 for (i = 1; i <= thisrun_accesses; i++)
1961 reg[i] = target_buffer_get_u32(target, buffer);
1965 arm7_9->write_core_regs(target, reg_list, reg);
1967 arm7_9->store_word_regs(target, reg_list);
1969 /* fast memory writes are only safe when the target is running
1970 * from a sufficiently high clock (32 kHz is usually too slow)
1972 if (arm7_9->fast_memory_access)
1973 arm7_9_execute_fast_sys_speed(target);
1975 arm7_9_execute_sys_speed(target);
1977 num_accesses += thisrun_accesses;
1981 while (num_accesses < count)
1984 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1985 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1987 for (i = 1; i <= thisrun_accesses; i++)
1991 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
1995 arm7_9->write_core_regs(target, reg_list, reg);
1997 for (i = 1; i <= thisrun_accesses; i++)
1999 arm7_9->store_hword_reg(target, i);
2001 /* fast memory writes are only safe when the target is running
2002 * from a sufficiently high clock (32 kHz is usually too slow)
2004 if (arm7_9->fast_memory_access)
2005 arm7_9_execute_fast_sys_speed(target);
2007 arm7_9_execute_sys_speed(target);
2010 num_accesses += thisrun_accesses;
2014 while (num_accesses < count)
2017 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2018 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2020 for (i = 1; i <= thisrun_accesses; i++)
2024 reg[i] = *buffer++ & 0xff;
2027 arm7_9->write_core_regs(target, reg_list, reg);
2029 for (i = 1; i <= thisrun_accesses; i++)
2031 arm7_9->store_byte_reg(target, i);
2032 /* fast memory writes are only safe when the target is running
2033 * from a sufficiently high clock (32 kHz is usually too slow)
2035 if (arm7_9->fast_memory_access)
2036 arm7_9_execute_fast_sys_speed(target);
2038 arm7_9_execute_sys_speed(target);
2041 num_accesses += thisrun_accesses;
2045 ERROR("BUG: we shouldn't get here");
2051 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2052 embeddedice_store_reg(dbg_ctrl);
2054 for (i=0; i<=last_reg; i++)
2055 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
2057 arm7_9->read_xpsr(target, &cpsr, 0);
2058 if ((retval = jtag_execute_queue()) != ERROR_OK)
2060 ERROR("JTAG error while reading cpsr");
2064 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2066 WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2068 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2070 return ERROR_TARGET_DATA_ABORT;
2076 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2078 armv4_5_common_t *armv4_5 = target->arch_info;
2079 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2080 enum armv4_5_state core_state = armv4_5->core_state;
2081 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2082 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2083 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2088 /* MRC TST BNE MRC STR B */
2089 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2092 if (!arm7_9->dcc_downloads)
2093 return target->type->write_memory(target, address, 4, count, buffer);
2095 /* regrab previously allocated working_area, or allocate a new one */
2096 if (!arm7_9->dcc_working_area)
2098 u8 dcc_code_buf[6 * 4];
2100 /* make sure we have a working area */
2101 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2103 INFO("no working area available, falling back to memory writes");
2104 return target->type->write_memory(target, address, 4, count, buffer);
2107 /* copy target instructions to target endianness */
2108 for (i = 0; i < 6; i++)
2110 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2113 /* write DCC code to working area */
2114 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2117 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2118 armv4_5->core_cache->reg_list[0].valid = 1;
2119 armv4_5->core_cache->reg_list[0].dirty = 1;
2120 armv4_5->core_state = ARMV4_5_STATE_ARM;
2122 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2124 for (i = 0; i < count; i++)
2126 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], target_buffer_get_u32(target, buffer));
2130 target->type->halt(target);
2132 while (target->state != TARGET_HALTED)
2133 target->type->poll(target);
2135 /* restore target state */
2136 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2137 armv4_5->core_cache->reg_list[0].valid = 1;
2138 armv4_5->core_cache->reg_list[0].dirty = 1;
2139 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2140 armv4_5->core_cache->reg_list[1].valid = 1;
2141 armv4_5->core_cache->reg_list[1].dirty = 1;
2142 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2143 armv4_5->core_cache->reg_list[15].valid = 1;
2144 armv4_5->core_cache->reg_list[15].dirty = 1;
2145 armv4_5->core_state = core_state;
2150 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2152 working_area_t *crc_algorithm;
2153 armv4_5_algorithm_t armv4_5_info;
2154 reg_param_t reg_params[2];
2157 u32 arm7_9_crc_code[] = {
2158 0xE1A02000, /* mov r2, r0 */
2159 0xE3E00000, /* mov r0, #0xffffffff */
2160 0xE1A03001, /* mov r3, r1 */
2161 0xE3A04000, /* mov r4, #0 */
2162 0xEA00000B, /* b ncomp */
2164 0xE7D21004, /* ldrb r1, [r2, r4] */
2165 0xE59F7030, /* ldr r7, CRC32XOR */
2166 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2167 0xE3A05000, /* mov r5, #0 */
2169 0xE3500000, /* cmp r0, #0 */
2170 0xE1A06080, /* mov r6, r0, asl #1 */
2171 0xE2855001, /* add r5, r5, #1 */
2172 0xE1A00006, /* mov r0, r6 */
2173 0xB0260007, /* eorlt r0, r6, r7 */
2174 0xE3550008, /* cmp r5, #8 */
2175 0x1AFFFFF8, /* bne loop */
2176 0xE2844001, /* add r4, r4, #1 */
2178 0xE1540003, /* cmp r4, r3 */
2179 0x1AFFFFF1, /* bne nbyte */
2181 0xEAFFFFFE, /* b end */
2182 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2187 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2189 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2192 /* convert flash writing code into a buffer in target endianness */
2193 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2194 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2196 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2197 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2198 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2200 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2201 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2203 buf_set_u32(reg_params[0].value, 0, 32, address);
2204 buf_set_u32(reg_params[1].value, 0, 32, count);
2206 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2207 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2209 ERROR("error executing arm7_9 crc algorithm");
2210 destroy_reg_param(®_params[0]);
2211 destroy_reg_param(®_params[1]);
2212 target_free_working_area(target, crc_algorithm);
2216 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2218 destroy_reg_param(®_params[0]);
2219 destroy_reg_param(®_params[1]);
2221 target_free_working_area(target, crc_algorithm);
2226 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2228 command_t *arm7_9_cmd;
2230 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2232 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2233 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2235 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2237 register_command(cmd_ctx, arm7_9_cmd, "sw_bkpts", handle_arm7_9_sw_bkpts_command, COMMAND_EXEC, "support for software breakpoints <enable|disable>");
2238 register_command(cmd_ctx, arm7_9_cmd, "force_hw_bkpts", handle_arm7_9_force_hw_bkpts_command, COMMAND_EXEC, "use hardware breakpoints for all breakpoints (disables sw breakpoint support) <enable|disable>");
2239 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2240 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2241 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2242 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2243 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2244 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2245 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2246 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2248 armv4_5_register_commands(cmd_ctx);
2250 etm_register_commands(cmd_ctx);
2255 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2260 target_t *target = get_current_target(cmd_ctx);
2261 armv4_5_common_t *armv4_5;
2262 arm7_9_common_t *arm7_9;
2264 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2266 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2270 if (target->state != TARGET_HALTED)
2272 command_print(cmd_ctx, "can't write registers while running");
2278 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2282 value = strtoul(args[0], NULL, 0);
2283 spsr = strtol(args[1], NULL, 0);
2285 /* if we're writing the CPSR, mask the T bit */
2289 arm7_9->write_xpsr(target, value, spsr);
2290 if ((retval = jtag_execute_queue()) != ERROR_OK)
2292 ERROR("JTAG error while writing to xpsr");
2299 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2305 target_t *target = get_current_target(cmd_ctx);
2306 armv4_5_common_t *armv4_5;
2307 arm7_9_common_t *arm7_9;
2309 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2311 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2315 if (target->state != TARGET_HALTED)
2317 command_print(cmd_ctx, "can't write registers while running");
2323 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2327 value = strtoul(args[0], NULL, 0);
2328 rotate = strtol(args[1], NULL, 0);
2329 spsr = strtol(args[2], NULL, 0);
2331 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2332 if ((retval = jtag_execute_queue()) != ERROR_OK)
2334 ERROR("JTAG error while writing 8-bit immediate to xpsr");
2341 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2346 target_t *target = get_current_target(cmd_ctx);
2347 armv4_5_common_t *armv4_5;
2348 arm7_9_common_t *arm7_9;
2350 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2352 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2356 if (target->state != TARGET_HALTED)
2358 command_print(cmd_ctx, "can't write registers while running");
2364 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2368 num = strtol(args[0], NULL, 0);
2369 mode = strtoul(args[1], NULL, 0);
2370 value = strtoul(args[2], NULL, 0);
2372 arm7_9_write_core_reg(target, num, mode, value);
2377 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2379 target_t *target = get_current_target(cmd_ctx);
2380 armv4_5_common_t *armv4_5;
2381 arm7_9_common_t *arm7_9;
2383 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2385 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2391 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2395 if (strcmp("enable", args[0]) == 0)
2397 if (arm7_9->sw_bkpts_use_wp)
2399 arm7_9_enable_sw_bkpts(target);
2403 arm7_9->sw_bkpts_enabled = 1;
2406 else if (strcmp("disable", args[0]) == 0)
2408 if (arm7_9->sw_bkpts_use_wp)
2410 arm7_9_disable_sw_bkpts(target);
2414 arm7_9->sw_bkpts_enabled = 0;
2419 command_print(cmd_ctx, "usage: arm7_9 sw_bkpts <enable|disable>");
2422 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2427 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2429 target_t *target = get_current_target(cmd_ctx);
2430 armv4_5_common_t *armv4_5;
2431 arm7_9_common_t *arm7_9;
2433 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2435 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2439 if ((argc >= 1) && (strcmp("enable", args[0]) == 0))
2441 arm7_9->force_hw_bkpts = 1;
2442 if (arm7_9->sw_bkpts_use_wp)
2444 arm7_9_disable_sw_bkpts(target);
2447 else if ((argc >= 1) && (strcmp("disable", args[0]) == 0))
2449 arm7_9->force_hw_bkpts = 0;
2453 command_print(cmd_ctx, "usage: arm7_9 force_hw_bkpts <enable|disable>");
2456 command_print(cmd_ctx, "force hardware breakpoints %s", (arm7_9->force_hw_bkpts) ? "enabled" : "disabled");
2461 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2463 target_t *target = get_current_target(cmd_ctx);
2464 armv4_5_common_t *armv4_5;
2465 arm7_9_common_t *arm7_9;
2467 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2469 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2475 if (strcmp("enable", args[0]) == 0)
2477 arm7_9->use_dbgrq = 1;
2479 else if (strcmp("disable", args[0]) == 0)
2481 arm7_9->use_dbgrq = 0;
2485 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2489 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2494 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2496 target_t *target = get_current_target(cmd_ctx);
2497 armv4_5_common_t *armv4_5;
2498 arm7_9_common_t *arm7_9;
2500 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2502 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2508 if (strcmp("enable", args[0]) == 0)
2510 arm7_9->fast_memory_access = 1;
2512 else if (strcmp("disable", args[0]) == 0)
2514 arm7_9->fast_memory_access = 0;
2518 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2522 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2527 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2529 target_t *target = get_current_target(cmd_ctx);
2530 armv4_5_common_t *armv4_5;
2531 arm7_9_common_t *arm7_9;
2533 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2535 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2541 if (strcmp("enable", args[0]) == 0)
2543 arm7_9->dcc_downloads = 1;
2545 else if (strcmp("disable", args[0]) == 0)
2547 arm7_9->dcc_downloads = 0;
2551 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2555 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2560 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2562 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2564 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2566 arm_jtag_setup_connection(&arm7_9->jtag_info);
2567 arm7_9->wp_available = 2;
2568 arm7_9->wp0_used = 0;
2569 arm7_9->wp1_used = 0;
2570 arm7_9->force_hw_bkpts = 0;
2571 arm7_9->use_dbgrq = 0;
2573 arm7_9->etm_ctx = NULL;
2574 arm7_9->has_single_step = 0;
2575 arm7_9->has_monitor_mode = 0;
2576 arm7_9->has_vector_catch = 0;
2578 arm7_9->reinit_embeddedice = 0;
2580 arm7_9->debug_entry_from_reset = 0;
2582 arm7_9->dcc_working_area = NULL;
2584 arm7_9->fast_memory_access = 0;
2585 arm7_9->dcc_downloads = 0;
2587 jtag_register_event_callback(arm7_9_jtag_callback, target);
2589 armv4_5->arch_info = arm7_9;
2590 armv4_5->read_core_reg = arm7_9_read_core_reg;
2591 armv4_5->write_core_reg = arm7_9_write_core_reg;
2592 armv4_5->full_context = arm7_9_full_context;
2594 armv4_5_init_arch_info(target, armv4_5);
2596 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / fw / openocd / blob