1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include <helper/time_support.h>
34 #include "target_type.h"
35 #include "algorithm.h"
37 #include "arm_opcodes.h"
40 #define _DEBUG_INSTRUCTION_EXECUTION_
44 static int arm11_step(struct target *target, int current,
45 target_addr_t address, int handle_breakpoints);
48 /** Check and if necessary take control of the system
50 * \param arm11 Target state variable.
52 static int arm11_check_init(struct arm11_common *arm11)
54 CHECK_RETVAL(arm11_read_dscr(arm11));
56 if (!(arm11->dscr & DSCR_HALT_DBG_MODE)) {
57 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
58 LOG_DEBUG("Bringing target into debug mode");
60 arm11->dscr |= DSCR_HALT_DBG_MODE;
61 CHECK_RETVAL(arm11_write_dscr(arm11, arm11->dscr));
63 /* add further reset initialization here */
65 arm11->simulate_reset_on_next_halt = true;
67 if (arm11->dscr & DSCR_CORE_HALTED) {
68 /** \todo TODO: this needs further scrutiny because
69 * arm11_debug_entry() never gets called. (WHY NOT?)
70 * As a result we don't read the actual register states from
74 arm11->arm.target->state = TARGET_HALTED;
75 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
77 arm11->arm.target->state = TARGET_RUNNING;
78 arm11->arm.target->debug_reason = DBG_REASON_NOTHALTED;
81 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11));
88 * Save processor state. This is called after a HALT instruction
89 * succeeds, and on other occasions the processor enters debug mode
90 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
92 static int arm11_debug_entry(struct arm11_common *arm11)
96 arm11->arm.target->state = TARGET_HALTED;
97 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
99 /* REVISIT entire cache should already be invalid !!! */
100 register_cache_invalidate(arm11->arm.core_cache);
102 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
104 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
105 arm11->is_wdtr_saved = !!(arm11->dscr & DSCR_DTR_TX_FULL);
106 if (arm11->is_wdtr_saved) {
107 arm11_add_debug_scan_n(arm11, 0x05, ARM11_TAP_DEFAULT);
109 arm11_add_ir(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
111 struct scan_field chain5_fields[3];
113 arm11_setup_field(arm11, 32, NULL,
114 &arm11->saved_wdtr, chain5_fields + 0);
115 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 1);
116 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
118 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
119 chain5_fields), chain5_fields, TAP_DRPAUSE);
123 /* DSCR: set the Execute ARM instruction enable bit.
125 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
126 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
127 * for executing instructions via ITR.
129 CHECK_RETVAL(arm11_write_dscr(arm11, DSCR_ITR_EN | arm11->dscr));
133 Before executing any instruction in debug state you have to drain the write buffer.
134 This ensures that no imprecise Data Aborts can return at a later point:*/
136 /** \todo TODO: Test drain write buffer. */
140 /* MRC p14,0,R0,c5,c10,0 */
141 /* arm11_run_instr_no_data1(arm11, / *0xee150e1a* /0xe320f000); */
143 /* mcr 15, 0, r0, cr7, cr10, {4} */
144 arm11_run_instr_no_data1(arm11, 0xee070f9a);
146 uint32_t dscr = arm11_read_dscr(arm11);
148 LOG_DEBUG("DRAIN, DSCR %08x", dscr);
150 if (dscr & ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT) {
151 arm11_run_instr_no_data1(arm11, 0xe320f000);
153 dscr = arm11_read_dscr(arm11);
155 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr);
164 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
165 * CPSR and PC after the rDTR stuff. We do it all at once.
167 retval = arm_dpm_read_current_registers(&arm11->dpm);
168 if (retval != ERROR_OK)
169 LOG_ERROR("DPM REG READ -- fail");
171 retval = arm11_run_instr_data_prepare(arm11);
172 if (retval != ERROR_OK)
175 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
176 arm11->is_rdtr_saved = !!(arm11->dscr & DSCR_DTR_RX_FULL);
177 if (arm11->is_rdtr_saved) {
178 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
179 retval = arm11_run_instr_data_from_core_via_r0(arm11,
180 0xEE100E15, &arm11->saved_rdtr);
181 if (retval != ERROR_OK)
185 /* REVISIT Now that we've saved core state, there's may also
186 * be MMU and cache state to care about ...
189 if (arm11->simulate_reset_on_next_halt) {
190 arm11->simulate_reset_on_next_halt = false;
192 LOG_DEBUG("Reset c1 Control Register");
194 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
196 /* MCR p15,0,R0,c1,c0,0 */
197 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee010f10, 0);
198 if (retval != ERROR_OK)
203 if (arm11->arm.target->debug_reason == DBG_REASON_WATCHPOINT) {
206 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
207 retval = arm11_run_instr_data_from_core_via_r0(arm11,
208 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
210 if (retval != ERROR_OK)
212 arm_dpm_report_wfar(arm11->arm.dpm, wfar);
216 retval = arm11_run_instr_data_finish(arm11);
217 if (retval != ERROR_OK)
224 * Restore processor state. This is called in preparation for
225 * the RESTART function.
227 static int arm11_leave_debug_state(struct arm11_common *arm11, bool bpwp)
231 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
233 /* NOTE: the ARM1136 TRM suggests restoring all registers
234 * except R0/PC/CPSR right now. Instead, we do them all
235 * at once, just a bit later on.
238 /* REVISIT once we start caring about MMU and cache state,
239 * address it here ...
242 /* spec says clear wDTR and rDTR; we assume they are clear as
243 otherwise our programming would be sloppy */
245 CHECK_RETVAL(arm11_read_dscr(arm11));
247 if (arm11->dscr & (DSCR_DTR_RX_FULL | DSCR_DTR_TX_FULL)) {
249 The wDTR/rDTR two registers that are used to send/receive data to/from
250 the core in tandem with corresponding instruction codes that are
251 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
252 registers hold data that was written by one side (CPU or JTAG) and not
253 read out by the other side.
255 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
256 (unsigned) arm11->dscr);
261 /* maybe restore original wDTR */
262 if (arm11->is_wdtr_saved) {
263 retval = arm11_run_instr_data_prepare(arm11);
264 if (retval != ERROR_OK)
267 /* MCR p14,0,R0,c0,c5,0 */
268 retval = arm11_run_instr_data_to_core_via_r0(arm11,
269 0xee000e15, arm11->saved_wdtr);
270 if (retval != ERROR_OK)
273 retval = arm11_run_instr_data_finish(arm11);
274 if (retval != ERROR_OK)
278 /* restore CPSR, PC, and R0 ... after flushing any modified
281 CHECK_RETVAL(arm_dpm_write_dirty_registers(&arm11->dpm, bpwp));
283 CHECK_RETVAL(arm11_bpwp_flush(arm11));
285 register_cache_invalidate(arm11->arm.core_cache);
288 CHECK_RETVAL(arm11_write_dscr(arm11, arm11->dscr));
290 /* maybe restore rDTR */
291 if (arm11->is_rdtr_saved) {
292 arm11_add_debug_scan_n(arm11, 0x05, ARM11_TAP_DEFAULT);
294 arm11_add_ir(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
296 struct scan_field chain5_fields[3];
298 uint8_t ready = 0; /* ignored */
299 uint8_t valid = 0; /* ignored */
301 arm11_setup_field(arm11, 32, &arm11->saved_rdtr,
302 NULL, chain5_fields + 0);
303 arm11_setup_field(arm11, 1, &ready, NULL, chain5_fields + 1);
304 arm11_setup_field(arm11, 1, &valid, NULL, chain5_fields + 2);
306 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
307 chain5_fields), chain5_fields, TAP_DRPAUSE);
310 /* now processor is ready to RESTART */
315 /* poll current target status */
316 static int arm11_poll(struct target *target)
319 struct arm11_common *arm11 = target_to_arm11(target);
321 CHECK_RETVAL(arm11_check_init(arm11));
323 if (arm11->dscr & DSCR_CORE_HALTED) {
324 if (target->state != TARGET_HALTED) {
325 enum target_state old_state = target->state;
327 LOG_DEBUG("enter TARGET_HALTED");
328 retval = arm11_debug_entry(arm11);
329 if (retval != ERROR_OK)
332 target_call_event_callbacks(target,
333 (old_state == TARGET_DEBUG_RUNNING)
334 ? TARGET_EVENT_DEBUG_HALTED
335 : TARGET_EVENT_HALTED);
338 if (target->state != TARGET_RUNNING && target->state != TARGET_DEBUG_RUNNING) {
339 LOG_DEBUG("enter TARGET_RUNNING");
340 target->state = TARGET_RUNNING;
341 target->debug_reason = DBG_REASON_NOTHALTED;
347 /* architecture specific status reply */
348 static int arm11_arch_state(struct target *target)
350 struct arm11_common *arm11 = target_to_arm11(target);
353 retval = arm_arch_state(target);
355 /* REVISIT also display ARM11-specific MMU and cache status ... */
357 if (target->debug_reason == DBG_REASON_WATCHPOINT)
358 LOG_USER("Watchpoint triggered at PC " TARGET_ADDR_FMT, arm11->dpm.wp_addr);
363 /* target execution control */
364 static int arm11_halt(struct target *target)
366 struct arm11_common *arm11 = target_to_arm11(target);
368 LOG_DEBUG("target->state: %s",
369 target_state_name(target));
371 if (target->state == TARGET_UNKNOWN)
372 arm11->simulate_reset_on_next_halt = true;
374 if (target->state == TARGET_HALTED) {
375 LOG_DEBUG("target was already halted");
379 arm11_add_ir(arm11, ARM11_HALT, TAP_IDLE);
381 CHECK_RETVAL(jtag_execute_queue());
386 CHECK_RETVAL(arm11_read_dscr(arm11));
388 if (arm11->dscr & DSCR_CORE_HALTED)
396 if ((timeval_ms()-then) > 1000) {
397 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
404 enum target_state old_state = target->state;
406 CHECK_RETVAL(arm11_debug_entry(arm11));
409 target_call_event_callbacks(target,
411 TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED));
416 static uint32_t arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
418 void *value = arm11->arm.pc->value;
420 /* use the current program counter */
422 address = buf_get_u32(value, 0, 32);
424 /* Make sure that the gdb thumb fixup does not
425 * kill the return address
427 switch (arm11->arm.core_state) {
429 address &= 0xFFFFFFFC;
431 case ARM_STATE_THUMB:
432 /* When the return address is loaded into PC
433 * bit 0 must be 1 to stay in Thumb state
438 /* catch-all for JAZELLE and THUMB_EE */
443 buf_set_u32(value, 0, 32, address);
444 arm11->arm.pc->dirty = true;
445 arm11->arm.pc->valid = true;
450 static int arm11_resume(struct target *target, int current,
451 target_addr_t address, int handle_breakpoints, int debug_execution)
453 /* LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d", */
454 /* current, address, handle_breakpoints, debug_execution); */
456 struct arm11_common *arm11 = target_to_arm11(target);
458 LOG_DEBUG("target->state: %s",
459 target_state_name(target));
462 if (target->state != TARGET_HALTED) {
463 LOG_ERROR("Target not halted");
464 return ERROR_TARGET_NOT_HALTED;
467 address = arm11_nextpc(arm11, current, address);
469 LOG_DEBUG("RESUME PC %08" TARGET_PRIxADDR "%s", address, !current ? "!" : "");
471 /* clear breakpoints/watchpoints and VCR*/
472 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11));
474 if (!debug_execution)
475 target_free_all_working_areas(target);
477 /* Should we skip over breakpoints matching the PC? */
478 if (handle_breakpoints) {
479 struct breakpoint *bp;
481 for (bp = target->breakpoints; bp; bp = bp->next) {
482 if (bp->address == address) {
483 LOG_DEBUG("must step over %08" TARGET_PRIxADDR "", bp->address);
484 arm11_step(target, 1, 0, 0);
490 /* activate all breakpoints */
492 struct breakpoint *bp;
493 unsigned brp_num = 0;
495 for (bp = target->breakpoints; bp; bp = bp->next) {
496 struct arm11_sc7_action brp[2];
499 brp[0].address = ARM11_SC7_BVR0 + brp_num;
500 brp[0].value = bp->address;
502 brp[1].address = ARM11_SC7_BCR0 + brp_num;
505 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
507 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
509 LOG_DEBUG("Add BP %d at %08" TARGET_PRIxADDR, brp_num,
516 CHECK_RETVAL(arm11_sc7_set_vcr(arm11, arm11->vcr));
519 /* activate all watchpoints and breakpoints */
520 CHECK_RETVAL(arm11_leave_debug_state(arm11, true));
522 arm11_add_ir(arm11, ARM11_RESTART, TAP_IDLE);
524 CHECK_RETVAL(jtag_execute_queue());
528 CHECK_RETVAL(arm11_read_dscr(arm11));
530 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
532 if (arm11->dscr & DSCR_CORE_RESTARTED)
540 if ((timeval_ms()-then) > 1000) {
541 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
548 target->debug_reason = DBG_REASON_NOTHALTED;
549 if (!debug_execution)
550 target->state = TARGET_RUNNING;
552 target->state = TARGET_DEBUG_RUNNING;
553 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
558 static int arm11_step(struct target *target, int current,
559 target_addr_t address, int handle_breakpoints)
561 LOG_DEBUG("target->state: %s",
562 target_state_name(target));
564 if (target->state != TARGET_HALTED) {
565 LOG_WARNING("target was not halted");
566 return ERROR_TARGET_NOT_HALTED;
569 struct arm11_common *arm11 = target_to_arm11(target);
571 address = arm11_nextpc(arm11, current, address);
573 LOG_DEBUG("STEP PC %08" TARGET_PRIxADDR "%s", address, !current ? "!" : "");
576 /** \todo TODO: Thumb not supported here */
578 uint32_t next_instruction;
580 CHECK_RETVAL(arm11_read_memory_word(arm11, address, &next_instruction));
583 if ((next_instruction & 0xFFF00070) == 0xe1200070) {
584 address = arm11_nextpc(arm11, 0, address + 4);
585 LOG_DEBUG("Skipping BKPT %08" TARGET_PRIxADDR, address);
587 /* skip over Wait for interrupt / Standby
588 * mcr 15, 0, r?, cr7, cr0, {4} */
589 else if ((next_instruction & 0xFFFF0FFF) == 0xee070f90) {
590 address = arm11_nextpc(arm11, 0, address + 4);
591 LOG_DEBUG("Skipping WFI %08" TARGET_PRIxADDR, address);
593 /* ignore B to self */
594 else if ((next_instruction & 0xFEFFFFFF) == 0xeafffffe)
595 LOG_DEBUG("Not stepping jump to self");
597 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
600 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
601 * the VCR might be something worth looking into. */
604 /* Set up breakpoint for stepping */
606 struct arm11_sc7_action brp[2];
609 brp[0].address = ARM11_SC7_BVR0;
611 brp[1].address = ARM11_SC7_BCR0;
613 if (arm11->hardware_step) {
614 /* Hardware single stepping ("instruction address
615 * mismatch") is used if enabled. It's not quite
616 * exactly "run one instruction"; "branch to here"
617 * loops won't break, neither will some other cases,
618 * but it's probably the best default.
620 * Hardware single stepping isn't supported on v6
621 * debug modules. ARM1176 and v7 can support it...
623 * FIXME Thumb stepping likely needs to use 0x03
624 * or 0xc0 byte masks, not 0x0f.
626 brp[0].value = address;
627 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
628 | (0 << 14) | (0 << 16) | (0 << 20)
631 /* Sets a breakpoint on the next PC, as calculated
632 * by instruction set simulation.
634 * REVISIT stepping Thumb on ARM1156 requires Thumb2
635 * support from the simulator.
640 retval = arm_simulate_step(target, &next_pc);
641 if (retval != ERROR_OK)
644 brp[0].value = next_pc;
645 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
646 | (0 << 14) | (0 << 16) | (0 << 20)
650 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
655 if (arm11->step_irq_enable)
656 /* this disable should be redundant ... */
657 arm11->dscr &= ~DSCR_INT_DIS;
659 arm11->dscr |= DSCR_INT_DIS;
662 CHECK_RETVAL(arm11_leave_debug_state(arm11, handle_breakpoints));
664 arm11_add_ir(arm11, ARM11_RESTART, TAP_IDLE);
666 CHECK_RETVAL(jtag_execute_queue());
672 const uint32_t mask = DSCR_CORE_RESTARTED
675 CHECK_RETVAL(arm11_read_dscr(arm11));
676 LOG_DEBUG("DSCR %08x e", (unsigned) arm11->dscr);
678 if ((arm11->dscr & mask) == mask)
685 if ((timeval_ms()-then) > 1000) {
687 "Timeout (1000ms) waiting for instructions to complete");
694 /* clear breakpoint */
695 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11));
698 CHECK_RETVAL(arm11_debug_entry(arm11));
700 /* restore default state */
701 arm11->dscr &= ~DSCR_INT_DIS;
705 target->debug_reason = DBG_REASON_SINGLESTEP;
707 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_HALTED));
712 static int arm11_assert_reset(struct target *target)
714 struct arm11_common *arm11 = target_to_arm11(target);
716 if (!(target_was_examined(target))) {
717 if (jtag_get_reset_config() & RESET_HAS_SRST)
718 jtag_add_reset(0, 1);
720 LOG_WARNING("Reset is not asserted because the target is not examined.");
721 LOG_WARNING("Use a reset button or power cycle the target.");
722 return ERROR_TARGET_NOT_EXAMINED;
726 /* optionally catch reset vector */
727 if (target->reset_halt && !(arm11->vcr & 1))
728 CHECK_RETVAL(arm11_sc7_set_vcr(arm11, arm11->vcr | 1));
730 /* Issue some kind of warm reset. */
731 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
732 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
733 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
734 /* REVISIT handle "pulls" cases, if there's
735 * hardware that needs them to work.
737 jtag_add_reset(0, 1);
739 LOG_ERROR("%s: how to reset?", target_name(target));
744 /* registers are now invalid */
745 register_cache_invalidate(arm11->arm.core_cache);
747 target->state = TARGET_RESET;
753 * - There is another bug in the arm11 core. (iMX31 specific again?)
754 * When you generate an access to external logic (for example DDR
755 * controller via AHB bus) and that block is not configured (perhaps
756 * it is still held in reset), that transaction will never complete.
757 * This will hang arm11 core but it will also hang JTAG controller.
758 * Nothing short of srst assertion will bring it out of this.
761 static int arm11_deassert_reset(struct target *target)
763 struct arm11_common *arm11 = target_to_arm11(target);
766 /* be certain SRST is off */
767 jtag_add_reset(0, 0);
769 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
770 * at least DSCR. OMAP24xx doesn't show that problem, though
771 * SRST-only reset seems to be problematic for other reasons.
772 * (Secure boot sequences being one likelihood!)
776 CHECK_RETVAL(arm11_poll(target));
778 if (target->reset_halt) {
779 if (target->state != TARGET_HALTED) {
780 LOG_WARNING("%s: ran after reset and before halt ...",
781 target_name(target));
782 retval = target_halt(target);
783 if (retval != ERROR_OK)
788 /* maybe restore vector catch config */
789 if (target->reset_halt && !(arm11->vcr & 1))
790 CHECK_RETVAL(arm11_sc7_set_vcr(arm11, arm11->vcr));
795 /* target memory access
796 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
797 * count: number of items of <size>
799 * arm11_config_memrw_no_increment - in the future we may want to be able
800 * to read/write a range of data to a "port". a "port" is an action on
801 * read memory address for some peripheral.
803 static int arm11_read_memory_inner(struct target *target,
804 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer,
805 bool arm11_config_memrw_no_increment)
807 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment
811 if (target->state != TARGET_HALTED) {
812 LOG_WARNING("target was not halted");
813 return ERROR_TARGET_NOT_HALTED;
816 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "",
821 struct arm11_common *arm11 = target_to_arm11(target);
823 retval = arm11_run_instr_data_prepare(arm11);
824 if (retval != ERROR_OK)
827 /* MRC p14,0,r0,c0,c5,0 */
828 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
829 if (retval != ERROR_OK)
834 arm11->arm.core_cache->reg_list[1].dirty = true;
836 for (size_t i = 0; i < count; i++) {
837 /* ldrb r1, [r0], #1 */
839 CHECK_RETVAL(arm11_run_instr_no_data1(arm11,
840 !arm11_config_memrw_no_increment ? 0xe4d01001 : 0xe5d01000));
843 /* MCR p14,0,R1,c0,c5,0 */
844 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1));
853 arm11->arm.core_cache->reg_list[1].dirty = true;
855 for (size_t i = 0; i < count; i++) {
856 /* ldrh r1, [r0], #2 */
857 CHECK_RETVAL(arm11_run_instr_no_data1(arm11,
858 !arm11_config_memrw_no_increment ? 0xe0d010b2 : 0xe1d010b0));
862 /* MCR p14,0,R1,c0,c5,0 */
863 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1));
865 uint16_t svalue = res;
866 memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
874 uint32_t instr = !arm11_config_memrw_no_increment ? 0xecb05e01 : 0xed905e00;
875 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
876 uint32_t *words = (uint32_t *)(void *)buffer;
878 /* LDC p14,c5,[R0],#4 */
879 /* LDC p14,c5,[R0] */
880 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, instr, words, count));
885 return arm11_run_instr_data_finish(arm11);
888 static int arm11_read_memory(struct target *target,
889 target_addr_t address,
894 return arm11_read_memory_inner(target, address, size, count, buffer, false);
898 * no_increment - in the future we may want to be able
899 * to read/write a range of data to a "port". a "port" is an action on
900 * read memory address for some peripheral.
902 static int arm11_write_memory_inner(struct target *target,
903 uint32_t address, uint32_t size,
904 uint32_t count, const uint8_t *buffer,
909 if (target->state != TARGET_HALTED) {
910 LOG_WARNING("target was not halted");
911 return ERROR_TARGET_NOT_HALTED;
914 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "",
919 struct arm11_common *arm11 = target_to_arm11(target);
921 retval = arm11_run_instr_data_prepare(arm11);
922 if (retval != ERROR_OK)
925 /* load r0 with buffer address
926 * MRC p14,0,r0,c0,c5,0 */
927 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
928 if (retval != ERROR_OK)
931 /* burst writes are not used for single words as those may well be
932 * reset init script writes.
934 * The other advantage is that as burst writes are default, we'll
935 * now exercise both burst and non-burst code paths with the
936 * default settings, increasing code coverage.
938 bool burst = arm11->memwrite_burst && (count > 1);
943 arm11->arm.core_cache->reg_list[1].dirty = true;
945 for (size_t i = 0; i < count; i++) {
946 /* load r1 from DCC with byte data */
947 /* MRC p14,0,r1,c0,c5,0 */
948 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, *buffer++);
949 if (retval != ERROR_OK)
952 /* write r1 to memory */
953 /* strb r1, [r0], #1 */
955 retval = arm11_run_instr_no_data1(arm11,
956 !no_increment ? 0xe4c01001 : 0xe5c01000);
957 if (retval != ERROR_OK)
966 arm11->arm.core_cache->reg_list[1].dirty = true;
968 for (size_t i = 0; i < count; i++) {
970 memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
972 /* load r1 from DCC with halfword data */
973 /* MRC p14,0,r1,c0,c5,0 */
974 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, value);
975 if (retval != ERROR_OK)
978 /* write r1 to memory */
979 /* strh r1, [r0], #2 */
981 retval = arm11_run_instr_no_data1(arm11,
982 !no_increment ? 0xe0c010b2 : 0xe1c010b0);
983 if (retval != ERROR_OK)
991 /* stream word data through DCC directly to memory */
992 /* increment: STC p14,c5,[R0],#4 */
993 /* no increment: STC p14,c5,[R0]*/
994 uint32_t instr = !no_increment ? 0xeca05e01 : 0xed805e00;
996 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
997 uint32_t *words = (uint32_t *)(void *)buffer;
999 /* "burst" here just means trusting each instruction executes
1000 * fully before we run the next one: per-word roundtrips, to
1001 * check the Ready flag, are not used.
1004 retval = arm11_run_instr_data_to_core(arm11,
1005 instr, words, count);
1007 retval = arm11_run_instr_data_to_core_noack(arm11,
1008 instr, words, count);
1009 if (retval != ERROR_OK)
1016 /* r0 verification */
1017 if (!no_increment) {
1020 /* MCR p14,0,R0,c0,c5,0 */
1021 retval = arm11_run_instr_data_from_core(arm11, 0xEE000E15, &r0, 1);
1022 if (retval != ERROR_OK)
1025 if (address + size * count != r0) {
1026 LOG_ERROR("Data transfer failed. Expected end "
1027 "address 0x%08x, got 0x%08x",
1028 (unsigned) (address + size * count),
1033 "use 'arm11 memwrite burst disable' to disable fast burst mode");
1036 if (arm11->memwrite_error_fatal)
1041 return arm11_run_instr_data_finish(arm11);
1044 static int arm11_write_memory(struct target *target,
1045 target_addr_t address, uint32_t size,
1046 uint32_t count, const uint8_t *buffer)
1048 /* pointer increment matters only for multi-unit writes ...
1049 * not e.g. to a "reset the chip" controller.
1051 return arm11_write_memory_inner(target, address, size,
1052 count, buffer, count == 1);
1055 /* target break-/watchpoint control
1056 * rw: 0 = write, 1 = read, 2 = access
1058 static int arm11_add_breakpoint(struct target *target,
1059 struct breakpoint *breakpoint)
1061 struct arm11_common *arm11 = target_to_arm11(target);
1064 if (breakpoint->type == BKPT_SOFT) {
1065 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1066 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1070 if (!arm11->free_brps) {
1071 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1072 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1075 if (breakpoint->length != 4) {
1076 LOG_DEBUG("only breakpoints of four bytes length supported");
1077 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1085 static int arm11_remove_breakpoint(struct target *target,
1086 struct breakpoint *breakpoint)
1088 struct arm11_common *arm11 = target_to_arm11(target);
1095 static int arm11_target_create(struct target *target, Jim_Interp *interp)
1097 struct arm11_common *arm11;
1102 if (target->tap->ir_length != 5) {
1103 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1104 return ERROR_COMMAND_SYNTAX_ERROR;
1107 arm11 = calloc(1, sizeof(*arm11));
1111 arm11->arm.core_type = ARM_CORE_TYPE_STD;
1112 arm_init_arch_info(target, &arm11->arm);
1114 arm11->jtag_info.tap = target->tap;
1115 arm11->jtag_info.scann_size = 5;
1116 arm11->jtag_info.scann_instr = ARM11_SCAN_N;
1117 arm11->jtag_info.cur_scan_chain = ~0; /* invalid/unknown */
1118 arm11->jtag_info.intest_instr = ARM11_INTEST;
1120 arm11->memwrite_burst = true;
1121 arm11->memwrite_error_fatal = true;
1126 static int arm11_init_target(struct command_context *cmd_ctx,
1127 struct target *target)
1129 /* Initialize anything we can set up without talking to the target */
1133 static void arm11_deinit_target(struct target *target)
1135 struct arm11_common *arm11 = target_to_arm11(target);
1137 arm11_dpm_deinit(arm11);
1141 /* talk to the target and set things up */
1142 static int arm11_examine(struct target *target)
1146 struct arm11_common *arm11 = target_to_arm11(target);
1147 uint32_t didr, device_id;
1148 uint8_t implementor;
1150 /* FIXME split into do-first-time and do-every-time logic ... */
1154 arm11_add_ir(arm11, ARM11_IDCODE, ARM11_TAP_DEFAULT);
1156 struct scan_field idcode_field;
1158 arm11_setup_field(arm11, 32, NULL, &device_id, &idcode_field);
1160 arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &idcode_field, TAP_DRPAUSE);
1164 arm11_add_debug_scan_n(arm11, 0x00, ARM11_TAP_DEFAULT);
1166 arm11_add_ir(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
1168 struct scan_field chain0_fields[2];
1170 arm11_setup_field(arm11, 32, NULL, &didr, chain0_fields + 0);
1171 arm11_setup_field(arm11, 8, NULL, &implementor, chain0_fields + 1);
1173 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
1174 chain0_fields), chain0_fields, TAP_IDLE);
1176 CHECK_RETVAL(jtag_execute_queue());
1178 /* assume the manufacturer id is ok; check the part # */
1179 switch ((device_id >> 12) & 0xFFFF) {
1184 type = "ARM11 MPCore";
1190 arm11->arm.core_type = ARM_CORE_TYPE_SEC_EXT;
1191 /* NOTE: could default arm11->hardware_step to true */
1195 LOG_ERROR("unexpected ARM11 ID code");
1198 LOG_INFO("found %s", type);
1200 /* unlikely this could ever fail, but ... */
1201 switch ((didr >> 16) & 0x0F) {
1202 case ARM11_DEBUG_V6:
1203 case ARM11_DEBUG_V61: /* supports security extensions */
1206 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1210 arm11->brp = ((didr >> 24) & 0x0F) + 1;
1212 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1213 arm11->free_brps = arm11->brp;
1215 LOG_DEBUG("IDCODE %08" PRIx32 " IMPLEMENTOR %02x DIDR %08" PRIx32,
1216 device_id, implementor, didr);
1218 /* Build register cache "late", after target_init(), since we
1219 * want to know if this core supports Secure Monitor mode.
1221 if (!target_was_examined(target))
1222 CHECK_RETVAL(arm11_dpm_init(arm11, didr));
1224 /* as a side-effect this reads DSCR and thus
1225 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1226 * as suggested by the spec.
1229 retval = arm11_check_init(arm11);
1230 if (retval != ERROR_OK)
1233 /* ETM on ARM11 still uses original scanchain 6 access mode */
1234 if (arm11->arm.etm && !target_was_examined(target)) {
1235 *register_get_last_cache_p(&target->reg_cache) =
1236 etm_build_reg_cache(target, &arm11->jtag_info,
1238 CHECK_RETVAL(etm_setup(target));
1241 target_set_examined(target);
1246 #define ARM11_BOOL_WRAPPER(name, print_name) \
1247 COMMAND_HANDLER(arm11_handle_bool_ ## name) \
1249 struct target *target = get_current_target(CMD_CTX); \
1250 struct arm11_common *arm11 = target_to_arm11(target); \
1252 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1253 &arm11->name, print_name); \
1256 ARM11_BOOL_WRAPPER(memwrite_burst, "memory write burst mode")
1257 ARM11_BOOL_WRAPPER(memwrite_error_fatal, "fatal error mode for memory writes")
1258 ARM11_BOOL_WRAPPER(step_irq_enable, "IRQs while stepping")
1259 ARM11_BOOL_WRAPPER(hardware_step, "hardware single step")
1261 /* REVISIT handle the VCR bits like other ARMs: use symbols for
1262 * input and output values.
1265 COMMAND_HANDLER(arm11_handle_vcr)
1267 struct target *target = get_current_target(CMD_CTX);
1268 struct arm11_common *arm11 = target_to_arm11(target);
1274 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], arm11->vcr);
1277 return ERROR_COMMAND_SYNTAX_ERROR;
1280 LOG_INFO("VCR 0x%08" PRIx32 "", arm11->vcr);
1284 static const struct command_registration arm11_mw_command_handlers[] = {
1287 .handler = arm11_handle_bool_memwrite_burst,
1288 .mode = COMMAND_ANY,
1289 .help = "Display or modify flag controlling potentially "
1290 "risky fast burst mode (default: enabled)",
1291 .usage = "['enable'|'disable']",
1294 .name = "error_fatal",
1295 .handler = arm11_handle_bool_memwrite_error_fatal,
1296 .mode = COMMAND_ANY,
1297 .help = "Display or modify flag controlling transfer "
1298 "termination on transfer errors"
1299 " (default: enabled)",
1300 .usage = "['enable'|'disable']",
1302 COMMAND_REGISTRATION_DONE
1304 static const struct command_registration arm11_any_command_handlers[] = {
1306 /* "hardware_step" is only here to check if the default
1307 * simulate + breakpoint implementation is broken.
1308 * TEMPORARY! NOT DOCUMENTED! */
1309 .name = "hardware_step",
1310 .handler = arm11_handle_bool_hardware_step,
1311 .mode = COMMAND_ANY,
1312 .help = "DEBUG ONLY - Hardware single stepping"
1313 " (default: disabled)",
1314 .usage = "['enable'|'disable']",
1318 .mode = COMMAND_ANY,
1319 .help = "memwrite command group",
1321 .chain = arm11_mw_command_handlers,
1324 .name = "step_irq_enable",
1325 .handler = arm11_handle_bool_step_irq_enable,
1326 .mode = COMMAND_ANY,
1327 .help = "Display or modify flag controlling interrupt "
1328 "enable while stepping (default: disabled)",
1329 .usage = "['enable'|'disable']",
1333 .handler = arm11_handle_vcr,
1334 .mode = COMMAND_ANY,
1335 .help = "Display or modify Vector Catch Register",
1338 COMMAND_REGISTRATION_DONE
1341 static const struct command_registration arm11_command_handlers[] = {
1343 .chain = arm_command_handlers,
1346 .chain = etm_command_handlers,
1350 .mode = COMMAND_ANY,
1351 .help = "ARM11 command group",
1353 .chain = arm11_any_command_handlers,
1355 COMMAND_REGISTRATION_DONE
1358 /** Holds methods for ARM11xx targets. */
1359 struct target_type arm11_target = {
1363 .arch_state = arm11_arch_state,
1366 .resume = arm11_resume,
1369 .assert_reset = arm11_assert_reset,
1370 .deassert_reset = arm11_deassert_reset,
1372 .get_gdb_arch = arm_get_gdb_arch,
1373 .get_gdb_reg_list = arm_get_gdb_reg_list,
1375 .read_memory = arm11_read_memory,
1376 .write_memory = arm11_write_memory,
1378 .checksum_memory = arm_checksum_memory,
1379 .blank_check_memory = arm_blank_check_memory,
1381 .add_breakpoint = arm11_add_breakpoint,
1382 .remove_breakpoint = arm11_remove_breakpoint,
1384 .run_algorithm = armv4_5_run_algorithm,
1386 .commands = arm11_command_handlers,
1387 .target_create = arm11_target_create,
1388 .init_target = arm11_init_target,
1389 .deinit_target = arm11_deinit_target,
1390 .examine = arm11_examine,
projects / fw / openocd / blob