2 * Copyright (C) 2009 by David Brownell
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the
16 * Free Software Foundation, Inc.,
17 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #include "armv4_5.h" /* REVISIT to become arm.h */
26 #include <jtag/jtag.h>
28 #include "breakpoints.h"
29 #include "target_type.h"
30 #include "arm_opcodes.h"
35 * Implements various ARM DPM operations using architectural debug registers.
36 * These routines layer over core-specific communication methods to cope with
37 * implementation differences between cores like ARM1136 and Cortex-A8.
40 /*----------------------------------------------------------------------*/
46 /* Read coprocessor */
47 static int dpm_mrc(struct target *target, int cpnum,
48 uint32_t op1, uint32_t op2, uint32_t CRn, uint32_t CRm,
51 struct arm *arm = target_to_arm(target);
52 struct arm_dpm *dpm = arm->dpm;
55 retval = dpm->prepare(dpm);
56 if (retval != ERROR_OK)
59 LOG_DEBUG("MRC p%d, %d, r0, c%d, c%d, %d", cpnum,
61 (int) CRm, (int) op2);
63 /* read coprocessor register into R0; return via DCC */
64 retval = dpm->instr_read_data_r0(dpm,
65 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
68 /* (void) */ dpm->finish(dpm);
72 static int dpm_mcr(struct target *target, int cpnum,
73 uint32_t op1, uint32_t op2, uint32_t CRn, uint32_t CRm,
76 struct arm *arm = target_to_arm(target);
77 struct arm_dpm *dpm = arm->dpm;
80 retval = dpm->prepare(dpm);
81 if (retval != ERROR_OK)
84 LOG_DEBUG("MCR p%d, %d, r0, c%d, c%d, %d", cpnum,
86 (int) CRm, (int) op2);
88 /* read DCC into r0; then write coprocessor register from R0 */
89 retval = dpm->instr_write_data_r0(dpm,
90 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
93 /* (void) */ dpm->finish(dpm);
97 /*----------------------------------------------------------------------*/
100 * Register access utilities
103 /* Toggles between recorded core mode (USR, SVC, etc) and a temporary one.
104 * Routines *must* restore the original mode before returning!!
106 static int dpm_modeswitch(struct arm_dpm *dpm, enum arm_mode mode)
111 /* restore previous mode */
112 if (mode == ARM_MODE_ANY)
113 cpsr = buf_get_u32(dpm->arm->cpsr->value, 0, 32);
115 /* else force to the specified mode */
119 retval = dpm->instr_write_data_r0(dpm, ARMV4_5_MSR_GP(0, 0xf, 0), cpsr);
121 if (dpm->instr_cpsr_sync)
122 retval = dpm->instr_cpsr_sync(dpm);
127 /* just read the register -- rely on the core mode being right */
128 static int dpm_read_reg(struct arm_dpm *dpm, struct reg *r, unsigned regnum)
135 /* return via DCC: "MCR p14, 0, Rnum, c0, c5, 0" */
136 retval = dpm->instr_read_data_dcc(dpm,
137 ARMV4_5_MCR(14, 0, regnum, 0, 5, 0),
141 /* "MOV r0, pc"; then return via DCC */
142 retval = dpm->instr_read_data_r0(dpm, 0xe1a0000f, &value);
144 /* NOTE: this seems like a slightly awkward place to update
145 * this value ... but if the PC gets written (the only way
146 * to change what we compute), the arch spec says subsequent
147 * reads return values which are "unpredictable". So this
148 * is always right except in those broken-by-intent cases.
150 switch (dpm->arm->core_state) {
154 case ARM_STATE_THUMB:
155 case ARM_STATE_THUMB_EE:
158 case ARM_STATE_JAZELLE:
159 /* core-specific ... ? */
160 LOG_WARNING("Jazelle PC adjustment unknown");
165 /* 16: "MRS r0, CPSR"; then return via DCC
166 * 17: "MRS r0, SPSR"; then return via DCC
168 retval = dpm->instr_read_data_r0(dpm,
169 ARMV4_5_MRS(0, regnum & 1),
174 if (retval == ERROR_OK) {
175 buf_set_u32(r->value, 0, 32, value);
178 LOG_DEBUG("READ: %s, %8.8x", r->name, (unsigned) value);
184 /* just write the register -- rely on the core mode being right */
185 static int dpm_write_reg(struct arm_dpm *dpm, struct reg *r, unsigned regnum)
188 uint32_t value = buf_get_u32(r->value, 0, 32);
192 /* load register from DCC: "MRC p14, 0, Rnum, c0, c5, 0" */
193 retval = dpm->instr_write_data_dcc(dpm,
194 ARMV4_5_MRC(14, 0, regnum, 0, 5, 0),
198 /* read r0 from DCC; then "MOV pc, r0" */
199 retval = dpm->instr_write_data_r0(dpm, 0xe1a0f000, value);
202 /* 16: read r0 from DCC, then "MSR r0, CPSR_cxsf"
203 * 17: read r0 from DCC, then "MSR r0, SPSR_cxsf"
205 retval = dpm->instr_write_data_r0(dpm,
206 ARMV4_5_MSR_GP(0, 0xf, regnum & 1),
209 if (regnum == 16 && dpm->instr_cpsr_sync)
210 retval = dpm->instr_cpsr_sync(dpm);
215 if (retval == ERROR_OK) {
217 LOG_DEBUG("WRITE: %s, %8.8x", r->name, (unsigned) value);
224 * Read basic registers of the the current context: R0 to R15, and CPSR;
225 * sets the core mode (such as USR or IRQ) and state (such as ARM or Thumb).
226 * In normal operation this is called on entry to halting debug state,
227 * possibly after some other operations supporting restore of debug state
228 * or making sure the CPU is fully idle (drain write buffer, etc).
230 int arm_dpm_read_current_registers(struct arm_dpm *dpm)
232 struct arm *arm = dpm->arm;
237 retval = dpm->prepare(dpm);
238 if (retval != ERROR_OK)
241 /* read R0 first (it's used for scratch), then CPSR */
242 r = arm->core_cache->reg_list + 0;
244 retval = dpm_read_reg(dpm, r, 0);
245 if (retval != ERROR_OK)
250 retval = dpm->instr_read_data_r0(dpm, ARMV4_5_MRS(0, 0), &cpsr);
251 if (retval != ERROR_OK)
254 /* update core mode and state, plus shadow mapping for R8..R14 */
255 arm_set_cpsr(arm, cpsr);
257 /* REVISIT we can probably avoid reading R1..R14, saving time... */
258 for (unsigned i = 1; i < 16; i++) {
259 r = arm_reg_current(arm, i);
263 retval = dpm_read_reg(dpm, r, i);
264 if (retval != ERROR_OK)
268 /* NOTE: SPSR ignored (if it's even relevant). */
270 /* REVISIT the debugger can trigger various exceptions. See the
271 * ARMv7A architecture spec, section C5.7, for more info about
272 * what defenses are needed; v6 debug has the most issues.
276 /* (void) */ dpm->finish(dpm);
281 * Writes all modified core registers for all processor modes. In normal
282 * operation this is called on exit from halting debug state.
284 * @param dpm: represents the processor
285 * @param bpwp: true ensures breakpoints and watchpoints are set,
286 * false ensures they are cleared
288 int arm_dpm_write_dirty_registers(struct arm_dpm *dpm, bool bpwp)
290 struct arm *arm = dpm->arm;
291 struct reg_cache *cache = arm->core_cache;
295 retval = dpm->prepare(dpm);
296 if (retval != ERROR_OK)
299 /* enable/disable watchpoints */
300 for (unsigned i = 0; i < dpm->nwp; i++) {
301 struct dpm_wp *dwp = dpm->dwp + i;
302 struct watchpoint *wp = dwp->wp;
305 /* Avoid needless I/O ... leave watchpoints alone
306 * unless they're removed, or need updating because
307 * of single-stepping or running debugger code.
313 /* removed or startup; we must disable it */
318 /* disabled, but we must set it */
319 dwp->dirty = disable = false;
324 /* set, but we must temporarily disable it */
325 dwp->dirty = disable = true;
330 retval = dpm->bpwp_disable(dpm, 16 + i);
332 retval = dpm->bpwp_enable(dpm, 16 + i,
333 wp->address & ~3, dwp->control);
335 if (retval != ERROR_OK)
336 LOG_ERROR("%s: can't %s HW watchpoint %d",
337 target_name(arm->target),
338 disable ? "disable" : "enable",
342 /* NOTE: writes to breakpoint and watchpoint registers might
343 * be queued, and need (efficient/batched) flushing later.
346 /* Scan the registers until we find one that's both dirty and
347 * eligible for flushing. Flush that and everything else that
348 * shares the same core mode setting. Typically this won't
349 * actually find anything to do...
352 enum arm_mode mode = ARM_MODE_ANY;
356 /* check everything except our scratch register R0 */
357 for (unsigned i = 1; i < cache->num_regs; i++) {
361 /* also skip PC, CPSR, and non-dirty */
364 if (arm->cpsr == cache->reg_list + i)
366 if (!cache->reg_list[i].dirty)
369 r = cache->reg_list[i].arch_info;
372 /* may need to pick and set a mode */
377 mode = tmode = r->mode;
379 /* cope with special cases */
382 /* r8..r12 "anything but FIQ" case;
383 * we "know" core mode is accurate
384 * since we haven't changed it yet
386 if (arm->core_mode == ARM_MODE_FIQ
389 tmode = ARM_MODE_USR;
397 /* REVISIT error checks */
398 if (tmode != ARM_MODE_ANY)
399 retval = dpm_modeswitch(dpm, tmode);
404 retval = dpm_write_reg(dpm,
412 /* Restore original CPSR ... assuming either that we changed it,
413 * or it's dirty. Must write PC to ensure the return address is
414 * defined, and must not write it before CPSR.
416 retval = dpm_modeswitch(dpm, ARM_MODE_ANY);
417 arm->cpsr->dirty = false;
419 retval = dpm_write_reg(dpm, &cache->reg_list[15], 15);
420 cache->reg_list[15].dirty = false;
422 /* flush R0 -- it's *very* dirty by now */
423 retval = dpm_write_reg(dpm, &cache->reg_list[0], 0);
424 cache->reg_list[0].dirty = false;
426 /* (void) */ dpm->finish(dpm);
431 /* Returns ARM_MODE_ANY or temporary mode to use while reading the
432 * specified register ... works around flakiness from ARM core calls.
433 * Caller already filtered out SPSR access; mode is never MODE_SYS
436 static enum arm_mode dpm_mapmode(struct arm *arm,
437 unsigned num, enum arm_mode mode)
439 enum arm_mode amode = arm->core_mode;
441 /* don't switch if the mode is already correct */
442 if (amode == ARM_MODE_SYS)
443 amode = ARM_MODE_USR;
448 /* don't switch for non-shadowed registers (r0..r7, r15/pc, cpsr) */
453 /* r8..r12 aren't shadowed for anything except FIQ */
455 if (mode == ARM_MODE_FIQ)
458 /* r13/sp, and r14/lr are always shadowed */
463 LOG_WARNING("invalid register #%u", num);
471 * Standard ARM register accessors ... there are three methods
472 * in "struct arm", to support individual read/write and bulk read
476 static int arm_dpm_read_core_reg(struct target *target, struct reg *r,
477 int regnum, enum arm_mode mode)
479 struct arm_dpm *dpm = target_to_arm(target)->dpm;
482 if (regnum < 0 || regnum > 16)
483 return ERROR_INVALID_ARGUMENTS;
486 if (mode != ARM_MODE_ANY)
489 mode = dpm_mapmode(dpm->arm, regnum, mode);
491 /* REVISIT what happens if we try to read SPSR in a core mode
492 * which has no such register?
495 retval = dpm->prepare(dpm);
496 if (retval != ERROR_OK)
499 if (mode != ARM_MODE_ANY) {
500 retval = dpm_modeswitch(dpm, mode);
501 if (retval != ERROR_OK)
505 retval = dpm_read_reg(dpm, r, regnum);
506 /* always clean up, regardless of error */
508 if (mode != ARM_MODE_ANY)
509 /* (void) */ dpm_modeswitch(dpm, ARM_MODE_ANY);
512 /* (void) */ dpm->finish(dpm);
516 static int arm_dpm_write_core_reg(struct target *target, struct reg *r,
517 int regnum, enum arm_mode mode, uint32_t value)
519 struct arm_dpm *dpm = target_to_arm(target)->dpm;
523 if (regnum < 0 || regnum > 16)
524 return ERROR_INVALID_ARGUMENTS;
527 if (mode != ARM_MODE_ANY)
530 mode = dpm_mapmode(dpm->arm, regnum, mode);
532 /* REVISIT what happens if we try to write SPSR in a core mode
533 * which has no such register?
536 retval = dpm->prepare(dpm);
537 if (retval != ERROR_OK)
540 if (mode != ARM_MODE_ANY) {
541 retval = dpm_modeswitch(dpm, mode);
542 if (retval != ERROR_OK)
546 retval = dpm_write_reg(dpm, r, regnum);
547 /* always clean up, regardless of error */
549 if (mode != ARM_MODE_ANY)
550 /* (void) */ dpm_modeswitch(dpm, ARM_MODE_ANY);
553 /* (void) */ dpm->finish(dpm);
557 static int arm_dpm_full_context(struct target *target)
559 struct arm *arm = target_to_arm(target);
560 struct arm_dpm *dpm = arm->dpm;
561 struct reg_cache *cache = arm->core_cache;
565 retval = dpm->prepare(dpm);
566 if (retval != ERROR_OK)
570 enum arm_mode mode = ARM_MODE_ANY;
574 /* We "know" arm_dpm_read_current_registers() was called so
575 * the unmapped registers (R0..R7, PC, AND CPSR) and some
576 * view of R8..R14 are current. We also "know" oddities of
577 * register mapping: special cases for R8..R12 and SPSR.
579 * Pick some mode with unread registers and read them all.
582 for (unsigned i = 0; i < cache->num_regs; i++) {
585 if (cache->reg_list[i].valid)
587 r = cache->reg_list[i].arch_info;
589 /* may need to pick a mode and set CPSR */
594 /* For R8..R12 when we've entered debug
595 * state in FIQ mode... patch mode.
597 if (mode == ARM_MODE_ANY)
600 /* REVISIT error checks */
601 retval = dpm_modeswitch(dpm, mode);
606 /* CPSR was read, so "R16" must mean SPSR */
607 retval = dpm_read_reg(dpm,
609 (r->num == 16) ? 17 : r->num);
615 retval = dpm_modeswitch(dpm, ARM_MODE_ANY);
616 /* (void) */ dpm->finish(dpm);
622 /*----------------------------------------------------------------------*/
625 * Breakpoint and Watchpoint support.
627 * Hardware {break,watch}points are usually left active, to minimize
628 * debug entry/exit costs. When they are set or cleared, it's done in
629 * batches. Also, DPM-conformant hardware can update debug registers
630 * regardless of whether the CPU is running or halted ... though that
631 * fact isn't currently leveraged.
634 static int dpm_watchpoint_setup(struct arm_dpm *dpm, unsigned index,
635 struct watchpoint *wp)
637 uint32_t addr = wp->address;
640 /* this hardware doesn't support data value matching or masking */
641 if (wp->value || wp->mask != ~(uint32_t)0) {
642 LOG_DEBUG("watchpoint values and masking not supported");
643 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
646 control = (1 << 0) /* enable */
647 | (3 << 1); /* both user and privileged access */
661 /* Match 1, 2, or all 4 byte addresses in this word.
663 * FIXME: v7 hardware allows lengths up to 2 GB, and has eight
664 * byte address select bits. Support larger wp->length, if addr
665 * is suitably aligned.
667 switch (wp->length) {
669 control |= (1 << (addr & 3)) << 5;
673 /* require 2-byte alignment */
675 control |= (3 << (addr & 2)) << 5;
680 /* require 4-byte alignment */
687 LOG_DEBUG("bad watchpoint length or alignment");
688 return ERROR_INVALID_ARGUMENTS;
691 /* other control bits:
692 * bits 9:12 == 0 ... only checking up to four byte addresses (v7 only)
693 * bits 15:14 == 0 ... both secure and nonsecure states (v6.1+ only)
694 * bit 20 == 0 ... not linked to a context ID
695 * bit 28:24 == 0 ... not ignoring N LSBs (v7 only)
698 dpm->dwp[index].wp = wp;
699 dpm->dwp[index].control = control;
700 dpm->dwp[index].dirty = true;
702 /* hardware is updated in write_dirty_registers() */
707 static int dpm_add_watchpoint(struct target *target, struct watchpoint *wp)
709 struct arm *arm = target_to_arm(target);
710 struct arm_dpm *dpm = arm->dpm;
711 int retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
713 if (dpm->bpwp_enable) {
714 for (unsigned i = 0; i < dpm->nwp; i++) {
715 if (!dpm->dwp[i].wp) {
716 retval = dpm_watchpoint_setup(dpm, i, wp);
725 static int dpm_remove_watchpoint(struct target *target, struct watchpoint *wp)
727 struct arm *arm = target_to_arm(target);
728 struct arm_dpm *dpm = arm->dpm;
729 int retval = ERROR_INVALID_ARGUMENTS;
731 for (unsigned i = 0; i < dpm->nwp; i++) {
732 if (dpm->dwp[i].wp == wp) {
733 dpm->dwp[i].wp = NULL;
734 dpm->dwp[i].dirty = true;
736 /* hardware is updated in write_dirty_registers() */
745 void arm_dpm_report_wfar(struct arm_dpm *dpm, uint32_t addr)
747 switch (dpm->arm->core_state) {
751 case ARM_STATE_THUMB:
752 case ARM_STATE_THUMB_EE:
755 case ARM_STATE_JAZELLE:
762 /*----------------------------------------------------------------------*/
765 * Other debug and support utilities
768 void arm_dpm_report_dscr(struct arm_dpm *dpm, uint32_t dscr)
770 struct target *target = dpm->arm->target;
774 /* Examine debug reason */
775 switch (DSCR_ENTRY(dscr)) {
776 case 6: /* Data abort (v6 only) */
777 case 7: /* Prefetch abort (v6 only) */
778 /* FALL THROUGH -- assume a v6 core in abort mode */
779 case 0: /* HALT request from debugger */
781 target->debug_reason = DBG_REASON_DBGRQ;
783 case 1: /* HW breakpoint */
784 case 3: /* SW BKPT */
785 case 5: /* vector catch */
786 target->debug_reason = DBG_REASON_BREAKPOINT;
788 case 2: /* asynch watchpoint */
789 case 10: /* precise watchpoint */
790 target->debug_reason = DBG_REASON_WATCHPOINT;
793 target->debug_reason = DBG_REASON_UNDEFINED;
798 /*----------------------------------------------------------------------*/
801 * Setup and management support.
805 * Hooks up this DPM to its associated target; call only once.
806 * Initially this only covers the register cache.
808 * Oh, and watchpoints. Yeah.
810 int arm_dpm_setup(struct arm_dpm *dpm)
812 struct arm *arm = dpm->arm;
813 struct target *target = arm->target;
814 struct reg_cache *cache;
818 /* register access setup */
819 arm->full_context = arm_dpm_full_context;
820 arm->read_core_reg = arm_dpm_read_core_reg;
821 arm->write_core_reg = arm_dpm_write_core_reg;
823 cache = arm_build_reg_cache(target, arm);
827 *register_get_last_cache_p(&target->reg_cache) = cache;
829 /* coprocessor access setup */
833 /* breakpoint and watchpoint setup */
834 target->type->add_watchpoint = dpm_add_watchpoint;
835 target->type->remove_watchpoint = dpm_remove_watchpoint;
837 /* FIXME add breakpoint support */
838 /* FIXME add vector catch support */
840 dpm->nbp = 1 + ((dpm->didr >> 24) & 0xf);
841 dpm->dbp = calloc(dpm->nbp, sizeof *dpm->dbp);
843 dpm->nwp = 1 + ((dpm->didr >> 28) & 0xf);
844 dpm->dwp = calloc(dpm->nwp, sizeof *dpm->dwp);
846 if (!dpm->dbp || !dpm->dwp) {
852 LOG_INFO("%s: hardware has %d breakpoints, %d watchpoints",
853 target_name(target), dpm->nbp, dpm->nwp);
855 /* REVISIT ... and some of those breakpoints could match
856 * execution context IDs...
863 * Reinitializes DPM state at the beginning of a new debug session
864 * or after a reset which may have affected the debug module.
866 int arm_dpm_initialize(struct arm_dpm *dpm)
868 /* Disable all breakpoints and watchpoints at startup. */
869 if (dpm->bpwp_disable) {
872 for (i = 0; i < dpm->nbp; i++)
873 (void) dpm->bpwp_disable(dpm, i);
874 for (i = 0; i < dpm->nwp; i++)
875 (void) dpm->bpwp_disable(dpm, 16 + i);
877 LOG_WARNING("%s: can't disable breakpoints and watchpoints",
878 target_name(dpm->arm->target));
projects / openocd / blob