1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "replacements.h"
32 #include "embeddedice.h"
34 #include "target_request.h"
39 #include "arm7_9_common.h"
40 #include "breakpoints.h"
41 #include "time_support.h"
47 #include <sys/types.h>
52 int arm7_9_debug_entry(target_t *target);
53 int arm7_9_enable_sw_bkpts(struct target_s *target);
55 /* command handler forward declarations */
56 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
61 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
66 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
68 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
69 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
70 arm7_9->sw_breakpoints_added = 0;
72 arm7_9->wp1_used = arm7_9->wp1_used_default;
73 arm7_9->wp_available = arm7_9->wp_available_max;
75 return jtag_execute_queue();
78 /* set up embedded ice registers */
79 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
81 if (arm7_9->sw_breakpoints_added)
85 if (arm7_9->wp_available < 1)
87 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
88 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
90 arm7_9->wp_available--;
92 /* pick a breakpoint unit */
93 if (!arm7_9->wp0_used)
95 arm7_9->sw_breakpoints_added=1;
97 } else if (!arm7_9->wp1_used)
99 arm7_9->sw_breakpoints_added=2;
100 arm7_9->wp1_used = 3;
104 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
108 if (arm7_9->sw_breakpoints_added==1)
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
112 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
113 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
116 else if (arm7_9->sw_breakpoints_added==2)
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
120 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
121 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
122 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
126 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
130 return jtag_execute_queue();
133 /* set things up after a reset / on startup */
134 int arm7_9_setup(target_t *target)
136 armv4_5_common_t *armv4_5 = target->arch_info;
137 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
139 return arm7_9_clear_watchpoints(arm7_9);
143 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
145 armv4_5_common_t *armv4_5 = target->arch_info;
146 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
148 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
153 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
158 *armv4_5_p = armv4_5;
164 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
165 * might have erased the values in embedded ice
167 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
169 armv4_5_common_t *armv4_5 = target->arch_info;
170 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
173 if (target->state != TARGET_HALTED)
175 LOG_WARNING("target not halted");
176 return ERROR_TARGET_NOT_HALTED;
179 if (breakpoint->type == BKPT_HARD)
181 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
182 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
183 if (breakpoint->set==1)
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
187 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
188 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
191 else if (breakpoint->set==2)
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
195 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
196 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
197 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
201 LOG_ERROR("BUG: no hardware comparator available");
205 retval=jtag_execute_queue();
207 else if (breakpoint->type == BKPT_SOFT)
209 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
212 /* did we already set this breakpoint? */
216 if (breakpoint->length == 4)
218 u32 verify = 0xffffffff;
219 /* keep the original instruction in target endianness */
220 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
221 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
222 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
224 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
225 if (verify != arm7_9->arm_bkpt)
227 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
234 /* keep the original instruction in target endianness */
235 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
236 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
237 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
239 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
240 if (verify != arm7_9->thumb_bkpt)
242 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
253 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
255 armv4_5_common_t *armv4_5 = target->arch_info;
256 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
258 if (!breakpoint->set)
260 LOG_WARNING("breakpoint not set");
264 if (breakpoint->type == BKPT_HARD)
266 if (breakpoint->set == 1)
268 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
269 arm7_9->wp0_used = 0;
271 else if (breakpoint->set == 2)
273 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
274 arm7_9->wp1_used = 0;
276 jtag_execute_queue();
281 /* restore original instruction (kept in target endianness) */
282 if (breakpoint->length == 4)
285 /* check that user program as not modified breakpoint instruction */
286 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
287 if (current_instr==arm7_9->arm_bkpt)
288 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
293 /* check that user program as not modified breakpoint instruction */
294 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
295 if (current_instr==arm7_9->thumb_bkpt)
296 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
304 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
306 armv4_5_common_t *armv4_5 = target->arch_info;
307 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
309 if (target->state != TARGET_HALTED)
311 LOG_WARNING("target not halted");
312 return ERROR_TARGET_NOT_HALTED;
315 if (arm7_9->breakpoint_count==0)
317 /* make sure we don't have any dangling breakpoints. This is vital upon
318 * GDB connect/disconnect
320 arm7_9_clear_watchpoints(arm7_9);
323 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
325 LOG_INFO("no watchpoint unit available for hardware breakpoint");
326 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
329 if ((breakpoint->length != 2) && (breakpoint->length != 4))
331 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
332 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
335 if (breakpoint->type == BKPT_HARD)
337 arm7_9->wp_available--;
339 if (!arm7_9->wp0_used)
341 arm7_9->wp0_used = 1;
344 else if (!arm7_9->wp1_used)
346 arm7_9->wp1_used = 1;
351 LOG_ERROR("BUG: no hardware comparator available");
356 arm7_9->breakpoint_count++;
358 return arm7_9_set_breakpoint(target, breakpoint);
361 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
363 armv4_5_common_t *armv4_5 = target->arch_info;
364 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
366 arm7_9_unset_breakpoint(target, breakpoint);
368 if (breakpoint->type == BKPT_HARD)
369 arm7_9->wp_available++;
371 arm7_9->breakpoint_count--;
372 if (arm7_9->breakpoint_count==0)
374 /* make sure we don't have any dangling breakpoints */
375 arm7_9_clear_watchpoints(arm7_9);
381 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
383 armv4_5_common_t *armv4_5 = target->arch_info;
384 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
388 mask = watchpoint->length - 1;
390 if (target->state != TARGET_HALTED)
392 LOG_WARNING("target not halted");
393 return ERROR_TARGET_NOT_HALTED;
396 if (watchpoint->rw == WPT_ACCESS)
401 if (!arm7_9->wp0_used)
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
406 if( watchpoint->mask != 0xffffffffu )
407 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
408 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
409 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
411 jtag_execute_queue();
413 arm7_9->wp0_used = 2;
415 else if (!arm7_9->wp1_used)
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
420 if( watchpoint->mask != 0xffffffffu )
421 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
422 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
423 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
425 jtag_execute_queue();
427 arm7_9->wp1_used = 2;
431 LOG_ERROR("BUG: no hardware comparator available");
438 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
440 armv4_5_common_t *armv4_5 = target->arch_info;
441 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
443 if (target->state != TARGET_HALTED)
445 LOG_WARNING("target not halted");
446 return ERROR_TARGET_NOT_HALTED;
449 if (!watchpoint->set)
451 LOG_WARNING("breakpoint not set");
455 if (watchpoint->set == 1)
457 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
458 jtag_execute_queue();
459 arm7_9->wp0_used = 0;
461 else if (watchpoint->set == 2)
463 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
464 jtag_execute_queue();
465 arm7_9->wp1_used = 0;
472 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
474 armv4_5_common_t *armv4_5 = target->arch_info;
475 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
477 if (target->state != TARGET_HALTED)
479 LOG_WARNING("target not halted");
480 return ERROR_TARGET_NOT_HALTED;
483 if (arm7_9->wp_available < 1)
485 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
488 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
490 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
493 arm7_9->wp_available--;
498 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
500 armv4_5_common_t *armv4_5 = target->arch_info;
501 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
505 arm7_9_unset_watchpoint(target, watchpoint);
508 arm7_9->wp_available++;
516 int arm7_9_execute_sys_speed(struct target_s *target)
520 armv4_5_common_t *armv4_5 = target->arch_info;
521 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
522 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
523 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
525 /* set RESTART instruction */
526 jtag_add_end_state(TAP_RTI);
527 if (arm7_9->need_bypass_before_restart) {
528 arm7_9->need_bypass_before_restart = 0;
529 arm_jtag_set_instr(jtag_info, 0xf, NULL);
531 arm_jtag_set_instr(jtag_info, 0x4, NULL);
533 long long then=timeval_ms();
535 while (!(timeout=((timeval_ms()-then)>1000)))
537 /* read debug status register */
538 embeddedice_read_reg(dbg_stat);
539 if ((retval = jtag_execute_queue()) != ERROR_OK)
541 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
542 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
554 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
555 return ERROR_TARGET_TIMEOUT;
561 int arm7_9_execute_fast_sys_speed(struct target_s *target)
564 static u8 check_value[4], check_mask[4];
566 armv4_5_common_t *armv4_5 = target->arch_info;
567 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
568 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
569 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
571 /* set RESTART instruction */
572 jtag_add_end_state(TAP_RTI);
573 if (arm7_9->need_bypass_before_restart) {
574 arm7_9->need_bypass_before_restart = 0;
575 arm_jtag_set_instr(jtag_info, 0xf, NULL);
577 arm_jtag_set_instr(jtag_info, 0x4, NULL);
581 /* check for DBGACK and SYSCOMP set (others don't care) */
583 /* NB! These are constants that must be available until after next jtag_execute() and
584 we evaluate the values upon first execution in lieu of setting up these constants
587 buf_set_u32(check_value, 0, 32, 0x9);
588 buf_set_u32(check_mask, 0, 32, 0x9);
592 /* read debug status register */
593 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
598 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
600 armv4_5_common_t *armv4_5 = target->arch_info;
601 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
602 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
606 data = malloc(size * (sizeof(u32)));
608 embeddedice_receive(jtag_info, data, size);
610 for (i = 0; i < size; i++)
612 h_u32_to_le(buffer + (i * 4), data[i]);
620 int arm7_9_handle_target_request(void *priv)
622 target_t *target = priv;
623 if (!target->type->examined)
625 armv4_5_common_t *armv4_5 = target->arch_info;
626 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
627 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
628 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
631 if (!target->dbg_msg_enabled)
634 if (target->state == TARGET_RUNNING)
636 /* read DCC control register */
637 embeddedice_read_reg(dcc_control);
638 jtag_execute_queue();
641 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
645 embeddedice_receive(jtag_info, &request, 1);
646 target_request(target, request);
653 int arm7_9_poll(target_t *target)
656 armv4_5_common_t *armv4_5 = target->arch_info;
657 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
658 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
660 /* read debug status register */
661 embeddedice_read_reg(dbg_stat);
662 if ((retval = jtag_execute_queue()) != ERROR_OK)
667 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
669 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
670 if (target->state == TARGET_UNKNOWN)
672 target->state = TARGET_RUNNING;
673 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
675 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
678 if (target->state == TARGET_RESET)
680 if (target->reset_halt)
682 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
689 target->state = TARGET_HALTED;
691 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
696 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
697 u32 t=*((u32 *)reg->value);
700 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
704 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
706 if (target->state == TARGET_DEBUG_RUNNING)
708 target->state = TARGET_HALTED;
709 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
712 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
714 if (target->state != TARGET_HALTED)
716 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
721 if (target->state != TARGET_DEBUG_RUNNING)
722 target->state = TARGET_RUNNING;
729 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
730 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
731 while the core is held in reset(SRST). It isn't possible to program the halt
732 condition once reset was asserted, hence a hook that allows the target to set
733 up its reset-halt condition prior to asserting reset.
736 int arm7_9_assert_reset(target_t *target)
738 armv4_5_common_t *armv4_5 = target->arch_info;
739 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
740 LOG_DEBUG("target->state: %s",
741 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
743 if (!(jtag_reset_config & RESET_HAS_SRST))
745 LOG_ERROR("Can't assert SRST");
749 if (target->reset_halt)
752 * Some targets do not support communication while SRST is asserted. We need to
753 * set up the reset vector catch here.
755 * If TRST is asserted, then these settings will be reset anyway, so setting them
758 if (arm7_9->has_vector_catch)
760 /* program vector catch register to catch reset vector */
761 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
765 /* program watchpoint unit to match on reset vector address */
766 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
767 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
768 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
769 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
770 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
774 /* here we should issue a srst only, but we may have to assert trst as well */
775 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
777 jtag_add_reset(1, 1);
780 jtag_add_reset(0, 1);
784 target->state = TARGET_RESET;
785 jtag_add_sleep(50000);
787 armv4_5_invalidate_core_regs(target);
789 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
791 /* debug entry was already prepared in arm7_9_assert_reset() */
792 target->debug_reason = DBG_REASON_DBGRQ;
799 int arm7_9_deassert_reset(target_t *target)
802 LOG_DEBUG("target->state: %s",
803 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
806 /* deassert reset lines */
807 jtag_add_reset(0, 0);
809 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
811 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
812 /* set up embedded ice registers again */
813 if ((retval=target->type->examine(target))!=ERROR_OK)
816 if ((retval=target_poll(target))!=ERROR_OK)
821 if ((retval=target_halt(target))!=ERROR_OK)
830 int arm7_9_clear_halt(target_t *target)
832 armv4_5_common_t *armv4_5 = target->arch_info;
833 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
834 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
836 /* we used DBGRQ only if we didn't come out of reset */
837 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
839 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
841 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
842 embeddedice_store_reg(dbg_ctrl);
846 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
848 /* if we came out of reset, and vector catch is supported, we used
849 * vector catch to enter debug state
850 * restore the register in that case
852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
856 /* restore registers if watchpoint unit 0 was in use
858 if (arm7_9->wp0_used)
860 if (arm7_9->debug_entry_from_reset)
862 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
864 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
865 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
866 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
868 /* control value always has to be restored, as it was either disabled,
869 * or enabled with possibly different bits
871 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
878 int arm7_9_soft_reset_halt(struct target_s *target)
880 armv4_5_common_t *armv4_5 = target->arch_info;
881 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
882 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
883 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
887 if ((retval=target_halt(target))!=ERROR_OK)
890 long long then=timeval_ms();
892 while (!(timeout=((timeval_ms()-then)>1000)))
894 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
896 embeddedice_read_reg(dbg_stat);
897 if ((retval=jtag_execute_queue())!=ERROR_OK)
909 LOG_ERROR("Failed to halt CPU after 1 sec");
910 return ERROR_TARGET_TIMEOUT;
912 target->state = TARGET_HALTED;
914 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
915 * ensure that DBGRQ is cleared
917 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
918 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
919 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
920 embeddedice_store_reg(dbg_ctrl);
922 arm7_9_clear_halt(target);
924 /* if the target is in Thumb state, change to ARM state */
925 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
927 u32 r0_thumb, pc_thumb;
928 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
929 /* Entered debug from Thumb mode */
930 armv4_5->core_state = ARMV4_5_STATE_THUMB;
931 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
934 /* all register content is now invalid */
935 armv4_5_invalidate_core_regs(target);
937 /* SVC, ARM state, IRQ and FIQ disabled */
938 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
939 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
940 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
942 /* start fetching from 0x0 */
943 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
944 armv4_5->core_cache->reg_list[15].dirty = 1;
945 armv4_5->core_cache->reg_list[15].valid = 1;
947 armv4_5->core_mode = ARMV4_5_MODE_SVC;
948 armv4_5->core_state = ARMV4_5_STATE_ARM;
950 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
953 /* reset registers */
954 for (i = 0; i <= 14; i++)
956 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
957 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
958 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
961 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
966 int arm7_9_halt(target_t *target)
968 if (target->state==TARGET_RESET)
970 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
974 armv4_5_common_t *armv4_5 = target->arch_info;
975 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
976 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
978 LOG_DEBUG("target->state: %s",
979 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
981 if (target->state == TARGET_HALTED)
983 LOG_DEBUG("target was already halted");
987 if (target->state == TARGET_UNKNOWN)
989 LOG_WARNING("target was in unknown state when halt was requested");
992 if (arm7_9->use_dbgrq)
994 /* program EmbeddedICE Debug Control Register to assert DBGRQ
996 if (arm7_9->set_special_dbgrq) {
997 arm7_9->set_special_dbgrq(target);
999 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1000 embeddedice_store_reg(dbg_ctrl);
1005 /* program watchpoint unit to match on any address
1007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1013 target->debug_reason = DBG_REASON_DBGRQ;
1018 int arm7_9_debug_entry(target_t *target)
1023 u32 r0_thumb, pc_thumb;
1026 /* get pointers to arch-specific information */
1027 armv4_5_common_t *armv4_5 = target->arch_info;
1028 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1029 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1030 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1032 #ifdef _DEBUG_ARM7_9_
1036 if (arm7_9->pre_debug_entry)
1037 arm7_9->pre_debug_entry(target);
1039 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1040 * ensure that DBGRQ is cleared
1042 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1043 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1044 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1045 embeddedice_store_reg(dbg_ctrl);
1047 arm7_9_clear_halt(target);
1049 if ((retval = jtag_execute_queue()) != ERROR_OK)
1054 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1058 if (target->state != TARGET_HALTED)
1060 LOG_WARNING("target not halted");
1061 return ERROR_TARGET_NOT_HALTED;
1064 /* if the target is in Thumb state, change to ARM state */
1065 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1067 LOG_DEBUG("target entered debug from Thumb state");
1068 /* Entered debug from Thumb mode */
1069 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1070 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1071 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1075 LOG_DEBUG("target entered debug from ARM state");
1076 /* Entered debug from ARM mode */
1077 armv4_5->core_state = ARMV4_5_STATE_ARM;
1080 for (i = 0; i < 16; i++)
1081 context_p[i] = &context[i];
1082 /* save core registers (r0 - r15 of current core mode) */
1083 arm7_9->read_core_regs(target, 0xffff, context_p);
1085 arm7_9->read_xpsr(target, &cpsr, 0);
1087 if ((retval = jtag_execute_queue()) != ERROR_OK)
1090 /* if the core has been executing in Thumb state, set the T bit */
1091 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1094 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1095 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1096 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1098 armv4_5->core_mode = cpsr & 0x1f;
1100 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1102 target->state = TARGET_UNKNOWN;
1103 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1104 return ERROR_TARGET_FAILURE;
1107 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1109 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1111 LOG_DEBUG("thumb state, applying fixups");
1112 context[0] = r0_thumb;
1113 context[15] = pc_thumb;
1114 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1116 /* adjust value stored by STM */
1117 context[15] -= 3 * 4;
1120 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1121 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1122 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1123 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1124 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1125 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1126 else if (target->debug_reason == DBG_REASON_DBGRQ)
1127 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1130 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1133 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1136 for (i=0; i<=15; i++)
1138 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1139 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1140 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1141 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1144 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1146 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1149 /* exceptions other than USR & SYS have a saved program status register */
1150 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1153 arm7_9->read_xpsr(target, &spsr, 1);
1154 jtag_execute_queue();
1155 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1156 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1157 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1160 /* r0 and r15 (pc) have to be restored later */
1161 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1162 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1164 if ((retval = jtag_execute_queue()) != ERROR_OK)
1167 if (arm7_9->post_debug_entry)
1168 arm7_9->post_debug_entry(target);
1173 int arm7_9_full_context(target_t *target)
1177 armv4_5_common_t *armv4_5 = target->arch_info;
1178 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1182 if (target->state != TARGET_HALTED)
1184 LOG_WARNING("target not halted");
1185 return ERROR_TARGET_NOT_HALTED;
1188 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1191 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1192 * SYS shares registers with User, so we don't touch SYS
1194 for(i = 0; i < 6; i++)
1201 /* check if there are invalid registers in the current mode
1203 for (j = 0; j <= 16; j++)
1205 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1213 /* change processor mode (and mask T bit) */
1214 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1215 tmp_cpsr |= armv4_5_number_to_mode(i);
1217 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1219 for (j = 0; j < 15; j++)
1221 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1223 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1225 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1230 /* if only the PSR is invalid, mask is all zeroes */
1232 arm7_9->read_core_regs(target, mask, reg_p);
1234 /* check if the PSR has to be read */
1235 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1237 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1238 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1239 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1244 /* restore processor mode (mask T bit) */
1245 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1247 if ((retval = jtag_execute_queue()) != ERROR_OK)
1254 int arm7_9_restore_context(target_t *target)
1256 armv4_5_common_t *armv4_5 = target->arch_info;
1257 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1259 armv4_5_core_reg_t *reg_arch_info;
1260 enum armv4_5_mode current_mode = armv4_5->core_mode;
1267 if (target->state != TARGET_HALTED)
1269 LOG_WARNING("target not halted");
1270 return ERROR_TARGET_NOT_HALTED;
1273 if (arm7_9->pre_restore_context)
1274 arm7_9->pre_restore_context(target);
1276 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1279 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1280 * SYS shares registers with User, so we don't touch SYS
1282 for (i = 0; i < 6; i++)
1284 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1287 /* check if there are dirty registers in the current mode
1289 for (j = 0; j <= 16; j++)
1291 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1292 reg_arch_info = reg->arch_info;
1293 if (reg->dirty == 1)
1295 if (reg->valid == 1)
1298 LOG_DEBUG("examining dirty reg: %s", reg->name);
1299 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1300 && (reg_arch_info->mode != current_mode)
1301 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1302 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1305 LOG_DEBUG("require mode change");
1310 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1325 /* change processor mode (mask T bit) */
1326 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1327 tmp_cpsr |= armv4_5_number_to_mode(i);
1329 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1330 current_mode = armv4_5_number_to_mode(i);
1333 for (j = 0; j <= 14; j++)
1335 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1336 reg_arch_info = reg->arch_info;
1339 if (reg->dirty == 1)
1341 regs[j] = buf_get_u32(reg->value, 0, 32);
1346 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1352 arm7_9->write_core_regs(target, mask, regs);
1355 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1356 reg_arch_info = reg->arch_info;
1357 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1359 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1360 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1365 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1367 /* restore processor mode (mask T bit) */
1370 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1371 tmp_cpsr |= armv4_5_number_to_mode(i);
1373 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1374 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1376 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1378 /* CPSR has been changed, full restore necessary (mask T bit) */
1379 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1380 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1381 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1382 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1386 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1387 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1388 armv4_5->core_cache->reg_list[15].dirty = 0;
1390 if (arm7_9->post_restore_context)
1391 arm7_9->post_restore_context(target);
1396 int arm7_9_restart_core(struct target_s *target)
1398 armv4_5_common_t *armv4_5 = target->arch_info;
1399 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1400 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1402 /* set RESTART instruction */
1403 jtag_add_end_state(TAP_RTI);
1404 if (arm7_9->need_bypass_before_restart) {
1405 arm7_9->need_bypass_before_restart = 0;
1406 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1408 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1410 jtag_add_runtest(1, TAP_RTI);
1411 return jtag_execute_queue();
1414 void arm7_9_enable_watchpoints(struct target_s *target)
1416 watchpoint_t *watchpoint = target->watchpoints;
1420 if (watchpoint->set == 0)
1421 arm7_9_set_watchpoint(target, watchpoint);
1422 watchpoint = watchpoint->next;
1426 void arm7_9_enable_breakpoints(struct target_s *target)
1428 breakpoint_t *breakpoint = target->breakpoints;
1430 /* set any pending breakpoints */
1433 arm7_9_set_breakpoint(target, breakpoint);
1434 breakpoint = breakpoint->next;
1439 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1441 armv4_5_common_t *armv4_5 = target->arch_info;
1442 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1443 breakpoint_t *breakpoint = target->breakpoints;
1444 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1449 if (target->state != TARGET_HALTED)
1451 LOG_WARNING("target not halted");
1452 return ERROR_TARGET_NOT_HALTED;
1455 if (!debug_execution)
1457 target_free_all_working_areas(target);
1460 /* current = 1: continue on current pc, otherwise continue at <address> */
1462 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1464 /* the front-end may request us not to handle breakpoints */
1465 if (handle_breakpoints)
1467 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1469 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1470 arm7_9_unset_breakpoint(target, breakpoint);
1472 LOG_DEBUG("enable single-step");
1473 arm7_9->enable_single_step(target);
1475 target->debug_reason = DBG_REASON_SINGLESTEP;
1477 arm7_9_restore_context(target);
1479 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1480 arm7_9->branch_resume(target);
1481 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1483 arm7_9->branch_resume_thumb(target);
1487 LOG_ERROR("unhandled core state");
1491 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1492 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1493 err = arm7_9_execute_sys_speed(target);
1495 LOG_DEBUG("disable single-step");
1496 arm7_9->disable_single_step(target);
1498 if (err != ERROR_OK)
1500 arm7_9_set_breakpoint(target, breakpoint);
1501 target->state = TARGET_UNKNOWN;
1505 arm7_9_debug_entry(target);
1506 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1508 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1509 arm7_9_set_breakpoint(target, breakpoint);
1513 /* enable any pending breakpoints and watchpoints */
1514 arm7_9_enable_breakpoints(target);
1515 arm7_9_enable_watchpoints(target);
1517 arm7_9_restore_context(target);
1519 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1521 arm7_9->branch_resume(target);
1523 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1525 arm7_9->branch_resume_thumb(target);
1529 LOG_ERROR("unhandled core state");
1533 /* deassert DBGACK and INTDIS */
1534 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1535 /* INTDIS only when we really resume, not during debug execution */
1536 if (!debug_execution)
1537 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1538 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1540 arm7_9_restart_core(target);
1542 target->debug_reason = DBG_REASON_NOTHALTED;
1544 if (!debug_execution)
1546 /* registers are now invalid */
1547 armv4_5_invalidate_core_regs(target);
1548 target->state = TARGET_RUNNING;
1549 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1553 target->state = TARGET_DEBUG_RUNNING;
1554 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1557 LOG_DEBUG("target resumed");
1562 void arm7_9_enable_eice_step(target_t *target)
1564 armv4_5_common_t *armv4_5 = target->arch_info;
1565 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1567 /* setup an inverse breakpoint on the current PC
1568 * - comparator 1 matches the current address
1569 * - rangeout from comparator 1 is connected to comparator 0 rangein
1570 * - comparator 0 matches any address, as long as rangein is low */
1571 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1572 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1573 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1574 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1575 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1577 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1578 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1579 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1582 void arm7_9_disable_eice_step(target_t *target)
1584 armv4_5_common_t *armv4_5 = target->arch_info;
1585 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1587 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1588 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1589 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1590 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1591 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1592 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1593 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1594 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1595 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1598 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1600 armv4_5_common_t *armv4_5 = target->arch_info;
1601 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1602 breakpoint_t *breakpoint = NULL;
1605 if (target->state != TARGET_HALTED)
1607 LOG_WARNING("target not halted");
1608 return ERROR_TARGET_NOT_HALTED;
1611 /* current = 1: continue on current pc, otherwise continue at <address> */
1613 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1615 /* the front-end may request us not to handle breakpoints */
1616 if (handle_breakpoints)
1617 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1618 arm7_9_unset_breakpoint(target, breakpoint);
1620 target->debug_reason = DBG_REASON_SINGLESTEP;
1622 arm7_9_restore_context(target);
1624 arm7_9->enable_single_step(target);
1626 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1628 arm7_9->branch_resume(target);
1630 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1632 arm7_9->branch_resume_thumb(target);
1636 LOG_ERROR("unhandled core state");
1640 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1642 err = arm7_9_execute_sys_speed(target);
1643 arm7_9->disable_single_step(target);
1645 /* registers are now invalid */
1646 armv4_5_invalidate_core_regs(target);
1648 if (err != ERROR_OK)
1650 target->state = TARGET_UNKNOWN;
1652 arm7_9_debug_entry(target);
1653 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1654 LOG_DEBUG("target stepped");
1658 arm7_9_set_breakpoint(target, breakpoint);
1664 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1669 armv4_5_common_t *armv4_5 = target->arch_info;
1670 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1672 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1675 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1677 if ((num < 0) || (num > 16))
1678 return ERROR_INVALID_ARGUMENTS;
1680 if ((mode != ARMV4_5_MODE_ANY)
1681 && (mode != armv4_5->core_mode)
1682 && (reg_mode != ARMV4_5_MODE_ANY))
1686 /* change processor mode (mask T bit) */
1687 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1690 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1693 if ((num >= 0) && (num <= 15))
1695 /* read a normal core register */
1696 reg_p[num] = &value;
1698 arm7_9->read_core_regs(target, 1 << num, reg_p);
1702 /* read a program status register
1703 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1705 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1706 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1708 arm7_9->read_xpsr(target, &value, spsr);
1711 if ((retval = jtag_execute_queue()) != ERROR_OK)
1716 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1717 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1718 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1720 if ((mode != ARMV4_5_MODE_ANY)
1721 && (mode != armv4_5->core_mode)
1722 && (reg_mode != ARMV4_5_MODE_ANY)) {
1723 /* restore processor mode (mask T bit) */
1724 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1731 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1734 armv4_5_common_t *armv4_5 = target->arch_info;
1735 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1737 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1740 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1742 if ((num < 0) || (num > 16))
1743 return ERROR_INVALID_ARGUMENTS;
1745 if ((mode != ARMV4_5_MODE_ANY)
1746 && (mode != armv4_5->core_mode)
1747 && (reg_mode != ARMV4_5_MODE_ANY)) {
1750 /* change processor mode (mask T bit) */
1751 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1754 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1757 if ((num >= 0) && (num <= 15))
1759 /* write a normal core register */
1762 arm7_9->write_core_regs(target, 1 << num, reg);
1766 /* write a program status register
1767 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1769 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1770 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1772 /* if we're writing the CPSR, mask the T bit */
1776 arm7_9->write_xpsr(target, value, spsr);
1779 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1780 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1782 if ((mode != ARMV4_5_MODE_ANY)
1783 && (mode != armv4_5->core_mode)
1784 && (reg_mode != ARMV4_5_MODE_ANY)) {
1785 /* restore processor mode (mask T bit) */
1786 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1789 return jtag_execute_queue();
1792 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1794 armv4_5_common_t *armv4_5 = target->arch_info;
1795 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1798 int num_accesses = 0;
1799 int thisrun_accesses;
1805 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1807 if (target->state != TARGET_HALTED)
1809 LOG_WARNING("target not halted");
1810 return ERROR_TARGET_NOT_HALTED;
1813 /* sanitize arguments */
1814 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1815 return ERROR_INVALID_ARGUMENTS;
1817 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1818 return ERROR_TARGET_UNALIGNED_ACCESS;
1820 /* load the base register with the address of the first word */
1822 arm7_9->write_core_regs(target, 0x1, reg);
1827 while (num_accesses < count)
1830 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1831 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1833 if (last_reg <= thisrun_accesses)
1834 last_reg = thisrun_accesses;
1836 arm7_9->load_word_regs(target, reg_list);
1838 /* fast memory reads are only safe when the target is running
1839 * from a sufficiently high clock (32 kHz is usually too slow)
1841 if (arm7_9->fast_memory_access)
1842 arm7_9_execute_fast_sys_speed(target);
1844 arm7_9_execute_sys_speed(target);
1846 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1848 /* advance buffer, count number of accesses */
1849 buffer += thisrun_accesses * 4;
1850 num_accesses += thisrun_accesses;
1854 while (num_accesses < count)
1857 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1858 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1860 for (i = 1; i <= thisrun_accesses; i++)
1864 arm7_9->load_hword_reg(target, i);
1865 /* fast memory reads are only safe when the target is running
1866 * from a sufficiently high clock (32 kHz is usually too slow)
1868 if (arm7_9->fast_memory_access)
1869 arm7_9_execute_fast_sys_speed(target);
1871 arm7_9_execute_sys_speed(target);
1874 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1876 /* advance buffer, count number of accesses */
1877 buffer += thisrun_accesses * 2;
1878 num_accesses += thisrun_accesses;
1882 while (num_accesses < count)
1885 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1886 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1888 for (i = 1; i <= thisrun_accesses; i++)
1892 arm7_9->load_byte_reg(target, i);
1893 /* fast memory reads are only safe when the target is running
1894 * from a sufficiently high clock (32 kHz is usually too slow)
1896 if (arm7_9->fast_memory_access)
1897 arm7_9_execute_fast_sys_speed(target);
1899 arm7_9_execute_sys_speed(target);
1902 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1904 /* advance buffer, count number of accesses */
1905 buffer += thisrun_accesses * 1;
1906 num_accesses += thisrun_accesses;
1910 LOG_ERROR("BUG: we shouldn't get here");
1915 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1918 for (i=0; i<=last_reg; i++)
1919 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1921 arm7_9->read_xpsr(target, &cpsr, 0);
1922 if ((retval = jtag_execute_queue()) != ERROR_OK)
1924 LOG_ERROR("JTAG error while reading cpsr");
1925 return ERROR_TARGET_DATA_ABORT;
1928 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1930 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1932 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1934 return ERROR_TARGET_DATA_ABORT;
1940 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1942 armv4_5_common_t *armv4_5 = target->arch_info;
1943 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1944 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1947 int num_accesses = 0;
1948 int thisrun_accesses;
1954 #ifdef _DEBUG_ARM7_9_
1955 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1958 if (target->state != TARGET_HALTED)
1960 LOG_WARNING("target not halted");
1961 return ERROR_TARGET_NOT_HALTED;
1964 /* sanitize arguments */
1965 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1966 return ERROR_INVALID_ARGUMENTS;
1968 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1969 return ERROR_TARGET_UNALIGNED_ACCESS;
1971 /* load the base register with the address of the first word */
1973 arm7_9->write_core_regs(target, 0x1, reg);
1975 /* Clear DBGACK, to make sure memory fetches work as expected */
1976 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1977 embeddedice_store_reg(dbg_ctrl);
1982 while (num_accesses < count)
1985 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1986 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1988 for (i = 1; i <= thisrun_accesses; i++)
1992 reg[i] = target_buffer_get_u32(target, buffer);
1996 arm7_9->write_core_regs(target, reg_list, reg);
1998 arm7_9->store_word_regs(target, reg_list);
2000 /* fast memory writes are only safe when the target is running
2001 * from a sufficiently high clock (32 kHz is usually too slow)
2003 if (arm7_9->fast_memory_access)
2004 arm7_9_execute_fast_sys_speed(target);
2006 arm7_9_execute_sys_speed(target);
2008 num_accesses += thisrun_accesses;
2012 while (num_accesses < count)
2015 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2016 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2018 for (i = 1; i <= thisrun_accesses; i++)
2022 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2026 arm7_9->write_core_regs(target, reg_list, reg);
2028 for (i = 1; i <= thisrun_accesses; i++)
2030 arm7_9->store_hword_reg(target, i);
2032 /* fast memory writes are only safe when the target is running
2033 * from a sufficiently high clock (32 kHz is usually too slow)
2035 if (arm7_9->fast_memory_access)
2036 arm7_9_execute_fast_sys_speed(target);
2038 arm7_9_execute_sys_speed(target);
2041 num_accesses += thisrun_accesses;
2045 while (num_accesses < count)
2048 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2049 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2051 for (i = 1; i <= thisrun_accesses; i++)
2055 reg[i] = *buffer++ & 0xff;
2058 arm7_9->write_core_regs(target, reg_list, reg);
2060 for (i = 1; i <= thisrun_accesses; i++)
2062 arm7_9->store_byte_reg(target, i);
2063 /* fast memory writes are only safe when the target is running
2064 * from a sufficiently high clock (32 kHz is usually too slow)
2066 if (arm7_9->fast_memory_access)
2067 arm7_9_execute_fast_sys_speed(target);
2069 arm7_9_execute_sys_speed(target);
2072 num_accesses += thisrun_accesses;
2076 LOG_ERROR("BUG: we shouldn't get here");
2082 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2083 embeddedice_store_reg(dbg_ctrl);
2085 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2088 for (i=0; i<=last_reg; i++)
2089 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2091 arm7_9->read_xpsr(target, &cpsr, 0);
2092 if ((retval = jtag_execute_queue()) != ERROR_OK)
2094 LOG_ERROR("JTAG error while reading cpsr");
2095 return ERROR_TARGET_DATA_ABORT;
2098 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2100 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2102 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2104 return ERROR_TARGET_DATA_ABORT;
2110 static const u32 dcc_code[] =
2112 /* MRC TST BNE MRC STR B */
2113 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2116 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2118 armv4_5_common_t *armv4_5 = target->arch_info;
2119 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2120 enum armv4_5_state core_state = armv4_5->core_state;
2121 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2122 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2123 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2126 if (!arm7_9->dcc_downloads)
2127 return target->type->write_memory(target, address, 4, count, buffer);
2129 /* regrab previously allocated working_area, or allocate a new one */
2130 if (!arm7_9->dcc_working_area)
2132 u8 dcc_code_buf[6 * 4];
2134 /* make sure we have a working area */
2135 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2137 LOG_INFO("no working area available, falling back to memory writes");
2138 return target->type->write_memory(target, address, 4, count, buffer);
2141 /* copy target instructions to target endianness */
2142 for (i = 0; i < 6; i++)
2144 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2147 /* write DCC code to working area */
2148 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2151 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2152 armv4_5->core_cache->reg_list[0].valid = 1;
2153 armv4_5->core_cache->reg_list[0].dirty = 1;
2154 armv4_5->core_state = ARMV4_5_STATE_ARM;
2156 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2158 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2161 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2162 core function repeated.
2164 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2167 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2168 u8 reg_addr = ice_reg->addr & 0x1f;
2169 int chain_pos = ice_reg->jtag_info->chain_pos;
2171 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2172 buffer += (count-2)*4;
2174 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2177 for (i = 0; i < count; i++)
2179 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2184 target_halt(target);
2186 long long then=timeval_ms();
2188 while (!(timeout=((timeval_ms()-then)>100)))
2190 target_poll(target);
2191 if (target->state == TARGET_HALTED)
2203 LOG_ERROR("bulk write timed out, target not halted");
2204 return ERROR_TARGET_TIMEOUT;
2207 /* restore target state */
2208 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2209 armv4_5->core_cache->reg_list[0].valid = 1;
2210 armv4_5->core_cache->reg_list[0].dirty = 1;
2211 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2212 armv4_5->core_cache->reg_list[1].valid = 1;
2213 armv4_5->core_cache->reg_list[1].dirty = 1;
2214 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2215 armv4_5->core_cache->reg_list[15].valid = 1;
2216 armv4_5->core_cache->reg_list[15].dirty = 1;
2217 armv4_5->core_state = core_state;
2222 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2224 working_area_t *crc_algorithm;
2225 armv4_5_algorithm_t armv4_5_info;
2226 reg_param_t reg_params[2];
2229 u32 arm7_9_crc_code[] = {
2230 0xE1A02000, /* mov r2, r0 */
2231 0xE3E00000, /* mov r0, #0xffffffff */
2232 0xE1A03001, /* mov r3, r1 */
2233 0xE3A04000, /* mov r4, #0 */
2234 0xEA00000B, /* b ncomp */
2236 0xE7D21004, /* ldrb r1, [r2, r4] */
2237 0xE59F7030, /* ldr r7, CRC32XOR */
2238 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2239 0xE3A05000, /* mov r5, #0 */
2241 0xE3500000, /* cmp r0, #0 */
2242 0xE1A06080, /* mov r6, r0, asl #1 */
2243 0xE2855001, /* add r5, r5, #1 */
2244 0xE1A00006, /* mov r0, r6 */
2245 0xB0260007, /* eorlt r0, r6, r7 */
2246 0xE3550008, /* cmp r5, #8 */
2247 0x1AFFFFF8, /* bne loop */
2248 0xE2844001, /* add r4, r4, #1 */
2250 0xE1540003, /* cmp r4, r3 */
2251 0x1AFFFFF1, /* bne nbyte */
2253 0xEAFFFFFE, /* b end */
2254 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2259 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2261 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2264 /* convert flash writing code into a buffer in target endianness */
2265 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2266 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2268 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2269 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2270 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2272 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2273 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2275 buf_set_u32(reg_params[0].value, 0, 32, address);
2276 buf_set_u32(reg_params[1].value, 0, 32, count);
2278 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2279 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2281 LOG_ERROR("error executing arm7_9 crc algorithm");
2282 destroy_reg_param(®_params[0]);
2283 destroy_reg_param(®_params[1]);
2284 target_free_working_area(target, crc_algorithm);
2288 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2290 destroy_reg_param(®_params[0]);
2291 destroy_reg_param(®_params[1]);
2293 target_free_working_area(target, crc_algorithm);
2298 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2300 working_area_t *erase_check_algorithm;
2301 reg_param_t reg_params[3];
2302 armv4_5_algorithm_t armv4_5_info;
2306 u32 erase_check_code[] =
2309 0xe4d03001, /* ldrb r3, [r0], #1 */
2310 0xe0022003, /* and r2, r2, r3 */
2311 0xe2511001, /* subs r1, r1, #1 */
2312 0x1afffffb, /* bne loop */
2314 0xeafffffe /* b end */
2317 /* make sure we have a working area */
2318 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2320 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2323 /* convert flash writing code into a buffer in target endianness */
2324 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2325 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2327 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2328 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2329 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2331 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2332 buf_set_u32(reg_params[0].value, 0, 32, address);
2334 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2335 buf_set_u32(reg_params[1].value, 0, 32, count);
2337 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2338 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2340 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2341 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2343 destroy_reg_param(®_params[0]);
2344 destroy_reg_param(®_params[1]);
2345 destroy_reg_param(®_params[2]);
2346 target_free_working_area(target, erase_check_algorithm);
2350 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2352 destroy_reg_param(®_params[0]);
2353 destroy_reg_param(®_params[1]);
2354 destroy_reg_param(®_params[2]);
2356 target_free_working_area(target, erase_check_algorithm);
2361 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2363 command_t *arm7_9_cmd;
2365 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2367 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2368 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2370 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2372 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2373 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2374 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2375 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2376 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2377 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2378 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2379 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2381 armv4_5_register_commands(cmd_ctx);
2383 etm_register_commands(cmd_ctx);
2388 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2393 target_t *target = get_current_target(cmd_ctx);
2394 armv4_5_common_t *armv4_5;
2395 arm7_9_common_t *arm7_9;
2397 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2399 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2403 if (target->state != TARGET_HALTED)
2405 command_print(cmd_ctx, "can't write registers while running");
2411 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2415 value = strtoul(args[0], NULL, 0);
2416 spsr = strtol(args[1], NULL, 0);
2418 /* if we're writing the CPSR, mask the T bit */
2422 arm7_9->write_xpsr(target, value, spsr);
2423 if ((retval = jtag_execute_queue()) != ERROR_OK)
2425 LOG_ERROR("JTAG error while writing to xpsr");
2432 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2438 target_t *target = get_current_target(cmd_ctx);
2439 armv4_5_common_t *armv4_5;
2440 arm7_9_common_t *arm7_9;
2442 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2444 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2448 if (target->state != TARGET_HALTED)
2450 command_print(cmd_ctx, "can't write registers while running");
2456 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2460 value = strtoul(args[0], NULL, 0);
2461 rotate = strtol(args[1], NULL, 0);
2462 spsr = strtol(args[2], NULL, 0);
2464 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2465 if ((retval = jtag_execute_queue()) != ERROR_OK)
2467 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2474 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2479 target_t *target = get_current_target(cmd_ctx);
2480 armv4_5_common_t *armv4_5;
2481 arm7_9_common_t *arm7_9;
2483 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2485 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2489 if (target->state != TARGET_HALTED)
2491 command_print(cmd_ctx, "can't write registers while running");
2497 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2501 num = strtol(args[0], NULL, 0);
2502 mode = strtoul(args[1], NULL, 0);
2503 value = strtoul(args[2], NULL, 0);
2505 arm7_9_write_core_reg(target, num, mode, value);
2511 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2513 target_t *target = get_current_target(cmd_ctx);
2514 armv4_5_common_t *armv4_5;
2515 arm7_9_common_t *arm7_9;
2517 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2519 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2525 if (strcmp("enable", args[0]) == 0)
2527 arm7_9->use_dbgrq = 1;
2529 else if (strcmp("disable", args[0]) == 0)
2531 arm7_9->use_dbgrq = 0;
2535 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2539 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2544 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2546 target_t *target = get_current_target(cmd_ctx);
2547 armv4_5_common_t *armv4_5;
2548 arm7_9_common_t *arm7_9;
2550 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2552 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2558 if (strcmp("enable", args[0]) == 0)
2560 arm7_9->fast_memory_access = 1;
2562 else if (strcmp("disable", args[0]) == 0)
2564 arm7_9->fast_memory_access = 0;
2568 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2572 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2577 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2579 target_t *target = get_current_target(cmd_ctx);
2580 armv4_5_common_t *armv4_5;
2581 arm7_9_common_t *arm7_9;
2583 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2585 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2591 if (strcmp("enable", args[0]) == 0)
2593 arm7_9->dcc_downloads = 1;
2595 else if (strcmp("disable", args[0]) == 0)
2597 arm7_9->dcc_downloads = 0;
2601 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2605 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2610 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2612 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2614 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2616 arm_jtag_setup_connection(&arm7_9->jtag_info);
2617 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2618 arm7_9->wp_available_max = 2;
2619 arm7_9->sw_breakpoints_added = 0;
2620 arm7_9->breakpoint_count = 0;
2621 arm7_9->wp0_used = 0;
2622 arm7_9->wp1_used = 0;
2623 arm7_9->wp1_used_default = 0;
2624 arm7_9->use_dbgrq = 0;
2626 arm7_9->etm_ctx = NULL;
2627 arm7_9->has_single_step = 0;
2628 arm7_9->has_monitor_mode = 0;
2629 arm7_9->has_vector_catch = 0;
2631 arm7_9->debug_entry_from_reset = 0;
2633 arm7_9->dcc_working_area = NULL;
2635 arm7_9->fast_memory_access = fast_and_dangerous;
2636 arm7_9->dcc_downloads = fast_and_dangerous;
2638 arm7_9->need_bypass_before_restart = 0;
2640 armv4_5->arch_info = arm7_9;
2641 armv4_5->read_core_reg = arm7_9_read_core_reg;
2642 armv4_5->write_core_reg = arm7_9_write_core_reg;
2643 armv4_5->full_context = arm7_9_full_context;
2645 armv4_5_init_arch_info(target, armv4_5);
2647 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);