};
-static int arm11_add_ir_scan_vc(int num_fields, struct scan_field *fields,
+/* REVISIT no error handling here! */
+static void arm11_add_ir_scan_vc(struct jtag_tap *tap, struct scan_field *fields,
tap_state_t state)
{
if (cmd_queue_cur_state == TAP_IRPAUSE)
jtag_add_pathmove(ARRAY_SIZE(arm11_move_pi_to_si_via_ci), arm11_move_pi_to_si_via_ci);
- jtag_add_ir_scan(num_fields, fields, state);
- return ERROR_OK;
+ jtag_add_ir_scan(tap, fields, state);
}
static const tap_state_t arm11_move_pd_to_sd_via_cd[] =
TAP_DREXIT2, TAP_DRUPDATE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
};
-int arm11_add_dr_scan_vc(int num_fields, struct scan_field *fields, tap_state_t state)
+/* REVISIT no error handling here! */
+void arm11_add_dr_scan_vc(struct jtag_tap *tap, int num_fields, struct scan_field *fields,
+ tap_state_t state)
{
if (cmd_queue_cur_state == TAP_DRPAUSE)
jtag_add_pathmove(ARRAY_SIZE(arm11_move_pd_to_sd_via_cd), arm11_move_pd_to_sd_via_cd);
- jtag_add_dr_scan(num_fields, fields, state);
- return ERROR_OK;
+ jtag_add_dr_scan(tap, num_fields, fields, state);
}
* <em > (data is written when the JTAG queue is executed)</em>
* \param field target data structure that will be initialized
*/
-void arm11_setup_field(struct arm11_common * arm11, int num_bits, void * out_data, void * in_data, struct scan_field * field)
+void arm11_setup_field(struct arm11_common *arm11, int num_bits,
+ void *out_data, void *in_data, struct scan_field *field)
{
- field->tap = arm11->arm.target->tap;
field->num_bits = num_bits;
field->out_value = out_data;
field->in_value = in_data;
arm11_setup_field(arm11, 5, &instr, NULL, &field);
- arm11_add_ir_scan_vc(1, &field, state == ARM11_TAP_DEFAULT ? TAP_IRPAUSE : state);
+ arm11_add_ir_scan_vc(arm11->arm.target->tap, &field, state == ARM11_TAP_DEFAULT ? TAP_IRPAUSE : state);
}
-/** Verify shifted out data from Scan Chain Register (SCREG)
- * Used as parameter to struct scan_field::in_handler in
- * arm11_add_debug_SCAN_N().
- *
- */
+/** Verify data shifted out from Scan Chain Register (SCREG). */
static void arm11_in_handler_SCAN_N(uint8_t *in_value)
{
- /** \todo TODO: clarify why this isnt properly masked in core.c jtag_read_buffer() */
+ /* Don't expect JTAG layer to modify bits we didn't ask it to read */
uint8_t v = *in_value & 0x1F;
if (v != 0x10)
{
- LOG_ERROR("'arm11 target' JTAG communication error SCREG SCAN OUT 0x%02x (expected 0x10)", v);
+ LOG_ERROR("'arm11 target' JTAG error SCREG OUT 0x%02x", v);
jtag_set_error(ERROR_FAIL);
}
-
- if (v != 0x10)
- JTAG_DEBUG("SCREG SCAN OUT 0x%02x", v);
}
/** Select and write to Scan Chain Register (SCREG)
uint8_t tmp[1];
arm11_setup_field(arm11, 5, &chain, &tmp, &field);
- arm11_add_dr_scan_vc(1, &field, state == ARM11_TAP_DEFAULT ? TAP_DRPAUSE : state);
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &field, state == ARM11_TAP_DEFAULT ? TAP_DRPAUSE : state);
jtag_execute_queue_noclear();
return jtag_execute_queue();
}
-/** Write an instruction into the ITR register
+/**
+ * Queue a DR scan of the ITR register. Caller must have selected
+ * scan chain 4 (ITR), possibly using ITRSEL.
*
* \param arm11 Target state variable.
* \param inst An ARM11 processor instruction/opcode.
- * \param flag Optional parameter to retrieve the InstCompl flag
- * (this will be written when the JTAG chain is executed).
- * \param state Pass the final TAP state or ARM11_TAP_DEFAULT for the default
- * value (Run-Test/Idle).
+ * \param flag Optional parameter to retrieve the Ready flag;
+ * this address will be written when the JTAG chain is scanned.
+ * \param state The TAP state to enter after the DR scan.
*
- * \remarks By default this ends with Run-Test/Idle state
- * and causes the instruction to be executed. If
- * a subsequent write to DTR is needed before
- * executing the instruction then TAP_DRPAUSE should be
- * passed to \p state.
+ * Going through the TAP_DRUPDATE state writes ITR only if Ready was
+ * previously set. Only the Ready flag is readable by the scan.
*
- * \remarks This adds to the JTAG command queue but does \em not execute it.
+ * An instruction loaded into ITR is executed when going through the
+ * TAP_IDLE state only if Ready was previously set and the debug state
+ * is properly set up. Depending on the instruction, you may also need
+ * to ensure that the rDTR is ready before that Run-Test/Idle state.
*/
static void arm11_add_debug_INST(struct arm11_common * arm11,
uint32_t inst, uint8_t * flag, tap_state_t state)
arm11_setup_field(arm11, 32, &inst, NULL, itr + 0);
arm11_setup_field(arm11, 1, NULL, flag, itr + 1);
- arm11_add_dr_scan_vc(ARRAY_SIZE(itr), itr, state == ARM11_TAP_DEFAULT ? TAP_IDLE : state);
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(itr), itr, state);
}
/**
arm11_setup_field(arm11, 32, NULL, &dscr, &chain1_field);
- arm11_add_dr_scan_vc(1, &chain1_field, TAP_DRPAUSE);
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &chain1_field, TAP_DRPAUSE);
CHECK_RETVAL(jtag_execute_queue());
arm11_setup_field(arm11, 32, &dscr, NULL, &chain1_field);
- arm11_add_dr_scan_vc(1, &chain1_field, TAP_DRPAUSE);
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, 1, &chain1_field, TAP_DRPAUSE);
CHECK_RETVAL(jtag_execute_queue());
-/** Execute one or multiple instructions via ITR
+/**
+ * Execute one or more instructions via ITR.
+ * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
+ * is set, the ITR Ready flag is set (as seen on the previous entry to
+ * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
*
* \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
*
/** Execute one instruction via ITR repeatedly while
* passing data to the core via DTR on each execution.
*
+ * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
+ * is set, the ITR Ready flag is set (as seen on the previous entry to
+ * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
+ *
* The executed instruction \em must read data from DTR.
*
* \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
{
Data = *data;
- arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, jtag_set_end_state(TAP_IDLE));
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(chain5_fields), chain5_fields, TAP_IDLE);
CHECK_RETVAL(jtag_execute_queue());
{
Data = 0;
- arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
CHECK_RETVAL(jtag_execute_queue());
TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
};
-
-
-/** Execute one instruction via ITR repeatedly while
- * passing data to the core via DTR on each execution.
- *
- * No Ready check during transmission.
- *
- * The executed instruction \em must read data from DTR.
- *
- * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
- *
- * \param arm11 Target state variable.
- * \param opcode ARM opcode
- * \param data Pointer to the data words to be passed to the core
- * \param count Number of data words and instruction repetitions
- *
+/* This inner loop can be implemented by the minidriver, oftentimes in hardware... The
+ * minidriver can call the default implementation as a fallback or implement it
+ * from scratch.
*/
-int arm11_run_instr_data_to_core_noack(struct arm11_common * arm11, uint32_t opcode, uint32_t * data, size_t count)
+int arm11_run_instr_data_to_core_noack_inner_default(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count)
{
- arm11_add_IR(arm11, ARM11_ITRSEL, ARM11_TAP_DEFAULT);
+ struct scan_field chain5_fields[3];
- arm11_add_debug_INST(arm11, opcode, NULL, TAP_DRPAUSE);
+ chain5_fields[0].num_bits = 32;
+ chain5_fields[0].out_value = NULL; /*&Data*/
+ chain5_fields[0].in_value = NULL;
- arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
+ chain5_fields[1].num_bits = 1;
+ chain5_fields[1].out_value = NULL;
+ chain5_fields[1].in_value = NULL; /*&Ready*/
- struct scan_field chain5_fields[3];
-
- arm11_setup_field(arm11, 32, NULL/*&Data*/, NULL, chain5_fields + 0);
- arm11_setup_field(arm11, 1, NULL, NULL /*&Ready*/, chain5_fields + 1);
- arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
+ chain5_fields[2].num_bits = 1;
+ chain5_fields[2].out_value = NULL;
+ chain5_fields[2].in_value = NULL;
uint8_t *Readies;
- unsigned readiesNum = count + 1;
+ unsigned readiesNum = count;
unsigned bytes = sizeof(*Readies)*readiesNum;
Readies = (uint8_t *) malloc(bytes);
}
uint8_t * ReadyPos = Readies;
-
while (count--)
{
chain5_fields[0].out_value = (void *)(data++);
chain5_fields[1].in_value = ReadyPos++;
- if (count)
+ if (count > 0)
{
- jtag_add_dr_scan(ARRAY_SIZE(chain5_fields), chain5_fields, jtag_set_end_state(TAP_DRPAUSE));
+ jtag_add_dr_scan(tap, ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
jtag_add_pathmove(ARRAY_SIZE(arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay),
arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay);
- }
- else
+ } else
{
- jtag_add_dr_scan(ARRAY_SIZE(chain5_fields), chain5_fields, jtag_set_end_state(TAP_IDLE));
+ jtag_add_dr_scan(tap, ARRAY_SIZE(chain5_fields), chain5_fields, TAP_IDLE);
}
}
- arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
-
- chain5_fields[0].out_value = 0;
- chain5_fields[1].in_value = ReadyPos++;
-
- arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
-
int retval = jtag_execute_queue();
if (retval == ERROR_OK)
{
}
if (error_count > 0 )
+ {
LOG_ERROR("%u words out of %u not transferred",
error_count, readiesNum);
-
+ retval = ERROR_FAIL;
+ }
}
-
free(Readies);
return retval;
}
+int arm11_run_instr_data_to_core_noack_inner(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count);
+
+#ifndef HAVE_JTAG_MINIDRIVER_H
+int arm11_run_instr_data_to_core_noack_inner(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count)
+{
+ return arm11_run_instr_data_to_core_noack_inner_default(tap, opcode, data, count);
+}
+#endif
+
+/** Execute one instruction via ITR repeatedly while
+ * passing data to the core via DTR on each execution.
+ *
+ * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
+ * is set, the ITR Ready flag is set (as seen on the previous entry to
+ * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
+ *
+ * No Ready check during transmission.
+ *
+ * The executed instruction \em must read data from DTR.
+ *
+ * \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
+ *
+ * \param arm11 Target state variable.
+ * \param opcode ARM opcode
+ * \param data Pointer to the data words to be passed to the core
+ * \param count Number of data words and instruction repetitions
+ *
+ */
+int arm11_run_instr_data_to_core_noack(struct arm11_common * arm11, uint32_t opcode, uint32_t * data, size_t count)
+{
+ arm11_add_IR(arm11, ARM11_ITRSEL, ARM11_TAP_DEFAULT);
+
+ arm11_add_debug_INST(arm11, opcode, NULL, TAP_DRPAUSE);
+
+ arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
+
+ int retval = arm11_run_instr_data_to_core_noack_inner(arm11->arm.target->tap, opcode, data, count);
+
+ if (retval != ERROR_FAIL)
+ return retval;
+
+ arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
+
+ struct scan_field chain5_fields[3];
+
+ arm11_setup_field(arm11, 32, NULL/*&Data*/, NULL, chain5_fields + 0);
+ arm11_setup_field(arm11, 1, NULL, NULL /*&Ready*/, chain5_fields + 1);
+ arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
+
+ uint8_t ready_flag;
+ chain5_fields[1].in_value = &ready_flag;
+
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
+
+ retval = jtag_execute_queue();
+ if (retval == ERROR_OK)
+ {
+ if (ready_flag != 1)
+ {
+ LOG_ERROR("last word not transferred");
+ retval = ERROR_FAIL;
+ }
+ }
+
+ return retval;
+}
+
/** Execute an instruction via ITR while handing data into the core via DTR.
*
/** Execute one instruction via ITR repeatedly while
* reading data from the core via DTR on each execution.
*
+ * Caller guarantees that processor is in debug state, that DSCR_ITR_EN
+ * is set, the ITR Ready flag is set (as seen on the previous entry to
+ * TAP_DRCAPTURE), and the DSCR sticky abort flag is clear.
+ *
* The executed instruction \em must write data to DTR.
*
* \pre arm11_run_instr_data_prepare() / arm11_run_instr_data_finish() block
int i = 0;
do
{
- arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, count ? TAP_IDLE : TAP_DRPAUSE);
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(chain5_fields), chain5_fields, count ? TAP_IDLE : TAP_DRPAUSE);
CHECK_RETVAL(jtag_execute_queue());
AddressOut = 0;
}
- do
+ /* Timeout here so we don't get stuck. */
+ int i = 0;
+ while (1)
{
JTAG_DEBUG("SC7 <= c%-3d Data %08x %s",
(unsigned) AddressOut,
(unsigned) DataOut,
nRW ? "write" : "read");
- arm11_add_dr_scan_vc(ARRAY_SIZE(chain7_fields),
+ arm11_add_dr_scan_vc(arm11->arm.target->tap, ARRAY_SIZE(chain7_fields),
chain7_fields, TAP_DRPAUSE);
CHECK_RETVAL(jtag_execute_queue());
- if (!Ready)
- JTAG_DEBUG("SC7 => !ready");
+ /* 'nRW' is 'Ready' on read out */
+ if (Ready)
+ break;
+
+ long long then = 0;
+
+ if (i == 1000)
+ {
+ then = timeval_ms();
+ }
+ if (i >= 1000)
+ {
+ if ((timeval_ms()-then) > 1000)
+ {
+ LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
+ return ERROR_FAIL;
+ }
+ }
+
+ i++;
}
- while (!Ready); /* 'nRW' is 'Ready' on read out */
if (!nRW)
JTAG_DEBUG("SC7 => Data %08x", (unsigned) DataIn);
*/
void arm11_sc7_clear_vbw(struct arm11_common * arm11)
{
- size_t clear_bw_size = arm11->brp + arm11->wrp + 1;
+ size_t clear_bw_size = arm11->brp + 1;
struct arm11_sc7_action *clear_bw = malloc(sizeof(struct arm11_sc7_action) * clear_bw_size);
struct arm11_sc7_action * pos = clear_bw;
for (size_t i = 0; i < arm11->brp; i++)
(pos++)->address = ARM11_SC7_BCR0 + i;
-
- for (size_t i = 0; i < arm11->wrp; i++)
- (pos++)->address = ARM11_SC7_WCR0 + i;
-
-
(pos++)->address = ARM11_SC7_VCR;
arm11_sc7_run(arm11, clear_bw, clear_bw_size);
opcode, data);
}
+/* Because arm11_sc7_run() takes a vector of actions, we batch breakpoint
+ * and watchpoint operations instead of running them right away. Since we
+ * pre-allocated our vector, we don't need to worry about space.
+ */
+static int arm11_bpwp_enable(struct arm_dpm *dpm, unsigned index,
+ uint32_t addr, uint32_t control)
+{
+ struct arm11_common *arm11 = dpm_to_arm11(dpm);
+ struct arm11_sc7_action *action;
+
+ action = arm11->bpwp_actions + arm11->bpwp_n;
+
+ /* Invariant: this bp/wp is disabled.
+ * It also happens that the core is halted here, but for
+ * DPM-based cores we don't actually care about that.
+ */
+
+ action[0].write = action[1].write = true;
+
+ action[0].value = addr;
+ action[1].value = control;
+
+ switch (index) {
+ case 0 ... 15:
+ action[0].address = ARM11_SC7_BVR0 + index;
+ action[1].address = ARM11_SC7_BCR0 + index;
+ break;
+ case 16 ... 32:
+ index -= 16;
+ action[0].address = ARM11_SC7_WVR0 + index;
+ action[1].address = ARM11_SC7_WCR0 + index;
+ break;
+ default:
+ return ERROR_FAIL;
+ }
+
+ arm11->bpwp_n += 2;
+
+ return ERROR_OK;
+}
+
+static int arm11_bpwp_disable(struct arm_dpm *dpm, unsigned index)
+{
+ struct arm11_common *arm11 = dpm_to_arm11(dpm);
+ struct arm11_sc7_action *action;
+
+ action = arm11->bpwp_actions + arm11->bpwp_n;
+
+ action[0].write = true;
+ action[0].value = 0;
+
+ switch (index) {
+ case 0 ... 15:
+ action[0].address = ARM11_SC7_BCR0 + index;
+ break;
+ case 16 ... 32:
+ index -= 16;
+ action[0].address = ARM11_SC7_WCR0 + index;
+ break;
+ default:
+ return ERROR_FAIL;
+ }
+
+ arm11->bpwp_n += 1;
+
+ return ERROR_OK;
+}
+
+/** Flush any pending breakpoint and watchpoint updates. */
+int arm11_bpwp_flush(struct arm11_common *arm11)
+{
+ int retval;
+
+ if (!arm11->bpwp_n)
+ return ERROR_OK;
+
+ retval = arm11_sc7_run(arm11, arm11->bpwp_actions, arm11->bpwp_n);
+ arm11->bpwp_n = 0;
+
+ return retval;
+}
+
/** Set up high-level debug module utilities */
int arm11_dpm_init(struct arm11_common *arm11, uint32_t didr)
{
dpm->instr_read_data_dcc = arm11_dpm_instr_read_data_dcc;
dpm->instr_read_data_r0 = arm11_dpm_instr_read_data_r0;
+ dpm->bpwp_enable = arm11_bpwp_enable;
+ dpm->bpwp_disable = arm11_bpwp_disable;
+
retval = arm_dpm_setup(dpm);
if (retval != ERROR_OK)
return retval;
+ /* alloc enough to enable all breakpoints and watchpoints at once */
+ arm11->bpwp_actions = calloc(2 * (dpm->nbp + dpm->nwp),
+ sizeof *arm11->bpwp_actions);
+ if (!arm11->bpwp_actions)
+ return ERROR_FAIL;
+
retval = arm_dpm_initialize(dpm);
+ if (retval != ERROR_OK)
+ return retval;
- return retval;
+ return arm11_bpwp_flush(arm11);
}