1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
27 #include "replacements.h"
29 #include "embeddedice.h"
31 #include "target_request.h"
36 #include "arm7_9_common.h"
37 #include "breakpoints.h"
43 #include <sys/types.h>
48 int arm7_9_debug_entry(target_t *target);
49 int arm7_9_enable_sw_bkpts(struct target_s *target);
51 /* command handler forward declarations */
52 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
64 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
65 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
66 arm7_9->sw_breakpoints_added = 0;
68 arm7_9->wp1_used = arm7_9->wp1_used_default;
69 arm7_9->wp_available = arm7_9->wp_available_max;
71 return jtag_execute_queue();
74 /* set up embedded ice registers */
75 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
77 if (arm7_9->sw_breakpoints_added)
81 if (arm7_9->wp_available < 1)
83 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
84 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
86 arm7_9->wp_available--;
88 /* pick a breakpoint unit */
89 if (!arm7_9->wp0_used)
91 arm7_9->sw_breakpoints_added=1;
93 } else if (!arm7_9->wp1_used)
95 arm7_9->sw_breakpoints_added=2;
100 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
104 if (arm7_9->sw_breakpoints_added==1)
106 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
107 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
108 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
109 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
112 else if (arm7_9->sw_breakpoints_added==2)
114 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
115 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
116 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
117 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
122 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
126 return jtag_execute_queue();
129 /* set things up after a reset / on startup */
130 int arm7_9_setup(target_t *target)
132 armv4_5_common_t *armv4_5 = target->arch_info;
133 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
135 return arm7_9_clear_watchpoints(arm7_9);
139 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
141 armv4_5_common_t *armv4_5 = target->arch_info;
142 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
144 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
149 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
154 *armv4_5_p = armv4_5;
160 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
161 * might have erased the values in embedded ice
163 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
165 armv4_5_common_t *armv4_5 = target->arch_info;
166 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
169 if (target->state != TARGET_HALTED)
171 LOG_WARNING("target not halted");
172 return ERROR_TARGET_NOT_HALTED;
175 if (breakpoint->type == BKPT_HARD)
177 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
178 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
179 if (breakpoint->set==1)
181 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
182 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
183 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
184 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
187 else if (breakpoint->set==2)
189 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
190 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
191 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
192 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
197 LOG_ERROR("BUG: no hardware comparator available");
201 retval=jtag_execute_queue();
203 else if (breakpoint->type == BKPT_SOFT)
205 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
208 /* did we already set this breakpoint? */
212 if (breakpoint->length == 4)
214 u32 verify = 0xffffffff;
215 /* keep the original instruction in target endianness */
216 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
217 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
218 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
220 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
221 if (verify != arm7_9->arm_bkpt)
223 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
230 /* keep the original instruction in target endianness */
231 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
232 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
233 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
235 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
236 if (verify != arm7_9->thumb_bkpt)
238 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
249 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
251 armv4_5_common_t *armv4_5 = target->arch_info;
252 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
254 if (!breakpoint->set)
256 LOG_WARNING("breakpoint not set");
260 if (breakpoint->type == BKPT_HARD)
262 if (breakpoint->set == 1)
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
265 arm7_9->wp0_used = 0;
267 else if (breakpoint->set == 2)
269 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
270 arm7_9->wp1_used = 0;
272 jtag_execute_queue();
277 /* restore original instruction (kept in target endianness) */
278 if (breakpoint->length == 4)
281 /* check that user program as not modified breakpoint instruction */
282 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
283 if (current_instr==arm7_9->arm_bkpt)
284 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
289 /* check that user program as not modified breakpoint instruction */
290 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
291 if (current_instr==arm7_9->thumb_bkpt)
292 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
300 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
302 armv4_5_common_t *armv4_5 = target->arch_info;
303 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
305 if (target->state != TARGET_HALTED)
307 LOG_WARNING("target not halted");
308 return ERROR_TARGET_NOT_HALTED;
311 if (arm7_9->breakpoint_count==0)
313 /* make sure we don't have any dangling breakpoints. This is vital upon
314 * GDB connect/disconnect
316 arm7_9_clear_watchpoints(arm7_9);
319 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
321 LOG_INFO("no watchpoint unit available for hardware breakpoint");
322 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
325 if ((breakpoint->length != 2) && (breakpoint->length != 4))
327 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
328 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
331 if (breakpoint->type == BKPT_HARD)
333 arm7_9->wp_available--;
335 if (!arm7_9->wp0_used)
337 arm7_9->wp0_used = 1;
340 else if (!arm7_9->wp1_used)
342 arm7_9->wp1_used = 1;
347 LOG_ERROR("BUG: no hardware comparator available");
352 arm7_9->breakpoint_count++;
354 return arm7_9_set_breakpoint(target, breakpoint);
357 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
359 armv4_5_common_t *armv4_5 = target->arch_info;
360 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
362 arm7_9_unset_breakpoint(target, breakpoint);
364 if (breakpoint->type == BKPT_HARD)
365 arm7_9->wp_available++;
367 arm7_9->breakpoint_count--;
368 if (arm7_9->breakpoint_count==0)
370 /* make sure we don't have any dangling breakpoints */
371 arm7_9_clear_watchpoints(arm7_9);
377 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
379 armv4_5_common_t *armv4_5 = target->arch_info;
380 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
384 mask = watchpoint->length - 1;
386 if (target->state != TARGET_HALTED)
388 LOG_WARNING("target not halted");
389 return ERROR_TARGET_NOT_HALTED;
392 if (watchpoint->rw == WPT_ACCESS)
397 if (!arm7_9->wp0_used)
399 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
400 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
401 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
402 if( watchpoint->mask != 0xffffffffu )
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
407 jtag_execute_queue();
409 arm7_9->wp0_used = 2;
411 else if (!arm7_9->wp1_used)
413 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
414 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
415 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
416 if( watchpoint->mask != 0xffffffffu )
417 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
421 jtag_execute_queue();
423 arm7_9->wp1_used = 2;
427 LOG_ERROR("BUG: no hardware comparator available");
434 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
436 armv4_5_common_t *armv4_5 = target->arch_info;
437 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
439 if (target->state != TARGET_HALTED)
441 LOG_WARNING("target not halted");
442 return ERROR_TARGET_NOT_HALTED;
445 if (!watchpoint->set)
447 LOG_WARNING("breakpoint not set");
451 if (watchpoint->set == 1)
453 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
454 jtag_execute_queue();
455 arm7_9->wp0_used = 0;
457 else if (watchpoint->set == 2)
459 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
460 jtag_execute_queue();
461 arm7_9->wp1_used = 0;
468 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
470 armv4_5_common_t *armv4_5 = target->arch_info;
471 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
473 if (target->state != TARGET_HALTED)
475 LOG_WARNING("target not halted");
476 return ERROR_TARGET_NOT_HALTED;
479 if (arm7_9->wp_available < 1)
481 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
484 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
486 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
489 arm7_9->wp_available--;
494 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
496 armv4_5_common_t *armv4_5 = target->arch_info;
497 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
501 arm7_9_unset_watchpoint(target, watchpoint);
504 arm7_9->wp_available++;
512 int arm7_9_execute_sys_speed(struct target_s *target)
517 armv4_5_common_t *armv4_5 = target->arch_info;
518 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
519 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
520 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
522 /* set RESTART instruction */
523 jtag_add_end_state(TAP_RTI);
524 if (arm7_9->need_bypass_before_restart) {
525 arm7_9->need_bypass_before_restart = 0;
526 arm_jtag_set_instr(jtag_info, 0xf, NULL);
528 arm_jtag_set_instr(jtag_info, 0x4, NULL);
530 for (timeout=0; timeout<50; timeout++)
532 /* read debug status register */
533 embeddedice_read_reg(dbg_stat);
534 if ((retval = jtag_execute_queue()) != ERROR_OK)
536 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
537 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
543 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
544 return ERROR_TARGET_TIMEOUT;
550 int arm7_9_execute_fast_sys_speed(struct target_s *target)
553 static u8 check_value[4], check_mask[4];
555 armv4_5_common_t *armv4_5 = target->arch_info;
556 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
557 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
558 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
560 /* set RESTART instruction */
561 jtag_add_end_state(TAP_RTI);
562 if (arm7_9->need_bypass_before_restart) {
563 arm7_9->need_bypass_before_restart = 0;
564 arm_jtag_set_instr(jtag_info, 0xf, NULL);
566 arm_jtag_set_instr(jtag_info, 0x4, NULL);
570 /* check for DBGACK and SYSCOMP set (others don't care) */
572 /* NB! These are constants that must be available until after next jtag_execute() and
573 we evaluate the values upon first execution in lieu of setting up these constants
576 buf_set_u32(check_value, 0, 32, 0x9);
577 buf_set_u32(check_mask, 0, 32, 0x9);
581 /* read debug status register */
582 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
587 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
589 armv4_5_common_t *armv4_5 = target->arch_info;
590 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
591 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
595 data = malloc(size * (sizeof(u32)));
597 embeddedice_receive(jtag_info, data, size);
599 for (i = 0; i < size; i++)
601 h_u32_to_le(buffer + (i * 4), data[i]);
609 int arm7_9_handle_target_request(void *priv)
611 target_t *target = priv;
612 if (!target->type->examined)
614 armv4_5_common_t *armv4_5 = target->arch_info;
615 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
616 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
617 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
620 if (!target->dbg_msg_enabled)
623 if (target->state == TARGET_RUNNING)
625 /* read DCC control register */
626 embeddedice_read_reg(dcc_control);
627 jtag_execute_queue();
630 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
634 embeddedice_receive(jtag_info, &request, 1);
635 target_request(target, request);
642 int arm7_9_poll(target_t *target)
645 armv4_5_common_t *armv4_5 = target->arch_info;
646 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
647 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
649 /* read debug status register */
650 embeddedice_read_reg(dbg_stat);
651 if ((retval = jtag_execute_queue()) != ERROR_OK)
656 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
658 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
659 if (target->state == TARGET_UNKNOWN)
661 target->state = TARGET_RUNNING;
662 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
664 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
667 if (target->state == TARGET_RESET)
669 if (target->reset_halt)
671 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
678 target->state = TARGET_HALTED;
680 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
685 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
686 u32 t=*((u32 *)reg->value);
689 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
693 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
695 if (target->state == TARGET_DEBUG_RUNNING)
697 target->state = TARGET_HALTED;
698 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
701 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
703 if (target->state != TARGET_HALTED)
705 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
710 if (target->state != TARGET_DEBUG_RUNNING)
711 target->state = TARGET_RUNNING;
718 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
719 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
720 while the core is held in reset(SRST). It isn't possible to program the halt
721 condition once reset was asserted, hence a hook that allows the target to set
722 up its reset-halt condition prior to asserting reset.
725 int arm7_9_assert_reset(target_t *target)
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
731 if (!(jtag_reset_config & RESET_HAS_SRST))
733 LOG_ERROR("Can't assert SRST");
737 if (target->reset_halt)
740 * Some targets do not support communication while SRST is asserted. We need to
741 * set up the reset vector catch here.
743 * If TRST is asserted, then these settings will be reset anyway, so setting them
746 if (arm7_9->has_vector_catch)
748 /* program vector catch register to catch reset vector */
749 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
753 /* program watchpoint unit to match on reset vector address */
754 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
755 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
756 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
757 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
758 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
762 /* here we should issue a srst only, but we may have to assert trst as well */
763 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
765 jtag_add_reset(1, 1);
768 jtag_add_reset(0, 1);
772 target->state = TARGET_RESET;
773 jtag_add_sleep(50000);
775 armv4_5_invalidate_core_regs(target);
777 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
779 /* debug entry was already prepared in arm7_9_assert_reset() */
780 target->debug_reason = DBG_REASON_DBGRQ;
787 int arm7_9_deassert_reset(target_t *target)
790 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
792 /* deassert reset lines */
793 jtag_add_reset(0, 0);
795 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
797 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
798 /* set up embedded ice registers again */
799 if ((retval=target->type->examine(target))!=ERROR_OK)
802 if ((retval=target_poll(target))!=ERROR_OK)
807 if ((retval=target_halt(target))!=ERROR_OK)
816 int arm7_9_clear_halt(target_t *target)
818 armv4_5_common_t *armv4_5 = target->arch_info;
819 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
820 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
822 /* we used DBGRQ only if we didn't come out of reset */
823 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
825 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
827 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
828 embeddedice_store_reg(dbg_ctrl);
832 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
834 /* if we came out of reset, and vector catch is supported, we used
835 * vector catch to enter debug state
836 * restore the register in that case
838 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
842 /* restore registers if watchpoint unit 0 was in use
844 if (arm7_9->wp0_used)
846 if (arm7_9->debug_entry_from_reset)
848 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
850 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
851 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
854 /* control value always has to be restored, as it was either disabled,
855 * or enabled with possibly different bits
857 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
864 int arm7_9_soft_reset_halt(struct target_s *target)
866 armv4_5_common_t *armv4_5 = target->arch_info;
867 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
868 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
869 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
873 if ((retval=target_halt(target))!=ERROR_OK)
878 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
880 embeddedice_read_reg(dbg_stat);
881 if ((retval=jtag_execute_queue())!=ERROR_OK)
883 /* do not eat all CPU, time out after 1 se*/
889 LOG_ERROR("Failed to halt CPU after 1 sec");
890 return ERROR_TARGET_TIMEOUT;
892 target->state = TARGET_HALTED;
894 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
895 * ensure that DBGRQ is cleared
897 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
898 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
899 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
900 embeddedice_store_reg(dbg_ctrl);
902 arm7_9_clear_halt(target);
904 /* if the target is in Thumb state, change to ARM state */
905 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
907 u32 r0_thumb, pc_thumb;
908 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
909 /* Entered debug from Thumb mode */
910 armv4_5->core_state = ARMV4_5_STATE_THUMB;
911 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
914 /* all register content is now invalid */
915 armv4_5_invalidate_core_regs(target);
917 /* SVC, ARM state, IRQ and FIQ disabled */
918 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
919 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
920 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
922 /* start fetching from 0x0 */
923 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
924 armv4_5->core_cache->reg_list[15].dirty = 1;
925 armv4_5->core_cache->reg_list[15].valid = 1;
927 armv4_5->core_mode = ARMV4_5_MODE_SVC;
928 armv4_5->core_state = ARMV4_5_STATE_ARM;
930 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
933 /* reset registers */
934 for (i = 0; i <= 14; i++)
936 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
937 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
938 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
941 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
946 int arm7_9_halt(target_t *target)
948 if (target->state==TARGET_RESET)
950 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
954 armv4_5_common_t *armv4_5 = target->arch_info;
955 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
956 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
958 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
960 if (target->state == TARGET_HALTED)
962 LOG_DEBUG("target was already halted");
966 if (target->state == TARGET_UNKNOWN)
968 LOG_WARNING("target was in unknown state when halt was requested");
971 if (arm7_9->use_dbgrq)
973 /* program EmbeddedICE Debug Control Register to assert DBGRQ
975 if (arm7_9->set_special_dbgrq) {
976 arm7_9->set_special_dbgrq(target);
978 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
979 embeddedice_store_reg(dbg_ctrl);
984 /* program watchpoint unit to match on any address
986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
992 target->debug_reason = DBG_REASON_DBGRQ;
997 int arm7_9_debug_entry(target_t *target)
1002 u32 r0_thumb, pc_thumb;
1005 /* get pointers to arch-specific information */
1006 armv4_5_common_t *armv4_5 = target->arch_info;
1007 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1008 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1009 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1011 #ifdef _DEBUG_ARM7_9_
1015 if (arm7_9->pre_debug_entry)
1016 arm7_9->pre_debug_entry(target);
1018 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1019 * ensure that DBGRQ is cleared
1021 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1022 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1023 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1024 embeddedice_store_reg(dbg_ctrl);
1026 arm7_9_clear_halt(target);
1028 if ((retval = jtag_execute_queue()) != ERROR_OK)
1033 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1037 if (target->state != TARGET_HALTED)
1039 LOG_WARNING("target not halted");
1040 return ERROR_TARGET_NOT_HALTED;
1043 /* if the target is in Thumb state, change to ARM state */
1044 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1046 LOG_DEBUG("target entered debug from Thumb state");
1047 /* Entered debug from Thumb mode */
1048 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1049 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1050 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1054 LOG_DEBUG("target entered debug from ARM state");
1055 /* Entered debug from ARM mode */
1056 armv4_5->core_state = ARMV4_5_STATE_ARM;
1059 for (i = 0; i < 16; i++)
1060 context_p[i] = &context[i];
1061 /* save core registers (r0 - r15 of current core mode) */
1062 arm7_9->read_core_regs(target, 0xffff, context_p);
1064 arm7_9->read_xpsr(target, &cpsr, 0);
1066 if ((retval = jtag_execute_queue()) != ERROR_OK)
1069 /* if the core has been executing in Thumb state, set the T bit */
1070 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1073 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1074 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1075 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1077 armv4_5->core_mode = cpsr & 0x1f;
1079 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1081 target->state = TARGET_UNKNOWN;
1082 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1083 return ERROR_TARGET_FAILURE;
1086 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1088 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1090 LOG_DEBUG("thumb state, applying fixups");
1091 context[0] = r0_thumb;
1092 context[15] = pc_thumb;
1093 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1095 /* adjust value stored by STM */
1096 context[15] -= 3 * 4;
1099 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1100 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1101 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1102 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1103 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1104 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1105 else if (target->debug_reason == DBG_REASON_DBGRQ)
1106 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1109 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1112 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1115 for (i=0; i<=15; i++)
1117 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1118 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1119 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1120 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1123 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1125 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1128 /* exceptions other than USR & SYS have a saved program status register */
1129 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1132 arm7_9->read_xpsr(target, &spsr, 1);
1133 jtag_execute_queue();
1134 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1135 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1136 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1139 /* r0 and r15 (pc) have to be restored later */
1140 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1141 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1143 if ((retval = jtag_execute_queue()) != ERROR_OK)
1146 if (arm7_9->post_debug_entry)
1147 arm7_9->post_debug_entry(target);
1152 int arm7_9_full_context(target_t *target)
1156 armv4_5_common_t *armv4_5 = target->arch_info;
1157 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1161 if (target->state != TARGET_HALTED)
1163 LOG_WARNING("target not halted");
1164 return ERROR_TARGET_NOT_HALTED;
1167 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1170 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1171 * SYS shares registers with User, so we don't touch SYS
1173 for(i = 0; i < 6; i++)
1180 /* check if there are invalid registers in the current mode
1182 for (j = 0; j <= 16; j++)
1184 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1192 /* change processor mode (and mask T bit) */
1193 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1194 tmp_cpsr |= armv4_5_number_to_mode(i);
1196 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1198 for (j = 0; j < 15; j++)
1200 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1202 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1204 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1205 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1209 /* if only the PSR is invalid, mask is all zeroes */
1211 arm7_9->read_core_regs(target, mask, reg_p);
1213 /* check if the PSR has to be read */
1214 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1216 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1217 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1218 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1223 /* restore processor mode (mask T bit) */
1224 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1226 if ((retval = jtag_execute_queue()) != ERROR_OK)
1233 int arm7_9_restore_context(target_t *target)
1235 armv4_5_common_t *armv4_5 = target->arch_info;
1236 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1238 armv4_5_core_reg_t *reg_arch_info;
1239 enum armv4_5_mode current_mode = armv4_5->core_mode;
1246 if (target->state != TARGET_HALTED)
1248 LOG_WARNING("target not halted");
1249 return ERROR_TARGET_NOT_HALTED;
1252 if (arm7_9->pre_restore_context)
1253 arm7_9->pre_restore_context(target);
1255 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1258 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1259 * SYS shares registers with User, so we don't touch SYS
1261 for (i = 0; i < 6; i++)
1263 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1266 /* check if there are dirty registers in the current mode
1268 for (j = 0; j <= 16; j++)
1270 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1271 reg_arch_info = reg->arch_info;
1272 if (reg->dirty == 1)
1274 if (reg->valid == 1)
1277 LOG_DEBUG("examining dirty reg: %s", reg->name);
1278 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1279 && (reg_arch_info->mode != current_mode)
1280 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1281 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1284 LOG_DEBUG("require mode change");
1289 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1304 /* change processor mode (mask T bit) */
1305 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1306 tmp_cpsr |= armv4_5_number_to_mode(i);
1308 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1309 current_mode = armv4_5_number_to_mode(i);
1312 for (j = 0; j <= 14; j++)
1314 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1315 reg_arch_info = reg->arch_info;
1318 if (reg->dirty == 1)
1320 regs[j] = buf_get_u32(reg->value, 0, 32);
1325 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1331 arm7_9->write_core_regs(target, mask, regs);
1334 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1335 reg_arch_info = reg->arch_info;
1336 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1338 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1339 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1344 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1346 /* restore processor mode (mask T bit) */
1349 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1350 tmp_cpsr |= armv4_5_number_to_mode(i);
1352 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1353 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1355 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1357 /* CPSR has been changed, full restore necessary (mask T bit) */
1358 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1359 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1360 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1361 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1365 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1366 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1367 armv4_5->core_cache->reg_list[15].dirty = 0;
1369 if (arm7_9->post_restore_context)
1370 arm7_9->post_restore_context(target);
1375 int arm7_9_restart_core(struct target_s *target)
1377 armv4_5_common_t *armv4_5 = target->arch_info;
1378 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1379 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1381 /* set RESTART instruction */
1382 jtag_add_end_state(TAP_RTI);
1383 if (arm7_9->need_bypass_before_restart) {
1384 arm7_9->need_bypass_before_restart = 0;
1385 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1387 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1389 jtag_add_runtest(1, TAP_RTI);
1390 return jtag_execute_queue();
1393 void arm7_9_enable_watchpoints(struct target_s *target)
1395 watchpoint_t *watchpoint = target->watchpoints;
1399 if (watchpoint->set == 0)
1400 arm7_9_set_watchpoint(target, watchpoint);
1401 watchpoint = watchpoint->next;
1405 void arm7_9_enable_breakpoints(struct target_s *target)
1407 breakpoint_t *breakpoint = target->breakpoints;
1409 /* set any pending breakpoints */
1412 arm7_9_set_breakpoint(target, breakpoint);
1413 breakpoint = breakpoint->next;
1418 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1420 armv4_5_common_t *armv4_5 = target->arch_info;
1421 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1422 breakpoint_t *breakpoint = target->breakpoints;
1423 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1428 if (target->state != TARGET_HALTED)
1430 LOG_WARNING("target not halted");
1431 return ERROR_TARGET_NOT_HALTED;
1434 if (!debug_execution)
1436 target_free_all_working_areas(target);
1439 /* current = 1: continue on current pc, otherwise continue at <address> */
1441 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1443 /* the front-end may request us not to handle breakpoints */
1444 if (handle_breakpoints)
1446 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1448 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1449 arm7_9_unset_breakpoint(target, breakpoint);
1451 LOG_DEBUG("enable single-step");
1452 arm7_9->enable_single_step(target);
1454 target->debug_reason = DBG_REASON_SINGLESTEP;
1456 arm7_9_restore_context(target);
1458 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1459 arm7_9->branch_resume(target);
1460 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1462 arm7_9->branch_resume_thumb(target);
1466 LOG_ERROR("unhandled core state");
1470 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1471 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1472 err = arm7_9_execute_sys_speed(target);
1474 LOG_DEBUG("disable single-step");
1475 arm7_9->disable_single_step(target);
1477 if (err != ERROR_OK)
1479 arm7_9_set_breakpoint(target, breakpoint);
1480 target->state = TARGET_UNKNOWN;
1484 arm7_9_debug_entry(target);
1485 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1487 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1488 arm7_9_set_breakpoint(target, breakpoint);
1492 /* enable any pending breakpoints and watchpoints */
1493 arm7_9_enable_breakpoints(target);
1494 arm7_9_enable_watchpoints(target);
1496 arm7_9_restore_context(target);
1498 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1500 arm7_9->branch_resume(target);
1502 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1504 arm7_9->branch_resume_thumb(target);
1508 LOG_ERROR("unhandled core state");
1512 /* deassert DBGACK and INTDIS */
1513 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1514 /* INTDIS only when we really resume, not during debug execution */
1515 if (!debug_execution)
1516 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1517 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1519 arm7_9_restart_core(target);
1521 target->debug_reason = DBG_REASON_NOTHALTED;
1523 if (!debug_execution)
1525 /* registers are now invalid */
1526 armv4_5_invalidate_core_regs(target);
1527 target->state = TARGET_RUNNING;
1528 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1532 target->state = TARGET_DEBUG_RUNNING;
1533 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1536 LOG_DEBUG("target resumed");
1541 void arm7_9_enable_eice_step(target_t *target)
1543 armv4_5_common_t *armv4_5 = target->arch_info;
1544 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1546 /* setup an inverse breakpoint on the current PC
1547 * - comparator 1 matches the current address
1548 * - rangeout from comparator 1 is connected to comparator 0 rangein
1549 * - comparator 0 matches any address, as long as rangein is low */
1550 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1551 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1552 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1553 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1554 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1555 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1556 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1557 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1558 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1561 void arm7_9_disable_eice_step(target_t *target)
1563 armv4_5_common_t *armv4_5 = target->arch_info;
1564 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1566 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1567 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1568 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1569 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1570 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1571 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1572 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1573 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1574 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1577 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1579 armv4_5_common_t *armv4_5 = target->arch_info;
1580 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1581 breakpoint_t *breakpoint = NULL;
1584 if (target->state != TARGET_HALTED)
1586 LOG_WARNING("target not halted");
1587 return ERROR_TARGET_NOT_HALTED;
1590 /* current = 1: continue on current pc, otherwise continue at <address> */
1592 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1594 /* the front-end may request us not to handle breakpoints */
1595 if (handle_breakpoints)
1596 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1597 arm7_9_unset_breakpoint(target, breakpoint);
1599 target->debug_reason = DBG_REASON_SINGLESTEP;
1601 arm7_9_restore_context(target);
1603 arm7_9->enable_single_step(target);
1605 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1607 arm7_9->branch_resume(target);
1609 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1611 arm7_9->branch_resume_thumb(target);
1615 LOG_ERROR("unhandled core state");
1619 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1621 err = arm7_9_execute_sys_speed(target);
1622 arm7_9->disable_single_step(target);
1624 /* registers are now invalid */
1625 armv4_5_invalidate_core_regs(target);
1627 if (err != ERROR_OK)
1629 target->state = TARGET_UNKNOWN;
1631 arm7_9_debug_entry(target);
1632 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1633 LOG_DEBUG("target stepped");
1637 arm7_9_set_breakpoint(target, breakpoint);
1643 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1648 armv4_5_common_t *armv4_5 = target->arch_info;
1649 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1651 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1654 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1656 if ((num < 0) || (num > 16))
1657 return ERROR_INVALID_ARGUMENTS;
1659 if ((mode != ARMV4_5_MODE_ANY)
1660 && (mode != armv4_5->core_mode)
1661 && (reg_mode != ARMV4_5_MODE_ANY))
1665 /* change processor mode (mask T bit) */
1666 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1669 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1672 if ((num >= 0) && (num <= 15))
1674 /* read a normal core register */
1675 reg_p[num] = &value;
1677 arm7_9->read_core_regs(target, 1 << num, reg_p);
1681 /* read a program status register
1682 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1684 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1685 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1687 arm7_9->read_xpsr(target, &value, spsr);
1690 if ((retval = jtag_execute_queue()) != ERROR_OK)
1695 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1696 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1697 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1699 if ((mode != ARMV4_5_MODE_ANY)
1700 && (mode != armv4_5->core_mode)
1701 && (reg_mode != ARMV4_5_MODE_ANY)) {
1702 /* restore processor mode (mask T bit) */
1703 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1710 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1713 armv4_5_common_t *armv4_5 = target->arch_info;
1714 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1716 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1719 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1721 if ((num < 0) || (num > 16))
1722 return ERROR_INVALID_ARGUMENTS;
1724 if ((mode != ARMV4_5_MODE_ANY)
1725 && (mode != armv4_5->core_mode)
1726 && (reg_mode != ARMV4_5_MODE_ANY)) {
1729 /* change processor mode (mask T bit) */
1730 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1733 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1736 if ((num >= 0) && (num <= 15))
1738 /* write a normal core register */
1741 arm7_9->write_core_regs(target, 1 << num, reg);
1745 /* write a program status register
1746 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1748 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1749 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1751 /* if we're writing the CPSR, mask the T bit */
1755 arm7_9->write_xpsr(target, value, spsr);
1758 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1759 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1761 if ((mode != ARMV4_5_MODE_ANY)
1762 && (mode != armv4_5->core_mode)
1763 && (reg_mode != ARMV4_5_MODE_ANY)) {
1764 /* restore processor mode (mask T bit) */
1765 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1768 return jtag_execute_queue();
1771 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1773 armv4_5_common_t *armv4_5 = target->arch_info;
1774 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1777 int num_accesses = 0;
1778 int thisrun_accesses;
1784 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1786 if (target->state != TARGET_HALTED)
1788 LOG_WARNING("target not halted");
1789 return ERROR_TARGET_NOT_HALTED;
1792 /* sanitize arguments */
1793 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1794 return ERROR_INVALID_ARGUMENTS;
1796 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1797 return ERROR_TARGET_UNALIGNED_ACCESS;
1799 /* load the base register with the address of the first word */
1801 arm7_9->write_core_regs(target, 0x1, reg);
1806 while (num_accesses < count)
1809 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1810 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1812 if (last_reg <= thisrun_accesses)
1813 last_reg = thisrun_accesses;
1815 arm7_9->load_word_regs(target, reg_list);
1817 /* fast memory reads are only safe when the target is running
1818 * from a sufficiently high clock (32 kHz is usually too slow)
1820 if (arm7_9->fast_memory_access)
1821 arm7_9_execute_fast_sys_speed(target);
1823 arm7_9_execute_sys_speed(target);
1825 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1827 /* advance buffer, count number of accesses */
1828 buffer += thisrun_accesses * 4;
1829 num_accesses += thisrun_accesses;
1833 while (num_accesses < count)
1836 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1837 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1839 for (i = 1; i <= thisrun_accesses; i++)
1843 arm7_9->load_hword_reg(target, i);
1844 /* fast memory reads are only safe when the target is running
1845 * from a sufficiently high clock (32 kHz is usually too slow)
1847 if (arm7_9->fast_memory_access)
1848 arm7_9_execute_fast_sys_speed(target);
1850 arm7_9_execute_sys_speed(target);
1853 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1855 /* advance buffer, count number of accesses */
1856 buffer += thisrun_accesses * 2;
1857 num_accesses += thisrun_accesses;
1861 while (num_accesses < count)
1864 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1865 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1867 for (i = 1; i <= thisrun_accesses; i++)
1871 arm7_9->load_byte_reg(target, i);
1872 /* fast memory reads are only safe when the target is running
1873 * from a sufficiently high clock (32 kHz is usually too slow)
1875 if (arm7_9->fast_memory_access)
1876 arm7_9_execute_fast_sys_speed(target);
1878 arm7_9_execute_sys_speed(target);
1881 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1883 /* advance buffer, count number of accesses */
1884 buffer += thisrun_accesses * 1;
1885 num_accesses += thisrun_accesses;
1889 LOG_ERROR("BUG: we shouldn't get here");
1894 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1897 for (i=0; i<=last_reg; i++)
1898 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1900 arm7_9->read_xpsr(target, &cpsr, 0);
1901 if ((retval = jtag_execute_queue()) != ERROR_OK)
1903 LOG_ERROR("JTAG error while reading cpsr");
1904 return ERROR_TARGET_DATA_ABORT;
1907 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1909 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1911 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1913 return ERROR_TARGET_DATA_ABORT;
1919 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1921 armv4_5_common_t *armv4_5 = target->arch_info;
1922 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1923 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1926 int num_accesses = 0;
1927 int thisrun_accesses;
1933 #ifdef _DEBUG_ARM7_9_
1934 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1937 if (target->state != TARGET_HALTED)
1939 LOG_WARNING("target not halted");
1940 return ERROR_TARGET_NOT_HALTED;
1943 /* sanitize arguments */
1944 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1945 return ERROR_INVALID_ARGUMENTS;
1947 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1948 return ERROR_TARGET_UNALIGNED_ACCESS;
1950 /* load the base register with the address of the first word */
1952 arm7_9->write_core_regs(target, 0x1, reg);
1954 /* Clear DBGACK, to make sure memory fetches work as expected */
1955 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1956 embeddedice_store_reg(dbg_ctrl);
1961 while (num_accesses < count)
1964 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1965 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1967 for (i = 1; i <= thisrun_accesses; i++)
1971 reg[i] = target_buffer_get_u32(target, buffer);
1975 arm7_9->write_core_regs(target, reg_list, reg);
1977 arm7_9->store_word_regs(target, reg_list);
1979 /* fast memory writes are only safe when the target is running
1980 * from a sufficiently high clock (32 kHz is usually too slow)
1982 if (arm7_9->fast_memory_access)
1983 arm7_9_execute_fast_sys_speed(target);
1985 arm7_9_execute_sys_speed(target);
1987 num_accesses += thisrun_accesses;
1991 while (num_accesses < count)
1994 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1995 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1997 for (i = 1; i <= thisrun_accesses; i++)
2001 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2005 arm7_9->write_core_regs(target, reg_list, reg);
2007 for (i = 1; i <= thisrun_accesses; i++)
2009 arm7_9->store_hword_reg(target, i);
2011 /* fast memory writes are only safe when the target is running
2012 * from a sufficiently high clock (32 kHz is usually too slow)
2014 if (arm7_9->fast_memory_access)
2015 arm7_9_execute_fast_sys_speed(target);
2017 arm7_9_execute_sys_speed(target);
2020 num_accesses += thisrun_accesses;
2024 while (num_accesses < count)
2027 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2028 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2030 for (i = 1; i <= thisrun_accesses; i++)
2034 reg[i] = *buffer++ & 0xff;
2037 arm7_9->write_core_regs(target, reg_list, reg);
2039 for (i = 1; i <= thisrun_accesses; i++)
2041 arm7_9->store_byte_reg(target, i);
2042 /* fast memory writes are only safe when the target is running
2043 * from a sufficiently high clock (32 kHz is usually too slow)
2045 if (arm7_9->fast_memory_access)
2046 arm7_9_execute_fast_sys_speed(target);
2048 arm7_9_execute_sys_speed(target);
2051 num_accesses += thisrun_accesses;
2055 LOG_ERROR("BUG: we shouldn't get here");
2061 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2062 embeddedice_store_reg(dbg_ctrl);
2064 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2067 for (i=0; i<=last_reg; i++)
2068 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2070 arm7_9->read_xpsr(target, &cpsr, 0);
2071 if ((retval = jtag_execute_queue()) != ERROR_OK)
2073 LOG_ERROR("JTAG error while reading cpsr");
2074 return ERROR_TARGET_DATA_ABORT;
2077 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2079 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2081 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2083 return ERROR_TARGET_DATA_ABORT;
2089 static const u32 dcc_code[] =
2091 /* MRC TST BNE MRC STR B */
2092 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2095 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2097 armv4_5_common_t *armv4_5 = target->arch_info;
2098 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2099 enum armv4_5_state core_state = armv4_5->core_state;
2100 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2101 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2102 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2105 if (!arm7_9->dcc_downloads)
2106 return target->type->write_memory(target, address, 4, count, buffer);
2108 /* regrab previously allocated working_area, or allocate a new one */
2109 if (!arm7_9->dcc_working_area)
2111 u8 dcc_code_buf[6 * 4];
2113 /* make sure we have a working area */
2114 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2116 LOG_INFO("no working area available, falling back to memory writes");
2117 return target->type->write_memory(target, address, 4, count, buffer);
2120 /* copy target instructions to target endianness */
2121 for (i = 0; i < 6; i++)
2123 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2126 /* write DCC code to working area */
2127 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2130 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2131 armv4_5->core_cache->reg_list[0].valid = 1;
2132 armv4_5->core_cache->reg_list[0].dirty = 1;
2133 armv4_5->core_state = ARMV4_5_STATE_ARM;
2135 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2137 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2140 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2141 core function repeated.
2143 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2146 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2147 u8 reg_addr = ice_reg->addr & 0x1f;
2148 int chain_pos = ice_reg->jtag_info->chain_pos;
2150 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2151 buffer += (count-2)*4;
2153 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2156 for (i = 0; i < count; i++)
2158 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2163 target_halt(target);
2165 for (i=0; i<100; i++)
2167 target_poll(target);
2168 if (target->state == TARGET_HALTED)
2170 usleep(1000); /* sleep 1ms */
2174 LOG_ERROR("bulk write timed out, target not halted");
2175 return ERROR_TARGET_TIMEOUT;
2178 /* restore target state */
2179 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2180 armv4_5->core_cache->reg_list[0].valid = 1;
2181 armv4_5->core_cache->reg_list[0].dirty = 1;
2182 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2183 armv4_5->core_cache->reg_list[1].valid = 1;
2184 armv4_5->core_cache->reg_list[1].dirty = 1;
2185 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2186 armv4_5->core_cache->reg_list[15].valid = 1;
2187 armv4_5->core_cache->reg_list[15].dirty = 1;
2188 armv4_5->core_state = core_state;
2193 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2195 working_area_t *crc_algorithm;
2196 armv4_5_algorithm_t armv4_5_info;
2197 reg_param_t reg_params[2];
2200 u32 arm7_9_crc_code[] = {
2201 0xE1A02000, /* mov r2, r0 */
2202 0xE3E00000, /* mov r0, #0xffffffff */
2203 0xE1A03001, /* mov r3, r1 */
2204 0xE3A04000, /* mov r4, #0 */
2205 0xEA00000B, /* b ncomp */
2207 0xE7D21004, /* ldrb r1, [r2, r4] */
2208 0xE59F7030, /* ldr r7, CRC32XOR */
2209 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2210 0xE3A05000, /* mov r5, #0 */
2212 0xE3500000, /* cmp r0, #0 */
2213 0xE1A06080, /* mov r6, r0, asl #1 */
2214 0xE2855001, /* add r5, r5, #1 */
2215 0xE1A00006, /* mov r0, r6 */
2216 0xB0260007, /* eorlt r0, r6, r7 */
2217 0xE3550008, /* cmp r5, #8 */
2218 0x1AFFFFF8, /* bne loop */
2219 0xE2844001, /* add r4, r4, #1 */
2221 0xE1540003, /* cmp r4, r3 */
2222 0x1AFFFFF1, /* bne nbyte */
2224 0xEAFFFFFE, /* b end */
2225 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2230 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2232 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2235 /* convert flash writing code into a buffer in target endianness */
2236 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2237 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2239 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2240 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2241 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2243 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2244 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2246 buf_set_u32(reg_params[0].value, 0, 32, address);
2247 buf_set_u32(reg_params[1].value, 0, 32, count);
2249 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2250 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2252 LOG_ERROR("error executing arm7_9 crc algorithm");
2253 destroy_reg_param(®_params[0]);
2254 destroy_reg_param(®_params[1]);
2255 target_free_working_area(target, crc_algorithm);
2259 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2261 destroy_reg_param(®_params[0]);
2262 destroy_reg_param(®_params[1]);
2264 target_free_working_area(target, crc_algorithm);
2269 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2271 working_area_t *erase_check_algorithm;
2272 reg_param_t reg_params[3];
2273 armv4_5_algorithm_t armv4_5_info;
2277 u32 erase_check_code[] =
2280 0xe4d03001, /* ldrb r3, [r0], #1 */
2281 0xe0022003, /* and r2, r2, r3 */
2282 0xe2511001, /* subs r1, r1, #1 */
2283 0x1afffffb, /* bne loop */
2285 0xeafffffe /* b end */
2288 /* make sure we have a working area */
2289 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2291 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2294 /* convert flash writing code into a buffer in target endianness */
2295 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2296 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2298 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2299 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2300 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2302 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2303 buf_set_u32(reg_params[0].value, 0, 32, address);
2305 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2306 buf_set_u32(reg_params[1].value, 0, 32, count);
2308 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2309 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2311 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2312 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2314 destroy_reg_param(®_params[0]);
2315 destroy_reg_param(®_params[1]);
2316 destroy_reg_param(®_params[2]);
2317 target_free_working_area(target, erase_check_algorithm);
2321 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2323 destroy_reg_param(®_params[0]);
2324 destroy_reg_param(®_params[1]);
2325 destroy_reg_param(®_params[2]);
2327 target_free_working_area(target, erase_check_algorithm);
2332 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2334 command_t *arm7_9_cmd;
2336 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2338 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2339 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2341 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2343 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2344 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2345 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2346 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2347 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2348 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2349 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2350 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2352 armv4_5_register_commands(cmd_ctx);
2354 etm_register_commands(cmd_ctx);
2359 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2364 target_t *target = get_current_target(cmd_ctx);
2365 armv4_5_common_t *armv4_5;
2366 arm7_9_common_t *arm7_9;
2368 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2370 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2374 if (target->state != TARGET_HALTED)
2376 command_print(cmd_ctx, "can't write registers while running");
2382 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2386 value = strtoul(args[0], NULL, 0);
2387 spsr = strtol(args[1], NULL, 0);
2389 /* if we're writing the CPSR, mask the T bit */
2393 arm7_9->write_xpsr(target, value, spsr);
2394 if ((retval = jtag_execute_queue()) != ERROR_OK)
2396 LOG_ERROR("JTAG error while writing to xpsr");
2403 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2409 target_t *target = get_current_target(cmd_ctx);
2410 armv4_5_common_t *armv4_5;
2411 arm7_9_common_t *arm7_9;
2413 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2415 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2419 if (target->state != TARGET_HALTED)
2421 command_print(cmd_ctx, "can't write registers while running");
2427 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2431 value = strtoul(args[0], NULL, 0);
2432 rotate = strtol(args[1], NULL, 0);
2433 spsr = strtol(args[2], NULL, 0);
2435 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2436 if ((retval = jtag_execute_queue()) != ERROR_OK)
2438 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2445 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2450 target_t *target = get_current_target(cmd_ctx);
2451 armv4_5_common_t *armv4_5;
2452 arm7_9_common_t *arm7_9;
2454 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2456 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2460 if (target->state != TARGET_HALTED)
2462 command_print(cmd_ctx, "can't write registers while running");
2468 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2472 num = strtol(args[0], NULL, 0);
2473 mode = strtoul(args[1], NULL, 0);
2474 value = strtoul(args[2], NULL, 0);
2476 arm7_9_write_core_reg(target, num, mode, value);
2482 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2484 target_t *target = get_current_target(cmd_ctx);
2485 armv4_5_common_t *armv4_5;
2486 arm7_9_common_t *arm7_9;
2488 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2490 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2496 if (strcmp("enable", args[0]) == 0)
2498 arm7_9->use_dbgrq = 1;
2500 else if (strcmp("disable", args[0]) == 0)
2502 arm7_9->use_dbgrq = 0;
2506 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2510 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2515 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2517 target_t *target = get_current_target(cmd_ctx);
2518 armv4_5_common_t *armv4_5;
2519 arm7_9_common_t *arm7_9;
2521 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2523 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2529 if (strcmp("enable", args[0]) == 0)
2531 arm7_9->fast_memory_access = 1;
2533 else if (strcmp("disable", args[0]) == 0)
2535 arm7_9->fast_memory_access = 0;
2539 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2543 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2548 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2550 target_t *target = get_current_target(cmd_ctx);
2551 armv4_5_common_t *armv4_5;
2552 arm7_9_common_t *arm7_9;
2554 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2556 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2562 if (strcmp("enable", args[0]) == 0)
2564 arm7_9->dcc_downloads = 1;
2566 else if (strcmp("disable", args[0]) == 0)
2568 arm7_9->dcc_downloads = 0;
2572 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2576 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2581 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2583 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2585 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2587 arm_jtag_setup_connection(&arm7_9->jtag_info);
2588 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2589 arm7_9->wp_available_max = 2;
2590 arm7_9->sw_breakpoints_added = 0;
2591 arm7_9->breakpoint_count = 0;
2592 arm7_9->wp0_used = 0;
2593 arm7_9->wp1_used = 0;
2594 arm7_9->wp1_used_default = 0;
2595 arm7_9->use_dbgrq = 0;
2597 arm7_9->etm_ctx = NULL;
2598 arm7_9->has_single_step = 0;
2599 arm7_9->has_monitor_mode = 0;
2600 arm7_9->has_vector_catch = 0;
2602 arm7_9->debug_entry_from_reset = 0;
2604 arm7_9->dcc_working_area = NULL;
2606 arm7_9->fast_memory_access = fast_and_dangerous;
2607 arm7_9->dcc_downloads = fast_and_dangerous;
2609 arm7_9->need_bypass_before_restart = 0;
2611 armv4_5->arch_info = arm7_9;
2612 armv4_5->read_core_reg = arm7_9_read_core_reg;
2613 armv4_5->write_core_reg = arm7_9_write_core_reg;
2614 armv4_5->full_context = arm7_9_full_context;
2616 armv4_5_init_arch_info(target, armv4_5);
2618 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);