1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
27 #include "replacements.h"
29 #include "embeddedice.h"
31 #include "target_request.h"
36 #include "arm7_9_common.h"
37 #include "breakpoints.h"
38 #include "time_support.h"
44 #include <sys/types.h>
49 int arm7_9_debug_entry(target_t *target);
50 int arm7_9_enable_sw_bkpts(struct target_s *target);
52 /* command handler forward declarations */
53 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
54 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
55 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
56 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
57 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
58 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
59 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
60 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
63 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
65 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
66 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
67 arm7_9->sw_breakpoints_added = 0;
69 arm7_9->wp1_used = arm7_9->wp1_used_default;
70 arm7_9->wp_available = arm7_9->wp_available_max;
72 return jtag_execute_queue();
75 /* set up embedded ice registers */
76 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
78 if (arm7_9->sw_breakpoints_added)
82 if (arm7_9->wp_available < 1)
84 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
85 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
87 arm7_9->wp_available--;
89 /* pick a breakpoint unit */
90 if (!arm7_9->wp0_used)
92 arm7_9->sw_breakpoints_added=1;
94 } else if (!arm7_9->wp1_used)
96 arm7_9->sw_breakpoints_added=2;
101 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
105 if (arm7_9->sw_breakpoints_added==1)
107 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
108 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
109 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
110 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
111 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
113 else if (arm7_9->sw_breakpoints_added==2)
115 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
116 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
117 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
118 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
119 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
123 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
127 return jtag_execute_queue();
130 /* set things up after a reset / on startup */
131 int arm7_9_setup(target_t *target)
133 armv4_5_common_t *armv4_5 = target->arch_info;
134 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
136 return arm7_9_clear_watchpoints(arm7_9);
140 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
142 armv4_5_common_t *armv4_5 = target->arch_info;
143 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
145 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
150 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
155 *armv4_5_p = armv4_5;
161 /* we set up the breakpoint even if it is already set. Some action, e.g. reset
162 * might have erased the values in embedded ice
164 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
166 armv4_5_common_t *armv4_5 = target->arch_info;
167 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
170 if (target->state != TARGET_HALTED)
172 LOG_WARNING("target not halted");
173 return ERROR_TARGET_NOT_HALTED;
176 if (breakpoint->type == BKPT_HARD)
178 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
179 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
180 if (breakpoint->set==1)
182 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
183 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
184 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
185 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
186 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
188 else if (breakpoint->set==2)
190 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
191 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
192 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
193 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
194 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
198 LOG_ERROR("BUG: no hardware comparator available");
202 retval=jtag_execute_queue();
204 else if (breakpoint->type == BKPT_SOFT)
206 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
209 /* did we already set this breakpoint? */
213 if (breakpoint->length == 4)
215 u32 verify = 0xffffffff;
216 /* keep the original instruction in target endianness */
217 target->type->read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
218 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
219 target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
221 target->type->read_memory(target, breakpoint->address, 4, 1, (u8 *)&verify);
222 if (verify != arm7_9->arm_bkpt)
224 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
231 /* keep the original instruction in target endianness */
232 target->type->read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
233 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
234 target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
236 target->type->read_memory(target, breakpoint->address, 2, 1, (u8 *)&verify);
237 if (verify != arm7_9->thumb_bkpt)
239 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
250 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
252 armv4_5_common_t *armv4_5 = target->arch_info;
253 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
255 if (!breakpoint->set)
257 LOG_WARNING("breakpoint not set");
261 if (breakpoint->type == BKPT_HARD)
263 if (breakpoint->set == 1)
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
266 arm7_9->wp0_used = 0;
268 else if (breakpoint->set == 2)
270 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
271 arm7_9->wp1_used = 0;
273 jtag_execute_queue();
278 /* restore original instruction (kept in target endianness) */
279 if (breakpoint->length == 4)
282 /* check that user program as not modified breakpoint instruction */
283 target->type->read_memory(target, breakpoint->address, 4, 1, (u8*)¤t_instr);
284 if (current_instr==arm7_9->arm_bkpt)
285 target->type->write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
290 /* check that user program as not modified breakpoint instruction */
291 target->type->read_memory(target, breakpoint->address, 2, 1, (u8*)¤t_instr);
292 if (current_instr==arm7_9->thumb_bkpt)
293 target->type->write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
301 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
303 armv4_5_common_t *armv4_5 = target->arch_info;
304 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
306 if (target->state != TARGET_HALTED)
308 LOG_WARNING("target not halted");
309 return ERROR_TARGET_NOT_HALTED;
312 if (arm7_9->breakpoint_count==0)
314 /* make sure we don't have any dangling breakpoints. This is vital upon
315 * GDB connect/disconnect
317 arm7_9_clear_watchpoints(arm7_9);
320 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
322 LOG_INFO("no watchpoint unit available for hardware breakpoint");
323 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
326 if ((breakpoint->length != 2) && (breakpoint->length != 4))
328 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
329 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
332 if (breakpoint->type == BKPT_HARD)
334 arm7_9->wp_available--;
336 if (!arm7_9->wp0_used)
338 arm7_9->wp0_used = 1;
341 else if (!arm7_9->wp1_used)
343 arm7_9->wp1_used = 1;
348 LOG_ERROR("BUG: no hardware comparator available");
353 arm7_9->breakpoint_count++;
355 return arm7_9_set_breakpoint(target, breakpoint);
358 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
360 armv4_5_common_t *armv4_5 = target->arch_info;
361 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
363 arm7_9_unset_breakpoint(target, breakpoint);
365 if (breakpoint->type == BKPT_HARD)
366 arm7_9->wp_available++;
368 arm7_9->breakpoint_count--;
369 if (arm7_9->breakpoint_count==0)
371 /* make sure we don't have any dangling breakpoints */
372 arm7_9_clear_watchpoints(arm7_9);
378 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
380 armv4_5_common_t *armv4_5 = target->arch_info;
381 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
385 mask = watchpoint->length - 1;
387 if (target->state != TARGET_HALTED)
389 LOG_WARNING("target not halted");
390 return ERROR_TARGET_NOT_HALTED;
393 if (watchpoint->rw == WPT_ACCESS)
398 if (!arm7_9->wp0_used)
400 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
401 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
402 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
403 if( watchpoint->mask != 0xffffffffu )
404 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
405 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
406 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
408 jtag_execute_queue();
410 arm7_9->wp0_used = 2;
412 else if (!arm7_9->wp1_used)
414 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
415 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
416 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
417 if( watchpoint->mask != 0xffffffffu )
418 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
419 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
420 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
422 jtag_execute_queue();
424 arm7_9->wp1_used = 2;
428 LOG_ERROR("BUG: no hardware comparator available");
435 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
437 armv4_5_common_t *armv4_5 = target->arch_info;
438 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
440 if (target->state != TARGET_HALTED)
442 LOG_WARNING("target not halted");
443 return ERROR_TARGET_NOT_HALTED;
446 if (!watchpoint->set)
448 LOG_WARNING("breakpoint not set");
452 if (watchpoint->set == 1)
454 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
455 jtag_execute_queue();
456 arm7_9->wp0_used = 0;
458 else if (watchpoint->set == 2)
460 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
461 jtag_execute_queue();
462 arm7_9->wp1_used = 0;
469 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
471 armv4_5_common_t *armv4_5 = target->arch_info;
472 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
474 if (target->state != TARGET_HALTED)
476 LOG_WARNING("target not halted");
477 return ERROR_TARGET_NOT_HALTED;
480 if (arm7_9->wp_available < 1)
482 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
485 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
487 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
490 arm7_9->wp_available--;
495 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
497 armv4_5_common_t *armv4_5 = target->arch_info;
498 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
502 arm7_9_unset_watchpoint(target, watchpoint);
505 arm7_9->wp_available++;
513 int arm7_9_execute_sys_speed(struct target_s *target)
517 armv4_5_common_t *armv4_5 = target->arch_info;
518 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
519 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
520 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
522 /* set RESTART instruction */
523 jtag_add_end_state(TAP_RTI);
524 if (arm7_9->need_bypass_before_restart) {
525 arm7_9->need_bypass_before_restart = 0;
526 arm_jtag_set_instr(jtag_info, 0xf, NULL);
528 arm_jtag_set_instr(jtag_info, 0x4, NULL);
530 long long then=timeval_ms();
532 while (!(timeout=((timeval_ms()-then)>1000)))
534 /* read debug status register */
535 embeddedice_read_reg(dbg_stat);
536 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
539 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
551 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
552 return ERROR_TARGET_TIMEOUT;
558 int arm7_9_execute_fast_sys_speed(struct target_s *target)
561 static u8 check_value[4], check_mask[4];
563 armv4_5_common_t *armv4_5 = target->arch_info;
564 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
565 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
566 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
568 /* set RESTART instruction */
569 jtag_add_end_state(TAP_RTI);
570 if (arm7_9->need_bypass_before_restart) {
571 arm7_9->need_bypass_before_restart = 0;
572 arm_jtag_set_instr(jtag_info, 0xf, NULL);
574 arm_jtag_set_instr(jtag_info, 0x4, NULL);
578 /* check for DBGACK and SYSCOMP set (others don't care) */
580 /* NB! These are constants that must be available until after next jtag_execute() and
581 we evaluate the values upon first execution in lieu of setting up these constants
584 buf_set_u32(check_value, 0, 32, 0x9);
585 buf_set_u32(check_mask, 0, 32, 0x9);
589 /* read debug status register */
590 embeddedice_read_reg_w_check(dbg_stat, check_value, check_value);
595 int arm7_9_target_request_data(target_t *target, u32 size, u8 *buffer)
597 armv4_5_common_t *armv4_5 = target->arch_info;
598 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
599 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
603 data = malloc(size * (sizeof(u32)));
605 embeddedice_receive(jtag_info, data, size);
607 for (i = 0; i < size; i++)
609 h_u32_to_le(buffer + (i * 4), data[i]);
617 int arm7_9_handle_target_request(void *priv)
619 target_t *target = priv;
620 if (!target->type->examined)
622 armv4_5_common_t *armv4_5 = target->arch_info;
623 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
624 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
625 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
628 if (!target->dbg_msg_enabled)
631 if (target->state == TARGET_RUNNING)
633 /* read DCC control register */
634 embeddedice_read_reg(dcc_control);
635 jtag_execute_queue();
638 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
642 embeddedice_receive(jtag_info, &request, 1);
643 target_request(target, request);
650 int arm7_9_poll(target_t *target)
653 armv4_5_common_t *armv4_5 = target->arch_info;
654 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
655 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
657 /* read debug status register */
658 embeddedice_read_reg(dbg_stat);
659 if ((retval = jtag_execute_queue()) != ERROR_OK)
664 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
666 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
667 if (target->state == TARGET_UNKNOWN)
669 target->state = TARGET_RUNNING;
670 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
672 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
675 if (target->state == TARGET_RESET)
677 if (target->reset_halt)
679 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
686 target->state = TARGET_HALTED;
688 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
693 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
694 u32 t=*((u32 *)reg->value);
697 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
701 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
703 if (target->state == TARGET_DEBUG_RUNNING)
705 target->state = TARGET_HALTED;
706 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
709 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
711 if (target->state != TARGET_HALTED)
713 LOG_WARNING("DBGACK set, but the target did not end up in the halted stated %d", target->state);
718 if (target->state != TARGET_DEBUG_RUNNING)
719 target->state = TARGET_RUNNING;
726 Some -S targets (ARM966E-S in the STR912 isn't affected, ARM926EJ-S
727 in the LPC3180 and AT91SAM9260 is affected) completely stop the JTAG clock
728 while the core is held in reset(SRST). It isn't possible to program the halt
729 condition once reset was asserted, hence a hook that allows the target to set
730 up its reset-halt condition prior to asserting reset.
733 int arm7_9_assert_reset(target_t *target)
735 armv4_5_common_t *armv4_5 = target->arch_info;
736 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
737 LOG_DEBUG("target->state: %s",
738 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
740 if (!(jtag_reset_config & RESET_HAS_SRST))
742 LOG_ERROR("Can't assert SRST");
746 if (target->reset_halt)
749 * Some targets do not support communication while SRST is asserted. We need to
750 * set up the reset vector catch here.
752 * If TRST is asserted, then these settings will be reset anyway, so setting them
755 if (arm7_9->has_vector_catch)
757 /* program vector catch register to catch reset vector */
758 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
762 /* program watchpoint unit to match on reset vector address */
763 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
764 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
765 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
766 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
767 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
771 /* here we should issue a srst only, but we may have to assert trst as well */
772 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
774 jtag_add_reset(1, 1);
777 jtag_add_reset(0, 1);
781 target->state = TARGET_RESET;
782 jtag_add_sleep(50000);
784 armv4_5_invalidate_core_regs(target);
786 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
788 /* debug entry was already prepared in arm7_9_assert_reset() */
789 target->debug_reason = DBG_REASON_DBGRQ;
796 int arm7_9_deassert_reset(target_t *target)
799 LOG_DEBUG("target->state: %s",
800 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
803 /* deassert reset lines */
804 jtag_add_reset(0, 0);
806 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
808 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
809 /* set up embedded ice registers again */
810 if ((retval=target->type->examine(target))!=ERROR_OK)
813 if ((retval=target_poll(target))!=ERROR_OK)
818 if ((retval=target_halt(target))!=ERROR_OK)
827 int arm7_9_clear_halt(target_t *target)
829 armv4_5_common_t *armv4_5 = target->arch_info;
830 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
831 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
833 /* we used DBGRQ only if we didn't come out of reset */
834 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
836 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
838 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
839 embeddedice_store_reg(dbg_ctrl);
843 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
845 /* if we came out of reset, and vector catch is supported, we used
846 * vector catch to enter debug state
847 * restore the register in that case
849 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
853 /* restore registers if watchpoint unit 0 was in use
855 if (arm7_9->wp0_used)
857 if (arm7_9->debug_entry_from_reset)
859 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
861 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
862 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
863 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
865 /* control value always has to be restored, as it was either disabled,
866 * or enabled with possibly different bits
868 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
875 int arm7_9_soft_reset_halt(struct target_s *target)
877 armv4_5_common_t *armv4_5 = target->arch_info;
878 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
879 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
880 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
884 if ((retval=target_halt(target))!=ERROR_OK)
887 long long then=timeval_ms();
889 while (!(timeout=((timeval_ms()-then)>1000)))
891 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
893 embeddedice_read_reg(dbg_stat);
894 if ((retval=jtag_execute_queue())!=ERROR_OK)
906 LOG_ERROR("Failed to halt CPU after 1 sec");
907 return ERROR_TARGET_TIMEOUT;
909 target->state = TARGET_HALTED;
911 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
912 * ensure that DBGRQ is cleared
914 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
915 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
916 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
917 embeddedice_store_reg(dbg_ctrl);
919 arm7_9_clear_halt(target);
921 /* if the target is in Thumb state, change to ARM state */
922 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
924 u32 r0_thumb, pc_thumb;
925 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
926 /* Entered debug from Thumb mode */
927 armv4_5->core_state = ARMV4_5_STATE_THUMB;
928 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
931 /* all register content is now invalid */
932 armv4_5_invalidate_core_regs(target);
934 /* SVC, ARM state, IRQ and FIQ disabled */
935 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
936 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
937 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
939 /* start fetching from 0x0 */
940 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
941 armv4_5->core_cache->reg_list[15].dirty = 1;
942 armv4_5->core_cache->reg_list[15].valid = 1;
944 armv4_5->core_mode = ARMV4_5_MODE_SVC;
945 armv4_5->core_state = ARMV4_5_STATE_ARM;
947 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
950 /* reset registers */
951 for (i = 0; i <= 14; i++)
953 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
954 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
955 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
958 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
963 int arm7_9_halt(target_t *target)
965 if (target->state==TARGET_RESET)
967 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
971 armv4_5_common_t *armv4_5 = target->arch_info;
972 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
973 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
975 LOG_DEBUG("target->state: %s",
976 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
978 if (target->state == TARGET_HALTED)
980 LOG_DEBUG("target was already halted");
984 if (target->state == TARGET_UNKNOWN)
986 LOG_WARNING("target was in unknown state when halt was requested");
989 if (arm7_9->use_dbgrq)
991 /* program EmbeddedICE Debug Control Register to assert DBGRQ
993 if (arm7_9->set_special_dbgrq) {
994 arm7_9->set_special_dbgrq(target);
996 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
997 embeddedice_store_reg(dbg_ctrl);
1002 /* program watchpoint unit to match on any address
1004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1010 target->debug_reason = DBG_REASON_DBGRQ;
1015 int arm7_9_debug_entry(target_t *target)
1020 u32 r0_thumb, pc_thumb;
1023 /* get pointers to arch-specific information */
1024 armv4_5_common_t *armv4_5 = target->arch_info;
1025 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1026 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1027 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1029 #ifdef _DEBUG_ARM7_9_
1033 if (arm7_9->pre_debug_entry)
1034 arm7_9->pre_debug_entry(target);
1036 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1037 * ensure that DBGRQ is cleared
1039 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1040 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1041 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1042 embeddedice_store_reg(dbg_ctrl);
1044 arm7_9_clear_halt(target);
1046 if ((retval = jtag_execute_queue()) != ERROR_OK)
1051 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1055 if (target->state != TARGET_HALTED)
1057 LOG_WARNING("target not halted");
1058 return ERROR_TARGET_NOT_HALTED;
1061 /* if the target is in Thumb state, change to ARM state */
1062 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1064 LOG_DEBUG("target entered debug from Thumb state");
1065 /* Entered debug from Thumb mode */
1066 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1067 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1068 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1072 LOG_DEBUG("target entered debug from ARM state");
1073 /* Entered debug from ARM mode */
1074 armv4_5->core_state = ARMV4_5_STATE_ARM;
1077 for (i = 0; i < 16; i++)
1078 context_p[i] = &context[i];
1079 /* save core registers (r0 - r15 of current core mode) */
1080 arm7_9->read_core_regs(target, 0xffff, context_p);
1082 arm7_9->read_xpsr(target, &cpsr, 0);
1084 if ((retval = jtag_execute_queue()) != ERROR_OK)
1087 /* if the core has been executing in Thumb state, set the T bit */
1088 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1091 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1092 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1093 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1095 armv4_5->core_mode = cpsr & 0x1f;
1097 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1099 target->state = TARGET_UNKNOWN;
1100 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1101 return ERROR_TARGET_FAILURE;
1104 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1106 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1108 LOG_DEBUG("thumb state, applying fixups");
1109 context[0] = r0_thumb;
1110 context[15] = pc_thumb;
1111 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1113 /* adjust value stored by STM */
1114 context[15] -= 3 * 4;
1117 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1118 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1119 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1120 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1121 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1122 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1123 else if (target->debug_reason == DBG_REASON_DBGRQ)
1124 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1127 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1130 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1133 for (i=0; i<=15; i++)
1135 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1136 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1137 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1138 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1141 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1143 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1146 /* exceptions other than USR & SYS have a saved program status register */
1147 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1150 arm7_9->read_xpsr(target, &spsr, 1);
1151 jtag_execute_queue();
1152 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1153 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1154 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1157 /* r0 and r15 (pc) have to be restored later */
1158 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1159 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1161 if ((retval = jtag_execute_queue()) != ERROR_OK)
1164 if (arm7_9->post_debug_entry)
1165 arm7_9->post_debug_entry(target);
1170 int arm7_9_full_context(target_t *target)
1174 armv4_5_common_t *armv4_5 = target->arch_info;
1175 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1179 if (target->state != TARGET_HALTED)
1181 LOG_WARNING("target not halted");
1182 return ERROR_TARGET_NOT_HALTED;
1185 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1188 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1189 * SYS shares registers with User, so we don't touch SYS
1191 for(i = 0; i < 6; i++)
1198 /* check if there are invalid registers in the current mode
1200 for (j = 0; j <= 16; j++)
1202 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1210 /* change processor mode (and mask T bit) */
1211 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1212 tmp_cpsr |= armv4_5_number_to_mode(i);
1214 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1216 for (j = 0; j < 15; j++)
1218 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1220 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1222 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1223 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1227 /* if only the PSR is invalid, mask is all zeroes */
1229 arm7_9->read_core_regs(target, mask, reg_p);
1231 /* check if the PSR has to be read */
1232 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1234 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1235 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1236 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1241 /* restore processor mode (mask T bit) */
1242 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1244 if ((retval = jtag_execute_queue()) != ERROR_OK)
1251 int arm7_9_restore_context(target_t *target)
1253 armv4_5_common_t *armv4_5 = target->arch_info;
1254 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1256 armv4_5_core_reg_t *reg_arch_info;
1257 enum armv4_5_mode current_mode = armv4_5->core_mode;
1264 if (target->state != TARGET_HALTED)
1266 LOG_WARNING("target not halted");
1267 return ERROR_TARGET_NOT_HALTED;
1270 if (arm7_9->pre_restore_context)
1271 arm7_9->pre_restore_context(target);
1273 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1276 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1277 * SYS shares registers with User, so we don't touch SYS
1279 for (i = 0; i < 6; i++)
1281 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1284 /* check if there are dirty registers in the current mode
1286 for (j = 0; j <= 16; j++)
1288 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1289 reg_arch_info = reg->arch_info;
1290 if (reg->dirty == 1)
1292 if (reg->valid == 1)
1295 LOG_DEBUG("examining dirty reg: %s", reg->name);
1296 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1297 && (reg_arch_info->mode != current_mode)
1298 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1299 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1302 LOG_DEBUG("require mode change");
1307 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1322 /* change processor mode (mask T bit) */
1323 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1324 tmp_cpsr |= armv4_5_number_to_mode(i);
1326 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1327 current_mode = armv4_5_number_to_mode(i);
1330 for (j = 0; j <= 14; j++)
1332 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1333 reg_arch_info = reg->arch_info;
1336 if (reg->dirty == 1)
1338 regs[j] = buf_get_u32(reg->value, 0, 32);
1343 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1349 arm7_9->write_core_regs(target, mask, regs);
1352 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1353 reg_arch_info = reg->arch_info;
1354 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1356 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1357 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1362 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1364 /* restore processor mode (mask T bit) */
1367 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1368 tmp_cpsr |= armv4_5_number_to_mode(i);
1370 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1371 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1373 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1375 /* CPSR has been changed, full restore necessary (mask T bit) */
1376 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1377 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1378 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1379 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1383 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1384 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1385 armv4_5->core_cache->reg_list[15].dirty = 0;
1387 if (arm7_9->post_restore_context)
1388 arm7_9->post_restore_context(target);
1393 int arm7_9_restart_core(struct target_s *target)
1395 armv4_5_common_t *armv4_5 = target->arch_info;
1396 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1397 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1399 /* set RESTART instruction */
1400 jtag_add_end_state(TAP_RTI);
1401 if (arm7_9->need_bypass_before_restart) {
1402 arm7_9->need_bypass_before_restart = 0;
1403 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1405 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1407 jtag_add_runtest(1, TAP_RTI);
1408 return jtag_execute_queue();
1411 void arm7_9_enable_watchpoints(struct target_s *target)
1413 watchpoint_t *watchpoint = target->watchpoints;
1417 if (watchpoint->set == 0)
1418 arm7_9_set_watchpoint(target, watchpoint);
1419 watchpoint = watchpoint->next;
1423 void arm7_9_enable_breakpoints(struct target_s *target)
1425 breakpoint_t *breakpoint = target->breakpoints;
1427 /* set any pending breakpoints */
1430 arm7_9_set_breakpoint(target, breakpoint);
1431 breakpoint = breakpoint->next;
1436 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1438 armv4_5_common_t *armv4_5 = target->arch_info;
1439 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1440 breakpoint_t *breakpoint = target->breakpoints;
1441 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1446 if (target->state != TARGET_HALTED)
1448 LOG_WARNING("target not halted");
1449 return ERROR_TARGET_NOT_HALTED;
1452 if (!debug_execution)
1454 target_free_all_working_areas(target);
1457 /* current = 1: continue on current pc, otherwise continue at <address> */
1459 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1461 /* the front-end may request us not to handle breakpoints */
1462 if (handle_breakpoints)
1464 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1466 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1467 arm7_9_unset_breakpoint(target, breakpoint);
1469 LOG_DEBUG("enable single-step");
1470 arm7_9->enable_single_step(target);
1472 target->debug_reason = DBG_REASON_SINGLESTEP;
1474 arm7_9_restore_context(target);
1476 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1477 arm7_9->branch_resume(target);
1478 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1480 arm7_9->branch_resume_thumb(target);
1484 LOG_ERROR("unhandled core state");
1488 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1489 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1490 err = arm7_9_execute_sys_speed(target);
1492 LOG_DEBUG("disable single-step");
1493 arm7_9->disable_single_step(target);
1495 if (err != ERROR_OK)
1497 arm7_9_set_breakpoint(target, breakpoint);
1498 target->state = TARGET_UNKNOWN;
1502 arm7_9_debug_entry(target);
1503 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1505 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1506 arm7_9_set_breakpoint(target, breakpoint);
1510 /* enable any pending breakpoints and watchpoints */
1511 arm7_9_enable_breakpoints(target);
1512 arm7_9_enable_watchpoints(target);
1514 arm7_9_restore_context(target);
1516 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1518 arm7_9->branch_resume(target);
1520 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1522 arm7_9->branch_resume_thumb(target);
1526 LOG_ERROR("unhandled core state");
1530 /* deassert DBGACK and INTDIS */
1531 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1532 /* INTDIS only when we really resume, not during debug execution */
1533 if (!debug_execution)
1534 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1535 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1537 arm7_9_restart_core(target);
1539 target->debug_reason = DBG_REASON_NOTHALTED;
1541 if (!debug_execution)
1543 /* registers are now invalid */
1544 armv4_5_invalidate_core_regs(target);
1545 target->state = TARGET_RUNNING;
1546 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1550 target->state = TARGET_DEBUG_RUNNING;
1551 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1554 LOG_DEBUG("target resumed");
1559 void arm7_9_enable_eice_step(target_t *target)
1561 armv4_5_common_t *armv4_5 = target->arch_info;
1562 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1564 /* setup an inverse breakpoint on the current PC
1565 * - comparator 1 matches the current address
1566 * - rangeout from comparator 1 is connected to comparator 0 rangein
1567 * - comparator 0 matches any address, as long as rangein is low */
1568 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1569 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1570 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1571 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1572 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1573 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1574 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1575 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1579 void arm7_9_disable_eice_step(target_t *target)
1581 armv4_5_common_t *armv4_5 = target->arch_info;
1582 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1584 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1585 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1586 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1587 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1588 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1589 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1590 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1591 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1592 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1595 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1597 armv4_5_common_t *armv4_5 = target->arch_info;
1598 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1599 breakpoint_t *breakpoint = NULL;
1602 if (target->state != TARGET_HALTED)
1604 LOG_WARNING("target not halted");
1605 return ERROR_TARGET_NOT_HALTED;
1608 /* current = 1: continue on current pc, otherwise continue at <address> */
1610 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1612 /* the front-end may request us not to handle breakpoints */
1613 if (handle_breakpoints)
1614 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1615 arm7_9_unset_breakpoint(target, breakpoint);
1617 target->debug_reason = DBG_REASON_SINGLESTEP;
1619 arm7_9_restore_context(target);
1621 arm7_9->enable_single_step(target);
1623 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1625 arm7_9->branch_resume(target);
1627 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1629 arm7_9->branch_resume_thumb(target);
1633 LOG_ERROR("unhandled core state");
1637 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1639 err = arm7_9_execute_sys_speed(target);
1640 arm7_9->disable_single_step(target);
1642 /* registers are now invalid */
1643 armv4_5_invalidate_core_regs(target);
1645 if (err != ERROR_OK)
1647 target->state = TARGET_UNKNOWN;
1649 arm7_9_debug_entry(target);
1650 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1651 LOG_DEBUG("target stepped");
1655 arm7_9_set_breakpoint(target, breakpoint);
1661 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
1666 armv4_5_common_t *armv4_5 = target->arch_info;
1667 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1669 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1672 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1674 if ((num < 0) || (num > 16))
1675 return ERROR_INVALID_ARGUMENTS;
1677 if ((mode != ARMV4_5_MODE_ANY)
1678 && (mode != armv4_5->core_mode)
1679 && (reg_mode != ARMV4_5_MODE_ANY))
1683 /* change processor mode (mask T bit) */
1684 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1687 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1690 if ((num >= 0) && (num <= 15))
1692 /* read a normal core register */
1693 reg_p[num] = &value;
1695 arm7_9->read_core_regs(target, 1 << num, reg_p);
1699 /* read a program status register
1700 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
1702 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1703 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1705 arm7_9->read_xpsr(target, &value, spsr);
1708 if ((retval = jtag_execute_queue()) != ERROR_OK)
1713 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1714 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1715 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
1717 if ((mode != ARMV4_5_MODE_ANY)
1718 && (mode != armv4_5->core_mode)
1719 && (reg_mode != ARMV4_5_MODE_ANY)) {
1720 /* restore processor mode (mask T bit) */
1721 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1728 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
1731 armv4_5_common_t *armv4_5 = target->arch_info;
1732 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1734 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1737 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
1739 if ((num < 0) || (num > 16))
1740 return ERROR_INVALID_ARGUMENTS;
1742 if ((mode != ARMV4_5_MODE_ANY)
1743 && (mode != armv4_5->core_mode)
1744 && (reg_mode != ARMV4_5_MODE_ANY)) {
1747 /* change processor mode (mask T bit) */
1748 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1751 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1754 if ((num >= 0) && (num <= 15))
1756 /* write a normal core register */
1759 arm7_9->write_core_regs(target, 1 << num, reg);
1763 /* write a program status register
1764 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
1766 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
1767 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
1769 /* if we're writing the CPSR, mask the T bit */
1773 arm7_9->write_xpsr(target, value, spsr);
1776 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
1777 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
1779 if ((mode != ARMV4_5_MODE_ANY)
1780 && (mode != armv4_5->core_mode)
1781 && (reg_mode != ARMV4_5_MODE_ANY)) {
1782 /* restore processor mode (mask T bit) */
1783 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1786 return jtag_execute_queue();
1789 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1791 armv4_5_common_t *armv4_5 = target->arch_info;
1792 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1795 int num_accesses = 0;
1796 int thisrun_accesses;
1802 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1804 if (target->state != TARGET_HALTED)
1806 LOG_WARNING("target not halted");
1807 return ERROR_TARGET_NOT_HALTED;
1810 /* sanitize arguments */
1811 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1812 return ERROR_INVALID_ARGUMENTS;
1814 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1815 return ERROR_TARGET_UNALIGNED_ACCESS;
1817 /* load the base register with the address of the first word */
1819 arm7_9->write_core_regs(target, 0x1, reg);
1824 while (num_accesses < count)
1827 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1828 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1830 if (last_reg <= thisrun_accesses)
1831 last_reg = thisrun_accesses;
1833 arm7_9->load_word_regs(target, reg_list);
1835 /* fast memory reads are only safe when the target is running
1836 * from a sufficiently high clock (32 kHz is usually too slow)
1838 if (arm7_9->fast_memory_access)
1839 arm7_9_execute_fast_sys_speed(target);
1841 arm7_9_execute_sys_speed(target);
1843 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
1845 /* advance buffer, count number of accesses */
1846 buffer += thisrun_accesses * 4;
1847 num_accesses += thisrun_accesses;
1851 while (num_accesses < count)
1854 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1855 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1857 for (i = 1; i <= thisrun_accesses; i++)
1861 arm7_9->load_hword_reg(target, i);
1862 /* fast memory reads are only safe when the target is running
1863 * from a sufficiently high clock (32 kHz is usually too slow)
1865 if (arm7_9->fast_memory_access)
1866 arm7_9_execute_fast_sys_speed(target);
1868 arm7_9_execute_sys_speed(target);
1871 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
1873 /* advance buffer, count number of accesses */
1874 buffer += thisrun_accesses * 2;
1875 num_accesses += thisrun_accesses;
1879 while (num_accesses < count)
1882 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1883 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1885 for (i = 1; i <= thisrun_accesses; i++)
1889 arm7_9->load_byte_reg(target, i);
1890 /* fast memory reads are only safe when the target is running
1891 * from a sufficiently high clock (32 kHz is usually too slow)
1893 if (arm7_9->fast_memory_access)
1894 arm7_9_execute_fast_sys_speed(target);
1896 arm7_9_execute_sys_speed(target);
1899 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
1901 /* advance buffer, count number of accesses */
1902 buffer += thisrun_accesses * 1;
1903 num_accesses += thisrun_accesses;
1907 LOG_ERROR("BUG: we shouldn't get here");
1912 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1915 for (i=0; i<=last_reg; i++)
1916 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
1918 arm7_9->read_xpsr(target, &cpsr, 0);
1919 if ((retval = jtag_execute_queue()) != ERROR_OK)
1921 LOG_ERROR("JTAG error while reading cpsr");
1922 return ERROR_TARGET_DATA_ABORT;
1925 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
1927 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
1929 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1931 return ERROR_TARGET_DATA_ABORT;
1937 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, u8 *buffer)
1939 armv4_5_common_t *armv4_5 = target->arch_info;
1940 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1941 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1944 int num_accesses = 0;
1945 int thisrun_accesses;
1951 #ifdef _DEBUG_ARM7_9_
1952 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
1955 if (target->state != TARGET_HALTED)
1957 LOG_WARNING("target not halted");
1958 return ERROR_TARGET_NOT_HALTED;
1961 /* sanitize arguments */
1962 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
1963 return ERROR_INVALID_ARGUMENTS;
1965 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
1966 return ERROR_TARGET_UNALIGNED_ACCESS;
1968 /* load the base register with the address of the first word */
1970 arm7_9->write_core_regs(target, 0x1, reg);
1972 /* Clear DBGACK, to make sure memory fetches work as expected */
1973 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1974 embeddedice_store_reg(dbg_ctrl);
1979 while (num_accesses < count)
1982 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
1983 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
1985 for (i = 1; i <= thisrun_accesses; i++)
1989 reg[i] = target_buffer_get_u32(target, buffer);
1993 arm7_9->write_core_regs(target, reg_list, reg);
1995 arm7_9->store_word_regs(target, reg_list);
1997 /* fast memory writes are only safe when the target is running
1998 * from a sufficiently high clock (32 kHz is usually too slow)
2000 if (arm7_9->fast_memory_access)
2001 arm7_9_execute_fast_sys_speed(target);
2003 arm7_9_execute_sys_speed(target);
2005 num_accesses += thisrun_accesses;
2009 while (num_accesses < count)
2012 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2013 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2015 for (i = 1; i <= thisrun_accesses; i++)
2019 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2023 arm7_9->write_core_regs(target, reg_list, reg);
2025 for (i = 1; i <= thisrun_accesses; i++)
2027 arm7_9->store_hword_reg(target, i);
2029 /* fast memory writes are only safe when the target is running
2030 * from a sufficiently high clock (32 kHz is usually too slow)
2032 if (arm7_9->fast_memory_access)
2033 arm7_9_execute_fast_sys_speed(target);
2035 arm7_9_execute_sys_speed(target);
2038 num_accesses += thisrun_accesses;
2042 while (num_accesses < count)
2045 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2046 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2048 for (i = 1; i <= thisrun_accesses; i++)
2052 reg[i] = *buffer++ & 0xff;
2055 arm7_9->write_core_regs(target, reg_list, reg);
2057 for (i = 1; i <= thisrun_accesses; i++)
2059 arm7_9->store_byte_reg(target, i);
2060 /* fast memory writes are only safe when the target is running
2061 * from a sufficiently high clock (32 kHz is usually too slow)
2063 if (arm7_9->fast_memory_access)
2064 arm7_9_execute_fast_sys_speed(target);
2066 arm7_9_execute_sys_speed(target);
2069 num_accesses += thisrun_accesses;
2073 LOG_ERROR("BUG: we shouldn't get here");
2079 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2080 embeddedice_store_reg(dbg_ctrl);
2082 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2085 for (i=0; i<=last_reg; i++)
2086 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2088 arm7_9->read_xpsr(target, &cpsr, 0);
2089 if ((retval = jtag_execute_queue()) != ERROR_OK)
2091 LOG_ERROR("JTAG error while reading cpsr");
2092 return ERROR_TARGET_DATA_ABORT;
2095 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2097 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2099 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2101 return ERROR_TARGET_DATA_ABORT;
2107 static const u32 dcc_code[] =
2109 /* MRC TST BNE MRC STR B */
2110 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2113 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, u8 *buffer)
2115 armv4_5_common_t *armv4_5 = target->arch_info;
2116 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2117 enum armv4_5_state core_state = armv4_5->core_state;
2118 u32 r0 = buf_get_u32(armv4_5->core_cache->reg_list[0].value, 0, 32);
2119 u32 r1 = buf_get_u32(armv4_5->core_cache->reg_list[1].value, 0, 32);
2120 u32 pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2123 if (!arm7_9->dcc_downloads)
2124 return target->type->write_memory(target, address, 4, count, buffer);
2126 /* regrab previously allocated working_area, or allocate a new one */
2127 if (!arm7_9->dcc_working_area)
2129 u8 dcc_code_buf[6 * 4];
2131 /* make sure we have a working area */
2132 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2134 LOG_INFO("no working area available, falling back to memory writes");
2135 return target->type->write_memory(target, address, 4, count, buffer);
2138 /* copy target instructions to target endianness */
2139 for (i = 0; i < 6; i++)
2141 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2144 /* write DCC code to working area */
2145 target->type->write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2148 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, address);
2149 armv4_5->core_cache->reg_list[0].valid = 1;
2150 armv4_5->core_cache->reg_list[0].dirty = 1;
2151 armv4_5->core_state = ARMV4_5_STATE_ARM;
2153 arm7_9_resume(target, 0, arm7_9->dcc_working_area->address, 1, 1);
2155 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2158 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2159 core function repeated.
2161 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2164 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2165 u8 reg_addr = ice_reg->addr & 0x1f;
2166 int chain_pos = ice_reg->jtag_info->chain_pos;
2168 embeddedice_write_dcc(chain_pos, reg_addr, buffer, little, count-2);
2169 buffer += (count-2)*4;
2171 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2174 for (i = 0; i < count; i++)
2176 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2181 target_halt(target);
2183 long long then=timeval_ms();
2185 while (!(timeout=((timeval_ms()-then)>100)))
2187 target_poll(target);
2188 if (target->state == TARGET_HALTED)
2200 LOG_ERROR("bulk write timed out, target not halted");
2201 return ERROR_TARGET_TIMEOUT;
2204 /* restore target state */
2205 buf_set_u32(armv4_5->core_cache->reg_list[0].value, 0, 32, r0);
2206 armv4_5->core_cache->reg_list[0].valid = 1;
2207 armv4_5->core_cache->reg_list[0].dirty = 1;
2208 buf_set_u32(armv4_5->core_cache->reg_list[1].value, 0, 32, r1);
2209 armv4_5->core_cache->reg_list[1].valid = 1;
2210 armv4_5->core_cache->reg_list[1].dirty = 1;
2211 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, pc);
2212 armv4_5->core_cache->reg_list[15].valid = 1;
2213 armv4_5->core_cache->reg_list[15].dirty = 1;
2214 armv4_5->core_state = core_state;
2219 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2221 working_area_t *crc_algorithm;
2222 armv4_5_algorithm_t armv4_5_info;
2223 reg_param_t reg_params[2];
2226 u32 arm7_9_crc_code[] = {
2227 0xE1A02000, /* mov r2, r0 */
2228 0xE3E00000, /* mov r0, #0xffffffff */
2229 0xE1A03001, /* mov r3, r1 */
2230 0xE3A04000, /* mov r4, #0 */
2231 0xEA00000B, /* b ncomp */
2233 0xE7D21004, /* ldrb r1, [r2, r4] */
2234 0xE59F7030, /* ldr r7, CRC32XOR */
2235 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2236 0xE3A05000, /* mov r5, #0 */
2238 0xE3500000, /* cmp r0, #0 */
2239 0xE1A06080, /* mov r6, r0, asl #1 */
2240 0xE2855001, /* add r5, r5, #1 */
2241 0xE1A00006, /* mov r0, r6 */
2242 0xB0260007, /* eorlt r0, r6, r7 */
2243 0xE3550008, /* cmp r5, #8 */
2244 0x1AFFFFF8, /* bne loop */
2245 0xE2844001, /* add r4, r4, #1 */
2247 0xE1540003, /* cmp r4, r3 */
2248 0x1AFFFFF1, /* bne nbyte */
2250 0xEAFFFFFE, /* b end */
2251 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2256 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2258 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2261 /* convert flash writing code into a buffer in target endianness */
2262 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2263 target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]);
2265 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2266 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2267 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2269 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
2270 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2272 buf_set_u32(reg_params[0].value, 0, 32, address);
2273 buf_set_u32(reg_params[1].value, 0, 32, count);
2275 if ((retval = target->type->run_algorithm(target, 0, NULL, 2, reg_params,
2276 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2278 LOG_ERROR("error executing arm7_9 crc algorithm");
2279 destroy_reg_param(®_params[0]);
2280 destroy_reg_param(®_params[1]);
2281 target_free_working_area(target, crc_algorithm);
2285 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2287 destroy_reg_param(®_params[0]);
2288 destroy_reg_param(®_params[1]);
2290 target_free_working_area(target, crc_algorithm);
2295 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2297 working_area_t *erase_check_algorithm;
2298 reg_param_t reg_params[3];
2299 armv4_5_algorithm_t armv4_5_info;
2303 u32 erase_check_code[] =
2306 0xe4d03001, /* ldrb r3, [r0], #1 */
2307 0xe0022003, /* and r2, r2, r3 */
2308 0xe2511001, /* subs r1, r1, #1 */
2309 0x1afffffb, /* bne loop */
2311 0xeafffffe /* b end */
2314 /* make sure we have a working area */
2315 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2317 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2320 /* convert flash writing code into a buffer in target endianness */
2321 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2322 target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i]);
2324 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2325 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2326 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2328 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2329 buf_set_u32(reg_params[0].value, 0, 32, address);
2331 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2332 buf_set_u32(reg_params[1].value, 0, 32, count);
2334 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
2335 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2337 if ((retval = target->type->run_algorithm(target, 0, NULL, 3, reg_params,
2338 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2340 destroy_reg_param(®_params[0]);
2341 destroy_reg_param(®_params[1]);
2342 destroy_reg_param(®_params[2]);
2343 target_free_working_area(target, erase_check_algorithm);
2347 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2349 destroy_reg_param(®_params[0]);
2350 destroy_reg_param(®_params[1]);
2351 destroy_reg_param(®_params[2]);
2353 target_free_working_area(target, erase_check_algorithm);
2358 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2360 command_t *arm7_9_cmd;
2362 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2364 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2365 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2367 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2369 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2370 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2371 register_command(cmd_ctx, arm7_9_cmd, "fast_writes", handle_arm7_9_fast_memory_access_command,
2372 COMMAND_ANY, "(deprecated, see: arm7_9 fast_memory_access)");
2373 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2374 COMMAND_ANY, "use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>");
2375 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2376 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2378 armv4_5_register_commands(cmd_ctx);
2380 etm_register_commands(cmd_ctx);
2385 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2390 target_t *target = get_current_target(cmd_ctx);
2391 armv4_5_common_t *armv4_5;
2392 arm7_9_common_t *arm7_9;
2394 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2396 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2400 if (target->state != TARGET_HALTED)
2402 command_print(cmd_ctx, "can't write registers while running");
2408 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2412 value = strtoul(args[0], NULL, 0);
2413 spsr = strtol(args[1], NULL, 0);
2415 /* if we're writing the CPSR, mask the T bit */
2419 arm7_9->write_xpsr(target, value, spsr);
2420 if ((retval = jtag_execute_queue()) != ERROR_OK)
2422 LOG_ERROR("JTAG error while writing to xpsr");
2429 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2435 target_t *target = get_current_target(cmd_ctx);
2436 armv4_5_common_t *armv4_5;
2437 arm7_9_common_t *arm7_9;
2439 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2441 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2445 if (target->state != TARGET_HALTED)
2447 command_print(cmd_ctx, "can't write registers while running");
2453 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2457 value = strtoul(args[0], NULL, 0);
2458 rotate = strtol(args[1], NULL, 0);
2459 spsr = strtol(args[2], NULL, 0);
2461 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2462 if ((retval = jtag_execute_queue()) != ERROR_OK)
2464 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2471 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2476 target_t *target = get_current_target(cmd_ctx);
2477 armv4_5_common_t *armv4_5;
2478 arm7_9_common_t *arm7_9;
2480 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2482 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2486 if (target->state != TARGET_HALTED)
2488 command_print(cmd_ctx, "can't write registers while running");
2494 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2498 num = strtol(args[0], NULL, 0);
2499 mode = strtoul(args[1], NULL, 0);
2500 value = strtoul(args[2], NULL, 0);
2502 arm7_9_write_core_reg(target, num, mode, value);
2508 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2510 target_t *target = get_current_target(cmd_ctx);
2511 armv4_5_common_t *armv4_5;
2512 arm7_9_common_t *arm7_9;
2514 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2516 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2522 if (strcmp("enable", args[0]) == 0)
2524 arm7_9->use_dbgrq = 1;
2526 else if (strcmp("disable", args[0]) == 0)
2528 arm7_9->use_dbgrq = 0;
2532 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
2536 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2541 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2543 target_t *target = get_current_target(cmd_ctx);
2544 armv4_5_common_t *armv4_5;
2545 arm7_9_common_t *arm7_9;
2547 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2549 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2555 if (strcmp("enable", args[0]) == 0)
2557 arm7_9->fast_memory_access = 1;
2559 else if (strcmp("disable", args[0]) == 0)
2561 arm7_9->fast_memory_access = 0;
2565 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
2569 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2574 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2576 target_t *target = get_current_target(cmd_ctx);
2577 armv4_5_common_t *armv4_5;
2578 arm7_9_common_t *arm7_9;
2580 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2582 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2588 if (strcmp("enable", args[0]) == 0)
2590 arm7_9->dcc_downloads = 1;
2592 else if (strcmp("disable", args[0]) == 0)
2594 arm7_9->dcc_downloads = 0;
2598 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
2602 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2607 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
2609 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
2611 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2613 arm_jtag_setup_connection(&arm7_9->jtag_info);
2614 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
2615 arm7_9->wp_available_max = 2;
2616 arm7_9->sw_breakpoints_added = 0;
2617 arm7_9->breakpoint_count = 0;
2618 arm7_9->wp0_used = 0;
2619 arm7_9->wp1_used = 0;
2620 arm7_9->wp1_used_default = 0;
2621 arm7_9->use_dbgrq = 0;
2623 arm7_9->etm_ctx = NULL;
2624 arm7_9->has_single_step = 0;
2625 arm7_9->has_monitor_mode = 0;
2626 arm7_9->has_vector_catch = 0;
2628 arm7_9->debug_entry_from_reset = 0;
2630 arm7_9->dcc_working_area = NULL;
2632 arm7_9->fast_memory_access = fast_and_dangerous;
2633 arm7_9->dcc_downloads = fast_and_dangerous;
2635 arm7_9->need_bypass_before_restart = 0;
2637 armv4_5->arch_info = arm7_9;
2638 armv4_5->read_core_reg = arm7_9_read_core_reg;
2639 armv4_5->write_core_reg = arm7_9_write_core_reg;
2640 armv4_5->full_context = arm7_9_full_context;
2642 armv4_5_init_arch_info(target, armv4_5);
2644 target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target);