1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "replacements.h"
32 #include "embeddedice.h"
34 #include "target_request.h"
39 #include "arm7_9_common.h"
40 #include "breakpoints.h"
41 #include "time_support.h"
47 #include <sys/types.h>
52 int arm7_9_debug_entry(target_t *target);
53 int arm7_9_enable_sw_bkpts(struct target_s *target);
55 /* command handler forward declarations */
56 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
61 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
66 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
68 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
69 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
70 arm7_9->sw_breakpoints_added = 0;
72 arm7_9->wp1_used = arm7_9->wp1_used_default;
73 arm7_9->wp_available = arm7_9->wp_available_max;
75 return jtag_execute_queue();
78 /* set up embedded ice registers */
79 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
81 if (arm7_9->sw_breakpoints_added)
85 if (arm7_9->wp_available < 1)
87 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
88 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
90 arm7_9->wp_available--;
92 /* pick a breakpoint unit */
93 if (!arm7_9->wp0_used)
95 arm7_9->sw_breakpoints_added=1;
97 } else if (!arm7_9->wp1_used)
99 arm7_9->sw_breakpoints_added=2;
100 arm7_9->wp1_used = 3;
104 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
108 if (arm7_9->sw_breakpoints_added==1)
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
112 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
113 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
116 else if (arm7_9->sw_breakpoints_added==2)
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
120 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
121 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
122 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
130 return jtag_execute_queue();
133 /* set things up after a reset / on startup */
134 int arm7_9_setup(target_t *target)
136 armv4_5_common_t *armv4_5 = target->arch_info;
137 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
139 return arm7_9_clear_watchpoints(arm7_9);
143 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
145 armv4_5_common_t *armv4_5 = target->arch_info;
146 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
148 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
153 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
158 *armv4_5_p = armv4_5;
164 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
165 * might have erased the values in embedded ice
167 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
169 armv4_5_common_t *armv4_5 = target->arch_info;
170 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
173 if (target->state != TARGET_HALTED)
175 LOG_WARNING("target not halted");
176 return ERROR_TARGET_NOT_HALTED;
179 if (breakpoint->type == BKPT_HARD)
181 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
182 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
183 if (breakpoint->set==1)
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
187 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
188 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
191 else if (breakpoint->set==2)
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
195 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
196 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
197 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
201 LOG_ERROR("BUG: no hardware comparator available");
205 retval=jtag_execute_queue();
207 else if (breakpoint->type == BKPT_SOFT)
209 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
212 /* did we already set this breakpoint? */
216 if (breakpoint->length == 4)
218 u32 verify = 0xffffffff;
219 /* keep the original instruction in target endianness */
220 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
221 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
222 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
224 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
225 if (verify != arm7_9->arm_bkpt)
227 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
234 /* keep the original instruction in target endianness */
235 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
236 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
237 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
239 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
240 if (verify != arm7_9->thumb_bkpt)
242 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
253 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
255 armv4_5_common_t *armv4_5 = target->arch_info;
256 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
258 if (!breakpoint->set)
260 LOG_WARNING("breakpoint not set");
264 if (breakpoint->type == BKPT_HARD)
266 if (breakpoint->set == 1)
268 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
269 arm7_9->wp0_used = 0;
271 else if (breakpoint->set == 2)
273 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
274 arm7_9->wp1_used = 0;
276 jtag_execute_queue();
281 /* restore original instruction (kept in target endianness) */
282 if (breakpoint->length == 4)
285 /* check that user program as not modified breakpoint instruction */
286 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
287 if (current_instr==arm7_9->arm_bkpt)
288 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
293 /* check that user program as not modified breakpoint instruction */
294 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
295 if (current_instr==arm7_9->thumb_bkpt)
296 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
304 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
306 armv4_5_common_t *armv4_5 = target->arch_info;
307 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
309 if (target->state != TARGET_HALTED)
311 LOG_WARNING("target not halted");
312 return ERROR_TARGET_NOT_HALTED;
315 if (arm7_9->breakpoint_count==0)
317 /* make sure we don't have any dangling breakpoints. This is vital upon
318 * GDB connect/disconnect
320 arm7_9_clear_watchpoints(arm7_9);
323 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
325 LOG_INFO("no watchpoint unit available for hardware breakpoint");
326 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
329 if ((breakpoint->length != 2) && (breakpoint->length != 4))
331 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
332 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
335 if (breakpoint->type == BKPT_HARD)
337 arm7_9->wp_available--;
339 if (!arm7_9->wp0_used)
341 arm7_9->wp0_used = 1;
344 else if (!arm7_9->wp1_used)
346 arm7_9->wp1_used = 1;
351 LOG_ERROR("BUG: no hardware comparator available");
356 arm7_9->breakpoint_count++;
358 return arm7_9_set_breakpoint(target, breakpoint);
361 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
363 armv4_5_common_t *armv4_5 = target->arch_info;
364 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
366 arm7_9_unset_breakpoint(target, breakpoint);
368 if (breakpoint->type == BKPT_HARD)
369 arm7_9->wp_available++;
371 arm7_9->breakpoint_count--;
372 if (arm7_9->breakpoint_count==0)
374 /* make sure we don't have any dangling breakpoints */
375 arm7_9_clear_watchpoints(arm7_9);
381 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
383 armv4_5_common_t *armv4_5 = target->arch_info;
384 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
388 mask = watchpoint->length - 1;
390 if (target->state != TARGET_HALTED)
392 LOG_WARNING("target not halted");
393 return ERROR_TARGET_NOT_HALTED;
396 if (watchpoint->rw == WPT_ACCESS)
401 if (!arm7_9->wp0_used)
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
406 if( watchpoint->mask != 0xffffffffu )
407 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
409 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
411 jtag_execute_queue();
413 arm7_9->wp0_used = 2;
415 else if (!arm7_9->wp1_used)
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
420 if( watchpoint->mask != 0xffffffffu )
421 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
422 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
423 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
425 jtag_execute_queue();
427 arm7_9->wp1_used = 2;
431 LOG_ERROR("BUG: no hardware comparator available");
438 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
440 armv4_5_common_t *armv4_5 = target->arch_info;
441 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
443 if (target->state != TARGET_HALTED)
445 LOG_WARNING("target not halted");
446 return ERROR_TARGET_NOT_HALTED;
449 if (!watchpoint->set)
451 LOG_WARNING("breakpoint not set");
455 if (watchpoint->set == 1)
457 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
458 jtag_execute_queue();
459 arm7_9->wp0_used = 0;
461 else if (watchpoint->set == 2)
463 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
464 jtag_execute_queue();
465 arm7_9->wp1_used = 0;
472 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
474 armv4_5_common_t *armv4_5 = target->arch_info;
475 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
477 if (target->state != TARGET_HALTED)
479 LOG_WARNING("target not halted");
480 return ERROR_TARGET_NOT_HALTED;
483 if (arm7_9->wp_available < 1)
485 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
488 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
490 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
493 arm7_9->wp_available--;
498 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
500 armv4_5_common_t *armv4_5 = target->arch_info;
501 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
505 arm7_9_unset_watchpoint(target, watchpoint);
508 arm7_9->wp_available++;
516 int arm7_9_execute_sys_speed(struct target_s *target)
520 armv4_5_common_t *armv4_5 = target->arch_info;
521 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
522 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
523 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
525 /* set RESTART instruction */
526 jtag_add_end_state(TAP_RTI);
527 if (arm7_9->need_bypass_before_restart) {
528 arm7_9->need_bypass_before_restart = 0;
529 arm_jtag_set_instr(jtag_info, 0xf, NULL);
531 arm_jtag_set_instr(jtag_info, 0x4, NULL);
533 long long then=timeval_ms();
535 while (!(timeout=((timeval_ms()-then)>1000)))
537 /* read debug status register */
538 embeddedice_read_reg(dbg_stat);
539 if ((retval = jtag_execute_queue()) != ERROR_OK)
541 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
542 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
554 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
555 return ERROR_TARGET_TIMEOUT;
561 int arm7_9_execute_fast_sys_speed(struct target_s *target)
564 static u8 check_value[4], check_mask[4];
566 armv4_5_common_t *armv4_5 = target->arch_info;
567 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
568 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
569 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
571 /* set RESTART instruction */
572 jtag_add_end_state(TAP_RTI);
573 if (arm7_9->need_bypass_before_restart) {
574 arm7_9->need_bypass_before_restart = 0;
575 arm_jtag_set_instr(jtag_info, 0xf, NULL);
577 arm_jtag_set_instr(jtag_info, 0x4, NULL);
581 /* check for DBGACK and SYSCOMP set (others don't care) */
583 /* NB! These are constants that must be available until after next jtag_execute() and
584 we evaluate the values upon first execution in lieu of setting up these constants
587 buf_set_u32(check_value, 0, 32, 0x9);
588 buf_set_u32(check_mask, 0, 32, 0x9);
592 /* read debug status register */
593 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
598 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
600 armv4_5_common_t *armv4_5 = target->arch_info;
601 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
602 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
606 data = malloc(size * (sizeof(u32)));
608 embeddedice_receive(jtag_info, data, size);
610 for (i = 0; i < size; i++)
612 h_u32_to_le(buffer + (i * 4), data[i]);
620 int arm7_9_handle_target_request(void *priv)
622 target_t *target = priv;
623 if (!target->type->examined)
625 armv4_5_common_t *armv4_5 = target->arch_info;
626 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
627 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
628 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
631 if (!target->dbg_msg_enabled)
634 if (target->state == TARGET_RUNNING)
636 /* read DCC control register */
637 embeddedice_read_reg(dcc_control);
638 jtag_execute_queue();
641 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
645 embeddedice_receive(jtag_info, &request, 1);
646 target_request(target, request);
653 int arm7_9_poll(target_t *target)
656 armv4_5_common_t *armv4_5 = target->arch_info;
657 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
658 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
660 /* read debug status register */
661 embeddedice_read_reg(dbg_stat);
662 if ((retval = jtag_execute_queue()) != ERROR_OK)
667 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
669 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
670 if (target->state == TARGET_UNKNOWN)
672 target->state = TARGET_RUNNING;
673 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
675 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
678 if (target->state == TARGET_RESET)
680 if (target->reset_halt)
682 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
689 target->state = TARGET_HALTED;
691 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
696 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
697 u32 t=*((u32 *)reg->value);
700 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
704 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
706 if (target->state == TARGET_DEBUG_RUNNING)
708 target->state = TARGET_HALTED;
709 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
712 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
714 if (target->state != TARGET_HALTED)
716 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
721 if (target->state != TARGET_DEBUG_RUNNING)
722 target->state = TARGET_RUNNING;
729 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
730 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
731 while the core is held in reset(SRST). It isn't possible to program the halt
732 condition once reset was asserted, hence a hook that allows the target to set
733 up its reset-halt condition prior to asserting reset.
736 int arm7_9_assert_reset(target_t *target)
738 armv4_5_common_t *armv4_5 = target->arch_info;
739 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
740 LOG_DEBUG("target->state: %s",
741 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
743 if (!(jtag_reset_config & RESET_HAS_SRST))
745 LOG_ERROR("Can't assert SRST");
749 if (target->reset_halt)
752 * Some targets do not support communication while SRST is asserted. We need to
753 * set up the reset vector catch here.
755 * If TRST is asserted, then these settings will be reset anyway, so setting them
758 if (arm7_9->has_vector_catch)
760 /* program vector catch register to catch reset vector */
761 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
765 /* program watchpoint unit to match on reset vector address */
766 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
767 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
768 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
769 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
770 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
774 /* here we should issue a srst only, but we may have to assert trst as well */
775 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
777 jtag_add_reset(1, 1);
780 jtag_add_reset(0, 1);
784 target->state = TARGET_RESET;
785 jtag_add_sleep(50000);
787 armv4_5_invalidate_core_regs(target);
789 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
791 /* debug entry was already prepared in arm7_9_assert_reset() */
792 target->debug_reason = DBG_REASON_DBGRQ;
799 int arm7_9_deassert_reset(target_t *target)
802 LOG_DEBUG("target->state: %s",
803 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
806 /* deassert reset lines */
807 jtag_add_reset(0, 0);
809 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
811 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
812 /* set up embedded ice registers again */
813 if ((retval=target->type->examine(target))!=ERROR_OK)
816 if ((retval=target_poll(target))!=ERROR_OK)
821 if ((retval=target_halt(target))!=ERROR_OK)
830 int arm7_9_clear_halt(target_t *target)
832 armv4_5_common_t *armv4_5 = target->arch_info;
833 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
834 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
836 /* we used DBGRQ only if we didn't come out of reset */
837 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
839 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
841 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
842 embeddedice_store_reg(dbg_ctrl);
846 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
848 /* if we came out of reset, and vector catch is supported, we used
849 * vector catch to enter debug state
850 * restore the register in that case
852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
856 /* restore registers if watchpoint unit 0 was in use
858 if (arm7_9->wp0_used)
860 if (arm7_9->debug_entry_from_reset)
862 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
864 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
865 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
866 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
868 /* control value always has to be restored, as it was either disabled,
869 * or enabled with possibly different bits
871 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
878 int arm7_9_soft_reset_halt(struct target_s *target)
880 armv4_5_common_t *armv4_5 = target->arch_info;
881 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
882 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
883 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
887 if ((retval=target_halt(target))!=ERROR_OK)
890 long long then=timeval_ms();
892 while (!(timeout=((timeval_ms()-then)>1000)))
894 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
896 embeddedice_read_reg(dbg_stat);
897 if ((retval=jtag_execute_queue())!=ERROR_OK)
909 LOG_ERROR("Failed to halt CPU after 1 sec");
910 return ERROR_TARGET_TIMEOUT;
912 target->state = TARGET_HALTED;
914 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
915 * ensure that DBGRQ is cleared
917 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
918 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
919 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
920 embeddedice_store_reg(dbg_ctrl);
922 arm7_9_clear_halt(target);
924 /* if the target is in Thumb state, change to ARM state */
925 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
927 u32 r0_thumb, pc_thumb;
928 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
929 /* Entered debug from Thumb mode */
930 armv4_5->core_state = ARMV4_5_STATE_THUMB;
931 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
934 /* all register content is now invalid */
935 armv4_5_invalidate_core_regs(target);
937 /* SVC, ARM state, IRQ and FIQ disabled */
938 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
939 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
940 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
942 /* start fetching from 0x0 */
943 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
944 armv4_5->core_cache->reg_list[15].dirty = 1;
945 armv4_5->core_cache->reg_list[15].valid = 1;
947 armv4_5->core_mode = ARMV4_5_MODE_SVC;
948 armv4_5->core_state = ARMV4_5_STATE_ARM;
950 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
953 /* reset registers */
954 for (i = 0; i <= 14; i++)
956 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
957 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
958 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
961 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
966 int arm7_9_halt(target_t *target)
968 if (target->state==TARGET_RESET)
970 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
974 armv4_5_common_t *armv4_5 = target->arch_info;
975 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
976 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
978 LOG_DEBUG("target->state: %s",
979 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
981 if (target->state == TARGET_HALTED)
983 LOG_DEBUG("target was already halted");
987 if (target->state == TARGET_UNKNOWN)
989 LOG_WARNING("target was in unknown state when halt was requested");
992 if (arm7_9->use_dbgrq)
994 /* program EmbeddedICE Debug Control Register to assert DBGRQ
996 if (arm7_9->set_special_dbgrq) {
997 arm7_9->set_special_dbgrq(target);
999 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1000 embeddedice_store_reg(dbg_ctrl);
1005 /* program watchpoint unit to match on any address
1007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1013 target->debug_reason = DBG_REASON_DBGRQ;
1018 int arm7_9_debug_entry(target_t *target)
1023 u32 r0_thumb, pc_thumb;
1026 /* get pointers to arch-specific information */
1027 armv4_5_common_t *armv4_5 = target->arch_info;
1028 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1029 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1030 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1032 #ifdef _DEBUG_ARM7_9_
1036 if (arm7_9->pre_debug_entry)
1037 arm7_9->pre_debug_entry(target);
1039 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1040 * ensure that DBGRQ is cleared
1042 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1043 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1044 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1045 embeddedice_store_reg(dbg_ctrl);
1047 arm7_9_clear_halt(target);
1049 if ((retval = jtag_execute_queue()) != ERROR_OK)
1054 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1058 if (target->state != TARGET_HALTED)
1060 LOG_WARNING("target not halted");
1061 return ERROR_TARGET_NOT_HALTED;
1064 /* if the target is in Thumb state, change to ARM state */
1065 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1067 LOG_DEBUG("target entered debug from Thumb state");
1068 /* Entered debug from Thumb mode */
1069 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1070 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1071 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1075 LOG_DEBUG("target entered debug from ARM state");
1076 /* Entered debug from ARM mode */
1077 armv4_5->core_state = ARMV4_5_STATE_ARM;
1080 for (i = 0; i < 16; i++)
1081 context_p[i] = &context[i];
1082 /* save core registers (r0 - r15 of current core mode) */
1083 arm7_9->read_core_regs(target, 0xffff, context_p);
1085 arm7_9->read_xpsr(target, &cpsr, 0);
1087 if ((retval = jtag_execute_queue()) != ERROR_OK)
1090 /* if the core has been executing in Thumb state, set the T bit */
1091 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1094 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1095 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1096 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1098 armv4_5->core_mode = cpsr & 0x1f;
1100 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1102 target->state = TARGET_UNKNOWN;
1103 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1104 return ERROR_TARGET_FAILURE;
1107 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1109 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1111 LOG_DEBUG("thumb state, applying fixups");
1112 context[0] = r0_thumb;
1113 context[15] = pc_thumb;
1114 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1116 /* adjust value stored by STM */
1117 context[15] -= 3 * 4;
1120 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1121 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1122 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1123 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1124 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1125 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1126 else if (target->debug_reason == DBG_REASON_DBGRQ)
1127 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1130 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1133 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1136 for (i=0; i<=15; i++)
1138 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1139 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1140 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1141 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1144 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1146 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1149 /* exceptions other than USR & SYS have a saved program status register */
1150 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1153 arm7_9->read_xpsr(target, &spsr, 1);
1154 jtag_execute_queue();
1155 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1156 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1157 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1160 /* r0 and r15 (pc) have to be restored later */
1161 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1162 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1164 if ((retval = jtag_execute_queue()) != ERROR_OK)
1167 if (arm7_9->post_debug_entry)
1168 arm7_9->post_debug_entry(target);
1173 int arm7_9_full_context(target_t *target)
1177 armv4_5_common_t *armv4_5 = target->arch_info;
1178 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1182 if (target->state != TARGET_HALTED)
1184 LOG_WARNING("target not halted");
1185 return ERROR_TARGET_NOT_HALTED;
1188 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1191 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1192 * SYS shares registers with User, so we don't touch SYS
1194 for(i = 0; i < 6; i++)
1201 /* check if there are invalid registers in the current mode
1203 for (j = 0; j <= 16; j++)
1205 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1213 /* change processor mode (and mask T bit) */
1214 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1215 tmp_cpsr |= armv4_5_number_to_mode(i);
1217 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1219 for (j = 0; j < 15; j++)
1221 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1223 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1225 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1230 /* if only the PSR is invalid, mask is all zeroes */
1232 arm7_9->read_core_regs(target, mask, reg_p);
1234 /* check if the PSR has to be read */
1235 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1237 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1238 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1239 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1244 /* restore processor mode (mask T bit) */
1245 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1247 if ((retval = jtag_execute_queue()) != ERROR_OK)
1254 int arm7_9_restore_context(target_t *target)
1256 armv4_5_common_t *armv4_5 = target->arch_info;
1257 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1259 armv4_5_core_reg_t *reg_arch_info;
1260 enum armv4_5_mode current_mode = armv4_5->core_mode;
1267 if (target->state != TARGET_HALTED)
1269 LOG_WARNING("target not halted");
1270 return ERROR_TARGET_NOT_HALTED;
1273 if (arm7_9->pre_restore_context)
1274 arm7_9->pre_restore_context(target);
1276 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1279 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1280 * SYS shares registers with User, so we don't touch SYS
1282 for (i = 0; i < 6; i++)
1284 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1287 /* check if there are dirty registers in the current mode
1289 for (j = 0; j <= 16; j++)
1291 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1292 reg_arch_info = reg->arch_info;
1293 if (reg->dirty == 1)
1295 if (reg->valid == 1)
1298 LOG_DEBUG("examining dirty reg: %s", reg->name);
1299 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1300 && (reg_arch_info->mode != current_mode)
1301 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1302 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1305 LOG_DEBUG("require mode change");
1310 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1325 /* change processor mode (mask T bit) */
1326 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1327 tmp_cpsr |= armv4_5_number_to_mode(i);
1329 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1330 current_mode = armv4_5_number_to_mode(i);
1333 for (j = 0; j <= 14; j++)
1335 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1336 reg_arch_info = reg->arch_info;
1339 if (reg->dirty == 1)
1341 regs[j] = buf_get_u32(reg->value, 0, 32);
1346 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1352 arm7_9->write_core_regs(target, mask, regs);
1355 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1356 reg_arch_info = reg->arch_info;
1357 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1359 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1360 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1365 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1367 /* restore processor mode (mask T bit) */
1370 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1371 tmp_cpsr |= armv4_5_number_to_mode(i);
1373 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1374 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1376 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1378 /* CPSR has been changed, full restore necessary (mask T bit) */
1379 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1380 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1381 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1382 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1386 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1387 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1388 armv4_5->core_cache->reg_list[15].dirty = 0;
1390 if (arm7_9->post_restore_context)
1391 arm7_9->post_restore_context(target);
1396 int arm7_9_restart_core(struct target_s *target)
1398 armv4_5_common_t *armv4_5 = target->arch_info;
1399 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1400 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1402 /* set RESTART instruction */
1403 jtag_add_end_state(TAP_RTI);
1404 if (arm7_9->need_bypass_before_restart) {
1405 arm7_9->need_bypass_before_restart = 0;
1406 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1408 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1410 jtag_add_runtest(1, TAP_RTI);
1411 return jtag_execute_queue();
1414 void arm7_9_enable_watchpoints(struct target_s *target)
1416 watchpoint_t *watchpoint = target->watchpoints;
1420 if (watchpoint->set == 0)
1421 arm7_9_set_watchpoint(target, watchpoint);
1422 watchpoint = watchpoint->next;
1426 void arm7_9_enable_breakpoints(struct target_s *target)
1428 breakpoint_t *breakpoint = target->breakpoints;
1430 /* set any pending breakpoints */
1433 arm7_9_set_breakpoint(target, breakpoint);
1434 breakpoint = breakpoint->next;
1439 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1441 armv4_5_common_t *armv4_5 = target->arch_info;
1442 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1443 breakpoint_t *breakpoint = target->breakpoints;
1444 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1449 if (target->state != TARGET_HALTED)
1451 LOG_WARNING("target not halted");
1452 return ERROR_TARGET_NOT_HALTED;
1455 if (!debug_execution)
1457 target_free_all_working_areas(target);
1460 /* current = 1: continue on current pc, otherwise continue at <address> */
1462 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1464 /* the front-end may request us not to handle breakpoints */
1465 if (handle_breakpoints)
1467 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1469 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1470 arm7_9_unset_breakpoint(target, breakpoint);
1472 LOG_DEBUG("enable single-step");
1473 arm7_9->enable_single_step(target);
1475 target->debug_reason = DBG_REASON_SINGLESTEP;
1477 arm7_9_restore_context(target);
1479 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1480 arm7_9->branch_resume(target);
1481 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1483 arm7_9->branch_resume_thumb(target);
1487 LOG_ERROR("unhandled core state");
1491 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1492 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1493 err = arm7_9_execute_sys_speed(target);
1495 LOG_DEBUG("disable single-step");
1496 arm7_9->disable_single_step(target);
1498 if (err != ERROR_OK)
1500 arm7_9_set_breakpoint(target, breakpoint);
1501 target->state = TARGET_UNKNOWN;
1505 arm7_9_debug_entry(target);
1506 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1508 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1509 arm7_9_set_breakpoint(target, breakpoint);
1513 /* enable any pending breakpoints and watchpoints */
1514 arm7_9_enable_breakpoints(target);
1515 arm7_9_enable_watchpoints(target);
1517 arm7_9_restore_context(target);
1519 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1521 arm7_9->branch_resume(target);
1523 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1525 arm7_9->branch_resume_thumb(target);
1529 LOG_ERROR("unhandled core state");
1533 /* deassert DBGACK and INTDIS */
1534 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1535 /* INTDIS only when we really resume, not during debug execution */
1536 if (!debug_execution)
1537 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1538 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1540 arm7_9_restart_core(target);
1542 target->debug_reason = DBG_REASON_NOTHALTED;
1544 if (!debug_execution)
1546 /* registers are now invalid */
1547 armv4_5_invalidate_core_regs(target);
1548 target->state = TARGET_RUNNING;
1549 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1553 target->state = TARGET_DEBUG_RUNNING;
1554 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1557 LOG_DEBUG("target resumed");
1562 void arm7_9_enable_eice_step(target_t *target)
1564 armv4_5_common_t *armv4_5 = target->arch_info;
1565 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1567 /* setup an inverse breakpoint on the current PC
1568 * - comparator 1 matches the current address
1569 * - rangeout from comparator 1 is connected to comparator 0 rangein
1570 * - comparator 0 matches any address, as long as rangein is low */
1571 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1572 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1573 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1574 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1575 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1577 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1578 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1579 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1582 void arm7_9_disable_eice_step(target_t *target)
1584 armv4_5_common_t *armv4_5 = target->arch_info;
1585 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1587 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1588 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1589 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1590 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1591 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1592 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1593 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1594 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1595 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1598 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1600 armv4_5_common_t *armv4_5 = target->arch_info;
1601 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1602 breakpoint_t *breakpoint = NULL;
1605 if (target->state != TARGET_HALTED)
1607 LOG_WARNING("target not halted");
1608 return ERROR_TARGET_NOT_HALTED;
1611 /* current = 1: continue on current pc, otherwise continue at <address> */
1613 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1615 /* the front-end may request us not to handle breakpoints */
1616 if (handle_breakpoints)
1617 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1618 arm7_9_unset_breakpoint(target, breakpoint);
1620 target->debug_reason = DBG_REASON_SINGLESTEP;
1622 arm7_9_restore_context(target);
1624 arm7_9->enable_single_step(target);
1626 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1628 arm7_9->branch_resume(target);
1630 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1632 arm7_9->branch_resume_thumb(target);
1636 LOG_ERROR("unhandled core state");
1640 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1642 err = arm7_9_execute_sys_speed(target);
1643 arm7_9->disable_single_step(target);
1645 /* registers are now invalid */
1646 armv4_5_invalidate_core_regs(target);
1648 if (err != ERROR_OK)
1650 target->state = TARGET_UNKNOWN;
1652 arm7_9_debug_entry(target);
1653 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1654 LOG_DEBUG("target stepped");
1658 arm7_9_set_breakpoint(target, breakpoint);
1664 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1669 armv4_5_common_t *armv4_5 = target->arch_info;
1670 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1672 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1675 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1677 if ((num < 0) || (num > 16))
1678 return ERROR_INVALID_ARGUMENTS;
1680 if ((mode != ARMV4_5_MODE_ANY)
1681 && (mode != armv4_5->core_mode)
1682 && (reg_mode != ARMV4_5_MODE_ANY))
1686 /* change processor mode (mask T bit) */
1687 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1690 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1693 if ((num >= 0) && (num <= 15))
1695 /* read a normal core register */
1696 reg_p[num] = &value;
1698 arm7_9->read_core_regs(target, 1 << num, reg_p);
1702 /* read a program status register
1703 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1705 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1706 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1708 arm7_9->read_xpsr(target, &value, spsr);
1711 if ((retval = jtag_execute_queue()) != ERROR_OK)
1716 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1717 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1718 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1720 if ((mode != ARMV4_5_MODE_ANY)
1721 && (mode != armv4_5->core_mode)
1722 && (reg_mode != ARMV4_5_MODE_ANY)) {
1723 /* restore processor mode (mask T bit) */
1724 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1731 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1734 armv4_5_common_t *armv4_5 = target->arch_info;
1735 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1737 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1740 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1742 if ((num < 0) || (num > 16))
1743 return ERROR_INVALID_ARGUMENTS;
1745 if ((mode != ARMV4_5_MODE_ANY)
1746 && (mode != armv4_5->core_mode)
1747 && (reg_mode != ARMV4_5_MODE_ANY)) {
1750 /* change processor mode (mask T bit) */
1751 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1754 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1757 if ((num >= 0) && (num <= 15))
1759 /* write a normal core register */
1762 arm7_9->write_core_regs(target, 1 << num, reg);
1766 /* write a program status register
1767 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1769 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1770 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1772 /* if we're writing the CPSR, mask the T bit */
1776 arm7_9->write_xpsr(target, value, spsr);
1779 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1780 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1782 if ((mode != ARMV4_5_MODE_ANY)
1783 && (mode != armv4_5->core_mode)
1784 && (reg_mode != ARMV4_5_MODE_ANY)) {
1785 /* restore processor mode (mask T bit) */
1786 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1789 return jtag_execute_queue();
1792 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1794 armv4_5_common_t *armv4_5 = target->arch_info;
1795 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1798 int num_accesses = 0;
1799 int thisrun_accesses;
1805 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1807 if (target->state != TARGET_HALTED)
1809 LOG_WARNING("target not halted");
1810 return ERROR_TARGET_NOT_HALTED;
1813 /* sanitize arguments */
1814 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1815 return ERROR_INVALID_ARGUMENTS;
1817 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1818 return ERROR_TARGET_UNALIGNED_ACCESS;
1820 /* load the base register with the address of the first word */
1822 arm7_9->write_core_regs(target, 0x1, reg);
1829 while (num_accesses < count)
1832 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1833 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1835 if (last_reg <= thisrun_accesses)
1836 last_reg = thisrun_accesses;
1838 arm7_9->load_word_regs(target, reg_list);
1840 /* fast memory reads are only safe when the target is running
1841 * from a sufficiently high clock (32 kHz is usually too slow)
1843 if (arm7_9->fast_memory_access)
1844 arm7_9_execute_fast_sys_speed(target);
1846 arm7_9_execute_sys_speed(target);
1848 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1850 /* advance buffer, count number of accesses */
1851 buffer += thisrun_accesses * 4;
1852 num_accesses += thisrun_accesses;
1861 while (num_accesses < count)
1864 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1865 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1867 for (i = 1; i <= thisrun_accesses; i++)
1871 arm7_9->load_hword_reg(target, i);
1872 /* fast memory reads are only safe when the target is running
1873 * from a sufficiently high clock (32 kHz is usually too slow)
1875 if (arm7_9->fast_memory_access)
1876 arm7_9_execute_fast_sys_speed(target);
1878 arm7_9_execute_sys_speed(target);
1881 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1883 /* advance buffer, count number of accesses */
1884 buffer += thisrun_accesses * 2;
1885 num_accesses += thisrun_accesses;
1894 while (num_accesses < count)
1897 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1898 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1900 for (i = 1; i <= thisrun_accesses; i++)
1904 arm7_9->load_byte_reg(target, i);
1905 /* fast memory reads are only safe when the target is running
1906 * from a sufficiently high clock (32 kHz is usually too slow)
1908 if (arm7_9->fast_memory_access)
1909 arm7_9_execute_fast_sys_speed(target);
1911 arm7_9_execute_sys_speed(target);
1914 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1916 /* advance buffer, count number of accesses */
1917 buffer += thisrun_accesses * 1;
1918 num_accesses += thisrun_accesses;
1927 LOG_ERROR("BUG: we shouldn't get here");
1932 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1935 for (i=0; i<=last_reg; i++)
1936 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1938 arm7_9->read_xpsr(target, &cpsr, 0);
1939 if ((retval = jtag_execute_queue()) != ERROR_OK)
1941 LOG_ERROR("JTAG error while reading cpsr");
1942 return ERROR_TARGET_DATA_ABORT;
1945 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1947 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1949 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1951 return ERROR_TARGET_DATA_ABORT;
1957 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1959 armv4_5_common_t *armv4_5 = target->arch_info;
1960 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1961 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1964 int num_accesses = 0;
1965 int thisrun_accesses;
1971 #ifdef _DEBUG_ARM7_9_
1972 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1975 if (target->state != TARGET_HALTED)
1977 LOG_WARNING("target not halted");
1978 return ERROR_TARGET_NOT_HALTED;
1981 /* sanitize arguments */
1982 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1983 return ERROR_INVALID_ARGUMENTS;
1985 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1986 return ERROR_TARGET_UNALIGNED_ACCESS;
1988 /* load the base register with the address of the first word */
1990 arm7_9->write_core_regs(target, 0x1, reg);
1992 /* Clear DBGACK, to make sure memory fetches work as expected */
1993 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1994 embeddedice_store_reg(dbg_ctrl);
1999 while (num_accesses < count)
2002 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2003 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2005 for (i = 1; i <= thisrun_accesses; i++)
2009 reg[i] = target_buffer_get_u32(target, buffer);
2013 arm7_9->write_core_regs(target, reg_list, reg);
2015 arm7_9->store_word_regs(target, reg_list);
2017 /* fast memory writes are only safe when the target is running
2018 * from a sufficiently high clock (32 kHz is usually too slow)
2020 if (arm7_9->fast_memory_access)
2021 arm7_9_execute_fast_sys_speed(target);
2023 arm7_9_execute_sys_speed(target);
2025 num_accesses += thisrun_accesses;
2029 while (num_accesses < count)
2032 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2033 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2035 for (i = 1; i <= thisrun_accesses; i++)
2039 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2043 arm7_9->write_core_regs(target, reg_list, reg);
2045 for (i = 1; i <= thisrun_accesses; i++)
2047 arm7_9->store_hword_reg(target, i);
2049 /* fast memory writes are only safe when the target is running
2050 * from a sufficiently high clock (32 kHz is usually too slow)
2052 if (arm7_9->fast_memory_access)
2053 arm7_9_execute_fast_sys_speed(target);
2055 arm7_9_execute_sys_speed(target);
2058 num_accesses += thisrun_accesses;
2062 while (num_accesses < count)
2065 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2066 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2068 for (i = 1; i <= thisrun_accesses; i++)
2072 reg[i] = *buffer++ & 0xff;
2075 arm7_9->write_core_regs(target, reg_list, reg);
2077 for (i = 1; i <= thisrun_accesses; i++)
2079 arm7_9->store_byte_reg(target, i);
2080 /* fast memory writes are only safe when the target is running
2081 * from a sufficiently high clock (32 kHz is usually too slow)
2083 if (arm7_9->fast_memory_access)
2084 arm7_9_execute_fast_sys_speed(target);
2086 arm7_9_execute_sys_speed(target);
2089 num_accesses += thisrun_accesses;
2093 LOG_ERROR("BUG: we shouldn't get here");
2099 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2100 embeddedice_store_reg(dbg_ctrl);
2102 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2105 for (i=0; i<=last_reg; i++)
2106 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2108 arm7_9->read_xpsr(target, &cpsr, 0);
2109 if ((retval = jtag_execute_queue()) != ERROR_OK)
2111 LOG_ERROR("JTAG error while reading cpsr");
2112 return ERROR_TARGET_DATA_ABORT;
2115 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2117 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2119 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2121 return ERROR_TARGET_DATA_ABORT;
2127 static int dcc_count;
2128 static u8 *dcc_buffer;
2131 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2133 armv4_5_common_t *armv4_5 = target->arch_info;
2134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2135 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2136 int count=dcc_count;
2137 u8 *buffer=dcc_buffer;
2140 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2141 core function repeated.
2143 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2146 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2147 u8 reg_addr = ice_reg->addr & 0x1f;
2148 int chain_pos = ice_reg->jtag_info->chain_pos;
2150 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2151 buffer += (count-2)*4;
2153 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2157 for (i = 0; i < count; i++)
2159 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2164 target_halt(target);
2165 return target_wait_state(target, TARGET_HALTED, 500);
2169 static const u32 dcc_code[] =
2171 /* MRC TST BNE MRC STR B */
2172 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2175 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2178 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2180 armv4_5_common_t *armv4_5 = target->arch_info;
2181 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2184 if (!arm7_9->dcc_downloads)
2185 return target->type->write_memory(target, address, 4, count, buffer);
2187 /* regrab previously allocated working_area, or allocate a new one */
2188 if (!arm7_9->dcc_working_area)
2190 u8 dcc_code_buf[6 * 4];
2192 /* make sure we have a working area */
2193 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2195 LOG_INFO("no working area available, falling back to memory writes");
2196 return target->type->write_memory(target, address, 4, count, buffer);
2199 /* copy target instructions to target endianness */
2200 for (i = 0; i < 6; i++)
2202 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2205 /* write DCC code to working area */
2206 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2209 armv4_5_algorithm_t armv4_5_info;
2210 reg_param_t reg_params[1];
2212 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2213 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2214 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2216 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2218 buf_set_u32(reg_params[0].value, 0, 32, address);
2220 //armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params,
2221 // int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info))
2225 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2226 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2228 if (retval==ERROR_OK)
2230 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2231 if (endaddress!=(address+count*4))
2233 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2238 destroy_reg_param(®_params[0]);
2243 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2245 working_area_t *crc_algorithm;
2246 armv4_5_algorithm_t armv4_5_info;
2247 reg_param_t reg_params[2];
2250 u32 arm7_9_crc_code[] = {
2251 0xE1A02000, /* mov r2, r0 */
2252 0xE3E00000, /* mov r0, #0xffffffff */
2253 0xE1A03001, /* mov r3, r1 */
2254 0xE3A04000, /* mov r4, #0 */
2255 0xEA00000B, /* b ncomp */
2257 0xE7D21004, /* ldrb r1, [r2, r4] */
2258 0xE59F7030, /* ldr r7, CRC32XOR */
2259 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2260 0xE3A05000, /* mov r5, #0 */
2262 0xE3500000, /* cmp r0, #0 */
2263 0xE1A06080, /* mov r6, r0, asl #1 */
2264 0xE2855001, /* add r5, r5, #1 */
2265 0xE1A00006, /* mov r0, r6 */
2266 0xB0260007, /* eorlt r0, r6, r7 */
2267 0xE3550008, /* cmp r5, #8 */
2268 0x1AFFFFF8, /* bne loop */
2269 0xE2844001, /* add r4, r4, #1 */
2271 0xE1540003, /* cmp r4, r3 */
2272 0x1AFFFFF1, /* bne nbyte */
2274 0xEAFFFFFE, /* b end */
2275 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2280 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2282 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2285 /* convert flash writing code into a buffer in target endianness */
2286 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2288 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2294 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2295 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2296 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2298 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2299 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2301 buf_set_u32(reg_params[0].value, 0, 32, address);
2302 buf_set_u32(reg_params[1].value, 0, 32, count);
2304 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2305 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2307 LOG_ERROR("error executing arm7_9 crc algorithm");
2308 destroy_reg_param(®_params[0]);
2309 destroy_reg_param(®_params[1]);
2310 target_free_working_area(target, crc_algorithm);
2314 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2316 destroy_reg_param(®_params[0]);
2317 destroy_reg_param(®_params[1]);
2319 target_free_working_area(target, crc_algorithm);
2324 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2326 working_area_t *erase_check_algorithm;
2327 reg_param_t reg_params[3];
2328 armv4_5_algorithm_t armv4_5_info;
2332 u32 erase_check_code[] =
2335 0xe4d03001, /* ldrb r3, [r0], #1 */
2336 0xe0022003, /* and r2, r2, r3 */
2337 0xe2511001, /* subs r1, r1, #1 */
2338 0x1afffffb, /* bne loop */
2340 0xeafffffe /* b end */
2343 /* make sure we have a working area */
2344 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2346 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2349 /* convert flash writing code into a buffer in target endianness */
2350 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2351 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2353 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2354 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2355 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2357 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2358 buf_set_u32(reg_params[0].value, 0, 32, address);
2360 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2361 buf_set_u32(reg_params[1].value, 0, 32, count);
2363 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2364 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2366 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2367 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2369 destroy_reg_param(®_params[0]);
2370 destroy_reg_param(®_params[1]);
2371 destroy_reg_param(®_params[2]);
2372 target_free_working_area(target, erase_check_algorithm);
2376 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2378 destroy_reg_param(®_params[0]);
2379 destroy_reg_param(®_params[1]);
2380 destroy_reg_param(®_params[2]);
2382 target_free_working_area(target, erase_check_algorithm);
2387 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2389 command_t *arm7_9_cmd;
2391 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2393 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2394 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2396 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2398 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2399 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2400 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2401 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2402 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2403 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2404 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2405 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2407 armv4_5_register_commands(cmd_ctx);
2409 etm_register_commands(cmd_ctx);
2414 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2419 target_t *target = get_current_target(cmd_ctx);
2420 armv4_5_common_t *armv4_5;
2421 arm7_9_common_t *arm7_9;
2423 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2425 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2429 if (target->state != TARGET_HALTED)
2431 command_print(cmd_ctx, "can't write registers while running");
2437 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2441 value = strtoul(args[0], NULL, 0);
2442 spsr = strtol(args[1], NULL, 0);
2444 /* if we're writing the CPSR, mask the T bit */
2448 arm7_9->write_xpsr(target, value, spsr);
2449 if ((retval = jtag_execute_queue()) != ERROR_OK)
2451 LOG_ERROR("JTAG error while writing to xpsr");
2458 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2464 target_t *target = get_current_target(cmd_ctx);
2465 armv4_5_common_t *armv4_5;
2466 arm7_9_common_t *arm7_9;
2468 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2470 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2474 if (target->state != TARGET_HALTED)
2476 command_print(cmd_ctx, "can't write registers while running");
2482 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2486 value = strtoul(args[0], NULL, 0);
2487 rotate = strtol(args[1], NULL, 0);
2488 spsr = strtol(args[2], NULL, 0);
2490 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2491 if ((retval = jtag_execute_queue()) != ERROR_OK)
2493 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2500 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2505 target_t *target = get_current_target(cmd_ctx);
2506 armv4_5_common_t *armv4_5;
2507 arm7_9_common_t *arm7_9;
2509 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2511 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2515 if (target->state != TARGET_HALTED)
2517 command_print(cmd_ctx, "can't write registers while running");
2523 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2527 num = strtol(args[0], NULL, 0);
2528 mode = strtoul(args[1], NULL, 0);
2529 value = strtoul(args[2], NULL, 0);
2531 arm7_9_write_core_reg(target, num, mode, value);
2537 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2539 target_t *target = get_current_target(cmd_ctx);
2540 armv4_5_common_t *armv4_5;
2541 arm7_9_common_t *arm7_9;
2543 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2545 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2551 if (strcmp("enable", args[0]) == 0)
2553 arm7_9->use_dbgrq = 1;
2555 else if (strcmp("disable", args[0]) == 0)
2557 arm7_9->use_dbgrq = 0;
2561 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2565 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2570 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2572 target_t *target = get_current_target(cmd_ctx);
2573 armv4_5_common_t *armv4_5;
2574 arm7_9_common_t *arm7_9;
2576 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2578 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2584 if (strcmp("enable", args[0]) == 0)
2586 arm7_9->fast_memory_access = 1;
2588 else if (strcmp("disable", args[0]) == 0)
2590 arm7_9->fast_memory_access = 0;
2594 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2598 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2603 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2605 target_t *target = get_current_target(cmd_ctx);
2606 armv4_5_common_t *armv4_5;
2607 arm7_9_common_t *arm7_9;
2609 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2611 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2617 if (strcmp("enable", args[0]) == 0)
2619 arm7_9->dcc_downloads = 1;
2621 else if (strcmp("disable", args[0]) == 0)
2623 arm7_9->dcc_downloads = 0;
2627 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2631 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2636 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2638 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2640 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2642 arm_jtag_setup_connection(&arm7_9->jtag_info);
2643 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2644 arm7_9->wp_available_max = 2;
2645 arm7_9->sw_breakpoints_added = 0;
2646 arm7_9->breakpoint_count = 0;
2647 arm7_9->wp0_used = 0;
2648 arm7_9->wp1_used = 0;
2649 arm7_9->wp1_used_default = 0;
2650 arm7_9->use_dbgrq = 0;
2652 arm7_9->etm_ctx = NULL;
2653 arm7_9->has_single_step = 0;
2654 arm7_9->has_monitor_mode = 0;
2655 arm7_9->has_vector_catch = 0;
2657 arm7_9->debug_entry_from_reset = 0;
2659 arm7_9->dcc_working_area = NULL;
2661 arm7_9->fast_memory_access = fast_and_dangerous;
2662 arm7_9->dcc_downloads = fast_and_dangerous;
2664 arm7_9->need_bypass_before_restart = 0;
2666 armv4_5->arch_info = arm7_9;
2667 armv4_5->read_core_reg = arm7_9_read_core_reg;
2668 armv4_5->write_core_reg = arm7_9_write_core_reg;
2669 armv4_5->full_context = arm7_9_full_context;
2671 armv4_5_init_arch_info(target, armv4_5);
2673 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / openocd / blob