If the flash has not yet been probed and GDB connects while the target is
running, the flash probe triggered by GDB's memory map read will fail. In
that case the returned memory map will be empty, causing a subsequent load
from within GDB to fail. There's not much you can do from GDB to recover,
other than a restart; a 'mon reset init' and manual 'mon flash probe' won't
help since GDB has already made up its mind about the memory map.
It seems there's no reason to require the target to be halted when probing
the flash. Remove the check to let a valid memory map be provided to GDB
even when connecting to a running target.
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
David Brownell [Fri, 16 Apr 2010 02:48:55 +0000 (19:48 -0700)]
NOR/core bugfix: restore invariants
The The patch labeled "CFI CORE: bug-fix protect single sector" was merged
rged without some requested bugfixes. Most significantly it broke invariants
in the code, invalidating descriptions and changing the calling convention
for underlying drivers. (It (Also wasn't CFI-specific...)
Fix that, and Include an update from Antonio Borneo for the degenerate
"nothing to do" case, (although that's still in the wrong location. which
is presumably why that is it was working in some cases but not all.)
Antonio Borneo [Wed, 14 Apr 2010 08:32:30 +0000 (16:32 +0800)]
NOR/CFI: fix order of arguments check
Syntax of "flash bank" command requires:
- chip_width as CMD_ARGV[3]
- bus_width as CMD_ARGV[4]
Actual code swaps the arguments.
Bug has no run time impact since wrong variables
are only used to check value and both are checked
against same constraint.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Mike Dunn [Tue, 13 Apr 2010 17:34:52 +0000 (13:34 -0400)]
xscale: fix analyze_trace for trace data collected in wrap mode
This patch fixes the xscale_analyze_trace() function. This function was
defective for a trace collected in 'fill' mode (hiccups with repeated
instructions) and completely broken when buffer overflowed in 'wrap' mode. The
reason for the latter case is that the checkpoint registers were interpreted
incorrectly when two checkpoints are present in the trace (which will be true in
'wrap' mode once the buffer fills). In this case, checkpoint1 register will
contain the older entry, and checkpoint0 the newer. The original code assumed
the opposite. I eventually gave up trying to understand all the logic of the
function, and rewrote it. I think it's much cleaner and understandable now. I
have been using and testing this for a few weeks now. I'm confident it hasn't
regressed in any way.
Also added capability to handle (as best as possible) the case where an
instruction can not be read from the loaded trace image; e.g., partial image.
This was a 'TODO' comment in the original xscale_analyze_trace().
Outside of xcsale_analyze_trace(), these (related) changes were made:
- Remove pc_ok and current_pc elements from struct xscale_trace. These elements
and associated logic are useless clutter because the very first entry placed
in the trace buffer is always an indirect jump to the address at which
execution resumed. This type of trace entry includes the literal address in
the trace buffer, so the initial address of the trace is immediately
determined from the trace buffer contents and does not need to be recorded
when trace is enabled.
- Added num_checkpoints to struct xscale_trace_data, which is necessary in order
to correctly interpret the checkpoint register contents.
- In xscale_read_trace()
- Fix potential array out-of-bounds condition.
- Eliminate partial address entries when parsing trace (can occur in wrap mode).
- Count and record number of checkpoints in trace.
- Added small, inlined utility function xscale_display_instruction() to help
make the code more concise and clear.
TODO:
- Save processor state (arm or thumb) in struct xscale_trace when trace is
enabled so that trace can be analyzed correctly (currently assumes arm mode).
- Add element to struct xscale_trace that records (when trace is enabled)
whether vector table is relocated high (to 0xffff0000) or not, so that a
branch to an exception vector is traced correctly (curently assumes vectors
at 0x0).
Anton Fedotov [Wed, 14 Apr 2010 05:36:08 +0000 (07:36 +0200)]
cortex-a8: more MMU support
+ virt2phys() can now convert virtual address to real
+ read_memory() and write_memory() are renamed to read_phys_memory()
and write_phys_memory()
+ new read_memory() and write_memory() try to resolve real address if
mmu is enambled than perform real address reading/writing
+ if address is bellow 0xc000000 than TTB0 is used for page table
dereference, if above - than TTB1. Linux style of user/kernel address
separation
+ if above fails (i.e address is unspecified) than mode is checked
whether it is Supervisor (than TTB1) or User (than TTB0)
- Software breakpoints doesn't work. You should invoke
"gdb_breakpoint_override hard" before you start debugging
+ cortex_a8_mmu(), cortex_a8_enable_mmu_caches(),
cortex_a8_disable_mmu_caches() are implemented
David Brownell [Sun, 4 Apr 2010 08:28:50 +0000 (01:28 -0700)]
Restore deleted '!' character
I'm not sure what caused this significant character to get deleted.
it may be related to intermittent Editor or terminal flakes I've
been seeing lately (sigh). This fix is trivial.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
David Brownell [Sun, 4 Apr 2010 07:42:05 +0000 (00:42 -0700)]
target: are we running algorithm code?
Fixing one bug can easily uncover another .... in this case,
making sure that we properly invalidate some cached NOR state when
resuming arbitrary target code turned up an issue when the code
wasn't quite arbitrary (and we couldn't know that, but some parts
of OpenOCD assumed the cache would not be invalidated.
Specifically: some flash drivers (like CFI) update that state in loops
with downloaded algorithms, thus invalidating the state as it's probed.
+ Add a new target state flag, to record whether the target is
running downloaded algorithm code.
+ Use that flag to add a special case: "trust" downloaded algorithms
not to corrupt that cached state, bypassing cache invalidation.
Also update some of the documentation to stipulate that this flavor of
trustworthiness is now *required* ... not just a fortuitous acident.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
David Brownell [Sun, 4 Apr 2010 07:38:39 +0000 (00:38 -0700)]
simplify and unconfuse target_run_algorithm()
For some reason there are *two* schemes for interposing logic into
the run_algorithm() code path... One is a standard procedural wapper
around the target method invocation.
the other (superfluous) one hacked the method table by splicing
a second procedural wrapper into the method table. Remove it:
* Rename its slightly-more-featureful wrapper so it becomes
the standard procedural wrapper, leaving its added logic
(where it should have been in the first place.
Also add a paranoia check, to report targets that don't
support algorithms without traversing a NULL pointer, and
tweak its code structure a bit so it's easier to modify.
* Get rid of the superfluous/conusing method table hacks.
This is a net simplification, making it simpler to analyse what's
going on, and then interpose logic . ... by ensuring there's only one
natural place for it to live.
------------
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Mike Dunn [Sun, 28 Mar 2010 19:48:32 +0000 (15:48 -0400)]
xscale: fix trace buffer functionality when resuming from a breakpoint
Problem: halt at a breakpoint, enable trace buffer ('xscale trace_buffer enable
fill'), then resume. Wait for debug exception when trace buffer fills (if not
sooner due to another breakpoint, vector catch, etc). Instead, never halts.
When halted explicitly from OpenOCD and trace buffer dumped, it contains only
one entry; a branch to the address of the original breakpoint. If the above
steps are repeated, except that the breakpoint is removed before resuming, the
trace buffer fills and the debug exception is generated, as expected.
Cause: related to how a breakpoint is stepped over on resume. The breakpoint is
temporarily removed, and a hardware breakpoint is set on the next instruction
that will execute. xscale_debug_entry() is called when that breakpoint hits.
This function checks if the trace buffer is enabled, and if so reads the trace
buffer from the target and then disables the trace (unless multiple trace
buffers are specified by the user when trace is enabled). Thus you only trace
one instruction before it is disabled.
Solution: kind of a hack on top of a hack, but it's simple. Anything better
would involve some refactoring. This has been tested and trace now works as
intended, except that the very first instruction is not part of the trace when
resuming from a breakpoint.
TODO: still many issues with trace: doesn't work during single-stepping (trace
buffer is flushed each step), 'xscale analyze_trace' works only marginally for
a trace captured in 'fill' mode, and not at all for a trace captured in 'wrap'
mode.
David Brownell [Sat, 27 Mar 2010 17:07:13 +0000 (10:07 -0700)]
jtag/tcl.c cleanup -- split out "adapter.c"
Clean up the jtag/tcl.c file, which was one of the biggest and
messiest ones in that directory. Do it by splitting out all the
generic adapter commands to a separate "adapter.c" file (leaving
the "tcl.c" file holding only JTAG utilities).
Also rename the little-used "jtag interface" to "adapter_name", which
should have been at least re-categorized earlier (it's not jtag-only).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Antonio Borneo [Fri, 26 Mar 2010 07:17:46 +0000 (15:17 +0800)]
TCL scripts: update to current "flash bank" syntax
While "flash bank" syntax has been changed long ago,
several tcl script are still not fully update.
Fix following cases related with "cfi" driver:
- syntax error: the mandatory <name> parameter is missing
- warning: the <target> parameter is a number, instead of
the target name
- the comment line above the command does not report
actual syntax
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Øyvind Harboe [Thu, 4 Mar 2010 18:58:42 +0000 (19:58 +0100)]
zy1000: dev tool
first cut peek/poke over tcp/ip, used for debug/research
purposes only. Long term JTAG over TCP/IP might be an
offshoot. The performance is usable for development/testing
purposes.
Øyvind Harboe [Thu, 25 Mar 2010 12:06:23 +0000 (13:06 +0100)]
target: fix poll off
I don't know when "poll off" broke, but "poll off" didn't
stop background polling of target. The polling status flag
simply wasn't checked in the handle_target timer callback.
All target polling(including power/reset state) is now stopped
upon "poll off".
Mike Dunn [Sat, 20 Mar 2010 14:53:47 +0000 (10:53 -0400)]
fix software breakpoints on xscale
This patch fixes xscale software breakpoints by cleaning the dcache and
invalidating the icache after the bkpt instruction is inserted or removed. The
icache operation is necessary in order to flush the fetch buffers, even if the
icache is disabled (see section 4.2.7 of the xscale core developer's manual).
The dcache is presumed to be enabled; no harm done if not. The dcache is also
invalidated after cleaning in order to safeguard against a future load of
invalid data, in the event that cache_clean_address points to memory that is
valid and in use.
Also corrected a confusing typo I noticed in a comment.
TODO (or not TODO...?): the xscale's 2K "mini dcache" is not cleaned. This
cache is not used unless the 'X' bit in the page table entry is set. This is a
proprietary xscale extension to the ARM architecture. If a target's OS or
executive makes use of this for memory regions holding code, the breakpoint
problem will persist. Flushing the mini dcache requires that 2K of valid
cacheable memory (mapped with 'X' bit set) be designated by the user for this
purpose. The debug handler that gets downloaded to the target will also need to
be extended.
David Brownell [Mon, 22 Mar 2010 05:49:23 +0000 (22:49 -0700)]
ft2232 init mess cleanup
In the ft2232 driver, initialization for many layouts punts to a routine
called usbjtag_init(), instead of a routine specific to each layout.
That routine is a mess built around a "what type layout am I" core.
That's a bad design ... in this case, especially so, since it bypasses
the layout-specific dispatch which was just done, and obfuscates the
initialization which is at least somewhat generic, instead of being
specific to the "usbjtag" layout.
Split and document out the generic parts of usbjtag_init(), and make
the rest of those layouts have layout-specific init methods. Also,
rename usbjtag_reset() ... that also was not specific to the "usbjtag"
layout, and thus contributed to the previous code structure confusion.
(Eventually, all layout-specific code (and method tables) should probably
live in files specific to each layout. These changes will facilitate
those and other cleanups to this driver.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Mike Dunn [Fri, 19 Mar 2010 04:34:13 +0000 (21:34 -0700)]
Fix underlying problem with xscale icache and dcache commands
Fix problem with the xscale icache and dcache commands. Both commands were
enabling or disabling the mmu, not the caches
I didn't look any further after my earlier patch fixed the trivial problem
with command argument parsing. Turns out the underlying code was broken.
The resolution is straightforward when you look at the arguments to
xscale_enable_mmu_caches() and xscale_disable_mmu_caches(). I finally
took a deeper look after dumping the cp15 control register (XSCALE_CTRL)
and seeing that the cache bits weren't changing, but the mmu bit was
(which caused all manner of grief, as you can imagine). This has been
tested and works OK now.
David Brownell [Thu, 18 Mar 2010 18:56:17 +0000 (11:56 -0700)]
remove more duplication
Not sure how the original "move code to adi_v5_swd.c" patch left
some code in the "arm_adi_v5.c" file, but a recent patch was only
a partial fix -- it didn't remove all the duplication.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Øyvind Harboe [Tue, 16 Mar 2010 13:13:03 +0000 (14:13 +0100)]
jtag: cut down on usage of unintended modification of global end state
jtag_get/set_end_state() is now deprecated.
There were lots of places in the code where the end state was
unintentionally modified.
The big Q is whether there were any places where the intention
was to modify the end state. 0.5 is a long way off, so we'll
get a fair amount of testing.
Spencer Oliver [Tue, 16 Mar 2010 12:48:53 +0000 (12:48 +0000)]
MIPS: remove ejtag_srst variant
The mips_m4k_assert_reset has now been restructured
so the variant ejtag_srst is not required anymore.
The ejtag software reset will be used if the target does not
have srst connected.
Remove ejtag_srst from docs.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Øyvind Harboe [Tue, 16 Mar 2010 13:45:07 +0000 (14:45 +0100)]
gdb_server: improved gdb load performance
by ack'ing memory writes immediately and reporting either
at next memory write or stepi/continue time. GDB will then
send off a new packet that is ready by the time the previous
packet has been written to target memory.
On faster adapters this can be as much as 10% improvement.
David Brownell [Tue, 16 Mar 2010 21:12:00 +0000 (14:12 -0700)]
ADIv5 transport support moves to separate files
Unclutter arm_adi_v5.c by moving most transport-specific code
to a transport-specific files adi_v5_{jtag,swd}.c ... it's not
a full cleanup, because of some issues which need to be addressed
as part of SWD support (along with implementing the DAP operations
on top of SWD transport):
- The mess where mem_ap_read_buf_u32() is currently coded to
know about JTAG scan chains, and thus needs rewriting before
it will work with SWD;
- Initialization is still JTAG-specific
Also move JTAG_{DP,ACK}_* constants from adi_v5.h to the JTAG
file; no other code should care about those values.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>