1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm11_dbgtap.h"
34 #include "arm_simulator.h"
35 #include <helper/time_support.h>
36 #include "target_type.h"
37 #include "algorithm.h"
39 #include "arm_opcodes.h"
43 #define _DEBUG_INSTRUCTION_EXECUTION_
47 /* FIXME none of these flags should be global to all ARM11 cores!
48 * Most of them shouldn't exist at all, once the code works...
50 static bool arm11_config_memwrite_burst = true;
51 static bool arm11_config_memwrite_error_fatal = true;
52 static uint32_t arm11_vcr = 0;
53 static bool arm11_config_step_irq_enable = false;
54 static bool arm11_config_hardware_step = false;
56 static int arm11_step(struct target *target, int current,
57 uint32_t address, int handle_breakpoints);
60 /** Check and if necessary take control of the system
62 * \param arm11 Target state variable.
64 static int arm11_check_init(struct arm11_common *arm11)
66 CHECK_RETVAL(arm11_read_DSCR(arm11));
68 if (!(arm11->dscr & DSCR_HALT_DBG_MODE))
70 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
71 LOG_DEBUG("Bringing target into debug mode");
73 arm11->dscr |= DSCR_HALT_DBG_MODE;
74 arm11_write_DSCR(arm11, arm11->dscr);
76 /* add further reset initialization here */
78 arm11->simulate_reset_on_next_halt = true;
80 if (arm11->dscr & DSCR_CORE_HALTED)
82 /** \todo TODO: this needs further scrutiny because
83 * arm11_debug_entry() never gets called. (WHY NOT?)
84 * As a result we don't read the actual register states from
88 arm11->arm.target->state = TARGET_HALTED;
89 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
93 arm11->arm.target->state = TARGET_RUNNING;
94 arm11->arm.target->debug_reason = DBG_REASON_NOTHALTED;
97 arm11_sc7_clear_vbw(arm11);
104 * Save processor state. This is called after a HALT instruction
105 * succeeds, and on other occasions the processor enters debug mode
106 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
108 static int arm11_debug_entry(struct arm11_common *arm11)
112 arm11->arm.target->state = TARGET_HALTED;
113 arm_dpm_report_dscr(arm11->arm.dpm, arm11->dscr);
115 /* REVISIT entire cache should already be invalid !!! */
116 register_cache_invalidate(arm11->arm.core_cache);
118 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
120 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
121 arm11->is_wdtr_saved = !!(arm11->dscr & DSCR_DTR_TX_FULL);
122 if (arm11->is_wdtr_saved)
124 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
126 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
128 struct scan_field chain5_fields[3];
130 arm11_setup_field(arm11, 32, NULL,
131 &arm11->saved_wdtr, chain5_fields + 0);
132 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 1);
133 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
135 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
139 /* DSCR: set the Execute ARM instruction enable bit.
141 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
142 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
143 * for executing instructions via ITR.
145 arm11_write_DSCR(arm11, DSCR_ITR_EN | arm11->dscr);
149 Before executing any instruction in debug state you have to drain the write buffer.
150 This ensures that no imprecise Data Aborts can return at a later point:*/
152 /** \todo TODO: Test drain write buffer. */
157 /* MRC p14,0,R0,c5,c10,0 */
158 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
160 /* mcr 15, 0, r0, cr7, cr10, {4} */
161 arm11_run_instr_no_data1(arm11, 0xee070f9a);
163 uint32_t dscr = arm11_read_DSCR(arm11);
165 LOG_DEBUG("DRAIN, DSCR %08x", dscr);
167 if (dscr & ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT)
169 arm11_run_instr_no_data1(arm11, 0xe320f000);
171 dscr = arm11_read_DSCR(arm11);
173 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr);
182 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
183 * CPSR and PC after the rDTR stuff. We do it all at once.
185 retval = arm_dpm_read_current_registers(&arm11->dpm);
186 if (retval != ERROR_OK)
187 LOG_ERROR("DPM REG READ -- fail %d", retval);
189 retval = arm11_run_instr_data_prepare(arm11);
190 if (retval != ERROR_OK)
193 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
194 arm11->is_rdtr_saved = !!(arm11->dscr & DSCR_DTR_RX_FULL);
195 if (arm11->is_rdtr_saved)
197 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
198 retval = arm11_run_instr_data_from_core_via_r0(arm11,
199 0xEE100E15, &arm11->saved_rdtr);
200 if (retval != ERROR_OK)
204 /* REVISIT Now that we've saved core state, there's may also
205 * be MMU and cache state to care about ...
208 if (arm11->simulate_reset_on_next_halt)
210 arm11->simulate_reset_on_next_halt = false;
212 LOG_DEBUG("Reset c1 Control Register");
214 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
216 /* MCR p15,0,R0,c1,c0,0 */
217 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee010f10, 0);
218 if (retval != ERROR_OK)
223 if (arm11->arm.target->debug_reason == DBG_REASON_WATCHPOINT) {
226 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
227 retval = arm11_run_instr_data_from_core_via_r0(arm11,
228 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
230 if (retval != ERROR_OK)
232 arm_dpm_report_wfar(arm11->arm.dpm, wfar);
236 retval = arm11_run_instr_data_finish(arm11);
237 if (retval != ERROR_OK)
244 * Restore processor state. This is called in preparation for
245 * the RESTART function.
247 static int arm11_leave_debug_state(struct arm11_common *arm11, bool bpwp)
251 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
253 /* NOTE: the ARM1136 TRM suggests restoring all registers
254 * except R0/PC/CPSR right now. Instead, we do them all
255 * at once, just a bit later on.
258 /* REVISIT once we start caring about MMU and cache state,
259 * address it here ...
262 /* spec says clear wDTR and rDTR; we assume they are clear as
263 otherwise our programming would be sloppy */
265 CHECK_RETVAL(arm11_read_DSCR(arm11));
267 if (arm11->dscr & (DSCR_DTR_RX_FULL | DSCR_DTR_TX_FULL))
270 The wDTR/rDTR two registers that are used to send/receive data to/from
271 the core in tandem with corresponding instruction codes that are
272 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
273 registers hold data that was written by one side (CPU or JTAG) and not
274 read out by the other side.
276 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
277 (unsigned) arm11->dscr);
282 /* maybe restore original wDTR */
283 if (arm11->is_wdtr_saved)
285 retval = arm11_run_instr_data_prepare(arm11);
286 if (retval != ERROR_OK)
289 /* MCR p14,0,R0,c0,c5,0 */
290 retval = arm11_run_instr_data_to_core_via_r0(arm11,
291 0xee000e15, arm11->saved_wdtr);
292 if (retval != ERROR_OK)
295 retval = arm11_run_instr_data_finish(arm11);
296 if (retval != ERROR_OK)
300 /* restore CPSR, PC, and R0 ... after flushing any modified
303 retval = arm_dpm_write_dirty_registers(&arm11->dpm, bpwp);
305 retval = arm11_bpwp_flush(arm11);
307 register_cache_invalidate(arm11->arm.core_cache);
310 arm11_write_DSCR(arm11, arm11->dscr);
312 /* maybe restore rDTR */
313 if (arm11->is_rdtr_saved)
315 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
317 arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
319 struct scan_field chain5_fields[3];
321 uint8_t Ready = 0; /* ignored */
322 uint8_t Valid = 0; /* ignored */
324 arm11_setup_field(arm11, 32, &arm11->saved_rdtr,
325 NULL, chain5_fields + 0);
326 arm11_setup_field(arm11, 1, &Ready, NULL, chain5_fields + 1);
327 arm11_setup_field(arm11, 1, &Valid, NULL, chain5_fields + 2);
329 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
332 /* now processor is ready to RESTART */
337 /* poll current target status */
338 static int arm11_poll(struct target *target)
341 struct arm11_common *arm11 = target_to_arm11(target);
343 CHECK_RETVAL(arm11_check_init(arm11));
345 if (arm11->dscr & DSCR_CORE_HALTED)
347 if (target->state != TARGET_HALTED)
349 enum target_state old_state = target->state;
351 LOG_DEBUG("enter TARGET_HALTED");
352 retval = arm11_debug_entry(arm11);
353 if (retval != ERROR_OK)
356 target_call_event_callbacks(target,
357 (old_state == TARGET_DEBUG_RUNNING)
358 ? TARGET_EVENT_DEBUG_HALTED
359 : TARGET_EVENT_HALTED);
364 if (target->state != TARGET_RUNNING && target->state != TARGET_DEBUG_RUNNING)
366 LOG_DEBUG("enter TARGET_RUNNING");
367 target->state = TARGET_RUNNING;
368 target->debug_reason = DBG_REASON_NOTHALTED;
374 /* architecture specific status reply */
375 static int arm11_arch_state(struct target *target)
377 struct arm11_common *arm11 = target_to_arm11(target);
380 retval = arm_arch_state(target);
382 /* REVISIT also display ARM11-specific MMU and cache status ... */
384 if (target->debug_reason == DBG_REASON_WATCHPOINT)
385 LOG_USER("Watchpoint triggered at PC %#08x",
386 (unsigned) arm11->dpm.wp_pc);
391 /* target request support */
392 static int arm11_target_request_data(struct target *target,
393 uint32_t size, uint8_t *buffer)
395 LOG_WARNING("Not implemented: %s", __func__);
400 /* target execution control */
401 static int arm11_halt(struct target *target)
403 struct arm11_common *arm11 = target_to_arm11(target);
405 LOG_DEBUG("target->state: %s",
406 target_state_name(target));
408 if (target->state == TARGET_UNKNOWN)
410 arm11->simulate_reset_on_next_halt = true;
413 if (target->state == TARGET_HALTED)
415 LOG_DEBUG("target was already halted");
419 arm11_add_IR(arm11, ARM11_HALT, TAP_IDLE);
421 CHECK_RETVAL(jtag_execute_queue());
427 CHECK_RETVAL(arm11_read_DSCR(arm11));
429 if (arm11->dscr & DSCR_CORE_HALTED)
440 if ((timeval_ms()-then) > 1000)
442 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
449 enum target_state old_state = target->state;
451 arm11_debug_entry(arm11);
454 target_call_event_callbacks(target,
455 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED));
461 arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
463 void *value = arm11->arm.core_cache->reg_list[15].value;
466 buf_set_u32(value, 0, 32, address);
468 address = buf_get_u32(value, 0, 32);
473 static int arm11_resume(struct target *target, int current,
474 uint32_t address, int handle_breakpoints, int debug_execution)
476 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
477 // current, address, handle_breakpoints, debug_execution);
479 struct arm11_common *arm11 = target_to_arm11(target);
481 LOG_DEBUG("target->state: %s",
482 target_state_name(target));
485 if (target->state != TARGET_HALTED)
487 LOG_ERROR("Target not halted");
488 return ERROR_TARGET_NOT_HALTED;
491 address = arm11_nextpc(arm11, current, address);
493 LOG_DEBUG("RESUME PC %08" PRIx32 "%s", address, !current ? "!" : "");
495 /* clear breakpoints/watchpoints and VCR*/
496 arm11_sc7_clear_vbw(arm11);
498 if (!debug_execution)
499 target_free_all_working_areas(target);
501 /* Should we skip over breakpoints matching the PC? */
502 if (handle_breakpoints) {
503 struct breakpoint *bp;
505 for (bp = target->breakpoints; bp; bp = bp->next)
507 if (bp->address == address)
509 LOG_DEBUG("must step over %08" PRIx32 "", bp->address);
510 arm11_step(target, 1, 0, 0);
516 /* activate all breakpoints */
518 struct breakpoint *bp;
519 unsigned brp_num = 0;
521 for (bp = target->breakpoints; bp; bp = bp->next)
523 struct arm11_sc7_action brp[2];
526 brp[0].address = ARM11_SC7_BVR0 + brp_num;
527 brp[0].value = bp->address;
529 brp[1].address = ARM11_SC7_BCR0 + brp_num;
530 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
532 arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp));
534 LOG_DEBUG("Add BP %d at %08" PRIx32, brp_num,
541 arm11_sc7_set_vcr(arm11, arm11_vcr);
544 /* activate all watchpoints and breakpoints */
545 arm11_leave_debug_state(arm11, true);
547 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
549 CHECK_RETVAL(jtag_execute_queue());
554 CHECK_RETVAL(arm11_read_DSCR(arm11));
556 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
558 if (arm11->dscr & DSCR_CORE_RESTARTED)
569 if ((timeval_ms()-then) > 1000)
571 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
578 target->debug_reason = DBG_REASON_NOTHALTED;
579 if (!debug_execution)
580 target->state = TARGET_RUNNING;
582 target->state = TARGET_DEBUG_RUNNING;
583 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
588 static int arm11_step(struct target *target, int current,
589 uint32_t address, int handle_breakpoints)
591 LOG_DEBUG("target->state: %s",
592 target_state_name(target));
594 if (target->state != TARGET_HALTED)
596 LOG_WARNING("target was not halted");
597 return ERROR_TARGET_NOT_HALTED;
600 struct arm11_common *arm11 = target_to_arm11(target);
602 address = arm11_nextpc(arm11, current, address);
604 LOG_DEBUG("STEP PC %08" PRIx32 "%s", address, !current ? "!" : "");
607 /** \todo TODO: Thumb not supported here */
609 uint32_t next_instruction;
611 CHECK_RETVAL(arm11_read_memory_word(arm11, address, &next_instruction));
614 if ((next_instruction & 0xFFF00070) == 0xe1200070)
616 address = arm11_nextpc(arm11, 0, address + 4);
617 LOG_DEBUG("Skipping BKPT");
619 /* skip over Wait for interrupt / Standby */
620 /* mcr 15, 0, r?, cr7, cr0, {4} */
621 else if ((next_instruction & 0xFFFF0FFF) == 0xee070f90)
623 address = arm11_nextpc(arm11, 0, address + 4);
624 LOG_DEBUG("Skipping WFI");
626 /* ignore B to self */
627 else if ((next_instruction & 0xFEFFFFFF) == 0xeafffffe)
629 LOG_DEBUG("Not stepping jump to self");
633 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
636 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
637 * the VCR might be something worth looking into. */
640 /* Set up breakpoint for stepping */
642 struct arm11_sc7_action brp[2];
645 brp[0].address = ARM11_SC7_BVR0;
647 brp[1].address = ARM11_SC7_BCR0;
649 if (arm11_config_hardware_step)
651 /* Hardware single stepping ("instruction address
652 * mismatch") is used if enabled. It's not quite
653 * exactly "run one instruction"; "branch to here"
654 * loops won't break, neither will some other cases,
655 * but it's probably the best default.
657 * Hardware single stepping isn't supported on v6
658 * debug modules. ARM1176 and v7 can support it...
660 * FIXME Thumb stepping likely needs to use 0x03
661 * or 0xc0 byte masks, not 0x0f.
663 brp[0].value = address;
664 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
665 | (0 << 14) | (0 << 16) | (0 << 20)
669 /* Sets a breakpoint on the next PC, as calculated
670 * by instruction set simulation.
672 * REVISIT stepping Thumb on ARM1156 requires Thumb2
673 * support from the simulator.
678 retval = arm_simulate_step(target, &next_pc);
679 if (retval != ERROR_OK)
682 brp[0].value = next_pc;
683 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
684 | (0 << 14) | (0 << 16) | (0 << 20)
688 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
693 if (arm11_config_step_irq_enable)
694 /* this disable should be redundant ... */
695 arm11->dscr &= ~DSCR_INT_DIS;
697 arm11->dscr |= DSCR_INT_DIS;
700 CHECK_RETVAL(arm11_leave_debug_state(arm11, handle_breakpoints));
702 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
704 CHECK_RETVAL(jtag_execute_queue());
711 const uint32_t mask = DSCR_CORE_RESTARTED
714 CHECK_RETVAL(arm11_read_DSCR(arm11));
715 LOG_DEBUG("DSCR %08x e", (unsigned) arm11->dscr);
717 if ((arm11->dscr & mask) == mask)
727 if ((timeval_ms()-then) > 1000)
729 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
736 /* clear breakpoint */
737 arm11_sc7_clear_vbw(arm11);
740 CHECK_RETVAL(arm11_debug_entry(arm11));
742 /* restore default state */
743 arm11->dscr &= ~DSCR_INT_DIS;
747 target->debug_reason = DBG_REASON_SINGLESTEP;
749 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_HALTED));
754 static int arm11_assert_reset(struct target *target)
756 struct arm11_common *arm11 = target_to_arm11(target);
758 /* optionally catch reset vector */
759 if (target->reset_halt && !(arm11_vcr & 1))
760 arm11_sc7_set_vcr(arm11, arm11_vcr | 1);
762 /* Issue some kind of warm reset. */
763 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT)) {
764 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
765 } else if (jtag_get_reset_config() & RESET_HAS_SRST) {
766 /* REVISIT handle "pulls" cases, if there's
767 * hardware that needs them to work.
769 jtag_add_reset(0, 1);
771 LOG_ERROR("%s: how to reset?", target_name(target));
775 /* registers are now invalid */
776 register_cache_invalidate(arm11->arm.core_cache);
778 target->state = TARGET_RESET;
784 * - There is another bug in the arm11 core. (iMX31 specific again?)
785 * When you generate an access to external logic (for example DDR
786 * controller via AHB bus) and that block is not configured (perhaps
787 * it is still held in reset), that transaction will never complete.
788 * This will hang arm11 core but it will also hang JTAG controller.
789 * Nothing short of srst assertion will bring it out of this.
792 static int arm11_deassert_reset(struct target *target)
794 struct arm11_common *arm11 = target_to_arm11(target);
797 /* be certain SRST is off */
798 jtag_add_reset(0, 0);
800 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
801 * at least DSCR. OMAP24xx doesn't show that problem, though
802 * SRST-only reset seems to be problematic for other reasons.
803 * (Secure boot sequences being one likelihood!)
807 retval = arm11_poll(target);
809 if (target->reset_halt) {
810 if (target->state != TARGET_HALTED) {
811 LOG_WARNING("%s: ran after reset and before halt ...",
812 target_name(target));
813 if ((retval = target_halt(target)) != ERROR_OK)
818 /* maybe restore vector catch config */
819 if (target->reset_halt && !(arm11_vcr & 1))
820 arm11_sc7_set_vcr(arm11, arm11_vcr);
825 static int arm11_soft_reset_halt(struct target *target)
827 LOG_WARNING("Not implemented: %s", __func__);
832 /* target memory access
833 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
834 * count: number of items of <size>
836 * arm11_config_memrw_no_increment - in the future we may want to be able
837 * to read/write a range of data to a "port". a "port" is an action on
838 * read memory address for some peripheral.
840 static int arm11_read_memory_inner(struct target *target,
841 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer,
842 bool arm11_config_memrw_no_increment)
844 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
847 if (target->state != TARGET_HALTED)
849 LOG_WARNING("target was not halted");
850 return ERROR_TARGET_NOT_HALTED;
853 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
855 struct arm11_common *arm11 = target_to_arm11(target);
857 retval = arm11_run_instr_data_prepare(arm11);
858 if (retval != ERROR_OK)
861 /* MRC p14,0,r0,c0,c5,0 */
862 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
863 if (retval != ERROR_OK)
869 arm11->arm.core_cache->reg_list[1].dirty = true;
871 for (size_t i = 0; i < count; i++)
873 /* ldrb r1, [r0], #1 */
875 arm11_run_instr_no_data1(arm11,
876 !arm11_config_memrw_no_increment ? 0xe4d01001 : 0xe5d01000);
879 /* MCR p14,0,R1,c0,c5,0 */
880 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
889 arm11->arm.core_cache->reg_list[1].dirty = true;
891 for (size_t i = 0; i < count; i++)
893 /* ldrh r1, [r0], #2 */
894 arm11_run_instr_no_data1(arm11,
895 !arm11_config_memrw_no_increment ? 0xe0d010b2 : 0xe1d010b0);
899 /* MCR p14,0,R1,c0,c5,0 */
900 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
902 uint16_t svalue = res;
903 memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
911 uint32_t instr = !arm11_config_memrw_no_increment ? 0xecb05e01 : 0xed905e00;
912 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
913 uint32_t *words = (uint32_t *)buffer;
915 /* LDC p14,c5,[R0],#4 */
916 /* LDC p14,c5,[R0] */
917 arm11_run_instr_data_from_core(arm11, instr, words, count);
922 return arm11_run_instr_data_finish(arm11);
925 static int arm11_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
927 return arm11_read_memory_inner(target, address, size, count, buffer, false);
931 * no_increment - in the future we may want to be able
932 * to read/write a range of data to a "port". a "port" is an action on
933 * read memory address for some peripheral.
935 static int arm11_write_memory_inner(struct target *target,
936 uint32_t address, uint32_t size,
937 uint32_t count, uint8_t *buffer,
942 if (target->state != TARGET_HALTED)
944 LOG_WARNING("target was not halted");
945 return ERROR_TARGET_NOT_HALTED;
948 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
950 struct arm11_common *arm11 = target_to_arm11(target);
952 retval = arm11_run_instr_data_prepare(arm11);
953 if (retval != ERROR_OK)
956 /* load r0 with buffer address */
957 /* MRC p14,0,r0,c0,c5,0 */
958 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
959 if (retval != ERROR_OK)
962 /* burst writes are not used for single words as those may well be
963 * reset init script writes.
965 * The other advantage is that as burst writes are default, we'll
966 * now exercise both burst and non-burst code paths with the
967 * default settings, increasing code coverage.
969 bool burst = arm11_config_memwrite_burst && (count > 1);
975 arm11->arm.core_cache->reg_list[1].dirty = true;
977 for (size_t i = 0; i < count; i++)
979 /* load r1 from DCC with byte data */
980 /* MRC p14,0,r1,c0,c5,0 */
981 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, *buffer++);
982 if (retval != ERROR_OK)
985 /* write r1 to memory */
986 /* strb r1, [r0], #1 */
988 retval = arm11_run_instr_no_data1(arm11,
992 if (retval != ERROR_OK)
1001 arm11->arm.core_cache->reg_list[1].dirty = true;
1003 for (size_t i = 0; i < count; i++)
1006 memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
1008 /* load r1 from DCC with halfword data */
1009 /* MRC p14,0,r1,c0,c5,0 */
1010 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, value);
1011 if (retval != ERROR_OK)
1014 /* write r1 to memory */
1015 /* strh r1, [r0], #2 */
1017 retval = arm11_run_instr_no_data1(arm11,
1021 if (retval != ERROR_OK)
1029 /* stream word data through DCC directly to memory */
1030 /* increment: STC p14,c5,[R0],#4 */
1031 /* no increment: STC p14,c5,[R0]*/
1032 uint32_t instr = !no_increment ? 0xeca05e01 : 0xed805e00;
1034 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1035 uint32_t *words = (uint32_t*)buffer;
1037 /* "burst" here just means trusting each instruction executes
1038 * fully before we run the next one: per-word roundtrips, to
1039 * check the Ready flag, are not used.
1042 retval = arm11_run_instr_data_to_core(arm11,
1043 instr, words, count);
1045 retval = arm11_run_instr_data_to_core_noack(arm11,
1046 instr, words, count);
1047 if (retval != ERROR_OK)
1054 /* r0 verification */
1059 /* MCR p14,0,R0,c0,c5,0 */
1060 retval = arm11_run_instr_data_from_core(arm11, 0xEE000E15, &r0, 1);
1061 if (retval != ERROR_OK)
1064 if (address + size * count != r0)
1066 LOG_ERROR("Data transfer failed. Expected end "
1067 "address 0x%08x, got 0x%08x",
1068 (unsigned) (address + size * count),
1072 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1074 if (arm11_config_memwrite_error_fatal)
1079 return arm11_run_instr_data_finish(arm11);
1082 static int arm11_write_memory(struct target *target,
1083 uint32_t address, uint32_t size,
1084 uint32_t count, uint8_t *buffer)
1086 /* pointer increment matters only for multi-unit writes ...
1087 * not e.g. to a "reset the chip" controller.
1089 return arm11_write_memory_inner(target, address, size,
1090 count, buffer, count == 1);
1093 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1094 static int arm11_bulk_write_memory(struct target *target,
1095 uint32_t address, uint32_t count, uint8_t *buffer)
1097 if (target->state != TARGET_HALTED)
1099 LOG_WARNING("target was not halted");
1100 return ERROR_TARGET_NOT_HALTED;
1103 return arm11_write_memory(target, address, 4, count, buffer);
1106 /* target break-/watchpoint control
1107 * rw: 0 = write, 1 = read, 2 = access
1109 static int arm11_add_breakpoint(struct target *target,
1110 struct breakpoint *breakpoint)
1112 struct arm11_common *arm11 = target_to_arm11(target);
1115 if (breakpoint->type == BKPT_SOFT)
1117 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1118 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1122 if (!arm11->free_brps)
1124 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1128 if (breakpoint->length != 4)
1130 LOG_DEBUG("only breakpoints of four bytes length supported");
1131 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1139 static int arm11_remove_breakpoint(struct target *target,
1140 struct breakpoint *breakpoint)
1142 struct arm11_common *arm11 = target_to_arm11(target);
1149 static int arm11_target_create(struct target *target, Jim_Interp *interp)
1151 struct arm11_common *arm11;
1153 if (target->tap == NULL)
1156 if (target->tap->ir_length != 5)
1158 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1159 return ERROR_COMMAND_SYNTAX_ERROR;
1162 arm11 = calloc(1, sizeof *arm11);
1166 arm_init_arch_info(target, &arm11->arm);
1168 arm11->jtag_info.tap = target->tap;
1169 arm11->jtag_info.scann_size = 5;
1170 arm11->jtag_info.scann_instr = ARM11_SCAN_N;
1171 arm11->jtag_info.cur_scan_chain = ~0; /* invalid/unknown */
1172 arm11->jtag_info.intest_instr = ARM11_INTEST;
1177 static int arm11_init_target(struct command_context *cmd_ctx,
1178 struct target *target)
1180 /* Initialize anything we can set up without talking to the target */
1184 /* talk to the target and set things up */
1185 static int arm11_examine(struct target *target)
1189 struct arm11_common *arm11 = target_to_arm11(target);
1190 uint32_t didr, device_id;
1191 uint8_t implementor;
1193 /* FIXME split into do-first-time and do-every-time logic ... */
1197 arm11_add_IR(arm11, ARM11_IDCODE, ARM11_TAP_DEFAULT);
1199 struct scan_field idcode_field;
1201 arm11_setup_field(arm11, 32, NULL, &device_id, &idcode_field);
1203 arm11_add_dr_scan_vc(1, &idcode_field, TAP_DRPAUSE);
1207 arm11_add_debug_SCAN_N(arm11, 0x00, ARM11_TAP_DEFAULT);
1209 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
1211 struct scan_field chain0_fields[2];
1213 arm11_setup_field(arm11, 32, NULL, &didr, chain0_fields + 0);
1214 arm11_setup_field(arm11, 8, NULL, &implementor, chain0_fields + 1);
1216 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields), chain0_fields, TAP_IDLE);
1218 CHECK_RETVAL(jtag_execute_queue());
1220 /* assume the manufacturer id is ok; check the part # */
1221 switch ((device_id >> 12) & 0xFFFF)
1227 type = "ARM11 MPCore";
1233 arm11->arm.core_type = ARM_MODE_MON;
1237 LOG_ERROR("unexpected ARM11 ID code");
1240 LOG_INFO("found %s", type);
1242 /* unlikely this could ever fail, but ... */
1243 switch ((didr >> 16) & 0x0F) {
1244 case ARM11_DEBUG_V6:
1245 case ARM11_DEBUG_V61: /* supports security extensions */
1248 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1252 arm11->brp = ((didr >> 24) & 0x0F) + 1;
1254 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1255 arm11->free_brps = arm11->brp;
1257 LOG_DEBUG("IDCODE %08" PRIx32 " IMPLEMENTOR %02x DIDR %08" PRIx32,
1258 device_id, implementor, didr);
1260 /* as a side-effect this reads DSCR and thus
1261 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1262 * as suggested by the spec.
1265 retval = arm11_check_init(arm11);
1266 if (retval != ERROR_OK)
1269 /* Build register cache "late", after target_init(), since we
1270 * want to know if this core supports Secure Monitor mode.
1272 if (!target_was_examined(target))
1273 retval = arm11_dpm_init(arm11, didr);
1275 /* ETM on ARM11 still uses original scanchain 6 access mode */
1276 if (arm11->arm.etm && !target_was_examined(target)) {
1277 *register_get_last_cache_p(&target->reg_cache) =
1278 etm_build_reg_cache(target, &arm11->jtag_info,
1280 retval = etm_setup(target);
1283 target_set_examined(target);
1289 /* FIXME all these BOOL_WRAPPER things should be modifying
1290 * per-instance state, not shared state; ditto the vector
1291 * catch register support. Scan chains with multiple cores
1292 * should be able to say "work with this core like this,
1293 * that core like that". Example, ARM11 MPCore ...
1296 #define ARM11_BOOL_WRAPPER(name, print_name) \
1297 COMMAND_HANDLER(arm11_handle_bool_##name) \
1299 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1300 &arm11_config_##name, print_name); \
1303 ARM11_BOOL_WRAPPER(memwrite_burst, "memory write burst mode")
1304 ARM11_BOOL_WRAPPER(memwrite_error_fatal, "fatal error mode for memory writes")
1305 ARM11_BOOL_WRAPPER(step_irq_enable, "IRQs while stepping")
1306 ARM11_BOOL_WRAPPER(hardware_step, "hardware single step")
1308 COMMAND_HANDLER(arm11_handle_vcr)
1314 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], arm11_vcr);
1317 return ERROR_COMMAND_SYNTAX_ERROR;
1320 LOG_INFO("VCR 0x%08" PRIx32 "", arm11_vcr);
1324 static const struct command_registration arm11_mw_command_handlers[] = {
1327 .handler = arm11_handle_bool_memwrite_burst,
1328 .mode = COMMAND_ANY,
1329 .help = "Display or modify flag controlling potentially "
1330 "risky fast burst mode (default: enabled)",
1331 .usage = "['enable'|'disable']",
1334 .name = "error_fatal",
1335 .handler = arm11_handle_bool_memwrite_error_fatal,
1336 .mode = COMMAND_ANY,
1337 .help = "Display or modify flag controlling transfer "
1338 "termination on transfer errors"
1339 " (default: enabled)",
1340 .usage = "['enable'|'disable']",
1342 COMMAND_REGISTRATION_DONE
1344 static const struct command_registration arm11_any_command_handlers[] = {
1346 /* "hardware_step" is only here to check if the default
1347 * simulate + breakpoint implementation is broken.
1348 * TEMPORARY! NOT DOCUMENTED! */
1349 .name = "hardware_step",
1350 .handler = arm11_handle_bool_hardware_step,
1351 .mode = COMMAND_ANY,
1352 .help = "DEBUG ONLY - Hardware single stepping"
1353 " (default: disabled)",
1354 .usage = "['enable'|'disable']",
1358 .mode = COMMAND_ANY,
1359 .help = "memwrite command group",
1360 .chain = arm11_mw_command_handlers,
1363 .name = "step_irq_enable",
1364 .handler = arm11_handle_bool_step_irq_enable,
1365 .mode = COMMAND_ANY,
1366 .help = "Display or modify flag controlling interrupt "
1367 "enable while stepping (default: disabled)",
1368 .usage = "['enable'|'disable']",
1372 .handler = arm11_handle_vcr,
1373 .mode = COMMAND_ANY,
1374 .help = "Display or modify Vector Catch Register",
1377 COMMAND_REGISTRATION_DONE
1379 static const struct command_registration arm11_command_handlers[] = {
1381 .chain = arm_command_handlers,
1384 .chain = etm_command_handlers,
1388 .mode = COMMAND_ANY,
1389 .help = "ARM11 command group",
1390 .chain = arm11_any_command_handlers,
1392 COMMAND_REGISTRATION_DONE
1395 /** Holds methods for ARM11xx targets. */
1396 struct target_type arm11_target = {
1400 .arch_state = arm11_arch_state,
1402 .target_request_data = arm11_target_request_data,
1405 .resume = arm11_resume,
1408 .assert_reset = arm11_assert_reset,
1409 .deassert_reset = arm11_deassert_reset,
1410 .soft_reset_halt = arm11_soft_reset_halt,
1412 .get_gdb_reg_list = arm_get_gdb_reg_list,
1414 .read_memory = arm11_read_memory,
1415 .write_memory = arm11_write_memory,
1417 .bulk_write_memory = arm11_bulk_write_memory,
1419 .checksum_memory = arm_checksum_memory,
1420 .blank_check_memory = arm_blank_check_memory,
1422 .add_breakpoint = arm11_add_breakpoint,
1423 .remove_breakpoint = arm11_remove_breakpoint,
1425 .run_algorithm = armv4_5_run_algorithm,
1427 .commands = arm11_command_handlers,
1428 .target_create = arm11_target_create,
1429 .init_target = arm11_init_target,
1430 .examine = arm11_examine,
projects / openocd / blob