1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 /***************************************************************************
4 * Copyright (C) 2005 by Dominic Rath *
5 * Dominic.Rath@gmx.de *
7 * Copyright (C) 2007-2010 Øyvind Harboe *
8 * oyvind.harboe@zylin.com *
10 * Copyright (C) 2008 by Spencer Oliver *
11 * spen@spen-soft.co.uk *
13 * Copyright (C) 2008 by Hongtao Zheng *
16 * Copyright (C) 2009 by David Brownell *
17 ***************************************************************************/
23 #include "breakpoints.h"
24 #include "embeddedice.h"
25 #include "target_request.h"
27 #include <helper/time_support.h>
28 #include "arm_simulator.h"
29 #include "arm_semihosting.h"
30 #include "algorithm.h"
36 * Hold common code supporting the ARM7 and ARM9 core generations.
38 * While the ARM core implementations evolved substantially during these
39 * two generations, they look quite similar from the JTAG perspective.
40 * Both have similar debug facilities, based on the same two scan chains
41 * providing access to the core and to an EmbeddedICE module. Both can
42 * support similar ETM and ETB modules, for tracing. And both expose
43 * what could be viewed as "ARM Classic", with multiple processor modes,
44 * shadowed registers, and support for the Thumb instruction set.
46 * Processor differences include things like presence or absence of MMU
47 * and cache, pipeline sizes, use of a modified Harvard Architecture
48 * (with separate instruction and data buses from the CPU), support
49 * for cpu clock gating during idle, and more.
52 static int arm7_9_debug_entry(struct target *target);
55 * Clear watchpoints for an ARM7/9 target.
57 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
58 * @return JTAG error status after executing queue
60 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
64 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
65 arm7_9->sw_breakpoint_count = 0;
66 arm7_9->sw_breakpoints_added = 0;
68 arm7_9->wp1_used = arm7_9->wp1_used_default;
69 arm7_9->wp_available = arm7_9->wp_available_max;
71 return jtag_execute_queue();
75 * Assign a watchpoint to one of the two available hardware comparators in an
76 * ARM7 or ARM9 target.
78 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
79 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
81 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
83 if (!arm7_9->wp0_used) {
85 breakpoint_hw_set(breakpoint, 0);
86 arm7_9->wp_available--;
87 } else if (!arm7_9->wp1_used) {
89 breakpoint_hw_set(breakpoint, 1);
90 arm7_9->wp_available--;
92 LOG_ERROR("BUG: no hardware comparator available");
95 LOG_DEBUG("BPID: %" PRIu32 " (0x%08" TARGET_PRIxADDR ") using hw wp: %u",
96 breakpoint->unique_id,
102 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
104 * @param arm7_9 Pointer to common struct for ARM7/9 targets
105 * @return Error codes if there is a problem finding a watchpoint or the result
106 * of executing the JTAG queue
108 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
110 if (arm7_9->sw_breakpoints_added)
112 if (arm7_9->wp_available < 1) {
113 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
114 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
116 arm7_9->wp_available--;
118 /* pick a breakpoint unit */
119 if (!arm7_9->wp0_used) {
120 arm7_9->sw_breakpoints_added = 1;
121 arm7_9->wp0_used = 3;
122 } else if (!arm7_9->wp1_used) {
123 arm7_9->sw_breakpoints_added = 2;
124 arm7_9->wp1_used = 3;
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
130 if (arm7_9->sw_breakpoints_added == 1) {
131 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
132 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
133 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
134 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_NOPC & 0xff);
135 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
136 } else if (arm7_9->sw_breakpoints_added == 2) {
137 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
138 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_NOPC & 0xff);
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
143 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
146 LOG_DEBUG("SW BP using hw wp: %d",
147 arm7_9->sw_breakpoints_added);
149 return jtag_execute_queue();
153 * Setup the common pieces for an ARM7/9 target after reset or on startup.
155 * @param target Pointer to an ARM7/9 target to setup
156 * @return Result of clearing the watchpoints on the target
158 static int arm7_9_setup(struct target *target)
160 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
162 return arm7_9_clear_watchpoints(arm7_9);
166 * Set either a hardware or software breakpoint on an ARM7/9 target. The
167 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
168 * might have erased the values in Embedded ICE.
170 * @param target Pointer to the target device to set the breakpoints on
171 * @param breakpoint Pointer to the breakpoint to be set
172 * @return For hardware breakpoints, this is the result of executing the JTAG
173 * queue. For software breakpoints, this will be the status of the
174 * required memory reads and writes
176 static int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
178 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
179 int retval = ERROR_OK;
181 LOG_DEBUG("BPID: %" PRIu32 ", Address: 0x%08" TARGET_PRIxADDR ", Type: %d",
182 breakpoint->unique_id,
186 if (target->state != TARGET_HALTED) {
187 LOG_WARNING("target not halted");
188 return ERROR_TARGET_NOT_HALTED;
191 if (breakpoint->type == BKPT_HARD) {
192 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
193 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
195 /* reassign a hw breakpoint */
196 if (!breakpoint->is_set)
197 arm7_9_assign_wp(arm7_9, breakpoint);
199 if (breakpoint->number == 0) {
200 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
201 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
202 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
203 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_NOPC & 0xff);
204 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
205 } else if (breakpoint->number == 1) {
206 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
207 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
208 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
209 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_NOPC & 0xff);
210 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
212 LOG_ERROR("BUG: no hardware comparator available");
216 retval = jtag_execute_queue();
217 } else if (breakpoint->type == BKPT_SOFT) {
218 /* did we already set this breakpoint? */
219 if (breakpoint->is_set)
222 if (breakpoint->length == 4) {
223 uint32_t verify = 0xffffffff;
224 /* keep the original instruction in target endianness */
225 retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
226 if (retval != ERROR_OK)
228 /* write the breakpoint instruction in target
229 * endianness (arm7_9->arm_bkpt is host endian) */
230 retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
231 if (retval != ERROR_OK)
234 retval = target_read_u32(target, breakpoint->address, &verify);
235 if (retval != ERROR_OK)
237 if (verify != arm7_9->arm_bkpt) {
238 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" TARGET_PRIxADDR
239 " - check that memory is read/writable", breakpoint->address);
243 uint16_t verify = 0xffff;
244 /* keep the original instruction in target endianness */
245 retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
246 if (retval != ERROR_OK)
248 /* write the breakpoint instruction in target
249 * endianness (arm7_9->thumb_bkpt is host endian) */
250 retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
251 if (retval != ERROR_OK)
254 retval = target_read_u16(target, breakpoint->address, &verify);
255 if (retval != ERROR_OK)
257 if (verify != arm7_9->thumb_bkpt) {
258 LOG_ERROR("Unable to set thumb software breakpoint at address %08" TARGET_PRIxADDR
259 " - check that memory is read/writable", breakpoint->address);
264 retval = arm7_9_set_software_breakpoints(arm7_9);
265 if (retval != ERROR_OK)
268 arm7_9->sw_breakpoint_count++;
270 breakpoint->is_set = true;
277 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
278 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
279 * will be updated. Otherwise, the software breakpoint will be restored to its
280 * original instruction if it hasn't already been modified.
282 * @param target Pointer to ARM7/9 target to unset the breakpoint from
283 * @param breakpoint Pointer to breakpoint to be unset
284 * @return For hardware breakpoints, this is the result of executing the JTAG
285 * queue. For software breakpoints, this will be the status of the
286 * required memory reads and writes
288 static int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
290 int retval = ERROR_OK;
291 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
293 LOG_DEBUG("BPID: %" PRIu32 ", Address: 0x%08" TARGET_PRIxADDR,
294 breakpoint->unique_id,
295 breakpoint->address);
297 if (!breakpoint->is_set) {
298 LOG_WARNING("breakpoint not set");
302 if (breakpoint->type == BKPT_HARD) {
303 LOG_DEBUG("BPID: %" PRIu32 " Releasing hw wp: %d",
304 breakpoint->unique_id,
306 if (breakpoint->number == 0) {
307 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
308 arm7_9->wp0_used = 0;
309 arm7_9->wp_available++;
310 } else if (breakpoint->number == 1) {
311 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
312 arm7_9->wp1_used = 0;
313 arm7_9->wp_available++;
315 retval = jtag_execute_queue();
316 breakpoint->is_set = false;
318 /* restore original instruction (kept in target endianness) */
319 if (breakpoint->length == 4) {
320 uint32_t current_instr;
321 /* check that user program as not modified breakpoint instruction */
322 retval = target_read_memory(target,
323 breakpoint->address, 4, 1, (uint8_t *)¤t_instr);
324 if (retval != ERROR_OK)
326 current_instr = target_buffer_get_u32(target, (uint8_t *)¤t_instr);
327 if (current_instr == arm7_9->arm_bkpt) {
328 retval = target_write_memory(target,
329 breakpoint->address, 4, 1, breakpoint->orig_instr);
330 if (retval != ERROR_OK)
335 uint16_t current_instr;
336 /* check that user program as not modified breakpoint instruction */
337 retval = target_read_memory(target,
338 breakpoint->address, 2, 1, (uint8_t *)¤t_instr);
339 if (retval != ERROR_OK)
341 current_instr = target_buffer_get_u16(target, (uint8_t *)¤t_instr);
342 if (current_instr == arm7_9->thumb_bkpt) {
343 retval = target_write_memory(target,
344 breakpoint->address, 2, 1, breakpoint->orig_instr);
345 if (retval != ERROR_OK)
350 if (--arm7_9->sw_breakpoint_count == 0) {
351 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
353 if (arm7_9->sw_breakpoints_added == 1)
354 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
355 EICE_W0_CONTROL_VALUE], 0);
356 else if (arm7_9->sw_breakpoints_added == 2)
357 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
358 EICE_W1_CONTROL_VALUE], 0);
361 breakpoint->is_set = false;
368 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
369 * dangling breakpoints and that the desired breakpoint can be added.
371 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
372 * @param breakpoint Pointer to the breakpoint to be added
373 * @return An error status if there is a problem adding the breakpoint or the
374 * result of setting the breakpoint
376 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
378 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
380 if (arm7_9->breakpoint_count == 0) {
381 /* make sure we don't have any dangling breakpoints. This is vital upon
382 * GDB connect/disconnect
384 arm7_9_clear_watchpoints(arm7_9);
387 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1)) {
388 LOG_INFO("no watchpoint unit available for hardware breakpoint");
389 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
392 if ((breakpoint->length != 2) && (breakpoint->length != 4)) {
393 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
394 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
397 if (breakpoint->type == BKPT_HARD)
398 arm7_9_assign_wp(arm7_9, breakpoint);
400 arm7_9->breakpoint_count++;
402 return arm7_9_set_breakpoint(target, breakpoint);
406 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
407 * dangling breakpoints and updates available watchpoints if it is a hardware
410 * @param target Pointer to the target to have a breakpoint removed
411 * @param breakpoint Pointer to the breakpoint to be removed
412 * @return Error status if there was a problem unsetting the breakpoint or the
413 * watchpoints could not be cleared
415 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
417 int retval = ERROR_OK;
418 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
420 retval = arm7_9_unset_breakpoint(target, breakpoint);
421 if (retval != ERROR_OK)
424 if (breakpoint->type == BKPT_HARD)
425 arm7_9->wp_available++;
427 arm7_9->breakpoint_count--;
428 if (arm7_9->breakpoint_count == 0) {
429 /* make sure we don't have any dangling breakpoints */
430 retval = arm7_9_clear_watchpoints(arm7_9);
431 if (retval != ERROR_OK)
439 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
440 * considered a bug to call this function when there are no available watchpoint
443 * @param target Pointer to an ARM7/9 target to set a watchpoint on
444 * @param watchpoint Pointer to the watchpoint to be set
445 * @return Error status if watchpoint set fails or the result of executing the
448 static int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
450 int retval = ERROR_OK;
451 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
455 mask = watchpoint->length - 1;
457 if (target->state != TARGET_HALTED) {
458 LOG_WARNING("target not halted");
459 return ERROR_TARGET_NOT_HALTED;
462 if (watchpoint->rw == WPT_ACCESS)
467 if (!arm7_9->wp0_used) {
468 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE],
469 watchpoint->address);
470 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
471 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK],
473 if (watchpoint->mask != 0xffffffffu)
474 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE],
476 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
477 0xff & ~EICE_W_CTRL_NOPC & ~rw_mask);
478 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
479 EICE_W_CTRL_ENABLE | EICE_W_CTRL_NOPC | (watchpoint->rw & 1));
481 retval = jtag_execute_queue();
482 if (retval != ERROR_OK)
484 watchpoint_set(watchpoint, 1);
485 arm7_9->wp0_used = 2;
486 } else if (!arm7_9->wp1_used) {
487 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
488 watchpoint->address);
489 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
490 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK],
492 if (watchpoint->mask != 0xffffffffu)
493 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE],
495 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
496 0xff & ~EICE_W_CTRL_NOPC & ~rw_mask);
497 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
498 EICE_W_CTRL_ENABLE | EICE_W_CTRL_NOPC | (watchpoint->rw & 1));
500 retval = jtag_execute_queue();
501 if (retval != ERROR_OK)
503 watchpoint_set(watchpoint, 2);
504 arm7_9->wp1_used = 2;
506 LOG_ERROR("BUG: no hardware comparator available");
514 * Unset an existing watchpoint and clear the used watchpoint unit.
516 * @param target Pointer to the target to have the watchpoint removed
517 * @param watchpoint Pointer to the watchpoint to be removed
518 * @return Error status while trying to unset the watchpoint or the result of
519 * executing the JTAG queue
521 static int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
523 int retval = ERROR_OK;
524 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
526 if (target->state != TARGET_HALTED) {
527 LOG_WARNING("target not halted");
528 return ERROR_TARGET_NOT_HALTED;
531 if (!watchpoint->is_set) {
532 LOG_WARNING("breakpoint not set");
536 if (watchpoint->number == 1) {
537 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
538 retval = jtag_execute_queue();
539 if (retval != ERROR_OK)
541 arm7_9->wp0_used = 0;
542 } else if (watchpoint->number == 2) {
543 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
544 retval = jtag_execute_queue();
545 if (retval != ERROR_OK)
547 arm7_9->wp1_used = 0;
549 watchpoint->is_set = false;
555 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
556 * available, an error response is returned.
558 * @param target Pointer to the ARM7/9 target to add a watchpoint to
559 * @param watchpoint Pointer to the watchpoint to be added
560 * @return Error status while trying to add the watchpoint
562 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
566 if (arm7_9->wp_available < 1)
567 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
569 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
570 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
572 arm7_9->wp_available--;
578 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
579 * the used watchpoint unit will be reopened.
581 * @param target Pointer to the target to remove a watchpoint from
582 * @param watchpoint Pointer to the watchpoint to be removed
583 * @return Result of trying to unset the watchpoint
585 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
587 int retval = ERROR_OK;
588 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
590 if (watchpoint->is_set) {
591 retval = arm7_9_unset_watchpoint(target, watchpoint);
592 if (retval != ERROR_OK)
596 arm7_9->wp_available++;
602 * Restarts the target by sending a RESTART instruction and moving the JTAG
603 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
604 * asserted by the processor.
606 * @param target Pointer to target to issue commands to
607 * @return Error status if there is a timeout or a problem while executing the
610 int arm7_9_execute_sys_speed(struct target *target)
613 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
614 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
615 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
617 /* set RESTART instruction */
618 if (arm7_9->need_bypass_before_restart) {
619 arm7_9->need_bypass_before_restart = 0;
620 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
621 if (retval != ERROR_OK)
624 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
625 if (retval != ERROR_OK)
628 int64_t then = timeval_ms();
630 while (!(timeout = ((timeval_ms()-then) > 1000))) {
631 /* read debug status register */
632 embeddedice_read_reg(dbg_stat);
633 retval = jtag_execute_queue();
634 if (retval != ERROR_OK)
636 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
637 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
639 if (debug_level >= 3)
645 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "",
646 buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
647 return ERROR_TARGET_TIMEOUT;
654 * Restarts the target by sending a RESTART instruction and moving the JTAG
655 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
656 * waiting until they are.
658 * @param target Pointer to the target to issue commands to
659 * @return Always ERROR_OK
661 static int arm7_9_execute_fast_sys_speed(struct target *target)
664 static uint8_t check_value[4], check_mask[4];
666 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
667 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
668 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
671 /* set RESTART instruction */
672 if (arm7_9->need_bypass_before_restart) {
673 arm7_9->need_bypass_before_restart = 0;
674 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
675 if (retval != ERROR_OK)
678 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
679 if (retval != ERROR_OK)
683 /* check for DBGACK and SYSCOMP set (others don't care) */
685 /* NB! These are constants that must be available until after next jtag_execute() and
686 * we evaluate the values upon first execution in lieu of setting up these constants
687 * during early setup.
689 buf_set_u32(check_value, 0, 32, 0x9);
690 buf_set_u32(check_mask, 0, 32, 0x9);
694 /* read debug status register */
695 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
701 * Get some data from the ARM7/9 target.
703 * @param target Pointer to the ARM7/9 target to read data from
704 * @param size The number of 32bit words to be read
705 * @param buffer Pointer to the buffer that will hold the data
706 * @return The result of receiving data from the Embedded ICE unit
708 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
710 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
711 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
713 int retval = ERROR_OK;
716 data = malloc(size * (sizeof(uint32_t)));
718 retval = embeddedice_receive(jtag_info, data, size);
720 /* return the 32-bit ints in the 8-bit array */
721 for (i = 0; i < size; i++)
722 h_u32_to_le(buffer + (i * 4), data[i]);
730 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
731 * target is running and the DCC control register has the W bit high, this will
732 * execute the request on the target.
734 * @param priv Void pointer expected to be a struct target pointer
735 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
736 * from the Embedded ICE unit
738 static int arm7_9_handle_target_request(void *priv)
740 int retval = ERROR_OK;
741 struct target *target = priv;
742 if (!target_was_examined(target))
744 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
745 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
746 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
748 if (!target->dbg_msg_enabled)
751 if (target->state == TARGET_RUNNING) {
752 /* read DCC control register */
753 embeddedice_read_reg(dcc_control);
754 retval = jtag_execute_queue();
755 if (retval != ERROR_OK)
759 if (buf_get_u32(dcc_control->value, 1, 1) == 1) {
762 retval = embeddedice_receive(jtag_info, &request, 1);
763 if (retval != ERROR_OK)
765 retval = target_request(target, request);
766 if (retval != ERROR_OK)
775 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
776 * is manipulated to the right halted state based on its current state. This is
780 * <tr><th > State</th><th > Action</th></tr>
781 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
782 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
783 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
784 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
785 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
788 * If the target does not end up in the halted state, a warning is produced. If
789 * DBGACK is cleared, then the target is expected to either be running or
792 * @param target Pointer to the ARM7/9 target to poll
793 * @return ERROR_OK or an error status if a command fails
795 int arm7_9_poll(struct target *target)
798 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
799 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
801 /* read debug status register */
802 embeddedice_read_reg(dbg_stat);
803 retval = jtag_execute_queue();
804 if (retval != ERROR_OK)
807 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)) {
808 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
809 if (target->state == TARGET_UNKNOWN) {
810 /* Starting OpenOCD with target in debug-halt */
811 target->state = TARGET_RUNNING;
812 LOG_DEBUG("DBGACK already set during server startup.");
814 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET)) {
815 target->state = TARGET_HALTED;
817 retval = arm7_9_debug_entry(target);
818 if (retval != ERROR_OK)
821 if (arm_semihosting(target, &retval) != 0)
824 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
825 if (retval != ERROR_OK)
828 if (target->state == TARGET_DEBUG_RUNNING) {
829 target->state = TARGET_HALTED;
830 retval = arm7_9_debug_entry(target);
831 if (retval != ERROR_OK)
834 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
835 if (retval != ERROR_OK)
838 if (target->state != TARGET_HALTED)
840 "DBGACK set, but the target did not end up in the halted state %d",
843 if (target->state != TARGET_DEBUG_RUNNING)
844 target->state = TARGET_RUNNING;
851 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
852 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
853 * affected) completely stop the JTAG clock while the core is held in reset
854 * (SRST). It isn't possible to program the halt condition once reset is
855 * asserted, hence a hook that allows the target to set up its reset-halt
856 * condition is setup prior to asserting reset.
858 * @param target Pointer to an ARM7/9 target to assert reset on
859 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
861 int arm7_9_assert_reset(struct target *target)
863 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
864 enum reset_types jtag_reset_config = jtag_get_reset_config();
865 bool use_event = false;
867 /* TODO: apply hw reset signal in not examined state */
868 if (!(target_was_examined(target))) {
869 LOG_WARNING("Reset is not asserted because the target is not examined.");
870 LOG_WARNING("Use a reset button or power cycle the target.");
871 return ERROR_TARGET_NOT_EXAMINED;
874 LOG_DEBUG("target->state: %s", target_state_name(target));
876 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
878 else if (!(jtag_reset_config & RESET_HAS_SRST)) {
879 LOG_ERROR("%s: how to reset?", target_name(target));
883 /* At this point trst has been asserted/deasserted once. We would
884 * like to program EmbeddedICE while SRST is asserted, instead of
885 * depending on SRST to leave that module alone. However, many CPUs
886 * gate the JTAG clock while SRST is asserted; or JTAG may need
887 * clock stability guarantees (adaptive clocking might help).
889 * So we assume JTAG access during SRST is off the menu unless it's
890 * been specifically enabled.
892 bool srst_asserted = false;
894 if (!use_event && !(jtag_reset_config & RESET_SRST_PULLS_TRST)
895 && (jtag_reset_config & RESET_SRST_NO_GATING)) {
896 jtag_add_reset(0, 1);
897 srst_asserted = true;
900 if (target->reset_halt) {
902 * For targets that don't support communication while SRST is
903 * asserted, we need to set up the reset vector catch first.
905 * When we use TRST+SRST and that's equivalent to a power-up
906 * reset, these settings may well be reset anyway; so setting
907 * them here won't matter.
909 if (arm7_9->has_vector_catch) {
910 /* program vector catch register to catch reset */
911 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
913 /* extra runtest added as issues were found with
914 * certain ARM9 cores (maybe more) - AT91SAM9260
917 jtag_add_runtest(1, TAP_IDLE);
919 /* program watchpoint unit to match on reset vector
922 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
923 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
924 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
925 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
926 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_NOPC & 0xff);
931 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
933 /* If we use SRST ... we'd like to issue just SRST, but the
934 * board or chip may be set up so we have to assert TRST as
935 * well. On some chips that combination is equivalent to a
936 * power-up reset, and generally clobbers EICE state.
938 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
939 jtag_add_reset(1, 1);
940 else if (!srst_asserted)
941 jtag_add_reset(0, 1);
942 jtag_add_sleep(50000);
945 target->state = TARGET_RESET;
946 register_cache_invalidate(arm7_9->arm.core_cache);
948 /* REVISIT why isn't standard debug entry logic sufficient?? */
949 if (target->reset_halt && (!(jtag_reset_config & RESET_SRST_PULLS_TRST) || use_event)) {
950 /* debug entry was prepared above */
951 target->debug_reason = DBG_REASON_DBGRQ;
958 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
959 * and the target is being reset into a halt, a warning will be triggered
960 * because it is not possible to reset into a halted mode in this case. The
961 * target is halted using the target's functions.
963 * @param target Pointer to the target to have the reset deasserted
964 * @return ERROR_OK or an error from polling or halting the target
966 int arm7_9_deassert_reset(struct target *target)
968 int retval = ERROR_OK;
969 LOG_DEBUG("target->state: %s", target_state_name(target));
971 /* deassert reset lines */
972 jtag_add_reset(0, 0);
974 /* In case polling is disabled, we need to examine the
975 * target and poll here for this target to work correctly.
977 * Otherwise, e.g. halt will fail afterwards with bogus
978 * error messages as halt will believe that reset is
981 retval = target_examine_one(target);
982 if (retval != ERROR_OK)
985 retval = target_poll(target);
986 if (retval != ERROR_OK)
989 enum reset_types jtag_reset_config = jtag_get_reset_config();
990 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0) {
992 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
993 retval = target_halt(target);
994 if (retval != ERROR_OK)
1001 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1002 * reset and if DBGRQ is used, it is programmed to be deasserted. If the reset
1003 * vector catch was used, it is restored. Otherwise, the control value is
1004 * restored and the watchpoint unit is restored if it was in use.
1006 * @param target Pointer to the ARM7/9 target to have halt cleared
1007 * @return Always ERROR_OK
1009 static int arm7_9_clear_halt(struct target *target)
1011 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1012 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1014 /* we used DBGRQ only if we didn't come out of reset */
1015 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq) {
1016 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1018 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1019 embeddedice_store_reg(dbg_ctrl);
1021 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch) {
1022 /* if we came out of reset, and vector catch is supported, we used
1023 * vector catch to enter debug state
1024 * restore the register in that case
1026 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1028 /* restore registers if watchpoint unit 0 was in use
1030 if (arm7_9->wp0_used) {
1031 if (arm7_9->debug_entry_from_reset)
1032 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1033 EICE_W0_ADDR_VALUE]);
1034 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1035 EICE_W0_ADDR_MASK]);
1036 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1037 EICE_W0_DATA_MASK]);
1038 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1039 EICE_W0_CONTROL_MASK]);
1041 /* control value always has to be restored, as it was either disabled,
1042 * or enabled with possibly different bits
1044 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1052 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1053 * and then there is a wait until the processor shows the halt. This wait can
1054 * timeout and results in an error being returned. The software reset involves
1055 * clearing the halt, updating the debug control register, changing to ARM mode,
1056 * reset of the program counter, and reset of all of the registers.
1058 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1059 * @return Error status if any of the commands fail, otherwise ERROR_OK
1061 int arm7_9_soft_reset_halt(struct target *target)
1063 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1064 struct arm *arm = &arm7_9->arm;
1065 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1066 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1070 /* FIX!!! replace some of this code with tcl commands
1072 * halt # the halt command is synchronous
1073 * armv4_5 core_state arm
1077 retval = target_halt(target);
1078 if (retval != ERROR_OK)
1081 long long then = timeval_ms();
1083 while (!(timeout = ((timeval_ms()-then) > 1000))) {
1084 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1086 embeddedice_read_reg(dbg_stat);
1087 retval = jtag_execute_queue();
1088 if (retval != ERROR_OK)
1090 if (debug_level >= 3)
1096 LOG_ERROR("Failed to halt CPU after 1 sec");
1097 return ERROR_TARGET_TIMEOUT;
1099 target->state = TARGET_HALTED;
1101 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1102 * ensure that DBGRQ is cleared
1104 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1105 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1106 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1107 embeddedice_store_reg(dbg_ctrl);
1109 retval = arm7_9_clear_halt(target);
1110 if (retval != ERROR_OK)
1113 /* if the target is in Thumb state, change to ARM state */
1114 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1115 uint32_t r0_thumb, pc_thumb;
1116 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1117 /* Entered debug from Thumb mode */
1118 arm->core_state = ARM_STATE_THUMB;
1119 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1122 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1124 /* all register content is now invalid */
1125 register_cache_invalidate(arm->core_cache);
1127 /* SVC, ARM state, IRQ and FIQ disabled */
1130 cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
1133 arm_set_cpsr(arm, cpsr);
1134 arm->cpsr->dirty = true;
1136 /* start fetching from 0x0 */
1137 buf_set_u32(arm->pc->value, 0, 32, 0x0);
1138 arm->pc->dirty = true;
1139 arm->pc->valid = true;
1141 /* reset registers */
1142 for (i = 0; i <= 14; i++) {
1143 struct reg *r = arm_reg_current(arm, i);
1145 buf_set_u32(r->value, 0, 32, 0xffffffff);
1150 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1151 if (retval != ERROR_OK)
1158 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1159 * line or by programming a watchpoint to trigger on any address. It is
1160 * considered a bug to call this function while the target is in the
1161 * TARGET_RESET state.
1163 * @param target Pointer to the ARM7/9 target to be halted
1164 * @return Always ERROR_OK
1166 int arm7_9_halt(struct target *target)
1168 if (target->state == TARGET_RESET) {
1170 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1174 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1175 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1177 LOG_DEBUG("target->state: %s",
1178 target_state_name(target));
1180 if (target->state == TARGET_HALTED) {
1181 LOG_DEBUG("target was already halted");
1185 if (target->state == TARGET_UNKNOWN)
1186 LOG_WARNING("target was in unknown state when halt was requested");
1188 if (arm7_9->use_dbgrq) {
1189 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1191 if (arm7_9->set_special_dbgrq)
1192 arm7_9->set_special_dbgrq(target);
1194 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1195 embeddedice_store_reg(dbg_ctrl);
1198 /* program watchpoint unit to match on any address
1200 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1201 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1202 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1203 EICE_W_CTRL_ENABLE);
1204 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1205 ~EICE_W_CTRL_NOPC & 0xff);
1208 target->debug_reason = DBG_REASON_DBGRQ;
1214 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1215 * ARM. The JTAG queue is then executed and the reason for debug entry is
1216 * examined. Once done, the target is verified to be halted and the processor
1217 * is forced into ARM mode. The core registers are saved for the current core
1218 * mode and the program counter (register 15) is updated as needed. The core
1219 * registers and CPSR and SPSR are saved for restoration later.
1221 * @param target Pointer to target that is entering debug mode
1222 * @return Error code if anything fails, otherwise ERROR_OK
1224 static int arm7_9_debug_entry(struct target *target)
1227 uint32_t context[16];
1228 uint32_t *context_p[16];
1229 uint32_t r0_thumb, pc_thumb;
1230 uint32_t cpsr, cpsr_mask = 0;
1232 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1233 struct arm *arm = &arm7_9->arm;
1234 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1235 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1237 #ifdef _DEBUG_ARM7_9_
1241 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1242 * ensure that DBGRQ is cleared
1244 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1245 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1246 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1247 embeddedice_store_reg(dbg_ctrl);
1249 retval = arm7_9_clear_halt(target);
1250 if (retval != ERROR_OK)
1253 retval = jtag_execute_queue();
1254 if (retval != ERROR_OK)
1257 retval = arm7_9->examine_debug_reason(target);
1258 if (retval != ERROR_OK)
1261 if (target->state != TARGET_HALTED) {
1262 LOG_WARNING("target not halted");
1263 return ERROR_TARGET_NOT_HALTED;
1266 /* if the target is in Thumb state, change to ARM state */
1267 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1268 LOG_DEBUG("target entered debug from Thumb state");
1269 /* Entered debug from Thumb mode */
1270 arm->core_state = ARM_STATE_THUMB;
1272 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1273 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1274 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1275 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1276 /* \todo Get some vaguely correct handling of Jazelle, if
1277 * anyone ever uses it and full info becomes available.
1278 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1279 * B.7.3 for the reverse. That'd be the bare minimum...
1281 LOG_DEBUG("target entered debug from Jazelle state");
1282 arm->core_state = ARM_STATE_JAZELLE;
1283 cpsr_mask = 1 << 24;
1284 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1286 LOG_DEBUG("target entered debug from ARM state");
1287 /* Entered debug from ARM mode */
1288 arm->core_state = ARM_STATE_ARM;
1291 for (i = 0; i < 16; i++)
1292 context_p[i] = &context[i];
1293 /* save core registers (r0 - r15 of current core mode) */
1294 arm7_9->read_core_regs(target, 0xffff, context_p);
1296 arm7_9->read_xpsr(target, &cpsr, 0);
1298 retval = jtag_execute_queue();
1299 if (retval != ERROR_OK)
1302 /* Sync our CPSR copy with J or T bits EICE reported, but
1303 * which we then erased by putting the core into ARM mode.
1305 arm_set_cpsr(arm, cpsr | cpsr_mask);
1307 if (!is_arm_mode(arm->core_mode)) {
1308 target->state = TARGET_UNKNOWN;
1309 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1310 return ERROR_TARGET_FAILURE;
1313 LOG_DEBUG("target entered debug state in %s mode",
1314 arm_mode_name(arm->core_mode));
1316 if (arm->core_state == ARM_STATE_THUMB) {
1317 LOG_DEBUG("thumb state, applying fixups");
1318 context[0] = r0_thumb;
1319 context[15] = pc_thumb;
1320 } else if (arm->core_state == ARM_STATE_ARM) {
1321 /* adjust value stored by STM */
1322 context[15] -= 3 * 4;
1325 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1326 context[15] -= 3 * ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1328 context[15] -= arm7_9->dbgreq_adjust_pc *
1329 ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1331 for (i = 0; i <= 15; i++) {
1332 struct reg *r = arm_reg_current(arm, i);
1334 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1336 buf_set_u32(r->value, 0, 32, context[i]);
1337 /* r0 and r15 (pc) have to be restored later */
1338 r->dirty = (i == 0) || (i == 15);
1342 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1344 /* exceptions other than USR & SYS have a saved program status register */
1347 arm7_9->read_xpsr(target, &spsr, 1);
1348 retval = jtag_execute_queue();
1349 if (retval != ERROR_OK)
1351 buf_set_u32(arm->spsr->value, 0, 32, spsr);
1352 arm->spsr->dirty = false;
1353 arm->spsr->valid = true;
1356 retval = jtag_execute_queue();
1357 if (retval != ERROR_OK)
1360 if (arm7_9->post_debug_entry) {
1361 retval = arm7_9->post_debug_entry(target);
1362 if (retval != ERROR_OK)
1370 * Validate the full context for an ARM7/9 target in all processor modes. If
1371 * there are any invalid registers for the target, they will all be read. This
1374 * @param target Pointer to the ARM7/9 target to capture the full context from
1375 * @return Error if the target is not halted, has an invalid core mode, or if
1376 * the JTAG queue fails to execute
1378 static int arm7_9_full_context(struct target *target)
1382 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1383 struct arm *arm = &arm7_9->arm;
1387 } read_cache[6 * (16 + 1)];
1388 int read_cache_idx = 0;
1392 if (target->state != TARGET_HALTED) {
1393 LOG_WARNING("target not halted");
1394 return ERROR_TARGET_NOT_HALTED;
1397 if (!is_arm_mode(arm->core_mode)) {
1398 LOG_ERROR("not a valid arm core mode - communication failure?");
1402 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1403 * SYS shares registers with User, so we don't touch SYS
1405 for (i = 0; i < 6; i++) {
1407 uint32_t *reg_p[16];
1411 /* check if there are invalid registers in the current mode
1413 for (j = 0; j <= 16; j++) {
1414 if (!ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j).valid)
1421 /* change processor mode (and mask T bit) */
1422 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8)
1424 tmp_cpsr |= armv4_5_number_to_mode(i);
1426 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1428 for (j = 0; j < 15; j++) {
1429 if (!ARMV4_5_CORE_REG_MODE(arm->core_cache,
1430 armv4_5_number_to_mode(i), j).valid) {
1431 read_cache[read_cache_idx].reg_p = ARMV4_5_CORE_REG_MODE(
1433 armv4_5_number_to_mode(i),
1435 reg_p[j] = &read_cache[read_cache_idx].value;
1438 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1439 armv4_5_number_to_mode(i),
1441 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1442 armv4_5_number_to_mode(i),
1447 /* if only the PSR is invalid, mask is all zeroes */
1449 arm7_9->read_core_regs(target, mask, reg_p);
1451 /* check if the PSR has to be read */
1452 if (!ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1454 read_cache[read_cache_idx].reg_p = ARMV4_5_CORE_REG_MODE(arm->core_cache,
1455 armv4_5_number_to_mode(i), 16).value;
1456 arm7_9->read_xpsr(target, &read_cache[read_cache_idx].value, 1);
1458 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1460 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1466 /* restore processor mode (mask T bit) */
1467 arm7_9->write_xpsr_im8(target,
1468 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
1470 retval = jtag_execute_queue();
1471 if (retval != ERROR_OK)
1474 * FIXME: regs in cache should be tagged as 'valid' only now,
1475 * not before the jtag_execute_queue()
1477 while (read_cache_idx) {
1479 buf_set_u32(read_cache[read_cache_idx].reg_p, 0, 32, read_cache[read_cache_idx].value);
1485 * Restore the processor context on an ARM7/9 target. The full processor
1486 * context is analyzed to see if any of the registers are dirty on this end, but
1487 * have a valid new value. If this is the case, the processor is changed to the
1488 * appropriate mode and the new register values are written out to the
1489 * processor. If there happens to be a dirty register with an invalid value, an
1490 * error will be logged.
1492 * @param target Pointer to the ARM7/9 target to have its context restored
1493 * @return Error status if the target is not halted or the core mode in the
1494 * armv4_5 struct is invalid.
1496 static int arm7_9_restore_context(struct target *target)
1498 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1499 struct arm *arm = &arm7_9->arm;
1501 enum arm_mode current_mode = arm->core_mode;
1508 if (target->state != TARGET_HALTED) {
1509 LOG_WARNING("target not halted");
1510 return ERROR_TARGET_NOT_HALTED;
1513 if (arm7_9->pre_restore_context)
1514 arm7_9->pre_restore_context(target);
1516 if (!is_arm_mode(arm->core_mode)) {
1517 LOG_ERROR("not a valid arm core mode - communication failure?");
1521 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1522 * SYS shares registers with User, so we don't touch SYS
1524 for (i = 0; i < 6; i++) {
1525 LOG_DEBUG("examining %s mode",
1526 arm_mode_name(arm->core_mode));
1529 /* check if there are dirty registers in the current mode
1531 for (j = 0; j <= 16; j++) {
1532 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j);
1536 LOG_DEBUG("examining dirty reg: %s", reg->name);
1537 struct arm_reg *reg_arch_info;
1538 reg_arch_info = reg->arch_info;
1539 if ((reg_arch_info->mode != ARM_MODE_ANY)
1540 && (reg_arch_info->mode != current_mode)
1541 && !((reg_arch_info->mode == ARM_MODE_USR)
1542 && (arm->core_mode == ARM_MODE_SYS))
1543 && !((reg_arch_info->mode == ARM_MODE_SYS)
1544 && (arm->core_mode == ARM_MODE_USR))) {
1546 LOG_DEBUG("require mode change");
1549 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1555 uint32_t mask = 0x0;
1562 /* change processor mode (mask T bit) */
1563 tmp_cpsr = buf_get_u32(arm->cpsr->value,
1565 tmp_cpsr |= armv4_5_number_to_mode(i);
1567 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1568 current_mode = armv4_5_number_to_mode(i);
1571 for (j = 0; j <= 14; j++) {
1572 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache,
1573 armv4_5_number_to_mode(i),
1577 regs[j] = buf_get_u32(reg->value, 0, 32);
1582 LOG_DEBUG("writing register %i mode %s "
1583 "with value 0x%8.8" PRIx32, j,
1584 arm_mode_name(arm->core_mode),
1590 arm7_9->write_core_regs(target, mask, regs);
1593 &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(
1595 struct arm_reg *reg_arch_info;
1596 reg_arch_info = reg->arch_info;
1597 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY)) {
1598 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "",
1600 buf_get_u32(reg->value, 0, 32));
1601 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1606 if (!arm->cpsr->dirty && (arm->core_mode != current_mode)) {
1607 /* restore processor mode (mask T bit) */
1610 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
1611 tmp_cpsr |= armv4_5_number_to_mode(i);
1613 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1614 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1616 } else if (arm->cpsr->dirty) {
1617 /* CPSR has been changed, full restore necessary (mask T bit) */
1618 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1619 buf_get_u32(arm->cpsr->value, 0, 32));
1620 arm7_9->write_xpsr(target,
1621 buf_get_u32(arm->cpsr->value, 0, 32)
1623 arm->cpsr->dirty = false;
1624 arm->cpsr->valid = true;
1628 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32,
1629 buf_get_u32(arm->pc->value, 0, 32));
1630 arm7_9->write_pc(target, buf_get_u32(arm->pc->value, 0, 32));
1631 arm->pc->dirty = false;
1637 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1638 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1641 * @param target Pointer to the ARM7/9 target to be restarted
1642 * @return Result of executing the JTAG queue
1644 static int arm7_9_restart_core(struct target *target)
1646 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1647 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1650 /* set RESTART instruction */
1651 if (arm7_9->need_bypass_before_restart) {
1652 arm7_9->need_bypass_before_restart = 0;
1654 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
1655 if (retval != ERROR_OK)
1658 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
1659 if (retval != ERROR_OK)
1662 jtag_add_runtest(1, TAP_IDLE);
1663 return jtag_execute_queue();
1667 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1668 * iterated through and are set on the target if they aren't already set.
1670 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1672 static void arm7_9_enable_watchpoints(struct target *target)
1674 struct watchpoint *watchpoint = target->watchpoints;
1676 while (watchpoint) {
1677 if (!watchpoint->is_set)
1678 arm7_9_set_watchpoint(target, watchpoint);
1679 watchpoint = watchpoint->next;
1684 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1685 * iterated through and are set on the target.
1687 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1689 static void arm7_9_enable_breakpoints(struct target *target)
1691 struct breakpoint *breakpoint = target->breakpoints;
1693 /* set any pending breakpoints */
1694 while (breakpoint) {
1695 arm7_9_set_breakpoint(target, breakpoint);
1696 breakpoint = breakpoint->next;
1700 int arm7_9_resume(struct target *target,
1702 target_addr_t address,
1703 int handle_breakpoints,
1704 int debug_execution)
1706 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1707 struct arm *arm = &arm7_9->arm;
1708 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1709 int err, retval = ERROR_OK;
1713 if (target->state != TARGET_HALTED) {
1714 LOG_WARNING("target not halted");
1715 return ERROR_TARGET_NOT_HALTED;
1718 if (!debug_execution)
1719 target_free_all_working_areas(target);
1721 /* current = 1: continue on current pc, otherwise continue at <address> */
1723 buf_set_u32(arm->pc->value, 0, 32, address);
1725 uint32_t current_pc;
1726 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1728 /* the front-end may request us not to handle breakpoints */
1729 if (handle_breakpoints) {
1730 struct breakpoint *breakpoint;
1731 breakpoint = breakpoint_find(target,
1732 buf_get_u32(arm->pc->value, 0, 32));
1734 LOG_DEBUG("unset breakpoint at 0x%8.8" TARGET_PRIxADDR " (id: %" PRIu32,
1735 breakpoint->address,
1736 breakpoint->unique_id);
1737 retval = arm7_9_unset_breakpoint(target, breakpoint);
1738 if (retval != ERROR_OK)
1741 /* calculate PC of next instruction */
1743 retval = arm_simulate_step(target, &next_pc);
1744 if (retval != ERROR_OK) {
1745 uint32_t current_opcode;
1746 target_read_u32(target, current_pc, ¤t_opcode);
1748 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1753 LOG_DEBUG("enable single-step");
1754 arm7_9->enable_single_step(target, next_pc);
1756 target->debug_reason = DBG_REASON_SINGLESTEP;
1758 retval = arm7_9_restore_context(target);
1759 if (retval != ERROR_OK)
1762 if (arm->core_state == ARM_STATE_ARM)
1763 arm7_9->branch_resume(target);
1764 else if (arm->core_state == ARM_STATE_THUMB)
1765 arm7_9->branch_resume_thumb(target);
1767 LOG_ERROR("unhandled core state");
1771 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1772 embeddedice_write_reg(dbg_ctrl,
1773 buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1774 err = arm7_9_execute_sys_speed(target);
1776 LOG_DEBUG("disable single-step");
1777 arm7_9->disable_single_step(target);
1779 if (err != ERROR_OK) {
1780 retval = arm7_9_set_breakpoint(target, breakpoint);
1781 if (retval != ERROR_OK)
1783 target->state = TARGET_UNKNOWN;
1787 retval = arm7_9_debug_entry(target);
1788 if (retval != ERROR_OK)
1790 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32,
1791 buf_get_u32(arm->pc->value, 0, 32));
1793 LOG_DEBUG("set breakpoint at 0x%8.8" TARGET_PRIxADDR "", breakpoint->address);
1794 retval = arm7_9_set_breakpoint(target, breakpoint);
1795 if (retval != ERROR_OK)
1800 /* enable any pending breakpoints and watchpoints */
1801 arm7_9_enable_breakpoints(target);
1802 arm7_9_enable_watchpoints(target);
1804 retval = arm7_9_restore_context(target);
1805 if (retval != ERROR_OK)
1808 if (arm->core_state == ARM_STATE_ARM)
1809 arm7_9->branch_resume(target);
1810 else if (arm->core_state == ARM_STATE_THUMB)
1811 arm7_9->branch_resume_thumb(target);
1813 LOG_ERROR("unhandled core state");
1817 /* deassert DBGACK and INTDIS */
1818 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1819 /* INTDIS only when we really resume, not during debug execution */
1820 if (!debug_execution)
1821 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1822 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1824 retval = arm7_9_restart_core(target);
1825 if (retval != ERROR_OK)
1828 target->debug_reason = DBG_REASON_NOTHALTED;
1830 if (!debug_execution) {
1831 /* registers are now invalid */
1832 register_cache_invalidate(arm->core_cache);
1833 target->state = TARGET_RUNNING;
1834 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1835 if (retval != ERROR_OK)
1838 target->state = TARGET_DEBUG_RUNNING;
1839 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1840 if (retval != ERROR_OK)
1844 LOG_DEBUG("target resumed");
1849 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1851 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1852 struct arm *arm = &arm7_9->arm;
1853 uint32_t current_pc;
1854 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1856 if (next_pc != current_pc) {
1857 /* setup an inverse breakpoint on the current PC
1858 * - comparator 1 matches the current address
1859 * - rangeout from comparator 1 is connected to comparator 0 rangein
1860 * - comparator 0 matches any address, as long as rangein is low */
1861 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1862 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1863 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1864 EICE_W_CTRL_ENABLE);
1865 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1866 ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_NOPC) & 0xff);
1867 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
1869 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1870 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1871 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1872 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1873 ~EICE_W_CTRL_NOPC & 0xff);
1875 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1876 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1877 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1878 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1879 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1880 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1881 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1882 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
1883 EICE_W_CTRL_ENABLE);
1884 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1885 ~EICE_W_CTRL_NOPC & 0xff);
1889 void arm7_9_disable_eice_step(struct target *target)
1891 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1893 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1894 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1895 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1896 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1897 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1898 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1899 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1900 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1901 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1904 int arm7_9_step(struct target *target, int current, target_addr_t address, int handle_breakpoints)
1906 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1907 struct arm *arm = &arm7_9->arm;
1908 struct breakpoint *breakpoint = NULL;
1911 if (target->state != TARGET_HALTED) {
1912 LOG_WARNING("target not halted");
1913 return ERROR_TARGET_NOT_HALTED;
1916 /* current = 1: continue on current pc, otherwise continue at <address> */
1918 buf_set_u32(arm->pc->value, 0, 32, address);
1920 uint32_t current_pc = buf_get_u32(arm->pc->value, 0, 32);
1922 /* the front-end may request us not to handle breakpoints */
1923 if (handle_breakpoints)
1924 breakpoint = breakpoint_find(target, current_pc);
1926 retval = arm7_9_unset_breakpoint(target, breakpoint);
1927 if (retval != ERROR_OK)
1931 target->debug_reason = DBG_REASON_SINGLESTEP;
1933 /* calculate PC of next instruction */
1935 retval = arm_simulate_step(target, &next_pc);
1936 if (retval != ERROR_OK) {
1937 uint32_t current_opcode;
1938 target_read_u32(target, current_pc, ¤t_opcode);
1940 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1945 retval = arm7_9_restore_context(target);
1946 if (retval != ERROR_OK)
1949 arm7_9->enable_single_step(target, next_pc);
1951 if (arm->core_state == ARM_STATE_ARM)
1952 arm7_9->branch_resume(target);
1953 else if (arm->core_state == ARM_STATE_THUMB)
1954 arm7_9->branch_resume_thumb(target);
1956 LOG_ERROR("unhandled core state");
1960 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1961 if (retval != ERROR_OK)
1964 err = arm7_9_execute_sys_speed(target);
1965 arm7_9->disable_single_step(target);
1967 /* registers are now invalid */
1968 register_cache_invalidate(arm->core_cache);
1970 if (err != ERROR_OK)
1971 target->state = TARGET_UNKNOWN;
1973 retval = arm7_9_debug_entry(target);
1974 if (retval != ERROR_OK)
1976 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1977 if (retval != ERROR_OK)
1979 LOG_DEBUG("target stepped");
1983 retval = arm7_9_set_breakpoint(target, breakpoint);
1984 if (retval != ERROR_OK)
1991 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
1992 int num, enum arm_mode mode)
1994 uint32_t *reg_p[16];
1996 struct arm_reg *areg = r->arch_info;
1997 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1998 struct arm *arm = &arm7_9->arm;
2000 if (!is_arm_mode(arm->core_mode))
2002 if ((num < 0) || (num > 16))
2003 return ERROR_COMMAND_SYNTAX_ERROR;
2005 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2006 && (areg->mode != ARM_MODE_ANY)) {
2009 /* change processor mode (mask T bit) */
2010 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2013 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2017 if ((num >= 0) && (num <= 15)) {
2018 /* read a normal core register */
2019 reg_p[num] = &value;
2021 arm7_9->read_core_regs(target, 1 << num, reg_p);
2023 /* read a program status register
2024 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2026 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2029 retval = jtag_execute_queue();
2030 if (retval != ERROR_OK)
2035 buf_set_u32(r->value, 0, 32, value);
2037 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2038 && (areg->mode != ARM_MODE_ANY)) {
2039 /* restore processor mode (mask T bit) */
2040 arm7_9->write_xpsr_im8(target,
2041 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2047 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2048 int num, enum arm_mode mode, uint8_t *value)
2051 struct arm_reg *areg = r->arch_info;
2052 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2053 struct arm *arm = &arm7_9->arm;
2055 if (!is_arm_mode(arm->core_mode))
2057 if ((num < 0) || (num > 16))
2058 return ERROR_COMMAND_SYNTAX_ERROR;
2060 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2061 && (areg->mode != ARM_MODE_ANY)) {
2064 /* change processor mode (mask T bit) */
2065 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2068 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2071 if ((num >= 0) && (num <= 15)) {
2072 /* write a normal core register */
2073 reg[num] = buf_get_u32(value, 0, 32);
2075 arm7_9->write_core_regs(target, 1 << num, reg);
2077 /* write a program status register
2078 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2080 int spsr = (areg->mode != ARM_MODE_ANY);
2082 uint32_t t = buf_get_u32(value, 0, 32);
2083 /* if we're writing the CPSR, mask the T bit */
2087 arm7_9->write_xpsr(target, t, spsr);
2093 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2094 && (areg->mode != ARM_MODE_ANY)) {
2095 /* restore processor mode (mask T bit) */
2096 arm7_9->write_xpsr_im8(target,
2097 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2100 return jtag_execute_queue();
2103 int arm7_9_read_memory(struct target *target,
2104 target_addr_t address,
2109 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2110 struct arm *arm = &arm7_9->arm;
2112 uint32_t num_accesses = 0;
2113 int thisrun_accesses;
2119 LOG_DEBUG("address: 0x%8.8" TARGET_PRIxADDR ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "",
2120 address, size, count);
2122 if (target->state != TARGET_HALTED) {
2123 LOG_WARNING("target not halted");
2124 return ERROR_TARGET_NOT_HALTED;
2127 /* sanitize arguments */
2128 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2129 return ERROR_COMMAND_SYNTAX_ERROR;
2131 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2132 return ERROR_TARGET_UNALIGNED_ACCESS;
2134 /* load the base register with the address of the first word */
2136 arm7_9->write_core_regs(target, 0x1, reg);
2142 while (num_accesses < count) {
2145 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2146 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2148 if (last_reg <= thisrun_accesses)
2149 last_reg = thisrun_accesses;
2151 arm7_9->load_word_regs(target, reg_list);
2153 /* fast memory reads are only safe when the target is running
2154 * from a sufficiently high clock (32 kHz is usually too slow)
2156 if (arm7_9->fast_memory_access)
2157 retval = arm7_9_execute_fast_sys_speed(target);
2159 retval = arm7_9_execute_sys_speed(target);
2160 if (retval != ERROR_OK)
2163 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2165 /* advance buffer, count number of accesses */
2166 buffer += thisrun_accesses * 4;
2167 num_accesses += thisrun_accesses;
2169 if ((j++%1024) == 0)
2174 while (num_accesses < count) {
2177 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2178 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2180 for (i = 1; i <= thisrun_accesses; i++) {
2183 arm7_9->load_hword_reg(target, i);
2184 /* fast memory reads are only safe when the target is running
2185 * from a sufficiently high clock (32 kHz is usually too slow)
2187 if (arm7_9->fast_memory_access)
2188 retval = arm7_9_execute_fast_sys_speed(target);
2190 retval = arm7_9_execute_sys_speed(target);
2191 if (retval != ERROR_OK)
2196 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2198 /* advance buffer, count number of accesses */
2199 buffer += thisrun_accesses * 2;
2200 num_accesses += thisrun_accesses;
2202 if ((j++%1024) == 0)
2207 while (num_accesses < count) {
2210 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2211 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2213 for (i = 1; i <= thisrun_accesses; i++) {
2216 arm7_9->load_byte_reg(target, i);
2217 /* fast memory reads are only safe when the target is running
2218 * from a sufficiently high clock (32 kHz is usually too slow)
2220 if (arm7_9->fast_memory_access)
2221 retval = arm7_9_execute_fast_sys_speed(target);
2223 retval = arm7_9_execute_sys_speed(target);
2224 if (retval != ERROR_OK)
2228 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2230 /* advance buffer, count number of accesses */
2231 buffer += thisrun_accesses * 1;
2232 num_accesses += thisrun_accesses;
2234 if ((j++%1024) == 0)
2240 if (!is_arm_mode(arm->core_mode))
2243 for (i = 0; i <= last_reg; i++) {
2244 struct reg *r = arm_reg_current(arm, i);
2245 r->dirty = r->valid;
2248 arm7_9->read_xpsr(target, &cpsr, 0);
2249 retval = jtag_execute_queue();
2250 if (retval != ERROR_OK) {
2251 LOG_ERROR("JTAG error while reading cpsr");
2252 return ERROR_TARGET_DATA_ABORT;
2255 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2257 "memory read caused data abort "
2258 "(address: 0x%8.8" TARGET_PRIxADDR ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2263 arm7_9->write_xpsr_im8(target,
2264 buf_get_u32(arm->cpsr->value, 0, 8)
2267 return ERROR_TARGET_DATA_ABORT;
2273 int arm7_9_write_memory(struct target *target,
2274 target_addr_t address,
2277 const uint8_t *buffer)
2279 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2280 struct arm *arm = &arm7_9->arm;
2281 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2284 uint32_t num_accesses = 0;
2285 int thisrun_accesses;
2291 #ifdef _DEBUG_ARM7_9_
2292 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2295 if (target->state != TARGET_HALTED) {
2296 LOG_WARNING("target not halted");
2297 return ERROR_TARGET_NOT_HALTED;
2300 /* sanitize arguments */
2301 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2302 return ERROR_COMMAND_SYNTAX_ERROR;
2304 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2305 return ERROR_TARGET_UNALIGNED_ACCESS;
2307 /* load the base register with the address of the first word */
2309 arm7_9->write_core_regs(target, 0x1, reg);
2311 /* Clear DBGACK, to make sure memory fetches work as expected */
2312 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2313 embeddedice_store_reg(dbg_ctrl);
2317 while (num_accesses < count) {
2320 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2321 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2323 for (i = 1; i <= thisrun_accesses; i++) {
2326 reg[i] = target_buffer_get_u32(target, buffer);
2330 arm7_9->write_core_regs(target, reg_list, reg);
2332 arm7_9->store_word_regs(target, reg_list);
2334 /* fast memory writes are only safe when the target is running
2335 * from a sufficiently high clock (32 kHz is usually too slow)
2337 if (arm7_9->fast_memory_access)
2338 retval = arm7_9_execute_fast_sys_speed(target);
2340 retval = arm7_9_execute_sys_speed(target);
2343 * if memory writes are made when the clock is running slow
2344 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2345 * processor operations after a "reset halt" or "reset init",
2346 * need to immediately stroke the keep alive or will end up with
2347 * gdb "keep alive not sent error message" problem.
2353 if (retval != ERROR_OK)
2356 num_accesses += thisrun_accesses;
2360 while (num_accesses < count) {
2363 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2364 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2366 for (i = 1; i <= thisrun_accesses; i++) {
2369 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2373 arm7_9->write_core_regs(target, reg_list, reg);
2375 for (i = 1; i <= thisrun_accesses; i++) {
2376 arm7_9->store_hword_reg(target, i);
2378 /* fast memory writes are only safe when the target is running
2379 * from a sufficiently high clock (32 kHz is usually too slow)
2381 if (arm7_9->fast_memory_access)
2382 retval = arm7_9_execute_fast_sys_speed(target);
2384 retval = arm7_9_execute_sys_speed(target);
2387 * if memory writes are made when the clock is running slow
2388 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2389 * processor operations after a "reset halt" or "reset init",
2390 * need to immediately stroke the keep alive or will end up with
2391 * gdb "keep alive not sent error message" problem.
2397 if (retval != ERROR_OK)
2401 num_accesses += thisrun_accesses;
2405 while (num_accesses < count) {
2408 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2409 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2411 for (i = 1; i <= thisrun_accesses; i++) {
2414 reg[i] = *buffer++ & 0xff;
2417 arm7_9->write_core_regs(target, reg_list, reg);
2419 for (i = 1; i <= thisrun_accesses; i++) {
2420 arm7_9->store_byte_reg(target, i);
2421 /* fast memory writes are only safe when the target is running
2422 * from a sufficiently high clock (32 kHz is usually too slow)
2424 if (arm7_9->fast_memory_access)
2425 retval = arm7_9_execute_fast_sys_speed(target);
2427 retval = arm7_9_execute_sys_speed(target);
2430 * if memory writes are made when the clock is running slow
2431 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2432 * processor operations after a "reset halt" or "reset init",
2433 * need to immediately stroke the keep alive or will end up with
2434 * gdb "keep alive not sent error message" problem.
2440 if (retval != ERROR_OK)
2445 num_accesses += thisrun_accesses;
2451 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2452 embeddedice_store_reg(dbg_ctrl);
2454 if (!is_arm_mode(arm->core_mode))
2457 for (i = 0; i <= last_reg; i++) {
2458 struct reg *r = arm_reg_current(arm, i);
2459 r->dirty = r->valid;
2462 arm7_9->read_xpsr(target, &cpsr, 0);
2463 retval = jtag_execute_queue();
2464 if (retval != ERROR_OK) {
2465 LOG_ERROR("JTAG error while reading cpsr");
2466 return ERROR_TARGET_DATA_ABORT;
2469 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2471 "memory write caused data abort "
2472 "(address: 0x%8.8" TARGET_PRIxADDR ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2477 arm7_9->write_xpsr_im8(target,
2478 buf_get_u32(arm->cpsr->value, 0, 8)
2481 return ERROR_TARGET_DATA_ABORT;
2487 int arm7_9_write_memory_opt(struct target *target,
2488 target_addr_t address,
2491 const uint8_t *buffer)
2493 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2496 if (size == 4 && count > 32 && arm7_9->bulk_write_memory) {
2497 /* Attempt to do a bulk write */
2498 retval = arm7_9->bulk_write_memory(target, address, count, buffer);
2500 if (retval == ERROR_OK)
2504 return arm7_9->write_memory(target, address, size, count, buffer);
2507 int arm7_9_write_memory_no_opt(struct target *target,
2511 const uint8_t *buffer)
2513 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2515 return arm7_9->write_memory(target, address, size, count, buffer);
2518 static int dcc_count;
2519 static const uint8_t *dcc_buffer;
2521 static int arm7_9_dcc_completion(struct target *target,
2522 uint32_t exit_point,
2526 int retval = ERROR_OK;
2527 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2529 retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500);
2530 if (retval != ERROR_OK)
2533 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2534 int count = dcc_count;
2535 const uint8_t *buffer = dcc_buffer;
2537 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2538 * core function repeated. */
2539 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2540 fast_target_buffer_get_u32(buffer, little));
2543 struct embeddedice_reg *ice_reg =
2544 arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2545 uint8_t reg_addr = ice_reg->addr & 0x1f;
2546 struct jtag_tap *tap;
2547 tap = ice_reg->jtag_info->tap;
2549 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2550 buffer += (count-2)*4;
2552 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2553 fast_target_buffer_get_u32(buffer, little));
2556 for (i = 0; i < count; i++) {
2557 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2558 fast_target_buffer_get_u32(buffer, little));
2563 retval = target_halt(target);
2564 if (retval != ERROR_OK)
2566 return target_wait_state(target, TARGET_HALTED, 500);
2569 static const uint32_t dcc_code[] = {
2570 /* r0 == input, points to memory buffer
2574 /* spin until DCC control (c0) reports data arrived */
2575 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2576 0xe3110001, /* tst r1, #1 */
2577 0x0afffffc, /* bne w */
2579 /* read word from DCC (c1), write to memory */
2580 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2581 0xe4801004, /* str r1, [r0], #4 */
2584 0xeafffff9 /* b w */
2587 int arm7_9_bulk_write_memory(struct target *target,
2588 target_addr_t address,
2590 const uint8_t *buffer)
2593 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2595 if (address % 4 != 0)
2596 return ERROR_TARGET_UNALIGNED_ACCESS;
2598 if (!arm7_9->dcc_downloads)
2599 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2601 /* regrab previously allocated working_area, or allocate a new one */
2602 if (!arm7_9->dcc_working_area) {
2603 uint8_t dcc_code_buf[6 * 4];
2605 /* make sure we have a working area */
2606 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK) {
2607 LOG_INFO("no working area available, falling back to memory writes");
2608 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2611 /* copy target instructions to target endianness */
2612 target_buffer_set_u32_array(target, dcc_code_buf, ARRAY_SIZE(dcc_code), dcc_code);
2614 /* write DCC code to working area, using the non-optimized
2615 * memory write to avoid ending up here again */
2616 retval = arm7_9_write_memory_no_opt(target,
2617 arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2618 if (retval != ERROR_OK)
2622 struct arm_algorithm arm_algo;
2623 struct reg_param reg_params[1];
2625 arm_algo.common_magic = ARM_COMMON_MAGIC;
2626 arm_algo.core_mode = ARM_MODE_SVC;
2627 arm_algo.core_state = ARM_STATE_ARM;
2629 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2631 buf_set_u32(reg_params[0].value, 0, 32, address);
2634 dcc_buffer = buffer;
2635 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2636 arm7_9->dcc_working_area->address,
2637 arm7_9->dcc_working_area->address + 6*4,
2638 20*1000, &arm_algo, arm7_9_dcc_completion);
2640 if (retval == ERROR_OK) {
2641 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2642 if (endaddress != (address + count*4)) {
2644 "DCC write failed, expected end address 0x%08" TARGET_PRIxADDR " got 0x%0" PRIx32 "",
2645 (address + count*4),
2647 retval = ERROR_FAIL;
2651 destroy_reg_param(®_params[0]);
2657 * Perform per-target setup that requires JTAG access.
2659 int arm7_9_examine(struct target *target)
2661 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2664 if (!target_was_examined(target)) {
2665 struct reg_cache *t, **cache_p;
2667 t = embeddedice_build_reg_cache(target, arm7_9);
2671 cache_p = register_get_last_cache_p(&target->reg_cache);
2673 arm7_9->eice_cache = (*cache_p);
2675 if (arm7_9->arm.etm)
2676 (*cache_p)->next = etm_build_reg_cache(target,
2680 target_set_examined(target);
2683 retval = embeddedice_setup(target);
2684 if (retval == ERROR_OK)
2685 retval = arm7_9_setup(target);
2686 if (retval == ERROR_OK && arm7_9->arm.etm)
2687 retval = etm_setup(target);
2691 void arm7_9_deinit(struct target *target)
2693 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2695 if (target_was_examined(target))
2696 embeddedice_free_reg_cache(arm7_9->eice_cache);
2698 arm_jtag_close_connection(&arm7_9->jtag_info);
2701 int arm7_9_check_reset(struct target *target)
2703 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2705 if (get_target_reset_nag() && !arm7_9->dcc_downloads)
2707 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2709 if (get_target_reset_nag() && (target->working_area_size == 0))
2710 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2712 if (get_target_reset_nag() && !arm7_9->fast_memory_access)
2714 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2719 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in,
2720 jtag_callback_data_t i_size, jtag_callback_data_t i_be,
2721 jtag_callback_data_t i_flip)
2723 uint8_t *in = (uint8_t *)pu8_in;
2724 int size = (int)i_size;
2726 int flip = (int)i_flip;
2731 readback = le_to_h_u32(in);
2733 readback = flip_u32(readback, 32);
2735 h_u32_to_be(in, readback);
2737 h_u32_to_le(in, readback);
2740 readback = le_to_h_u16(in);
2742 readback = flip_u32(readback, 16);
2744 h_u16_to_be(in, readback & 0xffff);
2746 h_u16_to_le(in, readback & 0xffff);
2751 readback = flip_u32(readback, 8);
2752 *in = readback & 0xff;
2759 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2761 struct target *target = get_current_target(CMD_CTX);
2762 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2764 if (!is_arm7_9(arm7_9)) {
2765 command_print(CMD, "current target isn't an ARM7/ARM9 target");
2766 return ERROR_TARGET_INVALID;
2770 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->use_dbgrq);
2773 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2774 (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2779 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2781 struct target *target = get_current_target(CMD_CTX);
2782 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2784 if (!is_arm7_9(arm7_9)) {
2785 command_print(CMD, "current target isn't an ARM7/ARM9 target");
2786 return ERROR_TARGET_INVALID;
2790 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2793 "fast memory access is %s",
2794 (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2799 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2801 struct target *target = get_current_target(CMD_CTX);
2802 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2804 if (!is_arm7_9(arm7_9)) {
2805 command_print(CMD, "current target isn't an ARM7/ARM9 target");
2806 return ERROR_TARGET_INVALID;
2810 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2813 "dcc downloads are %s",
2814 (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2819 static int arm7_9_setup_semihosting(struct target *target, int enable)
2821 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2823 if (!is_arm7_9(arm7_9)) {
2824 LOG_USER("current target isn't an ARM7/ARM9 target");
2825 return ERROR_TARGET_INVALID;
2828 if (arm7_9->has_vector_catch) {
2829 struct reg *vector_catch = &arm7_9->eice_cache
2830 ->reg_list[EICE_VEC_CATCH];
2832 if (!vector_catch->valid)
2833 embeddedice_read_reg(vector_catch);
2834 buf_set_u32(vector_catch->value, 2, 1, enable);
2835 embeddedice_store_reg(vector_catch);
2837 /* TODO: allow optional high vectors and/or BKPT_HARD */
2839 breakpoint_add(target, 8, 4, BKPT_SOFT);
2841 breakpoint_remove(target, 8);
2847 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2849 int retval = ERROR_OK;
2850 struct arm *arm = &arm7_9->arm;
2852 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2854 retval = arm_jtag_setup_connection(&arm7_9->jtag_info);
2855 if (retval != ERROR_OK)
2858 /* caller must have allocated via calloc(), so everything's zeroed */
2860 arm7_9->wp_available_max = 2;
2862 arm7_9->fast_memory_access = false;
2863 arm7_9->dcc_downloads = false;
2865 arm->arch_info = arm7_9;
2866 arm->core_type = ARM_CORE_TYPE_STD;
2867 arm->read_core_reg = arm7_9_read_core_reg;
2868 arm->write_core_reg = arm7_9_write_core_reg;
2869 arm->full_context = arm7_9_full_context;
2870 arm->setup_semihosting = arm7_9_setup_semihosting;
2872 retval = arm_init_arch_info(target, arm);
2873 if (retval != ERROR_OK)
2876 return target_register_timer_callback(arm7_9_handle_target_request,
2877 1, TARGET_TIMER_TYPE_PERIODIC, target);
2880 static const struct command_registration arm7_9_any_command_handlers[] = {
2883 .handler = handle_arm7_9_dbgrq_command,
2884 .mode = COMMAND_ANY,
2885 .usage = "['enable'|'disable']",
2886 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2887 "for target halt requests",
2890 .name = "fast_memory_access",
2891 .handler = handle_arm7_9_fast_memory_access_command,
2892 .mode = COMMAND_ANY,
2893 .usage = "['enable'|'disable']",
2894 .help = "use fast memory accesses instead of slower "
2895 "but potentially safer accesses",
2898 .name = "dcc_downloads",
2899 .handler = handle_arm7_9_dcc_downloads_command,
2900 .mode = COMMAND_ANY,
2901 .usage = "['enable'|'disable']",
2902 .help = "use DCC downloads for larger memory writes",
2904 COMMAND_REGISTRATION_DONE
2906 const struct command_registration arm7_9_command_handlers[] = {
2908 .chain = arm_command_handlers,
2911 .chain = etm_command_handlers,
2915 .mode = COMMAND_ANY,
2916 .help = "arm7/9 specific commands",
2918 .chain = arm7_9_any_command_handlers,
2920 COMMAND_REGISTRATION_DONE
projects / fw / openocd / blob