1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2008 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm_disassembler.h"
34 #include "binarybuffer.h"
35 #include "algorithm.h"
39 /* offsets into armv4_5 core register cache */
42 ARMV4_5_SPSR_FIQ = 32,
43 ARMV4_5_SPSR_IRQ = 33,
44 ARMV4_5_SPSR_SVC = 34,
45 ARMV4_5_SPSR_ABT = 35,
46 ARMV4_5_SPSR_UND = 36,
50 static const uint8_t arm_usr_indices[17] = {
51 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, ARMV4_5_CPSR,
54 static const uint8_t arm_fiq_indices[8] = {
55 16, 17, 18, 19, 20, 21, 22, ARMV4_5_SPSR_FIQ,
58 static const uint8_t arm_irq_indices[3] = {
59 23, 24, ARMV4_5_SPSR_IRQ,
62 static const uint8_t arm_svc_indices[3] = {
63 25, 26, ARMV4_5_SPSR_SVC,
66 static const uint8_t arm_abt_indices[3] = {
67 27, 28, ARMV4_5_SPSR_ABT,
70 static const uint8_t arm_und_indices[3] = {
71 29, 30, ARMV4_5_SPSR_UND,
74 static const uint8_t arm_mon_indices[3] = {
81 /* For user and system modes, these list indices for all registers.
82 * otherwise they're just indices for the shadow registers and SPSR.
84 unsigned short n_indices;
85 const uint8_t *indices;
87 /* Seven modes are standard from ARM7 on. "System" and "User" share
88 * the same registers; other modes shadow from 3 to 8 registers.
92 .psr = ARMV4_5_MODE_USR,
93 .n_indices = ARRAY_SIZE(arm_usr_indices),
94 .indices = arm_usr_indices,
98 .psr = ARMV4_5_MODE_FIQ,
99 .n_indices = ARRAY_SIZE(arm_fiq_indices),
100 .indices = arm_fiq_indices,
103 .name = "Supervisor",
104 .psr = ARMV4_5_MODE_SVC,
105 .n_indices = ARRAY_SIZE(arm_svc_indices),
106 .indices = arm_svc_indices,
110 .psr = ARMV4_5_MODE_ABT,
111 .n_indices = ARRAY_SIZE(arm_abt_indices),
112 .indices = arm_abt_indices,
116 .psr = ARMV4_5_MODE_IRQ,
117 .n_indices = ARRAY_SIZE(arm_irq_indices),
118 .indices = arm_irq_indices,
121 .name = "Undefined instruction",
122 .psr = ARMV4_5_MODE_UND,
123 .n_indices = ARRAY_SIZE(arm_und_indices),
124 .indices = arm_und_indices,
128 .psr = ARMV4_5_MODE_SYS,
129 .n_indices = ARRAY_SIZE(arm_usr_indices),
130 .indices = arm_usr_indices,
132 /* TrustZone "Security Extensions" add a secure monitor mode.
133 * This is distinct from a "debug monitor" which can support
134 * non-halting debug, in conjunction with some debuggers.
137 .name = "Secure Monitor",
139 .n_indices = ARRAY_SIZE(arm_mon_indices),
140 .indices = arm_mon_indices,
144 /** Map PSR mode bits to the name of an ARM processor operating mode. */
145 const char *arm_mode_name(unsigned psr_mode)
147 for (unsigned i = 0; i < ARRAY_SIZE(arm_mode_data); i++) {
148 if (arm_mode_data[i].psr == psr_mode)
149 return arm_mode_data[i].name;
151 LOG_ERROR("unrecognized psr mode: %#02x", psr_mode);
152 return "UNRECOGNIZED";
155 /** Return true iff the parameter denotes a valid ARM processor mode. */
156 bool is_arm_mode(unsigned psr_mode)
158 for (unsigned i = 0; i < ARRAY_SIZE(arm_mode_data); i++) {
159 if (arm_mode_data[i].psr == psr_mode)
165 /** Map PSR mode bits to linear number indexing armv4_5_core_reg_map */
166 int armv4_5_mode_to_number(enum armv4_5_mode mode)
169 case ARMV4_5_MODE_ANY:
170 /* map MODE_ANY to user mode */
171 case ARMV4_5_MODE_USR:
173 case ARMV4_5_MODE_FIQ:
175 case ARMV4_5_MODE_IRQ:
177 case ARMV4_5_MODE_SVC:
179 case ARMV4_5_MODE_ABT:
181 case ARMV4_5_MODE_UND:
183 case ARMV4_5_MODE_SYS:
188 LOG_ERROR("invalid mode value encountered %d", mode);
193 /** Map linear number indexing armv4_5_core_reg_map to PSR mode bits. */
194 enum armv4_5_mode armv4_5_number_to_mode(int number)
198 return ARMV4_5_MODE_USR;
200 return ARMV4_5_MODE_FIQ;
202 return ARMV4_5_MODE_IRQ;
204 return ARMV4_5_MODE_SVC;
206 return ARMV4_5_MODE_ABT;
208 return ARMV4_5_MODE_UND;
210 return ARMV4_5_MODE_SYS;
214 LOG_ERROR("mode index out of bounds %d", number);
215 return ARMV4_5_MODE_ANY;
219 char* armv4_5_state_strings[] =
221 "ARM", "Thumb", "Jazelle", "ThumbEE",
224 /* Templates for ARM core registers.
226 * NOTE: offsets in this table are coupled to the arm_mode_data
227 * table above, the armv4_5_core_reg_map array below, and also to
228 * the ARMV4_5_CPSR symbol (which should vanish after ARM11 updates).
230 static const struct {
231 /* The name is used for e.g. the "regs" command. */
234 /* The {cookie, mode} tuple uniquely identifies one register.
235 * In a given mode, cookies 0..15 map to registers R0..R15,
236 * with R13..R15 usually called SP, LR, PC.
238 * MODE_ANY is used as *input* to the mapping, and indicates
239 * various special cases (sigh) and errors.
241 * Cookie 16 is (currently) confusing, since it indicates
242 * CPSR -or- SPSR depending on whether 'mode' is MODE_ANY.
243 * (Exception modes have both CPSR and SPSR registers ...)
246 enum armv4_5_mode mode;
247 } arm_core_regs[] = {
248 /* IMPORTANT: we guarantee that the first eight cached registers
249 * correspond to r0..r7, and the fifteenth to PC, so that callers
250 * don't need to map them.
252 { .name = "r0", .cookie = 0, .mode = ARMV4_5_MODE_ANY, },
253 { .name = "r1", .cookie = 1, .mode = ARMV4_5_MODE_ANY, },
254 { .name = "r2", .cookie = 2, .mode = ARMV4_5_MODE_ANY, },
255 { .name = "r3", .cookie = 3, .mode = ARMV4_5_MODE_ANY, },
256 { .name = "r4", .cookie = 4, .mode = ARMV4_5_MODE_ANY, },
257 { .name = "r5", .cookie = 5, .mode = ARMV4_5_MODE_ANY, },
258 { .name = "r6", .cookie = 6, .mode = ARMV4_5_MODE_ANY, },
259 { .name = "r7", .cookie = 7, .mode = ARMV4_5_MODE_ANY, },
261 /* NOTE: regs 8..12 might be shadowed by FIQ ... flagging
262 * them as MODE_ANY creates special cases. (ANY means
263 * "not mapped" elsewhere; here it's "everything but FIQ".)
265 { .name = "r8", .cookie = 8, .mode = ARMV4_5_MODE_ANY, },
266 { .name = "r9", .cookie = 9, .mode = ARMV4_5_MODE_ANY, },
267 { .name = "r10", .cookie = 10, .mode = ARMV4_5_MODE_ANY, },
268 { .name = "r11", .cookie = 11, .mode = ARMV4_5_MODE_ANY, },
269 { .name = "r12", .cookie = 12, .mode = ARMV4_5_MODE_ANY, },
271 /* NOTE all MODE_USR registers are equivalent to MODE_SYS ones */
272 { .name = "sp_usr", .cookie = 13, .mode = ARMV4_5_MODE_USR, },
273 { .name = "lr_usr", .cookie = 14, .mode = ARMV4_5_MODE_USR, },
275 /* guaranteed to be at index 15 */
276 { .name = "pc", .cookie = 15, .mode = ARMV4_5_MODE_ANY, },
278 { .name = "r8_fiq", .cookie = 8, .mode = ARMV4_5_MODE_FIQ, },
279 { .name = "r9_fiq", .cookie = 9, .mode = ARMV4_5_MODE_FIQ, },
280 { .name = "r10_fiq", .cookie = 10, .mode = ARMV4_5_MODE_FIQ, },
281 { .name = "r11_fiq", .cookie = 11, .mode = ARMV4_5_MODE_FIQ, },
282 { .name = "r12_fiq", .cookie = 12, .mode = ARMV4_5_MODE_FIQ, },
284 { .name = "lr_fiq", .cookie = 13, .mode = ARMV4_5_MODE_FIQ, },
285 { .name = "sp_fiq", .cookie = 14, .mode = ARMV4_5_MODE_FIQ, },
287 { .name = "lr_irq", .cookie = 13, .mode = ARMV4_5_MODE_IRQ, },
288 { .name = "sp_irq", .cookie = 14, .mode = ARMV4_5_MODE_IRQ, },
290 { .name = "lr_svc", .cookie = 13, .mode = ARMV4_5_MODE_SVC, },
291 { .name = "sp_svc", .cookie = 14, .mode = ARMV4_5_MODE_SVC, },
293 { .name = "lr_abt", .cookie = 13, .mode = ARMV4_5_MODE_ABT, },
294 { .name = "sp_abt", .cookie = 14, .mode = ARMV4_5_MODE_ABT, },
296 { .name = "lr_und", .cookie = 13, .mode = ARMV4_5_MODE_UND, },
297 { .name = "sp_und", .cookie = 14, .mode = ARMV4_5_MODE_UND, },
299 { .name = "cpsr", .cookie = 16, .mode = ARMV4_5_MODE_ANY, },
300 { .name = "spsr_fiq", .cookie = 16, .mode = ARMV4_5_MODE_FIQ, },
301 { .name = "spsr_irq", .cookie = 16, .mode = ARMV4_5_MODE_IRQ, },
302 { .name = "spsr_svc", .cookie = 16, .mode = ARMV4_5_MODE_SVC, },
303 { .name = "spsr_abt", .cookie = 16, .mode = ARMV4_5_MODE_ABT, },
304 { .name = "spsr_und", .cookie = 16, .mode = ARMV4_5_MODE_UND, },
306 { .name = "lr_mon", .cookie = 13, .mode = ARM_MODE_MON, },
307 { .name = "sp_mon", .cookie = 14, .mode = ARM_MODE_MON, },
308 { .name = "spsr_mon", .cookie = 16, .mode = ARM_MODE_MON, },
311 /* map core mode (USR, FIQ, ...) and register number to
312 * indices into the register cache
314 const int armv4_5_core_reg_map[8][17] =
317 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31
319 { /* FIQ (8 shadows of USR, vs normal 3) */
320 0, 1, 2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20, 21, 22, 15, 32
323 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 23, 24, 15, 33
326 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25, 26, 15, 34
329 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27, 28, 15, 35
332 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 29, 30, 15, 36
334 { /* SYS (same registers as USR) */
335 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31
338 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 37, 38, 15, 39,
343 * Configures host-side ARM records to reflect the specified CPSR.
344 * Later, code can use arm_reg_current() to map register numbers
345 * according to how they are exposed by this mode.
347 void arm_set_cpsr(struct arm *arm, uint32_t cpsr)
349 enum armv4_5_mode mode = cpsr & 0x1f;
352 /* NOTE: this may be called very early, before the register
353 * cache is set up. We can't defend against many errors, in
354 * particular against CPSRs that aren't valid *here* ...
357 buf_set_u32(arm->cpsr->value, 0, 32, cpsr);
358 arm->cpsr->valid = 1;
359 arm->cpsr->dirty = 0;
362 arm->core_mode = mode;
364 /* mode_to_number() warned; set up a somewhat-sane mapping */
365 num = armv4_5_mode_to_number(mode);
367 mode = ARMV4_5_MODE_USR;
371 arm->map = &armv4_5_core_reg_map[num][0];
372 arm->spsr = (mode == ARMV4_5_MODE_USR || mode == ARMV4_5_MODE_SYS)
374 : arm->core_cache->reg_list + arm->map[16];
376 /* Older ARMs won't have the J bit */
377 enum armv4_5_state state;
379 if (cpsr & (1 << 5)) { /* T */
380 if (cpsr & (1 << 24)) { /* J */
381 LOG_WARNING("ThumbEE -- incomplete support");
382 state = ARM_STATE_THUMB_EE;
384 state = ARMV4_5_STATE_THUMB;
386 if (cpsr & (1 << 24)) { /* J */
387 LOG_ERROR("Jazelle state handling is BROKEN!");
388 state = ARMV4_5_STATE_JAZELLE;
390 state = ARMV4_5_STATE_ARM;
392 arm->core_state = state;
396 * Returns handle to the register currently mapped to a given number.
397 * Someone must have called arm_set_cpsr() before.
399 * \param arm This core's state and registers are used.
400 * \param regnum From 0..15 corresponding to R0..R14 and PC.
401 * Note that R0..R7 don't require mapping; you may access those
402 * as the first eight entries in the register cache. Likewise
403 * R15 (PC) doesn't need mapping; you may also access it directly.
404 * However, R8..R14, and SPSR (arm->spsr) *must* be mapped.
405 * CPSR (arm->cpsr) is also not mapped.
407 struct reg *arm_reg_current(struct arm *arm, unsigned regnum)
414 r = arm->core_cache->reg_list + arm->map[regnum];
416 /* e.g. invalid CPSR said "secure monitor" mode on a core
417 * that doesn't support it...
420 LOG_ERROR("Invalid CPSR mode");
421 r = arm->core_cache->reg_list + regnum;
427 static const uint8_t arm_gdb_dummy_fp_value[12];
430 * Dummy FPA registers are required to support GDB on ARM.
431 * Register packets require eight obsolete FPA register values.
432 * Modern ARM cores use Vector Floating Point (VFP), if they
433 * have any floating point support. VFP is not FPA-compatible.
435 struct reg arm_gdb_dummy_fp_reg =
437 .name = "GDB dummy FPA register",
438 .value = (uint8_t *) arm_gdb_dummy_fp_value,
443 static const uint8_t arm_gdb_dummy_fps_value[4];
446 * Dummy FPA status registers are required to support GDB on ARM.
447 * Register packets require an obsolete FPA status register.
449 struct reg arm_gdb_dummy_fps_reg =
451 .name = "GDB dummy FPA status register",
452 .value = (uint8_t *) arm_gdb_dummy_fps_value,
457 static void arm_gdb_dummy_init(void) __attribute__ ((constructor));
459 static void arm_gdb_dummy_init(void)
461 register_init_dummy(&arm_gdb_dummy_fp_reg);
462 register_init_dummy(&arm_gdb_dummy_fps_reg);
465 static int armv4_5_get_core_reg(struct reg *reg)
468 struct arm_reg *armv4_5 = reg->arch_info;
469 struct target *target = armv4_5->target;
471 if (target->state != TARGET_HALTED)
473 LOG_ERROR("Target not halted");
474 return ERROR_TARGET_NOT_HALTED;
477 retval = armv4_5->armv4_5_common->read_core_reg(target, reg, armv4_5->num, armv4_5->mode);
478 if (retval == ERROR_OK) {
486 static int armv4_5_set_core_reg(struct reg *reg, uint8_t *buf)
488 struct arm_reg *armv4_5 = reg->arch_info;
489 struct target *target = armv4_5->target;
490 struct arm *armv4_5_target = target_to_armv4_5(target);
491 uint32_t value = buf_get_u32(buf, 0, 32);
493 if (target->state != TARGET_HALTED)
495 LOG_ERROR("Target not halted");
496 return ERROR_TARGET_NOT_HALTED;
499 /* Except for CPSR, the "reg" command exposes a writeback model
500 * for the register cache.
502 if (reg == armv4_5_target->cpsr) {
503 arm_set_cpsr(armv4_5_target, value);
505 /* Older cores need help to be in ARM mode during halt
506 * mode debug, so we clear the J and T bits if we flush.
507 * For newer cores (v6/v7a/v7r) we don't need that, but
508 * it won't hurt since CPSR is always flushed anyway.
510 if (armv4_5_target->core_mode !=
511 (enum armv4_5_mode)(value & 0x1f)) {
512 LOG_DEBUG("changing ARM core mode to '%s'",
513 arm_mode_name(value & 0x1f));
514 value &= ~((1 << 24) | (1 << 5));
515 armv4_5_target->write_core_reg(target, reg,
516 16, ARMV4_5_MODE_ANY, value);
519 buf_set_u32(reg->value, 0, 32, value);
527 static const struct reg_arch_type arm_reg_type = {
528 .get = armv4_5_get_core_reg,
529 .set = armv4_5_set_core_reg,
532 struct reg_cache* armv4_5_build_reg_cache(struct target *target, struct arm *armv4_5_common)
534 int num_regs = ARRAY_SIZE(arm_core_regs);
535 struct reg_cache *cache = malloc(sizeof(struct reg_cache));
536 struct reg *reg_list = calloc(num_regs, sizeof(struct reg));
537 struct arm_reg *arch_info = calloc(num_regs, sizeof(struct arm_reg));
540 if (!cache || !reg_list || !arch_info) {
547 cache->name = "ARM registers";
549 cache->reg_list = reg_list;
552 for (i = 0; i < num_regs; i++)
554 /* Skip registers this core doesn't expose */
555 if (arm_core_regs[i].mode == ARM_MODE_MON
556 && armv4_5_common->core_type != ARM_MODE_MON)
559 /* REVISIT handle Cortex-M, which only shadows R13/SP */
561 arch_info[i].num = arm_core_regs[i].cookie;
562 arch_info[i].mode = arm_core_regs[i].mode;
563 arch_info[i].target = target;
564 arch_info[i].armv4_5_common = armv4_5_common;
566 reg_list[i].name = (char *) arm_core_regs[i].name;
567 reg_list[i].size = 32;
568 reg_list[i].value = &arch_info[i].value;
569 reg_list[i].type = &arm_reg_type;
570 reg_list[i].arch_info = &arch_info[i];
575 armv4_5_common->cpsr = reg_list + ARMV4_5_CPSR;
576 armv4_5_common->core_cache = cache;
580 int armv4_5_arch_state(struct target *target)
582 struct arm *armv4_5 = target_to_armv4_5(target);
584 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
586 LOG_ERROR("BUG: called for a non-ARMv4/5 target");
590 LOG_USER("target halted in %s state due to %s, current mode: %s\ncpsr: 0x%8.8" PRIx32 " pc: 0x%8.8" PRIx32 "",
591 armv4_5_state_strings[armv4_5->core_state],
592 Jim_Nvp_value2name_simple(nvp_target_debug_reason, target->debug_reason)->name,
593 arm_mode_name(armv4_5->core_mode),
594 buf_get_u32(armv4_5->cpsr->value, 0, 32),
595 buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
600 #define ARMV4_5_CORE_REG_MODENUM(cache, mode, num) \
601 cache->reg_list[armv4_5_core_reg_map[mode][num]]
603 COMMAND_HANDLER(handle_armv4_5_reg_command)
605 struct target *target = get_current_target(CMD_CTX);
606 struct arm *armv4_5 = target_to_armv4_5(target);
610 if (!is_arm(armv4_5))
612 command_print(CMD_CTX, "current target isn't an ARM");
616 if (target->state != TARGET_HALTED)
618 command_print(CMD_CTX, "error: target must be halted for register accesses");
622 if (!is_arm_mode(armv4_5->core_mode))
625 if (!armv4_5->full_context) {
626 command_print(CMD_CTX, "error: target doesn't support %s",
631 num_regs = armv4_5->core_cache->num_regs;
632 regs = armv4_5->core_cache->reg_list;
634 for (unsigned mode = 0; mode < ARRAY_SIZE(arm_mode_data); mode++) {
639 /* label this bank of registers (or shadows) */
640 switch (arm_mode_data[mode].psr) {
641 case ARMV4_5_MODE_SYS:
643 case ARMV4_5_MODE_USR:
644 name = "System and User";
648 if (armv4_5->core_type != ARM_MODE_MON)
652 name = arm_mode_data[mode].name;
656 command_print(CMD_CTX, "%s%s mode %sregisters",
659 /* display N rows of up to 4 registers each */
660 for (unsigned i = 0; i < arm_mode_data[mode].n_indices;) {
664 for (unsigned j = 0; j < 4; j++, i++) {
666 struct reg *reg = regs;
668 if (i >= arm_mode_data[mode].n_indices)
671 reg += arm_mode_data[mode].indices[i];
673 /* REVISIT be smarter about faults... */
675 armv4_5->full_context(target);
677 value = buf_get_u32(reg->value, 0, 32);
678 output_len += snprintf(output + output_len,
679 sizeof(output) - output_len,
680 "%8s: %8.8" PRIx32 " ",
683 command_print(CMD_CTX, "%s", output);
690 COMMAND_HANDLER(handle_armv4_5_core_state_command)
692 struct target *target = get_current_target(CMD_CTX);
693 struct arm *armv4_5 = target_to_armv4_5(target);
695 if (!is_arm(armv4_5))
697 command_print(CMD_CTX, "current target isn't an ARM");
703 if (strcmp(CMD_ARGV[0], "arm") == 0)
705 armv4_5->core_state = ARMV4_5_STATE_ARM;
707 if (strcmp(CMD_ARGV[0], "thumb") == 0)
709 armv4_5->core_state = ARMV4_5_STATE_THUMB;
713 command_print(CMD_CTX, "core state: %s", armv4_5_state_strings[armv4_5->core_state]);
718 COMMAND_HANDLER(handle_armv4_5_disassemble_command)
720 int retval = ERROR_OK;
721 struct target *target = get_current_target(CMD_CTX);
722 struct arm *arm = target ? target_to_arm(target) : NULL;
728 command_print(CMD_CTX, "current target isn't an ARM");
734 if (strcmp(CMD_ARGV[2], "thumb") != 0)
739 COMMAND_PARSE_NUMBER(int, CMD_ARGV[1], count);
742 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], address);
743 if (address & 0x01) {
745 command_print(CMD_CTX, "Disassemble as Thumb");
753 command_print(CMD_CTX,
754 "usage: arm disassemble <address> [<count> ['thumb']]");
759 while (count-- > 0) {
760 struct arm_instruction cur_instruction;
763 /* Always use Thumb2 disassembly for best handling
764 * of 32-bit BL/BLX, and to work with newer cores
765 * (some ARMv6, all ARMv7) that use Thumb2.
767 retval = thumb2_opcode(target, address,
769 if (retval != ERROR_OK)
774 retval = target_read_u32(target, address, &opcode);
775 if (retval != ERROR_OK)
777 retval = arm_evaluate_opcode(opcode, address,
778 &cur_instruction) != ERROR_OK;
779 if (retval != ERROR_OK)
782 command_print(CMD_CTX, "%s", cur_instruction.text);
783 address += cur_instruction.instruction_size;
789 int armv4_5_register_commands(struct command_context *cmd_ctx)
791 struct command *armv4_5_cmd;
793 armv4_5_cmd = COMMAND_REGISTER(cmd_ctx, NULL, "arm",
795 "generic ARM commands");
797 COMMAND_REGISTER(cmd_ctx, armv4_5_cmd, "reg",
798 handle_armv4_5_reg_command, COMMAND_EXEC,
799 "display ARM core registers");
800 COMMAND_REGISTER(cmd_ctx, armv4_5_cmd, "core_state",
801 handle_armv4_5_core_state_command, COMMAND_EXEC,
802 "display/change ARM core state <arm | thumb>");
803 COMMAND_REGISTER(cmd_ctx, armv4_5_cmd, "disassemble",
804 handle_armv4_5_disassemble_command, COMMAND_EXEC,
805 "disassemble instructions "
806 "<address> [<count> ['thumb']]");
811 int armv4_5_get_gdb_reg_list(struct target *target, struct reg **reg_list[], int *reg_list_size)
813 struct arm *armv4_5 = target_to_armv4_5(target);
816 if (!is_arm_mode(armv4_5->core_mode))
820 *reg_list = malloc(sizeof(struct reg*) * (*reg_list_size));
822 for (i = 0; i < 16; i++)
823 (*reg_list)[i] = arm_reg_current(armv4_5, i);
825 for (i = 16; i < 24; i++)
826 (*reg_list)[i] = &arm_gdb_dummy_fp_reg;
828 (*reg_list)[24] = &arm_gdb_dummy_fps_reg;
829 (*reg_list)[25] = armv4_5->cpsr;
834 /* wait for execution to complete and check exit point */
835 static int armv4_5_run_algorithm_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
838 struct arm *armv4_5 = target_to_armv4_5(target);
840 if ((retval = target_wait_state(target, TARGET_HALTED, timeout_ms)) != ERROR_OK)
844 if (target->state != TARGET_HALTED)
846 if ((retval = target_halt(target)) != ERROR_OK)
848 if ((retval = target_wait_state(target, TARGET_HALTED, 500)) != ERROR_OK)
852 return ERROR_TARGET_TIMEOUT;
855 /* fast exit: ARMv5+ code can use BKPT */
856 if (exit_point && buf_get_u32(armv4_5->core_cache->reg_list[15].value,
857 0, 32) != exit_point)
859 LOG_WARNING("target reentered debug state, but not at the desired exit point: 0x%4.4" PRIx32 "",
860 buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
861 return ERROR_TARGET_TIMEOUT;
867 int armv4_5_run_algorithm_inner(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info))
869 struct arm *armv4_5 = target_to_armv4_5(target);
870 struct armv4_5_algorithm *armv4_5_algorithm_info = arch_info;
871 enum armv4_5_state core_state = armv4_5->core_state;
872 uint32_t context[17];
874 int exit_breakpoint_size = 0;
876 int retval = ERROR_OK;
877 LOG_DEBUG("Running algorithm");
879 if (armv4_5_algorithm_info->common_magic != ARMV4_5_COMMON_MAGIC)
881 LOG_ERROR("current target isn't an ARMV4/5 target");
882 return ERROR_TARGET_INVALID;
885 if (target->state != TARGET_HALTED)
887 LOG_WARNING("target not halted");
888 return ERROR_TARGET_NOT_HALTED;
891 if (!is_arm_mode(armv4_5->core_mode))
894 /* armv5 and later can terminate with BKPT instruction; less overhead */
895 if (!exit_point && armv4_5->is_armv4)
897 LOG_ERROR("ARMv4 target needs HW breakpoint location");
901 /* save r0..pc, cpsr-or-spsr, and then cpsr-for-sure;
902 * they'll be restored later.
904 for (i = 0; i <= 16; i++)
908 r = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache,
909 armv4_5_algorithm_info->core_mode, i);
911 armv4_5->read_core_reg(target, r, i,
912 armv4_5_algorithm_info->core_mode);
913 context[i] = buf_get_u32(r->value, 0, 32);
915 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
917 for (i = 0; i < num_mem_params; i++)
919 if ((retval = target_write_buffer(target, mem_params[i].address, mem_params[i].size, mem_params[i].value)) != ERROR_OK)
925 for (i = 0; i < num_reg_params; i++)
927 struct reg *reg = register_get_by_name(armv4_5->core_cache, reg_params[i].reg_name, 0);
930 LOG_ERROR("BUG: register '%s' not found", reg_params[i].reg_name);
931 return ERROR_INVALID_ARGUMENTS;
934 if (reg->size != reg_params[i].size)
936 LOG_ERROR("BUG: register '%s' size doesn't match reg_params[i].size", reg_params[i].reg_name);
937 return ERROR_INVALID_ARGUMENTS;
940 if ((retval = armv4_5_set_core_reg(reg, reg_params[i].value)) != ERROR_OK)
946 armv4_5->core_state = armv4_5_algorithm_info->core_state;
947 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
948 exit_breakpoint_size = 4;
949 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
950 exit_breakpoint_size = 2;
953 LOG_ERROR("BUG: can't execute algorithms when not in ARM or Thumb state");
954 return ERROR_INVALID_ARGUMENTS;
957 if (armv4_5_algorithm_info->core_mode != ARMV4_5_MODE_ANY)
959 LOG_DEBUG("setting core_mode: 0x%2.2x",
960 armv4_5_algorithm_info->core_mode);
961 buf_set_u32(armv4_5->cpsr->value, 0, 5,
962 armv4_5_algorithm_info->core_mode);
963 armv4_5->cpsr->dirty = 1;
964 armv4_5->cpsr->valid = 1;
967 /* terminate using a hardware or (ARMv5+) software breakpoint */
968 if (exit_point && (retval = breakpoint_add(target, exit_point,
969 exit_breakpoint_size, BKPT_HARD)) != ERROR_OK)
971 LOG_ERROR("can't add HW breakpoint to terminate algorithm");
972 return ERROR_TARGET_FAILURE;
975 if ((retval = target_resume(target, 0, entry_point, 1, 1)) != ERROR_OK)
980 retval = run_it(target, exit_point, timeout_ms, arch_info);
983 breakpoint_remove(target, exit_point);
985 if (retval != ERROR_OK)
988 for (i = 0; i < num_mem_params; i++)
990 if (mem_params[i].direction != PARAM_OUT)
991 if ((retvaltemp = target_read_buffer(target, mem_params[i].address, mem_params[i].size, mem_params[i].value)) != ERROR_OK)
997 for (i = 0; i < num_reg_params; i++)
999 if (reg_params[i].direction != PARAM_OUT)
1002 struct reg *reg = register_get_by_name(armv4_5->core_cache, reg_params[i].reg_name, 0);
1005 LOG_ERROR("BUG: register '%s' not found", reg_params[i].reg_name);
1006 retval = ERROR_INVALID_ARGUMENTS;
1010 if (reg->size != reg_params[i].size)
1012 LOG_ERROR("BUG: register '%s' size doesn't match reg_params[i].size", reg_params[i].reg_name);
1013 retval = ERROR_INVALID_ARGUMENTS;
1017 buf_set_u32(reg_params[i].value, 0, 32, buf_get_u32(reg->value, 0, 32));
1021 /* restore everything we saved before (17 or 18 registers) */
1022 for (i = 0; i <= 16; i++)
1025 regvalue = buf_get_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).value, 0, 32);
1026 if (regvalue != context[i])
1028 LOG_DEBUG("restoring register %s with value 0x%8.8" PRIx32 "", ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).name, context[i]);
1029 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).value, 0, 32, context[i]);
1030 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).valid = 1;
1031 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).dirty = 1;
1035 arm_set_cpsr(armv4_5, cpsr);
1036 armv4_5->cpsr->dirty = 1;
1038 armv4_5->core_state = core_state;
1043 int armv4_5_run_algorithm(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info)
1045 return armv4_5_run_algorithm_inner(target, num_mem_params, mem_params, num_reg_params, reg_params, entry_point, exit_point, timeout_ms, arch_info, armv4_5_run_algorithm_completion);
1049 * Runs ARM code in the target to calculate a CRC32 checksum.
1051 * \todo On ARMv5+, rely on BKPT termination for reduced overhead.
1053 int arm_checksum_memory(struct target *target,
1054 uint32_t address, uint32_t count, uint32_t *checksum)
1056 struct working_area *crc_algorithm;
1057 struct armv4_5_algorithm armv4_5_info;
1058 struct reg_param reg_params[2];
1062 static const uint32_t arm_crc_code[] = {
1063 0xE1A02000, /* mov r2, r0 */
1064 0xE3E00000, /* mov r0, #0xffffffff */
1065 0xE1A03001, /* mov r3, r1 */
1066 0xE3A04000, /* mov r4, #0 */
1067 0xEA00000B, /* b ncomp */
1069 0xE7D21004, /* ldrb r1, [r2, r4] */
1070 0xE59F7030, /* ldr r7, CRC32XOR */
1071 0xE0200C01, /* eor r0, r0, r1, asl 24 */
1072 0xE3A05000, /* mov r5, #0 */
1074 0xE3500000, /* cmp r0, #0 */
1075 0xE1A06080, /* mov r6, r0, asl #1 */
1076 0xE2855001, /* add r5, r5, #1 */
1077 0xE1A00006, /* mov r0, r6 */
1078 0xB0260007, /* eorlt r0, r6, r7 */
1079 0xE3550008, /* cmp r5, #8 */
1080 0x1AFFFFF8, /* bne loop */
1081 0xE2844001, /* add r4, r4, #1 */
1083 0xE1540003, /* cmp r4, r3 */
1084 0x1AFFFFF1, /* bne nbyte */
1086 0xEAFFFFFE, /* b end */
1088 0x04C11DB7 /* .word 0x04C11DB7 */
1091 retval = target_alloc_working_area(target,
1092 sizeof(arm_crc_code), &crc_algorithm);
1093 if (retval != ERROR_OK)
1096 /* convert code into a buffer in target endianness */
1097 for (i = 0; i < ARRAY_SIZE(arm_crc_code); i++) {
1098 retval = target_write_u32(target,
1099 crc_algorithm->address + i * sizeof(uint32_t),
1101 if (retval != ERROR_OK)
1105 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1106 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1107 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1109 init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
1110 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1112 buf_set_u32(reg_params[0].value, 0, 32, address);
1113 buf_set_u32(reg_params[1].value, 0, 32, count);
1115 /* 20 second timeout/megabyte */
1116 int timeout = 20000 * (1 + (count / (1024 * 1024)));
1118 retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
1119 crc_algorithm->address,
1120 crc_algorithm->address + sizeof(arm_crc_code) - 8,
1121 timeout, &armv4_5_info);
1122 if (retval != ERROR_OK) {
1123 LOG_ERROR("error executing ARM crc algorithm");
1124 destroy_reg_param(®_params[0]);
1125 destroy_reg_param(®_params[1]);
1126 target_free_working_area(target, crc_algorithm);
1130 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
1132 destroy_reg_param(®_params[0]);
1133 destroy_reg_param(®_params[1]);
1135 target_free_working_area(target, crc_algorithm);
1141 * Runs ARM code in the target to check whether a memory block holds
1142 * all ones. NOR flash which has been erased, and thus may be written,
1145 * \todo On ARMv5+, rely on BKPT termination for reduced overhead.
1147 int arm_blank_check_memory(struct target *target,
1148 uint32_t address, uint32_t count, uint32_t *blank)
1150 struct working_area *check_algorithm;
1151 struct reg_param reg_params[3];
1152 struct armv4_5_algorithm armv4_5_info;
1156 static const uint32_t check_code[] = {
1158 0xe4d03001, /* ldrb r3, [r0], #1 */
1159 0xe0022003, /* and r2, r2, r3 */
1160 0xe2511001, /* subs r1, r1, #1 */
1161 0x1afffffb, /* bne loop */
1163 0xeafffffe /* b end */
1166 /* make sure we have a working area */
1167 retval = target_alloc_working_area(target,
1168 sizeof(check_code), &check_algorithm);
1169 if (retval != ERROR_OK)
1172 /* convert code into a buffer in target endianness */
1173 for (i = 0; i < ARRAY_SIZE(check_code); i++) {
1174 retval = target_write_u32(target,
1175 check_algorithm->address
1176 + i * sizeof(uint32_t),
1178 if (retval != ERROR_OK)
1182 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1183 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1184 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1186 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1187 buf_set_u32(reg_params[0].value, 0, 32, address);
1189 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1190 buf_set_u32(reg_params[1].value, 0, 32, count);
1192 init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
1193 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
1195 retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
1196 check_algorithm->address,
1197 check_algorithm->address + sizeof(check_code) - 4,
1198 10000, &armv4_5_info);
1199 if (retval != ERROR_OK) {
1200 destroy_reg_param(®_params[0]);
1201 destroy_reg_param(®_params[1]);
1202 destroy_reg_param(®_params[2]);
1203 target_free_working_area(target, check_algorithm);
1207 *blank = buf_get_u32(reg_params[2].value, 0, 32);
1209 destroy_reg_param(®_params[0]);
1210 destroy_reg_param(®_params[1]);
1211 destroy_reg_param(®_params[2]);
1213 target_free_working_area(target, check_algorithm);
1218 static int arm_full_context(struct target *target)
1220 struct arm *armv4_5 = target_to_armv4_5(target);
1221 unsigned num_regs = armv4_5->core_cache->num_regs;
1222 struct reg *reg = armv4_5->core_cache->reg_list;
1223 int retval = ERROR_OK;
1225 for (; num_regs && retval == ERROR_OK; num_regs--, reg++) {
1228 retval = armv4_5_get_core_reg(reg);
1233 int armv4_5_init_arch_info(struct target *target, struct arm *armv4_5)
1235 target->arch_info = armv4_5;
1236 armv4_5->target = target;
1238 armv4_5->common_magic = ARMV4_5_COMMON_MAGIC;
1239 arm_set_cpsr(armv4_5, ARMV4_5_MODE_USR);
1241 /* core_type may be overridden by subtype logic */
1242 armv4_5->core_type = ARMV4_5_MODE_ANY;
1244 /* default full_context() has no core-specific optimizations */
1245 if (!armv4_5->full_context && armv4_5->read_core_reg)
1246 armv4_5->full_context = arm_full_context;