Andreas Färber [Sun, 29 Nov 2015 02:09:46 +0000 (03:09 +0100)]
xmc4xxx: Integrate build of erase check code
Instead of pointing to the assembler sources in a comment and
inline-commenting the THUMB bytecode, place the hex array alongside the
assembler sources and include it via preprocessor.
Originally inspired by a typo in the file path during driver development,
but it also facilitates making changes to the assembler sources.
A Makefile is provided to help automate updating the bytecode. It is not
integrated with the automake system to avoid forcing an ARM cross-compiler
onto every user, i.e. after modifying the sources they need to be rebuilt
in that directory before building the usual way. ARM_CROSS_COMPILE= can
be passed on the make command line to deal with native ARM toolchains
or with varying prefixes of cross-toolchains.
Change-Id: I00ceb980a68c8554a180dd13719ac77b677a8bcd Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-on: http://openocd.zylin.com/3133 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com> Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Andreas Färber [Mon, 20 Apr 2015 00:51:23 +0000 (02:51 +0200)]
flash: New Spansion FM4 flash driver
The Spansion FM4 family of microcontrollers does not offer a way to
identify the chip model nor the flash size, except for Dual Flash vs.
regular layout. Therefore the family is passed as argument and
wildcard-matched - MB9BFx6x and S6E2CC families are supported.
Iterations showed that ...
1) Just doing the flash command sequence from SRAM loader code for each
half-word took 20 minutes for an 8 KB block.
2) Doing the busy-wait in the loader merely reduced the time to 19 minutes.
3) Significant performance gains were achieved by looping in loader code
rather than in OpenOCD and by maximizing the batch size across sectors,
getting us down to ~2 seconds for 8 KB and ~2.5 minutes for 1.1 MB.
(Tested with SK-FM4-176L-S6E2CC-ETH v11, CMSIS-DAP v23.)
gcc, objcopy -Obinary and bin2char.sh are used for automating the
integration of hand-written assembler snippets.
Change-Id: I092c81074662534f50b71b91d54eb8e0098fec76 Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-on: http://openocd.zylin.com/2190 Tested-by: jenkins Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Alexander Kurz [Sun, 28 Feb 2016 11:36:19 +0000 (12:36 +0100)]
tcl/target/stm32f4: fix: reduce adapter speed before reset
The reset-init hook for this target speeds up the CPU clock and JTAG adapter
speed. When the target is reset running with high adapter speed, a series of
warnings "DAP transaction stalled (WAIT) - slowing down" will be generated
since the adapter speed is not reduced to fit the slower CPU speed.
Fix: reduction of the adapter speed before a reset is performed.
Change-Id: Iabfc8e3f70311e0e71c8eed09b8a37fcbed9c58d Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3365 Tested-by: jenkins Reviewed-by: Uwe Bonnes <bon@elektron.ikp.physik.tu-darmstadt.de> Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Alexander Kurz [Fri, 26 Feb 2016 20:54:22 +0000 (21:54 +0100)]
arm_disassembler: bugfix, MRRC instruction not recognized
A copy-and-paste error in the arm_disassembler opcode evaluation
disabled the recognition of MRRC instructions.
According to the arm architecture ref. manual issue E or later, MRRC and MCRR
instructions are identified by opcode bits 20-27: MCRR = 0xc4, MRRC = 0xc5.
Error found by static code analysis using a semantic pattern to
detect duplicated tests xand.cocci, see coccinellery.org
Change-Id: Ic41426edb51c6816e11dc3d35ef9382ab34af486 Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3363 Reviewed-by: Uwe Bonnes <bon@elektron.ikp.physik.tu-darmstadt.de> Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Alexander Kurz [Sun, 28 Feb 2016 21:45:54 +0000 (22:45 +0100)]
flash/nor/stellaris: fix: flash info RCC and RCC2 mixed up
The flash info command on stellaris platformes
"TI/LMI Stellaris information ... rcc is ..., rcc2 is ..."
presented the actual RCC2 register as rcc and an uninitialized variable
as rcc2 due to a copy and paste error.
Found using the semantic pattern da/da.cocci, see coccinellery.org
Change-Id: I6f920fc3e07fdc085ea8e2248fbc9453eb8393dc Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3368 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Alexander Kurz [Sun, 28 Feb 2016 22:21:47 +0000 (23:21 +0100)]
flash/nor/non_cfi.c: cleanup, member double-intialization
A struct member has been initialized twice. Found using the semantic
pattern da/da.cocci, see coccinellery.org
Change-Id: I0320afd60f1ba505758cc5bc0adcf27f572492fb Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3369 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Alexander Kurz [Sun, 28 Feb 2016 20:21:40 +0000 (21:21 +0100)]
Cleanup: removal of obsolete semicolons
Obsolete C source code semicolons were removed using the semantic patch
semicolon/semicolon.cocci, see coccinellery.org
Change-Id: I153b4995a9e028ebaf5f58c947821dc78345a777 Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3367 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Writing to Intel CFI flash with unaligned tail bytes raised a false
error message although all data was programmed successfully. e.g.:
> flash write_image image 0x602e0000 bin
> Programming at 0x602e0000, count 0x00000002 bytes remaining
> couldn't write word at base 0x60000000, address 0x602e0000
> error writing to flash at address 0x60000000 at offset 0x002e0000
Root cause for this false error was a mixup of two result variables
introduced with ecc8041c.
Change-Id: Ib6b85293dbed946a36a307e5b198c47b901145bf Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3233 Tested-by: jenkins Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Peter A. Bigot [Thu, 18 Feb 2016 11:58:29 +0000 (05:58 -0600)]
nrf51: move hwid 0057 and add 0058
Chip markings:
N51822 / QFAAG2 / 1435CZ for HWID 0057
N51822 / QFAAG3 / 1436AJ for HWID 0058
Change-Id: I242b94d6a2362aae0de970c7ac77811c76dacdc0 Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Reviewed-on: http://openocd.zylin.com/3187 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Peter A. Bigot [Thu, 12 Nov 2015 11:03:39 +0000 (05:03 -0600)]
nrf51: move table entry for hwid 0084 to correct MCU section
This is a nRF51822 variant, not a nRF51422 variant.
Change-Id: Ia199e0afa39408d7391a9655bad47eba2fd85f14 Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Reviewed-on: http://openocd.zylin.com/3105 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Simplify by printing one component per call, instead of one complete ROM
Table per call. Print common information the same way for all components,
including ROM tables, because ROM tables (at least the top level) contain
useful information in their identification registers, such as the
manufacturer of the SoC.
Print component designer name using the JEP106 helper when available.
Change-Id: Ic51bccd98acfae6886243500153fbdd567be2fae Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/3182 Tested-by: jenkins Reviewed-by: Jiri Kastner <cz172638@gmail.com> Reviewed-by: James Mastros <james@mastros.biz>
adi_v5_swd: Avoid special handling the SELECT cache during connect
The cache is forced to zero to match the value expected by the DPIDR read
so the connect sequence is not destroyed by a SELECT update.
However, DPIDR and in fact all registers except address 4 are independent
of the current DPBANKSEL value. Change swd_queue_dp_bankselect() to use
this fact and avoid touching SELECT for those registers.
Change-Id: I0cd11925fb6adef481bbf45cc24ea2c6dab4b6fb Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/3231 Tested-by: jenkins Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Tomas Vanek [Mon, 12 Oct 2015 22:15:16 +0000 (00:15 +0200)]
Kinetis: check/switch run mode before flash operation
FTFx flash controller requires MCU in normal RUN mode.
Flash cannot be erased, programmed or blank checked in VLPR or HSRUN
modes.
VLPR mode is switched to RUN mode as it does not require any changes
in clock generator setting. VLPR can be active from reset on some
KLx devices (with some FOPT setting) so 'reset init' might not be
sufficient to get device to normal RUN.
Any other mode than RUN or VLPR is reported as an error.
Change-Id: I60f494ce0d534b04870c6219d9b05f66f7244433 Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/3012 Tested-by: jenkins
Tomas Vanek [Thu, 1 Oct 2015 21:35:12 +0000 (23:35 +0200)]
Kinetis: fix preparation of FlexRAM before flash programming
FlexRAM should be requested before any section programming.
Test FCNFG RAMRDY bit before issuing FTFx_CMD_SETFLEXRAM
to speed up operation and to cover pflash only devices.
Change-Id: Ib0f2d8e8ab8b1507cbf2b7f8565178ab79941f5d Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/2990 Tested-by: jenkins
Tomas Vanek [Thu, 1 Oct 2015 09:08:52 +0000 (11:08 +0200)]
Kinetis: kinetis_ftfx_command() based on target instead of flash bank
kinetis_ftfx_command() did not use other struct flash_bank* members
than base->target. Switching first parameter to struct target*
enables use of kinetis_ftfx_command() without unnecessary bank
getting and probing.
Removed kinetis_securing_test: kind of dead code, same function
as command flash erase_address pad 0x400 0x10
Removed "NAND" word from help as flash is obviously NOR
Change-Id: I3f5fc295ef2bf42f3e913549949f2a36377f6367 Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/2988 Tested-by: jenkins
Tomas Vanek [Tue, 29 Sep 2015 15:48:17 +0000 (17:48 +0200)]
Kinetis: FlexNVM handling
FlexNVM (data flash) is memory mapped at 0x10000000.
Driver used to send the same address to FTFx controller for erase/write ops.
This was wrong as FTFx accepts only low 24 bits of address.
To fix addressing for flash controller kinfo->prog_base was introduced.
Added FlexNVM protection check, blank check and data flash size calculation.
Blank check cannot use block operation on FlexNVM when EEPROM backup is enabled.
Removed non functional reassign logic and bank_ordinal stuff.
Now one can re-probe FlexNVM banks after nvm_partition change.
Change-Id: Ia60b938266963e5d056701278cdf7bf2f62a429a Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/2987 Tested-by: jenkins
Such devices are now ignored if device selection via serial number is
used.
Nevertheless, these devices are still usable by using the USB address
for device selection or just by omitting device selection. The latter
one is only possible if only one device is connected.
Change-Id: I5763db25e97ba3d924cb642da7e64e951e09ecb7 Signed-off-by: Marc Schink <openocd-dev@marcschink.de>
Reviewed-on: http://openocd.zylin.com/3225 Tested-by: jenkins Reviewed-by: Nemui Trinomius <nemuisan_kawausogasuki@live.jp> Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Esben Haabendal [Fri, 23 Oct 2015 08:12:59 +0000 (10:12 +0200)]
cfi: support for 16-bit flash with reversed endianness
This is for targets where flash controller has reverse endianness
compared to target. For these, the 'bus_swap' parameter can be given to the
CFI driver, which will cause command CFI commands to be written with
bytes swapped. This is only for x16 CFI flash.
Due to signal propagation delays, sampling TDO on rising TCK can become
quite peculiar at fast TCK rates. However, FTDI chips offer a possiblity
to sample TDO on falling edge. With this change, stable operation can be
achieved at 30MHz clock even over 10cm ribbon cable.
Ivan De Cesaris [Tue, 12 Jan 2016 15:30:18 +0000 (16:30 +0100)]
quark: add Intel Quark mcu D2000 support
Add support for the Intel Quark mcu D2000 using the new quark_d2xx
target.
Changes to the lakemont part are needed for the D2000 core and
backwards compatible with the X1000 one.
Change-Id: I6e1ef5a5d116344942f08e413965abd3945235fa Signed-off-by: Ivan De Cesaris <ivan.de.cesaris@intel.com>
Reviewed-on: http://openocd.zylin.com/3199 Tested-by: jenkins Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Alexander Kurz [Sat, 13 Feb 2016 09:54:52 +0000 (10:54 +0100)]
Helper time_support: const function arguments
duration_elapsed and duration_kbps will not modify the struct duration
passed as function argument, hence it should be declared const.
Change-Id: I459c396952c78e907257e2c2f2c630abde92aaa8 Signed-off-by: Alexander Kurz <akurz@blala.de>
Reviewed-on: http://openocd.zylin.com/3232 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Tomas Vanek [Sat, 9 Jan 2016 17:56:23 +0000 (18:56 +0100)]
adi_v5_swd: invalidate dap->select during (re)connect
Commit 830d0c55c0920606366a15560d1945f1e1942744 introduced
a regression in error recovery after reconnect:
If first SWD queue run in dap_dp_init() fails, DP_SELECT
does not get reset.
Change-Id: I947e2afe9933e4645a6141ece7816af8e6082cf2 Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/3194 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Paul Fertser [Fri, 15 Jan 2016 10:22:28 +0000 (13:22 +0300)]
flash: nor: {pic32mx,cfi}: fix register names
Commit fd43be07265b5f3cf3146f2bb80c1c2fc0a44fcf introduced a
regression: since the register names were changed from those
traditional for MIPS to common GDB scheme the code that makes use of
them needs to be changed accordingly.
This commit restores pic32mx flash driver functionality.
Change-Id: Id18c739390fae36737a02dc30c363d0444f53b96 Reported-by: Louis Rannou <louson@users.sf.net> Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/3206 Tested-by: jenkins Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Bogdan Kolbov [Mon, 14 Dec 2015 13:52:30 +0000 (16:52 +0300)]
flash/nor/niietcm4: minor fixes
niietcm4_write() buffer padding:
add correct buffer padding for 16 bytes.
Args check in FLASH_BANK_COMMAND_HANDLER():
first version of the driver had 7 args, current - 6. This patch will fix
error when flash is rejected (current k1921vk01t.cfg has flash bank init
with 6 args).
Timeouts in flash flag checking procedure:
increase timeouts in niietcm4_opstatus_check() and niietcm4_uopstatus_check()
cause there were problems in some hardware configurations.
JTAG ID:
wrong id in k1921vk01t.cfg replaced with right one.
Jiri Kastner [Wed, 20 Jan 2016 10:21:41 +0000 (11:21 +0100)]
arm_adi_v5: dap_partnums - correction of partnumbers, new added
according to...
ARM DDI 0433B is:
0x9a5 Cortex-A5 PMU
ARM DDI 0435C is:
0x955 Cortex-A5 ETM
ARM DDI 0401C is:
0x950 Cortex-A9 PTM
ARM DDI 0469B is:
0x931 Cortex-R5 ETM
ARM DDI 0460D is:
0xc15 Cortex-R5 Debug
ARM DDI 0458C is:
0x9b7 Cortex-R7 PMU
0xc17 Cortex-R7 Debug
ARM DDI 0535C is:
0x95b Cortex-A17 PTM
0x9ae Cortex-A17 PMU
0xc0e Cortex-A17 Debug
ARM DDI 0500F is:
0x9a8 Cortex-A53 CTI
0x95d Cortex-A53 ETM
0x9d3 Cortex-A53 PMU
0xd03 Cortex-A53 Debug
ARM DDI 0488G is:
0x906 Cortex-A57/A72 CTI
0x95e Cortex-A57 ETM
0x9d7 Cortex-A57 PMU
0xd07 Cortex-A57 Debug
ARM 100095_0002_03_en is:
0x95a Cortex-A72 ETM
0x9d8 Cortex-A72 PMU
0xd08 Cortex-A72 Debug
dap_sync() executes all commands in the JTAG queue and then checks
if a WAIT condition happened inside the last batch. If yes, a recovery
is invoked. If not, processing continues without checking for
errors. This function should be called in long AP read or writes, e.g.
while uploading a new application binary, at intermediate points within
the transfer where the cost of flushing the JTAG queue and checking the
journal doesn't affect performance too much.
ADIv5 specifies that DP and AP accesses may generate a WAIT
response when the hardware is not able to complete a request for various
reasons in time before the next request is sent. Currently, the software
treats a WAIT response as a fatal error and aborts operation on the DAP.
This patch implements WAIT handling by keeping a journal of all
outstanding and completed accesses, including their response status.
At certain times (when dap_run() is called), the journal is inspected
for WAIT responses and all discarded accesses are replayed to complete
them. Special care is taken to not re-execute already successfully
completed operations.
Peter A. Bigot [Mon, 4 Jan 2016 20:37:43 +0000 (14:37 -0600)]
jlink: deconflict local variables from global symbols
BeagleBone debian 7 builds produce:
jlink.c: In function 'jlink_speed':
jlink.c:218:11: error: declaration of 'div' shadows a global declaration [-Werror=shadow]
jlink.c: In function 'check_trace_freq':
jlink.c:1065:54: error: declaration of 'div' shadows a global declaration [-Werror=shadow]
jlink.c: In function 'config_trace':
jlink.c:1101:11: error: declaration of 'div' shadows a global declaration [-Werror=shadow]
Fix this by changing the local variable to 'divider'.
Change-Id: I96a0cc0f7d4d4af5a56aa1e918e5416d3c61cbfe Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Reviewed-on: http://openocd.zylin.com/3185 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Peter A. Bigot [Thu, 31 Dec 2015 15:13:58 +0000 (09:13 -0600)]
arm_adi_v5: deconflict local variables from global symbols
BeagleBone debian 7 builds produce:
adi_v5_jtag.c: In function 'jtag_ap_q_bankselect':
adi_v5_jtag.c:336:11: error: declaration of 'select' shadows a global declaration [-Werror=shadow]
Fix this by changing the local variable to 'sel'.
Change-Id: I8e29662ac12bc77d38d5064046d59b7364853cd9 Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Reviewed-on: http://openocd.zylin.com/3184 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Peter Lawrence [Mon, 28 Dec 2015 21:53:49 +0000 (22:53 +0100)]
ARM ADIv5: CoreSight ROM decode part number and designer id
The existing arm_adi_v5.c code decodes CoreSight peripherals based
on the part number field. However, these are specific to a
particular manufacturer (often ARM). The same part number from
two different manufacturers (distinct designer ids) should not
decode as the same CoreSight peripheral.
The Analog Devices ADSP-SC58x and ADSP-BF70x have peripherals that
overlap with existing OpenOCD decoding. The part number is the
same as existing OpenOCD decoding, but have a different JEP106 code.
Most, if not all, of the existing part number entries in
arm_adi_v5.c are probably specific to ARM. Change all entries
suspected to be designed by ARM to match only ARM's designer ID.
However, to preserve legacy behavior, existing non-ARM entries are
encoded with a wildcard so that they will behave in the same way as
the existing legacy code. It is desirable, however, to start
encoding the data with designer codes to avoid such ambiguity.
Revising the code to check both the part number and designer id
seemed to a warrant a const array lookup table instead of a
multi-tiered switch statement.
Also try to sync part identification IDs with relevant ARM docs.
Change-Id: Iac1374e4cfc6f04cebb479c0e3fa9bde527cc4a3 Signed-off-by: Peter Lawrence <majbthrd@gmail.com>
[andreas.fritiofson@gmail.com: change JEP106 to designer ID, cleanup] Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/3128 Tested-by: jenkins
cortex_a: add 'dacrfixup' to cortex-a command group
work around issues with software breakpoints when the text segment
is mapped read-only by the OS. Set DACR to "all-manager" to bypass
TLB permission checks on memory access.
AM335x: allow simultaneous debugging of A8 and M3 cores
This patch fixes the tap order so that it matches the actual jtag
chain when all taps are enabled. It also introduces a variable
DEFAULT_TAPS that can be set outside of this script, e.g. on the
command line, to specify which taps are to be enabled on init.
Lastly, a new debug target "am335x.m3" is added so that the Wakeup-M3
can be selected for debugging.
Andreas Färber [Sat, 28 Nov 2015 23:17:05 +0000 (00:17 +0100)]
tcl/board: Add Infineon XMC4700 Relax Kit Series config
Tested with Relax Kit for 5V Shields:
J-Link Lite-XMC4200 Rev.1 compiled Oct 14 2015 10:14:50
and with Relax Lite Kit:
J-Link Lite-XMC4200 Rev.1 compiled Oct 14 2015 10:14:50
Derived from xmc4800-relax.cfg.
Change-Id: I4e10fb6ed1f85168634d3b5259d3041ffc6b74d8 Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-on: http://openocd.zylin.com/3130 Tested-by: jenkins Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Matthew Campbell [Tue, 24 Nov 2015 14:05:38 +0000 (09:05 -0500)]
sysfsgpio: support broken gpio implementations
Change tests when reading from 'value' in sysfs from =='0' to !='1'.
This guards against broken sysfs GPIO implementations that return
non-zero for high rather than just '1' while still being clean and
correct code. Note that sysfs will never output a leading zero even
in a very broken implementation as that is covered in gpiolib.c, not
the offending driver.
Tested against broken Freescale kernel 3.14.38 on i.MX6SL.
Change-Id: Id05567bb8504b1babef33d6ee5172bceefeca8b8 Signed-off-by: Matthew Campbell <mcampbell@izotope.com>
Reviewed-on: http://openocd.zylin.com/3121 Tested-by: jenkins Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com> Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
On JTAG, all reads are pipelined. If you read a register, the result is not
delivered inside the request that issued the read, it is delivered in the
following request. The current code therefore issues a scan of the RDBUFF
register after each read. This adds a superfluous transaction after each
read.
This patch follows a strategy similar to what SWD already implements.
It also leverages that all JTAG reads are pipelined, i.e. the result
will be clocked out in the next JTAG data phase, no matter if it's
READ or WRITE. Therefore it's never necessary to explicitly read RDBUFF
other than for the very last READ before a dap_run().
Debug initialization blindly selects AP#0 as default, which is the AHB-AP
in many cases. This sets the default for target_read/write functions.
However, AHB-AP is the wrong choice, because it bypasses caches on read
and write and also makes some peripherals inaccessible (e.g. l2 outer
caches). This patch explicitely selects the APB-AP (debug_ap) as the
default.
Remove entirely the concept of a "selected" AP that has to be maintained
between calls. All the information the DAP ops need are now provided to
each call through the AP/DAP pointer.
Consolidate the cache of the SELECT fields into one single field caching
the entire register.
arm_adi_v5: Remove all cases of "restoring" previous dap_ap_select()
All AP operations should select the AP to use before calling it so
there's no point in restoring the previous value afterwards.
The explicit call to dap_ap_select() before all AP operations should be
moved into dap_queue_ap_read/write() which then would have to take the
AP as an argument instead of the DAP.
adi_v5_jtag: Remove TAR and CSW prints from jtagdp_transaction_endcheck
The AP for which the TAR/CSW is printed may not be the one that caused
the failure. Remove the flawed output entirely. The correct info is
printed in mem_ap_read/write anyway.
All mem_ap_* functions now make sure the SELECT register is updated with
the AP number that it's operating on. This shouldn't have to be handled
explicitly.
This function does two separate things, powering up the DP and setting
up a MEM-AP. But the DP needs to be powered before even searching for a
MEM-AP to initialize and targets may have multiple MEM-APs that need
initializing.
Split the function into dap_dp_init() and mem_ap_init() and change all
call sites to use the appropriate one.
arm_adi_v5: Convert the AP references from numbers to pointers
Change the debug_ap and memory_ap fields of the cortex_a target and
the debug_ap field of the cortex_m target to be pointers to the
struct adiv5_ap instead of AP numbers in some known DAP.
This reduces the dependency on the DAP struct in the targets and
enables MEM-AP accesses to take the relevant AP as parameter.
arm_adi_v5: Add a back-pointer from an AP to its DAP
This will make it possible to reference directly the AP used for debug
in the target instance and remove the DAP reference. This will in turn
enable getting rid of the need to select an "active" AP in the DAP (using
dap apsel).
target/arm: Remove usage of struct arm_jtag in ARMv7 targets
The Cortex-A and Cortex-M keeps an arm_jtag struct around just to be
able to pass a pointer to it to one common JTAG function which anyway
only uses the TAP field.
Refactor the function to take a TAP directly, remove the legacy struct
from cortex instances and store the TAP pointer only in the DAP.
Cortex-M makes a call to arm_jtag_setup_connection() with the struct
but the function does nothing useful for a Cortex-M target so remove
the call.
Making the SWD driver aware of the DAP that controls it is a layering
violation.
The only usage for the DAP pointer is to store the number of idle cycles
the AP may need to avoid WAITs. Replace the DAP pointer with a cycle
count hint instead to avoid future misuse.
Change-Id: I3e64e11a43ba2396bd646a4cf8f9bc331805d802 Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/3141 Tested-by: jenkins Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Patrick Stewart [Mon, 28 Sep 2015 12:51:58 +0000 (13:51 +0100)]
arm_debug: Support multiple APs per DAP and remove DAP from armv7* structs
Separate out the values from adiv5_dap that are associated with a specific AP into a new struct, so we can properly support multiple APs. Remove the DAP struct from the armv7* structs, because we can have multiple CPUs per DAP, and we shouldn't have multiple DAP structs. Tidy up a few places where ap_current is used incorrectly.
Change-Id: I0c6ef4b49cc86b140366347aaf9b76c07cbab0a8 Signed-off-by: Patrick Stewart <patstew@gmail.com>
Reviewed-on: http://openocd.zylin.com/2984 Tested-by: jenkins Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de> Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Patrick Stewart [Sat, 5 Dec 2015 23:18:33 +0000 (00:18 +0100)]
cortex_m: Select an AP when accessing the DAP
Prepare to support multiple cortex-m cores on one DAP. Uses mem_ap_sel_*
functions and removes mem_ap_* functions. Adds a new debug_ap
parameter to the cortex_m (currently set to zero as in existing code).
Change-Id: I6926029d1e7bf44a42d453d1aff349bda824ba72 Signed-off-by: Patrick Stewart <patstew@gmail.com>
Reviewed-on: http://openocd.zylin.com/2983 Tested-by: jenkins Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de> Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Alamy Liu [Thu, 6 Aug 2015 21:05:24 +0000 (14:05 -0700)]
adi_v5: Rename AP_REG_* to MEM_AP_REG_* and add LA support
This is a TODO in the src/target/arm_adi_v5.h for MEM-AP registers.
Some new registers are introduced in ADIv5.2 specification.
MEM_AP_REG_MGT (0x20) // Memory Barrier Transfer register
MEM_AP_REG_TAR64 (0x08) // Bits[63:32] of Transfer Address
MEM_AP_REG_BASE64 (0xF0) // Bits[63:32] of Debug Base Address
Refer to
7.5 MEM-AP register summary in
IHI0031C: ARM Debug Interface Architecture Specification ADIv5.0 to ADIv5.2
Change-Id: I3bc4296a04c35f5c64f851e5865d3099922613fa Signed-off-by: Alamy Liu <alamy.liu@gmail.com>
Reviewed-on: http://openocd.zylin.com/2904 Tested-by: jenkins Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de> Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Alamy Liu [Thu, 6 Aug 2015 23:17:50 +0000 (16:17 -0700)]
cortex-a: Fix "Detected core" number is always '0'
Problem
No matter what target->coreid is, it always shows
Detected core 0 dbgbase: ...
In dap_lookup_cs_component(), it decreases the core index value to zero
in order to find the desired core.
The reference to coreidx is necessary considering "a device which has nested
ROM tables, with each core described in its own table." (by Paul Fertser).
Change-Id: I9b56d45d6edf6639e748a625ab27787f8e5a5776 Signed-off-by: Alamy Liu <alamy.liu@gmail.com>
Reviewed-on: http://openocd.zylin.com/2902 Tested-by: jenkins Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de> Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
cortex_a_read_apb_ab_memory_fast() uses the wrong order of ITR and DSCR
writes when setting up the transfer. ARM DDI0406C says in C8.2 regarding
"Fast mode" operation to first switch to fast mode and then latch the
instruction in ITR. Current implementation first wrote ITR, causing
the instruction to be executed immediately, then switched to fast mode
without an instruction latched. Repeated reading of DTRTX didn't
execute LDC and thus replicated its current content into the whole buffer.
This patch uses the following, revised algorithm:
1) switch to non-blocking mode and issue the LDC for the first word
2) if more than one word is to be read:
- switch to fast mode
- latch the LDC instruction into ITR (it is _not_ executed)
- issue (count-1) reads of DTRTX register, each read returns the current
content of DTRTX and re-issues the latched instruction
-> now the second-to-last word is in the buffer and the LDC for the last
word has been issued.
3) wait for the last instruction to complete
4) switch back to non-blocking mode
5) Read DTRTX for the last (or: only) word and put it into the buffer
Change-Id: I44f5c585962ffa5af257c3d5a2a802c122b6b1e4 Signed-off-by: Matthias Welwarsky <matthias@welwarsky.de>
Reviewed-on: http://openocd.zylin.com/3122 Tested-by: jenkins Reviewed-by: Christopher Head <chead@zaber.com> Reviewed-by: Paul Fertser <fercerpav@gmail.com>
When accessing memory through the ARM core, privilege levels and mmu
access permissions observed. Thus it depends on the current mode of the
ARM core whether an access is possible or not. the ARM in USR mode can
not access memory mapped to a higher privilege level. This means, if the
ARM core is halted while executing at PL0, the debugger would be
prevented from setting a breakpoint at an address with a higher privilege
level, e.g. in the OS kernel. This is not desirable.
cortex_a_check_address() tried to work around this by predicting if an
access would fail and switched the ARM core to SVC mode. However, the
prediction was based on hardcoded address ranges and only worked for
Linux and a 3G/1G user/kernel space split.
This patch changes the policy to always switch to SVC mode for memory
accesses. It introduces two functions cortex_a_prep_memaccess() and
cortex_a_post_memaccess() which bracket memory reads and writes. These
function encapsulate all actions necessary for preparation and cleanup.
when disabling the mmu to access physical addresses, normally the d-cache
must be disabled as well. Disabling the d-cache also requires a full
clean&invalidate. However, since all memory writes are treated as write-
through no-allocate and memory reads do not allocate cache lines,
effectively the d-cache state does not change at all. We can therefore
save the the d-cache disabling and flushing.
cortex_a: force cache and tlb bypass when cpu is in debug state
for minimal impact on the hardware state, force all memory accesses to
bypass the caches and tlbs. This may actually be the default, but ARM
recommends in DDI0406C to set proper default values on debug init.
cortex_a: Update instruction cache after setting a soft breakpoint
Call armv7a_l1_d_cache_flush_virt() before writing the breakpoint,
to make sure the d-cache is clean and invalid at the breakpoint
location down to PoC.
Call armv7a_l1_d_cache_inval_virt() after writing the breakpoint
again, so that d-cache will pick up the modified code.
Call armv7a_l1_i_cache_inval_virt() after writing the breakpoint
to memory to make the change visible to the CPU.
projects / openocd / log