1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
27 #include "replacements.h"
29 #include "embeddedice.h"
31 #include "target_request.h"
36 #include "arm7_9_common.h"
37 #include "breakpoints.h"
43 #include <sys/types.h>
48 int arm7_9_debug_entry(target_t *target);
49 int arm7_9_enable_sw_bkpts(struct target_s *target);
51 /* command handler forward declarations */
52 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
53 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
62 /* FIX!!! this needs to be overrideable by e.g. fereceon*/
63 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
65 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
66 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
67 arm7_9->sw_breakpoints_added = 0;
70 arm7_9->wp_available = 2;
72 return jtag_execute_queue();
75 /* set up embedded ice registers */
76 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
78 if (arm7_9->sw_breakpoints_added)
82 if (arm7_9->wp_available < 1)
84 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
85 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
87 arm7_9->wp_available--;
89 /* pick a breakpoint unit */
90 if (!arm7_9->wp0_used)
92 arm7_9->sw_breakpoints_added=1;
94 } else if (!arm7_9->wp1_used)
96 arm7_9->sw_breakpoints_added=2;
101 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
105 if (arm7_9->sw_breakpoints_added==1)
107 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
108 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
109 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
113 else if (arm7_9->sw_breakpoints_added==2)
115 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
116 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
117 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
123 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
127 return jtag_execute_queue();
130 /* set things up after a reset / on startup */
131 int arm7_9_setup(target_t *target)
133 armv4_5_common_t *armv4_5 = target->arch_info;
134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
136 return arm7_9_clear_watchpoints(arm7_9);
140 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
142 armv4_5_common_t *armv4_5 = target->arch_info;
143 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
145 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
150 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
155 *armv4_5_p = armv4_5;
161 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
162 * might have erased the values in embedded ice
164 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
166 armv4_5_common_t *armv4_5 = target->arch_info;
167 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
170 if (target->state != TARGET_HALTED)
172 LOG_WARNING("target not halted");
173 return ERROR_TARGET_NOT_HALTED;
176 if (breakpoint->type == BKPT_HARD)
178 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
179 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
180 if (breakpoint->set==1)
182 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
183 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
184 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
188 else if (breakpoint->set==2)
190 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
191 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
192 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
198 LOG_ERROR("BUG: no hardware comparator available");
202 retval=jtag_execute_queue();
204 else if (breakpoint->type == BKPT_SOFT)
206 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
209 /* did we already set this breakpoint? */
213 if (breakpoint->length == 4)
215 u32 verify = 0xffffffff;
216 /* keep the original instruction in target endianness */
217 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
218 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
219 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
221 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
222 if (verify != arm7_9->arm_bkpt)
224 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
231 /* keep the original instruction in target endianness */
232 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
233 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
234 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
236 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
237 if (verify != arm7_9->thumb_bkpt)
239 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
250 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
252 armv4_5_common_t *armv4_5 = target->arch_info;
253 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
255 if (!breakpoint->set)
257 LOG_WARNING("breakpoint not set");
261 if (breakpoint->type == BKPT_HARD)
263 if (breakpoint->set == 1)
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
266 arm7_9->wp0_used = 0;
268 else if (breakpoint->set == 2)
270 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
271 arm7_9->wp1_used = 0;
273 jtag_execute_queue();
278 /* restore original instruction (kept in target endianness) */
279 if (breakpoint->length == 4)
282 /* check that user program as not modified breakpoint instruction */
283 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
284 if (current_instr==arm7_9->arm_bkpt)
285 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
290 /* check that user program as not modified breakpoint instruction */
291 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
292 if (current_instr==arm7_9->thumb_bkpt)
293 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
301 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
303 armv4_5_common_t *armv4_5 = target->arch_info;
304 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
306 if (target->state != TARGET_HALTED)
308 LOG_WARNING("target not halted");
309 return ERROR_TARGET_NOT_HALTED;
312 if (arm7_9->breakpoint_count==0)
314 /* make sure we don't have any dangling breakpoints. This is vital upon
315 * GDB connect/disconnect
317 arm7_9_clear_watchpoints(arm7_9);
320 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
322 LOG_INFO("no watchpoint unit available for hardware breakpoint");
323 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
326 if ((breakpoint->length != 2) && (breakpoint->length != 4))
328 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
329 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
332 if (breakpoint->type == BKPT_HARD)
334 arm7_9->wp_available--;
336 if (!arm7_9->wp0_used)
338 arm7_9->wp0_used = 1;
341 else if (!arm7_9->wp1_used)
343 arm7_9->wp1_used = 1;
348 LOG_ERROR("BUG: no hardware comparator available");
353 arm7_9->breakpoint_count++;
355 return arm7_9_set_breakpoint(target, breakpoint);
358 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
360 armv4_5_common_t *armv4_5 = target->arch_info;
361 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
363 arm7_9_unset_breakpoint(target, breakpoint);
365 if (breakpoint->type == BKPT_HARD)
366 arm7_9->wp_available++;
368 arm7_9->breakpoint_count--;
369 if (arm7_9->breakpoint_count==0)
371 /* make sure we don't have any dangling breakpoints */
372 arm7_9_clear_watchpoints(arm7_9);
378 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
380 armv4_5_common_t *armv4_5 = target->arch_info;
381 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
385 mask = watchpoint->length - 1;
387 if (target->state != TARGET_HALTED)
389 LOG_WARNING("target not halted");
390 return ERROR_TARGET_NOT_HALTED;
393 if (watchpoint->rw == WPT_ACCESS)
398 if (!arm7_9->wp0_used)
400 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
401 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
402 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
403 if( watchpoint->mask != 0xffffffffu )
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
406 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
408 jtag_execute_queue();
410 arm7_9->wp0_used = 2;
412 else if (!arm7_9->wp1_used)
414 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
415 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
416 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
417 if( watchpoint->mask != 0xffffffffu )
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
420 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
422 jtag_execute_queue();
424 arm7_9->wp1_used = 2;
428 LOG_ERROR("BUG: no hardware comparator available");
435 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
437 armv4_5_common_t *armv4_5 = target->arch_info;
438 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
440 if (target->state != TARGET_HALTED)
442 LOG_WARNING("target not halted");
443 return ERROR_TARGET_NOT_HALTED;
446 if (!watchpoint->set)
448 LOG_WARNING("breakpoint not set");
452 if (watchpoint->set == 1)
454 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
455 jtag_execute_queue();
456 arm7_9->wp0_used = 0;
458 else if (watchpoint->set == 2)
460 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
461 jtag_execute_queue();
462 arm7_9->wp1_used = 0;
469 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
471 armv4_5_common_t *armv4_5 = target->arch_info;
472 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
474 if (target->state != TARGET_HALTED)
476 LOG_WARNING("target not halted");
477 return ERROR_TARGET_NOT_HALTED;
480 if (arm7_9->wp_available < 1)
482 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
485 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
487 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
490 arm7_9->wp_available--;
495 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
497 armv4_5_common_t *armv4_5 = target->arch_info;
498 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
502 arm7_9_unset_watchpoint(target, watchpoint);
505 arm7_9->wp_available++;
513 int arm7_9_execute_sys_speed(struct target_s *target)
518 armv4_5_common_t *armv4_5 = target->arch_info;
519 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
520 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
521 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
523 /* set RESTART instruction */
524 jtag_add_end_state(TAP_RTI);
525 if (arm7_9->need_bypass_before_restart) {
526 arm7_9->need_bypass_before_restart = 0;
527 arm_jtag_set_instr(jtag_info, 0xf, NULL);
529 arm_jtag_set_instr(jtag_info, 0x4, NULL);
531 for (timeout=0; timeout<50; timeout++)
533 /* read debug status register */
534 embeddedice_read_reg(dbg_stat);
535 if ((retval = jtag_execute_queue()) != ERROR_OK)
537 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
538 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
544 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
545 return ERROR_TARGET_TIMEOUT;
551 int arm7_9_execute_fast_sys_speed(struct target_s *target)
554 static u8 check_value[4], check_mask[4];
556 armv4_5_common_t *armv4_5 = target->arch_info;
557 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
558 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
559 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
561 /* set RESTART instruction */
562 jtag_add_end_state(TAP_RTI);
563 if (arm7_9->need_bypass_before_restart) {
564 arm7_9->need_bypass_before_restart = 0;
565 arm_jtag_set_instr(jtag_info, 0xf, NULL);
567 arm_jtag_set_instr(jtag_info, 0x4, NULL);
571 /* check for DBGACK and SYSCOMP set (others don't care) */
573 /* NB! These are constants that must be available until after next jtag_execute() and
574 we evaluate the values upon first execution in lieu of setting up these constants
577 buf_set_u32(check_value, 0, 32, 0x9);
578 buf_set_u32(check_mask, 0, 32, 0x9);
582 /* read debug status register */
583 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
588 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
590 armv4_5_common_t *armv4_5 = target->arch_info;
591 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
592 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
596 data = malloc(size * (sizeof(u32)));
598 embeddedice_receive(jtag_info, data, size);
600 for (i = 0; i < size; i++)
602 h_u32_to_le(buffer + (i * 4), data[i]);
610 int arm7_9_handle_target_request(void *priv)
612 target_t *target = priv;
613 if (!target->type->examined)
615 armv4_5_common_t *armv4_5 = target->arch_info;
616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
617 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
618 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
621 if (!target->dbg_msg_enabled)
624 if (target->state == TARGET_RUNNING)
626 /* read DCC control register */
627 embeddedice_read_reg(dcc_control);
628 jtag_execute_queue();
631 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
635 embeddedice_receive(jtag_info, &request, 1);
636 target_request(target, request);
643 int arm7_9_poll(target_t *target)
646 armv4_5_common_t *armv4_5 = target->arch_info;
647 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
648 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
650 /* read debug status register */
651 embeddedice_read_reg(dbg_stat);
652 if ((retval = jtag_execute_queue()) != ERROR_OK)
657 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
659 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
660 if (target->state == TARGET_UNKNOWN)
662 target->state = TARGET_RUNNING;
663 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
665 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
668 if (target->state == TARGET_RESET)
670 if (target->reset_halt)
672 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
679 target->state = TARGET_HALTED;
681 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
686 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
687 u32 t=*((u32 *)reg->value);
690 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
694 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
696 if (target->state == TARGET_DEBUG_RUNNING)
698 target->state = TARGET_HALTED;
699 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
702 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
704 if (target->state != TARGET_HALTED)
706 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
711 if (target->state != TARGET_DEBUG_RUNNING)
712 target->state = TARGET_RUNNING;
719 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
720 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
721 while the core is held in reset(SRST). It isn't possible to program the halt
722 condition once reset was asserted, hence a hook that allows the target to set
723 up its reset-halt condition prior to asserting reset.
726 int arm7_9_assert_reset(target_t *target)
728 armv4_5_common_t *armv4_5 = target->arch_info;
729 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
730 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
732 if (!(jtag_reset_config & RESET_HAS_SRST))
734 LOG_ERROR("Can't assert SRST");
738 if (target->reset_halt)
741 * Some targets do not support communication while SRST is asserted. We need to
742 * set up the reset vector catch here.
744 * If TRST is asserted, then these settings will be reset anyway, so setting them
747 if (arm7_9->has_vector_catch)
749 /* program vector catch register to catch reset vector */
750 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
754 /* program watchpoint unit to match on reset vector address */
755 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
756 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
757 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
758 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
759 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
763 /* here we should issue a srst only, but we may have to assert trst as well */
764 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
766 jtag_add_reset(1, 1);
769 jtag_add_reset(0, 1);
773 target->state = TARGET_RESET;
774 jtag_add_sleep(50000);
776 armv4_5_invalidate_core_regs(target);
778 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
780 /* debug entry was already prepared in arm7_9_assert_reset() */
781 target->debug_reason = DBG_REASON_DBGRQ;
788 int arm7_9_deassert_reset(target_t *target)
791 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
793 /* deassert reset lines */
794 jtag_add_reset(0, 0);
796 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
798 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
799 /* set up embedded ice registers again */
800 if ((retval=target->type->examine(target))!=ERROR_OK)
803 if ((retval=target_poll(target))!=ERROR_OK)
808 if ((retval=target_halt(target))!=ERROR_OK)
817 int arm7_9_clear_halt(target_t *target)
819 armv4_5_common_t *armv4_5 = target->arch_info;
820 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
821 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
823 /* we used DBGRQ only if we didn't come out of reset */
824 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
826 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
828 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
829 embeddedice_store_reg(dbg_ctrl);
833 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
835 /* if we came out of reset, and vector catch is supported, we used
836 * vector catch to enter debug state
837 * restore the register in that case
839 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
843 /* restore registers if watchpoint unit 0 was in use
845 if (arm7_9->wp0_used)
847 if (arm7_9->debug_entry_from_reset)
849 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
851 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
852 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
853 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
855 /* control value always has to be restored, as it was either disabled,
856 * or enabled with possibly different bits
858 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
865 int arm7_9_soft_reset_halt(struct target_s *target)
867 armv4_5_common_t *armv4_5 = target->arch_info;
868 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
869 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
870 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
874 if ((retval=target_halt(target))!=ERROR_OK)
879 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
881 embeddedice_read_reg(dbg_stat);
882 if ((retval=jtag_execute_queue())!=ERROR_OK)
884 /* do not eat all CPU, time out after 1 se*/
890 LOG_ERROR("Failed to halt CPU after 1 sec");
891 return ERROR_TARGET_TIMEOUT;
893 target->state = TARGET_HALTED;
895 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
896 * ensure that DBGRQ is cleared
898 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
899 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
900 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
901 embeddedice_store_reg(dbg_ctrl);
903 arm7_9_clear_halt(target);
905 /* if the target is in Thumb state, change to ARM state */
906 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
908 u32 r0_thumb, pc_thumb;
909 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
910 /* Entered debug from Thumb mode */
911 armv4_5->core_state = ARMV4_5_STATE_THUMB;
912 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
915 /* all register content is now invalid */
916 armv4_5_invalidate_core_regs(target);
918 /* SVC, ARM state, IRQ and FIQ disabled */
919 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
920 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
921 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
923 /* start fetching from 0x0 */
924 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
925 armv4_5->core_cache->reg_list[15].dirty = 1;
926 armv4_5->core_cache->reg_list[15].valid = 1;
928 armv4_5->core_mode = ARMV4_5_MODE_SVC;
929 armv4_5->core_state = ARMV4_5_STATE_ARM;
931 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
934 /* reset registers */
935 for (i = 0; i <= 14; i++)
937 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
938 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
939 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
942 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
947 int arm7_9_halt(target_t *target)
949 if (target->state==TARGET_RESET)
951 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
955 armv4_5_common_t *armv4_5 = target->arch_info;
956 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
957 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
959 LOG_DEBUG("target->state: %s", target_state_strings[target->state]);
961 if (target->state == TARGET_HALTED)
963 LOG_DEBUG("target was already halted");
967 if (target->state == TARGET_UNKNOWN)
969 LOG_WARNING("target was in unknown state when halt was requested");
972 if (arm7_9->use_dbgrq)
974 /* program EmbeddedICE Debug Control Register to assert DBGRQ
976 if (arm7_9->set_special_dbgrq) {
977 arm7_9->set_special_dbgrq(target);
979 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
980 embeddedice_store_reg(dbg_ctrl);
985 /* program watchpoint unit to match on any address
987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
990 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
993 target->debug_reason = DBG_REASON_DBGRQ;
998 int arm7_9_debug_entry(target_t *target)
1003 u32 r0_thumb, pc_thumb;
1006 /* get pointers to arch-specific information */
1007 armv4_5_common_t *armv4_5 = target->arch_info;
1008 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1009 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1010 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1012 #ifdef _DEBUG_ARM7_9_
1016 if (arm7_9->pre_debug_entry)
1017 arm7_9->pre_debug_entry(target);
1019 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1020 * ensure that DBGRQ is cleared
1022 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1023 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1024 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1025 embeddedice_store_reg(dbg_ctrl);
1027 arm7_9_clear_halt(target);
1029 if ((retval = jtag_execute_queue()) != ERROR_OK)
1034 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1038 if (target->state != TARGET_HALTED)
1040 LOG_WARNING("target not halted");
1041 return ERROR_TARGET_NOT_HALTED;
1044 /* if the target is in Thumb state, change to ARM state */
1045 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1047 LOG_DEBUG("target entered debug from Thumb state");
1048 /* Entered debug from Thumb mode */
1049 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1050 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1051 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1055 LOG_DEBUG("target entered debug from ARM state");
1056 /* Entered debug from ARM mode */
1057 armv4_5->core_state = ARMV4_5_STATE_ARM;
1060 for (i = 0; i < 16; i++)
1061 context_p[i] = &context[i];
1062 /* save core registers (r0 - r15 of current core mode) */
1063 arm7_9->read_core_regs(target, 0xffff, context_p);
1065 arm7_9->read_xpsr(target, &cpsr, 0);
1067 if ((retval = jtag_execute_queue()) != ERROR_OK)
1070 /* if the core has been executing in Thumb state, set the T bit */
1071 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1074 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1075 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1076 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1078 armv4_5->core_mode = cpsr & 0x1f;
1080 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1082 target->state = TARGET_UNKNOWN;
1083 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1084 return ERROR_TARGET_FAILURE;
1087 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1089 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1091 LOG_DEBUG("thumb state, applying fixups");
1092 context[0] = r0_thumb;
1093 context[15] = pc_thumb;
1094 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1096 /* adjust value stored by STM */
1097 context[15] -= 3 * 4;
1100 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1101 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1102 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1103 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1104 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1105 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1106 else if (target->debug_reason == DBG_REASON_DBGRQ)
1107 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1110 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1113 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1116 for (i=0; i<=15; i++)
1118 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1119 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1120 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1121 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1124 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1126 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1129 /* exceptions other than USR & SYS have a saved program status register */
1130 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1133 arm7_9->read_xpsr(target, &spsr, 1);
1134 jtag_execute_queue();
1135 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1136 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1137 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1140 /* r0 and r15 (pc) have to be restored later */
1141 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1142 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1144 if ((retval = jtag_execute_queue()) != ERROR_OK)
1147 if (arm7_9->post_debug_entry)
1148 arm7_9->post_debug_entry(target);
1153 int arm7_9_full_context(target_t *target)
1157 armv4_5_common_t *armv4_5 = target->arch_info;
1158 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1162 if (target->state != TARGET_HALTED)
1164 LOG_WARNING("target not halted");
1165 return ERROR_TARGET_NOT_HALTED;
1168 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1171 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1172 * SYS shares registers with User, so we don't touch SYS
1174 for(i = 0; i < 6; i++)
1181 /* check if there are invalid registers in the current mode
1183 for (j = 0; j <= 16; j++)
1185 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1193 /* change processor mode (and mask T bit) */
1194 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1195 tmp_cpsr |= armv4_5_number_to_mode(i);
1197 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1199 for (j = 0; j < 15; j++)
1201 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1203 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1205 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1206 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1210 /* if only the PSR is invalid, mask is all zeroes */
1212 arm7_9->read_core_regs(target, mask, reg_p);
1214 /* check if the PSR has to be read */
1215 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1217 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1218 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1219 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1224 /* restore processor mode (mask T bit) */
1225 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1227 if ((retval = jtag_execute_queue()) != ERROR_OK)
1234 int arm7_9_restore_context(target_t *target)
1236 armv4_5_common_t *armv4_5 = target->arch_info;
1237 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1239 armv4_5_core_reg_t *reg_arch_info;
1240 enum armv4_5_mode current_mode = armv4_5->core_mode;
1247 if (target->state != TARGET_HALTED)
1249 LOG_WARNING("target not halted");
1250 return ERROR_TARGET_NOT_HALTED;
1253 if (arm7_9->pre_restore_context)
1254 arm7_9->pre_restore_context(target);
1256 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1259 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1260 * SYS shares registers with User, so we don't touch SYS
1262 for (i = 0; i < 6; i++)
1264 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1267 /* check if there are dirty registers in the current mode
1269 for (j = 0; j <= 16; j++)
1271 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1272 reg_arch_info = reg->arch_info;
1273 if (reg->dirty == 1)
1275 if (reg->valid == 1)
1278 LOG_DEBUG("examining dirty reg: %s", reg->name);
1279 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1280 && (reg_arch_info->mode != current_mode)
1281 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1282 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1285 LOG_DEBUG("require mode change");
1290 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1305 /* change processor mode (mask T bit) */
1306 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1307 tmp_cpsr |= armv4_5_number_to_mode(i);
1309 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1310 current_mode = armv4_5_number_to_mode(i);
1313 for (j = 0; j <= 14; j++)
1315 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1316 reg_arch_info = reg->arch_info;
1319 if (reg->dirty == 1)
1321 regs[j] = buf_get_u32(reg->value, 0, 32);
1326 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1332 arm7_9->write_core_regs(target, mask, regs);
1335 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1336 reg_arch_info = reg->arch_info;
1337 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1339 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1340 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1345 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1347 /* restore processor mode (mask T bit) */
1350 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1351 tmp_cpsr |= armv4_5_number_to_mode(i);
1353 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1354 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1356 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1358 /* CPSR has been changed, full restore necessary (mask T bit) */
1359 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1360 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1361 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1362 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1366 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1367 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1368 armv4_5->core_cache->reg_list[15].dirty = 0;
1370 if (arm7_9->post_restore_context)
1371 arm7_9->post_restore_context(target);
1376 int arm7_9_restart_core(struct target_s *target)
1378 armv4_5_common_t *armv4_5 = target->arch_info;
1379 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1380 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1382 /* set RESTART instruction */
1383 jtag_add_end_state(TAP_RTI);
1384 if (arm7_9->need_bypass_before_restart) {
1385 arm7_9->need_bypass_before_restart = 0;
1386 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1388 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1390 jtag_add_runtest(1, TAP_RTI);
1391 return jtag_execute_queue();
1394 void arm7_9_enable_watchpoints(struct target_s *target)
1396 watchpoint_t *watchpoint = target->watchpoints;
1400 if (watchpoint->set == 0)
1401 arm7_9_set_watchpoint(target, watchpoint);
1402 watchpoint = watchpoint->next;
1406 void arm7_9_enable_breakpoints(struct target_s *target)
1408 breakpoint_t *breakpoint = target->breakpoints;
1410 /* set any pending breakpoints */
1413 arm7_9_set_breakpoint(target, breakpoint);
1414 breakpoint = breakpoint->next;
1419 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1421 armv4_5_common_t *armv4_5 = target->arch_info;
1422 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1423 breakpoint_t *breakpoint = target->breakpoints;
1424 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1429 if (target->state != TARGET_HALTED)
1431 LOG_WARNING("target not halted");
1432 return ERROR_TARGET_NOT_HALTED;
1435 if (!debug_execution)
1437 target_free_all_working_areas(target);
1440 /* current = 1: continue on current pc, otherwise continue at <address> */
1442 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1444 /* the front-end may request us not to handle breakpoints */
1445 if (handle_breakpoints)
1447 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1449 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1450 arm7_9_unset_breakpoint(target, breakpoint);
1452 LOG_DEBUG("enable single-step");
1453 arm7_9->enable_single_step(target);
1455 target->debug_reason = DBG_REASON_SINGLESTEP;
1457 arm7_9_restore_context(target);
1459 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1460 arm7_9->branch_resume(target);
1461 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1463 arm7_9->branch_resume_thumb(target);
1467 LOG_ERROR("unhandled core state");
1471 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1472 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1473 err = arm7_9_execute_sys_speed(target);
1475 LOG_DEBUG("disable single-step");
1476 arm7_9->disable_single_step(target);
1478 if (err != ERROR_OK)
1480 arm7_9_set_breakpoint(target, breakpoint);
1481 target->state = TARGET_UNKNOWN;
1485 arm7_9_debug_entry(target);
1486 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1488 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1489 arm7_9_set_breakpoint(target, breakpoint);
1493 /* enable any pending breakpoints and watchpoints */
1494 arm7_9_enable_breakpoints(target);
1495 arm7_9_enable_watchpoints(target);
1497 arm7_9_restore_context(target);
1499 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1501 arm7_9->branch_resume(target);
1503 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1505 arm7_9->branch_resume_thumb(target);
1509 LOG_ERROR("unhandled core state");
1513 /* deassert DBGACK and INTDIS */
1514 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1515 /* INTDIS only when we really resume, not during debug execution */
1516 if (!debug_execution)
1517 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1518 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1520 arm7_9_restart_core(target);
1522 target->debug_reason = DBG_REASON_NOTHALTED;
1524 if (!debug_execution)
1526 /* registers are now invalid */
1527 armv4_5_invalidate_core_regs(target);
1528 target->state = TARGET_RUNNING;
1529 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1533 target->state = TARGET_DEBUG_RUNNING;
1534 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1537 LOG_DEBUG("target resumed");
1542 void arm7_9_enable_eice_step(target_t *target)
1544 armv4_5_common_t *armv4_5 = target->arch_info;
1545 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1547 /* setup an inverse breakpoint on the current PC
1548 * - comparator 1 matches the current address
1549 * - rangeout from comparator 1 is connected to comparator 0 rangein
1550 * - comparator 0 matches any address, as long as rangein is low */
1551 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1552 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1553 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1554 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1555 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1556 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1557 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1558 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1559 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1562 void arm7_9_disable_eice_step(target_t *target)
1564 armv4_5_common_t *armv4_5 = target->arch_info;
1565 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1567 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1568 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1569 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1570 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1571 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1572 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1573 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1574 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1575 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1578 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1580 armv4_5_common_t *armv4_5 = target->arch_info;
1581 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1582 breakpoint_t *breakpoint = NULL;
1585 if (target->state != TARGET_HALTED)
1587 LOG_WARNING("target not halted");
1588 return ERROR_TARGET_NOT_HALTED;
1591 /* current = 1: continue on current pc, otherwise continue at <address> */
1593 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1595 /* the front-end may request us not to handle breakpoints */
1596 if (handle_breakpoints)
1597 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1598 arm7_9_unset_breakpoint(target, breakpoint);
1600 target->debug_reason = DBG_REASON_SINGLESTEP;
1602 arm7_9_restore_context(target);
1604 arm7_9->enable_single_step(target);
1606 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1608 arm7_9->branch_resume(target);
1610 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1612 arm7_9->branch_resume_thumb(target);
1616 LOG_ERROR("unhandled core state");
1620 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1622 err = arm7_9_execute_sys_speed(target);
1623 arm7_9->disable_single_step(target);
1625 /* registers are now invalid */
1626 armv4_5_invalidate_core_regs(target);
1628 if (err != ERROR_OK)
1630 target->state = TARGET_UNKNOWN;
1632 arm7_9_debug_entry(target);
1633 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1634 LOG_DEBUG("target stepped");
1638 arm7_9_set_breakpoint(target, breakpoint);
1644 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1649 armv4_5_common_t *armv4_5 = target->arch_info;
1650 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1652 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1655 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1657 if ((num < 0) || (num > 16))
1658 return ERROR_INVALID_ARGUMENTS;
1660 if ((mode != ARMV4_5_MODE_ANY)
1661 && (mode != armv4_5->core_mode)
1662 && (reg_mode != ARMV4_5_MODE_ANY))
1666 /* change processor mode (mask T bit) */
1667 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1670 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1673 if ((num >= 0) && (num <= 15))
1675 /* read a normal core register */
1676 reg_p[num] = &value;
1678 arm7_9->read_core_regs(target, 1 << num, reg_p);
1682 /* read a program status register
1683 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1685 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1686 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1688 arm7_9->read_xpsr(target, &value, spsr);
1691 if ((retval = jtag_execute_queue()) != ERROR_OK)
1696 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1697 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1698 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1700 if ((mode != ARMV4_5_MODE_ANY)
1701 && (mode != armv4_5->core_mode)
1702 && (reg_mode != ARMV4_5_MODE_ANY)) {
1703 /* restore processor mode (mask T bit) */
1704 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1711 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1714 armv4_5_common_t *armv4_5 = target->arch_info;
1715 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1717 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1720 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1722 if ((num < 0) || (num > 16))
1723 return ERROR_INVALID_ARGUMENTS;
1725 if ((mode != ARMV4_5_MODE_ANY)
1726 && (mode != armv4_5->core_mode)
1727 && (reg_mode != ARMV4_5_MODE_ANY)) {
1730 /* change processor mode (mask T bit) */
1731 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1734 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1737 if ((num >= 0) && (num <= 15))
1739 /* write a normal core register */
1742 arm7_9->write_core_regs(target, 1 << num, reg);
1746 /* write a program status register
1747 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1749 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1750 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1752 /* if we're writing the CPSR, mask the T bit */
1756 arm7_9->write_xpsr(target, value, spsr);
1759 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1760 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1762 if ((mode != ARMV4_5_MODE_ANY)
1763 && (mode != armv4_5->core_mode)
1764 && (reg_mode != ARMV4_5_MODE_ANY)) {
1765 /* restore processor mode (mask T bit) */
1766 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1769 return jtag_execute_queue();
1772 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1774 armv4_5_common_t *armv4_5 = target->arch_info;
1775 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1778 int num_accesses = 0;
1779 int thisrun_accesses;
1785 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1787 if (target->state != TARGET_HALTED)
1789 LOG_WARNING("target not halted");
1790 return ERROR_TARGET_NOT_HALTED;
1793 /* sanitize arguments */
1794 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1795 return ERROR_INVALID_ARGUMENTS;
1797 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1798 return ERROR_TARGET_UNALIGNED_ACCESS;
1800 /* load the base register with the address of the first word */
1802 arm7_9->write_core_regs(target, 0x1, reg);
1807 while (num_accesses < count)
1810 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1811 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1813 if (last_reg <= thisrun_accesses)
1814 last_reg = thisrun_accesses;
1816 arm7_9->load_word_regs(target, reg_list);
1818 /* fast memory reads are only safe when the target is running
1819 * from a sufficiently high clock (32 kHz is usually too slow)
1821 if (arm7_9->fast_memory_access)
1822 arm7_9_execute_fast_sys_speed(target);
1824 arm7_9_execute_sys_speed(target);
1826 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1828 /* advance buffer, count number of accesses */
1829 buffer += thisrun_accesses * 4;
1830 num_accesses += thisrun_accesses;
1834 while (num_accesses < count)
1837 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1838 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1840 for (i = 1; i <= thisrun_accesses; i++)
1844 arm7_9->load_hword_reg(target, i);
1845 /* fast memory reads are only safe when the target is running
1846 * from a sufficiently high clock (32 kHz is usually too slow)
1848 if (arm7_9->fast_memory_access)
1849 arm7_9_execute_fast_sys_speed(target);
1851 arm7_9_execute_sys_speed(target);
1854 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1856 /* advance buffer, count number of accesses */
1857 buffer += thisrun_accesses * 2;
1858 num_accesses += thisrun_accesses;
1862 while (num_accesses < count)
1865 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1866 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1868 for (i = 1; i <= thisrun_accesses; i++)
1872 arm7_9->load_byte_reg(target, i);
1873 /* fast memory reads are only safe when the target is running
1874 * from a sufficiently high clock (32 kHz is usually too slow)
1876 if (arm7_9->fast_memory_access)
1877 arm7_9_execute_fast_sys_speed(target);
1879 arm7_9_execute_sys_speed(target);
1882 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1884 /* advance buffer, count number of accesses */
1885 buffer += thisrun_accesses * 1;
1886 num_accesses += thisrun_accesses;
1890 LOG_ERROR("BUG: we shouldn't get here");
1895 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1898 for (i=0; i<=last_reg; i++)
1899 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1901 arm7_9->read_xpsr(target, &cpsr, 0);
1902 if ((retval = jtag_execute_queue()) != ERROR_OK)
1904 LOG_ERROR("JTAG error while reading cpsr");
1905 return ERROR_TARGET_DATA_ABORT;
1908 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1910 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1912 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1914 return ERROR_TARGET_DATA_ABORT;
1920 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1922 armv4_5_common_t *armv4_5 = target->arch_info;
1923 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1924 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1927 int num_accesses = 0;
1928 int thisrun_accesses;
1934 #ifdef _DEBUG_ARM7_9_
1935 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1938 if (target->state != TARGET_HALTED)
1940 LOG_WARNING("target not halted");
1941 return ERROR_TARGET_NOT_HALTED;
1944 /* sanitize arguments */
1945 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1946 return ERROR_INVALID_ARGUMENTS;
1948 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1949 return ERROR_TARGET_UNALIGNED_ACCESS;
1951 /* load the base register with the address of the first word */
1953 arm7_9->write_core_regs(target, 0x1, reg);
1955 /* Clear DBGACK, to make sure memory fetches work as expected */
1956 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1957 embeddedice_store_reg(dbg_ctrl);
1962 while (num_accesses < count)
1965 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1966 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1968 for (i = 1; i <= thisrun_accesses; i++)
1972 reg[i] = target_buffer_get_u32(target, buffer);
1976 arm7_9->write_core_regs(target, reg_list, reg);
1978 arm7_9->store_word_regs(target, reg_list);
1980 /* fast memory writes are only safe when the target is running
1981 * from a sufficiently high clock (32 kHz is usually too slow)
1983 if (arm7_9->fast_memory_access)
1984 arm7_9_execute_fast_sys_speed(target);
1986 arm7_9_execute_sys_speed(target);
1988 num_accesses += thisrun_accesses;
1992 while (num_accesses < count)
1995 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1996 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1998 for (i = 1; i <= thisrun_accesses; i++)
2002 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2006 arm7_9->write_core_regs(target, reg_list, reg);
2008 for (i = 1; i <= thisrun_accesses; i++)
2010 arm7_9->store_hword_reg(target, i);
2012 /* fast memory writes are only safe when the target is running
2013 * from a sufficiently high clock (32 kHz is usually too slow)
2015 if (arm7_9->fast_memory_access)
2016 arm7_9_execute_fast_sys_speed(target);
2018 arm7_9_execute_sys_speed(target);
2021 num_accesses += thisrun_accesses;
2025 while (num_accesses < count)
2028 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2029 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2031 for (i = 1; i <= thisrun_accesses; i++)
2035 reg[i] = *buffer++ & 0xff;
2038 arm7_9->write_core_regs(target, reg_list, reg);
2040 for (i = 1; i <= thisrun_accesses; i++)
2042 arm7_9->store_byte_reg(target, i);
2043 /* fast memory writes are only safe when the target is running
2044 * from a sufficiently high clock (32 kHz is usually too slow)
2046 if (arm7_9->fast_memory_access)
2047 arm7_9_execute_fast_sys_speed(target);
2049 arm7_9_execute_sys_speed(target);
2052 num_accesses += thisrun_accesses;
2056 LOG_ERROR("BUG: we shouldn't get here");
2062 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2063 embeddedice_store_reg(dbg_ctrl);
2065 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2068 for (i=0; i<=last_reg; i++)
2069 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2071 arm7_9->read_xpsr(target, &cpsr, 0);
2072 if ((retval = jtag_execute_queue()) != ERROR_OK)
2074 LOG_ERROR("JTAG error while reading cpsr");
2075 return ERROR_TARGET_DATA_ABORT;
2078 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2080 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2082 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2084 return ERROR_TARGET_DATA_ABORT;
2090 static const u32 dcc_code[] =
2092 /* MRC TST BNE MRC STR B */
2093 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2096 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2098 armv4_5_common_t *armv4_5 = target->arch_info;
2099 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2100 enum armv4_5_state core_state = armv4_5->core_state;
2101 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2102 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2103 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2106 if (!arm7_9->dcc_downloads)
2107 return target->type->write_memory(target, address, 4, count, buffer);
2109 /* regrab previously allocated working_area, or allocate a new one */
2110 if (!arm7_9->dcc_working_area)
2112 u8 dcc_code_buf[6 * 4];
2114 /* make sure we have a working area */
2115 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2117 LOG_INFO("no working area available, falling back to memory writes");
2118 return target->type->write_memory(target, address, 4, count, buffer);
2121 /* copy target instructions to target endianness */
2122 for (i = 0; i < 6; i++)
2124 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2127 /* write DCC code to working area */
2128 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2131 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2132 armv4_5->core_cache->reg_list[0].valid = 1;
2133 armv4_5->core_cache->reg_list[0].dirty = 1;
2134 armv4_5->core_state = ARMV4_5_STATE_ARM;
2136 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2138 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2141 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2142 core function repeated.
2144 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2147 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2148 u8 reg_addr = ice_reg->addr & 0x1f;
2149 int chain_pos = ice_reg->jtag_info->chain_pos;
2151 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2152 buffer += (count-2)*4;
2154 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2157 for (i = 0; i < count; i++)
2159 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2164 target_halt(target);
2166 for (i=0; i<100; i++)
2168 target_poll(target);
2169 if (target->state == TARGET_HALTED)
2171 usleep(1000); /* sleep 1ms */
2175 LOG_ERROR("bulk write timed out, target not halted");
2176 return ERROR_TARGET_TIMEOUT;
2179 /* restore target state */
2180 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2181 armv4_5->core_cache->reg_list[0].valid = 1;
2182 armv4_5->core_cache->reg_list[0].dirty = 1;
2183 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2184 armv4_5->core_cache->reg_list[1].valid = 1;
2185 armv4_5->core_cache->reg_list[1].dirty = 1;
2186 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2187 armv4_5->core_cache->reg_list[15].valid = 1;
2188 armv4_5->core_cache->reg_list[15].dirty = 1;
2189 armv4_5->core_state = core_state;
2194 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2196 working_area_t *crc_algorithm;
2197 armv4_5_algorithm_t armv4_5_info;
2198 reg_param_t reg_params[2];
2201 u32 arm7_9_crc_code[] = {
2202 0xE1A02000, /* mov r2, r0 */
2203 0xE3E00000, /* mov r0, #0xffffffff */
2204 0xE1A03001, /* mov r3, r1 */
2205 0xE3A04000, /* mov r4, #0 */
2206 0xEA00000B, /* b ncomp */
2208 0xE7D21004, /* ldrb r1, [r2, r4] */
2209 0xE59F7030, /* ldr r7, CRC32XOR */
2210 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2211 0xE3A05000, /* mov r5, #0 */
2213 0xE3500000, /* cmp r0, #0 */
2214 0xE1A06080, /* mov r6, r0, asl #1 */
2215 0xE2855001, /* add r5, r5, #1 */
2216 0xE1A00006, /* mov r0, r6 */
2217 0xB0260007, /* eorlt r0, r6, r7 */
2218 0xE3550008, /* cmp r5, #8 */
2219 0x1AFFFFF8, /* bne loop */
2220 0xE2844001, /* add r4, r4, #1 */
2222 0xE1540003, /* cmp r4, r3 */
2223 0x1AFFFFF1, /* bne nbyte */
2225 0xEAFFFFFE, /* b end */
2226 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2231 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2233 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2236 /* convert flash writing code into a buffer in target endianness */
2237 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2238 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2240 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2241 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2242 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2244 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2245 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2247 buf_set_u32(reg_params[0].value, 0, 32, address);
2248 buf_set_u32(reg_params[1].value, 0, 32, count);
2250 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2251 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2253 LOG_ERROR("error executing arm7_9 crc algorithm");
2254 destroy_reg_param(®_params[0]);
2255 destroy_reg_param(®_params[1]);
2256 target_free_working_area(target, crc_algorithm);
2260 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2262 destroy_reg_param(®_params[0]);
2263 destroy_reg_param(®_params[1]);
2265 target_free_working_area(target, crc_algorithm);
2270 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2272 working_area_t *erase_check_algorithm;
2273 reg_param_t reg_params[3];
2274 armv4_5_algorithm_t armv4_5_info;
2278 u32 erase_check_code[] =
2281 0xe4d03001, /* ldrb r3, [r0], #1 */
2282 0xe0022003, /* and r2, r2, r3 */
2283 0xe2511001, /* subs r1, r1, #1 */
2284 0x1afffffb, /* bne loop */
2286 0xeafffffe /* b end */
2289 /* make sure we have a working area */
2290 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2292 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2295 /* convert flash writing code into a buffer in target endianness */
2296 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2297 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2299 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2300 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2301 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2303 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2304 buf_set_u32(reg_params[0].value, 0, 32, address);
2306 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2307 buf_set_u32(reg_params[1].value, 0, 32, count);
2309 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2310 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2312 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2313 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2315 destroy_reg_param(®_params[0]);
2316 destroy_reg_param(®_params[1]);
2317 destroy_reg_param(®_params[2]);
2318 target_free_working_area(target, erase_check_algorithm);
2322 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2324 destroy_reg_param(®_params[0]);
2325 destroy_reg_param(®_params[1]);
2326 destroy_reg_param(®_params[2]);
2328 target_free_working_area(target, erase_check_algorithm);
2333 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2335 command_t *arm7_9_cmd;
2337 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2339 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2340 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2342 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2344 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2345 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2346 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2347 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2348 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2349 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2350 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2351 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2353 armv4_5_register_commands(cmd_ctx);
2355 etm_register_commands(cmd_ctx);
2360 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2365 target_t *target = get_current_target(cmd_ctx);
2366 armv4_5_common_t *armv4_5;
2367 arm7_9_common_t *arm7_9;
2369 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2371 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2375 if (target->state != TARGET_HALTED)
2377 command_print(cmd_ctx, "can't write registers while running");
2383 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2387 value = strtoul(args[0], NULL, 0);
2388 spsr = strtol(args[1], NULL, 0);
2390 /* if we're writing the CPSR, mask the T bit */
2394 arm7_9->write_xpsr(target, value, spsr);
2395 if ((retval = jtag_execute_queue()) != ERROR_OK)
2397 LOG_ERROR("JTAG error while writing to xpsr");
2404 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2410 target_t *target = get_current_target(cmd_ctx);
2411 armv4_5_common_t *armv4_5;
2412 arm7_9_common_t *arm7_9;
2414 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2416 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2420 if (target->state != TARGET_HALTED)
2422 command_print(cmd_ctx, "can't write registers while running");
2428 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2432 value = strtoul(args[0], NULL, 0);
2433 rotate = strtol(args[1], NULL, 0);
2434 spsr = strtol(args[2], NULL, 0);
2436 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2437 if ((retval = jtag_execute_queue()) != ERROR_OK)
2439 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2446 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2451 target_t *target = get_current_target(cmd_ctx);
2452 armv4_5_common_t *armv4_5;
2453 arm7_9_common_t *arm7_9;
2455 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2457 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2461 if (target->state != TARGET_HALTED)
2463 command_print(cmd_ctx, "can't write registers while running");
2469 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2473 num = strtol(args[0], NULL, 0);
2474 mode = strtoul(args[1], NULL, 0);
2475 value = strtoul(args[2], NULL, 0);
2477 arm7_9_write_core_reg(target, num, mode, value);
2483 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2485 target_t *target = get_current_target(cmd_ctx);
2486 armv4_5_common_t *armv4_5;
2487 arm7_9_common_t *arm7_9;
2489 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2491 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2497 if (strcmp("enable", args[0]) == 0)
2499 arm7_9->use_dbgrq = 1;
2501 else if (strcmp("disable", args[0]) == 0)
2503 arm7_9->use_dbgrq = 0;
2507 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2511 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2516 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2518 target_t *target = get_current_target(cmd_ctx);
2519 armv4_5_common_t *armv4_5;
2520 arm7_9_common_t *arm7_9;
2522 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2524 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2530 if (strcmp("enable", args[0]) == 0)
2532 arm7_9->fast_memory_access = 1;
2534 else if (strcmp("disable", args[0]) == 0)
2536 arm7_9->fast_memory_access = 0;
2540 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2544 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2549 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2551 target_t *target = get_current_target(cmd_ctx);
2552 armv4_5_common_t *armv4_5;
2553 arm7_9_common_t *arm7_9;
2555 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2557 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2563 if (strcmp("enable", args[0]) == 0)
2565 arm7_9->dcc_downloads = 1;
2567 else if (strcmp("disable", args[0]) == 0)
2569 arm7_9->dcc_downloads = 0;
2573 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2577 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2582 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2584 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2586 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2588 arm_jtag_setup_connection(&arm7_9->jtag_info);
2589 arm7_9->wp_available = 2;
2590 arm7_9->sw_breakpoints_added = 0;
2591 arm7_9->breakpoint_count = 0;
2592 arm7_9->wp0_used = 0;
2593 arm7_9->wp1_used = 0;
2594 arm7_9->use_dbgrq = 0;
2596 arm7_9->etm_ctx = NULL;
2597 arm7_9->has_single_step = 0;
2598 arm7_9->has_monitor_mode = 0;
2599 arm7_9->has_vector_catch = 0;
2601 arm7_9->debug_entry_from_reset = 0;
2603 arm7_9->dcc_working_area = NULL;
2605 arm7_9->fast_memory_access = fast_and_dangerous;
2606 arm7_9->dcc_downloads = fast_and_dangerous;
2608 arm7_9->need_bypass_before_restart = 0;
2610 armv4_5->arch_info = arm7_9;
2611 armv4_5->read_core_reg = arm7_9_read_core_reg;
2612 armv4_5->write_core_reg = arm7_9_write_core_reg;
2613 armv4_5->full_context = arm7_9_full_context;
2615 armv4_5_init_arch_info(target, armv4_5);
2617 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);
projects / openocd / blob