1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2006 by Magnus Lundin *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
27 * Cortex-M3(tm) TRM, ARM DDI 0337E (r1p1) and 0337G (r2p0) *
29 ***************************************************************************/
34 #include "breakpoints.h"
35 #include "cortex_m3.h"
36 #include "target_request.h"
37 #include "target_type.h"
38 #include "arm_disassembler.h"
40 #include "arm_opcodes.h"
43 /* NOTE: most of this should work fine for the Cortex-M1 and
44 * Cortex-M0 cores too, although they're ARMv6-M not ARMv7-M.
45 * Some differences: M0/M1 doesn't have FBP remapping or the
46 * DWT tracing/profiling support. (So the cycle counter will
47 * not be usable; the other stuff isn't currently used here.)
49 * Although there are some workarounds for errata seen only in r0p0
50 * silicon, such old parts are hard to find and thus not much tested
55 /* forward declarations */
56 static int cortex_m3_set_breakpoint(struct target *target, struct breakpoint *breakpoint);
57 static int cortex_m3_unset_breakpoint(struct target *target, struct breakpoint *breakpoint);
58 static void cortex_m3_enable_watchpoints(struct target *target);
59 static int cortex_m3_store_core_reg_u32(struct target *target,
60 enum armv7m_regtype type, uint32_t num, uint32_t value);
62 static int cortexm3_dap_read_coreregister_u32(struct swjdp_common *swjdp,
63 uint32_t *value, int regnum)
68 /* because the DCB_DCRDR is used for the emulated dcc channel
69 * we have to save/restore the DCB_DCRDR when used */
71 mem_ap_read_u32(swjdp, DCB_DCRDR, &dcrdr);
73 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
75 /* mem_ap_write_u32(swjdp, DCB_DCRSR, regnum); */
76 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, DCB_DCRSR & 0xFFFFFFF0);
77 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (DCB_DCRSR & 0xC), regnum);
79 /* mem_ap_read_u32(swjdp, DCB_DCRDR, value); */
80 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, DCB_DCRDR & 0xFFFFFFF0);
81 dap_ap_read_reg_u32(swjdp, AP_REG_BD0 | (DCB_DCRDR & 0xC), value);
83 retval = jtagdp_transaction_endcheck(swjdp);
85 /* restore DCB_DCRDR - this needs to be in a seperate
86 * transaction otherwise the emulated DCC channel breaks */
87 if (retval == ERROR_OK)
88 retval = mem_ap_write_atomic_u32(swjdp, DCB_DCRDR, dcrdr);
93 static int cortexm3_dap_write_coreregister_u32(struct swjdp_common *swjdp,
94 uint32_t value, int regnum)
99 /* because the DCB_DCRDR is used for the emulated dcc channel
100 * we have to save/restore the DCB_DCRDR when used */
102 mem_ap_read_u32(swjdp, DCB_DCRDR, &dcrdr);
104 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
106 /* mem_ap_write_u32(swjdp, DCB_DCRDR, core_regs[i]); */
107 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, DCB_DCRDR & 0xFFFFFFF0);
108 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (DCB_DCRDR & 0xC), value);
110 /* mem_ap_write_u32(swjdp, DCB_DCRSR, i | DCRSR_WnR); */
111 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, DCB_DCRSR & 0xFFFFFFF0);
112 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (DCB_DCRSR & 0xC), regnum | DCRSR_WnR);
114 retval = jtagdp_transaction_endcheck(swjdp);
116 /* restore DCB_DCRDR - this needs to be in a seperate
117 * transaction otherwise the emulated DCC channel breaks */
118 if (retval == ERROR_OK)
119 retval = mem_ap_write_atomic_u32(swjdp, DCB_DCRDR, dcrdr);
124 static int cortex_m3_write_debug_halt_mask(struct target *target,
125 uint32_t mask_on, uint32_t mask_off)
127 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
128 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
130 /* mask off status bits */
131 cortex_m3->dcb_dhcsr &= ~((0xFFFF << 16) | mask_off);
132 /* create new register mask */
133 cortex_m3->dcb_dhcsr |= DBGKEY | C_DEBUGEN | mask_on;
135 return mem_ap_write_atomic_u32(swjdp, DCB_DHCSR, cortex_m3->dcb_dhcsr);
138 static int cortex_m3_clear_halt(struct target *target)
140 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
141 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
143 /* clear step if any */
144 cortex_m3_write_debug_halt_mask(target, C_HALT, C_STEP);
146 /* Read Debug Fault Status Register */
147 mem_ap_read_atomic_u32(swjdp, NVIC_DFSR, &cortex_m3->nvic_dfsr);
149 /* Clear Debug Fault Status */
150 mem_ap_write_atomic_u32(swjdp, NVIC_DFSR, cortex_m3->nvic_dfsr);
151 LOG_DEBUG(" NVIC_DFSR 0x%" PRIx32 "", cortex_m3->nvic_dfsr);
156 static int cortex_m3_single_step_core(struct target *target)
158 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
159 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
162 /* backup dhcsr reg */
163 dhcsr_save = cortex_m3->dcb_dhcsr;
165 /* Mask interrupts before clearing halt, if done already. This avoids
166 * Erratum 377497 (fixed in r1p0) where setting MASKINTS while clearing
167 * HALT can put the core into an unknown state.
169 if (!(cortex_m3->dcb_dhcsr & C_MASKINTS))
170 mem_ap_write_atomic_u32(swjdp, DCB_DHCSR,
171 DBGKEY | C_MASKINTS | C_HALT | C_DEBUGEN);
172 mem_ap_write_atomic_u32(swjdp, DCB_DHCSR,
173 DBGKEY | C_MASKINTS | C_STEP | C_DEBUGEN);
176 /* restore dhcsr reg */
177 cortex_m3->dcb_dhcsr = dhcsr_save;
178 cortex_m3_clear_halt(target);
183 static int cortex_m3_endreset_event(struct target *target)
187 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
188 struct armv7m_common *armv7m = &cortex_m3->armv7m;
189 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
190 struct cortex_m3_fp_comparator *fp_list = cortex_m3->fp_comparator_list;
191 struct cortex_m3_dwt_comparator *dwt_list = cortex_m3->dwt_comparator_list;
193 /* REVISIT The four debug monitor bits are currently ignored... */
194 mem_ap_read_atomic_u32(swjdp, DCB_DEMCR, &dcb_demcr);
195 LOG_DEBUG("DCB_DEMCR = 0x%8.8" PRIx32 "",dcb_demcr);
197 /* this register is used for emulated dcc channel */
198 mem_ap_write_u32(swjdp, DCB_DCRDR, 0);
200 /* Enable debug requests */
201 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
202 if (!(cortex_m3->dcb_dhcsr & C_DEBUGEN))
203 mem_ap_write_u32(swjdp, DCB_DHCSR, DBGKEY | C_DEBUGEN);
205 /* clear any interrupt masking */
206 cortex_m3_write_debug_halt_mask(target, 0, C_MASKINTS);
208 /* Enable features controlled by ITM and DWT blocks, and catch only
209 * the vectors we were told to pay attention to.
211 * Target firmware is responsible for all fault handling policy
212 * choices *EXCEPT* explicitly scripted overrides like "vector_catch"
213 * or manual updates to the NVIC SHCSR and CCR registers.
215 mem_ap_write_u32(swjdp, DCB_DEMCR, TRCENA | armv7m->demcr);
217 /* Paranoia: evidently some (early?) chips don't preserve all the
218 * debug state (including FBP, DWT, etc) across reset...
222 target_write_u32(target, FP_CTRL, 3);
223 cortex_m3->fpb_enabled = 1;
225 /* Restore FPB registers */
226 for (i = 0; i < cortex_m3->fp_num_code + cortex_m3->fp_num_lit; i++)
228 target_write_u32(target, fp_list[i].fpcr_address, fp_list[i].fpcr_value);
231 /* Restore DWT registers */
232 for (i = 0; i < cortex_m3->dwt_num_comp; i++)
234 target_write_u32(target, dwt_list[i].dwt_comparator_address + 0,
236 target_write_u32(target, dwt_list[i].dwt_comparator_address + 4,
238 target_write_u32(target, dwt_list[i].dwt_comparator_address + 8,
239 dwt_list[i].function);
241 jtagdp_transaction_endcheck(swjdp);
243 register_cache_invalidate(cortex_m3->armv7m.core_cache);
245 /* make sure we have latest dhcsr flags */
246 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
251 static int cortex_m3_examine_debug_reason(struct target *target)
253 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
255 /* THIS IS NOT GOOD, TODO - better logic for detection of debug state reason */
256 /* only check the debug reason if we don't know it already */
258 if ((target->debug_reason != DBG_REASON_DBGRQ)
259 && (target->debug_reason != DBG_REASON_SINGLESTEP))
261 if (cortex_m3->nvic_dfsr & DFSR_BKPT)
263 target->debug_reason = DBG_REASON_BREAKPOINT;
264 if (cortex_m3->nvic_dfsr & DFSR_DWTTRAP)
265 target->debug_reason = DBG_REASON_WPTANDBKPT;
267 else if (cortex_m3->nvic_dfsr & DFSR_DWTTRAP)
268 target->debug_reason = DBG_REASON_WATCHPOINT;
269 else if (cortex_m3->nvic_dfsr & DFSR_VCATCH)
270 target->debug_reason = DBG_REASON_BREAKPOINT;
271 else /* EXTERNAL, HALTED */
272 target->debug_reason = DBG_REASON_UNDEFINED;
278 static int cortex_m3_examine_exception_reason(struct target *target)
280 uint32_t shcsr, except_sr, cfsr = -1, except_ar = -1;
281 struct armv7m_common *armv7m = target_to_armv7m(target);
282 struct swjdp_common *swjdp = &armv7m->swjdp_info;
284 mem_ap_read_u32(swjdp, NVIC_SHCSR, &shcsr);
285 switch (armv7m->exception_number)
289 case 3: /* Hard Fault */
290 mem_ap_read_atomic_u32(swjdp, NVIC_HFSR, &except_sr);
291 if (except_sr & 0x40000000)
293 mem_ap_read_u32(swjdp, NVIC_CFSR, &cfsr);
296 case 4: /* Memory Management */
297 mem_ap_read_u32(swjdp, NVIC_CFSR, &except_sr);
298 mem_ap_read_u32(swjdp, NVIC_MMFAR, &except_ar);
300 case 5: /* Bus Fault */
301 mem_ap_read_u32(swjdp, NVIC_CFSR, &except_sr);
302 mem_ap_read_u32(swjdp, NVIC_BFAR, &except_ar);
304 case 6: /* Usage Fault */
305 mem_ap_read_u32(swjdp, NVIC_CFSR, &except_sr);
307 case 11: /* SVCall */
309 case 12: /* Debug Monitor */
310 mem_ap_read_u32(swjdp, NVIC_DFSR, &except_sr);
312 case 14: /* PendSV */
314 case 15: /* SysTick */
320 jtagdp_transaction_endcheck(swjdp);
321 LOG_DEBUG("%s SHCSR 0x%" PRIx32 ", SR 0x%" PRIx32 ", CFSR 0x%" PRIx32 ", AR 0x%" PRIx32 "", armv7m_exception_string(armv7m->exception_number), \
322 shcsr, except_sr, cfsr, except_ar);
326 /* PSP is used in some thread modes */
327 static const int armv7m_psp_reg_map[17] = {
328 ARMV7M_R0, ARMV7M_R1, ARMV7M_R2, ARMV7M_R3,
329 ARMV7M_R4, ARMV7M_R5, ARMV7M_R6, ARMV7M_R7,
330 ARMV7M_R8, ARMV7M_R9, ARMV7M_R10, ARMV7M_R11,
331 ARMV7M_R12, ARMV7M_PSP, ARMV7M_R14, ARMV7M_PC,
335 /* MSP is used in handler and some thread modes */
336 static const int armv7m_msp_reg_map[17] = {
337 ARMV7M_R0, ARMV7M_R1, ARMV7M_R2, ARMV7M_R3,
338 ARMV7M_R4, ARMV7M_R5, ARMV7M_R6, ARMV7M_R7,
339 ARMV7M_R8, ARMV7M_R9, ARMV7M_R10, ARMV7M_R11,
340 ARMV7M_R12, ARMV7M_MSP, ARMV7M_R14, ARMV7M_PC,
344 static int cortex_m3_debug_entry(struct target *target)
349 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
350 struct armv7m_common *armv7m = &cortex_m3->armv7m;
351 struct arm *arm = &armv7m->arm;
352 struct swjdp_common *swjdp = &armv7m->swjdp_info;
357 cortex_m3_clear_halt(target);
358 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
360 if ((retval = armv7m->examine_debug_reason(target)) != ERROR_OK)
363 /* Examine target state and mode */
364 /* First load register acessible through core debug port*/
365 int num_regs = armv7m->core_cache->num_regs;
367 for (i = 0; i < num_regs; i++)
369 if (!armv7m->core_cache->reg_list[i].valid)
370 armv7m->read_core_reg(target, i);
373 r = armv7m->core_cache->reg_list + ARMV7M_xPSR;
374 xPSR = buf_get_u32(r->value, 0, 32);
376 #ifdef ARMV7_GDB_HACKS
377 /* FIXME this breaks on scan chains with more than one Cortex-M3.
378 * Instead, each CM3 should have its own dummy value...
380 /* copy real xpsr reg for gdb, setting thumb bit */
381 buf_set_u32(armv7m_gdb_dummy_cpsr_value, 0, 32, xPSR);
382 buf_set_u32(armv7m_gdb_dummy_cpsr_value, 5, 1, 1);
383 armv7m_gdb_dummy_cpsr_reg.valid = r->valid;
384 armv7m_gdb_dummy_cpsr_reg.dirty = r->dirty;
387 /* For IT instructions xPSR must be reloaded on resume and clear on debug exec */
391 cortex_m3_store_core_reg_u32(target, ARMV7M_REGISTER_CORE_GP, 16, xPSR &~ 0xff);
394 /* Are we in an exception handler */
397 armv7m->core_mode = ARMV7M_MODE_HANDLER;
398 armv7m->exception_number = (xPSR & 0x1FF);
400 arm->core_mode = ARM_MODE_HANDLER;
401 arm->map = armv7m_msp_reg_map;
405 unsigned control = buf_get_u32(armv7m->core_cache
406 ->reg_list[ARMV7M_CONTROL].value, 0, 2);
408 /* is this thread privileged? */
409 armv7m->core_mode = control & 1;
410 arm->core_mode = armv7m->core_mode
411 ? ARM_MODE_USER_THREAD
414 /* which stack is it using? */
416 arm->map = armv7m_psp_reg_map;
418 arm->map = armv7m_msp_reg_map;
420 armv7m->exception_number = 0;
423 if (armv7m->exception_number)
425 cortex_m3_examine_exception_reason(target);
428 LOG_DEBUG("entered debug state in core mode: %s at PC 0x%" PRIx32 ", target->state: %s",
429 armv7m_mode_strings[armv7m->core_mode],
430 *(uint32_t*)(arm->pc->value),
431 target_state_name(target));
433 if (armv7m->post_debug_entry)
434 armv7m->post_debug_entry(target);
439 static int cortex_m3_poll(struct target *target)
442 enum target_state prev_target_state = target->state;
443 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
444 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
446 /* Read from Debug Halting Control and Status Register */
447 retval = mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
448 if (retval != ERROR_OK)
450 target->state = TARGET_UNKNOWN;
454 /* Recover from lockup. See ARMv7-M architecture spec,
455 * section B1.5.15 "Unrecoverable exception cases".
457 * REVISIT Is there a better way to report and handle this?
459 if (cortex_m3->dcb_dhcsr & S_LOCKUP) {
460 LOG_WARNING("%s -- clearing lockup after double fault",
461 target_name(target));
462 cortex_m3_write_debug_halt_mask(target, C_HALT, 0);
463 target->debug_reason = DBG_REASON_DBGRQ;
465 /* refresh status bits */
466 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
469 if (cortex_m3->dcb_dhcsr & S_RESET_ST)
471 /* check if still in reset */
472 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
474 if (cortex_m3->dcb_dhcsr & S_RESET_ST)
476 target->state = TARGET_RESET;
481 if (target->state == TARGET_RESET)
483 /* Cannot switch context while running so endreset is
484 * called with target->state == TARGET_RESET
486 LOG_DEBUG("Exit from reset with dcb_dhcsr 0x%" PRIx32,
487 cortex_m3->dcb_dhcsr);
488 cortex_m3_endreset_event(target);
489 target->state = TARGET_RUNNING;
490 prev_target_state = TARGET_RUNNING;
493 if (cortex_m3->dcb_dhcsr & S_HALT)
495 target->state = TARGET_HALTED;
497 if ((prev_target_state == TARGET_RUNNING) || (prev_target_state == TARGET_RESET))
499 if ((retval = cortex_m3_debug_entry(target)) != ERROR_OK)
502 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
504 if (prev_target_state == TARGET_DEBUG_RUNNING)
507 if ((retval = cortex_m3_debug_entry(target)) != ERROR_OK)
510 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
514 /* REVISIT when S_SLEEP is set, it's in a Sleep or DeepSleep state.
515 * How best to model low power modes?
518 if (target->state == TARGET_UNKNOWN)
520 /* check if processor is retiring instructions */
521 if (cortex_m3->dcb_dhcsr & S_RETIRE_ST)
523 target->state = TARGET_RUNNING;
531 static int cortex_m3_halt(struct target *target)
533 LOG_DEBUG("target->state: %s",
534 target_state_name(target));
536 if (target->state == TARGET_HALTED)
538 LOG_DEBUG("target was already halted");
542 if (target->state == TARGET_UNKNOWN)
544 LOG_WARNING("target was in unknown state when halt was requested");
547 if (target->state == TARGET_RESET)
549 if ((jtag_get_reset_config() & RESET_SRST_PULLS_TRST) && jtag_get_srst())
551 LOG_ERROR("can't request a halt while in reset if nSRST pulls nTRST");
552 return ERROR_TARGET_FAILURE;
556 /* we came here in a reset_halt or reset_init sequence
557 * debug entry was already prepared in cortex_m3_prepare_reset_halt()
559 target->debug_reason = DBG_REASON_DBGRQ;
565 /* Write to Debug Halting Control and Status Register */
566 cortex_m3_write_debug_halt_mask(target, C_HALT, 0);
568 target->debug_reason = DBG_REASON_DBGRQ;
573 static int cortex_m3_soft_reset_halt(struct target *target)
575 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
576 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
577 uint32_t dcb_dhcsr = 0;
578 int retval, timeout = 0;
580 /* Enter debug state on reset; restore DEMCR in endreset_event() */
581 mem_ap_write_u32(swjdp, DCB_DEMCR,
582 TRCENA | VC_HARDERR | VC_BUSERR | VC_CORERESET);
584 /* Request a core-only reset */
585 mem_ap_write_atomic_u32(swjdp, NVIC_AIRCR,
586 AIRCR_VECTKEY | AIRCR_VECTRESET);
587 target->state = TARGET_RESET;
589 /* registers are now invalid */
590 register_cache_invalidate(cortex_m3->armv7m.core_cache);
592 while (timeout < 100)
594 retval = mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &dcb_dhcsr);
595 if (retval == ERROR_OK)
597 mem_ap_read_atomic_u32(swjdp, NVIC_DFSR,
598 &cortex_m3->nvic_dfsr);
599 if ((dcb_dhcsr & S_HALT)
600 && (cortex_m3->nvic_dfsr & DFSR_VCATCH))
602 LOG_DEBUG("system reset-halted, DHCSR 0x%08x, "
604 (unsigned) dcb_dhcsr,
605 (unsigned) cortex_m3->nvic_dfsr);
606 cortex_m3_poll(target);
607 /* FIXME restore user's vector catch config */
611 LOG_DEBUG("waiting for system reset-halt, "
612 "DHCSR 0x%08x, %d ms",
613 (unsigned) dcb_dhcsr, timeout);
622 static void cortex_m3_enable_breakpoints(struct target *target)
624 struct breakpoint *breakpoint = target->breakpoints;
626 /* set any pending breakpoints */
629 if (!breakpoint->set)
630 cortex_m3_set_breakpoint(target, breakpoint);
631 breakpoint = breakpoint->next;
635 static int cortex_m3_resume(struct target *target, int current,
636 uint32_t address, int handle_breakpoints, int debug_execution)
638 struct armv7m_common *armv7m = target_to_armv7m(target);
639 struct breakpoint *breakpoint = NULL;
643 if (target->state != TARGET_HALTED)
645 LOG_WARNING("target not halted");
646 return ERROR_TARGET_NOT_HALTED;
649 if (!debug_execution)
651 target_free_all_working_areas(target);
652 cortex_m3_enable_breakpoints(target);
653 cortex_m3_enable_watchpoints(target);
658 r = armv7m->core_cache->reg_list + ARMV7M_PRIMASK;
660 /* Disable interrupts */
661 /* We disable interrupts in the PRIMASK register instead of
662 * masking with C_MASKINTS. This is probably the same issue
663 * as Cortex-M3 Erratum 377493 (fixed in r1p0): C_MASKINTS
664 * in parallel with disabled interrupts can cause local faults
667 * REVISIT this clearly breaks non-debug execution, since the
668 * PRIMASK register state isn't saved/restored... workaround
669 * by never resuming app code after debug execution.
671 buf_set_u32(r->value, 0, 1, 1);
675 /* Make sure we are in Thumb mode */
676 r = armv7m->core_cache->reg_list + ARMV7M_xPSR;
677 buf_set_u32(r->value, 24, 1, 1);
682 /* current = 1: continue on current pc, otherwise continue at <address> */
686 buf_set_u32(r->value, 0, 32, address);
691 /* if we halted last time due to a bkpt instruction
692 * then we have to manually step over it, otherwise
693 * the core will break again */
695 if (!breakpoint_find(target, buf_get_u32(r->value, 0, 32))
698 armv7m_maybe_skip_bkpt_inst(target, NULL);
701 resume_pc = buf_get_u32(r->value, 0, 32);
703 armv7m_restore_context(target);
705 /* the front-end may request us not to handle breakpoints */
706 if (handle_breakpoints)
708 /* Single step past breakpoint at current address */
709 if ((breakpoint = breakpoint_find(target, resume_pc)))
711 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (ID: %d)",
713 breakpoint->unique_id);
714 cortex_m3_unset_breakpoint(target, breakpoint);
715 cortex_m3_single_step_core(target);
716 cortex_m3_set_breakpoint(target, breakpoint);
721 cortex_m3_write_debug_halt_mask(target, 0, C_HALT);
723 target->debug_reason = DBG_REASON_NOTHALTED;
725 /* registers are now invalid */
726 register_cache_invalidate(armv7m->core_cache);
728 if (!debug_execution)
730 target->state = TARGET_RUNNING;
731 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
732 LOG_DEBUG("target resumed at 0x%" PRIx32 "", resume_pc);
736 target->state = TARGET_DEBUG_RUNNING;
737 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
738 LOG_DEBUG("target debug resumed at 0x%" PRIx32 "", resume_pc);
744 /* int irqstepcount = 0; */
745 static int cortex_m3_step(struct target *target, int current,
746 uint32_t address, int handle_breakpoints)
748 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
749 struct armv7m_common *armv7m = &cortex_m3->armv7m;
750 struct swjdp_common *swjdp = &armv7m->swjdp_info;
751 struct breakpoint *breakpoint = NULL;
752 struct reg *pc = armv7m->arm.pc;
753 bool bkpt_inst_found = false;
755 if (target->state != TARGET_HALTED)
757 LOG_WARNING("target not halted");
758 return ERROR_TARGET_NOT_HALTED;
761 /* current = 1: continue on current pc, otherwise continue at <address> */
763 buf_set_u32(pc->value, 0, 32, address);
765 /* the front-end may request us not to handle breakpoints */
766 if (handle_breakpoints) {
767 breakpoint = breakpoint_find(target,
768 buf_get_u32(pc->value, 0, 32));
770 cortex_m3_unset_breakpoint(target, breakpoint);
773 armv7m_maybe_skip_bkpt_inst(target, &bkpt_inst_found);
775 target->debug_reason = DBG_REASON_SINGLESTEP;
777 armv7m_restore_context(target);
779 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
781 /* if no bkpt instruction is found at pc then we can perform
782 * a normal step, otherwise we have to manually step over the bkpt
783 * instruction - as such simulate a step */
784 if (bkpt_inst_found == false)
786 /* set step and clear halt */
787 cortex_m3_write_debug_halt_mask(target, C_STEP, C_HALT);
790 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
792 /* registers are now invalid */
793 register_cache_invalidate(cortex_m3->armv7m.core_cache);
796 cortex_m3_set_breakpoint(target, breakpoint);
798 LOG_DEBUG("target stepped dcb_dhcsr = 0x%" PRIx32
799 " nvic_icsr = 0x%" PRIx32,
800 cortex_m3->dcb_dhcsr, cortex_m3->nvic_icsr);
802 cortex_m3_debug_entry(target);
803 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
805 LOG_DEBUG("target stepped dcb_dhcsr = 0x%" PRIx32
806 " nvic_icsr = 0x%" PRIx32,
807 cortex_m3->dcb_dhcsr, cortex_m3->nvic_icsr);
812 static int cortex_m3_assert_reset(struct target *target)
814 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
815 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
818 LOG_DEBUG("target->state: %s",
819 target_state_name(target));
821 enum reset_types jtag_reset_config = jtag_get_reset_config();
824 * We can reset Cortex-M3 targets using just the NVIC without
825 * requiring SRST, getting a SoC reset (or a core-only reset)
826 * instead of a system reset.
828 if (!(jtag_reset_config & RESET_HAS_SRST))
831 /* Enable debug requests */
832 mem_ap_read_atomic_u32(swjdp, DCB_DHCSR, &cortex_m3->dcb_dhcsr);
833 if (!(cortex_m3->dcb_dhcsr & C_DEBUGEN))
834 mem_ap_write_u32(swjdp, DCB_DHCSR, DBGKEY | C_DEBUGEN);
836 mem_ap_write_u32(swjdp, DCB_DCRDR, 0);
838 if (!target->reset_halt)
840 /* Set/Clear C_MASKINTS in a separate operation */
841 if (cortex_m3->dcb_dhcsr & C_MASKINTS)
842 mem_ap_write_atomic_u32(swjdp, DCB_DHCSR,
843 DBGKEY | C_DEBUGEN | C_HALT);
845 /* clear any debug flags before resuming */
846 cortex_m3_clear_halt(target);
848 /* clear C_HALT in dhcsr reg */
849 cortex_m3_write_debug_halt_mask(target, 0, C_HALT);
853 /* Halt in debug on reset; endreset_event() restores DEMCR.
855 * REVISIT catching BUSERR presumably helps to defend against
856 * bad vector table entries. Should this include MMERR or
859 mem_ap_write_atomic_u32(swjdp, DCB_DEMCR,
860 TRCENA | VC_HARDERR | VC_BUSERR | VC_CORERESET);
864 * When nRST is asserted on most Stellaris devices, it clears some of
865 * the debug state. The ARMv7M and Cortex-M3 TRMs say that's wrong;
866 * and OpenOCD depends on those TRMs. So we won't use SRST on those
867 * chips. (Only power-on reset should affect debug state, beyond a
868 * few specified bits; not the chip's nRST input, wired to SRST.)
870 * REVISIT current errata specs don't seem to cover this issue.
871 * Do we have more details than this email?
872 * https://lists.berlios.de/pipermail
873 * /openocd-development/2008-August/003065.html
875 if (strcmp(target->variant, "lm3s") == 0)
877 /* Check for silicon revisions with the issue. */
880 if (target_read_u32(target, 0x400fe000, &did0) == ERROR_OK)
882 switch ((did0 >> 16) & 0xff)
885 /* all Sandstorm suffer issue */
891 /* Fury and DustDevil rev A have
892 * this nRST problem. It should
893 * be fixed in rev B silicon.
895 if (((did0 >> 8) & 0xff) == 0)
899 /* Tempest should be fine. */
907 /* default to asserting srst */
908 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
910 jtag_add_reset(1, 1);
914 jtag_add_reset(0, 1);
919 /* Use a standard Cortex-M3 software reset mechanism.
920 * SYSRESETREQ will reset SoC peripherals outside the
921 * core, like watchdog timers, if the SoC wires it up
922 * correctly. Else VECRESET can reset just the core.
924 mem_ap_write_atomic_u32(swjdp, NVIC_AIRCR,
925 AIRCR_VECTKEY | AIRCR_SYSRESETREQ);
926 LOG_DEBUG("Using Cortex-M3 SYSRESETREQ");
929 /* I do not know why this is necessary, but it
930 * fixes strange effects (step/resume cause NMI
931 * after reset) on LM3S6918 -- Michael Schwingen
934 mem_ap_read_atomic_u32(swjdp, NVIC_AIRCR, &tmp);
938 target->state = TARGET_RESET;
939 jtag_add_sleep(50000);
941 register_cache_invalidate(cortex_m3->armv7m.core_cache);
943 if (target->reset_halt)
946 if ((retval = target_halt(target)) != ERROR_OK)
953 static int cortex_m3_deassert_reset(struct target *target)
955 LOG_DEBUG("target->state: %s",
956 target_state_name(target));
958 /* deassert reset lines */
959 jtag_add_reset(0, 0);
965 cortex_m3_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
970 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
971 struct cortex_m3_fp_comparator *comparator_list = cortex_m3->fp_comparator_list;
975 LOG_WARNING("breakpoint (BPID: %d) already set", breakpoint->unique_id);
979 if (cortex_m3->auto_bp_type)
981 breakpoint->type = (breakpoint->address < 0x20000000) ? BKPT_HARD : BKPT_SOFT;
984 if (breakpoint->type == BKPT_HARD)
986 while (comparator_list[fp_num].used && (fp_num < cortex_m3->fp_num_code))
988 if (fp_num >= cortex_m3->fp_num_code)
990 LOG_ERROR("Can not find free FPB Comparator!");
993 breakpoint->set = fp_num + 1;
994 hilo = (breakpoint->address & 0x2) ? FPCR_REPLACE_BKPT_HIGH : FPCR_REPLACE_BKPT_LOW;
995 comparator_list[fp_num].used = 1;
996 comparator_list[fp_num].fpcr_value = (breakpoint->address & 0x1FFFFFFC) | hilo | 1;
997 target_write_u32(target, comparator_list[fp_num].fpcr_address, comparator_list[fp_num].fpcr_value);
998 LOG_DEBUG("fpc_num %i fpcr_value 0x%" PRIx32 "", fp_num, comparator_list[fp_num].fpcr_value);
999 if (!cortex_m3->fpb_enabled)
1001 LOG_DEBUG("FPB wasn't enabled, do it now");
1002 target_write_u32(target, FP_CTRL, 3);
1005 else if (breakpoint->type == BKPT_SOFT)
1009 /* NOTE: on ARMv6-M and ARMv7-M, BKPT(0xab) is used for
1010 * semihosting; don't use that. Otherwise the BKPT
1011 * parameter is arbitrary.
1013 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1014 retval = target_read_memory(target,
1015 breakpoint->address & 0xFFFFFFFE,
1016 breakpoint->length, 1,
1017 breakpoint->orig_instr);
1018 if (retval != ERROR_OK)
1020 retval = target_write_memory(target,
1021 breakpoint->address & 0xFFFFFFFE,
1022 breakpoint->length, 1,
1024 if (retval != ERROR_OK)
1026 breakpoint->set = true;
1029 LOG_DEBUG("BPID: %d, Type: %d, Address: 0x%08" PRIx32 " Length: %d (set=%d)",
1030 breakpoint->unique_id,
1031 (int)(breakpoint->type),
1032 breakpoint->address,
1040 cortex_m3_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1043 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1044 struct cortex_m3_fp_comparator * comparator_list = cortex_m3->fp_comparator_list;
1046 if (!breakpoint->set)
1048 LOG_WARNING("breakpoint not set");
1052 LOG_DEBUG("BPID: %d, Type: %d, Address: 0x%08" PRIx32 " Length: %d (set=%d)",
1053 breakpoint->unique_id,
1054 (int)(breakpoint->type),
1055 breakpoint->address,
1059 if (breakpoint->type == BKPT_HARD)
1061 int fp_num = breakpoint->set - 1;
1062 if ((fp_num < 0) || (fp_num >= cortex_m3->fp_num_code))
1064 LOG_DEBUG("Invalid FP Comparator number in breakpoint");
1067 comparator_list[fp_num].used = 0;
1068 comparator_list[fp_num].fpcr_value = 0;
1069 target_write_u32(target, comparator_list[fp_num].fpcr_address, comparator_list[fp_num].fpcr_value);
1073 /* restore original instruction (kept in target endianness) */
1074 if (breakpoint->length == 4)
1076 if ((retval = target_write_memory(target, breakpoint->address & 0xFFFFFFFE, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
1083 if ((retval = target_write_memory(target, breakpoint->address & 0xFFFFFFFE, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
1089 breakpoint->set = false;
1095 cortex_m3_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
1097 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1099 if (cortex_m3->auto_bp_type)
1101 breakpoint->type = (breakpoint->address < 0x20000000) ? BKPT_HARD : BKPT_SOFT;
1102 #ifdef ARMV7_GDB_HACKS
1103 if (breakpoint->length != 2) {
1104 /* XXX Hack: Replace all breakpoints with length != 2 with
1105 * a hardware breakpoint. */
1106 breakpoint->type = BKPT_HARD;
1107 breakpoint->length = 2;
1112 if ((breakpoint->type == BKPT_HARD) && (breakpoint->address >= 0x20000000))
1114 LOG_INFO("flash patch comparator requested outside code memory region");
1115 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1118 if ((breakpoint->type == BKPT_SOFT) && (breakpoint->address < 0x20000000))
1120 LOG_INFO("soft breakpoint requested in code (flash) memory region");
1121 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1124 if ((breakpoint->type == BKPT_HARD) && (cortex_m3->fp_code_available < 1))
1126 LOG_INFO("no flash patch comparator unit available for hardware breakpoint");
1127 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1130 if ((breakpoint->length != 2))
1132 LOG_INFO("only breakpoints of two bytes length supported");
1133 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1136 if (breakpoint->type == BKPT_HARD)
1137 cortex_m3->fp_code_available--;
1138 cortex_m3_set_breakpoint(target, breakpoint);
1144 cortex_m3_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1146 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1148 /* REVISIT why check? FBP can be updated with core running ... */
1149 if (target->state != TARGET_HALTED)
1151 LOG_WARNING("target not halted");
1152 return ERROR_TARGET_NOT_HALTED;
1155 if (cortex_m3->auto_bp_type)
1157 breakpoint->type = (breakpoint->address < 0x20000000) ? BKPT_HARD : BKPT_SOFT;
1160 if (breakpoint->set)
1162 cortex_m3_unset_breakpoint(target, breakpoint);
1165 if (breakpoint->type == BKPT_HARD)
1166 cortex_m3->fp_code_available++;
1172 cortex_m3_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
1175 uint32_t mask, temp;
1176 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1178 /* watchpoint params were validated earlier */
1180 temp = watchpoint->length;
1187 /* REVISIT Don't fully trust these "not used" records ... users
1188 * may set up breakpoints by hand, e.g. dual-address data value
1189 * watchpoint using comparator #1; comparator #0 matching cycle
1190 * count; send data trace info through ITM and TPIU; etc
1192 struct cortex_m3_dwt_comparator *comparator;
1194 for (comparator = cortex_m3->dwt_comparator_list;
1195 comparator->used && dwt_num < cortex_m3->dwt_num_comp;
1196 comparator++, dwt_num++)
1198 if (dwt_num >= cortex_m3->dwt_num_comp)
1200 LOG_ERROR("Can not find free DWT Comparator");
1203 comparator->used = 1;
1204 watchpoint->set = dwt_num + 1;
1206 comparator->comp = watchpoint->address;
1207 target_write_u32(target, comparator->dwt_comparator_address + 0,
1210 comparator->mask = mask;
1211 target_write_u32(target, comparator->dwt_comparator_address + 4,
1214 switch (watchpoint->rw) {
1216 comparator->function = 5;
1219 comparator->function = 6;
1222 comparator->function = 7;
1225 target_write_u32(target, comparator->dwt_comparator_address + 8,
1226 comparator->function);
1228 LOG_DEBUG("Watchpoint (ID %d) DWT%d 0x%08x 0x%x 0x%05x",
1229 watchpoint->unique_id, dwt_num,
1230 (unsigned) comparator->comp,
1231 (unsigned) comparator->mask,
1232 (unsigned) comparator->function);
1237 cortex_m3_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
1239 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1240 struct cortex_m3_dwt_comparator *comparator;
1243 if (!watchpoint->set)
1245 LOG_WARNING("watchpoint (wpid: %d) not set",
1246 watchpoint->unique_id);
1250 dwt_num = watchpoint->set - 1;
1252 LOG_DEBUG("Watchpoint (ID %d) DWT%d address: 0x%08x clear",
1253 watchpoint->unique_id, dwt_num,
1254 (unsigned) watchpoint->address);
1256 if ((dwt_num < 0) || (dwt_num >= cortex_m3->dwt_num_comp))
1258 LOG_DEBUG("Invalid DWT Comparator number in watchpoint");
1262 comparator = cortex_m3->dwt_comparator_list + dwt_num;
1263 comparator->used = 0;
1264 comparator->function = 0;
1265 target_write_u32(target, comparator->dwt_comparator_address + 8,
1266 comparator->function);
1268 watchpoint->set = false;
1274 cortex_m3_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
1276 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1278 if (cortex_m3->dwt_comp_available < 1)
1280 LOG_DEBUG("no comparators?");
1281 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1284 /* hardware doesn't support data value masking */
1285 if (watchpoint->mask != ~(uint32_t)0) {
1286 LOG_DEBUG("watchpoint value masks not supported");
1287 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1290 /* hardware allows address masks of up to 32K */
1293 for (mask = 0; mask < 16; mask++) {
1294 if ((1u << mask) == watchpoint->length)
1298 LOG_DEBUG("unsupported watchpoint length");
1299 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1301 if (watchpoint->address & ((1 << mask) - 1)) {
1302 LOG_DEBUG("watchpoint address is unaligned");
1303 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1306 /* Caller doesn't seem to be able to describe watching for data
1307 * values of zero; that flags "no value".
1309 * REVISIT This DWT may well be able to watch for specific data
1310 * values. Requires comparator #1 to set DATAVMATCH and match
1311 * the data, and another comparator (DATAVADDR0) matching addr.
1313 if (watchpoint->value) {
1314 LOG_DEBUG("data value watchpoint not YET supported");
1315 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1318 cortex_m3->dwt_comp_available--;
1319 LOG_DEBUG("dwt_comp_available: %d", cortex_m3->dwt_comp_available);
1325 cortex_m3_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
1327 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1329 /* REVISIT why check? DWT can be updated with core running ... */
1330 if (target->state != TARGET_HALTED)
1332 LOG_WARNING("target not halted");
1333 return ERROR_TARGET_NOT_HALTED;
1336 if (watchpoint->set)
1338 cortex_m3_unset_watchpoint(target, watchpoint);
1341 cortex_m3->dwt_comp_available++;
1342 LOG_DEBUG("dwt_comp_available: %d", cortex_m3->dwt_comp_available);
1347 static void cortex_m3_enable_watchpoints(struct target *target)
1349 struct watchpoint *watchpoint = target->watchpoints;
1351 /* set any pending watchpoints */
1354 if (!watchpoint->set)
1355 cortex_m3_set_watchpoint(target, watchpoint);
1356 watchpoint = watchpoint->next;
1360 static int cortex_m3_load_core_reg_u32(struct target *target,
1361 enum armv7m_regtype type, uint32_t num, uint32_t * value)
1364 struct armv7m_common *armv7m = target_to_armv7m(target);
1365 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1367 /* NOTE: we "know" here that the register identifiers used
1368 * in the v7m header match the Cortex-M3 Debug Core Register
1369 * Selector values for R0..R15, xPSR, MSP, and PSP.
1373 /* read a normal core register */
1374 retval = cortexm3_dap_read_coreregister_u32(swjdp, value, num);
1376 if (retval != ERROR_OK)
1378 LOG_ERROR("JTAG failure %i",retval);
1379 return ERROR_JTAG_DEVICE_ERROR;
1381 LOG_DEBUG("load from core reg %i value 0x%" PRIx32 "",(int)num,*value);
1384 case ARMV7M_PRIMASK:
1385 case ARMV7M_BASEPRI:
1386 case ARMV7M_FAULTMASK:
1387 case ARMV7M_CONTROL:
1388 /* Cortex-M3 packages these four registers as bitfields
1389 * in one Debug Core register. So say r0 and r2 docs;
1390 * it was removed from r1 docs, but still works.
1392 cortexm3_dap_read_coreregister_u32(swjdp, value, 20);
1396 case ARMV7M_PRIMASK:
1397 *value = buf_get_u32((uint8_t*)value, 0, 1);
1400 case ARMV7M_BASEPRI:
1401 *value = buf_get_u32((uint8_t*)value, 8, 8);
1404 case ARMV7M_FAULTMASK:
1405 *value = buf_get_u32((uint8_t*)value, 16, 1);
1408 case ARMV7M_CONTROL:
1409 *value = buf_get_u32((uint8_t*)value, 24, 2);
1413 LOG_DEBUG("load from special reg %i value 0x%" PRIx32 "", (int)num, *value);
1417 return ERROR_INVALID_ARGUMENTS;
1423 static int cortex_m3_store_core_reg_u32(struct target *target,
1424 enum armv7m_regtype type, uint32_t num, uint32_t value)
1428 struct armv7m_common *armv7m = target_to_armv7m(target);
1429 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1431 #ifdef ARMV7_GDB_HACKS
1432 /* If the LR register is being modified, make sure it will put us
1433 * in "thumb" mode, or an INVSTATE exception will occur. This is a
1434 * hack to deal with the fact that gdb will sometimes "forge"
1435 * return addresses, and doesn't set the LSB correctly (i.e., when
1436 * printing expressions containing function calls, it sets LR = 0.)
1437 * Valid exception return codes have bit 0 set too.
1439 if (num == ARMV7M_R14)
1443 /* NOTE: we "know" here that the register identifiers used
1444 * in the v7m header match the Cortex-M3 Debug Core Register
1445 * Selector values for R0..R15, xPSR, MSP, and PSP.
1449 retval = cortexm3_dap_write_coreregister_u32(swjdp, value, num);
1450 if (retval != ERROR_OK)
1454 LOG_ERROR("JTAG failure %i", retval);
1455 r = armv7m->core_cache->reg_list + num;
1456 r->dirty = r->valid;
1457 return ERROR_JTAG_DEVICE_ERROR;
1459 LOG_DEBUG("write core reg %i value 0x%" PRIx32 "", (int)num, value);
1462 case ARMV7M_PRIMASK:
1463 case ARMV7M_BASEPRI:
1464 case ARMV7M_FAULTMASK:
1465 case ARMV7M_CONTROL:
1466 /* Cortex-M3 packages these four registers as bitfields
1467 * in one Debug Core register. So say r0 and r2 docs;
1468 * it was removed from r1 docs, but still works.
1470 cortexm3_dap_read_coreregister_u32(swjdp, ®, 20);
1474 case ARMV7M_PRIMASK:
1475 buf_set_u32((uint8_t*)®, 0, 1, value);
1478 case ARMV7M_BASEPRI:
1479 buf_set_u32((uint8_t*)®, 8, 8, value);
1482 case ARMV7M_FAULTMASK:
1483 buf_set_u32((uint8_t*)®, 16, 1, value);
1486 case ARMV7M_CONTROL:
1487 buf_set_u32((uint8_t*)®, 24, 2, value);
1491 cortexm3_dap_write_coreregister_u32(swjdp, reg, 20);
1493 LOG_DEBUG("write special reg %i value 0x%" PRIx32 " ", (int)num, value);
1497 return ERROR_INVALID_ARGUMENTS;
1503 static int cortex_m3_read_memory(struct target *target, uint32_t address,
1504 uint32_t size, uint32_t count, uint8_t *buffer)
1506 struct armv7m_common *armv7m = target_to_armv7m(target);
1507 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1508 int retval = ERROR_INVALID_ARGUMENTS;
1510 /* cortex_m3 handles unaligned memory access */
1511 if (count && buffer) {
1514 retval = mem_ap_read_buf_u32(swjdp, buffer, 4 * count, address);
1517 retval = mem_ap_read_buf_u16(swjdp, buffer, 2 * count, address);
1520 retval = mem_ap_read_buf_u8(swjdp, buffer, count, address);
1528 static int cortex_m3_write_memory(struct target *target, uint32_t address,
1529 uint32_t size, uint32_t count, uint8_t *buffer)
1531 struct armv7m_common *armv7m = target_to_armv7m(target);
1532 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1533 int retval = ERROR_INVALID_ARGUMENTS;
1535 if (count && buffer) {
1538 retval = mem_ap_write_buf_u32(swjdp, buffer, 4 * count, address);
1541 retval = mem_ap_write_buf_u16(swjdp, buffer, 2 * count, address);
1544 retval = mem_ap_write_buf_u8(swjdp, buffer, count, address);
1552 static int cortex_m3_bulk_write_memory(struct target *target, uint32_t address,
1553 uint32_t count, uint8_t *buffer)
1555 return cortex_m3_write_memory(target, address, 4, count, buffer);
1558 static int cortex_m3_init_target(struct command_context *cmd_ctx,
1559 struct target *target)
1561 armv7m_build_reg_cache(target);
1565 /* REVISIT cache valid/dirty bits are unmaintained. We could set "valid"
1566 * on r/w if the core is not running, and clear on resume or reset ... or
1567 * at least, in a post_restore_context() method.
1570 struct dwt_reg_state {
1571 struct target *target;
1573 uint32_t value; /* scratch/cache */
1576 static int cortex_m3_dwt_get_reg(struct reg *reg)
1578 struct dwt_reg_state *state = reg->arch_info;
1580 return target_read_u32(state->target, state->addr, &state->value);
1583 static int cortex_m3_dwt_set_reg(struct reg *reg, uint8_t *buf)
1585 struct dwt_reg_state *state = reg->arch_info;
1587 return target_write_u32(state->target, state->addr,
1588 buf_get_u32(buf, 0, reg->size));
1597 static struct dwt_reg dwt_base_regs[] = {
1598 { DWT_CTRL, "dwt_ctrl", 32, },
1599 /* NOTE that Erratum 532314 (fixed r2p0) affects CYCCNT: it wrongly
1600 * increments while the core is asleep.
1602 { DWT_CYCCNT, "dwt_cyccnt", 32, },
1603 /* plus some 8 bit counters, useful for profiling with TPIU */
1606 static struct dwt_reg dwt_comp[] = {
1607 #define DWT_COMPARATOR(i) \
1608 { DWT_COMP0 + 0x10 * (i), "dwt_" #i "_comp", 32, }, \
1609 { DWT_MASK0 + 0x10 * (i), "dwt_" #i "_mask", 4, }, \
1610 { DWT_FUNCTION0 + 0x10 * (i), "dwt_" #i "_function", 32, }
1615 #undef DWT_COMPARATOR
1618 static const struct reg_arch_type dwt_reg_type = {
1619 .get = cortex_m3_dwt_get_reg,
1620 .set = cortex_m3_dwt_set_reg,
1624 cortex_m3_dwt_addreg(struct target *t, struct reg *r, struct dwt_reg *d)
1626 struct dwt_reg_state *state;
1628 state = calloc(1, sizeof *state);
1631 state->addr = d->addr;
1636 r->value = &state->value;
1637 r->arch_info = state;
1638 r->type = &dwt_reg_type;
1642 cortex_m3_dwt_setup(struct cortex_m3_common *cm3, struct target *target)
1645 struct reg_cache *cache;
1646 struct cortex_m3_dwt_comparator *comparator;
1649 target_read_u32(target, DWT_CTRL, &dwtcr);
1651 LOG_DEBUG("no DWT");
1655 cm3->dwt_num_comp = (dwtcr >> 28) & 0xF;
1656 cm3->dwt_comp_available = cm3->dwt_num_comp;
1657 cm3->dwt_comparator_list = calloc(cm3->dwt_num_comp,
1658 sizeof(struct cortex_m3_dwt_comparator));
1659 if (!cm3->dwt_comparator_list) {
1661 cm3->dwt_num_comp = 0;
1662 LOG_ERROR("out of mem");
1666 cache = calloc(1, sizeof *cache);
1669 free(cm3->dwt_comparator_list);
1672 cache->name = "cortex-m3 dwt registers";
1673 cache->num_regs = 2 + cm3->dwt_num_comp * 3;
1674 cache->reg_list = calloc(cache->num_regs, sizeof *cache->reg_list);
1675 if (!cache->reg_list) {
1680 for (reg = 0; reg < 2; reg++)
1681 cortex_m3_dwt_addreg(target, cache->reg_list + reg,
1682 dwt_base_regs + reg);
1684 comparator = cm3->dwt_comparator_list;
1685 for (i = 0; i < cm3->dwt_num_comp; i++, comparator++) {
1688 comparator->dwt_comparator_address = DWT_COMP0 + 0x10 * i;
1689 for (j = 0; j < 3; j++, reg++)
1690 cortex_m3_dwt_addreg(target, cache->reg_list + reg,
1691 dwt_comp + 3 * i + j);
1694 *register_get_last_cache_p(&target->reg_cache) = cache;
1695 cm3->dwt_cache = cache;
1697 LOG_DEBUG("DWT dwtcr 0x%" PRIx32 ", comp %d, watch%s",
1698 dwtcr, cm3->dwt_num_comp,
1699 (dwtcr & (0xf << 24)) ? " only" : "/trigger");
1701 /* REVISIT: if num_comp > 1, check whether comparator #1 can
1702 * implement single-address data value watchpoints ... so we
1703 * won't need to check it later, when asked to set one up.
1707 static int cortex_m3_examine(struct target *target)
1710 uint32_t cpuid, fpcr;
1712 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1713 struct swjdp_common *swjdp = &cortex_m3->armv7m.swjdp_info;
1715 if ((retval = ahbap_debugport_init(swjdp)) != ERROR_OK)
1718 if (!target_was_examined(target))
1720 target_set_examined(target);
1722 /* Read from Device Identification Registers */
1723 retval = target_read_u32(target, CPUID, &cpuid);
1724 if (retval != ERROR_OK)
1727 if (((cpuid >> 4) & 0xc3f) == 0xc23)
1728 LOG_DEBUG("Cortex-M3 r%" PRId8 "p%" PRId8 " processor detected",
1729 (uint8_t)((cpuid >> 20) & 0xf), (uint8_t)((cpuid >> 0) & 0xf));
1730 LOG_DEBUG("cpuid: 0x%8.8" PRIx32 "", cpuid);
1732 /* NOTE: FPB and DWT are both optional. */
1735 target_read_u32(target, FP_CTRL, &fpcr);
1736 cortex_m3->auto_bp_type = 1;
1737 cortex_m3->fp_num_code = ((fpcr >> 8) & 0x70) | ((fpcr >> 4) & 0xF); /* bits [14:12] and [7:4] */
1738 cortex_m3->fp_num_lit = (fpcr >> 8) & 0xF;
1739 cortex_m3->fp_code_available = cortex_m3->fp_num_code;
1740 cortex_m3->fp_comparator_list = calloc(cortex_m3->fp_num_code + cortex_m3->fp_num_lit, sizeof(struct cortex_m3_fp_comparator));
1741 cortex_m3->fpb_enabled = fpcr & 1;
1742 for (i = 0; i < cortex_m3->fp_num_code + cortex_m3->fp_num_lit; i++)
1744 cortex_m3->fp_comparator_list[i].type = (i < cortex_m3->fp_num_code) ? FPCR_CODE : FPCR_LITERAL;
1745 cortex_m3->fp_comparator_list[i].fpcr_address = FP_COMP0 + 4 * i;
1747 LOG_DEBUG("FPB fpcr 0x%" PRIx32 ", numcode %i, numlit %i", fpcr, cortex_m3->fp_num_code, cortex_m3->fp_num_lit);
1750 cortex_m3_dwt_setup(cortex_m3, target);
1752 /* These hardware breakpoints only work for code in flash! */
1753 LOG_INFO("%s: hardware has %d breakpoints, %d watchpoints",
1754 target_name(target),
1755 cortex_m3->fp_num_code,
1756 cortex_m3->dwt_num_comp);
1762 static int cortex_m3_dcc_read(struct swjdp_common *swjdp, uint8_t *value, uint8_t *ctrl)
1766 mem_ap_read_buf_u16(swjdp, (uint8_t*)&dcrdr, 1, DCB_DCRDR);
1767 *ctrl = (uint8_t)dcrdr;
1768 *value = (uint8_t)(dcrdr >> 8);
1770 LOG_DEBUG("data 0x%x ctrl 0x%x", *value, *ctrl);
1772 /* write ack back to software dcc register
1773 * signify we have read data */
1774 if (dcrdr & (1 << 0))
1777 mem_ap_write_buf_u16(swjdp, (uint8_t*)&dcrdr, 1, DCB_DCRDR);
1783 static int cortex_m3_target_request_data(struct target *target,
1784 uint32_t size, uint8_t *buffer)
1786 struct armv7m_common *armv7m = target_to_armv7m(target);
1787 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1792 for (i = 0; i < (size * 4); i++)
1794 cortex_m3_dcc_read(swjdp, &data, &ctrl);
1801 static int cortex_m3_handle_target_request(void *priv)
1803 struct target *target = priv;
1804 if (!target_was_examined(target))
1806 struct armv7m_common *armv7m = target_to_armv7m(target);
1807 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1809 if (!target->dbg_msg_enabled)
1812 if (target->state == TARGET_RUNNING)
1817 cortex_m3_dcc_read(swjdp, &data, &ctrl);
1819 /* check if we have data */
1820 if (ctrl & (1 << 0))
1824 /* we assume target is quick enough */
1826 cortex_m3_dcc_read(swjdp, &data, &ctrl);
1827 request |= (data << 8);
1828 cortex_m3_dcc_read(swjdp, &data, &ctrl);
1829 request |= (data << 16);
1830 cortex_m3_dcc_read(swjdp, &data, &ctrl);
1831 request |= (data << 24);
1832 target_request(target, request);
1839 static int cortex_m3_init_arch_info(struct target *target,
1840 struct cortex_m3_common *cortex_m3, struct jtag_tap *tap)
1843 struct armv7m_common *armv7m = &cortex_m3->armv7m;
1845 armv7m_init_arch_info(target, armv7m);
1847 /* prepare JTAG information for the new target */
1848 cortex_m3->jtag_info.tap = tap;
1849 cortex_m3->jtag_info.scann_size = 4;
1851 armv7m->swjdp_info.dp_select_value = -1;
1852 armv7m->swjdp_info.ap_csw_value = -1;
1853 armv7m->swjdp_info.ap_tar_value = -1;
1854 armv7m->swjdp_info.jtag_info = &cortex_m3->jtag_info;
1855 armv7m->swjdp_info.memaccess_tck = 8;
1856 armv7m->swjdp_info.tar_autoincr_block = (1 << 12); /* Cortex-M3 has 4096 bytes autoincrement range */
1858 /* register arch-specific functions */
1859 armv7m->examine_debug_reason = cortex_m3_examine_debug_reason;
1861 armv7m->post_debug_entry = NULL;
1863 armv7m->pre_restore_context = NULL;
1864 armv7m->post_restore_context = NULL;
1866 armv7m->load_core_reg_u32 = cortex_m3_load_core_reg_u32;
1867 armv7m->store_core_reg_u32 = cortex_m3_store_core_reg_u32;
1869 target_register_timer_callback(cortex_m3_handle_target_request, 1, 1, target);
1871 if ((retval = arm_jtag_setup_connection(&cortex_m3->jtag_info)) != ERROR_OK)
1879 static int cortex_m3_target_create(struct target *target, Jim_Interp *interp)
1881 struct cortex_m3_common *cortex_m3 = calloc(1,sizeof(struct cortex_m3_common));
1883 cortex_m3->common_magic = CORTEX_M3_COMMON_MAGIC;
1884 cortex_m3_init_arch_info(target, cortex_m3, target->tap);
1889 /*--------------------------------------------------------------------------*/
1891 static int cortex_m3_verify_pointer(struct command_context *cmd_ctx,
1892 struct cortex_m3_common *cm3)
1894 if (cm3->common_magic != CORTEX_M3_COMMON_MAGIC) {
1895 command_print(cmd_ctx, "target is not a Cortex-M3");
1896 return ERROR_TARGET_INVALID;
1902 * Only stuff below this line should need to verify that its target
1903 * is a Cortex-M3. Everything else should have indirected through the
1904 * cortexm3_target structure, which is only used with CM3 targets.
1908 * REVISIT Thumb2 disassembly should work for all ARMv7 cores, as well
1909 * as at least ARM-1156T2. The interesting thing about Cortex-M is
1910 * that *only* Thumb2 disassembly matters. There are also some small
1911 * additions to Thumb2 that are specific to ARMv7-M.
1913 COMMAND_HANDLER(handle_cortex_m3_disassemble_command)
1916 struct target *target = get_current_target(CMD_CTX);
1917 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1919 unsigned long count = 1;
1920 struct arm_instruction cur_instruction;
1922 retval = cortex_m3_verify_pointer(CMD_CTX, cortex_m3);
1923 if (retval != ERROR_OK)
1929 COMMAND_PARSE_NUMBER(ulong, CMD_ARGV[1], count);
1932 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], address);
1935 command_print(CMD_CTX,
1936 "usage: cortex_m3 disassemble <address> [<count>]");
1941 retval = thumb2_opcode(target, address, &cur_instruction);
1942 if (retval != ERROR_OK)
1944 command_print(CMD_CTX, "%s", cur_instruction.text);
1945 address += cur_instruction.instruction_size;
1951 static const struct {
1955 { "hard_err", VC_HARDERR, },
1956 { "int_err", VC_INTERR, },
1957 { "bus_err", VC_BUSERR, },
1958 { "state_err", VC_STATERR, },
1959 { "chk_err", VC_CHKERR, },
1960 { "nocp_err", VC_NOCPERR, },
1961 { "mm_err", VC_MMERR, },
1962 { "reset", VC_CORERESET, },
1965 COMMAND_HANDLER(handle_cortex_m3_vector_catch_command)
1967 struct target *target = get_current_target(CMD_CTX);
1968 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
1969 struct armv7m_common *armv7m = &cortex_m3->armv7m;
1970 struct swjdp_common *swjdp = &armv7m->swjdp_info;
1974 retval = cortex_m3_verify_pointer(CMD_CTX, cortex_m3);
1975 if (retval != ERROR_OK)
1978 mem_ap_read_atomic_u32(swjdp, DCB_DEMCR, &demcr);
1983 if (CMD_ARGC == 1) {
1984 if (strcmp(CMD_ARGV[0], "all") == 0) {
1985 catch = VC_HARDERR | VC_INTERR | VC_BUSERR
1986 | VC_STATERR | VC_CHKERR | VC_NOCPERR
1987 | VC_MMERR | VC_CORERESET;
1989 } else if (strcmp(CMD_ARGV[0], "none") == 0) {
1993 while (CMD_ARGC-- > 0) {
1995 for (i = 0; i < ARRAY_SIZE(vec_ids); i++) {
1996 if (strcmp(CMD_ARGV[CMD_ARGC], vec_ids[i].name) != 0)
1998 catch |= vec_ids[i].mask;
2001 if (i == ARRAY_SIZE(vec_ids)) {
2002 LOG_ERROR("No CM3 vector '%s'", CMD_ARGV[CMD_ARGC]);
2003 return ERROR_INVALID_ARGUMENTS;
2007 /* For now, armv7m->demcr only stores vector catch flags. */
2008 armv7m->demcr = catch;
2013 /* write, but don't assume it stuck (why not??) */
2014 mem_ap_write_u32(swjdp, DCB_DEMCR, demcr);
2015 mem_ap_read_atomic_u32(swjdp, DCB_DEMCR, &demcr);
2017 /* FIXME be sure to clear DEMCR on clean server shutdown.
2018 * Otherwise the vector catch hardware could fire when there's
2019 * no debugger hooked up, causing much confusion...
2023 for (unsigned i = 0; i < ARRAY_SIZE(vec_ids); i++)
2025 command_print(CMD_CTX, "%9s: %s", vec_ids[i].name,
2026 (demcr & vec_ids[i].mask) ? "catch" : "ignore");
2032 COMMAND_HANDLER(handle_cortex_m3_mask_interrupts_command)
2034 struct target *target = get_current_target(CMD_CTX);
2035 struct cortex_m3_common *cortex_m3 = target_to_cm3(target);
2038 retval = cortex_m3_verify_pointer(CMD_CTX, cortex_m3);
2039 if (retval != ERROR_OK)
2042 if (target->state != TARGET_HALTED)
2044 command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
2051 COMMAND_PARSE_ON_OFF(CMD_ARGV[0], enable);
2052 uint32_t mask_on = C_HALT | (enable ? C_MASKINTS : 0);
2053 uint32_t mask_off = enable ? 0 : C_MASKINTS;
2054 cortex_m3_write_debug_halt_mask(target, mask_on, mask_off);
2057 command_print(CMD_CTX, "cortex_m3 interrupt mask %s",
2058 (cortex_m3->dcb_dhcsr & C_MASKINTS) ? "on" : "off");
2063 static const struct command_registration cortex_m3_exec_command_handlers[] = {
2065 .name = "disassemble",
2066 .handler = handle_cortex_m3_disassemble_command,
2067 .mode = COMMAND_EXEC,
2068 .help = "disassemble Thumb2 instructions",
2069 .usage = "address [count]",
2073 .handler = handle_cortex_m3_mask_interrupts_command,
2074 .mode = COMMAND_EXEC,
2075 .help = "mask cortex_m3 interrupts",
2076 .usage = "['on'|'off']",
2079 .name = "vector_catch",
2080 .handler = handle_cortex_m3_vector_catch_command,
2081 .mode = COMMAND_EXEC,
2082 .help = "configure hardware vectors to trigger debug entry",
2083 .usage = "['all'|'none'|('bus_err'|'chk_err'|...)*]",
2085 COMMAND_REGISTRATION_DONE
2087 static const struct command_registration cortex_m3_command_handlers[] = {
2089 .chain = armv7m_command_handlers,
2092 .name = "cortex_m3",
2093 .mode = COMMAND_EXEC,
2094 .help = "Cortex-M3 command group",
2095 .chain = cortex_m3_exec_command_handlers,
2097 COMMAND_REGISTRATION_DONE
2100 struct target_type cortexm3_target =
2102 .name = "cortex_m3",
2104 .poll = cortex_m3_poll,
2105 .arch_state = armv7m_arch_state,
2107 .target_request_data = cortex_m3_target_request_data,
2109 .halt = cortex_m3_halt,
2110 .resume = cortex_m3_resume,
2111 .step = cortex_m3_step,
2113 .assert_reset = cortex_m3_assert_reset,
2114 .deassert_reset = cortex_m3_deassert_reset,
2115 .soft_reset_halt = cortex_m3_soft_reset_halt,
2117 .get_gdb_reg_list = armv7m_get_gdb_reg_list,
2119 .read_memory = cortex_m3_read_memory,
2120 .write_memory = cortex_m3_write_memory,
2121 .bulk_write_memory = cortex_m3_bulk_write_memory,
2122 .checksum_memory = armv7m_checksum_memory,
2123 .blank_check_memory = armv7m_blank_check_memory,
2125 .run_algorithm = armv7m_run_algorithm,
2127 .add_breakpoint = cortex_m3_add_breakpoint,
2128 .remove_breakpoint = cortex_m3_remove_breakpoint,
2129 .add_watchpoint = cortex_m3_add_watchpoint,
2130 .remove_watchpoint = cortex_m3_remove_watchpoint,
2132 .commands = cortex_m3_command_handlers,
2133 .target_create = cortex_m3_target_create,
2134 .init_target = cortex_m3_init_target,
2135 .examine = cortex_m3_examine,
projects / fw / openocd / blob