1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "replacements.h"
32 #include "embeddedice.h"
34 #include "target_request.h"
39 #include "arm7_9_common.h"
40 #include "breakpoints.h"
41 #include "time_support.h"
47 #include <sys/types.h>
52 int arm7_9_debug_entry(target_t *target);
53 int arm7_9_enable_sw_bkpts(struct target_s *target);
55 /* command handler forward declarations */
56 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
61 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
66 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
68 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
69 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
70 arm7_9->sw_breakpoints_added = 0;
72 arm7_9->wp1_used = arm7_9->wp1_used_default;
73 arm7_9->wp_available = arm7_9->wp_available_max;
75 return jtag_execute_queue();
78 /* set up embedded ice registers */
79 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
81 if (arm7_9->sw_breakpoints_added)
85 if (arm7_9->wp_available < 1)
87 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
88 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
90 arm7_9->wp_available--;
92 /* pick a breakpoint unit */
93 if (!arm7_9->wp0_used)
95 arm7_9->sw_breakpoints_added=1;
97 } else if (!arm7_9->wp1_used)
99 arm7_9->sw_breakpoints_added=2;
100 arm7_9->wp1_used = 3;
104 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
108 if (arm7_9->sw_breakpoints_added==1)
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
112 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
113 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
116 else if (arm7_9->sw_breakpoints_added==2)
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
120 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
121 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
122 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
130 return jtag_execute_queue();
133 /* set things up after a reset / on startup */
134 int arm7_9_setup(target_t *target)
136 armv4_5_common_t *armv4_5 = target->arch_info;
137 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
139 return arm7_9_clear_watchpoints(arm7_9);
143 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
145 armv4_5_common_t *armv4_5 = target->arch_info;
146 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
148 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
153 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
158 *armv4_5_p = armv4_5;
164 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
165 * might have erased the values in embedded ice
167 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
169 armv4_5_common_t *armv4_5 = target->arch_info;
170 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
173 if (target->state != TARGET_HALTED)
175 LOG_WARNING("target not halted");
176 return ERROR_TARGET_NOT_HALTED;
179 if (breakpoint->type == BKPT_HARD)
181 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
182 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
183 if (breakpoint->set==1)
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
187 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
188 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
191 else if (breakpoint->set==2)
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
195 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
196 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
197 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
201 LOG_ERROR("BUG: no hardware comparator available");
205 retval=jtag_execute_queue();
207 else if (breakpoint->type == BKPT_SOFT)
209 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
212 /* did we already set this breakpoint? */
216 if (breakpoint->length == 4)
218 u32 verify = 0xffffffff;
219 /* keep the original instruction in target endianness */
220 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
221 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
222 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
224 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
225 if (verify != arm7_9->arm_bkpt)
227 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
234 /* keep the original instruction in target endianness */
235 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
236 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
237 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
239 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
240 if (verify != arm7_9->thumb_bkpt)
242 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
253 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
255 armv4_5_common_t *armv4_5 = target->arch_info;
256 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
258 if (!breakpoint->set)
260 LOG_WARNING("breakpoint not set");
264 if (breakpoint->type == BKPT_HARD)
266 if (breakpoint->set == 1)
268 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
269 arm7_9->wp0_used = 0;
271 else if (breakpoint->set == 2)
273 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
274 arm7_9->wp1_used = 0;
276 jtag_execute_queue();
281 /* restore original instruction (kept in target endianness) */
282 if (breakpoint->length == 4)
285 /* check that user program as not modified breakpoint instruction */
286 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
287 if (current_instr==arm7_9->arm_bkpt)
288 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
293 /* check that user program as not modified breakpoint instruction */
294 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
295 if (current_instr==arm7_9->thumb_bkpt)
296 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
304 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
306 armv4_5_common_t *armv4_5 = target->arch_info;
307 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
309 if (target->state != TARGET_HALTED)
311 LOG_WARNING("target not halted");
312 return ERROR_TARGET_NOT_HALTED;
315 if (arm7_9->breakpoint_count==0)
317 /* make sure we don't have any dangling breakpoints. This is vital upon
318 * GDB connect/disconnect
320 arm7_9_clear_watchpoints(arm7_9);
323 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
325 LOG_INFO("no watchpoint unit available for hardware breakpoint");
326 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
329 if ((breakpoint->length != 2) && (breakpoint->length != 4))
331 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
332 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
335 if (breakpoint->type == BKPT_HARD)
337 arm7_9->wp_available--;
339 if (!arm7_9->wp0_used)
341 arm7_9->wp0_used = 1;
344 else if (!arm7_9->wp1_used)
346 arm7_9->wp1_used = 1;
351 LOG_ERROR("BUG: no hardware comparator available");
356 arm7_9->breakpoint_count++;
358 return arm7_9_set_breakpoint(target, breakpoint);
361 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
363 armv4_5_common_t *armv4_5 = target->arch_info;
364 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
366 arm7_9_unset_breakpoint(target, breakpoint);
368 if (breakpoint->type == BKPT_HARD)
369 arm7_9->wp_available++;
371 arm7_9->breakpoint_count--;
372 if (arm7_9->breakpoint_count==0)
374 /* make sure we don't have any dangling breakpoints */
375 arm7_9_clear_watchpoints(arm7_9);
381 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
383 armv4_5_common_t *armv4_5 = target->arch_info;
384 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
388 mask = watchpoint->length - 1;
390 if (target->state != TARGET_HALTED)
392 LOG_WARNING("target not halted");
393 return ERROR_TARGET_NOT_HALTED;
396 if (watchpoint->rw == WPT_ACCESS)
401 if (!arm7_9->wp0_used)
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
406 if( watchpoint->mask != 0xffffffffu )
407 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
409 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
411 jtag_execute_queue();
413 arm7_9->wp0_used = 2;
415 else if (!arm7_9->wp1_used)
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
420 if( watchpoint->mask != 0xffffffffu )
421 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
422 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
423 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
425 jtag_execute_queue();
427 arm7_9->wp1_used = 2;
431 LOG_ERROR("BUG: no hardware comparator available");
438 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
440 armv4_5_common_t *armv4_5 = target->arch_info;
441 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
443 if (target->state != TARGET_HALTED)
445 LOG_WARNING("target not halted");
446 return ERROR_TARGET_NOT_HALTED;
449 if (!watchpoint->set)
451 LOG_WARNING("breakpoint not set");
455 if (watchpoint->set == 1)
457 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
458 jtag_execute_queue();
459 arm7_9->wp0_used = 0;
461 else if (watchpoint->set == 2)
463 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
464 jtag_execute_queue();
465 arm7_9->wp1_used = 0;
472 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
474 armv4_5_common_t *armv4_5 = target->arch_info;
475 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
477 if (target->state != TARGET_HALTED)
479 LOG_WARNING("target not halted");
480 return ERROR_TARGET_NOT_HALTED;
483 if (arm7_9->wp_available < 1)
485 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
488 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
490 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
493 arm7_9->wp_available--;
498 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
500 armv4_5_common_t *armv4_5 = target->arch_info;
501 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
505 arm7_9_unset_watchpoint(target, watchpoint);
508 arm7_9->wp_available++;
516 int arm7_9_execute_sys_speed(struct target_s *target)
520 armv4_5_common_t *armv4_5 = target->arch_info;
521 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
522 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
523 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
525 /* set RESTART instruction */
526 jtag_add_end_state(TAP_RTI);
527 if (arm7_9->need_bypass_before_restart) {
528 arm7_9->need_bypass_before_restart = 0;
529 arm_jtag_set_instr(jtag_info, 0xf, NULL);
531 arm_jtag_set_instr(jtag_info, 0x4, NULL);
533 long long then=timeval_ms();
535 while (!(timeout=((timeval_ms()-then)>1000)))
537 /* read debug status register */
538 embeddedice_read_reg(dbg_stat);
539 if ((retval = jtag_execute_queue()) != ERROR_OK)
541 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
542 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
554 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
555 return ERROR_TARGET_TIMEOUT;
561 int arm7_9_execute_fast_sys_speed(struct target_s *target)
564 static u8 check_value[4], check_mask[4];
566 armv4_5_common_t *armv4_5 = target->arch_info;
567 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
568 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
569 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
571 /* set RESTART instruction */
572 jtag_add_end_state(TAP_RTI);
573 if (arm7_9->need_bypass_before_restart) {
574 arm7_9->need_bypass_before_restart = 0;
575 arm_jtag_set_instr(jtag_info, 0xf, NULL);
577 arm_jtag_set_instr(jtag_info, 0x4, NULL);
581 /* check for DBGACK and SYSCOMP set (others don't care) */
583 /* NB! These are constants that must be available until after next jtag_execute() and
584 we evaluate the values upon first execution in lieu of setting up these constants
587 buf_set_u32(check_value, 0, 32, 0x9);
588 buf_set_u32(check_mask, 0, 32, 0x9);
592 /* read debug status register */
593 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
598 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
600 armv4_5_common_t *armv4_5 = target->arch_info;
601 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
602 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
606 data = malloc(size * (sizeof(u32)));
608 embeddedice_receive(jtag_info, data, size);
610 for (i = 0; i < size; i++)
612 h_u32_to_le(buffer + (i * 4), data[i]);
620 int arm7_9_handle_target_request(void *priv)
622 target_t *target = priv;
623 if (!target->type->examined)
625 armv4_5_common_t *armv4_5 = target->arch_info;
626 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
627 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
628 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
631 if (!target->dbg_msg_enabled)
634 if (target->state == TARGET_RUNNING)
636 /* read DCC control register */
637 embeddedice_read_reg(dcc_control);
638 jtag_execute_queue();
641 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
645 embeddedice_receive(jtag_info, &request, 1);
646 target_request(target, request);
653 int arm7_9_poll(target_t *target)
656 armv4_5_common_t *armv4_5 = target->arch_info;
657 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
658 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
660 /* read debug status register */
661 embeddedice_read_reg(dbg_stat);
662 if ((retval = jtag_execute_queue()) != ERROR_OK)
667 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
669 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
670 if (target->state == TARGET_UNKNOWN)
672 target->state = TARGET_RUNNING;
673 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
675 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
678 if (target->state == TARGET_RESET)
680 if (target->reset_halt)
682 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
689 target->state = TARGET_HALTED;
691 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
696 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
697 u32 t=*((u32 *)reg->value);
700 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
704 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
706 if (target->state == TARGET_DEBUG_RUNNING)
708 target->state = TARGET_HALTED;
709 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
712 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
714 if (target->state != TARGET_HALTED)
716 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
721 if (target->state != TARGET_DEBUG_RUNNING)
722 target->state = TARGET_RUNNING;
729 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
730 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
731 while the core is held in reset(SRST). It isn't possible to program the halt
732 condition once reset was asserted, hence a hook that allows the target to set
733 up its reset-halt condition prior to asserting reset.
736 int arm7_9_assert_reset(target_t *target)
738 armv4_5_common_t *armv4_5 = target->arch_info;
739 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
740 LOG_DEBUG("target->state: %s",
741 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
743 if (!(jtag_reset_config & RESET_HAS_SRST))
745 LOG_ERROR("Can't assert SRST");
749 if (target->reset_halt)
752 * Some targets do not support communication while SRST is asserted. We need to
753 * set up the reset vector catch here.
755 * If TRST is asserted, then these settings will be reset anyway, so setting them
758 if (arm7_9->has_vector_catch)
760 /* program vector catch register to catch reset vector */
761 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
765 /* program watchpoint unit to match on reset vector address */
766 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
767 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
768 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
769 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
770 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
774 /* here we should issue a srst only, but we may have to assert trst as well */
775 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
777 jtag_add_reset(1, 1);
780 jtag_add_reset(0, 1);
784 target->state = TARGET_RESET;
785 jtag_add_sleep(50000);
787 armv4_5_invalidate_core_regs(target);
789 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
791 /* debug entry was already prepared in arm7_9_assert_reset() */
792 target->debug_reason = DBG_REASON_DBGRQ;
799 int arm7_9_deassert_reset(target_t *target)
802 LOG_DEBUG("target->state: %s",
803 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
806 /* deassert reset lines */
807 jtag_add_reset(0, 0);
809 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
811 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
812 /* set up embedded ice registers again */
813 if ((retval=target->type->examine(target))!=ERROR_OK)
816 if ((retval=target_poll(target))!=ERROR_OK)
821 if ((retval=target_halt(target))!=ERROR_OK)
830 int arm7_9_clear_halt(target_t *target)
832 armv4_5_common_t *armv4_5 = target->arch_info;
833 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
834 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
836 /* we used DBGRQ only if we didn't come out of reset */
837 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
839 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
841 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
842 embeddedice_store_reg(dbg_ctrl);
846 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
848 /* if we came out of reset, and vector catch is supported, we used
849 * vector catch to enter debug state
850 * restore the register in that case
852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
856 /* restore registers if watchpoint unit 0 was in use
858 if (arm7_9->wp0_used)
860 if (arm7_9->debug_entry_from_reset)
862 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
864 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
865 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
866 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
868 /* control value always has to be restored, as it was either disabled,
869 * or enabled with possibly different bits
871 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
878 int arm7_9_soft_reset_halt(struct target_s *target)
880 armv4_5_common_t *armv4_5 = target->arch_info;
881 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
882 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
883 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
887 if ((retval=target_halt(target))!=ERROR_OK)
890 long long then=timeval_ms();
892 while (!(timeout=((timeval_ms()-then)>1000)))
894 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
896 embeddedice_read_reg(dbg_stat);
897 if ((retval=jtag_execute_queue())!=ERROR_OK)
909 LOG_ERROR("Failed to halt CPU after 1 sec");
910 return ERROR_TARGET_TIMEOUT;
912 target->state = TARGET_HALTED;
914 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
915 * ensure that DBGRQ is cleared
917 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
918 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
919 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
920 embeddedice_store_reg(dbg_ctrl);
922 arm7_9_clear_halt(target);
924 /* if the target is in Thumb state, change to ARM state */
925 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
927 u32 r0_thumb, pc_thumb;
928 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
929 /* Entered debug from Thumb mode */
930 armv4_5->core_state = ARMV4_5_STATE_THUMB;
931 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
934 /* all register content is now invalid */
935 armv4_5_invalidate_core_regs(target);
937 /* SVC, ARM state, IRQ and FIQ disabled */
938 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
939 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
940 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
942 /* start fetching from 0x0 */
943 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
944 armv4_5->core_cache->reg_list[15].dirty = 1;
945 armv4_5->core_cache->reg_list[15].valid = 1;
947 armv4_5->core_mode = ARMV4_5_MODE_SVC;
948 armv4_5->core_state = ARMV4_5_STATE_ARM;
950 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
953 /* reset registers */
954 for (i = 0; i <= 14; i++)
956 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
957 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
958 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
961 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
966 int arm7_9_halt(target_t *target)
968 if (target->state==TARGET_RESET)
970 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
974 armv4_5_common_t *armv4_5 = target->arch_info;
975 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
976 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
978 LOG_DEBUG("target->state: %s",
979 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
981 if (target->state == TARGET_HALTED)
983 LOG_DEBUG("target was already halted");
987 if (target->state == TARGET_UNKNOWN)
989 LOG_WARNING("target was in unknown state when halt was requested");
992 if (arm7_9->use_dbgrq)
994 /* program EmbeddedICE Debug Control Register to assert DBGRQ
996 if (arm7_9->set_special_dbgrq) {
997 arm7_9->set_special_dbgrq(target);
999 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1000 embeddedice_store_reg(dbg_ctrl);
1005 /* program watchpoint unit to match on any address
1007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1013 target->debug_reason = DBG_REASON_DBGRQ;
1018 int arm7_9_debug_entry(target_t *target)
1023 u32 r0_thumb, pc_thumb;
1026 /* get pointers to arch-specific information */
1027 armv4_5_common_t *armv4_5 = target->arch_info;
1028 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1029 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1030 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1032 #ifdef _DEBUG_ARM7_9_
1036 if (arm7_9->pre_debug_entry)
1037 arm7_9->pre_debug_entry(target);
1039 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1040 * ensure that DBGRQ is cleared
1042 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1043 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1044 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1045 embeddedice_store_reg(dbg_ctrl);
1047 arm7_9_clear_halt(target);
1049 if ((retval = jtag_execute_queue()) != ERROR_OK)
1054 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1058 if (target->state != TARGET_HALTED)
1060 LOG_WARNING("target not halted");
1061 return ERROR_TARGET_NOT_HALTED;
1064 /* if the target is in Thumb state, change to ARM state */
1065 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1067 LOG_DEBUG("target entered debug from Thumb state");
1068 /* Entered debug from Thumb mode */
1069 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1070 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1071 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1075 LOG_DEBUG("target entered debug from ARM state");
1076 /* Entered debug from ARM mode */
1077 armv4_5->core_state = ARMV4_5_STATE_ARM;
1080 for (i = 0; i < 16; i++)
1081 context_p[i] = &context[i];
1082 /* save core registers (r0 - r15 of current core mode) */
1083 arm7_9->read_core_regs(target, 0xffff, context_p);
1085 arm7_9->read_xpsr(target, &cpsr, 0);
1087 if ((retval = jtag_execute_queue()) != ERROR_OK)
1090 /* if the core has been executing in Thumb state, set the T bit */
1091 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1094 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1095 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1096 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1098 armv4_5->core_mode = cpsr & 0x1f;
1100 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1102 target->state = TARGET_UNKNOWN;
1103 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1104 return ERROR_TARGET_FAILURE;
1107 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1109 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1111 LOG_DEBUG("thumb state, applying fixups");
1112 context[0] = r0_thumb;
1113 context[15] = pc_thumb;
1114 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1116 /* adjust value stored by STM */
1117 context[15] -= 3 * 4;
1120 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1121 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1122 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1123 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1124 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1125 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1126 else if (target->debug_reason == DBG_REASON_DBGRQ)
1127 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1130 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1133 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1136 for (i=0; i<=15; i++)
1138 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1139 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1140 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1141 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1144 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1146 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1149 /* exceptions other than USR & SYS have a saved program status register */
1150 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1153 arm7_9->read_xpsr(target, &spsr, 1);
1154 jtag_execute_queue();
1155 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1156 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1157 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1160 /* r0 and r15 (pc) have to be restored later */
1161 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1162 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1164 if ((retval = jtag_execute_queue()) != ERROR_OK)
1167 if (arm7_9->post_debug_entry)
1168 arm7_9->post_debug_entry(target);
1173 int arm7_9_full_context(target_t *target)
1177 armv4_5_common_t *armv4_5 = target->arch_info;
1178 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1182 if (target->state != TARGET_HALTED)
1184 LOG_WARNING("target not halted");
1185 return ERROR_TARGET_NOT_HALTED;
1188 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1191 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1192 * SYS shares registers with User, so we don't touch SYS
1194 for(i = 0; i < 6; i++)
1201 /* check if there are invalid registers in the current mode
1203 for (j = 0; j <= 16; j++)
1205 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1213 /* change processor mode (and mask T bit) */
1214 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1215 tmp_cpsr |= armv4_5_number_to_mode(i);
1217 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1219 for (j = 0; j < 15; j++)
1221 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1223 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1225 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1230 /* if only the PSR is invalid, mask is all zeroes */
1232 arm7_9->read_core_regs(target, mask, reg_p);
1234 /* check if the PSR has to be read */
1235 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1237 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1238 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1239 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1244 /* restore processor mode (mask T bit) */
1245 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1247 if ((retval = jtag_execute_queue()) != ERROR_OK)
1254 int arm7_9_restore_context(target_t *target)
1256 armv4_5_common_t *armv4_5 = target->arch_info;
1257 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1259 armv4_5_core_reg_t *reg_arch_info;
1260 enum armv4_5_mode current_mode = armv4_5->core_mode;
1267 if (target->state != TARGET_HALTED)
1269 LOG_WARNING("target not halted");
1270 return ERROR_TARGET_NOT_HALTED;
1273 if (arm7_9->pre_restore_context)
1274 arm7_9->pre_restore_context(target);
1276 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1279 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1280 * SYS shares registers with User, so we don't touch SYS
1282 for (i = 0; i < 6; i++)
1284 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1287 /* check if there are dirty registers in the current mode
1289 for (j = 0; j <= 16; j++)
1291 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1292 reg_arch_info = reg->arch_info;
1293 if (reg->dirty == 1)
1295 if (reg->valid == 1)
1298 LOG_DEBUG("examining dirty reg: %s", reg->name);
1299 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1300 && (reg_arch_info->mode != current_mode)
1301 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1302 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1305 LOG_DEBUG("require mode change");
1310 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1325 /* change processor mode (mask T bit) */
1326 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1327 tmp_cpsr |= armv4_5_number_to_mode(i);
1329 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1330 current_mode = armv4_5_number_to_mode(i);
1333 for (j = 0; j <= 14; j++)
1335 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1336 reg_arch_info = reg->arch_info;
1339 if (reg->dirty == 1)
1341 regs[j] = buf_get_u32(reg->value, 0, 32);
1346 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1352 arm7_9->write_core_regs(target, mask, regs);
1355 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1356 reg_arch_info = reg->arch_info;
1357 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1359 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1360 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1365 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1367 /* restore processor mode (mask T bit) */
1370 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1371 tmp_cpsr |= armv4_5_number_to_mode(i);
1373 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1374 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1376 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1378 /* CPSR has been changed, full restore necessary (mask T bit) */
1379 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1380 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1381 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1382 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1386 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1387 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1388 armv4_5->core_cache->reg_list[15].dirty = 0;
1390 if (arm7_9->post_restore_context)
1391 arm7_9->post_restore_context(target);
1396 int arm7_9_restart_core(struct target_s *target)
1398 armv4_5_common_t *armv4_5 = target->arch_info;
1399 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1400 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1402 /* set RESTART instruction */
1403 jtag_add_end_state(TAP_RTI);
1404 if (arm7_9->need_bypass_before_restart) {
1405 arm7_9->need_bypass_before_restart = 0;
1406 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1408 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1410 jtag_add_runtest(1, TAP_RTI);
1411 return jtag_execute_queue();
1414 void arm7_9_enable_watchpoints(struct target_s *target)
1416 watchpoint_t *watchpoint = target->watchpoints;
1420 if (watchpoint->set == 0)
1421 arm7_9_set_watchpoint(target, watchpoint);
1422 watchpoint = watchpoint->next;
1426 void arm7_9_enable_breakpoints(struct target_s *target)
1428 breakpoint_t *breakpoint = target->breakpoints;
1430 /* set any pending breakpoints */
1433 arm7_9_set_breakpoint(target, breakpoint);
1434 breakpoint = breakpoint->next;
1439 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1441 armv4_5_common_t *armv4_5 = target->arch_info;
1442 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1443 breakpoint_t *breakpoint = target->breakpoints;
1444 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1449 if (target->state != TARGET_HALTED)
1451 LOG_WARNING("target not halted");
1452 return ERROR_TARGET_NOT_HALTED;
1455 if (!debug_execution)
1457 target_free_all_working_areas(target);
1460 /* current = 1: continue on current pc, otherwise continue at <address> */
1462 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1464 /* the front-end may request us not to handle breakpoints */
1465 if (handle_breakpoints)
1467 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1469 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1470 arm7_9_unset_breakpoint(target, breakpoint);
1472 LOG_DEBUG("enable single-step");
1473 arm7_9->enable_single_step(target);
1475 target->debug_reason = DBG_REASON_SINGLESTEP;
1477 arm7_9_restore_context(target);
1479 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1480 arm7_9->branch_resume(target);
1481 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1483 arm7_9->branch_resume_thumb(target);
1487 LOG_ERROR("unhandled core state");
1491 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1492 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1493 err = arm7_9_execute_sys_speed(target);
1495 LOG_DEBUG("disable single-step");
1496 arm7_9->disable_single_step(target);
1498 if (err != ERROR_OK)
1500 arm7_9_set_breakpoint(target, breakpoint);
1501 target->state = TARGET_UNKNOWN;
1505 arm7_9_debug_entry(target);
1506 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1508 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1509 arm7_9_set_breakpoint(target, breakpoint);
1513 /* enable any pending breakpoints and watchpoints */
1514 arm7_9_enable_breakpoints(target);
1515 arm7_9_enable_watchpoints(target);
1517 arm7_9_restore_context(target);
1519 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1521 arm7_9->branch_resume(target);
1523 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1525 arm7_9->branch_resume_thumb(target);
1529 LOG_ERROR("unhandled core state");
1533 /* deassert DBGACK and INTDIS */
1534 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1535 /* INTDIS only when we really resume, not during debug execution */
1536 if (!debug_execution)
1537 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1538 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1540 arm7_9_restart_core(target);
1542 target->debug_reason = DBG_REASON_NOTHALTED;
1544 if (!debug_execution)
1546 /* registers are now invalid */
1547 armv4_5_invalidate_core_regs(target);
1548 target->state = TARGET_RUNNING;
1549 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1553 target->state = TARGET_DEBUG_RUNNING;
1554 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1557 LOG_DEBUG("target resumed");
1562 void arm7_9_enable_eice_step(target_t *target)
1564 armv4_5_common_t *armv4_5 = target->arch_info;
1565 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1567 /* setup an inverse breakpoint on the current PC
1568 * - comparator 1 matches the current address
1569 * - rangeout from comparator 1 is connected to comparator 0 rangein
1570 * - comparator 0 matches any address, as long as rangein is low */
1571 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1572 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1573 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1574 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1575 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1577 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1578 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1579 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1582 void arm7_9_disable_eice_step(target_t *target)
1584 armv4_5_common_t *armv4_5 = target->arch_info;
1585 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1587 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1588 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1589 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1590 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1591 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1592 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1593 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1594 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1595 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1598 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1600 armv4_5_common_t *armv4_5 = target->arch_info;
1601 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1602 breakpoint_t *breakpoint = NULL;
1605 if (target->state != TARGET_HALTED)
1607 LOG_WARNING("target not halted");
1608 return ERROR_TARGET_NOT_HALTED;
1611 /* current = 1: continue on current pc, otherwise continue at <address> */
1613 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1615 /* the front-end may request us not to handle breakpoints */
1616 if (handle_breakpoints)
1617 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1618 arm7_9_unset_breakpoint(target, breakpoint);
1620 target->debug_reason = DBG_REASON_SINGLESTEP;
1622 arm7_9_restore_context(target);
1624 arm7_9->enable_single_step(target);
1626 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1628 arm7_9->branch_resume(target);
1630 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1632 arm7_9->branch_resume_thumb(target);
1636 LOG_ERROR("unhandled core state");
1640 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1642 err = arm7_9_execute_sys_speed(target);
1643 arm7_9->disable_single_step(target);
1645 /* registers are now invalid */
1646 armv4_5_invalidate_core_regs(target);
1648 if (err != ERROR_OK)
1650 target->state = TARGET_UNKNOWN;
1652 arm7_9_debug_entry(target);
1653 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1654 LOG_DEBUG("target stepped");
1658 arm7_9_set_breakpoint(target, breakpoint);
1664 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1669 armv4_5_common_t *armv4_5 = target->arch_info;
1670 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1672 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1675 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1677 if ((num < 0) || (num > 16))
1678 return ERROR_INVALID_ARGUMENTS;
1680 if ((mode != ARMV4_5_MODE_ANY)
1681 && (mode != armv4_5->core_mode)
1682 && (reg_mode != ARMV4_5_MODE_ANY))
1686 /* change processor mode (mask T bit) */
1687 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1690 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1693 if ((num >= 0) && (num <= 15))
1695 /* read a normal core register */
1696 reg_p[num] = &value;
1698 arm7_9->read_core_regs(target, 1 << num, reg_p);
1702 /* read a program status register
1703 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1705 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1706 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1708 arm7_9->read_xpsr(target, &value, spsr);
1711 if ((retval = jtag_execute_queue()) != ERROR_OK)
1716 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1717 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1718 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1720 if ((mode != ARMV4_5_MODE_ANY)
1721 && (mode != armv4_5->core_mode)
1722 && (reg_mode != ARMV4_5_MODE_ANY)) {
1723 /* restore processor mode (mask T bit) */
1724 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1731 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1734 armv4_5_common_t *armv4_5 = target->arch_info;
1735 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1737 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1740 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1742 if ((num < 0) || (num > 16))
1743 return ERROR_INVALID_ARGUMENTS;
1745 if ((mode != ARMV4_5_MODE_ANY)
1746 && (mode != armv4_5->core_mode)
1747 && (reg_mode != ARMV4_5_MODE_ANY)) {
1750 /* change processor mode (mask T bit) */
1751 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1754 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1757 if ((num >= 0) && (num <= 15))
1759 /* write a normal core register */
1762 arm7_9->write_core_regs(target, 1 << num, reg);
1766 /* write a program status register
1767 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1769 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1770 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1772 /* if we're writing the CPSR, mask the T bit */
1776 arm7_9->write_xpsr(target, value, spsr);
1779 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1780 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1782 if ((mode != ARMV4_5_MODE_ANY)
1783 && (mode != armv4_5->core_mode)
1784 && (reg_mode != ARMV4_5_MODE_ANY)) {
1785 /* restore processor mode (mask T bit) */
1786 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1789 return jtag_execute_queue();
1792 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1794 armv4_5_common_t *armv4_5 = target->arch_info;
1795 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1798 int num_accesses = 0;
1799 int thisrun_accesses;
1805 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1807 if (target->state != TARGET_HALTED)
1809 LOG_WARNING("target not halted");
1810 return ERROR_TARGET_NOT_HALTED;
1813 /* sanitize arguments */
1814 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1815 return ERROR_INVALID_ARGUMENTS;
1817 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1818 return ERROR_TARGET_UNALIGNED_ACCESS;
1820 /* load the base register with the address of the first word */
1822 arm7_9->write_core_regs(target, 0x1, reg);
1829 while (num_accesses < count)
1832 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1833 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1835 if (last_reg <= thisrun_accesses)
1836 last_reg = thisrun_accesses;
1838 arm7_9->load_word_regs(target, reg_list);
1840 /* fast memory reads are only safe when the target is running
1841 * from a sufficiently high clock (32 kHz is usually too slow)
1843 if (arm7_9->fast_memory_access)
1844 arm7_9_execute_fast_sys_speed(target);
1846 arm7_9_execute_sys_speed(target);
1848 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1850 /* advance buffer, count number of accesses */
1851 buffer += thisrun_accesses * 4;
1852 num_accesses += thisrun_accesses;
1861 while (num_accesses < count)
1864 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1865 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1867 for (i = 1; i <= thisrun_accesses; i++)
1871 arm7_9->load_hword_reg(target, i);
1872 /* fast memory reads are only safe when the target is running
1873 * from a sufficiently high clock (32 kHz is usually too slow)
1875 if (arm7_9->fast_memory_access)
1876 arm7_9_execute_fast_sys_speed(target);
1878 arm7_9_execute_sys_speed(target);
1881 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1883 /* advance buffer, count number of accesses */
1884 buffer += thisrun_accesses * 2;
1885 num_accesses += thisrun_accesses;
1894 while (num_accesses < count)
1897 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1898 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1900 for (i = 1; i <= thisrun_accesses; i++)
1904 arm7_9->load_byte_reg(target, i);
1905 /* fast memory reads are only safe when the target is running
1906 * from a sufficiently high clock (32 kHz is usually too slow)
1908 if (arm7_9->fast_memory_access)
1909 arm7_9_execute_fast_sys_speed(target);
1911 arm7_9_execute_sys_speed(target);
1914 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1916 /* advance buffer, count number of accesses */
1917 buffer += thisrun_accesses * 1;
1918 num_accesses += thisrun_accesses;
1927 LOG_ERROR("BUG: we shouldn't get here");
1932 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1935 for (i=0; i<=last_reg; i++)
1936 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1938 arm7_9->read_xpsr(target, &cpsr, 0);
1939 if ((retval = jtag_execute_queue()) != ERROR_OK)
1941 LOG_ERROR("JTAG error while reading cpsr");
1942 return ERROR_TARGET_DATA_ABORT;
1945 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1947 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1949 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1951 return ERROR_TARGET_DATA_ABORT;
1957 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1959 armv4_5_common_t *armv4_5 = target->arch_info;
1960 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1961 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1964 int num_accesses = 0;
1965 int thisrun_accesses;
1971 #ifdef _DEBUG_ARM7_9_
1972 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1975 if (target->state != TARGET_HALTED)
1977 LOG_WARNING("target not halted");
1978 return ERROR_TARGET_NOT_HALTED;
1981 /* sanitize arguments */
1982 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1983 return ERROR_INVALID_ARGUMENTS;
1985 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1986 return ERROR_TARGET_UNALIGNED_ACCESS;
1988 /* load the base register with the address of the first word */
1990 arm7_9->write_core_regs(target, 0x1, reg);
1992 /* Clear DBGACK, to make sure memory fetches work as expected */
1993 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1994 embeddedice_store_reg(dbg_ctrl);
1999 while (num_accesses < count)
2002 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2003 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2005 for (i = 1; i <= thisrun_accesses; i++)
2009 reg[i] = target_buffer_get_u32(target, buffer);
2013 arm7_9->write_core_regs(target, reg_list, reg);
2015 arm7_9->store_word_regs(target, reg_list);
2017 /* fast memory writes are only safe when the target is running
2018 * from a sufficiently high clock (32 kHz is usually too slow)
2020 if (arm7_9->fast_memory_access)
2021 arm7_9_execute_fast_sys_speed(target);
2023 arm7_9_execute_sys_speed(target);
2025 num_accesses += thisrun_accesses;
2029 while (num_accesses < count)
2032 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2033 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2035 for (i = 1; i <= thisrun_accesses; i++)
2039 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2043 arm7_9->write_core_regs(target, reg_list, reg);
2045 for (i = 1; i <= thisrun_accesses; i++)
2047 arm7_9->store_hword_reg(target, i);
2049 /* fast memory writes are only safe when the target is running
2050 * from a sufficiently high clock (32 kHz is usually too slow)
2052 if (arm7_9->fast_memory_access)
2053 arm7_9_execute_fast_sys_speed(target);
2055 arm7_9_execute_sys_speed(target);
2058 num_accesses += thisrun_accesses;
2062 while (num_accesses < count)
2065 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2066 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2068 for (i = 1; i <= thisrun_accesses; i++)
2072 reg[i] = *buffer++ & 0xff;
2075 arm7_9->write_core_regs(target, reg_list, reg);
2077 for (i = 1; i <= thisrun_accesses; i++)
2079 arm7_9->store_byte_reg(target, i);
2080 /* fast memory writes are only safe when the target is running
2081 * from a sufficiently high clock (32 kHz is usually too slow)
2083 if (arm7_9->fast_memory_access)
2084 arm7_9_execute_fast_sys_speed(target);
2086 arm7_9_execute_sys_speed(target);
2089 num_accesses += thisrun_accesses;
2093 LOG_ERROR("BUG: we shouldn't get here");
2099 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2100 embeddedice_store_reg(dbg_ctrl);
2102 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2105 for (i=0; i<=last_reg; i++)
2106 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2108 arm7_9->read_xpsr(target, &cpsr, 0);
2109 if ((retval = jtag_execute_queue()) != ERROR_OK)
2111 LOG_ERROR("JTAG error while reading cpsr");
2112 return ERROR_TARGET_DATA_ABORT;
2115 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2117 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2119 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2121 return ERROR_TARGET_DATA_ABORT;
2127 static const u32 dcc_code[] =
2129 /* MRC TST BNE MRC STR B */
2130 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2133 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2135 armv4_5_common_t *armv4_5 = target->arch_info;
2136 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2137 enum armv4_5_state core_state = armv4_5->core_state;
2138 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2139 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2140 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2143 if (!arm7_9->dcc_downloads)
2144 return target->type->write_memory(target, address, 4, count, buffer);
2146 /* regrab previously allocated working_area, or allocate a new one */
2147 if (!arm7_9->dcc_working_area)
2149 u8 dcc_code_buf[6 * 4];
2151 /* make sure we have a working area */
2152 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2154 LOG_INFO("no working area available, falling back to memory writes");
2155 return target->type->write_memory(target, address, 4, count, buffer);
2158 /* copy target instructions to target endianness */
2159 for (i = 0; i < 6; i++)
2161 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2164 /* write DCC code to working area */
2165 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2168 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2169 armv4_5->core_cache->reg_list[0].valid = 1;
2170 armv4_5->core_cache->reg_list[0].dirty = 1;
2171 armv4_5->core_state = ARMV4_5_STATE_ARM;
2173 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2175 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2178 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2179 core function repeated.
2181 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2184 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2185 u8 reg_addr = ice_reg->addr & 0x1f;
2186 int chain_pos = ice_reg->jtag_info->chain_pos;
2188 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2189 buffer += (count-2)*4;
2191 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2194 for (i = 0; i < count; i++)
2196 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2201 target_halt(target);
2203 long long then=timeval_ms();
2205 while (!(timeout=((timeval_ms()-then)>100)))
2207 target_poll(target);
2208 if (target->state == TARGET_HALTED)
2220 LOG_ERROR("bulk write timed out, target not halted");
2221 return ERROR_TARGET_TIMEOUT;
2224 /* restore target state */
2225 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2226 armv4_5->core_cache->reg_list[0].valid = 1;
2227 armv4_5->core_cache->reg_list[0].dirty = 1;
2228 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2229 armv4_5->core_cache->reg_list[1].valid = 1;
2230 armv4_5->core_cache->reg_list[1].dirty = 1;
2231 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2232 armv4_5->core_cache->reg_list[15].valid = 1;
2233 armv4_5->core_cache->reg_list[15].dirty = 1;
2234 armv4_5->core_state = core_state;
2239 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2241 working_area_t *crc_algorithm;
2242 armv4_5_algorithm_t armv4_5_info;
2243 reg_param_t reg_params[2];
2246 u32 arm7_9_crc_code[] = {
2247 0xE1A02000, /* mov r2, r0 */
2248 0xE3E00000, /* mov r0, #0xffffffff */
2249 0xE1A03001, /* mov r3, r1 */
2250 0xE3A04000, /* mov r4, #0 */
2251 0xEA00000B, /* b ncomp */
2253 0xE7D21004, /* ldrb r1, [r2, r4] */
2254 0xE59F7030, /* ldr r7, CRC32XOR */
2255 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2256 0xE3A05000, /* mov r5, #0 */
2258 0xE3500000, /* cmp r0, #0 */
2259 0xE1A06080, /* mov r6, r0, asl #1 */
2260 0xE2855001, /* add r5, r5, #1 */
2261 0xE1A00006, /* mov r0, r6 */
2262 0xB0260007, /* eorlt r0, r6, r7 */
2263 0xE3550008, /* cmp r5, #8 */
2264 0x1AFFFFF8, /* bne loop */
2265 0xE2844001, /* add r4, r4, #1 */
2267 0xE1540003, /* cmp r4, r3 */
2268 0x1AFFFFF1, /* bne nbyte */
2270 0xEAFFFFFE, /* b end */
2271 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2276 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2278 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2281 /* convert flash writing code into a buffer in target endianness */
2282 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2283 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2285 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2286 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2287 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2289 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2290 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2292 buf_set_u32(reg_params[0].value, 0, 32, address);
2293 buf_set_u32(reg_params[1].value, 0, 32, count);
2295 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2296 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2298 LOG_ERROR("error executing arm7_9 crc algorithm");
2299 destroy_reg_param(®_params[0]);
2300 destroy_reg_param(®_params[1]);
2301 target_free_working_area(target, crc_algorithm);
2305 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2307 destroy_reg_param(®_params[0]);
2308 destroy_reg_param(®_params[1]);
2310 target_free_working_area(target, crc_algorithm);
2315 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2317 working_area_t *erase_check_algorithm;
2318 reg_param_t reg_params[3];
2319 armv4_5_algorithm_t armv4_5_info;
2323 u32 erase_check_code[] =
2326 0xe4d03001, /* ldrb r3, [r0], #1 */
2327 0xe0022003, /* and r2, r2, r3 */
2328 0xe2511001, /* subs r1, r1, #1 */
2329 0x1afffffb, /* bne loop */
2331 0xeafffffe /* b end */
2334 /* make sure we have a working area */
2335 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2337 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2340 /* convert flash writing code into a buffer in target endianness */
2341 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2342 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2344 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2345 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2346 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2348 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2349 buf_set_u32(reg_params[0].value, 0, 32, address);
2351 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2352 buf_set_u32(reg_params[1].value, 0, 32, count);
2354 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2355 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2357 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2358 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2360 destroy_reg_param(®_params[0]);
2361 destroy_reg_param(®_params[1]);
2362 destroy_reg_param(®_params[2]);
2363 target_free_working_area(target, erase_check_algorithm);
2367 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2369 destroy_reg_param(®_params[0]);
2370 destroy_reg_param(®_params[1]);
2371 destroy_reg_param(®_params[2]);
2373 target_free_working_area(target, erase_check_algorithm);
2378 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2380 command_t *arm7_9_cmd;
2382 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2384 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2385 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2387 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2389 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2390 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2391 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2392 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2393 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2394 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2395 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2396 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2398 armv4_5_register_commands(cmd_ctx);
2400 etm_register_commands(cmd_ctx);
2405 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2410 target_t *target = get_current_target(cmd_ctx);
2411 armv4_5_common_t *armv4_5;
2412 arm7_9_common_t *arm7_9;
2414 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2416 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2420 if (target->state != TARGET_HALTED)
2422 command_print(cmd_ctx, "can't write registers while running");
2428 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2432 value = strtoul(args[0], NULL, 0);
2433 spsr = strtol(args[1], NULL, 0);
2435 /* if we're writing the CPSR, mask the T bit */
2439 arm7_9->write_xpsr(target, value, spsr);
2440 if ((retval = jtag_execute_queue()) != ERROR_OK)
2442 LOG_ERROR("JTAG error while writing to xpsr");
2449 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2455 target_t *target = get_current_target(cmd_ctx);
2456 armv4_5_common_t *armv4_5;
2457 arm7_9_common_t *arm7_9;
2459 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2461 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2465 if (target->state != TARGET_HALTED)
2467 command_print(cmd_ctx, "can't write registers while running");
2473 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2477 value = strtoul(args[0], NULL, 0);
2478 rotate = strtol(args[1], NULL, 0);
2479 spsr = strtol(args[2], NULL, 0);
2481 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2482 if ((retval = jtag_execute_queue()) != ERROR_OK)
2484 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2491 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2496 target_t *target = get_current_target(cmd_ctx);
2497 armv4_5_common_t *armv4_5;
2498 arm7_9_common_t *arm7_9;
2500 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2502 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2506 if (target->state != TARGET_HALTED)
2508 command_print(cmd_ctx, "can't write registers while running");
2514 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2518 num = strtol(args[0], NULL, 0);
2519 mode = strtoul(args[1], NULL, 0);
2520 value = strtoul(args[2], NULL, 0);
2522 arm7_9_write_core_reg(target, num, mode, value);
2528 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2530 target_t *target = get_current_target(cmd_ctx);
2531 armv4_5_common_t *armv4_5;
2532 arm7_9_common_t *arm7_9;
2534 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2536 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2542 if (strcmp("enable", args[0]) == 0)
2544 arm7_9->use_dbgrq = 1;
2546 else if (strcmp("disable", args[0]) == 0)
2548 arm7_9->use_dbgrq = 0;
2552 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2556 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2561 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2563 target_t *target = get_current_target(cmd_ctx);
2564 armv4_5_common_t *armv4_5;
2565 arm7_9_common_t *arm7_9;
2567 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2569 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2575 if (strcmp("enable", args[0]) == 0)
2577 arm7_9->fast_memory_access = 1;
2579 else if (strcmp("disable", args[0]) == 0)
2581 arm7_9->fast_memory_access = 0;
2585 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2589 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2594 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2596 target_t *target = get_current_target(cmd_ctx);
2597 armv4_5_common_t *armv4_5;
2598 arm7_9_common_t *arm7_9;
2600 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2602 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2608 if (strcmp("enable", args[0]) == 0)
2610 arm7_9->dcc_downloads = 1;
2612 else if (strcmp("disable", args[0]) == 0)
2614 arm7_9->dcc_downloads = 0;
2618 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2622 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2627 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2629 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2631 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2633 arm_jtag_setup_connection(&arm7_9->jtag_info);
2634 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2635 arm7_9->wp_available_max = 2;
2636 arm7_9->sw_breakpoints_added = 0;
2637 arm7_9->breakpoint_count = 0;
2638 arm7_9->wp0_used = 0;
2639 arm7_9->wp1_used = 0;
2640 arm7_9->wp1_used_default = 0;
2641 arm7_9->use_dbgrq = 0;
2643 arm7_9->etm_ctx = NULL;
2644 arm7_9->has_single_step = 0;
2645 arm7_9->has_monitor_mode = 0;
2646 arm7_9->has_vector_catch = 0;
2648 arm7_9->debug_entry_from_reset = 0;
2650 arm7_9->dcc_working_area = NULL;
2652 arm7_9->fast_memory_access = fast_and_dangerous;
2653 arm7_9->dcc_downloads = fast_and_dangerous;
2655 arm7_9->need_bypass_before_restart = 0;
2657 armv4_5->arch_info = arm7_9;
2658 armv4_5->read_core_reg = arm7_9_read_core_reg;
2659 armv4_5->write_core_reg = arm7_9_write_core_reg;
2660 armv4_5->full_context = arm7_9_full_context;
2662 armv4_5_init_arch_info(target, armv4_5);
2664 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);