1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 * Clear watchpoints for an ARM7/9 target.
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
61 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
63 arm7_9->sw_breakpoints_added = 0;
65 arm7_9->wp1_used = arm7_9->wp1_used_default;
66 arm7_9->wp_available = arm7_9->wp_available_max;
68 return jtag_execute_queue();
72 * Assign a watchpoint to one of the two available hardware comparators in an
73 * ARM7 or ARM9 target.
75 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
76 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
80 if (!arm7_9->wp0_used)
84 arm7_9->wp_available--;
86 else if (!arm7_9->wp1_used)
90 arm7_9->wp_available--;
94 LOG_ERROR("BUG: no hardware comparator available");
99 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
101 * @param arm7_9 Pointer to common struct for ARM7/9 targets
102 * @return Error codes if there is a problem finding a watchpoint or the result
103 * of executing the JTAG queue
105 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
107 if (arm7_9->sw_breakpoints_added)
111 if (arm7_9->wp_available < 1)
113 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
114 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
116 arm7_9->wp_available--;
118 /* pick a breakpoint unit */
119 if (!arm7_9->wp0_used)
121 arm7_9->sw_breakpoints_added=1;
122 arm7_9->wp0_used = 3;
123 } else if (!arm7_9->wp1_used)
125 arm7_9->sw_breakpoints_added=2;
126 arm7_9->wp1_used = 3;
130 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
134 if (arm7_9->sw_breakpoints_added==1)
136 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
137 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
138 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
142 else if (arm7_9->sw_breakpoints_added==2)
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
152 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
156 return jtag_execute_queue();
160 * Setup the common pieces for an ARM7/9 target after reset or on startup.
162 * @param target Pointer to an ARM7/9 target to setup
163 * @return Result of clearing the watchpoints on the target
165 int arm7_9_setup(target_t *target)
167 armv4_5_common_t *armv4_5 = target->arch_info;
168 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
170 return arm7_9_clear_watchpoints(arm7_9);
174 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
175 * targets. A return of ERROR_OK signifies that the target is a valid target
176 * and that the pointers have been set properly.
178 * @param target Pointer to the target device to get the pointers from
179 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
181 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
183 * @return ERROR_OK if successful
185 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
187 armv4_5_common_t *armv4_5 = target->arch_info;
188 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
190 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
195 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
200 *armv4_5_p = armv4_5;
207 * Set either a hardware or software breakpoint on an ARM7/9 target. The
208 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
209 * might have erased the values in Embedded ICE.
211 * @param target Pointer to the target device to set the breakpoints on
212 * @param breakpoint Pointer to the breakpoint to be set
213 * @return For hardware breakpoints, this is the result of executing the JTAG
214 * queue. For software breakpoints, this will be the status of the
215 * required memory reads and writes
217 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
219 armv4_5_common_t *armv4_5 = target->arch_info;
220 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
223 if (target->state != TARGET_HALTED)
225 LOG_WARNING("target not halted");
226 return ERROR_TARGET_NOT_HALTED;
229 if (breakpoint->type == BKPT_HARD)
231 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
232 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
234 /* reassign a hw breakpoint */
235 if (breakpoint->set==0)
237 arm7_9_assign_wp(arm7_9, breakpoint);
240 if (breakpoint->set==1)
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
245 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
246 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
248 else if (breakpoint->set==2)
250 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
251 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
252 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
258 LOG_ERROR("BUG: no hardware comparator available");
262 retval=jtag_execute_queue();
264 else if (breakpoint->type == BKPT_SOFT)
266 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
269 /* did we already set this breakpoint? */
273 if (breakpoint->length == 4)
275 u32 verify = 0xffffffff;
276 /* keep the original instruction in target endianness */
277 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
281 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
282 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
287 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
291 if (verify != arm7_9->arm_bkpt)
293 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
300 /* keep the original instruction in target endianness */
301 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
305 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
306 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
311 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
315 if (verify != arm7_9->thumb_bkpt)
317 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
328 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
329 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
330 * will be updated. Otherwise, the software breakpoint will be restored to its
331 * original instruction if it hasn't already been modified.
333 * @param target Pointer to ARM7/9 target to unset the breakpoint from
334 * @param breakpoint Pointer to breakpoint to be unset
335 * @return For hardware breakpoints, this is the result of executing the JTAG
336 * queue. For software breakpoints, this will be the status of the
337 * required memory reads and writes
339 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
341 int retval = ERROR_OK;
343 armv4_5_common_t *armv4_5 = target->arch_info;
344 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
346 if (!breakpoint->set)
348 LOG_WARNING("breakpoint not set");
352 if (breakpoint->type == BKPT_HARD)
354 if (breakpoint->set == 1)
356 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
357 arm7_9->wp0_used = 0;
358 arm7_9->wp_available++;
360 else if (breakpoint->set == 2)
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
363 arm7_9->wp1_used = 0;
364 arm7_9->wp_available++;
366 retval = jtag_execute_queue();
371 /* restore original instruction (kept in target endianness) */
372 if (breakpoint->length == 4)
375 /* check that user program as not modified breakpoint instruction */
376 if ((retval = target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr)) != ERROR_OK)
380 if (current_instr==arm7_9->arm_bkpt)
381 if ((retval = target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
389 /* check that user program as not modified breakpoint instruction */
390 if ((retval = target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr)) != ERROR_OK)
394 if (current_instr==arm7_9->thumb_bkpt)
395 if ((retval = target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
407 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
408 * dangling breakpoints and that the desired breakpoint can be added.
410 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
411 * @param breakpoint Pointer to the breakpoint to be added
412 * @return An error status if there is a problem adding the breakpoint or the
413 * result of setting the breakpoint
415 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
417 armv4_5_common_t *armv4_5 = target->arch_info;
418 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
420 if (target->state != TARGET_HALTED)
422 LOG_WARNING("target not halted");
423 return ERROR_TARGET_NOT_HALTED;
426 if (arm7_9->breakpoint_count==0)
428 /* make sure we don't have any dangling breakpoints. This is vital upon
429 * GDB connect/disconnect
431 arm7_9_clear_watchpoints(arm7_9);
434 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
436 LOG_INFO("no watchpoint unit available for hardware breakpoint");
437 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
440 if ((breakpoint->length != 2) && (breakpoint->length != 4))
442 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
443 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
446 if (breakpoint->type == BKPT_HARD)
448 arm7_9_assign_wp(arm7_9, breakpoint);
451 arm7_9->breakpoint_count++;
453 return arm7_9_set_breakpoint(target, breakpoint);
457 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
458 * dangling breakpoints and updates available watchpoints if it is a hardware
461 * @param target Pointer to the target to have a breakpoint removed
462 * @param breakpoint Pointer to the breakpoint to be removed
463 * @return Error status if there was a problem unsetting the breakpoint or the
464 * watchpoints could not be cleared
466 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
468 int retval = ERROR_OK;
469 armv4_5_common_t *armv4_5 = target->arch_info;
470 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
472 if((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
477 if (breakpoint->type == BKPT_HARD)
478 arm7_9->wp_available++;
480 arm7_9->breakpoint_count--;
481 if (arm7_9->breakpoint_count==0)
483 /* make sure we don't have any dangling breakpoints */
484 if((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
494 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
495 * considered a bug to call this function when there are no available watchpoint
498 * @param target Pointer to an ARM7/9 target to set a watchpoint on
499 * @param watchpoint Pointer to the watchpoint to be set
500 * @return Error status if watchpoint set fails or the result of executing the
503 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
511 mask = watchpoint->length - 1;
513 if (target->state != TARGET_HALTED)
515 LOG_WARNING("target not halted");
516 return ERROR_TARGET_NOT_HALTED;
519 if (watchpoint->rw == WPT_ACCESS)
524 if (!arm7_9->wp0_used)
526 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
527 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
528 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
529 if( watchpoint->mask != 0xffffffffu )
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
532 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
534 if((retval = jtag_execute_queue()) != ERROR_OK)
539 arm7_9->wp0_used = 2;
541 else if (!arm7_9->wp1_used)
543 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
546 if( watchpoint->mask != 0xffffffffu )
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
551 if((retval = jtag_execute_queue()) != ERROR_OK)
556 arm7_9->wp1_used = 2;
560 LOG_ERROR("BUG: no hardware comparator available");
568 * Unset an existing watchpoint and clear the used watchpoint unit.
570 * @param target Pointer to the target to have the watchpoint removed
571 * @param watchpoint Pointer to the watchpoint to be removed
572 * @return Error status while trying to unset the watchpoint or the result of
573 * executing the JTAG queue
575 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
577 int retval = ERROR_OK;
578 armv4_5_common_t *armv4_5 = target->arch_info;
579 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
581 if (target->state != TARGET_HALTED)
583 LOG_WARNING("target not halted");
584 return ERROR_TARGET_NOT_HALTED;
587 if (!watchpoint->set)
589 LOG_WARNING("breakpoint not set");
593 if (watchpoint->set == 1)
595 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
596 if((retval = jtag_execute_queue()) != ERROR_OK)
600 arm7_9->wp0_used = 0;
602 else if (watchpoint->set == 2)
604 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
605 if((retval = jtag_execute_queue()) != ERROR_OK)
609 arm7_9->wp1_used = 0;
617 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
618 * available, an error response is returned.
620 * @param target Pointer to the ARM7/9 target to add a watchpoint to
621 * @param watchpoint Pointer to the watchpoint to be added
622 * @return Error status while trying to add the watchpoint
624 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
626 armv4_5_common_t *armv4_5 = target->arch_info;
627 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
629 if (target->state != TARGET_HALTED)
631 LOG_WARNING("target not halted");
632 return ERROR_TARGET_NOT_HALTED;
635 if (arm7_9->wp_available < 1)
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
640 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
642 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
645 arm7_9->wp_available--;
651 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
652 * the used watchpoint unit will be reopened.
654 * @param target Pointer to the target to remove a watchpoint from
655 * @param watchpoint Pointer to the watchpoint to be removed
656 * @return Result of trying to unset the watchpoint
658 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
660 int retval = ERROR_OK;
661 armv4_5_common_t *armv4_5 = target->arch_info;
662 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
666 if((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
672 arm7_9->wp_available++;
678 * Restarts the target by sending a RESTART instruction and moving the JTAG
679 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
680 * asserted by the processor.
682 * @param target Pointer to target to issue commands to
683 * @return Error status if there is a timeout or a problem while executing the
686 int arm7_9_execute_sys_speed(struct target_s *target)
690 armv4_5_common_t *armv4_5 = target->arch_info;
691 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
692 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
693 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
695 /* set RESTART instruction */
696 jtag_add_end_state(TAP_IDLE);
697 if (arm7_9->need_bypass_before_restart) {
698 arm7_9->need_bypass_before_restart = 0;
699 arm_jtag_set_instr(jtag_info, 0xf, NULL);
701 arm_jtag_set_instr(jtag_info, 0x4, NULL);
703 long long then=timeval_ms();
705 while (!(timeout=((timeval_ms()-then)>1000)))
707 /* read debug status register */
708 embeddedice_read_reg(dbg_stat);
709 if ((retval = jtag_execute_queue()) != ERROR_OK)
711 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
712 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
724 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
725 return ERROR_TARGET_TIMEOUT;
732 * Restarts the target by sending a RESTART instruction and moving the JTAG
733 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
734 * waiting until they are.
736 * @param target Pointer to the target to issue commands to
737 * @return Always ERROR_OK
739 int arm7_9_execute_fast_sys_speed(struct target_s *target)
742 static u8 check_value[4], check_mask[4];
744 armv4_5_common_t *armv4_5 = target->arch_info;
745 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
746 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
747 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
749 /* set RESTART instruction */
750 jtag_add_end_state(TAP_IDLE);
751 if (arm7_9->need_bypass_before_restart) {
752 arm7_9->need_bypass_before_restart = 0;
753 arm_jtag_set_instr(jtag_info, 0xf, NULL);
755 arm_jtag_set_instr(jtag_info, 0x4, NULL);
759 /* check for DBGACK and SYSCOMP set (others don't care) */
761 /* NB! These are constants that must be available until after next jtag_execute() and
762 * we evaluate the values upon first execution in lieu of setting up these constants
763 * during early setup.
765 buf_set_u32(check_value, 0, 32, 0x9);
766 buf_set_u32(check_mask, 0, 32, 0x9);
770 /* read debug status register */
771 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
776 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
778 armv4_5_common_t *armv4_5 = target->arch_info;
779 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
780 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
782 int retval = ERROR_OK;
785 data = malloc(size * (sizeof(u32)));
787 retval = embeddedice_receive(jtag_info, data, size);
789 for (i = 0; i < size; i++)
791 h_u32_to_le(buffer + (i * 4), data[i]);
799 int arm7_9_handle_target_request(void *priv)
801 int retval = ERROR_OK;
802 target_t *target = priv;
803 if (!target->type->examined)
805 armv4_5_common_t *armv4_5 = target->arch_info;
806 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
807 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
808 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
810 if (!target->dbg_msg_enabled)
813 if (target->state == TARGET_RUNNING)
815 /* read DCC control register */
816 embeddedice_read_reg(dcc_control);
817 if ((retval = jtag_execute_queue()) != ERROR_OK)
823 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
827 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
831 if ((retval = target_request(target, request)) != ERROR_OK)
841 int arm7_9_poll(target_t *target)
844 armv4_5_common_t *armv4_5 = target->arch_info;
845 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
846 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
848 /* read debug status register */
849 embeddedice_read_reg(dbg_stat);
850 if ((retval = jtag_execute_queue()) != ERROR_OK)
855 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
857 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
858 if (target->state == TARGET_UNKNOWN)
860 target->state = TARGET_RUNNING;
861 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
863 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
866 if (target->state == TARGET_RESET)
868 if (target->reset_halt)
870 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
877 target->state = TARGET_HALTED;
879 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
884 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
885 u32 t=*((u32 *)reg->value);
888 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
892 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
897 if (target->state == TARGET_DEBUG_RUNNING)
899 target->state = TARGET_HALTED;
900 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
903 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
908 if (target->state != TARGET_HALTED)
910 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
915 if (target->state != TARGET_DEBUG_RUNNING)
916 target->state = TARGET_RUNNING;
923 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
924 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
925 while the core is held in reset(SRST). It isn't possible to program the halt
926 condition once reset was asserted, hence a hook that allows the target to set
927 up its reset-halt condition prior to asserting reset.
930 int arm7_9_assert_reset(target_t *target)
932 armv4_5_common_t *armv4_5 = target->arch_info;
933 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
934 LOG_DEBUG("target->state: %s",
935 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
937 if (!(jtag_reset_config & RESET_HAS_SRST))
939 LOG_ERROR("Can't assert SRST");
943 if (target->reset_halt)
946 * Some targets do not support communication while SRST is asserted. We need to
947 * set up the reset vector catch here.
949 * If TRST is asserted, then these settings will be reset anyway, so setting them
952 if (arm7_9->has_vector_catch)
954 /* program vector catch register to catch reset vector */
955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
959 /* program watchpoint unit to match on reset vector address */
960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
962 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
968 /* here we should issue a srst only, but we may have to assert trst as well */
969 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
971 jtag_add_reset(1, 1);
974 jtag_add_reset(0, 1);
977 target->state = TARGET_RESET;
978 jtag_add_sleep(50000);
980 armv4_5_invalidate_core_regs(target);
982 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
984 /* debug entry was already prepared in arm7_9_assert_reset() */
985 target->debug_reason = DBG_REASON_DBGRQ;
991 int arm7_9_deassert_reset(target_t *target)
994 LOG_DEBUG("target->state: %s",
995 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
997 /* deassert reset lines */
998 jtag_add_reset(0, 0);
1000 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
1002 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1003 /* set up embedded ice registers again */
1004 if ((retval=target->type->examine(target))!=ERROR_OK)
1007 if ((retval=target_poll(target))!=ERROR_OK)
1012 if ((retval=target_halt(target))!=ERROR_OK)
1021 int arm7_9_clear_halt(target_t *target)
1023 armv4_5_common_t *armv4_5 = target->arch_info;
1024 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1025 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1027 /* we used DBGRQ only if we didn't come out of reset */
1028 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1030 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1032 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1033 embeddedice_store_reg(dbg_ctrl);
1037 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1039 /* if we came out of reset, and vector catch is supported, we used
1040 * vector catch to enter debug state
1041 * restore the register in that case
1043 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1047 /* restore registers if watchpoint unit 0 was in use
1049 if (arm7_9->wp0_used)
1051 if (arm7_9->debug_entry_from_reset)
1053 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1055 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1056 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1057 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1059 /* control value always has to be restored, as it was either disabled,
1060 * or enabled with possibly different bits
1062 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1069 int arm7_9_soft_reset_halt(struct target_s *target)
1071 armv4_5_common_t *armv4_5 = target->arch_info;
1072 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1073 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1074 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1078 if ((retval=target_halt(target))!=ERROR_OK)
1081 long long then=timeval_ms();
1083 while (!(timeout=((timeval_ms()-then)>1000)))
1085 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1087 embeddedice_read_reg(dbg_stat);
1088 if ((retval=jtag_execute_queue())!=ERROR_OK)
1100 LOG_ERROR("Failed to halt CPU after 1 sec");
1101 return ERROR_TARGET_TIMEOUT;
1103 target->state = TARGET_HALTED;
1105 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1106 * ensure that DBGRQ is cleared
1108 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1109 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1110 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1111 embeddedice_store_reg(dbg_ctrl);
1113 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1118 /* if the target is in Thumb state, change to ARM state */
1119 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1121 u32 r0_thumb, pc_thumb;
1122 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1123 /* Entered debug from Thumb mode */
1124 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1125 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1128 /* all register content is now invalid */
1129 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1134 /* SVC, ARM state, IRQ and FIQ disabled */
1135 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1136 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1137 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1139 /* start fetching from 0x0 */
1140 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1141 armv4_5->core_cache->reg_list[15].dirty = 1;
1142 armv4_5->core_cache->reg_list[15].valid = 1;
1144 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1145 armv4_5->core_state = ARMV4_5_STATE_ARM;
1147 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1150 /* reset registers */
1151 for (i = 0; i <= 14; i++)
1153 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1154 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1155 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1158 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1166 int arm7_9_halt(target_t *target)
1168 if (target->state==TARGET_RESET)
1170 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1174 armv4_5_common_t *armv4_5 = target->arch_info;
1175 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1176 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1178 LOG_DEBUG("target->state: %s",
1179 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1181 if (target->state == TARGET_HALTED)
1183 LOG_DEBUG("target was already halted");
1187 if (target->state == TARGET_UNKNOWN)
1189 LOG_WARNING("target was in unknown state when halt was requested");
1192 if (arm7_9->use_dbgrq)
1194 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1196 if (arm7_9->set_special_dbgrq) {
1197 arm7_9->set_special_dbgrq(target);
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1200 embeddedice_store_reg(dbg_ctrl);
1205 /* program watchpoint unit to match on any address
1207 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1208 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1209 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1210 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1213 target->debug_reason = DBG_REASON_DBGRQ;
1218 int arm7_9_debug_entry(target_t *target)
1223 u32 r0_thumb, pc_thumb;
1226 /* get pointers to arch-specific information */
1227 armv4_5_common_t *armv4_5 = target->arch_info;
1228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1229 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1230 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1232 #ifdef _DEBUG_ARM7_9_
1236 if (arm7_9->pre_debug_entry)
1237 arm7_9->pre_debug_entry(target);
1239 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1240 * ensure that DBGRQ is cleared
1242 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1243 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1244 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1245 embeddedice_store_reg(dbg_ctrl);
1247 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1252 if ((retval = jtag_execute_queue()) != ERROR_OK)
1257 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1261 if (target->state != TARGET_HALTED)
1263 LOG_WARNING("target not halted");
1264 return ERROR_TARGET_NOT_HALTED;
1267 /* if the target is in Thumb state, change to ARM state */
1268 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1270 LOG_DEBUG("target entered debug from Thumb state");
1271 /* Entered debug from Thumb mode */
1272 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1273 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1274 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1278 LOG_DEBUG("target entered debug from ARM state");
1279 /* Entered debug from ARM mode */
1280 armv4_5->core_state = ARMV4_5_STATE_ARM;
1283 for (i = 0; i < 16; i++)
1284 context_p[i] = &context[i];
1285 /* save core registers (r0 - r15 of current core mode) */
1286 arm7_9->read_core_regs(target, 0xffff, context_p);
1288 arm7_9->read_xpsr(target, &cpsr, 0);
1290 if ((retval = jtag_execute_queue()) != ERROR_OK)
1293 /* if the core has been executing in Thumb state, set the T bit */
1294 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1297 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1298 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1299 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1301 armv4_5->core_mode = cpsr & 0x1f;
1303 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1305 target->state = TARGET_UNKNOWN;
1306 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1307 return ERROR_TARGET_FAILURE;
1310 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1312 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1314 LOG_DEBUG("thumb state, applying fixups");
1315 context[0] = r0_thumb;
1316 context[15] = pc_thumb;
1317 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1319 /* adjust value stored by STM */
1320 context[15] -= 3 * 4;
1323 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1324 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1325 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1326 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1327 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1328 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1329 else if (target->debug_reason == DBG_REASON_DBGRQ)
1330 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1333 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1336 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1339 for (i=0; i<=15; i++)
1341 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1342 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1343 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1344 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1347 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1349 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1352 /* exceptions other than USR & SYS have a saved program status register */
1353 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1356 arm7_9->read_xpsr(target, &spsr, 1);
1357 if ((retval = jtag_execute_queue()) != ERROR_OK)
1361 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1362 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1363 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1366 /* r0 and r15 (pc) have to be restored later */
1367 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1368 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1370 if ((retval = jtag_execute_queue()) != ERROR_OK)
1373 if (arm7_9->post_debug_entry)
1374 arm7_9->post_debug_entry(target);
1379 int arm7_9_full_context(target_t *target)
1383 armv4_5_common_t *armv4_5 = target->arch_info;
1384 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1388 if (target->state != TARGET_HALTED)
1390 LOG_WARNING("target not halted");
1391 return ERROR_TARGET_NOT_HALTED;
1394 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1397 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1398 * SYS shares registers with User, so we don't touch SYS
1400 for (i = 0; i < 6; i++)
1407 /* check if there are invalid registers in the current mode
1409 for (j = 0; j <= 16; j++)
1411 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1419 /* change processor mode (and mask T bit) */
1420 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1421 tmp_cpsr |= armv4_5_number_to_mode(i);
1423 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1425 for (j = 0; j < 15; j++)
1427 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1429 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1431 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1432 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1436 /* if only the PSR is invalid, mask is all zeroes */
1438 arm7_9->read_core_regs(target, mask, reg_p);
1440 /* check if the PSR has to be read */
1441 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1443 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1444 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1445 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1450 /* restore processor mode (mask T bit) */
1451 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1453 if ((retval = jtag_execute_queue()) != ERROR_OK)
1460 int arm7_9_restore_context(target_t *target)
1462 armv4_5_common_t *armv4_5 = target->arch_info;
1463 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1465 armv4_5_core_reg_t *reg_arch_info;
1466 enum armv4_5_mode current_mode = armv4_5->core_mode;
1473 if (target->state != TARGET_HALTED)
1475 LOG_WARNING("target not halted");
1476 return ERROR_TARGET_NOT_HALTED;
1479 if (arm7_9->pre_restore_context)
1480 arm7_9->pre_restore_context(target);
1482 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1485 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1486 * SYS shares registers with User, so we don't touch SYS
1488 for (i = 0; i < 6; i++)
1490 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1493 /* check if there are dirty registers in the current mode
1495 for (j = 0; j <= 16; j++)
1497 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1498 reg_arch_info = reg->arch_info;
1499 if (reg->dirty == 1)
1501 if (reg->valid == 1)
1504 LOG_DEBUG("examining dirty reg: %s", reg->name);
1505 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1506 && (reg_arch_info->mode != current_mode)
1507 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1508 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1511 LOG_DEBUG("require mode change");
1516 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1531 /* change processor mode (mask T bit) */
1532 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1533 tmp_cpsr |= armv4_5_number_to_mode(i);
1535 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1536 current_mode = armv4_5_number_to_mode(i);
1539 for (j = 0; j <= 14; j++)
1541 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1542 reg_arch_info = reg->arch_info;
1545 if (reg->dirty == 1)
1547 regs[j] = buf_get_u32(reg->value, 0, 32);
1552 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1558 arm7_9->write_core_regs(target, mask, regs);
1561 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1562 reg_arch_info = reg->arch_info;
1563 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1565 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1566 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1571 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1573 /* restore processor mode (mask T bit) */
1576 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1577 tmp_cpsr |= armv4_5_number_to_mode(i);
1579 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1580 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1582 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1584 /* CPSR has been changed, full restore necessary (mask T bit) */
1585 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1586 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1587 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1588 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1592 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1593 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1594 armv4_5->core_cache->reg_list[15].dirty = 0;
1596 if (arm7_9->post_restore_context)
1597 arm7_9->post_restore_context(target);
1602 int arm7_9_restart_core(struct target_s *target)
1604 armv4_5_common_t *armv4_5 = target->arch_info;
1605 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1606 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1608 /* set RESTART instruction */
1609 jtag_add_end_state(TAP_IDLE);
1610 if (arm7_9->need_bypass_before_restart) {
1611 arm7_9->need_bypass_before_restart = 0;
1612 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1614 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1616 jtag_add_runtest(1, TAP_IDLE);
1617 return jtag_execute_queue();
1620 void arm7_9_enable_watchpoints(struct target_s *target)
1622 watchpoint_t *watchpoint = target->watchpoints;
1626 if (watchpoint->set == 0)
1627 arm7_9_set_watchpoint(target, watchpoint);
1628 watchpoint = watchpoint->next;
1632 void arm7_9_enable_breakpoints(struct target_s *target)
1634 breakpoint_t *breakpoint = target->breakpoints;
1636 /* set any pending breakpoints */
1639 arm7_9_set_breakpoint(target, breakpoint);
1640 breakpoint = breakpoint->next;
1644 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1646 armv4_5_common_t *armv4_5 = target->arch_info;
1647 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1648 breakpoint_t *breakpoint = target->breakpoints;
1649 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1650 int err, retval = ERROR_OK;
1654 if (target->state != TARGET_HALTED)
1656 LOG_WARNING("target not halted");
1657 return ERROR_TARGET_NOT_HALTED;
1660 if (!debug_execution)
1662 target_free_all_working_areas(target);
1665 /* current = 1: continue on current pc, otherwise continue at <address> */
1667 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1670 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1672 /* the front-end may request us not to handle breakpoints */
1673 if (handle_breakpoints)
1675 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1677 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1678 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1683 /* calculate PC of next instruction */
1685 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1688 target_read_u32(target, current_pc, ¤t_opcode);
1689 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
1693 LOG_DEBUG("enable single-step");
1694 arm7_9->enable_single_step(target, next_pc);
1696 target->debug_reason = DBG_REASON_SINGLESTEP;
1698 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1703 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1704 arm7_9->branch_resume(target);
1705 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1707 arm7_9->branch_resume_thumb(target);
1711 LOG_ERROR("unhandled core state");
1715 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1716 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1717 err = arm7_9_execute_sys_speed(target);
1719 LOG_DEBUG("disable single-step");
1720 arm7_9->disable_single_step(target);
1722 if (err != ERROR_OK)
1724 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1728 target->state = TARGET_UNKNOWN;
1732 arm7_9_debug_entry(target);
1733 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1735 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1736 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1743 /* enable any pending breakpoints and watchpoints */
1744 arm7_9_enable_breakpoints(target);
1745 arm7_9_enable_watchpoints(target);
1747 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1752 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1754 arm7_9->branch_resume(target);
1756 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1758 arm7_9->branch_resume_thumb(target);
1762 LOG_ERROR("unhandled core state");
1766 /* deassert DBGACK and INTDIS */
1767 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1768 /* INTDIS only when we really resume, not during debug execution */
1769 if (!debug_execution)
1770 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1771 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1773 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1778 target->debug_reason = DBG_REASON_NOTHALTED;
1780 if (!debug_execution)
1782 /* registers are now invalid */
1783 armv4_5_invalidate_core_regs(target);
1784 target->state = TARGET_RUNNING;
1785 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1792 target->state = TARGET_DEBUG_RUNNING;
1793 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1799 LOG_DEBUG("target resumed");
1804 void arm7_9_enable_eice_step(target_t *target, u32 next_pc)
1806 armv4_5_common_t *armv4_5 = target->arch_info;
1807 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1810 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1812 if(next_pc != current_pc)
1814 /* setup an inverse breakpoint on the current PC
1815 * - comparator 1 matches the current address
1816 * - rangeout from comparator 1 is connected to comparator 0 rangein
1817 * - comparator 0 matches any address, as long as rangein is low */
1818 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1819 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1820 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1821 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1822 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1823 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1824 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1825 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1826 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1830 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1831 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1832 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1833 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1834 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1835 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1836 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1837 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1838 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1842 void arm7_9_disable_eice_step(target_t *target)
1844 armv4_5_common_t *armv4_5 = target->arch_info;
1845 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1847 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1848 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1849 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1850 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1851 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1853 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1854 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1855 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1858 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1860 armv4_5_common_t *armv4_5 = target->arch_info;
1861 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1862 breakpoint_t *breakpoint = NULL;
1865 if (target->state != TARGET_HALTED)
1867 LOG_WARNING("target not halted");
1868 return ERROR_TARGET_NOT_HALTED;
1871 /* current = 1: continue on current pc, otherwise continue at <address> */
1873 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1876 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1878 /* the front-end may request us not to handle breakpoints */
1879 if (handle_breakpoints)
1880 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1881 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1886 target->debug_reason = DBG_REASON_SINGLESTEP;
1888 /* calculate PC of next instruction */
1890 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1893 target_read_u32(target, current_pc, ¤t_opcode);
1894 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
1898 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1903 arm7_9->enable_single_step(target, next_pc);
1905 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1907 arm7_9->branch_resume(target);
1909 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1911 arm7_9->branch_resume_thumb(target);
1915 LOG_ERROR("unhandled core state");
1919 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1924 err = arm7_9_execute_sys_speed(target);
1925 arm7_9->disable_single_step(target);
1927 /* registers are now invalid */
1928 armv4_5_invalidate_core_regs(target);
1930 if (err != ERROR_OK)
1932 target->state = TARGET_UNKNOWN;
1934 arm7_9_debug_entry(target);
1935 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1939 LOG_DEBUG("target stepped");
1943 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1951 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1956 armv4_5_common_t *armv4_5 = target->arch_info;
1957 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1959 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1962 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1964 if ((num < 0) || (num > 16))
1965 return ERROR_INVALID_ARGUMENTS;
1967 if ((mode != ARMV4_5_MODE_ANY)
1968 && (mode != armv4_5->core_mode)
1969 && (reg_mode != ARMV4_5_MODE_ANY))
1973 /* change processor mode (mask T bit) */
1974 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1977 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1980 if ((num >= 0) && (num <= 15))
1982 /* read a normal core register */
1983 reg_p[num] = &value;
1985 arm7_9->read_core_regs(target, 1 << num, reg_p);
1989 /* read a program status register
1990 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1992 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1993 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1995 arm7_9->read_xpsr(target, &value, spsr);
1998 if ((retval = jtag_execute_queue()) != ERROR_OK)
2003 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2004 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2005 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2007 if ((mode != ARMV4_5_MODE_ANY)
2008 && (mode != armv4_5->core_mode)
2009 && (reg_mode != ARMV4_5_MODE_ANY)) {
2010 /* restore processor mode (mask T bit) */
2011 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2017 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
2020 armv4_5_common_t *armv4_5 = target->arch_info;
2021 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2023 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2026 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2028 if ((num < 0) || (num > 16))
2029 return ERROR_INVALID_ARGUMENTS;
2031 if ((mode != ARMV4_5_MODE_ANY)
2032 && (mode != armv4_5->core_mode)
2033 && (reg_mode != ARMV4_5_MODE_ANY)) {
2036 /* change processor mode (mask T bit) */
2037 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2040 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2043 if ((num >= 0) && (num <= 15))
2045 /* write a normal core register */
2048 arm7_9->write_core_regs(target, 1 << num, reg);
2052 /* write a program status register
2053 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2055 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2056 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2058 /* if we're writing the CPSR, mask the T bit */
2062 arm7_9->write_xpsr(target, value, spsr);
2065 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2066 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2068 if ((mode != ARMV4_5_MODE_ANY)
2069 && (mode != armv4_5->core_mode)
2070 && (reg_mode != ARMV4_5_MODE_ANY)) {
2071 /* restore processor mode (mask T bit) */
2072 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2075 return jtag_execute_queue();
2078 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2080 armv4_5_common_t *armv4_5 = target->arch_info;
2081 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2084 u32 num_accesses = 0;
2085 int thisrun_accesses;
2091 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2093 if (target->state != TARGET_HALTED)
2095 LOG_WARNING("target not halted");
2096 return ERROR_TARGET_NOT_HALTED;
2099 /* sanitize arguments */
2100 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2101 return ERROR_INVALID_ARGUMENTS;
2103 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2104 return ERROR_TARGET_UNALIGNED_ACCESS;
2106 /* load the base register with the address of the first word */
2108 arm7_9->write_core_regs(target, 0x1, reg);
2115 while (num_accesses < count)
2118 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2119 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2121 if (last_reg <= thisrun_accesses)
2122 last_reg = thisrun_accesses;
2124 arm7_9->load_word_regs(target, reg_list);
2126 /* fast memory reads are only safe when the target is running
2127 * from a sufficiently high clock (32 kHz is usually too slow)
2129 if (arm7_9->fast_memory_access)
2130 retval = arm7_9_execute_fast_sys_speed(target);
2132 retval = arm7_9_execute_sys_speed(target);
2133 if (retval != ERROR_OK)
2136 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2138 /* advance buffer, count number of accesses */
2139 buffer += thisrun_accesses * 4;
2140 num_accesses += thisrun_accesses;
2149 while (num_accesses < count)
2152 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2153 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2155 for (i = 1; i <= thisrun_accesses; i++)
2159 arm7_9->load_hword_reg(target, i);
2160 /* fast memory reads are only safe when the target is running
2161 * from a sufficiently high clock (32 kHz is usually too slow)
2163 if (arm7_9->fast_memory_access)
2164 retval = arm7_9_execute_fast_sys_speed(target);
2166 retval = arm7_9_execute_sys_speed(target);
2167 if(retval != ERROR_OK)
2174 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2176 /* advance buffer, count number of accesses */
2177 buffer += thisrun_accesses * 2;
2178 num_accesses += thisrun_accesses;
2187 while (num_accesses < count)
2190 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2191 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2193 for (i = 1; i <= thisrun_accesses; i++)
2197 arm7_9->load_byte_reg(target, i);
2198 /* fast memory reads are only safe when the target is running
2199 * from a sufficiently high clock (32 kHz is usually too slow)
2201 if (arm7_9->fast_memory_access)
2202 retval = arm7_9_execute_fast_sys_speed(target);
2204 retval = arm7_9_execute_sys_speed(target);
2205 if(retval != ERROR_OK)
2211 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2213 /* advance buffer, count number of accesses */
2214 buffer += thisrun_accesses * 1;
2215 num_accesses += thisrun_accesses;
2224 LOG_ERROR("BUG: we shouldn't get here");
2229 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2232 for (i=0; i<=last_reg; i++)
2233 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2235 arm7_9->read_xpsr(target, &cpsr, 0);
2236 if ((retval = jtag_execute_queue()) != ERROR_OK)
2238 LOG_ERROR("JTAG error while reading cpsr");
2239 return ERROR_TARGET_DATA_ABORT;
2242 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2244 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2246 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2248 return ERROR_TARGET_DATA_ABORT;
2254 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
2256 armv4_5_common_t *armv4_5 = target->arch_info;
2257 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2258 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2261 u32 num_accesses = 0;
2262 int thisrun_accesses;
2268 #ifdef _DEBUG_ARM7_9_
2269 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2272 if (target->state != TARGET_HALTED)
2274 LOG_WARNING("target not halted");
2275 return ERROR_TARGET_NOT_HALTED;
2278 /* sanitize arguments */
2279 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2280 return ERROR_INVALID_ARGUMENTS;
2282 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2283 return ERROR_TARGET_UNALIGNED_ACCESS;
2285 /* load the base register with the address of the first word */
2287 arm7_9->write_core_regs(target, 0x1, reg);
2289 /* Clear DBGACK, to make sure memory fetches work as expected */
2290 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2291 embeddedice_store_reg(dbg_ctrl);
2296 while (num_accesses < count)
2299 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2300 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2302 for (i = 1; i <= thisrun_accesses; i++)
2306 reg[i] = target_buffer_get_u32(target, buffer);
2310 arm7_9->write_core_regs(target, reg_list, reg);
2312 arm7_9->store_word_regs(target, reg_list);
2314 /* fast memory writes are only safe when the target is running
2315 * from a sufficiently high clock (32 kHz is usually too slow)
2317 if (arm7_9->fast_memory_access)
2318 retval = arm7_9_execute_fast_sys_speed(target);
2320 retval = arm7_9_execute_sys_speed(target);
2321 if(retval != ERROR_OK)
2326 num_accesses += thisrun_accesses;
2330 while (num_accesses < count)
2333 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2334 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2336 for (i = 1; i <= thisrun_accesses; i++)
2340 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2344 arm7_9->write_core_regs(target, reg_list, reg);
2346 for (i = 1; i <= thisrun_accesses; i++)
2348 arm7_9->store_hword_reg(target, i);
2350 /* fast memory writes are only safe when the target is running
2351 * from a sufficiently high clock (32 kHz is usually too slow)
2353 if (arm7_9->fast_memory_access)
2354 retval = arm7_9_execute_fast_sys_speed(target);
2356 retval = arm7_9_execute_sys_speed(target);
2357 if(retval != ERROR_OK)
2363 num_accesses += thisrun_accesses;
2367 while (num_accesses < count)
2370 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2371 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2373 for (i = 1; i <= thisrun_accesses; i++)
2377 reg[i] = *buffer++ & 0xff;
2380 arm7_9->write_core_regs(target, reg_list, reg);
2382 for (i = 1; i <= thisrun_accesses; i++)
2384 arm7_9->store_byte_reg(target, i);
2385 /* fast memory writes are only safe when the target is running
2386 * from a sufficiently high clock (32 kHz is usually too slow)
2388 if (arm7_9->fast_memory_access)
2389 retval = arm7_9_execute_fast_sys_speed(target);
2391 retval = arm7_9_execute_sys_speed(target);
2392 if(retval != ERROR_OK)
2399 num_accesses += thisrun_accesses;
2403 LOG_ERROR("BUG: we shouldn't get here");
2409 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2410 embeddedice_store_reg(dbg_ctrl);
2412 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2415 for (i=0; i<=last_reg; i++)
2416 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2418 arm7_9->read_xpsr(target, &cpsr, 0);
2419 if ((retval = jtag_execute_queue()) != ERROR_OK)
2421 LOG_ERROR("JTAG error while reading cpsr");
2422 return ERROR_TARGET_DATA_ABORT;
2425 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2427 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2429 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2431 return ERROR_TARGET_DATA_ABORT;
2437 static int dcc_count;
2438 static u8 *dcc_buffer;
2440 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2442 int retval = ERROR_OK;
2443 armv4_5_common_t *armv4_5 = target->arch_info;
2444 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2446 if ((retval=target_wait_state(target, TARGET_DEBUG_RUNNING, 500))!=ERROR_OK)
2449 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2450 int count=dcc_count;
2451 u8 *buffer=dcc_buffer;
2454 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2455 * core function repeated. */
2456 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2459 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2460 u8 reg_addr = ice_reg->addr & 0x1f;
2462 tap = ice_reg->jtag_info->tap;
2464 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2465 buffer += (count-2)*4;
2467 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2471 for (i = 0; i < count; i++)
2473 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2478 if((retval = target_halt(target))!= ERROR_OK)
2482 return target_wait_state(target, TARGET_HALTED, 500);
2485 static const u32 dcc_code[] =
2487 /* MRC TST BNE MRC STR B */
2488 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2491 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2493 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2496 armv4_5_common_t *armv4_5 = target->arch_info;
2497 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2500 if (!arm7_9->dcc_downloads)
2501 return target->type->write_memory(target, address, 4, count, buffer);
2503 /* regrab previously allocated working_area, or allocate a new one */
2504 if (!arm7_9->dcc_working_area)
2506 u8 dcc_code_buf[6 * 4];
2508 /* make sure we have a working area */
2509 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2511 LOG_INFO("no working area available, falling back to memory writes");
2512 return target->type->write_memory(target, address, 4, count, buffer);
2515 /* copy target instructions to target endianness */
2516 for (i = 0; i < 6; i++)
2518 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2521 /* write DCC code to working area */
2522 if ((retval = target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2528 armv4_5_algorithm_t armv4_5_info;
2529 reg_param_t reg_params[1];
2531 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2532 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2533 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2535 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2537 buf_set_u32(reg_params[0].value, 0, 32, address);
2541 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2542 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2544 if (retval==ERROR_OK)
2546 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2547 if (endaddress!=(address+count*4))
2549 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2554 destroy_reg_param(®_params[0]);
2559 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2561 working_area_t *crc_algorithm;
2562 armv4_5_algorithm_t armv4_5_info;
2563 reg_param_t reg_params[2];
2566 u32 arm7_9_crc_code[] = {
2567 0xE1A02000, /* mov r2, r0 */
2568 0xE3E00000, /* mov r0, #0xffffffff */
2569 0xE1A03001, /* mov r3, r1 */
2570 0xE3A04000, /* mov r4, #0 */
2571 0xEA00000B, /* b ncomp */
2573 0xE7D21004, /* ldrb r1, [r2, r4] */
2574 0xE59F7030, /* ldr r7, CRC32XOR */
2575 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2576 0xE3A05000, /* mov r5, #0 */
2578 0xE3500000, /* cmp r0, #0 */
2579 0xE1A06080, /* mov r6, r0, asl #1 */
2580 0xE2855001, /* add r5, r5, #1 */
2581 0xE1A00006, /* mov r0, r6 */
2582 0xB0260007, /* eorlt r0, r6, r7 */
2583 0xE3550008, /* cmp r5, #8 */
2584 0x1AFFFFF8, /* bne loop */
2585 0xE2844001, /* add r4, r4, #1 */
2587 0xE1540003, /* cmp r4, r3 */
2588 0x1AFFFFF1, /* bne nbyte */
2590 0xEAFFFFFE, /* b end */
2591 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2596 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2598 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2601 /* convert flash writing code into a buffer in target endianness */
2602 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2604 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2610 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2611 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2612 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2614 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2615 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2617 buf_set_u32(reg_params[0].value, 0, 32, address);
2618 buf_set_u32(reg_params[1].value, 0, 32, count);
2620 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2621 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2623 LOG_ERROR("error executing arm7_9 crc algorithm");
2624 destroy_reg_param(®_params[0]);
2625 destroy_reg_param(®_params[1]);
2626 target_free_working_area(target, crc_algorithm);
2630 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2632 destroy_reg_param(®_params[0]);
2633 destroy_reg_param(®_params[1]);
2635 target_free_working_area(target, crc_algorithm);
2640 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2642 working_area_t *erase_check_algorithm;
2643 reg_param_t reg_params[3];
2644 armv4_5_algorithm_t armv4_5_info;
2648 u32 erase_check_code[] =
2651 0xe4d03001, /* ldrb r3, [r0], #1 */
2652 0xe0022003, /* and r2, r2, r3 */
2653 0xe2511001, /* subs r1, r1, #1 */
2654 0x1afffffb, /* bne loop */
2656 0xeafffffe /* b end */
2659 /* make sure we have a working area */
2660 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2662 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2665 /* convert flash writing code into a buffer in target endianness */
2666 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2667 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i])) != ERROR_OK)
2672 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2673 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2674 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2676 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2677 buf_set_u32(reg_params[0].value, 0, 32, address);
2679 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2680 buf_set_u32(reg_params[1].value, 0, 32, count);
2682 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2683 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2685 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2686 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2688 destroy_reg_param(®_params[0]);
2689 destroy_reg_param(®_params[1]);
2690 destroy_reg_param(®_params[2]);
2691 target_free_working_area(target, erase_check_algorithm);
2695 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2697 destroy_reg_param(®_params[0]);
2698 destroy_reg_param(®_params[1]);
2699 destroy_reg_param(®_params[2]);
2701 target_free_working_area(target, erase_check_algorithm);
2706 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2708 command_t *arm7_9_cmd;
2710 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2712 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2713 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2715 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2717 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2718 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2719 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2720 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable|disable>");
2721 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2722 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2724 armv4_5_register_commands(cmd_ctx);
2726 etm_register_commands(cmd_ctx);
2731 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2736 target_t *target = get_current_target(cmd_ctx);
2737 armv4_5_common_t *armv4_5;
2738 arm7_9_common_t *arm7_9;
2740 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2742 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2746 if (target->state != TARGET_HALTED)
2748 command_print(cmd_ctx, "can't write registers while running");
2754 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2758 value = strtoul(args[0], NULL, 0);
2759 spsr = strtol(args[1], NULL, 0);
2761 /* if we're writing the CPSR, mask the T bit */
2765 arm7_9->write_xpsr(target, value, spsr);
2766 if ((retval = jtag_execute_queue()) != ERROR_OK)
2768 LOG_ERROR("JTAG error while writing to xpsr");
2775 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2781 target_t *target = get_current_target(cmd_ctx);
2782 armv4_5_common_t *armv4_5;
2783 arm7_9_common_t *arm7_9;
2785 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2787 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2791 if (target->state != TARGET_HALTED)
2793 command_print(cmd_ctx, "can't write registers while running");
2799 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2803 value = strtoul(args[0], NULL, 0);
2804 rotate = strtol(args[1], NULL, 0);
2805 spsr = strtol(args[2], NULL, 0);
2807 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2808 if ((retval = jtag_execute_queue()) != ERROR_OK)
2810 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2817 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2822 target_t *target = get_current_target(cmd_ctx);
2823 armv4_5_common_t *armv4_5;
2824 arm7_9_common_t *arm7_9;
2826 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2828 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2832 if (target->state != TARGET_HALTED)
2834 command_print(cmd_ctx, "can't write registers while running");
2840 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2844 num = strtol(args[0], NULL, 0);
2845 mode = strtoul(args[1], NULL, 0);
2846 value = strtoul(args[2], NULL, 0);
2848 return arm7_9_write_core_reg(target, num, mode, value);
2851 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2853 target_t *target = get_current_target(cmd_ctx);
2854 armv4_5_common_t *armv4_5;
2855 arm7_9_common_t *arm7_9;
2857 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2859 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2865 if (strcmp("enable", args[0]) == 0)
2867 arm7_9->use_dbgrq = 1;
2869 else if (strcmp("disable", args[0]) == 0)
2871 arm7_9->use_dbgrq = 0;
2875 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2879 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2884 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2886 target_t *target = get_current_target(cmd_ctx);
2887 armv4_5_common_t *armv4_5;
2888 arm7_9_common_t *arm7_9;
2890 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2892 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2898 if (strcmp("enable", args[0]) == 0)
2900 arm7_9->fast_memory_access = 1;
2902 else if (strcmp("disable", args[0]) == 0)
2904 arm7_9->fast_memory_access = 0;
2908 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2912 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2917 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2919 target_t *target = get_current_target(cmd_ctx);
2920 armv4_5_common_t *armv4_5;
2921 arm7_9_common_t *arm7_9;
2923 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2925 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2931 if (strcmp("enable", args[0]) == 0)
2933 arm7_9->dcc_downloads = 1;
2935 else if (strcmp("disable", args[0]) == 0)
2937 arm7_9->dcc_downloads = 0;
2941 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2945 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2950 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2952 int retval = ERROR_OK;
2953 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2955 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2957 if((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2962 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2963 arm7_9->wp_available_max = 2;
2964 arm7_9->sw_breakpoints_added = 0;
2965 arm7_9->breakpoint_count = 0;
2966 arm7_9->wp0_used = 0;
2967 arm7_9->wp1_used = 0;
2968 arm7_9->wp1_used_default = 0;
2969 arm7_9->use_dbgrq = 0;
2971 arm7_9->etm_ctx = NULL;
2972 arm7_9->has_single_step = 0;
2973 arm7_9->has_monitor_mode = 0;
2974 arm7_9->has_vector_catch = 0;
2976 arm7_9->debug_entry_from_reset = 0;
2978 arm7_9->dcc_working_area = NULL;
2980 arm7_9->fast_memory_access = fast_and_dangerous;
2981 arm7_9->dcc_downloads = fast_and_dangerous;
2983 arm7_9->need_bypass_before_restart = 0;
2985 armv4_5->arch_info = arm7_9;
2986 armv4_5->read_core_reg = arm7_9_read_core_reg;
2987 armv4_5->write_core_reg = arm7_9_write_core_reg;
2988 armv4_5->full_context = arm7_9_full_context;
2990 if((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
2995 if((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)