1 /* SPDX-License-Identifier: GPL-2.0-or-later */
4 * Support for RISC-V, debug version 0.11. This was never an officially adopted
5 * spec, but SiFive made some silicon that uses it.
16 #include "target/target.h"
17 #include "target/algorithm.h"
18 #include "target/target_type.h"
19 #include <helper/log.h>
20 #include "jtag/jtag.h"
21 #include "target/register.h"
22 #include "target/breakpoints.h"
23 #include "helper/time_support.h"
29 * Since almost everything can be accomplish by scanning the dbus register, all
30 * functions here assume dbus is already selected. The exception are functions
31 * called directly by OpenOCD, which can't assume anything about what's
32 * currently in IR. They should set IR to dbus explicitly.
38 * At the bottom of the stack are the OpenOCD JTAG functions:
43 * There are a few functions to just instantly shift a register and get its
49 * Because doing one scan and waiting for the result is slow, most functions
50 * batch up a bunch of dbus writes and then execute them all at once. They use
51 * the scans "class" for this:
56 * Usually you new(), call a bunch of add functions, then execute() and look
57 * at the results by calling scans_get...()
59 * Optimized functions will directly use the scans class above, but slightly
60 * lazier code will use the cache functions that in turn use the scans
65 * cache_set... update a local structure, which is then synced to the target
66 * with cache_write(). Only Debug RAM words that are actually changed are sent
67 * to the target. Afterwards use cache_get... to read results.
70 #define get_field(reg, mask) (((reg) & (mask)) / ((mask) & ~((mask) << 1)))
71 #define set_field(reg, mask, val) (((reg) & ~(mask)) | (((val) * ((mask) & ~((mask) << 1))) & (mask)))
73 /* Constants for legacy SiFive hardware breakpoints. */
74 #define CSR_BPCONTROL_X (1<<0)
75 #define CSR_BPCONTROL_W (1<<1)
76 #define CSR_BPCONTROL_R (1<<2)
77 #define CSR_BPCONTROL_U (1<<3)
78 #define CSR_BPCONTROL_S (1<<4)
79 #define CSR_BPCONTROL_H (1<<5)
80 #define CSR_BPCONTROL_M (1<<6)
81 #define CSR_BPCONTROL_BPMATCH (0xf<<7)
82 #define CSR_BPCONTROL_BPACTION (0xff<<11)
84 #define DEBUG_ROM_START 0x800
85 #define DEBUG_ROM_RESUME (DEBUG_ROM_START + 4)
86 #define DEBUG_ROM_EXCEPTION (DEBUG_ROM_START + 8)
87 #define DEBUG_RAM_START 0x400
89 #define SETHALTNOT 0x10c
91 /*** JTAG registers. ***/
93 #define DTMCONTROL 0x10
94 #define DTMCONTROL_DBUS_RESET (1<<16)
95 #define DTMCONTROL_IDLE (7<<10)
96 #define DTMCONTROL_ADDRBITS (0xf<<4)
97 #define DTMCONTROL_VERSION (0xf)
100 #define DBUS_OP_START 0
101 #define DBUS_OP_SIZE 2
108 DBUS_STATUS_SUCCESS = 0,
109 DBUS_STATUS_FAILED = 2,
112 #define DBUS_DATA_START 2
113 #define DBUS_DATA_SIZE 34
114 #define DBUS_ADDRESS_START 36
128 /*** Debug Bus registers. ***/
130 #define DMCONTROL 0x10
131 #define DMCONTROL_INTERRUPT (((uint64_t)1)<<33)
132 #define DMCONTROL_HALTNOT (((uint64_t)1)<<32)
133 #define DMCONTROL_BUSERROR (7<<19)
134 #define DMCONTROL_SERIAL (3<<16)
135 #define DMCONTROL_AUTOINCREMENT (1<<15)
136 #define DMCONTROL_ACCESS (7<<12)
137 #define DMCONTROL_HARTID (0x3ff<<2)
138 #define DMCONTROL_NDRESET (1<<1)
139 #define DMCONTROL_FULLRESET 1
142 #define DMINFO_ABUSSIZE (0x7fU<<25)
143 #define DMINFO_SERIALCOUNT (0xf<<21)
144 #define DMINFO_ACCESS128 (1<<20)
145 #define DMINFO_ACCESS64 (1<<19)
146 #define DMINFO_ACCESS32 (1<<18)
147 #define DMINFO_ACCESS16 (1<<17)
148 #define DMINFO_ACCESS8 (1<<16)
149 #define DMINFO_DRAMSIZE (0x3f<<10)
150 #define DMINFO_AUTHENTICATED (1<<5)
151 #define DMINFO_AUTHBUSY (1<<4)
152 #define DMINFO_AUTHTYPE (3<<2)
153 #define DMINFO_VERSION 3
155 #define DMAUTHDATA0 0x12
156 #define DMAUTHDATA1 0x13
158 /*** Info about the core being debugged. ***/
160 #define DBUS_ADDRESS_UNKNOWN 0xffff
162 #define DRAM_CACHE_SIZE 16
169 bool read, write, execute;
173 struct memory_cache_line {
180 /* Number of address bits in the dbus register. */
182 /* Number of words in Debug RAM. */
183 unsigned int dramsize;
188 /* The value that mstatus actually has on the target right now. This is not
189 * the value we present to the user. That one may be stored in the
191 uint64_t mstatus_actual;
193 struct memory_cache_line dram_cache[DRAM_CACHE_SIZE];
195 /* Number of run-test/idle cycles the target requests we do after each dbus
197 unsigned int dtmcontrol_idle;
199 /* This value is incremented every time a dbus access comes back as "busy".
200 * It's used to determine how many run-test/idle cycles to feed the target
201 * in between accesses. */
202 unsigned int dbus_busy_delay;
204 /* This value is incremented every time we read the debug interrupt as
205 * high. It's used to add extra run-test/idle cycles after setting debug
206 * interrupt high, so ideally we never have to perform a whole extra scan
207 * before the interrupt is cleared. */
208 unsigned int interrupt_high_delay;
218 /*** Necessary prototypes. ***/
220 static int poll_target(struct target *target, bool announce);
221 static int riscv011_poll(struct target *target);
222 static int get_register(struct target *target, riscv_reg_t *value, int regid);
224 /*** Utility functions. ***/
226 #define DEBUG_LENGTH 264
228 static riscv011_info_t *get_info(const struct target *target)
230 riscv_info_t *info = (riscv_info_t *) target->arch_info;
232 assert(info->version_specific);
233 return (riscv011_info_t *) info->version_specific;
236 static unsigned int slot_offset(const struct target *target, slot_t slot)
238 riscv011_info_t *info = get_info(target);
239 switch (riscv_xlen(target)) {
242 case SLOT0: return 4;
243 case SLOT1: return 5;
244 case SLOT_LAST: return info->dramsize-1;
249 case SLOT0: return 4;
250 case SLOT1: return 6;
251 case SLOT_LAST: return info->dramsize-2;
254 LOG_ERROR("slot_offset called with xlen=%d, slot=%d",
255 riscv_xlen(target), slot);
257 return 0; /* Silence -Werror=return-type */
260 static uint32_t load_slot(const struct target *target, unsigned int dest,
263 unsigned int offset = DEBUG_RAM_START + 4 * slot_offset(target, slot);
264 return load(target, dest, ZERO, offset);
267 static uint32_t store_slot(const struct target *target, unsigned int src,
270 unsigned int offset = DEBUG_RAM_START + 4 * slot_offset(target, slot);
271 return store(target, src, ZERO, offset);
274 static uint16_t dram_address(unsigned int index)
279 return 0x40 + index - 0x10;
282 static uint32_t dtmcontrol_scan(struct target *target, uint32_t out)
284 struct scan_field field;
286 uint8_t out_value[4] = { 0 };
288 buf_set_u32(out_value, 0, 32, out);
290 jtag_add_ir_scan(target->tap, &select_dtmcontrol, TAP_IDLE);
293 field.out_value = out_value;
294 field.in_value = in_value;
295 jtag_add_dr_scan(target->tap, 1, &field, TAP_IDLE);
297 /* Always return to dbus. */
298 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
300 int retval = jtag_execute_queue();
301 if (retval != ERROR_OK) {
302 LOG_ERROR("failed jtag scan: %d", retval);
306 uint32_t in = buf_get_u32(field.in_value, 0, 32);
307 LOG_DEBUG("DTMCONTROL: 0x%x -> 0x%x", out, in);
312 static uint32_t idcode_scan(struct target *target)
314 struct scan_field field;
317 jtag_add_ir_scan(target->tap, &select_idcode, TAP_IDLE);
320 field.out_value = NULL;
321 field.in_value = in_value;
322 jtag_add_dr_scan(target->tap, 1, &field, TAP_IDLE);
324 int retval = jtag_execute_queue();
325 if (retval != ERROR_OK) {
326 LOG_ERROR("failed jtag scan: %d", retval);
330 /* Always return to dbus. */
331 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
333 uint32_t in = buf_get_u32(field.in_value, 0, 32);
334 LOG_DEBUG("IDCODE: 0x0 -> 0x%x", in);
339 static void increase_dbus_busy_delay(struct target *target)
341 riscv011_info_t *info = get_info(target);
342 info->dbus_busy_delay += info->dbus_busy_delay / 10 + 1;
343 LOG_DEBUG("dtmcontrol_idle=%d, dbus_busy_delay=%d, interrupt_high_delay=%d",
344 info->dtmcontrol_idle, info->dbus_busy_delay,
345 info->interrupt_high_delay);
347 dtmcontrol_scan(target, DTMCONTROL_DBUS_RESET);
350 static void increase_interrupt_high_delay(struct target *target)
352 riscv011_info_t *info = get_info(target);
353 info->interrupt_high_delay += info->interrupt_high_delay / 10 + 1;
354 LOG_DEBUG("dtmcontrol_idle=%d, dbus_busy_delay=%d, interrupt_high_delay=%d",
355 info->dtmcontrol_idle, info->dbus_busy_delay,
356 info->interrupt_high_delay);
359 static void add_dbus_scan(const struct target *target, struct scan_field *field,
360 uint8_t *out_value, uint8_t *in_value, dbus_op_t op,
361 uint16_t address, uint64_t data)
363 riscv011_info_t *info = get_info(target);
366 if (r->reset_delays_wait >= 0) {
367 r->reset_delays_wait--;
368 if (r->reset_delays_wait < 0) {
369 info->dbus_busy_delay = 0;
370 info->interrupt_high_delay = 0;
374 field->num_bits = info->addrbits + DBUS_OP_SIZE + DBUS_DATA_SIZE;
375 field->in_value = in_value;
376 field->out_value = out_value;
378 buf_set_u64(out_value, DBUS_OP_START, DBUS_OP_SIZE, op);
379 buf_set_u64(out_value, DBUS_DATA_START, DBUS_DATA_SIZE, data);
380 buf_set_u64(out_value, DBUS_ADDRESS_START, info->addrbits, address);
382 jtag_add_dr_scan(target->tap, 1, field, TAP_IDLE);
384 int idle_count = info->dtmcontrol_idle + info->dbus_busy_delay;
385 if (data & DMCONTROL_INTERRUPT)
386 idle_count += info->interrupt_high_delay;
389 jtag_add_runtest(idle_count, TAP_IDLE);
392 static void dump_field(const struct scan_field *field)
394 static const char * const op_string[] = {"nop", "r", "w", "?"};
395 static const char * const status_string[] = {"+", "?", "F", "b"};
397 if (debug_level < LOG_LVL_DEBUG)
400 uint64_t out = buf_get_u64(field->out_value, 0, field->num_bits);
401 unsigned int out_op = (out >> DBUS_OP_START) & ((1 << DBUS_OP_SIZE) - 1);
402 char out_interrupt = ((out >> DBUS_DATA_START) & DMCONTROL_INTERRUPT) ? 'i' : '.';
403 char out_haltnot = ((out >> DBUS_DATA_START) & DMCONTROL_HALTNOT) ? 'h' : '.';
404 unsigned int out_data = out >> 2;
405 unsigned int out_address = out >> DBUS_ADDRESS_START;
406 uint64_t in = buf_get_u64(field->in_value, 0, field->num_bits);
407 unsigned int in_op = (in >> DBUS_OP_START) & ((1 << DBUS_OP_SIZE) - 1);
408 char in_interrupt = ((in >> DBUS_DATA_START) & DMCONTROL_INTERRUPT) ? 'i' : '.';
409 char in_haltnot = ((in >> DBUS_DATA_START) & DMCONTROL_HALTNOT) ? 'h' : '.';
410 unsigned int in_data = in >> 2;
411 unsigned int in_address = in >> DBUS_ADDRESS_START;
413 log_printf_lf(LOG_LVL_DEBUG,
414 __FILE__, __LINE__, "scan",
415 "%db %s %c%c:%08x @%02x -> %s %c%c:%08x @%02x",
417 op_string[out_op], out_interrupt, out_haltnot, out_data,
419 status_string[in_op], in_interrupt, in_haltnot, in_data,
423 static dbus_status_t dbus_scan(struct target *target, uint16_t *address_in,
424 uint64_t *data_in, dbus_op_t op, uint16_t address_out, uint64_t data_out)
426 riscv011_info_t *info = get_info(target);
428 uint8_t out[8] = {0};
429 struct scan_field field = {
430 .num_bits = info->addrbits + DBUS_OP_SIZE + DBUS_DATA_SIZE,
435 assert(info->addrbits != 0);
437 buf_set_u64(out, DBUS_OP_START, DBUS_OP_SIZE, op);
438 buf_set_u64(out, DBUS_DATA_START, DBUS_DATA_SIZE, data_out);
439 buf_set_u64(out, DBUS_ADDRESS_START, info->addrbits, address_out);
441 /* Assume dbus is already selected. */
442 jtag_add_dr_scan(target->tap, 1, &field, TAP_IDLE);
444 int idle_count = info->dtmcontrol_idle + info->dbus_busy_delay;
447 jtag_add_runtest(idle_count, TAP_IDLE);
449 int retval = jtag_execute_queue();
450 if (retval != ERROR_OK) {
451 LOG_ERROR("dbus_scan failed jtag scan");
452 return DBUS_STATUS_FAILED;
456 *data_in = buf_get_u64(in, DBUS_DATA_START, DBUS_DATA_SIZE);
459 *address_in = buf_get_u32(in, DBUS_ADDRESS_START, info->addrbits);
463 return buf_get_u32(in, DBUS_OP_START, DBUS_OP_SIZE);
466 static uint64_t dbus_read(struct target *target, uint16_t address)
469 dbus_status_t status;
472 /* If the previous read/write was to the same address, we will get the read data
473 * from the previous access.
474 * While somewhat nonintuitive, this is an efficient way to get the data.
479 status = dbus_scan(target, &address_in, &value, DBUS_OP_READ, address, 0);
480 if (status == DBUS_STATUS_BUSY)
481 increase_dbus_busy_delay(target);
482 if (status == DBUS_STATUS_FAILED) {
483 LOG_ERROR("dbus_read(0x%x) failed!", address);
486 } while (((status == DBUS_STATUS_BUSY) || (address_in != address)) &&
489 if (status != DBUS_STATUS_SUCCESS)
490 LOG_ERROR("failed read from 0x%x; value=0x%" PRIx64 ", status=%d\n", address, value, status);
495 static void dbus_write(struct target *target, uint16_t address, uint64_t value)
497 dbus_status_t status = DBUS_STATUS_BUSY;
499 while (status == DBUS_STATUS_BUSY && i++ < 256) {
500 status = dbus_scan(target, NULL, NULL, DBUS_OP_WRITE, address, value);
501 if (status == DBUS_STATUS_BUSY)
502 increase_dbus_busy_delay(target);
504 if (status != DBUS_STATUS_SUCCESS)
505 LOG_ERROR("failed to write 0x%" PRIx64 " to 0x%x; status=%d\n", value, address, status);
508 /*** scans "class" ***/
511 /* Number of scans that space is reserved for. */
512 unsigned int scan_count;
513 /* Size reserved in memory for each scan, in bytes. */
514 unsigned int scan_size;
515 unsigned int next_scan;
518 struct scan_field *field;
519 const struct target *target;
522 static scans_t *scans_new(struct target *target, unsigned int scan_count)
524 scans_t *scans = malloc(sizeof(scans_t));
527 scans->scan_count = scan_count;
528 /* This code also gets called before xlen is detected. */
529 if (riscv_xlen(target))
530 scans->scan_size = 2 + riscv_xlen(target) / 8;
532 scans->scan_size = 2 + 128 / 8;
533 scans->next_scan = 0;
534 scans->in = calloc(scans->scan_size, scans->scan_count);
537 scans->out = calloc(scans->scan_size, scans->scan_count);
540 scans->field = calloc(scans->scan_count, sizeof(struct scan_field));
543 scans->target = target;
556 static scans_t *scans_delete(scans_t *scans)
566 static void scans_reset(scans_t *scans)
568 scans->next_scan = 0;
571 static void scans_dump(scans_t *scans)
573 for (unsigned int i = 0; i < scans->next_scan; i++)
574 dump_field(&scans->field[i]);
577 static int scans_execute(scans_t *scans)
579 int retval = jtag_execute_queue();
580 if (retval != ERROR_OK) {
581 LOG_ERROR("failed jtag scan: %d", retval);
590 /** Add a 32-bit dbus write to the scans structure. */
591 static void scans_add_write32(scans_t *scans, uint16_t address, uint32_t data,
594 const unsigned int i = scans->next_scan;
595 int data_offset = scans->scan_size * i;
596 add_dbus_scan(scans->target, &scans->field[i], scans->out + data_offset,
597 scans->in + data_offset, DBUS_OP_WRITE, address,
598 (set_interrupt ? DMCONTROL_INTERRUPT : 0) | DMCONTROL_HALTNOT | data);
600 assert(scans->next_scan <= scans->scan_count);
603 /** Add a 32-bit dbus write for an instruction that jumps to the beginning of
605 static void scans_add_write_jump(scans_t *scans, uint16_t address,
608 scans_add_write32(scans, address,
609 jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*address))),
613 /** Add a 32-bit dbus write for an instruction that loads from the indicated
615 static void scans_add_write_load(scans_t *scans, uint16_t address,
616 unsigned int reg, slot_t slot, bool set_interrupt)
618 scans_add_write32(scans, address, load_slot(scans->target, reg, slot),
622 /** Add a 32-bit dbus write for an instruction that stores to the indicated
624 static void scans_add_write_store(scans_t *scans, uint16_t address,
625 unsigned int reg, slot_t slot, bool set_interrupt)
627 scans_add_write32(scans, address, store_slot(scans->target, reg, slot),
631 /** Add a 32-bit dbus read. */
632 static void scans_add_read32(scans_t *scans, uint16_t address, bool set_interrupt)
634 assert(scans->next_scan < scans->scan_count);
635 const unsigned int i = scans->next_scan;
636 int data_offset = scans->scan_size * i;
637 add_dbus_scan(scans->target, &scans->field[i], scans->out + data_offset,
638 scans->in + data_offset, DBUS_OP_READ, address,
639 (set_interrupt ? DMCONTROL_INTERRUPT : 0) | DMCONTROL_HALTNOT);
643 /** Add one or more scans to read the indicated slot. */
644 static void scans_add_read(scans_t *scans, slot_t slot, bool set_interrupt)
646 const struct target *target = scans->target;
647 switch (riscv_xlen(target)) {
649 scans_add_read32(scans, slot_offset(target, slot), set_interrupt);
652 scans_add_read32(scans, slot_offset(target, slot), false);
653 scans_add_read32(scans, slot_offset(target, slot) + 1, set_interrupt);
658 static uint32_t scans_get_u32(scans_t *scans, unsigned int index,
659 unsigned first, unsigned num)
661 return buf_get_u32(scans->in + scans->scan_size * index, first, num);
664 static uint64_t scans_get_u64(scans_t *scans, unsigned int index,
665 unsigned first, unsigned num)
667 return buf_get_u64(scans->in + scans->scan_size * index, first, num);
670 /*** end of scans class ***/
672 static uint32_t dram_read32(struct target *target, unsigned int index)
674 uint16_t address = dram_address(index);
675 uint32_t value = dbus_read(target, address);
679 static void dram_write32(struct target *target, unsigned int index, uint32_t value,
682 uint64_t dbus_value = DMCONTROL_HALTNOT | value;
684 dbus_value |= DMCONTROL_INTERRUPT;
685 dbus_write(target, dram_address(index), dbus_value);
688 /** Read the haltnot and interrupt bits. */
689 static bits_t read_bits(struct target *target)
692 dbus_status_t status;
694 riscv011_info_t *info = get_info(target);
696 bits_t err_result = {
704 status = dbus_scan(target, &address_in, &value, DBUS_OP_READ, 0, 0);
705 if (status == DBUS_STATUS_BUSY) {
706 if (address_in == (1<<info->addrbits) - 1 &&
707 value == (1ULL<<DBUS_DATA_SIZE) - 1) {
708 LOG_ERROR("TDO seems to be stuck high.");
711 increase_dbus_busy_delay(target);
712 } else if (status == DBUS_STATUS_FAILED) {
713 /* TODO: return an actual error */
716 } while (status == DBUS_STATUS_BUSY && i++ < 256);
719 LOG_ERROR("Failed to read from 0x%x; status=%d", address_in, status);
722 } while (address_in > 0x10 && address_in != DMCONTROL);
725 .haltnot = get_field(value, DMCONTROL_HALTNOT),
726 .interrupt = get_field(value, DMCONTROL_INTERRUPT)
731 static int wait_for_debugint_clear(struct target *target, bool ignore_first)
733 time_t start = time(NULL);
735 /* Throw away the results of the first read, since they'll contain the
736 * result of the read that happened just before debugint was set.
737 * (Assuming the last scan before calling this function was one that
742 bits_t bits = read_bits(target);
745 if (time(NULL) - start > riscv_command_timeout_sec) {
746 LOG_ERROR("Timed out waiting for debug int to clear."
747 "Increase timeout with riscv set_command_timeout_sec.");
753 static int dram_check32(struct target *target, unsigned int index,
756 uint16_t address = dram_address(index);
757 uint32_t actual = dbus_read(target, address);
758 if (expected != actual) {
759 LOG_ERROR("Wrote 0x%x to Debug RAM at %d, but read back 0x%x",
760 expected, index, actual);
766 static void cache_set32(struct target *target, unsigned int index, uint32_t data)
768 riscv011_info_t *info = get_info(target);
769 if (info->dram_cache[index].valid &&
770 info->dram_cache[index].data == data) {
771 /* This is already preset on the target. */
772 LOG_DEBUG("cache[0x%x] = 0x%08x: DASM(0x%x) (hit)", index, data, data);
775 LOG_DEBUG("cache[0x%x] = 0x%08x: DASM(0x%x)", index, data, data);
776 info->dram_cache[index].data = data;
777 info->dram_cache[index].valid = true;
778 info->dram_cache[index].dirty = true;
781 static void cache_set(struct target *target, slot_t slot, uint64_t data)
783 unsigned int offset = slot_offset(target, slot);
784 cache_set32(target, offset, data);
785 if (riscv_xlen(target) > 32)
786 cache_set32(target, offset + 1, data >> 32);
789 static void cache_set_jump(struct target *target, unsigned int index)
791 cache_set32(target, index,
792 jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*index))));
795 static void cache_set_load(struct target *target, unsigned int index,
796 unsigned int reg, slot_t slot)
798 uint16_t offset = DEBUG_RAM_START + 4 * slot_offset(target, slot);
799 cache_set32(target, index, load(target, reg, ZERO, offset));
802 static void cache_set_store(struct target *target, unsigned int index,
803 unsigned int reg, slot_t slot)
805 uint16_t offset = DEBUG_RAM_START + 4 * slot_offset(target, slot);
806 cache_set32(target, index, store(target, reg, ZERO, offset));
809 static void dump_debug_ram(struct target *target)
811 for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) {
812 uint32_t value = dram_read32(target, i);
813 LOG_ERROR("Debug RAM 0x%x: 0x%08x", i, value);
817 /* Call this if the code you just ran writes to debug RAM entries 0 through 3. */
818 static void cache_invalidate(struct target *target)
820 riscv011_info_t *info = get_info(target);
821 for (unsigned int i = 0; i < info->dramsize; i++) {
822 info->dram_cache[i].valid = false;
823 info->dram_cache[i].dirty = false;
827 /* Called by cache_write() after the program has run. Also call this if you're
828 * running programs without calling cache_write(). */
829 static void cache_clean(struct target *target)
831 riscv011_info_t *info = get_info(target);
832 for (unsigned int i = 0; i < info->dramsize; i++) {
834 info->dram_cache[i].valid = false;
835 info->dram_cache[i].dirty = false;
839 static int cache_check(struct target *target)
841 riscv011_info_t *info = get_info(target);
844 for (unsigned int i = 0; i < info->dramsize; i++) {
845 if (info->dram_cache[i].valid && !info->dram_cache[i].dirty) {
846 if (dram_check32(target, i, info->dram_cache[i].data) != ERROR_OK)
852 dump_debug_ram(target);
859 /** Write cache to the target, and optionally run the program.
860 * Then read the value at address into the cache, assuming address < 128. */
861 #define CACHE_NO_READ 128
862 static int cache_write(struct target *target, unsigned int address, bool run)
865 riscv011_info_t *info = get_info(target);
866 scans_t *scans = scans_new(target, info->dramsize + 2);
870 unsigned int last = info->dramsize;
871 for (unsigned int i = 0; i < info->dramsize; i++) {
872 if (info->dram_cache[i].dirty)
876 if (last == info->dramsize) {
877 /* Nothing needs to be written to RAM. */
878 dbus_write(target, DMCONTROL, DMCONTROL_HALTNOT | (run ? DMCONTROL_INTERRUPT : 0));
881 for (unsigned int i = 0; i < info->dramsize; i++) {
882 if (info->dram_cache[i].dirty) {
883 bool set_interrupt = (i == last && run);
884 scans_add_write32(scans, i, info->dram_cache[i].data,
890 if (run || address < CACHE_NO_READ) {
891 /* Throw away the results of the first read, since it'll contain the
892 * result of the read that happened just before debugint was set. */
893 scans_add_read32(scans, address, false);
895 /* This scan contains the results of the read the caller requested, as
896 * well as an interrupt bit worth looking at. */
897 scans_add_read32(scans, address, false);
900 int retval = scans_execute(scans);
901 if (retval != ERROR_OK) {
903 LOG_ERROR("JTAG execute failed.");
908 for (unsigned int i = 0; i < scans->next_scan; i++) {
909 dbus_status_t status = scans_get_u32(scans, i, DBUS_OP_START,
912 case DBUS_STATUS_SUCCESS:
914 case DBUS_STATUS_FAILED:
915 LOG_ERROR("Debug RAM write failed. Hardware error?");
918 case DBUS_STATUS_BUSY:
922 LOG_ERROR("Got invalid bus access status: %d", status);
929 increase_dbus_busy_delay(target);
931 /* Try again, using the slow careful code.
932 * Write all RAM, just to be extra cautious. */
933 for (unsigned int i = 0; i < info->dramsize; i++) {
934 if (i == last && run)
935 dram_write32(target, last, info->dram_cache[last].data, true);
937 dram_write32(target, i, info->dram_cache[i].data, false);
938 info->dram_cache[i].dirty = false;
943 if (wait_for_debugint_clear(target, true) != ERROR_OK) {
944 LOG_ERROR("Debug interrupt didn't clear.");
945 dump_debug_ram(target);
954 for (unsigned int i = 0; i < info->dramsize; i++)
955 info->dram_cache[i].dirty = false;
958 if (run || address < CACHE_NO_READ) {
959 int interrupt = scans_get_u32(scans, scans->next_scan-1,
960 DBUS_DATA_START + 33, 1);
962 increase_interrupt_high_delay(target);
963 /* Slow path wait for it to clear. */
964 if (wait_for_debugint_clear(target, false) != ERROR_OK) {
965 LOG_ERROR("Debug interrupt didn't clear.");
966 dump_debug_ram(target);
971 /* We read a useful value in that last scan. */
972 unsigned int read_addr = scans_get_u32(scans, scans->next_scan-1,
973 DBUS_ADDRESS_START, info->addrbits);
974 if (read_addr != address) {
975 LOG_INFO("Got data from 0x%x but expected it from 0x%x",
978 info->dram_cache[read_addr].data =
979 scans_get_u32(scans, scans->next_scan-1, DBUS_DATA_START, 32);
980 info->dram_cache[read_addr].valid = true;
991 static uint32_t cache_get32(struct target *target, unsigned int address)
993 riscv011_info_t *info = get_info(target);
994 if (!info->dram_cache[address].valid) {
995 info->dram_cache[address].data = dram_read32(target, address);
996 info->dram_cache[address].valid = true;
998 return info->dram_cache[address].data;
1001 static uint64_t cache_get(struct target *target, slot_t slot)
1003 unsigned int offset = slot_offset(target, slot);
1004 uint64_t value = cache_get32(target, offset);
1005 if (riscv_xlen(target) > 32)
1006 value |= ((uint64_t) cache_get32(target, offset + 1)) << 32;
1010 /* Write instruction that jumps from the specified word in Debug RAM to resume
1012 static void dram_write_jump(struct target *target, unsigned int index,
1015 dram_write32(target, index,
1016 jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*index))),
1020 static int wait_for_state(struct target *target, enum target_state state)
1022 time_t start = time(NULL);
1024 int result = riscv011_poll(target);
1025 if (result != ERROR_OK)
1027 if (target->state == state)
1029 if (time(NULL) - start > riscv_command_timeout_sec) {
1030 LOG_ERROR("Timed out waiting for state %d. "
1031 "Increase timeout with riscv set_command_timeout_sec.", state);
1037 static int read_remote_csr(struct target *target, uint64_t *value, uint32_t csr)
1039 riscv011_info_t *info = get_info(target);
1040 cache_set32(target, 0, csrr(S0, csr));
1041 cache_set_store(target, 1, S0, SLOT0);
1042 cache_set_jump(target, 2);
1043 if (cache_write(target, 4, true) != ERROR_OK)
1045 *value = cache_get(target, SLOT0);
1046 LOG_DEBUG("csr 0x%x = 0x%" PRIx64, csr, *value);
1048 uint32_t exception = cache_get32(target, info->dramsize-1);
1050 LOG_WARNING("Got exception 0x%x when reading %s", exception,
1051 gdb_regno_name(GDB_REGNO_CSR0 + csr));
1059 static int write_remote_csr(struct target *target, uint32_t csr, uint64_t value)
1061 LOG_DEBUG("csr 0x%x <- 0x%" PRIx64, csr, value);
1062 cache_set_load(target, 0, S0, SLOT0);
1063 cache_set32(target, 1, csrw(S0, csr));
1064 cache_set_jump(target, 2);
1065 cache_set(target, SLOT0, value);
1066 if (cache_write(target, 4, true) != ERROR_OK)
1072 static int write_gpr(struct target *target, unsigned int gpr, uint64_t value)
1074 cache_set_load(target, 0, gpr, SLOT0);
1075 cache_set_jump(target, 1);
1076 cache_set(target, SLOT0, value);
1077 if (cache_write(target, 4, true) != ERROR_OK)
1082 static int maybe_read_tselect(struct target *target)
1084 riscv011_info_t *info = get_info(target);
1086 if (info->tselect_dirty) {
1087 int result = read_remote_csr(target, &info->tselect, CSR_TSELECT);
1088 if (result != ERROR_OK)
1090 info->tselect_dirty = false;
1096 static int maybe_write_tselect(struct target *target)
1098 riscv011_info_t *info = get_info(target);
1100 if (!info->tselect_dirty) {
1101 int result = write_remote_csr(target, CSR_TSELECT, info->tselect);
1102 if (result != ERROR_OK)
1104 info->tselect_dirty = true;
1110 static int execute_resume(struct target *target, bool step)
1112 riscv011_info_t *info = get_info(target);
1114 LOG_DEBUG("step=%d", step);
1116 maybe_write_tselect(target);
1118 /* TODO: check if dpc is dirty (which also is true if an exception was hit
1120 cache_set_load(target, 0, S0, SLOT0);
1121 cache_set32(target, 1, csrw(S0, CSR_DPC));
1122 cache_set_jump(target, 2);
1123 cache_set(target, SLOT0, info->dpc);
1124 if (cache_write(target, 4, true) != ERROR_OK)
1127 struct reg *mstatus_reg = &target->reg_cache->reg_list[GDB_REGNO_MSTATUS];
1128 if (mstatus_reg->valid) {
1129 uint64_t mstatus_user = buf_get_u64(mstatus_reg->value, 0, riscv_xlen(target));
1130 if (mstatus_user != info->mstatus_actual) {
1131 cache_set_load(target, 0, S0, SLOT0);
1132 cache_set32(target, 1, csrw(S0, CSR_MSTATUS));
1133 cache_set_jump(target, 2);
1134 cache_set(target, SLOT0, mstatus_user);
1135 if (cache_write(target, 4, true) != ERROR_OK)
1140 info->dcsr = set_field(info->dcsr, DCSR_EBREAKM, riscv_ebreakm);
1141 info->dcsr = set_field(info->dcsr, DCSR_EBREAKS, riscv_ebreaks);
1142 info->dcsr = set_field(info->dcsr, DCSR_EBREAKU, riscv_ebreaku);
1143 info->dcsr = set_field(info->dcsr, DCSR_EBREAKH, 1);
1144 info->dcsr &= ~DCSR_HALT;
1147 info->dcsr |= DCSR_STEP;
1149 info->dcsr &= ~DCSR_STEP;
1151 dram_write32(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16), false);
1152 dram_write32(target, 1, csrw(S0, CSR_DCSR), false);
1153 dram_write32(target, 2, fence_i(), false);
1154 dram_write_jump(target, 3, false);
1156 /* Write DCSR value, set interrupt and clear haltnot. */
1157 uint64_t dbus_value = DMCONTROL_INTERRUPT | info->dcsr;
1158 dbus_write(target, dram_address(4), dbus_value);
1160 cache_invalidate(target);
1162 if (wait_for_debugint_clear(target, true) != ERROR_OK) {
1163 LOG_ERROR("Debug interrupt didn't clear.");
1167 target->state = TARGET_RUNNING;
1168 register_cache_invalidate(target->reg_cache);
1173 /* Execute a step, and wait for reentry into Debug Mode. */
1174 static int full_step(struct target *target, bool announce)
1176 int result = execute_resume(target, true);
1177 if (result != ERROR_OK)
1179 time_t start = time(NULL);
1181 result = poll_target(target, announce);
1182 if (result != ERROR_OK)
1184 if (target->state != TARGET_DEBUG_RUNNING)
1186 if (time(NULL) - start > riscv_command_timeout_sec) {
1187 LOG_ERROR("Timed out waiting for step to complete."
1188 "Increase timeout with riscv set_command_timeout_sec");
1195 static int resume(struct target *target, int debug_execution, bool step)
1197 if (debug_execution) {
1198 LOG_ERROR("TODO: debug_execution is true");
1202 return execute_resume(target, step);
1205 static uint64_t reg_cache_get(struct target *target, unsigned int number)
1207 struct reg *r = &target->reg_cache->reg_list[number];
1209 LOG_ERROR("Register cache entry for %d is invalid!", number);
1212 uint64_t value = buf_get_u64(r->value, 0, r->size);
1213 LOG_DEBUG("%s = 0x%" PRIx64, r->name, value);
1217 static void reg_cache_set(struct target *target, unsigned int number,
1220 struct reg *r = &target->reg_cache->reg_list[number];
1221 LOG_DEBUG("%s <= 0x%" PRIx64, r->name, value);
1223 buf_set_u64(r->value, 0, r->size, value);
1226 static int update_mstatus_actual(struct target *target)
1228 struct reg *mstatus_reg = &target->reg_cache->reg_list[GDB_REGNO_MSTATUS];
1229 if (mstatus_reg->valid) {
1230 /* We previously made it valid. */
1234 /* Force reading the register. In that process mstatus_actual will be
1236 riscv_reg_t mstatus;
1237 return get_register(target, &mstatus, GDB_REGNO_MSTATUS);
1240 /*** OpenOCD target functions. ***/
1242 static int register_read(struct target *target, riscv_reg_t *value, int regnum)
1244 riscv011_info_t *info = get_info(target);
1245 if (regnum >= GDB_REGNO_CSR0 && regnum <= GDB_REGNO_CSR4095) {
1246 cache_set32(target, 0, csrr(S0, regnum - GDB_REGNO_CSR0));
1247 cache_set_store(target, 1, S0, SLOT0);
1248 cache_set_jump(target, 2);
1250 LOG_ERROR("Don't know how to read register %d", regnum);
1254 if (cache_write(target, 4, true) != ERROR_OK)
1257 uint32_t exception = cache_get32(target, info->dramsize-1);
1259 LOG_WARNING("Got exception 0x%x when reading %s", exception, gdb_regno_name(regnum));
1264 *value = cache_get(target, SLOT0);
1265 LOG_DEBUG("reg[%d]=0x%" PRIx64, regnum, *value);
1267 if (regnum == GDB_REGNO_MSTATUS)
1268 info->mstatus_actual = *value;
1273 /* Write the register. No caching or games. */
1274 static int register_write(struct target *target, unsigned int number,
1277 riscv011_info_t *info = get_info(target);
1279 maybe_write_tselect(target);
1282 cache_set_load(target, 0, S0, SLOT0);
1283 cache_set32(target, 1, csrw(S0, CSR_DSCRATCH0));
1284 cache_set_jump(target, 2);
1285 } else if (number == S1) {
1286 cache_set_load(target, 0, S0, SLOT0);
1287 cache_set_store(target, 1, S0, SLOT_LAST);
1288 cache_set_jump(target, 2);
1289 } else if (number <= GDB_REGNO_XPR31) {
1290 cache_set_load(target, 0, number - GDB_REGNO_ZERO, SLOT0);
1291 cache_set_jump(target, 1);
1292 } else if (number == GDB_REGNO_PC) {
1295 } else if (number >= GDB_REGNO_FPR0 && number <= GDB_REGNO_FPR31) {
1296 int result = update_mstatus_actual(target);
1297 if (result != ERROR_OK)
1300 if ((info->mstatus_actual & MSTATUS_FS) == 0) {
1301 info->mstatus_actual = set_field(info->mstatus_actual, MSTATUS_FS, 1);
1302 cache_set_load(target, i++, S0, SLOT1);
1303 cache_set32(target, i++, csrw(S0, CSR_MSTATUS));
1304 cache_set(target, SLOT1, info->mstatus_actual);
1307 if (riscv_xlen(target) == 32)
1308 cache_set32(target, i++, flw(number - GDB_REGNO_FPR0, 0, DEBUG_RAM_START + 16));
1310 cache_set32(target, i++, fld(number - GDB_REGNO_FPR0, 0, DEBUG_RAM_START + 16));
1311 cache_set_jump(target, i++);
1312 } else if (number >= GDB_REGNO_CSR0 && number <= GDB_REGNO_CSR4095) {
1313 cache_set_load(target, 0, S0, SLOT0);
1314 cache_set32(target, 1, csrw(S0, number - GDB_REGNO_CSR0));
1315 cache_set_jump(target, 2);
1317 if (number == GDB_REGNO_MSTATUS)
1318 info->mstatus_actual = value;
1319 } else if (number == GDB_REGNO_PRIV) {
1320 info->dcsr = set_field(info->dcsr, DCSR_PRV, value);
1323 LOG_ERROR("Don't know how to write register %d", number);
1327 cache_set(target, SLOT0, value);
1328 if (cache_write(target, info->dramsize - 1, true) != ERROR_OK)
1331 uint32_t exception = cache_get32(target, info->dramsize-1);
1333 LOG_WARNING("Got exception 0x%x when writing %s", exception,
1334 gdb_regno_name(number));
1341 static int get_register(struct target *target, riscv_reg_t *value, int regid)
1343 riscv011_info_t *info = get_info(target);
1345 maybe_write_tselect(target);
1347 if (regid <= GDB_REGNO_XPR31) {
1348 *value = reg_cache_get(target, regid);
1349 } else if (regid == GDB_REGNO_PC) {
1351 } else if (regid >= GDB_REGNO_FPR0 && regid <= GDB_REGNO_FPR31) {
1352 int result = update_mstatus_actual(target);
1353 if (result != ERROR_OK)
1356 if ((info->mstatus_actual & MSTATUS_FS) == 0) {
1357 info->mstatus_actual = set_field(info->mstatus_actual, MSTATUS_FS, 1);
1358 cache_set_load(target, i++, S0, SLOT1);
1359 cache_set32(target, i++, csrw(S0, CSR_MSTATUS));
1360 cache_set(target, SLOT1, info->mstatus_actual);
1363 if (riscv_xlen(target) == 32)
1364 cache_set32(target, i++, fsw(regid - GDB_REGNO_FPR0, 0, DEBUG_RAM_START + 16));
1366 cache_set32(target, i++, fsd(regid - GDB_REGNO_FPR0, 0, DEBUG_RAM_START + 16));
1367 cache_set_jump(target, i++);
1369 if (cache_write(target, 4, true) != ERROR_OK)
1371 } else if (regid == GDB_REGNO_PRIV) {
1372 *value = get_field(info->dcsr, DCSR_PRV);
1374 int result = register_read(target, value, regid);
1375 if (result != ERROR_OK)
1379 if (regid == GDB_REGNO_MSTATUS)
1380 target->reg_cache->reg_list[regid].valid = true;
1385 static int set_register(struct target *target, int regid, uint64_t value)
1387 return register_write(target, regid, value);
1390 static int halt(struct target *target)
1392 LOG_DEBUG("riscv_halt()");
1393 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1395 cache_set32(target, 0, csrsi(CSR_DCSR, DCSR_HALT));
1396 cache_set32(target, 1, csrr(S0, CSR_MHARTID));
1397 cache_set32(target, 2, sw(S0, ZERO, SETHALTNOT));
1398 cache_set_jump(target, 3);
1400 if (cache_write(target, 4, true) != ERROR_OK) {
1401 LOG_ERROR("cache_write() failed.");
1408 static void deinit_target(struct target *target)
1410 LOG_DEBUG("riscv_deinit_target()");
1411 riscv_info_t *info = (riscv_info_t *) target->arch_info;
1412 free(info->version_specific);
1413 info->version_specific = NULL;
1416 static int strict_step(struct target *target, bool announce)
1420 struct watchpoint *watchpoint = target->watchpoints;
1421 while (watchpoint) {
1422 riscv_remove_watchpoint(target, watchpoint);
1423 watchpoint = watchpoint->next;
1426 int result = full_step(target, announce);
1427 if (result != ERROR_OK)
1430 watchpoint = target->watchpoints;
1431 while (watchpoint) {
1432 riscv_add_watchpoint(target, watchpoint);
1433 watchpoint = watchpoint->next;
1439 static int step(struct target *target, int current, target_addr_t address,
1440 int handle_breakpoints)
1442 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1445 if (riscv_xlen(target) > 32) {
1446 LOG_WARNING("Asked to resume at 32-bit PC on %d-bit target.",
1447 riscv_xlen(target));
1449 int result = register_write(target, GDB_REGNO_PC, address);
1450 if (result != ERROR_OK)
1454 if (handle_breakpoints) {
1455 int result = strict_step(target, true);
1456 if (result != ERROR_OK)
1459 return full_step(target, false);
1465 static int examine(struct target *target)
1467 /* Don't need to select dbus, since the first thing we do is read dtmcontrol. */
1469 uint32_t dtmcontrol = dtmcontrol_scan(target, 0);
1470 LOG_DEBUG("dtmcontrol=0x%x", dtmcontrol);
1471 LOG_DEBUG(" addrbits=%d", get_field(dtmcontrol, DTMCONTROL_ADDRBITS));
1472 LOG_DEBUG(" version=%d", get_field(dtmcontrol, DTMCONTROL_VERSION));
1473 LOG_DEBUG(" idle=%d", get_field(dtmcontrol, DTMCONTROL_IDLE));
1474 if (dtmcontrol == 0) {
1475 LOG_ERROR("dtmcontrol is 0. Check JTAG connectivity/board power.");
1478 if (get_field(dtmcontrol, DTMCONTROL_VERSION) != 0) {
1479 LOG_ERROR("Unsupported DTM version %d. (dtmcontrol=0x%x)",
1480 get_field(dtmcontrol, DTMCONTROL_VERSION), dtmcontrol);
1486 riscv011_info_t *info = get_info(target);
1487 info->addrbits = get_field(dtmcontrol, DTMCONTROL_ADDRBITS);
1488 info->dtmcontrol_idle = get_field(dtmcontrol, DTMCONTROL_IDLE);
1489 if (info->dtmcontrol_idle == 0) {
1490 /* Some old SiFive cores don't set idle but need it to be 1. */
1491 uint32_t idcode = idcode_scan(target);
1492 if (idcode == 0x10e31913)
1493 info->dtmcontrol_idle = 1;
1496 uint32_t dminfo = dbus_read(target, DMINFO);
1497 LOG_DEBUG("dminfo: 0x%08x", dminfo);
1498 LOG_DEBUG(" abussize=0x%x", get_field(dminfo, DMINFO_ABUSSIZE));
1499 LOG_DEBUG(" serialcount=0x%x", get_field(dminfo, DMINFO_SERIALCOUNT));
1500 LOG_DEBUG(" access128=%d", get_field(dminfo, DMINFO_ACCESS128));
1501 LOG_DEBUG(" access64=%d", get_field(dminfo, DMINFO_ACCESS64));
1502 LOG_DEBUG(" access32=%d", get_field(dminfo, DMINFO_ACCESS32));
1503 LOG_DEBUG(" access16=%d", get_field(dminfo, DMINFO_ACCESS16));
1504 LOG_DEBUG(" access8=%d", get_field(dminfo, DMINFO_ACCESS8));
1505 LOG_DEBUG(" dramsize=0x%x", get_field(dminfo, DMINFO_DRAMSIZE));
1506 LOG_DEBUG(" authenticated=0x%x", get_field(dminfo, DMINFO_AUTHENTICATED));
1507 LOG_DEBUG(" authbusy=0x%x", get_field(dminfo, DMINFO_AUTHBUSY));
1508 LOG_DEBUG(" authtype=0x%x", get_field(dminfo, DMINFO_AUTHTYPE));
1509 LOG_DEBUG(" version=0x%x", get_field(dminfo, DMINFO_VERSION));
1511 if (get_field(dminfo, DMINFO_VERSION) != 1) {
1512 LOG_ERROR("OpenOCD only supports Debug Module version 1, not %d "
1513 "(dminfo=0x%x)", get_field(dminfo, DMINFO_VERSION), dminfo);
1517 info->dramsize = get_field(dminfo, DMINFO_DRAMSIZE) + 1;
1519 if (get_field(dminfo, DMINFO_AUTHTYPE) != 0) {
1520 LOG_ERROR("Authentication required by RISC-V core but not "
1521 "supported by OpenOCD. dminfo=0x%x", dminfo);
1525 /* Pretend this is a 32-bit system until we have found out the true value. */
1528 /* Figure out XLEN, and test writing all of Debug RAM while we're at it. */
1529 cache_set32(target, 0, xori(S1, ZERO, -1));
1530 /* 0xffffffff 0xffffffff:ffffffff 0xffffffff:ffffffff:ffffffff:ffffffff */
1531 cache_set32(target, 1, srli(S1, S1, 31));
1532 /* 0x00000001 0x00000001:ffffffff 0x00000001:ffffffff:ffffffff:ffffffff */
1533 cache_set32(target, 2, sw(S1, ZERO, DEBUG_RAM_START));
1534 cache_set32(target, 3, srli(S1, S1, 31));
1535 /* 0x00000000 0x00000000:00000003 0x00000000:00000003:ffffffff:ffffffff */
1536 cache_set32(target, 4, sw(S1, ZERO, DEBUG_RAM_START + 4));
1537 cache_set_jump(target, 5);
1538 for (unsigned i = 6; i < info->dramsize; i++)
1539 cache_set32(target, i, i * 0x01020304);
1541 cache_write(target, 0, false);
1543 /* Check that we can actually read/write dram. */
1544 if (cache_check(target) != ERROR_OK)
1547 cache_write(target, 0, true);
1548 cache_invalidate(target);
1550 uint32_t word0 = cache_get32(target, 0);
1551 uint32_t word1 = cache_get32(target, 1);
1552 riscv_info_t *generic_info = (riscv_info_t *) target->arch_info;
1553 if (word0 == 1 && word1 == 0) {
1554 generic_info->xlen = 32;
1555 } else if (word0 == 0xffffffff && word1 == 3) {
1556 generic_info->xlen = 64;
1557 } else if (word0 == 0xffffffff && word1 == 0xffffffff) {
1558 generic_info->xlen = 128;
1560 uint32_t exception = cache_get32(target, info->dramsize-1);
1561 LOG_ERROR("Failed to discover xlen; word0=0x%x, word1=0x%x, exception=0x%x",
1562 word0, word1, exception);
1563 dump_debug_ram(target);
1566 LOG_DEBUG("Discovered XLEN is %d", riscv_xlen(target));
1568 if (read_remote_csr(target, &r->misa, CSR_MISA) != ERROR_OK) {
1569 const unsigned old_csr_misa = 0xf10;
1570 LOG_WARNING("Failed to read misa at 0x%x; trying 0x%x.", CSR_MISA,
1572 if (read_remote_csr(target, &r->misa, old_csr_misa) != ERROR_OK) {
1573 /* Maybe this is an old core that still has $misa at the old
1575 LOG_ERROR("Failed to read misa at 0x%x.", old_csr_misa);
1580 /* Update register list to match discovered XLEN/supported extensions. */
1581 riscv_init_registers(target);
1583 info->never_halted = true;
1585 int result = riscv011_poll(target);
1586 if (result != ERROR_OK)
1589 target_set_examined(target);
1590 riscv_set_current_hartid(target, 0);
1591 for (size_t i = 0; i < 32; ++i)
1592 reg_cache_set(target, i, -1);
1593 LOG_INFO("Examined RISCV core; XLEN=%d, misa=0x%" PRIx64,
1594 riscv_xlen(target), r->misa);
1599 static riscv_error_t handle_halt_routine(struct target *target)
1601 riscv011_info_t *info = get_info(target);
1603 scans_t *scans = scans_new(target, 256);
1607 /* Read all GPRs as fast as we can, because gdb is going to ask for them
1608 * anyway. Reading them one at a time is much slower. */
1610 /* Write the jump back to address 1. */
1611 scans_add_write_jump(scans, 1, false);
1612 for (int reg = 1; reg < 32; reg++) {
1613 if (reg == S0 || reg == S1)
1616 /* Write store instruction. */
1617 scans_add_write_store(scans, 0, reg, SLOT0, true);
1620 scans_add_read(scans, SLOT0, false);
1623 /* Write store of s0 at index 1. */
1624 scans_add_write_store(scans, 1, S0, SLOT0, false);
1625 /* Write jump at index 2. */
1626 scans_add_write_jump(scans, 2, false);
1628 /* Read S1 from debug RAM */
1629 scans_add_write_load(scans, 0, S0, SLOT_LAST, true);
1631 scans_add_read(scans, SLOT0, false);
1633 /* Read S0 from dscratch */
1634 unsigned int csr[] = {CSR_DSCRATCH0, CSR_DPC, CSR_DCSR};
1635 for (unsigned int i = 0; i < ARRAY_SIZE(csr); i++) {
1636 scans_add_write32(scans, 0, csrr(S0, csr[i]), true);
1637 scans_add_read(scans, SLOT0, false);
1640 /* Final read to get the last value out. */
1641 scans_add_read32(scans, 4, false);
1643 int retval = scans_execute(scans);
1644 if (retval != ERROR_OK) {
1645 LOG_ERROR("JTAG execute failed: %d", retval);
1649 unsigned int dbus_busy = 0;
1650 unsigned int interrupt_set = 0;
1651 unsigned result = 0;
1653 reg_cache_set(target, 0, 0);
1654 /* The first scan result is the result from something old we don't care
1656 for (unsigned int i = 1; i < scans->next_scan && dbus_busy == 0; i++) {
1657 dbus_status_t status = scans_get_u32(scans, i, DBUS_OP_START,
1659 uint64_t data = scans_get_u64(scans, i, DBUS_DATA_START, DBUS_DATA_SIZE);
1660 uint32_t address = scans_get_u32(scans, i, DBUS_ADDRESS_START,
1663 case DBUS_STATUS_SUCCESS:
1665 case DBUS_STATUS_FAILED:
1666 LOG_ERROR("Debug access failed. Hardware error?");
1668 case DBUS_STATUS_BUSY:
1672 LOG_ERROR("Got invalid bus access status: %d", status);
1675 if (data & DMCONTROL_INTERRUPT) {
1679 if (address == 4 || address == 5) {
1785 LOG_ERROR("Got invalid register result %d", result);
1788 if (riscv_xlen(target) == 32) {
1789 reg_cache_set(target, reg, data & 0xffffffff);
1791 } else if (riscv_xlen(target) == 64) {
1793 value = data & 0xffffffff;
1794 } else if (address == 5) {
1795 reg_cache_set(target, reg, ((data & 0xffffffff) << 32) | value);
1803 scans_delete(scans);
1806 increase_dbus_busy_delay(target);
1809 if (interrupt_set) {
1810 increase_interrupt_high_delay(target);
1814 /* TODO: get rid of those 2 variables and talk to the cache directly. */
1815 info->dpc = reg_cache_get(target, CSR_DPC);
1816 info->dcsr = reg_cache_get(target, CSR_DCSR);
1818 cache_invalidate(target);
1823 scans_delete(scans);
1827 static int handle_halt(struct target *target, bool announce)
1829 riscv011_info_t *info = get_info(target);
1830 target->state = TARGET_HALTED;
1834 re = handle_halt_routine(target);
1835 } while (re == RE_AGAIN);
1837 LOG_ERROR("handle_halt_routine failed");
1841 int cause = get_field(info->dcsr, DCSR_CAUSE);
1843 case DCSR_CAUSE_SWBP:
1844 target->debug_reason = DBG_REASON_BREAKPOINT;
1846 case DCSR_CAUSE_HWBP:
1847 target->debug_reason = DBG_REASON_WATCHPOINT;
1849 case DCSR_CAUSE_DEBUGINT:
1850 target->debug_reason = DBG_REASON_DBGRQ;
1852 case DCSR_CAUSE_STEP:
1853 target->debug_reason = DBG_REASON_SINGLESTEP;
1855 case DCSR_CAUSE_HALT:
1857 LOG_ERROR("Invalid halt cause %d in DCSR (0x%" PRIx64 ")",
1861 if (info->never_halted) {
1862 info->never_halted = false;
1864 int result = maybe_read_tselect(target);
1865 if (result != ERROR_OK)
1867 riscv_enumerate_triggers(target);
1870 if (target->debug_reason == DBG_REASON_BREAKPOINT) {
1872 if (riscv_semihosting(target, &retval) != 0)
1877 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1879 const char *cause_string[] = {
1881 "software breakpoint",
1887 /* This is logged to the user so that gdb will show it when a user types
1888 * 'monitor reset init'. At that time gdb appears to have the pc cached
1889 * still so if a user manually inspects the pc it will still have the old
1891 LOG_USER("halted at 0x%" PRIx64 " due to %s", info->dpc, cause_string[cause]);
1896 static int poll_target(struct target *target, bool announce)
1898 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1900 /* Inhibit debug logging during poll(), which isn't usually interesting and
1901 * just fills up the screen/logs with clutter. */
1902 int old_debug_level = debug_level;
1903 if (debug_level >= LOG_LVL_DEBUG)
1904 debug_level = LOG_LVL_INFO;
1905 bits_t bits = read_bits(target);
1906 debug_level = old_debug_level;
1908 if (bits.haltnot && bits.interrupt) {
1909 target->state = TARGET_DEBUG_RUNNING;
1910 LOG_DEBUG("debug running");
1911 } else if (bits.haltnot && !bits.interrupt) {
1912 if (target->state != TARGET_HALTED)
1913 return handle_halt(target, announce);
1914 } else if (!bits.haltnot && bits.interrupt) {
1915 /* Target is halting. There is no state for that, so don't change anything. */
1916 LOG_DEBUG("halting");
1917 } else if (!bits.haltnot && !bits.interrupt) {
1918 target->state = TARGET_RUNNING;
1924 static int riscv011_poll(struct target *target)
1926 return poll_target(target, true);
1929 static int riscv011_resume(struct target *target, int current,
1930 target_addr_t address, int handle_breakpoints, int debug_execution)
1933 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1936 return resume(target, debug_execution, false);
1939 static int assert_reset(struct target *target)
1941 riscv011_info_t *info = get_info(target);
1942 /* TODO: Maybe what I implemented here is more like soft_reset_halt()? */
1944 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1946 /* The only assumption we can make is that the TAP was reset. */
1947 if (wait_for_debugint_clear(target, true) != ERROR_OK) {
1948 LOG_ERROR("Debug interrupt didn't clear.");
1952 /* Not sure what we should do when there are multiple cores.
1953 * Here just reset the single hart we're talking to. */
1954 info->dcsr = set_field(info->dcsr, DCSR_EBREAKM, riscv_ebreakm);
1955 info->dcsr = set_field(info->dcsr, DCSR_EBREAKS, riscv_ebreaks);
1956 info->dcsr = set_field(info->dcsr, DCSR_EBREAKU, riscv_ebreaku);
1957 info->dcsr = set_field(info->dcsr, DCSR_EBREAKH, 1);
1958 info->dcsr |= DCSR_HALT;
1959 if (target->reset_halt)
1960 info->dcsr |= DCSR_NDRESET;
1962 info->dcsr |= DCSR_FULLRESET;
1963 dram_write32(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16), false);
1964 dram_write32(target, 1, csrw(S0, CSR_DCSR), false);
1965 /* We shouldn't actually need the jump because a reset should happen. */
1966 dram_write_jump(target, 2, false);
1967 dram_write32(target, 4, info->dcsr, true);
1968 cache_invalidate(target);
1970 target->state = TARGET_RESET;
1975 static int deassert_reset(struct target *target)
1977 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1978 if (target->reset_halt)
1979 return wait_for_state(target, TARGET_HALTED);
1981 return wait_for_state(target, TARGET_RUNNING);
1984 static int read_memory(struct target *target, target_addr_t address,
1985 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t increment)
1987 if (increment != size) {
1988 LOG_ERROR("read_memory with custom increment not implemented");
1989 return ERROR_NOT_IMPLEMENTED;
1992 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
1994 cache_set32(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16));
1997 cache_set32(target, 1, lb(S1, S0, 0));
1998 cache_set32(target, 2, sw(S1, ZERO, DEBUG_RAM_START + 16));
2001 cache_set32(target, 1, lh(S1, S0, 0));
2002 cache_set32(target, 2, sw(S1, ZERO, DEBUG_RAM_START + 16));
2005 cache_set32(target, 1, lw(S1, S0, 0));
2006 cache_set32(target, 2, sw(S1, ZERO, DEBUG_RAM_START + 16));
2009 LOG_ERROR("Unsupported size: %d", size);
2012 cache_set_jump(target, 3);
2013 cache_write(target, CACHE_NO_READ, false);
2015 riscv011_info_t *info = get_info(target);
2016 const unsigned max_batch_size = 256;
2017 scans_t *scans = scans_new(target, max_batch_size);
2021 uint32_t result_value = 0x777;
2023 while (i < count + 3) {
2024 unsigned int batch_size = MIN(count + 3 - i, max_batch_size);
2027 for (unsigned int j = 0; j < batch_size; j++) {
2028 if (i + j == count) {
2029 /* Just insert a read so we can scan out the last value. */
2030 scans_add_read32(scans, 4, false);
2031 } else if (i + j >= count + 1) {
2032 /* And check for errors. */
2033 scans_add_read32(scans, info->dramsize-1, false);
2035 /* Write the next address and set interrupt. */
2036 uint32_t offset = size * (i + j);
2037 scans_add_write32(scans, 4, address + offset, true);
2041 int retval = scans_execute(scans);
2042 if (retval != ERROR_OK) {
2043 LOG_ERROR("JTAG execute failed: %d", retval);
2048 int execute_busy = 0;
2049 for (unsigned int j = 0; j < batch_size; j++) {
2050 dbus_status_t status = scans_get_u32(scans, j, DBUS_OP_START,
2053 case DBUS_STATUS_SUCCESS:
2055 case DBUS_STATUS_FAILED:
2056 LOG_ERROR("Debug RAM write failed. Hardware error?");
2058 case DBUS_STATUS_BUSY:
2062 LOG_ERROR("Got invalid bus access status: %d", status);
2065 uint64_t data = scans_get_u64(scans, j, DBUS_DATA_START,
2067 if (data & DMCONTROL_INTERRUPT)
2069 if (i + j == count + 2) {
2070 result_value = data;
2071 } else if (i + j > 1) {
2072 uint32_t offset = size * (i + j - 2);
2075 buffer[offset] = data;
2078 buffer[offset] = data;
2079 buffer[offset+1] = data >> 8;
2082 buffer[offset] = data;
2083 buffer[offset+1] = data >> 8;
2084 buffer[offset+2] = data >> 16;
2085 buffer[offset+3] = data >> 24;
2089 LOG_DEBUG("j=%d status=%d data=%09" PRIx64, j, status, data);
2092 increase_dbus_busy_delay(target);
2094 increase_interrupt_high_delay(target);
2095 if (dbus_busy || execute_busy) {
2096 wait_for_debugint_clear(target, false);
2099 LOG_INFO("Retrying memory read starting from 0x%" TARGET_PRIxADDR
2100 " with more delays", address + size * i);
2106 if (result_value != 0) {
2107 LOG_USER("Core got an exception (0x%x) while reading from 0x%"
2108 TARGET_PRIxADDR, result_value, address + size * (count-1));
2110 LOG_USER("(It may have failed between 0x%" TARGET_PRIxADDR
2111 " and 0x%" TARGET_PRIxADDR " as well, but we "
2112 "didn't check then.)",
2113 address, address + size * (count-2) + size - 1);
2118 scans_delete(scans);
2119 cache_clean(target);
2123 scans_delete(scans);
2124 cache_clean(target);
2128 static int setup_write_memory(struct target *target, uint32_t size)
2132 cache_set32(target, 0, lb(S0, ZERO, DEBUG_RAM_START + 16));
2133 cache_set32(target, 1, sb(S0, T0, 0));
2136 cache_set32(target, 0, lh(S0, ZERO, DEBUG_RAM_START + 16));
2137 cache_set32(target, 1, sh(S0, T0, 0));
2140 cache_set32(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16));
2141 cache_set32(target, 1, sw(S0, T0, 0));
2144 LOG_ERROR("Unsupported size: %d", size);
2147 cache_set32(target, 2, addi(T0, T0, size));
2148 cache_set_jump(target, 3);
2149 cache_write(target, 4, false);
2154 static int write_memory(struct target *target, target_addr_t address,
2155 uint32_t size, uint32_t count, const uint8_t *buffer)
2157 riscv011_info_t *info = get_info(target);
2158 jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE);
2160 /* Set up the address. */
2161 cache_set_store(target, 0, T0, SLOT1);
2162 cache_set_load(target, 1, T0, SLOT0);
2163 cache_set_jump(target, 2);
2164 cache_set(target, SLOT0, address);
2165 if (cache_write(target, 5, true) != ERROR_OK)
2168 uint64_t t0 = cache_get(target, SLOT1);
2169 LOG_DEBUG("t0 is 0x%" PRIx64, t0);
2171 if (setup_write_memory(target, size) != ERROR_OK)
2174 const unsigned max_batch_size = 256;
2175 scans_t *scans = scans_new(target, max_batch_size);
2179 uint32_t result_value = 0x777;
2181 while (i < count + 2) {
2182 unsigned int batch_size = MIN(count + 2 - i, max_batch_size);
2185 for (unsigned int j = 0; j < batch_size; j++) {
2186 if (i + j >= count) {
2187 /* Check for an exception. */
2188 scans_add_read32(scans, info->dramsize-1, false);
2190 /* Write the next value and set interrupt. */
2192 uint32_t offset = size * (i + j);
2195 value = buffer[offset];
2198 value = buffer[offset] |
2199 (buffer[offset+1] << 8);
2202 value = buffer[offset] |
2203 ((uint32_t) buffer[offset+1] << 8) |
2204 ((uint32_t) buffer[offset+2] << 16) |
2205 ((uint32_t) buffer[offset+3] << 24);
2211 scans_add_write32(scans, 4, value, true);
2215 int retval = scans_execute(scans);
2216 if (retval != ERROR_OK) {
2217 LOG_ERROR("JTAG execute failed: %d", retval);
2222 int execute_busy = 0;
2223 for (unsigned int j = 0; j < batch_size; j++) {
2224 dbus_status_t status = scans_get_u32(scans, j, DBUS_OP_START,
2227 case DBUS_STATUS_SUCCESS:
2229 case DBUS_STATUS_FAILED:
2230 LOG_ERROR("Debug RAM write failed. Hardware error?");
2232 case DBUS_STATUS_BUSY:
2236 LOG_ERROR("Got invalid bus access status: %d", status);
2239 int interrupt = scans_get_u32(scans, j, DBUS_DATA_START + 33, 1);
2242 if (i + j == count + 1)
2243 result_value = scans_get_u32(scans, j, DBUS_DATA_START, 32);
2246 increase_dbus_busy_delay(target);
2248 increase_interrupt_high_delay(target);
2249 if (dbus_busy || execute_busy) {
2250 wait_for_debugint_clear(target, false);
2253 * Set t0 back to what it should have been at the beginning of this
2255 LOG_INFO("Retrying memory write starting from 0x%" TARGET_PRIxADDR
2256 " with more delays", address + size * i);
2258 cache_clean(target);
2260 if (write_gpr(target, T0, address + size * i) != ERROR_OK)
2263 if (setup_write_memory(target, size) != ERROR_OK)
2270 if (result_value != 0) {
2271 LOG_ERROR("Core got an exception (0x%x) while writing to 0x%"
2272 TARGET_PRIxADDR, result_value, address + size * (count-1));
2274 LOG_ERROR("(It may have failed between 0x%" TARGET_PRIxADDR
2275 " and 0x%" TARGET_PRIxADDR " as well, but we "
2276 "didn't check then.)",
2277 address, address + size * (count-2) + size - 1);
2282 scans_delete(scans);
2283 cache_clean(target);
2284 return register_write(target, T0, t0);
2287 scans_delete(scans);
2288 cache_clean(target);
2292 static int arch_state(struct target *target)
2297 COMMAND_HELPER(riscv011_print_info, struct target *target)
2299 /* Abstract description. */
2300 riscv_print_info_line(CMD, "target", "memory.read_while_running8", 0);
2301 riscv_print_info_line(CMD, "target", "memory.write_while_running8", 0);
2302 riscv_print_info_line(CMD, "target", "memory.read_while_running16", 0);
2303 riscv_print_info_line(CMD, "target", "memory.write_while_running16", 0);
2304 riscv_print_info_line(CMD, "target", "memory.read_while_running32", 0);
2305 riscv_print_info_line(CMD, "target", "memory.write_while_running32", 0);
2306 riscv_print_info_line(CMD, "target", "memory.read_while_running64", 0);
2307 riscv_print_info_line(CMD, "target", "memory.write_while_running64", 0);
2308 riscv_print_info_line(CMD, "target", "memory.read_while_running128", 0);
2309 riscv_print_info_line(CMD, "target", "memory.write_while_running128", 0);
2311 uint32_t dminfo = dbus_read(target, DMINFO);
2312 riscv_print_info_line(CMD, "dm", "authenticated", get_field(dminfo, DMINFO_AUTHENTICATED));
2317 static int wait_for_authbusy(struct target *target)
2319 time_t start = time(NULL);
2321 uint32_t dminfo = dbus_read(target, DMINFO);
2322 if (!get_field(dminfo, DMINFO_AUTHBUSY))
2324 if (time(NULL) - start > riscv_command_timeout_sec) {
2325 LOG_ERROR("Timed out after %ds waiting for authbusy to go low (dminfo=0x%x). "
2326 "Increase the timeout with riscv set_command_timeout_sec.",
2327 riscv_command_timeout_sec,
2336 static int riscv011_authdata_read(struct target *target, uint32_t *value, unsigned int index)
2339 LOG_ERROR("Spec 0.11 only has a two authdata registers.");
2343 if (wait_for_authbusy(target) != ERROR_OK)
2346 uint16_t authdata_address = index ? DMAUTHDATA1 : DMAUTHDATA0;
2347 *value = dbus_read(target, authdata_address);
2352 static int riscv011_authdata_write(struct target *target, uint32_t value, unsigned int index)
2355 LOG_ERROR("Spec 0.11 only has a two authdata registers.");
2359 if (wait_for_authbusy(target) != ERROR_OK)
2362 uint16_t authdata_address = index ? DMAUTHDATA1 : DMAUTHDATA0;
2363 dbus_write(target, authdata_address, value);
2368 static int init_target(struct command_context *cmd_ctx,
2369 struct target *target)
2372 RISCV_INFO(generic_info);
2373 generic_info->get_register = get_register;
2374 generic_info->set_register = set_register;
2375 generic_info->read_memory = read_memory;
2376 generic_info->authdata_read = &riscv011_authdata_read;
2377 generic_info->authdata_write = &riscv011_authdata_write;
2378 generic_info->print_info = &riscv011_print_info;
2380 generic_info->version_specific = calloc(1, sizeof(riscv011_info_t));
2381 if (!generic_info->version_specific)
2384 /* Assume 32-bit until we discover the real value in examine(). */
2385 generic_info->xlen = 32;
2386 riscv_init_registers(target);
2391 struct target_type riscv011_target = {
2394 .init_target = init_target,
2395 .deinit_target = deinit_target,
2398 /* poll current target status */
2399 .poll = riscv011_poll,
2402 .resume = riscv011_resume,
2405 .assert_reset = assert_reset,
2406 .deassert_reset = deassert_reset,
2408 .write_memory = write_memory,
2410 .arch_state = arch_state,
projects / fw / openocd / blob