1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
24 #include "replacements.h"
26 #include "embeddedice.h"
28 #include "target_request.h"
33 #include "arm7_9_common.h"
34 #include "breakpoints.h"
40 #include <sys/types.h>
45 int arm7_9_debug_entry(target_t *target);
46 int arm7_9_enable_sw_bkpts(struct target_s *target);
48 /* command handler forward declarations */
49 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int arm7_9_reinit_embeddedice(target_t *target)
62 armv4_5_common_t *armv4_5 = target->arch_info;
63 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
65 breakpoint_t *breakpoint = target->breakpoints;
67 arm7_9->wp_available = 2;
71 /* mark all hardware breakpoints as unset */
74 if (breakpoint->type == BKPT_HARD)
78 breakpoint = breakpoint->next;
81 if (arm7_9->sw_bkpts_enabled && arm7_9->sw_bkpts_use_wp)
83 arm7_9->sw_bkpts_enabled = 0;
84 arm7_9_enable_sw_bkpts(target);
90 /* set things up after a reset / on startup */
91 int arm7_9_setup(target_t *target)
93 /* a test-logic reset have occured
94 * the EmbeddedICE registers have been reset
95 * hardware breakpoints have been cleared
97 return arm7_9_reinit_embeddedice(target);
100 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
102 armv4_5_common_t *armv4_5 = target->arch_info;
103 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
105 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
110 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
115 *armv4_5_p = armv4_5;
121 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
123 armv4_5_common_t *armv4_5 = target->arch_info;
124 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
126 if (target->state != TARGET_HALTED)
128 LOG_WARNING("target not halted");
129 return ERROR_TARGET_NOT_HALTED;
132 if (arm7_9->force_hw_bkpts)
133 breakpoint->type = BKPT_HARD;
137 LOG_WARNING("breakpoint already set");
141 if (breakpoint->type == BKPT_HARD)
143 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
144 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
145 if (!arm7_9->wp0_used)
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
153 jtag_execute_queue();
154 arm7_9->wp0_used = 1;
157 else if (!arm7_9->wp1_used)
159 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
160 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
165 jtag_execute_queue();
166 arm7_9->wp1_used = 1;
171 LOG_ERROR("BUG: no hardware comparator available");
175 else if (breakpoint->type == BKPT_SOFT)
177 if (breakpoint->length == 4)
179 u32 verify = 0xffffffff;
180 /* keep the original instruction in target endianness */
181 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
182 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
183 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
185 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
186 if (verify != arm7_9->arm_bkpt)
188 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x", breakpoint->address);
195 /* keep the original instruction in target endianness */
196 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
197 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
198 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
200 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
201 if (verify != arm7_9->thumb_bkpt)
203 LOG_ERROR("Unable to set thumb software breakpoint at address %08x", breakpoint->address);
214 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
216 armv4_5_common_t *armv4_5 = target->arch_info;
217 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
219 if (target->state != TARGET_HALTED)
221 LOG_WARNING("target not halted");
222 return ERROR_TARGET_NOT_HALTED;
225 if (!breakpoint->set)
227 LOG_WARNING("breakpoint not set");
231 if (breakpoint->type == BKPT_HARD)
233 if (breakpoint->set == 1)
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
236 jtag_execute_queue();
237 arm7_9->wp0_used = 0;
239 else if (breakpoint->set == 2)
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
242 jtag_execute_queue();
243 arm7_9->wp1_used = 0;
249 /* restore original instruction (kept in target endianness) */
250 if (breakpoint->length == 4)
253 /* check that user program as not modified breakpoint instruction */
254 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
255 if (current_instr==arm7_9->arm_bkpt)
256 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
261 /* check that user program as not modified breakpoint instruction */
262 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
263 if (current_instr==arm7_9->thumb_bkpt)
264 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
272 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
274 armv4_5_common_t *armv4_5 = target->arch_info;
275 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
277 if (target->state != TARGET_HALTED)
279 LOG_WARNING("target not halted");
280 return ERROR_TARGET_NOT_HALTED;
283 if (arm7_9->force_hw_bkpts)
285 LOG_DEBUG("forcing use of hardware breakpoint at address 0x%8.8x", breakpoint->address);
286 breakpoint->type = BKPT_HARD;
289 if ((breakpoint->type == BKPT_SOFT) && (arm7_9->sw_bkpts_enabled == 0))
291 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
292 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
295 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
297 LOG_INFO("no watchpoint unit available for hardware breakpoint");
298 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
301 if ((breakpoint->length != 2) && (breakpoint->length != 4))
303 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
304 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
307 if (breakpoint->type == BKPT_HARD)
308 arm7_9->wp_available--;
313 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
315 armv4_5_common_t *armv4_5 = target->arch_info;
316 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
318 if (target->state != TARGET_HALTED)
320 LOG_WARNING("target not halted");
321 return ERROR_TARGET_NOT_HALTED;
326 arm7_9_unset_breakpoint(target, breakpoint);
329 if (breakpoint->type == BKPT_HARD)
330 arm7_9->wp_available++;
335 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
337 armv4_5_common_t *armv4_5 = target->arch_info;
338 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
342 mask = watchpoint->length - 1;
344 if (target->state != TARGET_HALTED)
346 LOG_WARNING("target not halted");
347 return ERROR_TARGET_NOT_HALTED;
350 if (watchpoint->rw == WPT_ACCESS)
355 if (!arm7_9->wp0_used)
357 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
358 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
359 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
360 if( watchpoint->mask != 0xffffffffu )
361 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
363 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
365 jtag_execute_queue();
367 arm7_9->wp0_used = 2;
369 else if (!arm7_9->wp1_used)
371 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
372 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
373 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
374 if( watchpoint->mask != 0xffffffffu )
375 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
376 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
377 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
379 jtag_execute_queue();
381 arm7_9->wp1_used = 2;
385 LOG_ERROR("BUG: no hardware comparator available");
392 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
394 armv4_5_common_t *armv4_5 = target->arch_info;
395 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
397 if (target->state != TARGET_HALTED)
399 LOG_WARNING("target not halted");
400 return ERROR_TARGET_NOT_HALTED;
403 if (!watchpoint->set)
405 LOG_WARNING("breakpoint not set");
409 if (watchpoint->set == 1)
411 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
412 jtag_execute_queue();
413 arm7_9->wp0_used = 0;
415 else if (watchpoint->set == 2)
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
418 jtag_execute_queue();
419 arm7_9->wp1_used = 0;
426 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
428 armv4_5_common_t *armv4_5 = target->arch_info;
429 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
431 if (target->state != TARGET_HALTED)
433 LOG_WARNING("target not halted");
434 return ERROR_TARGET_NOT_HALTED;
437 if (arm7_9->wp_available < 1)
439 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
442 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
444 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
447 arm7_9->wp_available--;
452 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
457 if (target->state != TARGET_HALTED)
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
465 arm7_9_unset_watchpoint(target, watchpoint);
468 arm7_9->wp_available++;
473 int arm7_9_enable_sw_bkpts(struct target_s *target)
475 armv4_5_common_t *armv4_5 = target->arch_info;
476 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
479 if (arm7_9->sw_bkpts_enabled)
482 if (arm7_9->wp_available < 1)
484 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
485 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
487 arm7_9->wp_available--;
489 if (!arm7_9->wp0_used)
491 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
492 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
493 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
494 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
495 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
496 arm7_9->sw_bkpts_enabled = 1;
497 arm7_9->wp0_used = 3;
499 else if (!arm7_9->wp1_used)
501 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
502 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
503 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
505 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
506 arm7_9->sw_bkpts_enabled = 2;
507 arm7_9->wp1_used = 3;
511 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
515 if ((retval = jtag_execute_queue()) != ERROR_OK)
517 LOG_ERROR("error writing EmbeddedICE registers to enable sw breakpoints");
524 int arm7_9_disable_sw_bkpts(struct target_s *target)
526 armv4_5_common_t *armv4_5 = target->arch_info;
527 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
529 if (!arm7_9->sw_bkpts_enabled)
532 if (arm7_9->sw_bkpts_enabled == 1)
534 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
535 arm7_9->sw_bkpts_enabled = 0;
536 arm7_9->wp0_used = 0;
537 arm7_9->wp_available++;
539 else if (arm7_9->sw_bkpts_enabled == 2)
541 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
542 arm7_9->sw_bkpts_enabled = 0;
543 arm7_9->wp1_used = 0;
544 arm7_9->wp_available++;
550 int arm7_9_execute_sys_speed(struct target_s *target)
555 armv4_5_common_t *armv4_5 = target->arch_info;
556 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
557 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
558 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
560 /* set RESTART instruction */
561 jtag_add_end_state(TAP_RTI);
562 arm_jtag_set_instr(jtag_info, 0x4, NULL);
564 for (timeout=0; timeout<50; timeout++)
566 /* read debug status register */
567 embeddedice_read_reg(dbg_stat);
568 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
571 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
577 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
578 return ERROR_TARGET_TIMEOUT;
584 int arm7_9_execute_fast_sys_speed(struct target_s *target)
587 static u8 check_value[4], check_mask[4];
589 armv4_5_common_t *armv4_5 = target->arch_info;
590 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
591 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
592 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
594 /* set RESTART instruction */
595 jtag_add_end_state(TAP_RTI);
596 arm_jtag_set_instr(jtag_info, 0x4, NULL);
600 /* check for DBGACK and SYSCOMP set (others don't care) */
602 /* NB! These are constants that must be available until after next jtag_execute() and
603 we evaluate the values upon first execution in lieu of setting up these constants
606 buf_set_u32(check_value, 0, 32, 0x9);
607 buf_set_u32(check_mask, 0, 32, 0x9);
611 /* read debug status register */
612 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
617 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
619 armv4_5_common_t *armv4_5 = target->arch_info;
620 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
621 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
625 data = malloc(size * (sizeof(u32)));
627 embeddedice_receive(jtag_info, data, size);
629 for (i = 0; i < size; i++)
631 h_u32_to_le(buffer + (i * 4), data[i]);
639 int arm7_9_handle_target_request(void *priv)
641 target_t *target = priv;
642 if (!target->type->examined)
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
647 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
650 if (!target->dbg_msg_enabled)
653 if (target->state == TARGET_RUNNING)
655 /* read DCC control register */
656 embeddedice_read_reg(dcc_control);
657 jtag_execute_queue();
660 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
664 embeddedice_receive(jtag_info, &request, 1);
665 target_request(target, request);
672 int arm7_9_poll(target_t *target)
675 armv4_5_common_t *armv4_5 = target->arch_info;
676 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
677 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
679 /* read debug status register */
680 embeddedice_read_reg(dbg_stat);
681 if ((retval = jtag_execute_queue()) != ERROR_OK)
686 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
688 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
689 if (target->state == TARGET_UNKNOWN)
691 target->state = TARGET_RUNNING;
692 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
694 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
696 target->state = TARGET_HALTED;
697 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
700 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
702 if (target->state == TARGET_DEBUG_RUNNING)
704 target->state = TARGET_HALTED;
705 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
708 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
710 if (target->state != TARGET_HALTED)
712 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
717 if (target->state != TARGET_DEBUG_RUNNING)
718 target->state = TARGET_RUNNING;
725 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
726 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
727 while the core is held in reset(SRST). It isn't possible to program the halt
728 condition once reset was asserted, hence a hook that allows the target to set
729 up its reset-halt condition prior to asserting reset.
732 int arm7_9_assert_reset(target_t *target)
734 armv4_5_common_t *armv4_5 = target->arch_info;
735 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
736 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
738 if (!(jtag_reset_config & RESET_HAS_SRST))
740 LOG_ERROR("Can't assert SRST");
744 if ((target->reset_mode == RESET_HALT) || (target->reset_mode == RESET_INIT))
747 * Some targets do not support communication while SRST is asserted. We need to
748 * set up the reset vector catch here.
750 * If TRST is asserted, then these settings will be reset anyway, so setting them
753 if (arm7_9->has_vector_catch)
755 /* program vector catch register to catch reset vector */
756 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
760 /* program watchpoint unit to match on reset vector address */
761 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
762 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
763 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
764 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
768 /* here we should issue a srst only, but we may have to assert trst as well */
769 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
771 jtag_add_reset(1, 1);
774 jtag_add_reset(0, 1);
778 target->state = TARGET_RESET;
779 jtag_add_sleep(50000);
781 armv4_5_invalidate_core_regs(target);
787 int arm7_9_deassert_reset(target_t *target)
789 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
791 /* deassert reset lines */
792 jtag_add_reset(0, 0);
797 int arm7_9_clear_halt(target_t *target)
799 armv4_5_common_t *armv4_5 = target->arch_info;
800 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
801 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
803 /* we used DBGRQ only if we didn't come out of reset */
804 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
806 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
808 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
809 embeddedice_store_reg(dbg_ctrl);
813 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
815 /* if we came out of reset, and vector catch is supported, we used
816 * vector catch to enter debug state
817 * restore the register in that case
819 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
823 /* restore registers if watchpoint unit 0 was in use
825 if (arm7_9->wp0_used)
827 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
828 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
829 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
831 /* control value always has to be restored, as it was either disabled,
832 * or enabled with possibly different bits
834 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
841 int arm7_9_soft_reset_halt(struct target_s *target)
843 armv4_5_common_t *armv4_5 = target->arch_info;
844 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
845 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
846 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
850 if ((retval=target_halt(target))!=ERROR_OK)
855 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
857 embeddedice_read_reg(dbg_stat);
858 if ((retval=jtag_execute_queue())!=ERROR_OK)
860 /* do not eat all CPU, time out after 1 se*/
866 LOG_ERROR("Failed to halt CPU after 1 sec");
867 return ERROR_TARGET_TIMEOUT;
869 target->state = TARGET_HALTED;
871 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
872 * ensure that DBGRQ is cleared
874 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
875 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
876 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
877 embeddedice_store_reg(dbg_ctrl);
879 arm7_9_clear_halt(target);
881 /* if the target is in Thumb state, change to ARM state */
882 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
884 u32 r0_thumb, pc_thumb;
885 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
886 /* Entered debug from Thumb mode */
887 armv4_5->core_state = ARMV4_5_STATE_THUMB;
888 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
891 /* all register content is now invalid */
892 armv4_5_invalidate_core_regs(target);
894 /* SVC, ARM state, IRQ and FIQ disabled */
895 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
896 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
897 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
899 /* start fetching from 0x0 */
900 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
901 armv4_5->core_cache->reg_list[15].dirty = 1;
902 armv4_5->core_cache->reg_list[15].valid = 1;
904 armv4_5->core_mode = ARMV4_5_MODE_SVC;
905 armv4_5->core_state = ARMV4_5_STATE_ARM;
907 /* reset registers */
908 for (i = 0; i <= 14; i++)
910 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
911 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
912 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
915 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
920 int arm7_9_halt(target_t *target)
922 armv4_5_common_t *armv4_5 = target->arch_info;
923 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
924 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
926 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
928 if (target->state == TARGET_HALTED)
930 LOG_DEBUG("target was already halted");
934 if (target->state == TARGET_UNKNOWN)
936 LOG_WARNING("target was in unknown state when halt was requested");
939 if (target->state == TARGET_RESET)
941 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) && jtag_srst)
943 LOG_ERROR("can't request a halt while in reset if nSRST pulls nTRST");
944 return ERROR_TARGET_FAILURE;
948 /* we came here in a reset_halt or reset_init sequence
949 * debug entry was already prepared in arm7_9_prepare_reset_halt()
951 target->debug_reason = DBG_REASON_DBGRQ;
957 if (arm7_9->use_dbgrq)
959 /* program EmbeddedICE Debug Control Register to assert DBGRQ
961 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
962 embeddedice_store_reg(dbg_ctrl);
966 /* program watchpoint unit to match on any address
968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xf7);
974 target->debug_reason = DBG_REASON_DBGRQ;
979 int arm7_9_debug_entry(target_t *target)
984 u32 r0_thumb, pc_thumb;
987 /* get pointers to arch-specific information */
988 armv4_5_common_t *armv4_5 = target->arch_info;
989 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
990 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
991 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
993 #ifdef _DEBUG_ARM7_9_
997 if (arm7_9->pre_debug_entry)
998 arm7_9->pre_debug_entry(target);
1000 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1001 * ensure that DBGRQ is cleared
1003 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1004 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1005 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1006 embeddedice_store_reg(dbg_ctrl);
1008 arm7_9_clear_halt(target);
1010 if ((retval = jtag_execute_queue()) != ERROR_OK)
1015 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1019 if (target->state != TARGET_HALTED)
1021 LOG_WARNING("target not halted");
1022 return ERROR_TARGET_NOT_HALTED;
1025 /* if the target is in Thumb state, change to ARM state */
1026 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1028 LOG_DEBUG("target entered debug from Thumb state");
1029 /* Entered debug from Thumb mode */
1030 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1031 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1032 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1036 LOG_DEBUG("target entered debug from ARM state");
1037 /* Entered debug from ARM mode */
1038 armv4_5->core_state = ARMV4_5_STATE_ARM;
1041 for (i = 0; i < 16; i++)
1042 context_p[i] = &context[i];
1043 /* save core registers (r0 - r15 of current core mode) */
1044 arm7_9->read_core_regs(target, 0xffff, context_p);
1046 arm7_9->read_xpsr(target, &cpsr, 0);
1048 if ((retval = jtag_execute_queue()) != ERROR_OK)
1051 /* if the core has been executing in Thumb state, set the T bit */
1052 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1055 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1056 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1057 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1059 armv4_5->core_mode = cpsr & 0x1f;
1061 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1063 target->state = TARGET_UNKNOWN;
1064 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1065 return ERROR_TARGET_FAILURE;
1068 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1070 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1072 LOG_DEBUG("thumb state, applying fixups");
1073 context[0] = r0_thumb;
1074 context[15] = pc_thumb;
1075 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1077 /* adjust value stored by STM */
1078 context[15] -= 3 * 4;
1081 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1082 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1083 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1084 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1085 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1086 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1087 else if (target->debug_reason == DBG_REASON_DBGRQ)
1088 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1091 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1095 for (i=0; i<=15; i++)
1097 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1098 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1099 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1100 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1103 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1105 /* exceptions other than USR & SYS have a saved program status register */
1106 if ((armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_USR) && (armv4_5_mode_to_number(armv4_5->core_mode) != ARMV4_5_MODE_SYS))
1109 arm7_9->read_xpsr(target, &spsr, 1);
1110 jtag_execute_queue();
1111 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1112 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1113 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1116 /* r0 and r15 (pc) have to be restored later */
1117 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1118 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1120 if ((retval = jtag_execute_queue()) != ERROR_OK)
1123 if (arm7_9->post_debug_entry)
1124 arm7_9->post_debug_entry(target);
1129 int arm7_9_full_context(target_t *target)
1133 armv4_5_common_t *armv4_5 = target->arch_info;
1134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1138 if (target->state != TARGET_HALTED)
1140 LOG_WARNING("target not halted");
1141 return ERROR_TARGET_NOT_HALTED;
1144 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1145 * SYS shares registers with User, so we don't touch SYS
1147 for(i = 0; i < 6; i++)
1154 /* check if there are invalid registers in the current mode
1156 for (j = 0; j <= 16; j++)
1158 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1166 /* change processor mode (and mask T bit) */
1167 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1168 tmp_cpsr |= armv4_5_number_to_mode(i);
1170 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1172 for (j = 0; j < 15; j++)
1174 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1176 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1178 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1179 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1183 /* if only the PSR is invalid, mask is all zeroes */
1185 arm7_9->read_core_regs(target, mask, reg_p);
1187 /* check if the PSR has to be read */
1188 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1190 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1191 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1192 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1197 /* restore processor mode (mask T bit) */
1198 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1200 if ((retval = jtag_execute_queue()) != ERROR_OK)
1207 int arm7_9_restore_context(target_t *target)
1209 armv4_5_common_t *armv4_5 = target->arch_info;
1210 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1212 armv4_5_core_reg_t *reg_arch_info;
1213 enum armv4_5_mode current_mode = armv4_5->core_mode;
1220 if (target->state != TARGET_HALTED)
1222 LOG_WARNING("target not halted");
1223 return ERROR_TARGET_NOT_HALTED;
1226 if (arm7_9->pre_restore_context)
1227 arm7_9->pre_restore_context(target);
1229 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1230 * SYS shares registers with User, so we don't touch SYS
1232 for (i = 0; i < 6; i++)
1234 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1237 /* check if there are dirty registers in the current mode
1239 for (j = 0; j <= 16; j++)
1241 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1242 reg_arch_info = reg->arch_info;
1243 if (reg->dirty == 1)
1245 if (reg->valid == 1)
1248 LOG_DEBUG("examining dirty reg: %s", reg->name);
1249 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1250 && (reg_arch_info->mode != current_mode)
1251 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1252 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1255 LOG_DEBUG("require mode change");
1260 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1275 /* change processor mode (mask T bit) */
1276 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1277 tmp_cpsr |= armv4_5_number_to_mode(i);
1279 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1280 current_mode = armv4_5_number_to_mode(i);
1283 for (j = 0; j <= 14; j++)
1285 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1286 reg_arch_info = reg->arch_info;
1289 if (reg->dirty == 1)
1291 regs[j] = buf_get_u32(reg->value, 0, 32);
1296 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1302 arm7_9->write_core_regs(target, mask, regs);
1305 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1306 reg_arch_info = reg->arch_info;
1307 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1309 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1310 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1315 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1317 /* restore processor mode (mask T bit) */
1320 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1321 tmp_cpsr |= armv4_5_number_to_mode(i);
1323 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1324 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1326 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1328 /* CPSR has been changed, full restore necessary (mask T bit) */
1329 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1330 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1331 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1332 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1336 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1337 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1338 armv4_5->core_cache->reg_list[15].dirty = 0;
1340 if (arm7_9->post_restore_context)
1341 arm7_9->post_restore_context(target);
1346 int arm7_9_restart_core(struct target_s *target)
1348 armv4_5_common_t *armv4_5 = target->arch_info;
1349 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1350 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1352 /* set RESTART instruction */
1353 jtag_add_end_state(TAP_RTI);
1354 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1356 jtag_add_runtest(1, TAP_RTI);
1357 return jtag_execute_queue();
1360 void arm7_9_enable_watchpoints(struct target_s *target)
1362 watchpoint_t *watchpoint = target->watchpoints;
1366 if (watchpoint->set == 0)
1367 arm7_9_set_watchpoint(target, watchpoint);
1368 watchpoint = watchpoint->next;
1372 void arm7_9_enable_breakpoints(struct target_s *target)
1374 breakpoint_t *breakpoint = target->breakpoints;
1376 /* set any pending breakpoints */
1379 if (breakpoint->set == 0)
1380 arm7_9_set_breakpoint(target, breakpoint);
1381 breakpoint = breakpoint->next;
1385 void arm7_9_disable_bkpts_and_wpts(struct target_s *target)
1387 breakpoint_t *breakpoint = target->breakpoints;
1388 watchpoint_t *watchpoint = target->watchpoints;
1390 /* set any pending breakpoints */
1393 if (breakpoint->set != 0)
1394 arm7_9_unset_breakpoint(target, breakpoint);
1395 breakpoint = breakpoint->next;
1400 if (watchpoint->set != 0)
1401 arm7_9_unset_watchpoint(target, watchpoint);
1402 watchpoint = watchpoint->next;
1406 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1408 armv4_5_common_t *armv4_5 = target->arch_info;
1409 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1410 breakpoint_t *breakpoint = target->breakpoints;
1411 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1416 if (target->state != TARGET_HALTED)
1418 LOG_WARNING("target not halted");
1419 return ERROR_TARGET_NOT_HALTED;
1422 if (!debug_execution)
1424 target_free_all_working_areas(target);
1427 /* current = 1: continue on current pc, otherwise continue at <address> */
1429 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1431 /* the front-end may request us not to handle breakpoints */
1432 if (handle_breakpoints)
1434 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1436 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1437 arm7_9_unset_breakpoint(target, breakpoint);
1439 LOG_DEBUG("enable single-step");
1440 arm7_9->enable_single_step(target);
1442 target->debug_reason = DBG_REASON_SINGLESTEP;
1444 arm7_9_restore_context(target);
1446 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1447 arm7_9->branch_resume(target);
1448 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1450 arm7_9->branch_resume_thumb(target);
1454 LOG_ERROR("unhandled core state");
1458 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1459 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1460 err = arm7_9_execute_sys_speed(target);
1462 LOG_DEBUG("disable single-step");
1463 arm7_9->disable_single_step(target);
1465 if (err != ERROR_OK)
1467 arm7_9_set_breakpoint(target, breakpoint);
1468 target->state = TARGET_UNKNOWN;
1472 arm7_9_debug_entry(target);
1473 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1475 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1476 arm7_9_set_breakpoint(target, breakpoint);
1480 /* enable any pending breakpoints and watchpoints */
1481 arm7_9_enable_breakpoints(target);
1482 arm7_9_enable_watchpoints(target);
1484 arm7_9_restore_context(target);
1486 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1488 arm7_9->branch_resume(target);
1490 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1492 arm7_9->branch_resume_thumb(target);
1496 LOG_ERROR("unhandled core state");
1500 /* deassert DBGACK and INTDIS */
1501 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1502 /* INTDIS only when we really resume, not during debug execution */
1503 if (!debug_execution)
1504 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1505 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1507 arm7_9_restart_core(target);
1509 target->debug_reason = DBG_REASON_NOTHALTED;
1511 if (!debug_execution)
1513 /* registers are now invalid */
1514 armv4_5_invalidate_core_regs(target);
1515 target->state = TARGET_RUNNING;
1516 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1520 target->state = TARGET_DEBUG_RUNNING;
1521 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1524 LOG_DEBUG("target resumed");
1529 void arm7_9_enable_eice_step(target_t *target)
1531 armv4_5_common_t *armv4_5 = target->arch_info;
1532 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1534 /* setup an inverse breakpoint on the current PC
1535 * - comparator 1 matches the current address
1536 * - rangeout from comparator 1 is connected to comparator 0 rangein
1537 * - comparator 0 matches any address, as long as rangein is low */
1538 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1539 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1540 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x100);
1541 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0x77);
1542 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1543 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1544 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1545 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1546 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xf7);
1549 void arm7_9_disable_eice_step(target_t *target)
1551 armv4_5_common_t *armv4_5 = target->arch_info;
1552 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1554 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1555 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1556 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1557 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1558 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1559 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1560 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1561 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1562 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1565 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1567 armv4_5_common_t *armv4_5 = target->arch_info;
1568 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1569 breakpoint_t *breakpoint = NULL;
1572 if (target->state != TARGET_HALTED)
1574 LOG_WARNING("target not halted");
1575 return ERROR_TARGET_NOT_HALTED;
1578 /* current = 1: continue on current pc, otherwise continue at <address> */
1580 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1582 /* the front-end may request us not to handle breakpoints */
1583 if (handle_breakpoints)
1584 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1585 arm7_9_unset_breakpoint(target, breakpoint);
1587 target->debug_reason = DBG_REASON_SINGLESTEP;
1589 arm7_9_restore_context(target);
1591 arm7_9->enable_single_step(target);
1593 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1595 arm7_9->branch_resume(target);
1597 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1599 arm7_9->branch_resume_thumb(target);
1603 LOG_ERROR("unhandled core state");
1607 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1609 err = arm7_9_execute_sys_speed(target);
1610 arm7_9->disable_single_step(target);
1612 /* registers are now invalid */
1613 armv4_5_invalidate_core_regs(target);
1615 if (err != ERROR_OK)
1617 target->state = TARGET_UNKNOWN;
1619 arm7_9_debug_entry(target);
1620 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1621 LOG_DEBUG("target stepped");
1625 arm7_9_set_breakpoint(target, breakpoint);
1631 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1636 armv4_5_common_t *armv4_5 = target->arch_info;
1637 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1638 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1640 if ((num < 0) || (num > 16))
1641 return ERROR_INVALID_ARGUMENTS;
1643 if ((mode != ARMV4_5_MODE_ANY)
1644 && (mode != armv4_5->core_mode)
1645 && (reg_mode != ARMV4_5_MODE_ANY))
1649 /* change processor mode (mask T bit) */
1650 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1653 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1656 if ((num >= 0) && (num <= 15))
1658 /* read a normal core register */
1659 reg_p[num] = &value;
1661 arm7_9->read_core_regs(target, 1 << num, reg_p);
1665 /* read a program status register
1666 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1668 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1669 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1671 arm7_9->read_xpsr(target, &value, spsr);
1674 if ((retval = jtag_execute_queue()) != ERROR_OK)
1679 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1680 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1681 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1683 if ((mode != ARMV4_5_MODE_ANY)
1684 && (mode != armv4_5->core_mode)
1685 && (reg_mode != ARMV4_5_MODE_ANY)) {
1686 /* restore processor mode (mask T bit) */
1687 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1694 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1697 armv4_5_common_t *armv4_5 = target->arch_info;
1698 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1699 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1701 if ((num < 0) || (num > 16))
1702 return ERROR_INVALID_ARGUMENTS;
1704 if ((mode != ARMV4_5_MODE_ANY)
1705 && (mode != armv4_5->core_mode)
1706 && (reg_mode != ARMV4_5_MODE_ANY)) {
1709 /* change processor mode (mask T bit) */
1710 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1713 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1716 if ((num >= 0) && (num <= 15))
1718 /* write a normal core register */
1721 arm7_9->write_core_regs(target, 1 << num, reg);
1725 /* write a program status register
1726 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1728 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1729 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1731 /* if we're writing the CPSR, mask the T bit */
1735 arm7_9->write_xpsr(target, value, spsr);
1738 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1739 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1741 if ((mode != ARMV4_5_MODE_ANY)
1742 && (mode != armv4_5->core_mode)
1743 && (reg_mode != ARMV4_5_MODE_ANY)) {
1744 /* restore processor mode (mask T bit) */
1745 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1748 return jtag_execute_queue();
1751 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1753 armv4_5_common_t *armv4_5 = target->arch_info;
1754 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1757 int num_accesses = 0;
1758 int thisrun_accesses;
1764 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1766 if (target->state != TARGET_HALTED)
1768 LOG_WARNING("target not halted");
1769 return ERROR_TARGET_NOT_HALTED;
1772 /* sanitize arguments */
1773 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1774 return ERROR_INVALID_ARGUMENTS;
1776 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1777 return ERROR_TARGET_UNALIGNED_ACCESS;
1779 /* load the base register with the address of the first word */
1781 arm7_9->write_core_regs(target, 0x1, reg);
1786 while (num_accesses < count)
1789 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1790 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1792 if (last_reg <= thisrun_accesses)
1793 last_reg = thisrun_accesses;
1795 arm7_9->load_word_regs(target, reg_list);
1797 /* fast memory reads are only safe when the target is running
1798 * from a sufficiently high clock (32 kHz is usually too slow)
1800 if (arm7_9->fast_memory_access)
1801 arm7_9_execute_fast_sys_speed(target);
1803 arm7_9_execute_sys_speed(target);
1805 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1807 /* advance buffer, count number of accesses */
1808 buffer += thisrun_accesses * 4;
1809 num_accesses += thisrun_accesses;
1813 while (num_accesses < count)
1816 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1817 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1819 for (i = 1; i <= thisrun_accesses; i++)
1823 arm7_9->load_hword_reg(target, i);
1824 /* fast memory reads are only safe when the target is running
1825 * from a sufficiently high clock (32 kHz is usually too slow)
1827 if (arm7_9->fast_memory_access)
1828 arm7_9_execute_fast_sys_speed(target);
1830 arm7_9_execute_sys_speed(target);
1833 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1835 /* advance buffer, count number of accesses */
1836 buffer += thisrun_accesses * 2;
1837 num_accesses += thisrun_accesses;
1841 while (num_accesses < count)
1844 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1845 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1847 for (i = 1; i <= thisrun_accesses; i++)
1851 arm7_9->load_byte_reg(target, i);
1852 /* fast memory reads are only safe when the target is running
1853 * from a sufficiently high clock (32 kHz is usually too slow)
1855 if (arm7_9->fast_memory_access)
1856 arm7_9_execute_fast_sys_speed(target);
1858 arm7_9_execute_sys_speed(target);
1861 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1863 /* advance buffer, count number of accesses */
1864 buffer += thisrun_accesses * 1;
1865 num_accesses += thisrun_accesses;
1869 LOG_ERROR("BUG: we shouldn't get here");
1874 for (i=0; i<=last_reg; i++)
1875 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1877 arm7_9->read_xpsr(target, &cpsr, 0);
1878 if ((retval = jtag_execute_queue()) != ERROR_OK)
1880 LOG_ERROR("JTAG error while reading cpsr");
1881 return ERROR_TARGET_DATA_ABORT;
1884 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1886 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1888 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1890 return ERROR_TARGET_DATA_ABORT;
1896 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1898 armv4_5_common_t *armv4_5 = target->arch_info;
1899 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1900 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1903 int num_accesses = 0;
1904 int thisrun_accesses;
1910 #ifdef _DEBUG_ARM7_9_
1911 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1914 if (target->state != TARGET_HALTED)
1916 LOG_WARNING("target not halted");
1917 return ERROR_TARGET_NOT_HALTED;
1920 /* sanitize arguments */
1921 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1922 return ERROR_INVALID_ARGUMENTS;
1924 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1925 return ERROR_TARGET_UNALIGNED_ACCESS;
1927 /* load the base register with the address of the first word */
1929 arm7_9->write_core_regs(target, 0x1, reg);
1931 /* Clear DBGACK, to make sure memory fetches work as expected */
1932 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1933 embeddedice_store_reg(dbg_ctrl);
1938 while (num_accesses < count)
1941 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1942 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1944 for (i = 1; i <= thisrun_accesses; i++)
1948 reg[i] = target_buffer_get_u32(target, buffer);
1952 arm7_9->write_core_regs(target, reg_list, reg);
1954 arm7_9->store_word_regs(target, reg_list);
1956 /* fast memory writes are only safe when the target is running
1957 * from a sufficiently high clock (32 kHz is usually too slow)
1959 if (arm7_9->fast_memory_access)
1960 arm7_9_execute_fast_sys_speed(target);
1962 arm7_9_execute_sys_speed(target);
1964 num_accesses += thisrun_accesses;
1968 while (num_accesses < count)
1971 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1972 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1974 for (i = 1; i <= thisrun_accesses; i++)
1978 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
1982 arm7_9->write_core_regs(target, reg_list, reg);
1984 for (i = 1; i <= thisrun_accesses; i++)
1986 arm7_9->store_hword_reg(target, i);
1988 /* fast memory writes are only safe when the target is running
1989 * from a sufficiently high clock (32 kHz is usually too slow)
1991 if (arm7_9->fast_memory_access)
1992 arm7_9_execute_fast_sys_speed(target);
1994 arm7_9_execute_sys_speed(target);
1997 num_accesses += thisrun_accesses;
2001 while (num_accesses < count)
2004 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2005 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2007 for (i = 1; i <= thisrun_accesses; i++)
2011 reg[i] = *buffer++ & 0xff;
2014 arm7_9->write_core_regs(target, reg_list, reg);
2016 for (i = 1; i <= thisrun_accesses; i++)
2018 arm7_9->store_byte_reg(target, i);
2019 /* fast memory writes are only safe when the target is running
2020 * from a sufficiently high clock (32 kHz is usually too slow)
2022 if (arm7_9->fast_memory_access)
2023 arm7_9_execute_fast_sys_speed(target);
2025 arm7_9_execute_sys_speed(target);
2028 num_accesses += thisrun_accesses;
2032 LOG_ERROR("BUG: we shouldn't get here");
2038 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2039 embeddedice_store_reg(dbg_ctrl);
2041 for (i=0; i<=last_reg; i++)
2042 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2044 arm7_9->read_xpsr(target, &cpsr, 0);
2045 if ((retval = jtag_execute_queue()) != ERROR_OK)
2047 LOG_ERROR("JTAG error while reading cpsr");
2048 return ERROR_TARGET_DATA_ABORT;
2051 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2053 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2055 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2057 return ERROR_TARGET_DATA_ABORT;
2063 static const u32 dcc_code[] =
2065 /* MRC TST BNE MRC STR B */
2066 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2069 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2071 armv4_5_common_t *armv4_5 = target->arch_info;
2072 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2073 enum armv4_5_state core_state = armv4_5->core_state;
2074 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2075 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2076 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2079 if (!arm7_9->dcc_downloads)
2080 return target->type->write_memory(target, address, 4, count, buffer);
2082 /* regrab previously allocated working_area, or allocate a new one */
2083 if (!arm7_9->dcc_working_area)
2085 u8 dcc_code_buf[6 * 4];
2087 /* make sure we have a working area */
2088 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2090 LOG_INFO("no working area available, falling back to memory writes");
2091 return target->type->write_memory(target, address, 4, count, buffer);
2094 /* copy target instructions to target endianness */
2095 for (i = 0; i < 6; i++)
2097 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2100 /* write DCC code to working area */
2101 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2104 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2105 armv4_5->core_cache->reg_list[0].valid = 1;
2106 armv4_5->core_cache->reg_list[0].dirty = 1;
2107 armv4_5->core_state = ARMV4_5_STATE_ARM;
2109 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2111 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2114 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2115 core function repeated.
2117 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2120 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2121 u8 reg_addr = ice_reg->addr & 0x1f;
2122 int chain_pos = ice_reg->jtag_info->chain_pos;
2123 /* we want the compiler to duplicate the code, which it does not
2128 for (i = 1; i < count - 1; i++)
2130 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2135 for (i = 1; i < count - 1; i++)
2137 embeddedice_write_reg_inner(chain_pos, reg_addr, fast_target_buffer_get_u32(buffer, little));
2141 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2144 for (i = 0; i < count; i++)
2146 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2151 target_halt(target);
2153 for (i=0; i<100; i++)
2155 target_poll(target);
2156 if (target->state == TARGET_HALTED)
2158 usleep(1000); /* sleep 1ms */
2162 LOG_ERROR("bulk write timed out, target not halted");
2163 return ERROR_TARGET_TIMEOUT;
2166 /* restore target state */
2167 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2168 armv4_5->core_cache->reg_list[0].valid = 1;
2169 armv4_5->core_cache->reg_list[0].dirty = 1;
2170 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2171 armv4_5->core_cache->reg_list[1].valid = 1;
2172 armv4_5->core_cache->reg_list[1].dirty = 1;
2173 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2174 armv4_5->core_cache->reg_list[15].valid = 1;
2175 armv4_5->core_cache->reg_list[15].dirty = 1;
2176 armv4_5->core_state = core_state;
2181 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2183 working_area_t *crc_algorithm;
2184 armv4_5_algorithm_t armv4_5_info;
2185 reg_param_t reg_params[2];
2188 u32 arm7_9_crc_code[] = {
2189 0xE1A02000, /* mov r2, r0 */
2190 0xE3E00000, /* mov r0, #0xffffffff */
2191 0xE1A03001, /* mov r3, r1 */
2192 0xE3A04000, /* mov r4, #0 */
2193 0xEA00000B, /* b ncomp */
2195 0xE7D21004, /* ldrb r1, [r2, r4] */
2196 0xE59F7030, /* ldr r7, CRC32XOR */
2197 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2198 0xE3A05000, /* mov r5, #0 */
2200 0xE3500000, /* cmp r0, #0 */
2201 0xE1A06080, /* mov r6, r0, asl #1 */
2202 0xE2855001, /* add r5, r5, #1 */
2203 0xE1A00006, /* mov r0, r6 */
2204 0xB0260007, /* eorlt r0, r6, r7 */
2205 0xE3550008, /* cmp r5, #8 */
2206 0x1AFFFFF8, /* bne loop */
2207 0xE2844001, /* add r4, r4, #1 */
2209 0xE1540003, /* cmp r4, r3 */
2210 0x1AFFFFF1, /* bne nbyte */
2212 0xEAFFFFFE, /* b end */
2213 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2218 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2220 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2223 /* convert flash writing code into a buffer in target endianness */
2224 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2225 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2227 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2228 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2229 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2231 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2232 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2234 buf_set_u32(reg_params[0].value, 0, 32, address);
2235 buf_set_u32(reg_params[1].value, 0, 32, count);
2237 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2238 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2240 LOG_ERROR("error executing arm7_9 crc algorithm");
2241 destroy_reg_param(®_params[0]);
2242 destroy_reg_param(®_params[1]);
2243 target_free_working_area(target, crc_algorithm);
2247 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2249 destroy_reg_param(®_params[0]);
2250 destroy_reg_param(®_params[1]);
2252 target_free_working_area(target, crc_algorithm);
2257 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2259 command_t *arm7_9_cmd;
2261 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2263 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2264 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2266 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2268 register_command(cmd_ctx, arm7_9_cmd, "sw_bkpts", handle_arm7_9_sw_bkpts_command, COMMAND_EXEC, "support for software breakpoints <enable|disable>");
2269 register_command(cmd_ctx, arm7_9_cmd, "force_hw_bkpts", handle_arm7_9_force_hw_bkpts_command, COMMAND_EXEC, "use hardware breakpoints for all breakpoints (disables sw breakpoint support) <enable|disable>");
2270 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2271 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2272 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2273 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2274 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2275 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2276 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2277 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2279 armv4_5_register_commands(cmd_ctx);
2281 etm_register_commands(cmd_ctx);
2286 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2291 target_t *target = get_current_target(cmd_ctx);
2292 armv4_5_common_t *armv4_5;
2293 arm7_9_common_t *arm7_9;
2295 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2297 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2301 if (target->state != TARGET_HALTED)
2303 command_print(cmd_ctx, "can't write registers while running");
2309 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2313 value = strtoul(args[0], NULL, 0);
2314 spsr = strtol(args[1], NULL, 0);
2316 /* if we're writing the CPSR, mask the T bit */
2320 arm7_9->write_xpsr(target, value, spsr);
2321 if ((retval = jtag_execute_queue()) != ERROR_OK)
2323 LOG_ERROR("JTAG error while writing to xpsr");
2330 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2336 target_t *target = get_current_target(cmd_ctx);
2337 armv4_5_common_t *armv4_5;
2338 arm7_9_common_t *arm7_9;
2340 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2342 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2346 if (target->state != TARGET_HALTED)
2348 command_print(cmd_ctx, "can't write registers while running");
2354 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2358 value = strtoul(args[0], NULL, 0);
2359 rotate = strtol(args[1], NULL, 0);
2360 spsr = strtol(args[2], NULL, 0);
2362 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2363 if ((retval = jtag_execute_queue()) != ERROR_OK)
2365 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2372 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2377 target_t *target = get_current_target(cmd_ctx);
2378 armv4_5_common_t *armv4_5;
2379 arm7_9_common_t *arm7_9;
2381 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2383 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2387 if (target->state != TARGET_HALTED)
2389 command_print(cmd_ctx, "can't write registers while running");
2395 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2399 num = strtol(args[0], NULL, 0);
2400 mode = strtoul(args[1], NULL, 0);
2401 value = strtoul(args[2], NULL, 0);
2403 arm7_9_write_core_reg(target, num, mode, value);
2408 int handle_arm7_9_sw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2410 target_t *target = get_current_target(cmd_ctx);
2411 armv4_5_common_t *armv4_5;
2412 arm7_9_common_t *arm7_9;
2414 if (target->state != TARGET_HALTED)
2416 LOG_ERROR("target not halted");
2417 return ERROR_TARGET_NOT_HALTED;
2420 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2422 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2428 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2432 if (strcmp("enable", args[0]) == 0)
2434 if (arm7_9->sw_bkpts_use_wp)
2436 arm7_9_enable_sw_bkpts(target);
2440 arm7_9->sw_bkpts_enabled = 1;
2443 else if (strcmp("disable", args[0]) == 0)
2445 if (arm7_9->sw_bkpts_use_wp)
2447 arm7_9_disable_sw_bkpts(target);
2451 arm7_9->sw_bkpts_enabled = 0;
2456 command_print(cmd_ctx, "usage: arm7_9 sw_bkpts <enable|disable>");
2459 command_print(cmd_ctx, "software breakpoints %s", (arm7_9->sw_bkpts_enabled) ? "enabled" : "disabled");
2464 int handle_arm7_9_force_hw_bkpts_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2466 target_t *target = get_current_target(cmd_ctx);
2467 armv4_5_common_t *armv4_5;
2468 arm7_9_common_t *arm7_9;
2470 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2472 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2476 if ((argc >= 1) && (strcmp("enable", args[0]) == 0))
2478 arm7_9->force_hw_bkpts = 1;
2479 if (arm7_9->sw_bkpts_use_wp)
2481 arm7_9_disable_sw_bkpts(target);
2484 else if ((argc >= 1) && (strcmp("disable", args[0]) == 0))
2486 arm7_9->force_hw_bkpts = 0;
2490 command_print(cmd_ctx, "usage: arm7_9 force_hw_bkpts <enable|disable>");
2493 command_print(cmd_ctx, "force hardware breakpoints %s", (arm7_9->force_hw_bkpts) ? "enabled" : "disabled");
2498 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2500 target_t *target = get_current_target(cmd_ctx);
2501 armv4_5_common_t *armv4_5;
2502 arm7_9_common_t *arm7_9;
2504 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2506 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2512 if (strcmp("enable", args[0]) == 0)
2514 arm7_9->use_dbgrq = 1;
2516 else if (strcmp("disable", args[0]) == 0)
2518 arm7_9->use_dbgrq = 0;
2522 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2526 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2531 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2533 target_t *target = get_current_target(cmd_ctx);
2534 armv4_5_common_t *armv4_5;
2535 arm7_9_common_t *arm7_9;
2537 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2539 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2545 if (strcmp("enable", args[0]) == 0)
2547 arm7_9->fast_memory_access = 1;
2549 else if (strcmp("disable", args[0]) == 0)
2551 arm7_9->fast_memory_access = 0;
2555 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2559 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2564 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2566 target_t *target = get_current_target(cmd_ctx);
2567 armv4_5_common_t *armv4_5;
2568 arm7_9_common_t *arm7_9;
2570 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2572 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2578 if (strcmp("enable", args[0]) == 0)
2580 arm7_9->dcc_downloads = 1;
2582 else if (strcmp("disable", args[0]) == 0)
2584 arm7_9->dcc_downloads = 0;
2588 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2592 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2597 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2599 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2601 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2603 arm_jtag_setup_connection(&arm7_9->jtag_info);
2604 arm7_9->wp_available = 2;
2605 arm7_9->wp0_used = 0;
2606 arm7_9->wp1_used = 0;
2607 arm7_9->force_hw_bkpts = 0;
2608 arm7_9->use_dbgrq = 0;
2610 arm7_9->etm_ctx = NULL;
2611 arm7_9->has_single_step = 0;
2612 arm7_9->has_monitor_mode = 0;
2613 arm7_9->has_vector_catch = 0;
2615 arm7_9->debug_entry_from_reset = 0;
2617 arm7_9->dcc_working_area = NULL;
2619 arm7_9->fast_memory_access = fast_and_dangerous;
2620 arm7_9->dcc_downloads = fast_and_dangerous;
2622 armv4_5->arch_info = arm7_9;
2623 armv4_5->read_core_reg = arm7_9_read_core_reg;
2624 armv4_5->write_core_reg = arm7_9_write_core_reg;
2625 armv4_5->full_context = arm7_9_full_context;
2627 armv4_5_init_arch_info(target, armv4_5);
2629 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / fw / openocd / blob