Compile-tested. This might not set up the simulator right for the
ARMv6 single step support; only BXJ branches though, and docs to
support Jazelle branching are non-public (still, sigh).
ARMv6 instructions known to be mis-handled by this disassembler
include: UMAAL, LDREX, STREX, CPS, SETEND, RFE, SRS, MCRR2, MRRC2
oharboe [Thu, 27 Aug 2009 10:37:01 +0000 (10:37 +0000)]
arm11 hardware step using simulation + breakpoint. Use "hardware_step enable" command to revert to hardware stepping. Ideally we could retire the "hardware_step enable" command once we no longer believe it to be necessary.
oharboe [Wed, 26 Aug 2009 19:23:35 +0000 (19:23 +0000)]
Matt Hsu <matt@0xlab.org> and Holger Hans Peter Freyther <zecke@selfish.org> Only dap_ap_select when we are going to do a memory access
in the fast reg case.
oharboe [Wed, 26 Aug 2009 19:21:26 +0000 (19:21 +0000)]
Matt Hsu <matt@0xlab.org> cortex_a8_exec_opcode is writing the ARM instruction into
the ITR register but it will only be executed when the DSCR[13]
bit is set. The documentation is a bit weird as it classifies
the DSCR as read-only but the pseudo code is writing to it as
well. This is working on a beagleboard.
oharboe [Wed, 26 Aug 2009 19:20:25 +0000 (19:20 +0000)]
Matt Hsu <matt@0xlab.org> Wait for the DTRRX to be full before reading it. Remove the trans_mode change as it is done in the mem_ap_read_atomic_u32 function.
oharboe [Wed, 26 Aug 2009 19:16:08 +0000 (19:16 +0000)]
Matt Hsu <matt@0xlab.org> and Holger Hans Peter Freyther <zecke@selfish.org> Before executing a new instruction wait for the previous
instruction to be finished. This comes from the pseudo code
of the cortex a8 trm.
oharboe [Wed, 26 Aug 2009 19:06:56 +0000 (19:06 +0000)]
David Brownell <david-b@pacbell.net> Fix segv in jtag_examine_chain(): exit loop on no-tap. Keep
"next iteration" step with the rest of the loop overhead.
Cleanup: remove spurious whitespace, and an overlong line;
only assign "tap->hasidcode" once.
oharboe [Wed, 26 Aug 2009 06:26:29 +0000 (06:26 +0000)]
David Brownell <david-b@pacbell.net> Clock updates/fixes for the Stellaris flash driver:
- Bugfixes:
* internal osc: it's *12* MHz (not 15 MHz) on _current_ chips
+ except new Tempest parts where it's 16 MHz (and calibrated!)
+ or some old Sandstorm ones, where 15 MHz was valid
* crystal config:
+ read and use the crystal config, don't assume 6 MHz
+ know when that field is 4 bits vs 5
* an RCC2 register may be overriding the original RCC
+ more clock source options
+ bigger dividers
+ fractional dividers on Tempest (NYET handled)
* there's a 30 KHz osc on newer chips (for deep sleep)
* there's a 32768 Hz osc on newer chips (for hibernation)
- Cosmetic
* say "rev A0" not "vA.0", to match vendor docs
* don't always report master clock as an "estimate":
+ give the error bound if it's approximate, like "±30%"
+ else don't say anything
* fix whitespace and caps in some messages
* these are not AT91SAM chips!!
Those clock issues might explain problems sometimes reported when
writing to Stellaris flash banks; they affect write timings.
That 12-vs-15 MHz issue is problematic; there's no consolidated doc
showing which chips (and revs!) have which internal oscillator speed.
It's clear that only older silicon had the faster-and-less-accurate
flavor. What's less clear is which chips are "old" like that.
oharboe [Tue, 25 Aug 2009 20:02:19 +0000 (20:02 +0000)]
David Brownell <david-b@pacbell.net> Tweak disassembly commands:
For ARMv4/ARMv5:
- better command parameter error checking
- don't require an instruction count; default to one
- recognize thumb function addresses
- make function static
- shorten some too-long lines
For Cortex-M3:
- don't require an instruction count; default to one
With the relevant doc updates.
---
Nyet done: invoke the thumb2 disassembler on v4/v5,
to better handle branch instructions.
oharboe [Tue, 25 Aug 2009 19:59:55 +0000 (19:59 +0000)]
David Brownell <david-b@pacbell.net> More jtag_add_reset() cleanup:
Unify the handling of the req_srst parameter, and rip out a
large NOP branch and its associated FIXME. (There didn't seem
to be anything that needs fixing; but that was unclear since
the constraints were scattered all over the place not unified.)
oharboe [Tue, 25 Aug 2009 19:58:06 +0000 (19:58 +0000)]
David Brownell <david-b@pacbell.net> More jtag_add_reset() cleanup:
Unify the handling of the req_tlr_or_trst parameter. Basically,
JTAG TMS+TCK ops ("TLR") is always used ... unless TRST is a safe
option in this system configuration.
oharboe [Tue, 25 Aug 2009 19:55:32 +0000 (19:55 +0000)]
David Brownell <david-b@pacbell.net> Some jtag_add_reset() cleanup:
- Track whether TRST and/or SRST actually change:
* If they're not changing, don't ask the JTAG adapter to do anything!
(JTAG TCK/TMS ops might still be used to enter TAP_RESET though.)
* Don't change their recorded values until after the adapter says it
did so ... so fault paths can't leave corrupt state.
* Detect and report jtag_execute_queue() failure mode
* Only emit messages saying what really changed; this includes adding
an omitted "deasserted TRST" message.
* Only apply delays after deasserting SRST/TRST if we *DID* deassert!
- Messages say "TLR" not "RESET", to be less confusing; there are many
kinds of reset. (Though "TLR" isn't quite ideal either, since it's
the name of the TAP state being entered by TMS+TCK or TRST; it's at
least non-ambiguous in context.)
So the main effect is to do only the work this routine was told to do;
and to have debug messaging make more sense.
oharboe [Tue, 25 Aug 2009 19:52:02 +0000 (19:52 +0000)]
David Brownell <david-b@pacbell.net> Accomodate targets which don't support various target-specific
reset operations. Maybe they can't; or it's a "not yet" thing.
Note that the assert/deassert operations can't yet trigger for
OMAP3 because resets currently include JTAG reset in all cases,
resetting the ICEpick and thus disabling the TAP for Cortex-A8.
oharboe [Tue, 25 Aug 2009 07:17:19 +0000 (07:17 +0000)]
strange.... the code build and links w/Linux GCC target but fails w/arm-elf. The code was clearly broken as it was missing two extern's in the .h file...
oharboe [Tue, 25 Aug 2009 07:09:48 +0000 (07:09 +0000)]
Michael Schwingen <rincewind@discworld.dascon.de> The attached patch adds a "xscale vector_table" command that allows to set
the values that are written in the mini-IC (plus documentation updates that
describe why this is needed).
oharboe [Tue, 25 Aug 2009 07:04:25 +0000 (07:04 +0000)]
Audrius Urmanavičius <didele.deze@gmail.com> Latest source (R2606) does not compile under Windows+Cygwin - fails with error about possibly uninitialized use of variable 'ch'.
oharboe [Tue, 25 Aug 2009 06:58:34 +0000 (06:58 +0000)]
David Brownell The rest of the Cortex-A8 support from Magnus: replace the previous
nonfunctional cortex_a8 code with something that at least basically
works (for halt/step/resume, without MMU) even if it is incomplete.
(With tweaks from Øyvind, and cleanup from Dave.)
This code has mainly been developed and tested against R1606, it has
been built and tested against R2294 where it runs but step and resume
commands are broken due to regression (which should be fixed now).
This code is really written for OMAP3530. It doesn't identify debug
resources using generic DAP calls to scan the ROM table, or perform
topology detection. The OMAP3530 DAP exposes two memory access ports:
- Port #0 is connected to L3 interconnect (the main bus) with
passthrough to the L4 EMU bus ... so it will be used for most
memory accesses.
- Port #1 is connected to a dedicated debug bus (L4 EMU), with
access to L4 Wakeup, and holds the ROM table ... so it must
be used for most debug and control operations.
The are some defines to handle this in cortex_a8.c, which should be
replaced with more general code. Having access to another Cortex-A8
implementation would help get that right.
oharboe [Tue, 25 Aug 2009 06:57:26 +0000 (06:57 +0000)]
David Brownell Subset of Cortex-A8 support from Magnus: create an armv7a file
and seed it with DAP access support using the current ADIv5 code.
(With tweaks and cleanup from Øyvind and Dave.)
The ARMv7-AR architecture manual is not publicly available (even
in subset form like the ARMv7-M spec), so it's hard to distinguish
between the Cortex-A8 implementation and the ARMv7-A architecture.
The register set presumably is architectural, and so it's stored
here; it's like earlier ARMs, with small additions. Ditto the
instruction set, though Thumb2 support is used (extending Thumb
support from ARMv6 with more 32-bit instructions) and there's this
ThumbEE thing too. There is a new "debug monitor" mode, not yet
fully addressed here, to support debugging in environments (like
motor control) where halting debug mode is inadvisable.
oharboe [Mon, 24 Aug 2009 07:26:05 +0000 (07:26 +0000)]
Jonas Horberg <jhorberg@sauer-danfoss.com>
The trunk is currently broken for interfaces without
the speed_div function (interface specific clock speed
value to kHz conversion). Example: parport.
oharboe [Thu, 20 Aug 2009 08:55:34 +0000 (08:55 +0000)]
Piotr Ziecik <kosmo@semihalf.com> This patch adds handling blank characters between hex digits in
SVF file, making OpenOCD compatible with files generated by
Altera Quatrus II 9.0.
ntfreak [Thu, 20 Aug 2009 07:54:49 +0000 (07:54 +0000)]
- remove enable-ft2232-highspeed configure option, high speed ftdi support is now detected during the configure stage
- warning now issued if high speed ftdi device found and openocd was built using an old driver
oharboe [Thu, 20 Aug 2009 07:15:46 +0000 (07:15 +0000)]
David Brownell <david-b@pacbell.net>More Thumb2 disassembly:
ARMv7-M: A5.3.6 Load/store dual or exclusive, table branch
GCC will generate the table branch instructions, usually with inlined
tables that will confuse this disassembler. LDREX and STREX are not
issued by GCC without inline assembly.
This means all Thumb2 instructions implemented by Cortex-M3 can now
be disassembled. Cortex-A8 cores support more Thumb2 instructions,
but most of those aren't yet publicly documented.
oharboe [Wed, 19 Aug 2009 06:30:08 +0000 (06:30 +0000)]
David Brownell <david-b@pacbell.net> Clean up some Cortex-M3 reset handling.
- AIRCR_SYSRESETREQ is generic; use it on any system where
SRST won't fly, not just on Stellaris-based ones.
- Reformat and improve comments about the Stellaris quirk; and
xref the only public docs (an email) about the issue.
It seems that *most* Stellaris chips have this problem. Tempest
parts aren't yet in general sampling; and if rev B silicon for
earlier chips exists, it's not very visible yet.
ntfreak [Tue, 18 Aug 2009 19:55:01 +0000 (19:55 +0000)]
David Brownell [david-b@pacbell.net]:
Simplify dumping of register lists by only printing cached values
if they are marked as valid. Most of the time, they are invalid;
so printing *any* value is just misleading.
Note that for ARM7 and ARM9 most EmbeddedICE registers (except for
debug status) could be cached most of the time; and their register
cache isn't maintained properly (many accesses seem to bypass that
cache code).
ntfreak [Tue, 18 Aug 2009 14:41:58 +0000 (14:41 +0000)]
Jonas Horberg [jhorberg@sauer-danfoss.com]
https://lists.berlios.de/pipermail/openocd-development/2009-August/009939.html
1. It can only be built with the FTD2XX driver. libftdi supports FT2232H/FT4232H
since version 0.16
2. A speed value of 0 is used as a RTCK request indicator. This clashes with the
valid clock division value 0 that provide the highest fixed clock frequency.
3. The ft2232_speed_div function return the maximum selectable frequency (30MHz)
when RTCK is activated. It should return 0.
4. The ft2232_khz function return ERROR_OK when RTCK is requested even for
devices lacking RTCK support. It should return ERROR_FAIL so the upper driver layers
can detect this and try to fallback to a fixed frequency.
5. FT2232H/FT4232H have a backward compatibility function that divide the clock
by 5 to get the same frequency range as FT2232D. There is no code that disable
this functionality. I can not find anything about if this is enabled or disabled by default.
I think it is safest to actively disable it.
oharboe [Tue, 18 Aug 2009 10:27:24 +0000 (10:27 +0000)]
David Brownell <david-b@pacbell.net> Cleanup the Stellaris target configs:
- remove endianness options; these chips hard-wire "little"
- $_TARGETNAME updates:
* don't pass $_TARGETNAME where a TAP label is required
* flash config uses $_TARGETNAME (it might not be target #0)
* simplify one $_TARGETNAME construction
- update work area setup:
* remove VM spec; these chips have no VM!
* fix some wrong sizes (0x4000 == 16K, not 4K)
* simplify: take defaults
- comment fixups
oharboe [Tue, 18 Aug 2009 10:25:28 +0000 (10:25 +0000)]
David Brownell <david-b@pacbell.net> Add "cortex_m3 vector_catch" command and docs. One minor
issue with this is that the core debug support uses this
mechanism, then trashes its state over reset. Users can
Work around that (for now) by re-assigning the desired
config after reset.
Also fixes "target halted due to target-not-halted" goof.
When we can't describe the reason using OpenOCD's limited
vocabulary, say "reason undefined" instead of saying it's
not halted.
oharboe [Tue, 18 Aug 2009 10:22:44 +0000 (10:22 +0000)]
David Brownell <david-b@pacbell.net> Clean up ARM7/ARM9 EmbeddedICE register handling ... don't use parallel
arrays (error prone) or assume all registers are 32-bits wide (they can
have fewer bits); don't use spaces in register names, so they can be
passed more easily to the "reg" command.
Minor updates for ARM9 vector_catch support: it's an 8-bit value. This
seems to help this core's vector_catch command work a bit better; but its
behavior wih the register cache is still goofy.
oharboe [Tue, 18 Aug 2009 10:20:25 +0000 (10:20 +0000)]
David Brownell <david-b@pacbell.net> Several of the ARMv7M registers are 8 bits or less; don't
display them as 32 bits unless that's their true size.
(Removes some confusion.
oharboe [Tue, 18 Aug 2009 10:18:18 +0000 (10:18 +0000)]
Piotr Ziecik <kosmo@semihalf.com> Due to errors in chipselect management in davinci_nand driver
OpenOCD was able to access only to chips attached to first EMIF
chipselect. This patch fixes chipselect management code and allows
OpenOCD to access to NAND devices attached to any EMIF CS line.
David Brownell <david-b@pacbell.net> More testcase work:
A5.3.11 Data processing (shifted register)
The usual kinds of problems; the most noteworthy were that
the "S"et flags bit was mis-handled in these instructions.
---
This is the last patch from a quickie set of tests covering all
encodings of the instructions with 32-bit opcodes. There may
be some corner cases left, plus the instructions that aren't
yet handled, but the Thumb2 disassembler is no longer just
"lightly" tested with GCC output ... the new code paths have
mostly been verified.
There was a longstanding bug in Thumb-1 LDM; the rest of the LDM/STM
fixes are just using width specs to match UAL syntax, except for two
opcode name typos. Load word had two bitmask goofs.
David Brownell <david-b@pacbell.net> More fixes from test cases:
A5.3.8 Load halfword, unallocated memory hints
It's mostly the usual sort of bitmasking goofage and getting the
width specs right. In one case an older x86 GCC generated bad code
unless I structred a conditional differently (sigh).
David Brownell <david-b@pacbell.net> More instruction decoding fixes:
A5.3.5 Load/store multiple
A5.3.7 Load word
There was a longstanding bug in Thumb-1 LDM; the rest of the LDM/STM
fixes are just using width specs to match UAL syntax, except for two
opcode name typos. Load word had two bitmask goofs.
David Brownell <david-b@pacbell.net> Bugfix some instruction decoding ... I've crafted asm files
with testcases covering several new encodings in these sections
of the ARMv7-M arch manual:
A5.3.12 Data processing (register)
A5.3.13 Miscellaneous operations
A5.3.14 Multiply, and multiply accumulate
A5.3.15 Long multiply, long multiply accumulate, and divide
The issues were mostly in '12 and '13; some new related 16-bit
opcodes had issues too.
Andreas Fritiofson <andreas.fritiofson@gmail.com> I noticed there are a few checks for (rt == 0xf) even though that case
is handled with an early return at the top of the function.
Clean up treatment of registers in ARMv7-M and Cortex-M3.
- At the arch level:
* Just list registers and names; don't impose core-specific
policy about how they are accessed.
* Each register has a symbol.
* Remove the register mode field (irrelevant to debugger)
- At the core/implementation level:
* Just map the registers to their relevant access methods;
don't require the arch level to say how that should work
(cores other than Cortex-M3 could do it differently).
* Don't use undefined bits from register 20.
* Use register IDs that are part of the ARMv7-M interface.
In short, there's now a real distinction between the arch
and core layers.
- Bugfixes:
* Distinguish branch from misc via "!=" not "=="
* MRS register shift is 8 bits (vs MSR being 16)
- Format tweaks:
* CPS needed tab (not space)
* add commma before some shifts
* add space after comma in LDM/STM
* use ".W" width spec on various instructions
Revert parts of the previous ARMv7-M register patch.
It turns out that part of the issue is a documentation
problem for the Cortex-M3 r1 parts. So for the rest,
simpler fixes are possible (in followup patch).
- fix issue with reading device id, bug appeared when flash_address code was added
- fix issue when multiple flash chips are connected, eg. x16 x 2 on 32bit mcu bus
projects / openocd / log