1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
24 #include "replacements.h"
26 #include "arm_disassembler.h"
33 #include "binarybuffer.h"
40 bitfield_desc_t armv4_5_psr_bitfield_desc[] =
56 char* armv4_5_core_reg_list[] =
58 "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r13_usr", "lr_usr", "pc",
60 "r8_fiq", "r9_fiq", "r10_fiq", "r11_fiq", "r12_fiq", "r13_fiq", "lr_fiq",
70 "cpsr", "spsr_fiq", "spsr_irq", "spsr_svc", "spsr_abt", "spsr_und"
73 char * armv4_5_mode_strings_list[] =
75 "Illegal mode value", "User", "FIQ", "IRQ", "Supervisor", "Abort", "Undefined", "System"
78 /* Hack! Yuk! allow -1 index, which simplifies codepaths elsewhere in the code */
79 char** armv4_5_mode_strings = armv4_5_mode_strings_list+1;
81 char* armv4_5_state_strings[] =
83 "ARM", "Thumb", "Jazelle"
86 int armv4_5_core_reg_arch_type = -1;
88 armv4_5_core_reg_t armv4_5_core_reg_list_arch_info[] =
90 {0, ARMV4_5_MODE_ANY, NULL, NULL},
91 {1, ARMV4_5_MODE_ANY, NULL, NULL},
92 {2, ARMV4_5_MODE_ANY, NULL, NULL},
93 {3, ARMV4_5_MODE_ANY, NULL, NULL},
94 {4, ARMV4_5_MODE_ANY, NULL, NULL},
95 {5, ARMV4_5_MODE_ANY, NULL, NULL},
96 {6, ARMV4_5_MODE_ANY, NULL, NULL},
97 {7, ARMV4_5_MODE_ANY, NULL, NULL},
98 {8, ARMV4_5_MODE_ANY, NULL, NULL},
99 {9, ARMV4_5_MODE_ANY, NULL, NULL},
100 {10, ARMV4_5_MODE_ANY, NULL, NULL},
101 {11, ARMV4_5_MODE_ANY, NULL, NULL},
102 {12, ARMV4_5_MODE_ANY, NULL, NULL},
103 {13, ARMV4_5_MODE_USR, NULL, NULL},
104 {14, ARMV4_5_MODE_USR, NULL, NULL},
105 {15, ARMV4_5_MODE_ANY, NULL, NULL},
107 {8, ARMV4_5_MODE_FIQ, NULL, NULL},
108 {9, ARMV4_5_MODE_FIQ, NULL, NULL},
109 {10, ARMV4_5_MODE_FIQ, NULL, NULL},
110 {11, ARMV4_5_MODE_FIQ, NULL, NULL},
111 {12, ARMV4_5_MODE_FIQ, NULL, NULL},
112 {13, ARMV4_5_MODE_FIQ, NULL, NULL},
113 {14, ARMV4_5_MODE_FIQ, NULL, NULL},
115 {13, ARMV4_5_MODE_IRQ, NULL, NULL},
116 {14, ARMV4_5_MODE_IRQ, NULL, NULL},
118 {13, ARMV4_5_MODE_SVC, NULL, NULL},
119 {14, ARMV4_5_MODE_SVC, NULL, NULL},
121 {13, ARMV4_5_MODE_ABT, NULL, NULL},
122 {14, ARMV4_5_MODE_ABT, NULL, NULL},
124 {13, ARMV4_5_MODE_UND, NULL, NULL},
125 {14, ARMV4_5_MODE_UND, NULL, NULL},
127 {16, ARMV4_5_MODE_ANY, NULL, NULL},
128 {16, ARMV4_5_MODE_FIQ, NULL, NULL},
129 {16, ARMV4_5_MODE_IRQ, NULL, NULL},
130 {16, ARMV4_5_MODE_SVC, NULL, NULL},
131 {16, ARMV4_5_MODE_ABT, NULL, NULL},
132 {16, ARMV4_5_MODE_UND, NULL, NULL}
135 /* map core mode (USR, FIQ, ...) and register number to indizes into the register cache */
136 int armv4_5_core_reg_map[7][17] =
139 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31
142 0, 1, 2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20, 21, 22, 15, 32
145 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 23, 24, 15, 33
148 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25, 26, 15, 34
151 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27, 28, 15, 35
154 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 29, 30, 15, 36
157 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 31
161 u8 armv4_5_gdb_dummy_fp_value[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
163 reg_t armv4_5_gdb_dummy_fp_reg =
165 "GDB dummy floating-point register", armv4_5_gdb_dummy_fp_value, 0, 1, 96, NULL, 0, NULL, 0
168 u8 armv4_5_gdb_dummy_fps_value[] = {0, 0, 0, 0};
170 reg_t armv4_5_gdb_dummy_fps_reg =
172 "GDB dummy floating-point status register", armv4_5_gdb_dummy_fps_value, 0, 1, 32, NULL, 0, NULL, 0
176 int armv4_5_get_core_reg(reg_t *reg)
179 armv4_5_core_reg_t *armv4_5 = reg->arch_info;
180 target_t *target = armv4_5->target;
182 if (target->state != TARGET_HALTED)
184 return ERROR_TARGET_NOT_HALTED;
187 /* retval = armv4_5->armv4_5_common->full_context(target); */
188 retval = armv4_5->armv4_5_common->read_core_reg(target, armv4_5->num, armv4_5->mode);
193 int armv4_5_set_core_reg(reg_t *reg, u8 *buf)
195 armv4_5_core_reg_t *armv4_5 = reg->arch_info;
196 target_t *target = armv4_5->target;
197 armv4_5_common_t *armv4_5_target = target->arch_info;
198 u32 value = buf_get_u32(buf, 0, 32);
200 if (target->state != TARGET_HALTED)
202 return ERROR_TARGET_NOT_HALTED;
205 if (reg == &armv4_5_target->core_cache->reg_list[ARMV4_5_CPSR])
209 /* T bit should be set */
210 if (armv4_5_target->core_state == ARMV4_5_STATE_ARM)
212 /* change state to Thumb */
213 LOG_DEBUG("changing to Thumb state");
214 armv4_5_target->core_state = ARMV4_5_STATE_THUMB;
219 /* T bit should be cleared */
220 if (armv4_5_target->core_state == ARMV4_5_STATE_THUMB)
222 /* change state to ARM */
223 LOG_DEBUG("changing to ARM state");
224 armv4_5_target->core_state = ARMV4_5_STATE_ARM;
228 if (armv4_5_target->core_mode != (value & 0x1f))
230 LOG_DEBUG("changing ARM core mode to '%s'", armv4_5_mode_strings[armv4_5_mode_to_number(value & 0x1f)]);
231 armv4_5_target->core_mode = value & 0x1f;
232 armv4_5_target->write_core_reg(target, 16, ARMV4_5_MODE_ANY, value);
236 buf_set_u32(reg->value, 0, 32, value);
243 int armv4_5_invalidate_core_regs(target_t *target)
245 armv4_5_common_t *armv4_5 = target->arch_info;
248 for (i = 0; i < 37; i++)
250 armv4_5->core_cache->reg_list[i].valid = 0;
251 armv4_5->core_cache->reg_list[i].dirty = 0;
257 reg_cache_t* armv4_5_build_reg_cache(target_t *target, armv4_5_common_t *armv4_5_common)
260 reg_cache_t *cache = malloc(sizeof(reg_cache_t));
261 reg_t *reg_list = malloc(sizeof(reg_t) * num_regs);
262 armv4_5_core_reg_t *arch_info = malloc(sizeof(armv4_5_core_reg_t) * num_regs);
265 cache->name = "arm v4/5 registers";
267 cache->reg_list = reg_list;
268 cache->num_regs = num_regs;
270 if (armv4_5_core_reg_arch_type == -1)
271 armv4_5_core_reg_arch_type = register_reg_arch_type(armv4_5_get_core_reg, armv4_5_set_core_reg);
273 for (i = 0; i < 37; i++)
275 arch_info[i] = armv4_5_core_reg_list_arch_info[i];
276 arch_info[i].target = target;
277 arch_info[i].armv4_5_common = armv4_5_common;
278 reg_list[i].name = armv4_5_core_reg_list[i];
279 reg_list[i].size = 32;
280 reg_list[i].value = calloc(1, 4);
281 reg_list[i].dirty = 0;
282 reg_list[i].valid = 0;
283 reg_list[i].bitfield_desc = NULL;
284 reg_list[i].num_bitfields = 0;
285 reg_list[i].arch_type = armv4_5_core_reg_arch_type;
286 reg_list[i].arch_info = &arch_info[i];
292 int armv4_5_arch_state(struct target_s *target)
294 armv4_5_common_t *armv4_5 = target->arch_info;
296 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
298 LOG_ERROR("BUG: called for a non-ARMv4/5 target");
302 LOG_USER("target halted in %s state due to %s, current mode: %s\ncpsr: 0x%8.8x pc: 0x%8.8x",
303 armv4_5_state_strings[armv4_5->core_state],
304 target_debug_reason_strings[target->debug_reason],
305 armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)],
306 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32),
307 buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
312 int handle_armv4_5_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
317 target_t *target = get_current_target(cmd_ctx);
318 armv4_5_common_t *armv4_5 = target->arch_info;
320 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
322 command_print(cmd_ctx, "current target isn't an ARMV4/5 target");
326 if (target->state != TARGET_HALTED)
328 command_print(cmd_ctx, "error: target must be halted for register accesses");
332 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
335 for (num = 0; num <= 15; num++)
338 for (mode = 0; mode < 6; mode++)
340 if (!ARMV4_5_CORE_REG_MODENUM(armv4_5->core_cache, mode, num).valid)
342 armv4_5->full_context(target);
344 output_len += snprintf(output + output_len, 128 - output_len, "%8s: %8.8x ", ARMV4_5_CORE_REG_MODENUM(armv4_5->core_cache, mode, num).name,
345 buf_get_u32(ARMV4_5_CORE_REG_MODENUM(armv4_5->core_cache, mode, num).value, 0, 32));
347 command_print(cmd_ctx, output);
349 command_print(cmd_ctx, " cpsr: %8.8x spsr_fiq: %8.8x spsr_irq: %8.8x spsr_svc: %8.8x spsr_abt: %8.8x spsr_und: %8.8x",
350 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32),
351 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_SPSR_FIQ].value, 0, 32),
352 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_SPSR_IRQ].value, 0, 32),
353 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_SPSR_SVC].value, 0, 32),
354 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_SPSR_ABT].value, 0, 32),
355 buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_SPSR_UND].value, 0, 32));
360 int handle_armv4_5_core_state_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
362 target_t *target = get_current_target(cmd_ctx);
363 armv4_5_common_t *armv4_5 = target->arch_info;
365 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
367 command_print(cmd_ctx, "current target isn't an ARMV4/5 target");
373 if (strcmp(args[0], "arm") == 0)
375 armv4_5->core_state = ARMV4_5_STATE_ARM;
377 if (strcmp(args[0], "thumb") == 0)
379 armv4_5->core_state = ARMV4_5_STATE_THUMB;
383 command_print(cmd_ctx, "core state: %s", armv4_5_state_strings[armv4_5->core_state]);
388 int handle_armv4_5_disassemble_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
390 target_t *target = get_current_target(cmd_ctx);
391 armv4_5_common_t *armv4_5 = target->arch_info;
395 arm_instruction_t cur_instruction;
399 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
401 command_print(cmd_ctx, "current target isn't an ARMV4/5 target");
407 command_print(cmd_ctx, "usage: armv4_5 disassemble <address> <count> ['thumb']");
411 address = strtoul(args[0], NULL, 0);
412 count = strtoul(args[1], NULL, 0);
415 if (strcmp(args[2], "thumb") == 0)
418 for (i = 0; i < count; i++)
420 target_read_u32(target, address, &opcode);
421 arm_evaluate_opcode(opcode, address, &cur_instruction);
422 command_print(cmd_ctx, "%s", cur_instruction.text);
423 address += (thumb) ? 2 : 4;
429 int armv4_5_register_commands(struct command_context_s *cmd_ctx)
431 command_t *armv4_5_cmd;
433 armv4_5_cmd = register_command(cmd_ctx, NULL, "armv4_5", NULL, COMMAND_ANY, "armv4/5 specific commands");
435 register_command(cmd_ctx, armv4_5_cmd, "reg", handle_armv4_5_reg_command, COMMAND_EXEC, "display ARM core registers");
436 register_command(cmd_ctx, armv4_5_cmd, "core_state", handle_armv4_5_core_state_command, COMMAND_EXEC, "display/change ARM core state <arm|thumb>");
438 register_command(cmd_ctx, armv4_5_cmd, "disassemble", handle_armv4_5_disassemble_command, COMMAND_EXEC, "disassemble instructions <address> <count> ['thumb']");
442 int armv4_5_get_gdb_reg_list(target_t *target, reg_t **reg_list[], int *reg_list_size)
444 armv4_5_common_t *armv4_5 = target->arch_info;
447 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
451 *reg_list = malloc(sizeof(reg_t*) * (*reg_list_size));
453 for (i = 0; i < 16; i++)
455 (*reg_list)[i] = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i);
458 for (i = 16; i < 24; i++)
460 (*reg_list)[i] = &armv4_5_gdb_dummy_fp_reg;
463 (*reg_list)[24] = &armv4_5_gdb_dummy_fps_reg;
464 (*reg_list)[25] = &armv4_5->core_cache->reg_list[ARMV4_5_CPSR];
469 int armv4_5_run_algorithm(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info)
471 armv4_5_common_t *armv4_5 = target->arch_info;
472 armv4_5_algorithm_t *armv4_5_algorithm_info = arch_info;
473 enum armv4_5_state core_state = armv4_5->core_state;
474 enum armv4_5_mode core_mode = armv4_5->core_mode;
477 int exit_breakpoint_size = 0;
479 int retval = ERROR_OK;
480 LOG_DEBUG("Running algorithm");
482 if (armv4_5_algorithm_info->common_magic != ARMV4_5_COMMON_MAGIC)
484 LOG_ERROR("current target isn't an ARMV4/5 target");
485 return ERROR_TARGET_INVALID;
488 if (target->state != TARGET_HALTED)
490 LOG_WARNING("target not halted");
491 return ERROR_TARGET_NOT_HALTED;
494 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
497 for (i = 0; i <= 16; i++)
499 if (!ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).valid)
500 armv4_5->read_core_reg(target, i, armv4_5_algorithm_info->core_mode);
501 context[i] = buf_get_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).value, 0, 32);
503 cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32);
505 for (i = 0; i < num_mem_params; i++)
507 target_write_buffer(target, mem_params[i].address, mem_params[i].size, mem_params[i].value);
510 for (i = 0; i < num_reg_params; i++)
512 reg_t *reg = register_get_by_name(armv4_5->core_cache, reg_params[i].reg_name, 0);
515 LOG_ERROR("BUG: register '%s' not found", reg_params[i].reg_name);
519 if (reg->size != reg_params[i].size)
521 LOG_ERROR("BUG: register '%s' size doesn't match reg_params[i].size", reg_params[i].reg_name);
525 armv4_5_set_core_reg(reg, reg_params[i].value);
528 armv4_5->core_state = armv4_5_algorithm_info->core_state;
529 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
530 exit_breakpoint_size = 4;
531 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
532 exit_breakpoint_size = 2;
535 LOG_ERROR("BUG: can't execute algorithms when not in ARM or Thumb state");
539 if (armv4_5_algorithm_info->core_mode != ARMV4_5_MODE_ANY)
541 LOG_DEBUG("setting core_mode: 0x%2.2x", armv4_5_algorithm_info->core_mode);
542 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 5, armv4_5_algorithm_info->core_mode);
543 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
544 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
547 if ((retval = breakpoint_add(target, exit_point, exit_breakpoint_size, BKPT_HARD)) != ERROR_OK)
549 LOG_ERROR("can't add breakpoint to finish algorithm execution");
550 return ERROR_TARGET_FAILURE;
553 target_resume(target, 0, entry_point, 1, 1);
556 while (target->state != TARGET_HALTED)
560 if ((timeout_ms -= 10) <= 0)
562 LOG_ERROR("timeout waiting for algorithm to complete, trying to halt target");
565 while (target->state != TARGET_HALTED)
569 if ((timeout_ms -= 10) <= 0)
571 LOG_ERROR("target didn't reenter debug state, exiting");
575 retval = ERROR_TARGET_TIMEOUT;
579 if ((retval != ERROR_TARGET_TIMEOUT) &&
580 (buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32) != exit_point))
582 LOG_WARNING("target reentered debug state, but not at the desired exit point: 0x%4.4x",
583 buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
586 breakpoint_remove(target, exit_point);
588 for (i = 0; i < num_mem_params; i++)
590 if (mem_params[i].direction != PARAM_OUT)
591 target_read_buffer(target, mem_params[i].address, mem_params[i].size, mem_params[i].value);
594 for (i = 0; i < num_reg_params; i++)
596 if (reg_params[i].direction != PARAM_OUT)
599 reg_t *reg = register_get_by_name(armv4_5->core_cache, reg_params[i].reg_name, 0);
602 LOG_ERROR("BUG: register '%s' not found", reg_params[i].reg_name);
606 if (reg->size != reg_params[i].size)
608 LOG_ERROR("BUG: register '%s' size doesn't match reg_params[i].size", reg_params[i].reg_name);
612 buf_set_u32(reg_params[i].value, 0, 32, buf_get_u32(reg->value, 0, 32));
616 for (i = 0; i <= 16; i++)
618 LOG_DEBUG("restoring register %s with value 0x%8.8x", ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).name, context[i]);
619 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).value, 0, 32, context[i]);
620 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).valid = 1;
621 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_algorithm_info->core_mode, i).dirty = 1;
623 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
624 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
625 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
627 armv4_5->core_state = core_state;
628 armv4_5->core_mode = core_mode;
633 int armv4_5_init_arch_info(target_t *target, armv4_5_common_t *armv4_5)
635 target->arch_info = armv4_5;
637 armv4_5->common_magic = ARMV4_5_COMMON_MAGIC;
638 armv4_5->core_state = ARMV4_5_STATE_ARM;
639 armv4_5->core_mode = ARMV4_5_MODE_USR;