1 /***************************************************************************
2 * Copyright (C) 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008,2009 by Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
27 #include "arm926ejs.h"
28 #include "time_support.h"
29 #include "target_type.h"
33 #define _DEBUG_INSTRUCTION_EXECUTION_
36 static int arm926ejs_catch_broken_irscan(uint8_t *captured, void *priv,
39 /* FIX!!!! this code should be reenabled. For now it does not check
43 /* The ARM926EJ-S' instruction register is 4 bits wide */
44 uint8_t t = *captured & 0xf;
45 uint8_t t2 = *field->in_check_value & 0xf;
50 else if ((t == 0x0f) || (t == 0x00))
52 LOG_DEBUG("caught ARM926EJ-S invalid Capture-IR result after CP15 access");
55 return ERROR_JTAG_QUEUE_FAILED;;
59 #define ARM926EJS_CP15_ADDR(opcode_1, opcode_2, CRn, CRm) ((opcode_1 << 11) | (opcode_2 << 8) | (CRn << 4) | (CRm << 0))
61 static int arm926ejs_cp15_read(target_t *target, uint32_t op1, uint32_t op2,
62 uint32_t CRn, uint32_t CRm, uint32_t *value)
64 int retval = ERROR_OK;
65 armv4_5_common_t *armv4_5 = target->arch_info;
66 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
67 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
68 uint32_t address = ARM926EJS_CP15_ADDR(op1, op2, CRn, CRm);
69 scan_field_t fields[4];
70 uint8_t address_buf[2];
74 buf_set_u32(address_buf, 0, 14, address);
76 jtag_set_end_state(TAP_IDLE);
77 if ((retval = arm_jtag_scann(jtag_info, 0xf)) != ERROR_OK)
81 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
83 fields[0].tap = jtag_info->tap;
84 fields[0].num_bits = 32;
85 fields[0].out_value = NULL;
86 fields[0].in_value = (uint8_t *)value;
89 fields[1].tap = jtag_info->tap;
90 fields[1].num_bits = 1;
91 fields[1].out_value = &access;
92 fields[1].in_value = &access;
94 fields[2].tap = jtag_info->tap;
95 fields[2].num_bits = 14;
96 fields[2].out_value = address_buf;
97 fields[2].in_value = NULL;
99 fields[3].tap = jtag_info->tap;
100 fields[3].num_bits = 1;
101 fields[3].out_value = &nr_w_buf;
102 fields[3].in_value = NULL;
104 jtag_add_dr_scan(4, fields, jtag_get_end_state());
106 long long then = timeval_ms();
110 /* rescan with NOP, to wait for the access to complete */
113 jtag_add_dr_scan(4, fields, jtag_get_end_state());
115 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
117 if ((retval = jtag_execute_queue()) != ERROR_OK)
122 if (buf_get_u32(&access, 0, 1) == 1)
128 if ((timeval_ms()-then)>10)
130 LOG_ERROR("cp15 read operation timed out");
135 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
136 LOG_DEBUG("addr: 0x%x value: %8.8x", address, *value);
139 arm_jtag_set_instr(jtag_info, 0xc, &arm926ejs_catch_broken_irscan);
144 static int arm926ejs_mrc(target_t *target, int cpnum, uint32_t op1,
145 uint32_t op2, uint32_t CRn, uint32_t CRm, uint32_t *value)
148 LOG_ERROR("Only cp15 is supported");
151 return arm926ejs_cp15_read(target, op1, op2, CRn, CRm, value);
154 static int arm926ejs_cp15_write(target_t *target, uint32_t op1, uint32_t op2,
155 uint32_t CRn, uint32_t CRm, uint32_t value)
157 int retval = ERROR_OK;
158 armv4_5_common_t *armv4_5 = target->arch_info;
159 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
160 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
161 uint32_t address = ARM926EJS_CP15_ADDR(op1, op2, CRn, CRm);
162 scan_field_t fields[4];
163 uint8_t value_buf[4];
164 uint8_t address_buf[2];
165 uint8_t nr_w_buf = 1;
168 buf_set_u32(address_buf, 0, 14, address);
169 buf_set_u32(value_buf, 0, 32, value);
171 jtag_set_end_state(TAP_IDLE);
172 if ((retval = arm_jtag_scann(jtag_info, 0xf)) != ERROR_OK)
176 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
178 fields[0].tap = jtag_info->tap;
179 fields[0].num_bits = 32;
180 fields[0].out_value = value_buf;
181 fields[0].in_value = NULL;
183 fields[1].tap = jtag_info->tap;
184 fields[1].num_bits = 1;
185 fields[1].out_value = &access;
186 fields[1].in_value = &access;
188 fields[2].tap = jtag_info->tap;
189 fields[2].num_bits = 14;
190 fields[2].out_value = address_buf;
191 fields[2].in_value = NULL;
193 fields[3].tap = jtag_info->tap;
194 fields[3].num_bits = 1;
195 fields[3].out_value = &nr_w_buf;
196 fields[3].in_value = NULL;
198 jtag_add_dr_scan(4, fields, jtag_get_end_state());
200 long long then = timeval_ms();
204 /* rescan with NOP, to wait for the access to complete */
207 jtag_add_dr_scan(4, fields, jtag_get_end_state());
208 if ((retval = jtag_execute_queue()) != ERROR_OK)
213 if (buf_get_u32(&access, 0, 1) == 1)
219 if ((timeval_ms()-then)>10)
221 LOG_ERROR("cp15 write operation timed out");
226 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
227 LOG_DEBUG("addr: 0x%x value: %8.8x", address, value);
230 arm_jtag_set_instr(jtag_info, 0xf, &arm926ejs_catch_broken_irscan);
235 static int arm926ejs_mcr(target_t *target, int cpnum, uint32_t op1,
236 uint32_t op2, uint32_t CRn, uint32_t CRm, uint32_t value)
239 LOG_ERROR("Only cp15 is supported");
242 return arm926ejs_cp15_write(target, op1, op2, CRn, CRm, value);
245 static int arm926ejs_examine_debug_reason(target_t *target)
247 armv4_5_common_t *armv4_5 = target->arch_info;
248 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
249 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
253 embeddedice_read_reg(dbg_stat);
254 if ((retval = jtag_execute_queue()) != ERROR_OK)
257 /* Method-Of-Entry (MOE) field */
258 debug_reason = buf_get_u32(dbg_stat->value, 6, 4);
260 switch (debug_reason)
263 LOG_DEBUG("no *NEW* debug entry (?missed one?)");
264 /* ... since last restart or debug reset ... */
265 target->debug_reason = DBG_REASON_DBGRQ;
268 LOG_DEBUG("breakpoint from EICE unit 0");
269 target->debug_reason = DBG_REASON_BREAKPOINT;
272 LOG_DEBUG("breakpoint from EICE unit 1");
273 target->debug_reason = DBG_REASON_BREAKPOINT;
276 LOG_DEBUG("soft breakpoint (BKPT instruction)");
277 target->debug_reason = DBG_REASON_BREAKPOINT;
280 LOG_DEBUG("vector catch breakpoint");
281 target->debug_reason = DBG_REASON_BREAKPOINT;
284 LOG_DEBUG("external breakpoint");
285 target->debug_reason = DBG_REASON_BREAKPOINT;
288 LOG_DEBUG("watchpoint from EICE unit 0");
289 target->debug_reason = DBG_REASON_WATCHPOINT;
292 LOG_DEBUG("watchpoint from EICE unit 1");
293 target->debug_reason = DBG_REASON_WATCHPOINT;
296 LOG_DEBUG("external watchpoint");
297 target->debug_reason = DBG_REASON_WATCHPOINT;
300 LOG_DEBUG("internal debug request");
301 target->debug_reason = DBG_REASON_DBGRQ;
304 LOG_DEBUG("external debug request");
305 target->debug_reason = DBG_REASON_DBGRQ;
308 LOG_DEBUG("debug re-entry from system speed access");
309 /* This is normal when connecting to something that's
310 * already halted, or in some related code paths, but
311 * otherwise is surprising (and presumably wrong).
313 switch (target->debug_reason) {
314 case DBG_REASON_DBGRQ:
317 LOG_ERROR("unexpected -- debug re-entry");
319 case DBG_REASON_UNDEFINED:
320 target->debug_reason = DBG_REASON_DBGRQ;
325 /* FIX!!!! here be dragons!!! We need to fail here so
326 * the target will interpreted as halted but we won't
327 * try to talk to it right now... a resume + halt seems
328 * to sync things up again. Please send an email to
329 * openocd development mailing list if you have hardware
330 * to donate to look into this problem....
332 LOG_WARNING("WARNING: mystery debug reason MOE = 0xc. Try issuing a resume + halt.");
333 target->debug_reason = DBG_REASON_DBGRQ;
336 LOG_WARNING("WARNING: unknown debug reason: 0x%x", debug_reason);
337 /* Oh agony! should we interpret this as a halt request or
338 * that the target stopped on it's own accord?
340 target->debug_reason = DBG_REASON_DBGRQ;
341 /* if we fail here, we won't talk to the target and it will
342 * be reported to be in the halted state */
349 static uint32_t arm926ejs_get_ttb(target_t *target)
351 armv4_5_common_t *armv4_5 = target->arch_info;
352 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
353 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
354 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
358 if ((retval = arm926ejs->read_cp15(target, 0, 0, 2, 0, &ttb)) != ERROR_OK)
364 static void arm926ejs_disable_mmu_caches(target_t *target, int mmu,
365 int d_u_cache, int i_cache)
367 armv4_5_common_t *armv4_5 = target->arch_info;
368 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
369 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
370 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
371 uint32_t cp15_control;
373 /* read cp15 control register */
374 arm926ejs->read_cp15(target, 0, 0, 1, 0, &cp15_control);
375 jtag_execute_queue();
380 arm926ejs->write_cp15(target, 0, 0, 8, 7, 0x0);
382 cp15_control &= ~0x1U;
387 uint32_t debug_override;
388 /* read-modify-write CP15 debug override register
389 * to enable "test and clean all" */
390 arm926ejs->read_cp15(target, 0, 0, 15, 0, &debug_override);
391 debug_override |= 0x80000;
392 arm926ejs->write_cp15(target, 0, 0, 15, 0, debug_override);
394 /* clean and invalidate DCache */
395 arm926ejs->write_cp15(target, 0, 0, 7, 5, 0x0);
397 /* write CP15 debug override register
398 * to disable "test and clean all" */
399 debug_override &= ~0x80000;
400 arm926ejs->write_cp15(target, 0, 0, 15, 0, debug_override);
402 cp15_control &= ~0x4U;
407 /* invalidate ICache */
408 arm926ejs->write_cp15(target, 0, 0, 7, 5, 0x0);
410 cp15_control &= ~0x1000U;
413 arm926ejs->write_cp15(target, 0, 0, 1, 0, cp15_control);
416 static void arm926ejs_enable_mmu_caches(target_t *target, int mmu,
417 int d_u_cache, int i_cache)
419 armv4_5_common_t *armv4_5 = target->arch_info;
420 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
421 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
422 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
423 uint32_t cp15_control;
425 /* read cp15 control register */
426 arm926ejs->read_cp15(target, 0, 0, 1, 0, &cp15_control);
427 jtag_execute_queue();
430 cp15_control |= 0x1U;
433 cp15_control |= 0x4U;
436 cp15_control |= 0x1000U;
438 arm926ejs->write_cp15(target, 0, 0, 1, 0, cp15_control);
441 static void arm926ejs_post_debug_entry(target_t *target)
443 armv4_5_common_t *armv4_5 = target->arch_info;
444 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
445 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
446 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
448 /* examine cp15 control reg */
449 arm926ejs->read_cp15(target, 0, 0, 1, 0, &arm926ejs->cp15_control_reg);
450 jtag_execute_queue();
451 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32 "", arm926ejs->cp15_control_reg);
453 if (arm926ejs->armv4_5_mmu.armv4_5_cache.ctype == -1)
455 uint32_t cache_type_reg;
456 /* identify caches */
457 arm926ejs->read_cp15(target, 0, 1, 0, 0, &cache_type_reg);
458 jtag_execute_queue();
459 armv4_5_identify_cache(cache_type_reg, &arm926ejs->armv4_5_mmu.armv4_5_cache);
462 arm926ejs->armv4_5_mmu.mmu_enabled = (arm926ejs->cp15_control_reg & 0x1U) ? 1 : 0;
463 arm926ejs->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = (arm926ejs->cp15_control_reg & 0x4U) ? 1 : 0;
464 arm926ejs->armv4_5_mmu.armv4_5_cache.i_cache_enabled = (arm926ejs->cp15_control_reg & 0x1000U) ? 1 : 0;
466 /* save i/d fault status and address register */
467 arm926ejs->read_cp15(target, 0, 0, 5, 0, &arm926ejs->d_fsr);
468 arm926ejs->read_cp15(target, 0, 1, 5, 0, &arm926ejs->i_fsr);
469 arm926ejs->read_cp15(target, 0, 0, 6, 0, &arm926ejs->d_far);
471 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32 ", I FSR: 0x%8.8" PRIx32 "",
472 arm926ejs->d_fsr, arm926ejs->d_far, arm926ejs->i_fsr);
474 uint32_t cache_dbg_ctrl;
476 /* read-modify-write CP15 cache debug control register
477 * to disable I/D-cache linefills and force WT */
478 arm926ejs->read_cp15(target, 7, 0, 15, 0, &cache_dbg_ctrl);
479 cache_dbg_ctrl |= 0x7;
480 arm926ejs->write_cp15(target, 7, 0, 15, 0, cache_dbg_ctrl);
483 static void arm926ejs_pre_restore_context(target_t *target)
485 armv4_5_common_t *armv4_5 = target->arch_info;
486 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
487 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
488 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
490 /* restore i/d fault status and address register */
491 arm926ejs->write_cp15(target, 0, 0, 5, 0, arm926ejs->d_fsr);
492 arm926ejs->write_cp15(target, 0, 1, 5, 0, arm926ejs->i_fsr);
493 arm926ejs->write_cp15(target, 0, 0, 6, 0, arm926ejs->d_far);
495 uint32_t cache_dbg_ctrl;
497 /* read-modify-write CP15 cache debug control register
498 * to reenable I/D-cache linefills and disable WT */
499 arm926ejs->read_cp15(target, 7, 0, 15, 0, &cache_dbg_ctrl);
500 cache_dbg_ctrl &= ~0x7;
501 arm926ejs->write_cp15(target, 7, 0, 15, 0, cache_dbg_ctrl);
504 static int arm926ejs_get_arch_pointers(target_t *target,
505 armv4_5_common_t **armv4_5_p,
506 arm7_9_common_t **arm7_9_p,
507 arm9tdmi_common_t **arm9tdmi_p,
508 arm926ejs_common_t **arm926ejs_p)
510 armv4_5_common_t *armv4_5 = target->arch_info;
511 arm7_9_common_t *arm7_9;
512 arm9tdmi_common_t *arm9tdmi;
513 arm926ejs_common_t *arm926ejs;
515 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
520 arm7_9 = armv4_5->arch_info;
521 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
526 arm9tdmi = arm7_9->arch_info;
527 if (arm9tdmi->common_magic != ARM9TDMI_COMMON_MAGIC)
532 arm926ejs = arm9tdmi->arch_info;
533 if (arm926ejs->common_magic != ARM926EJS_COMMON_MAGIC)
538 *armv4_5_p = armv4_5;
540 *arm9tdmi_p = arm9tdmi;
541 *arm926ejs_p = arm926ejs;
546 int arm926ejs_arch_state(struct target_s *target)
548 armv4_5_common_t *armv4_5 = target->arch_info;
549 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
550 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
551 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
555 "disabled", "enabled"
558 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
560 LOG_ERROR("BUG: called for a non-ARMv4/5 target");
565 "target halted in %s state due to %s, current mode: %s\n"
566 "cpsr: 0x%8.8" PRIx32 " pc: 0x%8.8" PRIx32 "\n"
567 "MMU: %s, D-Cache: %s, I-Cache: %s",
568 armv4_5_state_strings[armv4_5->core_state],
569 Jim_Nvp_value2name_simple(nvp_target_debug_reason,target->debug_reason)->name,
570 armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)],
571 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32),
572 buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32),
573 state[arm926ejs->armv4_5_mmu.mmu_enabled],
574 state[arm926ejs->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
575 state[arm926ejs->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
580 int arm926ejs_soft_reset_halt(struct target_s *target)
582 int retval = ERROR_OK;
583 armv4_5_common_t *armv4_5 = target->arch_info;
584 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
585 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
586 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
587 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
589 if ((retval = target_halt(target)) != ERROR_OK)
594 long long then = timeval_ms();
596 while (!(timeout = ((timeval_ms()-then) > 1000)))
598 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0)
600 embeddedice_read_reg(dbg_stat);
601 if ((retval = jtag_execute_queue()) != ERROR_OK)
609 if (debug_level >= 1)
611 /* do not eat all CPU, time out after 1 se*/
620 LOG_ERROR("Failed to halt CPU after 1 sec");
621 return ERROR_TARGET_TIMEOUT;
624 target->state = TARGET_HALTED;
626 /* SVC, ARM state, IRQ and FIQ disabled */
627 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
628 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
629 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
631 /* start fetching from 0x0 */
632 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
633 armv4_5->core_cache->reg_list[15].dirty = 1;
634 armv4_5->core_cache->reg_list[15].valid = 1;
636 armv4_5->core_mode = ARMV4_5_MODE_SVC;
637 armv4_5->core_state = ARMV4_5_STATE_ARM;
639 arm926ejs_disable_mmu_caches(target, 1, 1, 1);
640 arm926ejs->armv4_5_mmu.mmu_enabled = 0;
641 arm926ejs->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
642 arm926ejs->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
644 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
647 int arm926ejs_write_memory(struct target_s *target, uint32_t address,
648 uint32_t size, uint32_t count, uint8_t *buffer)
651 armv4_5_common_t *armv4_5 = target->arch_info;
652 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
653 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
654 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
656 /* FIX!!!! this should be cleaned up and made much more general. The
657 * plan is to write up and test on arm926ejs specifically and
658 * then generalize and clean up afterwards. */
659 if (arm926ejs->armv4_5_mmu.mmu_enabled && (count == 1) && ((size==2) || (size==4)))
661 /* special case the handling of single word writes to bypass MMU
662 * to allow implementation of breakpoints in memory marked read only
664 if (arm926ejs->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
666 /* flush and invalidate data cache
668 * MCR p15,0,p,c7,c10,1 - clean cache line using virtual address
671 retval = arm926ejs->write_cp15(target, 0, 1, 7, 10, address&~0x3);
672 if (retval != ERROR_OK)
677 retval = target->type->virt2phys(target, address, &pa);
678 if (retval != ERROR_OK)
681 /* write directly to physical memory bypassing any read only MMU bits, etc. */
682 retval = armv4_5_mmu_write_physical(target, &arm926ejs->armv4_5_mmu, pa, size, count, buffer);
683 if (retval != ERROR_OK)
687 if ((retval = arm7_9_write_memory(target, address, size, count, buffer)) != ERROR_OK)
691 /* If ICache is enabled, we have to invalidate affected ICache lines
692 * the DCache is forced to write-through, so we don't have to clean it here
694 if (arm926ejs->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
698 /* invalidate ICache single entry with MVA */
699 arm926ejs->write_cp15(target, 0, 1, 7, 5, address);
703 /* invalidate ICache */
704 arm926ejs->write_cp15(target, 0, 0, 7, 5, address);
711 static int arm926ejs_write_phys_memory(struct target_s *target,
712 uint32_t address, uint32_t size,
713 uint32_t count, uint8_t *buffer)
715 armv4_5_common_t *armv4_5 = target->arch_info;
716 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
717 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
718 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
720 return armv4_5_mmu_write_physical(target, &arm926ejs->armv4_5_mmu, address, size, count, buffer);
723 static int arm926ejs_read_phys_memory(struct target_s *target,
724 uint32_t address, uint32_t size,
725 uint32_t count, uint8_t *buffer)
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
730 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
732 return armv4_5_mmu_read_physical(target, &arm926ejs->armv4_5_mmu, address, size, count, buffer);
735 static int arm926ejs_init_target(struct command_context_s *cmd_ctx,
736 struct target_s *target)
738 arm9tdmi_init_target(cmd_ctx, target);
743 static int arm926ejs_quit(void)
748 int arm926ejs_init_arch_info(target_t *target, arm926ejs_common_t *arm926ejs,
751 arm9tdmi_common_t *arm9tdmi = &arm926ejs->arm9tdmi_common;
752 arm7_9_common_t *arm7_9 = &arm9tdmi->arm7_9_common;
754 /* initialize arm9tdmi specific info (including arm7_9 and armv4_5)
756 arm9tdmi_init_arch_info(target, arm9tdmi, tap);
758 arm9tdmi->arch_info = arm926ejs;
759 arm926ejs->common_magic = ARM926EJS_COMMON_MAGIC;
761 arm7_9->post_debug_entry = arm926ejs_post_debug_entry;
762 arm7_9->pre_restore_context = arm926ejs_pre_restore_context;
764 arm926ejs->read_cp15 = arm926ejs_cp15_read;
765 arm926ejs->write_cp15 = arm926ejs_cp15_write;
766 arm926ejs->armv4_5_mmu.armv4_5_cache.ctype = -1;
767 arm926ejs->armv4_5_mmu.get_ttb = arm926ejs_get_ttb;
768 arm926ejs->armv4_5_mmu.read_memory = arm7_9_read_memory;
769 arm926ejs->armv4_5_mmu.write_memory = arm7_9_write_memory;
770 arm926ejs->armv4_5_mmu.disable_mmu_caches = arm926ejs_disable_mmu_caches;
771 arm926ejs->armv4_5_mmu.enable_mmu_caches = arm926ejs_enable_mmu_caches;
772 arm926ejs->armv4_5_mmu.has_tiny_pages = 1;
773 arm926ejs->armv4_5_mmu.mmu_enabled = 0;
775 arm7_9->examine_debug_reason = arm926ejs_examine_debug_reason;
777 /* The ARM926EJ-S implements the ARMv5TE architecture which
778 * has the BKPT instruction, so we don't have to use a watchpoint comparator
780 arm7_9->arm_bkpt = ARMV5_BKPT(0x0);
781 arm7_9->thumb_bkpt = ARMV5_T_BKPT(0x0) & 0xffff;
786 static int arm926ejs_target_create(struct target_s *target, Jim_Interp *interp)
788 arm926ejs_common_t *arm926ejs = calloc(1,sizeof(arm926ejs_common_t));
790 arm926ejs_init_arch_info(target, arm926ejs, target->tap);
795 static int arm926ejs_handle_cp15_command(struct command_context_s *cmd_ctx,
796 char *cmd, char **args, int argc)
799 target_t *target = get_current_target(cmd_ctx);
800 armv4_5_common_t *armv4_5;
801 arm7_9_common_t *arm7_9;
802 arm9tdmi_common_t *arm9tdmi;
803 arm926ejs_common_t *arm926ejs;
809 if ((argc < 4) || (argc > 5))
811 command_print(cmd_ctx, "usage: arm926ejs cp15 <opcode_1> <opcode_2> <CRn> <CRm> [value]");
815 opcode_1 = strtoul(args[0], NULL, 0);
816 opcode_2 = strtoul(args[1], NULL, 0);
817 CRn = strtoul(args[2], NULL, 0);
818 CRm = strtoul(args[3], NULL, 0);
820 if (arm926ejs_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm926ejs) != ERROR_OK)
822 command_print(cmd_ctx, "current target isn't an ARM926EJ-S target");
826 if (target->state != TARGET_HALTED)
828 command_print(cmd_ctx, "target must be stopped for \"%s\" command", cmd);
835 if ((retval = arm926ejs->read_cp15(target, opcode_1, opcode_2, CRn, CRm, &value)) != ERROR_OK)
837 command_print(cmd_ctx, "couldn't access register");
840 if ((retval = jtag_execute_queue()) != ERROR_OK)
845 command_print(cmd_ctx, "%i %i %i %i: %8.8" PRIx32 "", opcode_1, opcode_2, CRn, CRm, value);
849 uint32_t value = strtoul(args[4], NULL, 0);
850 if ((retval = arm926ejs->write_cp15(target, opcode_1, opcode_2, CRn, CRm, value)) != ERROR_OK)
852 command_print(cmd_ctx, "couldn't access register");
855 command_print(cmd_ctx, "%i %i %i %i: %8.8" PRIx32 "", opcode_1, opcode_2, CRn, CRm, value);
862 arm926ejs_handle_cache_info_command(struct command_context_s *cmd_ctx,
863 char *cmd, char **args, int argc)
865 target_t *target = get_current_target(cmd_ctx);
866 armv4_5_common_t *armv4_5;
867 arm7_9_common_t *arm7_9;
868 arm9tdmi_common_t *arm9tdmi;
869 arm926ejs_common_t *arm926ejs;
871 if (arm926ejs_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm926ejs) != ERROR_OK)
873 command_print(cmd_ctx, "current target isn't an ARM926EJ-S target");
877 return armv4_5_handle_cache_info_command(cmd_ctx, &arm926ejs->armv4_5_mmu.armv4_5_cache);
880 static int arm926ejs_virt2phys(struct target_s *target, uint32_t virtual, uint32_t *physical)
888 armv4_5_common_t *armv4_5;
889 arm7_9_common_t *arm7_9;
890 arm9tdmi_common_t *arm9tdmi;
891 arm926ejs_common_t *arm926ejs;
892 retval= arm926ejs_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm926ejs);
893 if (retval != ERROR_OK)
897 uint32_t ret = armv4_5_mmu_translate_va(target, &arm926ejs->armv4_5_mmu, virtual, &type, &cb, &domain, &ap);
906 static int arm926ejs_mmu(struct target_s *target, int *enabled)
908 armv4_5_common_t *armv4_5 = target->arch_info;
909 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
910 arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
911 arm926ejs_common_t *arm926ejs = arm9tdmi->arch_info;
913 if (target->state != TARGET_HALTED)
915 LOG_ERROR("Target not halted");
916 return ERROR_TARGET_INVALID;
918 *enabled = arm926ejs->armv4_5_mmu.mmu_enabled;
922 int arm926ejs_register_commands(struct command_context_s *cmd_ctx)
925 command_t *arm926ejs_cmd;
927 retval = arm9tdmi_register_commands(cmd_ctx);
929 arm926ejs_cmd = register_command(cmd_ctx, NULL, "arm926ejs",
931 "arm926ejs specific commands");
933 register_command(cmd_ctx, arm926ejs_cmd, "cp15",
934 arm926ejs_handle_cp15_command, COMMAND_EXEC,
935 "display/modify cp15 register "
936 "<opcode_1> <opcode_2> <CRn> <CRm> [value]");
938 register_command(cmd_ctx, arm926ejs_cmd, "cache_info",
939 arm926ejs_handle_cache_info_command, COMMAND_EXEC,
940 "display information about target caches");
945 target_type_t arm926ejs_target =
950 .arch_state = arm926ejs_arch_state,
952 .target_request_data = arm7_9_target_request_data,
955 .resume = arm7_9_resume,
958 .assert_reset = arm7_9_assert_reset,
959 .deassert_reset = arm7_9_deassert_reset,
960 .soft_reset_halt = arm926ejs_soft_reset_halt,
962 .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
964 .read_memory = arm7_9_read_memory,
965 .write_memory = arm926ejs_write_memory,
966 .bulk_write_memory = arm7_9_bulk_write_memory,
967 .checksum_memory = arm7_9_checksum_memory,
968 .blank_check_memory = arm7_9_blank_check_memory,
970 .run_algorithm = armv4_5_run_algorithm,
972 .add_breakpoint = arm7_9_add_breakpoint,
973 .remove_breakpoint = arm7_9_remove_breakpoint,
974 .add_watchpoint = arm7_9_add_watchpoint,
975 .remove_watchpoint = arm7_9_remove_watchpoint,
977 .register_commands = arm926ejs_register_commands,
978 .target_create = arm926ejs_target_create,
979 .init_target = arm926ejs_init_target,
980 .examine = arm9tdmi_examine,
981 .quit = arm926ejs_quit,
982 .virt2phys = arm926ejs_virt2phys,
983 .mmu = arm926ejs_mmu,
985 .read_phys_memory = arm926ejs_read_phys_memory,
986 .write_phys_memory = arm926ejs_write_phys_memory,
987 .mrc = arm926ejs_mrc,
988 .mcr = arm926ejs_mcr,
projects / openocd / blob