1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 /***************************************************************************
4 * Copyright (C) 2008 digenius technology GmbH. *
7 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
8 ***************************************************************************/
15 #include "arm11_dbgtap.h"
17 #include <helper/time_support.h>
20 #define JTAG_DEBUG(expr ...) do { if (1) \
21 LOG_DEBUG(expr); } while (0)
23 #define JTAG_DEBUG(expr ...) do { if (0) \
24 LOG_DEBUG(expr); } while (0)
28 This pathmove goes from Pause-IR to Shift-IR while avoiding RTI. The
29 behavior of the FTDI driver IIRC was to go via RTI.
31 Conversely there may be other places in this code where the ARM11 code relies
32 on the driver to hit through RTI when coming from Update-?R.
34 static const tap_state_t arm11_move_pi_to_si_via_ci[] = {
35 TAP_IREXIT2, TAP_IRUPDATE, TAP_DRSELECT, TAP_IRSELECT, TAP_IRCAPTURE, TAP_IRSHIFT
38 /* REVISIT no error handling here! */
39 static void arm11_add_ir_scan_vc(struct jtag_tap *tap, struct scan_field *fields,
42 if (cmd_queue_cur_state == TAP_IRPAUSE)
43 jtag_add_pathmove(ARRAY_SIZE(arm11_move_pi_to_si_via_ci),
44 arm11_move_pi_to_si_via_ci);
46 jtag_add_ir_scan(tap, fields, state);
49 static const tap_state_t arm11_move_pd_to_sd_via_cd[] = {
50 TAP_DREXIT2, TAP_DRUPDATE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
53 /* REVISIT no error handling here! */
54 void arm11_add_dr_scan_vc(struct jtag_tap *tap, int num_fields, struct scan_field *fields,
57 if (cmd_queue_cur_state == TAP_DRPAUSE)
58 jtag_add_pathmove(ARRAY_SIZE(arm11_move_pd_to_sd_via_cd),
59 arm11_move_pd_to_sd_via_cd);
61 jtag_add_dr_scan(tap, num_fields, fields, state);
65 /** Code de-clutter: Construct struct scan_field to write out a value
67 * \param arm11 Target state variable.
68 * \param num_bits Length of the data field
69 * \param out_data pointer to the data that will be sent out
70 * <em > (data is read when it is added to the JTAG queue)</em>
71 * \param in_data pointer to the memory that will receive data that was clocked in
72 * <em > (data is written when the JTAG queue is executed)</em>
73 * \param field target data structure that will be initialized
75 void arm11_setup_field(struct arm11_common *arm11, int num_bits,
76 void *out_data, void *in_data, struct scan_field *field)
78 field->num_bits = num_bits;
79 field->out_value = out_data;
80 field->in_value = in_data;
83 static const char *arm11_ir_to_string(uint8_t ir)
85 const char *s = "unknown";
116 /** Write JTAG instruction register
118 * \param arm11 Target state variable.
119 * \param instr An ARM11 DBGTAP instruction. Use enum #arm11_instructions.
120 * \param state Pass the final TAP state or ARM11_TAP_DEFAULT for the default value (Pause-IR).
122 * \remarks This adds to the JTAG command queue but does \em not execute it.
124 void arm11_add_ir(struct arm11_common *arm11, uint8_t instr, tap_state_t state)
126 struct jtag_tap *tap = arm11->arm.target->tap;
128 if (buf_get_u32(tap->cur_instr, 0, 5) == instr) {
129 JTAG_DEBUG("IR <= 0x%02x SKIPPED", instr);
133 JTAG_DEBUG("IR <= %s (0x%02x)", arm11_ir_to_string(instr), instr);
135 struct scan_field field;
137 arm11_setup_field(arm11, 5, &instr, NULL, &field);
139 arm11_add_ir_scan_vc(arm11->arm.target->tap,
141 state == ARM11_TAP_DEFAULT ? TAP_IRPAUSE : state);
144 /** Verify data shifted out from Scan Chain Register (SCREG). */
145 static void arm11_in_handler_scan_n(uint8_t *in_value)
147 /* Don't expect JTAG layer to modify bits we didn't ask it to read */
148 uint8_t v = *in_value & 0x1F;
151 LOG_ERROR("'arm11 target' JTAG error SCREG OUT 0x%02x", v);
152 jtag_set_error(ERROR_FAIL);
156 /** Select and write to Scan Chain Register (SCREG)
158 * This function sets the instruction register to SCAN_N and writes
159 * the data register with the selected chain number.
161 * http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301f/Cacbjhfg.html
163 * \param arm11 Target state variable.
164 * \param chain Scan chain that will be selected.
165 * \param state Pass the final TAP state or ARM11_TAP_DEFAULT for the default
168 * Changes the current scan chain if needed, transitions to the specified
169 * TAP state, and leaves the IR undefined.
171 * The chain takes effect when Update-DR is passed (usually when subsequently
172 * the INTEXT/EXTEST instructions are written).
174 * \warning (Obsolete) Using this twice in a row will \em fail. The first
175 * call will end in Pause-DR. The second call, due to the IR
176 * caching, will not go through Capture-DR when shifting in the
177 * new scan chain number. As a result the verification in
178 * arm11_in_handler_scan_n() must fail.
180 * \remarks This adds to the JTAG command queue but does \em not execute it.
183 int arm11_add_debug_scan_n(struct arm11_common *arm11,
184 uint8_t chain, tap_state_t state)
186 /* Don't needlessly switch the scan chain.
187 * NOTE: the ITRSEL instruction fakes SCREG changing;
188 * but leaves its actual value unchanged.
191 /* FIX!!! the optimization below is broken because we do not */
192 /* invalidate the cur_scan_chain upon a TRST/TMS. See arm_jtag.c */
193 /* for example on how to invalidate cur_scan_chain. Tested patches gladly */
195 if (arm11->jtag_info.cur_scan_chain == chain) {
196 JTAG_DEBUG("SCREG <= %d SKIPPED", chain);
197 return jtag_add_statemove((state == ARM11_TAP_DEFAULT)
198 ? TAP_DRPAUSE : state);
201 JTAG_DEBUG("SCREG <= %d", chain);
203 arm11_add_ir(arm11, ARM11_SCAN_N, ARM11_TAP_DEFAULT);
205 struct scan_field field;
208 arm11_setup_field(arm11, 5, &chain, &tmp, &field);
210 arm11_add_dr_scan_vc(arm11->arm.target->tap,
213 state == ARM11_TAP_DEFAULT ? TAP_DRPAUSE : state);
215 jtag_execute_queue_noclear();
217 arm11_in_handler_scan_n(tmp);
219 arm11->jtag_info.cur_scan_chain = chain;
221 return jtag_execute_queue();
225 * Queue a DR scan of the ITR register. Caller must have selected
226 * scan chain 4 (ITR), possibly using ITRSEL.
228 * \param arm11 Target state variable.
229 * \param inst An ARM11 processor instruction/opcode.
230 * \param flag Optional parameter to retrieve the Ready flag;
231 * this address will be written when the JTAG chain is scanned.
232 * \param state The TAP state to enter after the DR scan.
234 * Going through the TAP_DRUPDATE state writes ITR only if Ready was
235 * previously set. Only the Ready flag is readable by the scan.
237 * An instruction loaded into ITR is executed when going through the
238 * TAP_IDLE state only if Ready was previously set and the debug state
239 * is properly set up. Depending on the instruction, you may also need
240 * to ensure that the rDTR is ready before that Run-Test/Idle state.
242 static void arm11_add_debug_inst(struct arm11_common *arm11,
243 uint32_t inst, uint8_t *flag, tap_state_t state)
245 JTAG_DEBUG("INST <= 0x%08x", (unsigned) inst);
247 struct scan_field itr[2];
249 arm11_setup_field(arm11, 32, &inst, NULL, itr + 0);
250 arm11_setup_field(arm11, 1, NULL, flag, itr + 1);
252 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(itr), itr, state);
256 * Read and save the Debug Status and Control Register (DSCR).
258 * \param arm11 Target state variable.
259 * \return Error status; arm11->dscr is updated on success.
261 * \remarks This is a stand-alone function that executes the JTAG
262 * command queue. It does not require the ARM11 debug TAP to be
263 * in any particular state.
265 int arm11_read_dscr(struct arm11_common *arm11)
269 retval = arm11_add_debug_scan_n(arm11, 0x01, ARM11_TAP_DEFAULT);
270 if (retval != ERROR_OK)
273 arm11_add_ir(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
276 struct scan_field chain1_field;
278 arm11_setup_field(arm11, 32, NULL, &dscr, &chain1_field);
280 arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &chain1_field, TAP_DRPAUSE);
282 CHECK_RETVAL(jtag_execute_queue());
284 if (arm11->dscr != dscr)
285 JTAG_DEBUG("DSCR = %08x (OLD %08x)",
287 (unsigned) arm11->dscr);
294 /** Write the Debug Status and Control Register (DSCR)
298 * \param arm11 Target state variable.
299 * \param dscr DSCR content
301 * \remarks This is a stand-alone function that executes the JTAG command queue.
303 int arm11_write_dscr(struct arm11_common *arm11, uint32_t dscr)
306 retval = arm11_add_debug_scan_n(arm11, 0x01, ARM11_TAP_DEFAULT);
307 if (retval != ERROR_OK)
310 arm11_add_ir(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
312 struct scan_field chain1_field;
314 arm11_setup_field(arm11, 32, &dscr, NULL, &chain1_field);
316 arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &chain1_field, TAP_DRPAUSE);
318 CHECK_RETVAL(jtag_execute_queue());
320 JTAG_DEBUG("DSCR <= %08x (OLD %08x)",
322 (unsigned) arm11->dscr);
329 /** Prepare the stage for ITR/DTR operations
330 * from the arm11_run_instr... group of functions.
332 * Put arm11_run_instr_data_prepare() and arm11_run_instr_data_finish()
333 * around a block of arm11_run_instr_... calls.
335 * Select scan chain 5 to allow quick access to DTR. When scan
336 * chain 4 is needed to put in a register the ITRSel instruction
337 * shortcut is used instead of actually changing the Scan_N
340 * \param arm11 Target state variable.
343 int arm11_run_instr_data_prepare(struct arm11_common *arm11)
345 return arm11_add_debug_scan_n(arm11, 0x05, ARM11_TAP_DEFAULT);
348 /** Cleanup after ITR/DTR operations
349 * from the arm11_run_instr... group of functions
351 * Put arm11_run_instr_data_prepare() and arm11_run_instr_data_finish()
352 * around a block of arm11_run_instr_... calls.
354 * Any IDLE can lead to an instruction execution when
355 * scan chains 4 or 5 are selected and the IR holds
356 * INTEST or EXTEST. So we must disable that before
357 * any following activities lead to an IDLE.
359 * \param arm11 Target state variable.
362 int arm11_run_instr_data_finish(struct arm11_common *arm11)
364 return arm11_add_debug_scan_n(arm11, 0x00, ARM11_TAP_DEFAULT);
368 * Execute one or more instructions via ITR.
369 * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
370 * is set, the ITR Ready flag is set (as seen on the previous entry to
371 * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
373 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
375 * \param arm11 Target state variable.
376 * \param opcode Pointer to sequence of ARM opcodes
377 * \param count Number of opcodes to execute
381 int arm11_run_instr_no_data(struct arm11_common *arm11,
382 uint32_t *opcode, size_t count)
384 arm11_add_ir(arm11, ARM11_ITRSEL, ARM11_TAP_DEFAULT);
387 arm11_add_debug_inst(arm11, *opcode++, NULL, TAP_IDLE);
393 arm11_add_debug_inst(arm11, 0, &flag, count ? TAP_IDLE : TAP_DRPAUSE);
395 CHECK_RETVAL(jtag_execute_queue());
405 if ((timeval_ms()-then) > 1000) {
407 "Timeout (1000ms) waiting for instructions to complete");
419 /** Execute one instruction via ITR
421 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
423 * \param arm11 Target state variable.
424 * \param opcode ARM opcode
427 int arm11_run_instr_no_data1(struct arm11_common *arm11, uint32_t opcode)
429 return arm11_run_instr_no_data(arm11, &opcode, 1);
433 /** Execute one instruction via ITR repeatedly while
434 * passing data to the core via DTR on each execution.
436 * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
437 * is set, the ITR Ready flag is set (as seen on the previous entry to
438 * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
440 * The executed instruction \em must read data from DTR.
442 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
444 * \param arm11 Target state variable.
445 * \param opcode ARM opcode
446 * \param data Pointer to the data words to be passed to the core
447 * \param count Number of data words and instruction repetitions
450 int arm11_run_instr_data_to_core(struct arm11_common *arm11,
455 arm11_add_ir(arm11, ARM11_ITRSEL, ARM11_TAP_DEFAULT);
457 arm11_add_debug_inst(arm11, opcode, NULL, TAP_DRPAUSE);
459 arm11_add_ir(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
461 struct scan_field chain5_fields[3];
467 arm11_setup_field(arm11, 32, &_data, NULL, chain5_fields + 0);
468 arm11_setup_field(arm11, 1, NULL, &ready, chain5_fields + 1);
469 arm11_setup_field(arm11, 1, NULL, &n_retry, chain5_fields + 2);
476 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
477 chain5_fields), chain5_fields, TAP_IDLE);
479 CHECK_RETVAL(jtag_execute_queue());
481 JTAG_DEBUG("DTR ready %d n_retry %d", ready, n_retry);
488 if ((timeval_ms()-then) > 1000) {
490 "Timeout (1000ms) waiting for instructions to complete");
501 arm11_add_ir(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
507 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
508 chain5_fields), chain5_fields, TAP_DRPAUSE);
510 CHECK_RETVAL(jtag_execute_queue());
512 JTAG_DEBUG("DTR _data %08x ready %d n_retry %d",
513 (unsigned) _data, ready, n_retry);
520 if ((timeval_ms()-then) > 1000) {
521 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
532 /** JTAG path for arm11_run_instr_data_to_core_noack
534 * The repeated TAP_IDLE's do not cause a repeated execution
535 * if passed without leaving the state.
537 * Since this is more than 7 bits (adjustable via adding more
538 * TAP_IDLE's) it produces an artificial delay in the lower
539 * layer (FT2232) that is long enough to finish execution on
540 * the core but still shorter than any manually inducible delays.
542 * To disable this code, try "memwrite burst false"
544 * FIX!!! should we use multiple TAP_IDLE here or not???
546 * https://lists.berlios.de/pipermail/openocd-development/2009-July/009698.html
547 * https://lists.berlios.de/pipermail/openocd-development/2009-August/009865.html
549 static const tap_state_t arm11_move_drpause_idle_drpause_with_delay[] = {
550 TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE,
554 static int arm11_run_instr_data_to_core_noack_inner(struct jtag_tap *tap,
559 struct scan_field chain5_fields[3];
561 chain5_fields[0].num_bits = 32;
562 chain5_fields[0].out_value = NULL; /*&Data*/
563 chain5_fields[0].in_value = NULL;
565 chain5_fields[1].num_bits = 1;
566 chain5_fields[1].out_value = NULL;
567 chain5_fields[1].in_value = NULL; /*&Ready*/
569 chain5_fields[2].num_bits = 1;
570 chain5_fields[2].out_value = NULL;
571 chain5_fields[2].in_value = NULL;
574 unsigned readies_num = count;
575 unsigned bytes = sizeof(*readies)*readies_num;
577 readies = malloc(bytes);
579 LOG_ERROR("Out of memory allocating %u bytes", bytes);
583 uint8_t *ready_pos = readies;
585 chain5_fields[0].out_value = (uint8_t *)(data++);
586 chain5_fields[1].in_value = ready_pos++;
589 jtag_add_dr_scan(tap, ARRAY_SIZE(chain5_fields), chain5_fields,
591 jtag_add_pathmove(ARRAY_SIZE(arm11_move_drpause_idle_drpause_with_delay),
592 arm11_move_drpause_idle_drpause_with_delay);
594 jtag_add_dr_scan(tap, ARRAY_SIZE(chain5_fields), chain5_fields, TAP_IDLE);
597 int retval = jtag_execute_queue();
598 if (retval == ERROR_OK) {
599 unsigned error_count = 0;
601 for (size_t i = 0; i < readies_num; i++) {
606 if (error_count > 0) {
607 LOG_ERROR("%u words out of %u not transferred",
608 error_count, readies_num);
617 /** Execute one instruction via ITR repeatedly while
618 * passing data to the core via DTR on each execution.
620 * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
621 * is set, the ITR Ready flag is set (as seen on the previous entry to
622 * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
624 * No Ready check during transmission.
626 * The executed instruction \em must read data from DTR.
628 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
630 * \param arm11 Target state variable.
631 * \param opcode ARM opcode
632 * \param data Pointer to the data words to be passed to the core
633 * \param count Number of data words and instruction repetitions
636 int arm11_run_instr_data_to_core_noack(struct arm11_common *arm11,
641 arm11_add_ir(arm11, ARM11_ITRSEL, ARM11_TAP_DEFAULT);
643 arm11_add_debug_inst(arm11, opcode, NULL, TAP_DRPAUSE);
645 arm11_add_ir(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
647 int retval = arm11_run_instr_data_to_core_noack_inner(arm11->arm.target->tap,
652 if (retval != ERROR_OK)
655 arm11_add_ir(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
657 struct scan_field chain5_fields[3];
659 arm11_setup_field(arm11,
664 arm11_setup_field(arm11,
669 arm11_setup_field(arm11,
676 chain5_fields[1].in_value = &ready_flag;
678 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
679 chain5_fields), chain5_fields, TAP_DRPAUSE);
681 retval = jtag_execute_queue();
682 if (retval == ERROR_OK) {
683 if (ready_flag != 1) {
684 LOG_ERROR("last word not transferred");
693 /** Execute an instruction via ITR while handing data into the core via DTR.
695 * The executed instruction \em must read data from DTR.
697 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
699 * \param arm11 Target state variable.
700 * \param opcode ARM opcode
701 * \param data Data word to be passed to the core via DTR
704 int arm11_run_instr_data_to_core1(struct arm11_common *arm11, uint32_t opcode, uint32_t data)
706 return arm11_run_instr_data_to_core(arm11, opcode, &data, 1);
710 /** Execute one instruction via ITR repeatedly while
711 * reading data from the core via DTR on each execution.
713 * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
714 * is set, the ITR Ready flag is set (as seen on the previous entry to
715 * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
717 * The executed instruction \em must write data to DTR.
719 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
721 * \param arm11 Target state variable.
722 * \param opcode ARM opcode
723 * \param data Pointer to an array that receives the data words from the core
724 * \param count Number of data words and instruction repetitions
727 int arm11_run_instr_data_from_core(struct arm11_common *arm11,
732 arm11_add_ir(arm11, ARM11_ITRSEL, ARM11_TAP_DEFAULT);
734 arm11_add_debug_inst(arm11, opcode, NULL, TAP_IDLE);
736 arm11_add_ir(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
738 struct scan_field chain5_fields[3];
744 arm11_setup_field(arm11, 32, NULL, &_data, chain5_fields + 0);
745 arm11_setup_field(arm11, 1, NULL, &ready, chain5_fields + 1);
746 arm11_setup_field(arm11, 1, NULL, &n_retry, chain5_fields + 2);
751 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(
752 chain5_fields), chain5_fields,
753 count ? TAP_IDLE : TAP_DRPAUSE);
755 CHECK_RETVAL(jtag_execute_queue());
757 JTAG_DEBUG("DTR _data %08x ready %d n_retry %d",
758 (unsigned) _data, ready, n_retry);
765 if ((timeval_ms()-then) > 1000) {
767 "Timeout (1000ms) waiting for instructions to complete");
781 /** Execute one instruction via ITR
782 * then load r0 into DTR and read DTR from core.
784 * The first executed instruction (\p opcode) should write data to r0.
786 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
788 * \param arm11 Target state variable.
789 * \param opcode ARM opcode to write r0 with the value of interest
790 * \param data Pointer to a data word that receives the value from r0 after \p opcode was executed.
793 int arm11_run_instr_data_from_core_via_r0(struct arm11_common *arm11,
798 retval = arm11_run_instr_no_data1(arm11, opcode);
799 if (retval != ERROR_OK)
802 /* MCR p14,0,R0,c0,c5,0 (move r0 -> wDTR -> local var) */
803 arm11_run_instr_data_from_core(arm11, 0xEE000E15, data, 1);
808 /** Load data into core via DTR then move it to r0 then
809 * execute one instruction via ITR
811 * The final executed instruction (\p opcode) should read data from r0.
813 * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
815 * \param arm11 Target state variable.
816 * \param opcode ARM opcode to read r0 act upon it
817 * \param data Data word that will be written to r0 before \p opcode is executed
820 int arm11_run_instr_data_to_core_via_r0(struct arm11_common *arm11, uint32_t opcode, uint32_t data)
823 /* MRC p14,0,r0,c0,c5,0 */
824 retval = arm11_run_instr_data_to_core1(arm11, 0xEE100E15, data);
825 if (retval != ERROR_OK)
828 retval = arm11_run_instr_no_data1(arm11, opcode);
829 if (retval != ERROR_OK)
835 /** Apply reads and writes to scan chain 7
837 * \see struct arm11_sc7_action
839 * \param arm11 Target state variable.
840 * \param actions A list of read and/or write instructions
841 * \param count Number of instructions in the list.
844 int arm11_sc7_run(struct arm11_common *arm11, struct arm11_sc7_action *actions, size_t count)
848 retval = arm11_add_debug_scan_n(arm11, 0x07, ARM11_TAP_DEFAULT);
849 if (retval != ERROR_OK)
852 arm11_add_ir(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
854 struct scan_field chain7_fields[3];
863 arm11_setup_field(arm11, 1, &n_rw, &ready, chain7_fields + 0);
864 arm11_setup_field(arm11, 32, &data_out, &data_in, chain7_fields + 1);
865 arm11_setup_field(arm11, 7, &address_out, &address_in, chain7_fields + 2);
867 for (size_t i = 0; i < count + 1; i++) {
869 n_rw = actions[i].write ? 1 : 0;
870 data_out = actions[i].value;
871 address_out = actions[i].address;
878 /* Timeout here so we don't get stuck. */
881 JTAG_DEBUG("SC7 <= c%-3d Data %08x %s",
882 (unsigned) address_out,
884 n_rw ? "write" : "read");
886 arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(chain7_fields),
887 chain7_fields, TAP_DRPAUSE);
889 CHECK_RETVAL(jtag_execute_queue());
891 /* 'n_rw' is 'ready' on read out */
900 if ((timeval_ms()-then) > 1000) {
902 "Timeout (1000ms) waiting for instructions to complete");
911 JTAG_DEBUG("SC7 => Data %08x", (unsigned) data_in);
914 if (actions[i - 1].address != address_in)
915 LOG_WARNING("Scan chain 7 shifted out unexpected address");
917 if (!actions[i - 1].write)
918 actions[i - 1].value = data_in;
920 if (actions[i - 1].value != data_in)
921 LOG_WARNING("Scan chain 7 shifted out unexpected data");
928 /** Clear VCR and all breakpoints and watchpoints via scan chain 7
930 * \param arm11 Target state variable.
933 int arm11_sc7_clear_vbw(struct arm11_common *arm11)
935 size_t clear_bw_size = arm11->brp + 1;
936 struct arm11_sc7_action *clear_bw = malloc(sizeof(struct arm11_sc7_action) * clear_bw_size);
937 struct arm11_sc7_action *pos = clear_bw;
939 for (size_t i = 0; i < clear_bw_size; i++) {
940 clear_bw[i].write = true;
941 clear_bw[i].value = 0;
944 for (size_t i = 0; i < arm11->brp; i++)
945 (pos++)->address = ARM11_SC7_BCR0 + i;
947 (pos++)->address = ARM11_SC7_VCR;
950 retval = arm11_sc7_run(arm11, clear_bw, clear_bw_size);
957 /** Write VCR register
959 * \param arm11 Target state variable.
960 * \param value Value to be written
962 int arm11_sc7_set_vcr(struct arm11_common *arm11, uint32_t value)
964 struct arm11_sc7_action set_vcr;
966 set_vcr.write = true;
967 set_vcr.address = ARM11_SC7_VCR;
968 set_vcr.value = value;
970 return arm11_sc7_run(arm11, &set_vcr, 1);
973 /** Read word from address
975 * \param arm11 Target state variable.
976 * \param address Memory address to be read
977 * \param result Pointer where to store result
980 int arm11_read_memory_word(struct arm11_common *arm11, uint32_t address, uint32_t *result)
983 retval = arm11_run_instr_data_prepare(arm11);
984 if (retval != ERROR_OK)
987 /* MRC p14,0,r0,c0,c5,0 (r0 = address) */
988 CHECK_RETVAL(arm11_run_instr_data_to_core1(arm11, 0xee100e15, address));
990 /* LDC p14,c5,[R0],#4 (DTR = [r0]) */
991 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11, 0xecb05e01, result, 1));
993 return arm11_run_instr_data_finish(arm11);
996 /************************************************************************/
999 * ARM11 provider for the OpenOCD implementation of the standard
1000 * architectural ARM v6/v7 "Debug Programmer's Model" (DPM).
1003 static inline struct arm11_common *dpm_to_arm11(struct arm_dpm *dpm)
1005 return container_of(dpm, struct arm11_common, dpm);
1008 static int arm11_dpm_prepare(struct arm_dpm *dpm)
1010 return arm11_run_instr_data_prepare(dpm_to_arm11(dpm));
1013 static int arm11_dpm_finish(struct arm_dpm *dpm)
1015 return arm11_run_instr_data_finish(dpm_to_arm11(dpm));
1018 static int arm11_dpm_instr_write_data_dcc(struct arm_dpm *dpm,
1019 uint32_t opcode, uint32_t data)
1021 return arm11_run_instr_data_to_core(dpm_to_arm11(dpm),
1025 static int arm11_dpm_instr_write_data_r0(struct arm_dpm *dpm,
1026 uint32_t opcode, uint32_t data)
1028 return arm11_run_instr_data_to_core_via_r0(dpm_to_arm11(dpm),
1032 static int arm11_dpm_instr_read_data_dcc(struct arm_dpm *dpm,
1033 uint32_t opcode, uint32_t *data)
1035 return arm11_run_instr_data_from_core(dpm_to_arm11(dpm),
1039 static int arm11_dpm_instr_read_data_r0(struct arm_dpm *dpm,
1040 uint32_t opcode, uint32_t *data)
1042 return arm11_run_instr_data_from_core_via_r0(dpm_to_arm11(dpm),
1046 /* Because arm11_sc7_run() takes a vector of actions, we batch breakpoint
1047 * and watchpoint operations instead of running them right away. Since we
1048 * pre-allocated our vector, we don't need to worry about space.
1050 static int arm11_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
1051 uint32_t addr, uint32_t control)
1053 struct arm11_common *arm11 = dpm_to_arm11(dpm);
1054 struct arm11_sc7_action *action;
1056 action = arm11->bpwp_actions + arm11->bpwp_n;
1058 /* Invariant: this bp/wp is disabled.
1059 * It also happens that the core is halted here, but for
1060 * DPM-based cores we don't actually care about that.
1063 action[0].write = action[1].write = true;
1065 action[0].value = addr;
1066 action[1].value = control;
1070 action[0].address = ARM11_SC7_BVR0 + index_t;
1071 action[1].address = ARM11_SC7_BCR0 + index_t;
1075 action[0].address = ARM11_SC7_WVR0 + index_t;
1076 action[1].address = ARM11_SC7_WCR0 + index_t;
1087 static int arm11_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
1089 struct arm11_common *arm11 = dpm_to_arm11(dpm);
1090 struct arm11_sc7_action *action;
1092 action = arm11->bpwp_actions + arm11->bpwp_n;
1094 action[0].write = true;
1095 action[0].value = 0;
1099 action[0].address = ARM11_SC7_BCR0 + index_t;
1103 action[0].address = ARM11_SC7_WCR0 + index_t;
1114 /** Flush any pending breakpoint and watchpoint updates. */
1115 int arm11_bpwp_flush(struct arm11_common *arm11)
1122 retval = arm11_sc7_run(arm11, arm11->bpwp_actions, arm11->bpwp_n);
1128 /** Set up high-level debug module utilities */
1129 int arm11_dpm_init(struct arm11_common *arm11, uint32_t didr)
1131 struct arm_dpm *dpm = &arm11->dpm;
1134 dpm->arm = &arm11->arm;
1138 dpm->prepare = arm11_dpm_prepare;
1139 dpm->finish = arm11_dpm_finish;
1141 dpm->instr_write_data_dcc = arm11_dpm_instr_write_data_dcc;
1142 dpm->instr_write_data_r0 = arm11_dpm_instr_write_data_r0;
1144 dpm->instr_read_data_dcc = arm11_dpm_instr_read_data_dcc;
1145 dpm->instr_read_data_r0 = arm11_dpm_instr_read_data_r0;
1147 dpm->bpwp_enable = arm11_bpwp_enable;
1148 dpm->bpwp_disable = arm11_bpwp_disable;
1150 retval = arm_dpm_setup(dpm);
1151 if (retval != ERROR_OK)
1154 /* alloc enough to enable all breakpoints and watchpoints at once */
1155 arm11->bpwp_actions = calloc(2 * (dpm->nbp + dpm->nwp),
1156 sizeof(*arm11->bpwp_actions));
1157 if (!arm11->bpwp_actions)
1160 retval = arm_dpm_initialize(dpm);
1161 if (retval != ERROR_OK)
1164 return arm11_bpwp_flush(arm11);
1167 void arm11_dpm_deinit(struct arm11_common *arm11)
1169 struct arm_dpm *dpm = &arm11->dpm;
1171 free(arm11->bpwp_actions);
1172 arm_free_reg_cache(dpm->arm);
projects / fw / openocd / blob