1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2006 by Magnus Lundin *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex-R4 support *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
26 * This program is free software; you can redistribute it and/or modify *
27 * it under the terms of the GNU General Public License as published by *
28 * the Free Software Foundation; either version 2 of the License, or *
29 * (at your option) any later version. *
31 * This program is distributed in the hope that it will be useful, *
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
34 * GNU General Public License for more details. *
36 * You should have received a copy of the GNU General Public License *
37 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
39 * Cortex-A8(tm) TRM, ARM DDI 0344H *
40 * Cortex-A9(tm) TRM, ARM DDI 0407F *
41 * Cortex-A4(tm) TRM, ARM DDI 0363E *
42 * Cortex-A15(tm)TRM, ARM DDI 0438C *
44 ***************************************************************************/
50 #include "breakpoints.h"
53 #include "target_request.h"
54 #include "target_type.h"
55 #include "arm_opcodes.h"
56 #include "arm_semihosting.h"
57 #include "transport/transport.h"
58 #include <helper/time_support.h>
60 #define foreach_smp_target(pos, head) \
61 for (pos = head; (pos != NULL); pos = pos->next)
63 static int cortex_a_poll(struct target *target);
64 static int cortex_a_debug_entry(struct target *target);
65 static int cortex_a_restore_context(struct target *target, bool bpwp);
66 static int cortex_a_set_breakpoint(struct target *target,
67 struct breakpoint *breakpoint, uint8_t matchmode);
68 static int cortex_a_set_context_breakpoint(struct target *target,
69 struct breakpoint *breakpoint, uint8_t matchmode);
70 static int cortex_a_set_hybrid_breakpoint(struct target *target,
71 struct breakpoint *breakpoint);
72 static int cortex_a_unset_breakpoint(struct target *target,
73 struct breakpoint *breakpoint);
74 static int cortex_a_mmu(struct target *target, int *enabled);
75 static int cortex_a_mmu_modify(struct target *target, int enable);
76 static int cortex_a_virt2phys(struct target *target,
77 target_addr_t virt, target_addr_t *phys);
78 static int cortex_a_read_cpu_memory(struct target *target,
79 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
82 /* restore cp15_control_reg at resume */
83 static int cortex_a_restore_cp15_control_reg(struct target *target)
85 int retval = ERROR_OK;
86 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
87 struct armv7a_common *armv7a = target_to_armv7a(target);
89 if (cortex_a->cp15_control_reg != cortex_a->cp15_control_reg_curr) {
90 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
91 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
92 retval = armv7a->arm.mcr(target, 15,
95 cortex_a->cp15_control_reg);
101 * Set up ARM core for memory access.
102 * If !phys_access, switch to SVC mode and make sure MMU is on
103 * If phys_access, switch off mmu
105 static int cortex_a_prep_memaccess(struct target *target, int phys_access)
107 struct armv7a_common *armv7a = target_to_armv7a(target);
108 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
111 if (phys_access == 0) {
112 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
113 cortex_a_mmu(target, &mmu_enabled);
115 cortex_a_mmu_modify(target, 1);
116 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
117 /* overwrite DACR to all-manager */
118 armv7a->arm.mcr(target, 15,
123 cortex_a_mmu(target, &mmu_enabled);
125 cortex_a_mmu_modify(target, 0);
131 * Restore ARM core after memory access.
132 * If !phys_access, switch to previous mode
133 * If phys_access, restore MMU setting
135 static int cortex_a_post_memaccess(struct target *target, int phys_access)
137 struct armv7a_common *armv7a = target_to_armv7a(target);
138 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
140 if (phys_access == 0) {
141 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
143 armv7a->arm.mcr(target, 15,
145 cortex_a->cp15_dacr_reg);
147 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
150 cortex_a_mmu(target, &mmu_enabled);
152 cortex_a_mmu_modify(target, 1);
158 /* modify cp15_control_reg in order to enable or disable mmu for :
159 * - virt2phys address conversion
160 * - read or write memory in phys or virt address */
161 static int cortex_a_mmu_modify(struct target *target, int enable)
163 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
164 struct armv7a_common *armv7a = target_to_armv7a(target);
165 int retval = ERROR_OK;
169 /* if mmu enabled at target stop and mmu not enable */
170 if (!(cortex_a->cp15_control_reg & 0x1U)) {
171 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
174 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0) {
175 cortex_a->cp15_control_reg_curr |= 0x1U;
179 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0x1U) {
180 cortex_a->cp15_control_reg_curr &= ~0x1U;
186 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32,
187 enable ? "enable mmu" : "disable mmu",
188 cortex_a->cp15_control_reg_curr);
190 retval = armv7a->arm.mcr(target, 15,
193 cortex_a->cp15_control_reg_curr);
199 * Cortex-A Basic debug access, very low level assumes state is saved
201 static int cortex_a_init_debug_access(struct target *target)
203 struct armv7a_common *armv7a = target_to_armv7a(target);
206 /* lock memory-mapped access to debug registers to prevent
207 * software interference */
208 retval = mem_ap_write_u32(armv7a->debug_ap,
209 armv7a->debug_base + CPUDBG_LOCKACCESS, 0);
210 if (retval != ERROR_OK)
213 /* Disable cacheline fills and force cache write-through in debug state */
214 retval = mem_ap_write_u32(armv7a->debug_ap,
215 armv7a->debug_base + CPUDBG_DSCCR, 0);
216 if (retval != ERROR_OK)
219 /* Disable TLB lookup and refill/eviction in debug state */
220 retval = mem_ap_write_u32(armv7a->debug_ap,
221 armv7a->debug_base + CPUDBG_DSMCR, 0);
222 if (retval != ERROR_OK)
225 retval = dap_run(armv7a->debug_ap->dap);
226 if (retval != ERROR_OK)
229 /* Enabling of instruction execution in debug mode is done in debug_entry code */
231 /* Resync breakpoint registers */
233 /* Since this is likely called from init or reset, update target state information*/
234 return cortex_a_poll(target);
237 static int cortex_a_wait_instrcmpl(struct target *target, uint32_t *dscr, bool force)
239 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
240 * Writes final value of DSCR into *dscr. Pass force to force always
241 * reading DSCR at least once. */
242 struct armv7a_common *armv7a = target_to_armv7a(target);
243 int64_t then = timeval_ms();
244 while ((*dscr & DSCR_INSTR_COMP) == 0 || force) {
246 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
247 armv7a->debug_base + CPUDBG_DSCR, dscr);
248 if (retval != ERROR_OK) {
249 LOG_ERROR("Could not read DSCR register");
252 if (timeval_ms() > then + 1000) {
253 LOG_ERROR("Timeout waiting for InstrCompl=1");
260 /* To reduce needless round-trips, pass in a pointer to the current
261 * DSCR value. Initialize it to zero if you just need to know the
262 * value on return from this function; or DSCR_INSTR_COMP if you
263 * happen to know that no instruction is pending.
265 static int cortex_a_exec_opcode(struct target *target,
266 uint32_t opcode, uint32_t *dscr_p)
270 struct armv7a_common *armv7a = target_to_armv7a(target);
272 dscr = dscr_p ? *dscr_p : 0;
274 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
276 /* Wait for InstrCompl bit to be set */
277 retval = cortex_a_wait_instrcmpl(target, dscr_p, false);
278 if (retval != ERROR_OK)
281 retval = mem_ap_write_u32(armv7a->debug_ap,
282 armv7a->debug_base + CPUDBG_ITR, opcode);
283 if (retval != ERROR_OK)
286 int64_t then = timeval_ms();
288 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
289 armv7a->debug_base + CPUDBG_DSCR, &dscr);
290 if (retval != ERROR_OK) {
291 LOG_ERROR("Could not read DSCR register");
294 if (timeval_ms() > then + 1000) {
295 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
298 } while ((dscr & DSCR_INSTR_COMP) == 0); /* Wait for InstrCompl bit to be set */
306 /* Write to memory mapped registers directly with no cache or mmu handling */
307 static int cortex_a_dap_write_memap_register_u32(struct target *target,
312 struct armv7a_common *armv7a = target_to_armv7a(target);
314 retval = mem_ap_write_atomic_u32(armv7a->debug_ap, address, value);
320 * Cortex-A implementation of Debug Programmer's Model
322 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
323 * so there's no need to poll for it before executing an instruction.
325 * NOTE that in several of these cases the "stall" mode might be useful.
326 * It'd let us queue a few operations together... prepare/finish might
327 * be the places to enable/disable that mode.
330 static inline struct cortex_a_common *dpm_to_a(struct arm_dpm *dpm)
332 return container_of(dpm, struct cortex_a_common, armv7a_common.dpm);
335 static int cortex_a_write_dcc(struct cortex_a_common *a, uint32_t data)
337 LOG_DEBUG("write DCC 0x%08" PRIx32, data);
338 return mem_ap_write_u32(a->armv7a_common.debug_ap,
339 a->armv7a_common.debug_base + CPUDBG_DTRRX, data);
342 static int cortex_a_read_dcc(struct cortex_a_common *a, uint32_t *data,
345 uint32_t dscr = DSCR_INSTR_COMP;
351 /* Wait for DTRRXfull */
352 int64_t then = timeval_ms();
353 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
354 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
355 a->armv7a_common.debug_base + CPUDBG_DSCR,
357 if (retval != ERROR_OK)
359 if (timeval_ms() > then + 1000) {
360 LOG_ERROR("Timeout waiting for read dcc");
365 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
366 a->armv7a_common.debug_base + CPUDBG_DTRTX, data);
367 if (retval != ERROR_OK)
369 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
377 static int cortex_a_dpm_prepare(struct arm_dpm *dpm)
379 struct cortex_a_common *a = dpm_to_a(dpm);
383 /* set up invariant: INSTR_COMP is set after ever DPM operation */
384 int64_t then = timeval_ms();
386 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
387 a->armv7a_common.debug_base + CPUDBG_DSCR,
389 if (retval != ERROR_OK)
391 if ((dscr & DSCR_INSTR_COMP) != 0)
393 if (timeval_ms() > then + 1000) {
394 LOG_ERROR("Timeout waiting for dpm prepare");
399 /* this "should never happen" ... */
400 if (dscr & DSCR_DTR_RX_FULL) {
401 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
403 retval = cortex_a_exec_opcode(
404 a->armv7a_common.arm.target,
405 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
407 if (retval != ERROR_OK)
414 static int cortex_a_dpm_finish(struct arm_dpm *dpm)
416 /* REVISIT what could be done here? */
420 static int cortex_a_instr_write_data_dcc(struct arm_dpm *dpm,
421 uint32_t opcode, uint32_t data)
423 struct cortex_a_common *a = dpm_to_a(dpm);
425 uint32_t dscr = DSCR_INSTR_COMP;
427 retval = cortex_a_write_dcc(a, data);
428 if (retval != ERROR_OK)
431 return cortex_a_exec_opcode(
432 a->armv7a_common.arm.target,
437 static int cortex_a_instr_write_data_r0(struct arm_dpm *dpm,
438 uint32_t opcode, uint32_t data)
440 struct cortex_a_common *a = dpm_to_a(dpm);
441 uint32_t dscr = DSCR_INSTR_COMP;
444 retval = cortex_a_write_dcc(a, data);
445 if (retval != ERROR_OK)
448 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
449 retval = cortex_a_exec_opcode(
450 a->armv7a_common.arm.target,
451 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
453 if (retval != ERROR_OK)
456 /* then the opcode, taking data from R0 */
457 retval = cortex_a_exec_opcode(
458 a->armv7a_common.arm.target,
465 static int cortex_a_instr_cpsr_sync(struct arm_dpm *dpm)
467 struct target *target = dpm->arm->target;
468 uint32_t dscr = DSCR_INSTR_COMP;
470 /* "Prefetch flush" after modifying execution status in CPSR */
471 return cortex_a_exec_opcode(target,
472 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
476 static int cortex_a_instr_read_data_dcc(struct arm_dpm *dpm,
477 uint32_t opcode, uint32_t *data)
479 struct cortex_a_common *a = dpm_to_a(dpm);
481 uint32_t dscr = DSCR_INSTR_COMP;
483 /* the opcode, writing data to DCC */
484 retval = cortex_a_exec_opcode(
485 a->armv7a_common.arm.target,
488 if (retval != ERROR_OK)
491 return cortex_a_read_dcc(a, data, &dscr);
495 static int cortex_a_instr_read_data_r0(struct arm_dpm *dpm,
496 uint32_t opcode, uint32_t *data)
498 struct cortex_a_common *a = dpm_to_a(dpm);
499 uint32_t dscr = DSCR_INSTR_COMP;
502 /* the opcode, writing data to R0 */
503 retval = cortex_a_exec_opcode(
504 a->armv7a_common.arm.target,
507 if (retval != ERROR_OK)
510 /* write R0 to DCC */
511 retval = cortex_a_exec_opcode(
512 a->armv7a_common.arm.target,
513 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
515 if (retval != ERROR_OK)
518 return cortex_a_read_dcc(a, data, &dscr);
521 static int cortex_a_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
522 uint32_t addr, uint32_t control)
524 struct cortex_a_common *a = dpm_to_a(dpm);
525 uint32_t vr = a->armv7a_common.debug_base;
526 uint32_t cr = a->armv7a_common.debug_base;
530 case 0 ... 15: /* breakpoints */
531 vr += CPUDBG_BVR_BASE;
532 cr += CPUDBG_BCR_BASE;
534 case 16 ... 31: /* watchpoints */
535 vr += CPUDBG_WVR_BASE;
536 cr += CPUDBG_WCR_BASE;
545 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
546 (unsigned) vr, (unsigned) cr);
548 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
550 if (retval != ERROR_OK)
552 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
557 static int cortex_a_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
559 struct cortex_a_common *a = dpm_to_a(dpm);
564 cr = a->armv7a_common.debug_base + CPUDBG_BCR_BASE;
567 cr = a->armv7a_common.debug_base + CPUDBG_WCR_BASE;
575 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr);
577 /* clear control register */
578 return cortex_a_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
581 static int cortex_a_dpm_setup(struct cortex_a_common *a, uint32_t didr)
583 struct arm_dpm *dpm = &a->armv7a_common.dpm;
586 dpm->arm = &a->armv7a_common.arm;
589 dpm->prepare = cortex_a_dpm_prepare;
590 dpm->finish = cortex_a_dpm_finish;
592 dpm->instr_write_data_dcc = cortex_a_instr_write_data_dcc;
593 dpm->instr_write_data_r0 = cortex_a_instr_write_data_r0;
594 dpm->instr_cpsr_sync = cortex_a_instr_cpsr_sync;
596 dpm->instr_read_data_dcc = cortex_a_instr_read_data_dcc;
597 dpm->instr_read_data_r0 = cortex_a_instr_read_data_r0;
599 dpm->bpwp_enable = cortex_a_bpwp_enable;
600 dpm->bpwp_disable = cortex_a_bpwp_disable;
602 retval = arm_dpm_setup(dpm);
603 if (retval == ERROR_OK)
604 retval = arm_dpm_initialize(dpm);
608 static struct target *get_cortex_a(struct target *target, int32_t coreid)
610 struct target_list *head;
614 while (head != (struct target_list *)NULL) {
616 if ((curr->coreid == coreid) && (curr->state == TARGET_HALTED))
622 static int cortex_a_halt(struct target *target);
624 static int cortex_a_halt_smp(struct target *target)
627 struct target_list *head;
630 while (head != (struct target_list *)NULL) {
632 if ((curr != target) && (curr->state != TARGET_HALTED)
633 && target_was_examined(curr))
634 retval += cortex_a_halt(curr);
640 static int update_halt_gdb(struct target *target)
642 struct target *gdb_target = NULL;
643 struct target_list *head;
647 if (target->gdb_service && target->gdb_service->core[0] == -1) {
648 target->gdb_service->target = target;
649 target->gdb_service->core[0] = target->coreid;
650 retval += cortex_a_halt_smp(target);
653 if (target->gdb_service)
654 gdb_target = target->gdb_service->target;
656 foreach_smp_target(head, target->head) {
658 /* skip calling context */
661 if (!target_was_examined(curr))
663 /* skip targets that were already halted */
664 if (curr->state == TARGET_HALTED)
666 /* Skip gdb_target; it alerts GDB so has to be polled as last one */
667 if (curr == gdb_target)
670 /* avoid recursion in cortex_a_poll() */
676 /* after all targets were updated, poll the gdb serving target */
677 if (gdb_target != NULL && gdb_target != target)
678 cortex_a_poll(gdb_target);
683 * Cortex-A Run control
686 static int cortex_a_poll(struct target *target)
688 int retval = ERROR_OK;
690 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
691 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
692 enum target_state prev_target_state = target->state;
693 /* toggle to another core is done by gdb as follow */
694 /* maint packet J core_id */
696 /* the next polling trigger an halt event sent to gdb */
697 if ((target->state == TARGET_HALTED) && (target->smp) &&
698 (target->gdb_service) &&
699 (target->gdb_service->target == NULL)) {
700 target->gdb_service->target =
701 get_cortex_a(target, target->gdb_service->core[1]);
702 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
705 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
706 armv7a->debug_base + CPUDBG_DSCR, &dscr);
707 if (retval != ERROR_OK)
709 cortex_a->cpudbg_dscr = dscr;
711 if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED)) {
712 if (prev_target_state != TARGET_HALTED) {
713 /* We have a halting debug event */
714 LOG_DEBUG("Target halted");
715 target->state = TARGET_HALTED;
716 if ((prev_target_state == TARGET_RUNNING)
717 || (prev_target_state == TARGET_UNKNOWN)
718 || (prev_target_state == TARGET_RESET)) {
719 retval = cortex_a_debug_entry(target);
720 if (retval != ERROR_OK)
723 retval = update_halt_gdb(target);
724 if (retval != ERROR_OK)
728 if (arm_semihosting(target, &retval) != 0)
731 target_call_event_callbacks(target,
732 TARGET_EVENT_HALTED);
734 if (prev_target_state == TARGET_DEBUG_RUNNING) {
737 retval = cortex_a_debug_entry(target);
738 if (retval != ERROR_OK)
741 retval = update_halt_gdb(target);
742 if (retval != ERROR_OK)
746 target_call_event_callbacks(target,
747 TARGET_EVENT_DEBUG_HALTED);
751 target->state = TARGET_RUNNING;
756 static int cortex_a_halt(struct target *target)
758 int retval = ERROR_OK;
760 struct armv7a_common *armv7a = target_to_armv7a(target);
763 * Tell the core to be halted by writing DRCR with 0x1
764 * and then wait for the core to be halted.
766 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
767 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
768 if (retval != ERROR_OK)
772 * enter halting debug mode
774 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
775 armv7a->debug_base + CPUDBG_DSCR, &dscr);
776 if (retval != ERROR_OK)
779 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
780 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
781 if (retval != ERROR_OK)
784 int64_t then = timeval_ms();
786 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
787 armv7a->debug_base + CPUDBG_DSCR, &dscr);
788 if (retval != ERROR_OK)
790 if ((dscr & DSCR_CORE_HALTED) != 0)
792 if (timeval_ms() > then + 1000) {
793 LOG_ERROR("Timeout waiting for halt");
798 target->debug_reason = DBG_REASON_DBGRQ;
803 static int cortex_a_internal_restore(struct target *target, int current,
804 target_addr_t *address, int handle_breakpoints, int debug_execution)
806 struct armv7a_common *armv7a = target_to_armv7a(target);
807 struct arm *arm = &armv7a->arm;
811 if (!debug_execution)
812 target_free_all_working_areas(target);
815 if (debug_execution) {
816 /* Disable interrupts */
817 /* We disable interrupts in the PRIMASK register instead of
818 * masking with C_MASKINTS,
819 * This is probably the same issue as Cortex-M3 Errata 377493:
820 * C_MASKINTS in parallel with disabled interrupts can cause
821 * local faults to not be taken. */
822 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
823 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
824 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
826 /* Make sure we are in Thumb mode */
827 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
828 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0,
830 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
831 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
835 /* current = 1: continue on current pc, otherwise continue at <address> */
836 resume_pc = buf_get_u32(arm->pc->value, 0, 32);
838 resume_pc = *address;
840 *address = resume_pc;
842 /* Make sure that the Armv7 gdb thumb fixups does not
843 * kill the return address
845 switch (arm->core_state) {
847 resume_pc &= 0xFFFFFFFC;
849 case ARM_STATE_THUMB:
850 case ARM_STATE_THUMB_EE:
851 /* When the return address is loaded into PC
852 * bit 0 must be 1 to stay in Thumb state
856 case ARM_STATE_JAZELLE:
857 LOG_ERROR("How do I resume into Jazelle state??");
859 case ARM_STATE_AARCH64:
860 LOG_ERROR("Shoudn't be in AARCH64 state");
863 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
864 buf_set_u32(arm->pc->value, 0, 32, resume_pc);
868 /* restore dpm_mode at system halt */
869 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
870 /* called it now before restoring context because it uses cpu
871 * register r0 for restoring cp15 control register */
872 retval = cortex_a_restore_cp15_control_reg(target);
873 if (retval != ERROR_OK)
875 retval = cortex_a_restore_context(target, handle_breakpoints);
876 if (retval != ERROR_OK)
878 target->debug_reason = DBG_REASON_NOTHALTED;
879 target->state = TARGET_RUNNING;
881 /* registers are now invalid */
882 register_cache_invalidate(arm->core_cache);
885 /* the front-end may request us not to handle breakpoints */
886 if (handle_breakpoints) {
887 /* Single step past breakpoint at current address */
888 breakpoint = breakpoint_find(target, resume_pc);
890 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
891 cortex_m3_unset_breakpoint(target, breakpoint);
892 cortex_m3_single_step_core(target);
893 cortex_m3_set_breakpoint(target, breakpoint);
901 static int cortex_a_internal_restart(struct target *target)
903 struct armv7a_common *armv7a = target_to_armv7a(target);
904 struct arm *arm = &armv7a->arm;
908 * * Restart core and wait for it to be started. Clear ITRen and sticky
909 * * exception flags: see ARMv7 ARM, C5.9.
911 * REVISIT: for single stepping, we probably want to
912 * disable IRQs by default, with optional override...
915 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
916 armv7a->debug_base + CPUDBG_DSCR, &dscr);
917 if (retval != ERROR_OK)
920 if ((dscr & DSCR_INSTR_COMP) == 0)
921 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
923 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
924 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
925 if (retval != ERROR_OK)
928 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
929 armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART |
930 DRCR_CLEAR_EXCEPTIONS);
931 if (retval != ERROR_OK)
934 int64_t then = timeval_ms();
936 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
937 armv7a->debug_base + CPUDBG_DSCR, &dscr);
938 if (retval != ERROR_OK)
940 if ((dscr & DSCR_CORE_RESTARTED) != 0)
942 if (timeval_ms() > then + 1000) {
943 LOG_ERROR("Timeout waiting for resume");
948 target->debug_reason = DBG_REASON_NOTHALTED;
949 target->state = TARGET_RUNNING;
951 /* registers are now invalid */
952 register_cache_invalidate(arm->core_cache);
957 static int cortex_a_restore_smp(struct target *target, int handle_breakpoints)
960 struct target_list *head;
962 target_addr_t address;
964 while (head != (struct target_list *)NULL) {
966 if ((curr != target) && (curr->state != TARGET_RUNNING)
967 && target_was_examined(curr)) {
968 /* resume current address , not in step mode */
969 retval += cortex_a_internal_restore(curr, 1, &address,
970 handle_breakpoints, 0);
971 retval += cortex_a_internal_restart(curr);
979 static int cortex_a_resume(struct target *target, int current,
980 target_addr_t address, int handle_breakpoints, int debug_execution)
983 /* dummy resume for smp toggle in order to reduce gdb impact */
984 if ((target->smp) && (target->gdb_service->core[1] != -1)) {
985 /* simulate a start and halt of target */
986 target->gdb_service->target = NULL;
987 target->gdb_service->core[0] = target->gdb_service->core[1];
988 /* fake resume at next poll we play the target core[1], see poll*/
989 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
992 cortex_a_internal_restore(target, current, &address, handle_breakpoints, debug_execution);
994 target->gdb_service->core[0] = -1;
995 retval = cortex_a_restore_smp(target, handle_breakpoints);
996 if (retval != ERROR_OK)
999 cortex_a_internal_restart(target);
1001 if (!debug_execution) {
1002 target->state = TARGET_RUNNING;
1003 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1004 LOG_DEBUG("target resumed at " TARGET_ADDR_FMT, address);
1006 target->state = TARGET_DEBUG_RUNNING;
1007 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1008 LOG_DEBUG("target debug resumed at " TARGET_ADDR_FMT, address);
1014 static int cortex_a_debug_entry(struct target *target)
1017 int retval = ERROR_OK;
1018 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1019 struct armv7a_common *armv7a = target_to_armv7a(target);
1020 struct arm *arm = &armv7a->arm;
1022 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a->cpudbg_dscr);
1024 /* REVISIT surely we should not re-read DSCR !! */
1025 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1026 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1027 if (retval != ERROR_OK)
1030 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1031 * imprecise data aborts get discarded by issuing a Data
1032 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1035 /* Enable the ITR execution once we are in debug mode */
1036 dscr |= DSCR_ITR_EN;
1037 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1038 armv7a->debug_base + CPUDBG_DSCR, dscr);
1039 if (retval != ERROR_OK)
1042 /* Examine debug reason */
1043 arm_dpm_report_dscr(&armv7a->dpm, cortex_a->cpudbg_dscr);
1045 /* save address of instruction that triggered the watchpoint? */
1046 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
1049 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1050 armv7a->debug_base + CPUDBG_WFAR,
1052 if (retval != ERROR_OK)
1054 arm_dpm_report_wfar(&armv7a->dpm, wfar);
1057 /* First load register accessible through core debug port */
1058 retval = arm_dpm_read_current_registers(&armv7a->dpm);
1059 if (retval != ERROR_OK)
1064 retval = arm_dpm_read_reg(&armv7a->dpm, arm->spsr, 17);
1065 if (retval != ERROR_OK)
1070 /* TODO, Move this */
1071 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1072 cortex_a_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1073 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1075 cortex_a_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1076 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1078 cortex_a_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1079 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1082 /* Are we in an exception handler */
1083 /* armv4_5->exception_number = 0; */
1084 if (armv7a->post_debug_entry) {
1085 retval = armv7a->post_debug_entry(target);
1086 if (retval != ERROR_OK)
1093 static int cortex_a_post_debug_entry(struct target *target)
1095 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1096 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1099 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1100 retval = armv7a->arm.mrc(target, 15,
1101 0, 0, /* op1, op2 */
1102 1, 0, /* CRn, CRm */
1103 &cortex_a->cp15_control_reg);
1104 if (retval != ERROR_OK)
1106 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg);
1107 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
1109 if (!armv7a->is_armv7r)
1110 armv7a_read_ttbcr(target);
1112 if (armv7a->armv7a_mmu.armv7a_cache.info == -1)
1113 armv7a_identify_cache(target);
1115 if (armv7a->is_armv7r) {
1116 armv7a->armv7a_mmu.mmu_enabled = 0;
1118 armv7a->armv7a_mmu.mmu_enabled =
1119 (cortex_a->cp15_control_reg & 0x1U) ? 1 : 0;
1121 armv7a->armv7a_mmu.armv7a_cache.d_u_cache_enabled =
1122 (cortex_a->cp15_control_reg & 0x4U) ? 1 : 0;
1123 armv7a->armv7a_mmu.armv7a_cache.i_cache_enabled =
1124 (cortex_a->cp15_control_reg & 0x1000U) ? 1 : 0;
1125 cortex_a->curr_mode = armv7a->arm.core_mode;
1127 /* switch to SVC mode to read DACR */
1128 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
1129 armv7a->arm.mrc(target, 15,
1131 &cortex_a->cp15_dacr_reg);
1133 LOG_DEBUG("cp15_dacr_reg: %8.8" PRIx32,
1134 cortex_a->cp15_dacr_reg);
1136 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1140 int cortex_a_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
1142 struct armv7a_common *armv7a = target_to_armv7a(target);
1146 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1147 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1148 if (ERROR_OK != retval)
1151 /* clear bitfield */
1154 dscr |= value & bit_mask;
1156 /* write new DSCR */
1157 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1158 armv7a->debug_base + CPUDBG_DSCR, dscr);
1162 static int cortex_a_step(struct target *target, int current, target_addr_t address,
1163 int handle_breakpoints)
1165 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1166 struct armv7a_common *armv7a = target_to_armv7a(target);
1167 struct arm *arm = &armv7a->arm;
1168 struct breakpoint *breakpoint = NULL;
1169 struct breakpoint stepbreakpoint;
1173 if (target->state != TARGET_HALTED) {
1174 LOG_WARNING("target not halted");
1175 return ERROR_TARGET_NOT_HALTED;
1178 /* current = 1: continue on current pc, otherwise continue at <address> */
1181 buf_set_u32(r->value, 0, 32, address);
1183 address = buf_get_u32(r->value, 0, 32);
1185 /* The front-end may request us not to handle breakpoints.
1186 * But since Cortex-A uses breakpoint for single step,
1187 * we MUST handle breakpoints.
1189 handle_breakpoints = 1;
1190 if (handle_breakpoints) {
1191 breakpoint = breakpoint_find(target, address);
1193 cortex_a_unset_breakpoint(target, breakpoint);
1196 /* Setup single step breakpoint */
1197 stepbreakpoint.address = address;
1198 stepbreakpoint.asid = 0;
1199 stepbreakpoint.length = (arm->core_state == ARM_STATE_THUMB)
1201 stepbreakpoint.type = BKPT_HARD;
1202 stepbreakpoint.set = 0;
1204 /* Disable interrupts during single step if requested */
1205 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1206 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, DSCR_INT_DIS);
1207 if (ERROR_OK != retval)
1211 /* Break on IVA mismatch */
1212 cortex_a_set_breakpoint(target, &stepbreakpoint, 0x04);
1214 target->debug_reason = DBG_REASON_SINGLESTEP;
1216 retval = cortex_a_resume(target, 1, address, 0, 0);
1217 if (retval != ERROR_OK)
1220 int64_t then = timeval_ms();
1221 while (target->state != TARGET_HALTED) {
1222 retval = cortex_a_poll(target);
1223 if (retval != ERROR_OK)
1225 if (timeval_ms() > then + 1000) {
1226 LOG_ERROR("timeout waiting for target halt");
1231 cortex_a_unset_breakpoint(target, &stepbreakpoint);
1233 /* Re-enable interrupts if they were disabled */
1234 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1235 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, 0);
1236 if (ERROR_OK != retval)
1241 target->debug_reason = DBG_REASON_BREAKPOINT;
1244 cortex_a_set_breakpoint(target, breakpoint, 0);
1246 if (target->state != TARGET_HALTED)
1247 LOG_DEBUG("target stepped");
1252 static int cortex_a_restore_context(struct target *target, bool bpwp)
1254 struct armv7a_common *armv7a = target_to_armv7a(target);
1258 if (armv7a->pre_restore_context)
1259 armv7a->pre_restore_context(target);
1261 return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1265 * Cortex-A Breakpoint and watchpoint functions
1268 /* Setup hardware Breakpoint Register Pair */
1269 static int cortex_a_set_breakpoint(struct target *target,
1270 struct breakpoint *breakpoint, uint8_t matchmode)
1275 uint8_t byte_addr_select = 0x0F;
1276 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1277 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1278 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1280 if (breakpoint->set) {
1281 LOG_WARNING("breakpoint already set");
1285 if (breakpoint->type == BKPT_HARD) {
1286 while (brp_list[brp_i].used && (brp_i < cortex_a->brp_num))
1288 if (brp_i >= cortex_a->brp_num) {
1289 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1290 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1292 breakpoint->set = brp_i + 1;
1293 if (breakpoint->length == 2)
1294 byte_addr_select = (3 << (breakpoint->address & 0x02));
1295 control = ((matchmode & 0x7) << 20)
1296 | (byte_addr_select << 5)
1298 brp_list[brp_i].used = 1;
1299 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1300 brp_list[brp_i].control = control;
1301 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1302 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1303 brp_list[brp_i].value);
1304 if (retval != ERROR_OK)
1306 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1307 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1308 brp_list[brp_i].control);
1309 if (retval != ERROR_OK)
1311 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1312 brp_list[brp_i].control,
1313 brp_list[brp_i].value);
1314 } else if (breakpoint->type == BKPT_SOFT) {
1316 /* length == 2: Thumb breakpoint */
1317 if (breakpoint->length == 2)
1318 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1320 /* length == 3: Thumb-2 breakpoint, actual encoding is
1321 * a regular Thumb BKPT instruction but we replace a
1322 * 32bit Thumb-2 instruction, so fix-up the breakpoint
1325 if (breakpoint->length == 3) {
1326 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1327 breakpoint->length = 4;
1329 /* length == 4, normal ARM breakpoint */
1330 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1332 retval = target_read_memory(target,
1333 breakpoint->address & 0xFFFFFFFE,
1334 breakpoint->length, 1,
1335 breakpoint->orig_instr);
1336 if (retval != ERROR_OK)
1339 /* make sure data cache is cleaned & invalidated down to PoC */
1340 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1341 armv7a_cache_flush_virt(target, breakpoint->address,
1342 breakpoint->length);
1345 retval = target_write_memory(target,
1346 breakpoint->address & 0xFFFFFFFE,
1347 breakpoint->length, 1, code);
1348 if (retval != ERROR_OK)
1351 /* update i-cache at breakpoint location */
1352 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1353 breakpoint->length);
1354 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1355 breakpoint->length);
1357 breakpoint->set = 0x11; /* Any nice value but 0 */
1363 static int cortex_a_set_context_breakpoint(struct target *target,
1364 struct breakpoint *breakpoint, uint8_t matchmode)
1366 int retval = ERROR_FAIL;
1369 uint8_t byte_addr_select = 0x0F;
1370 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1371 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1372 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1374 if (breakpoint->set) {
1375 LOG_WARNING("breakpoint already set");
1378 /*check available context BRPs*/
1379 while ((brp_list[brp_i].used ||
1380 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < cortex_a->brp_num))
1383 if (brp_i >= cortex_a->brp_num) {
1384 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1388 breakpoint->set = brp_i + 1;
1389 control = ((matchmode & 0x7) << 20)
1390 | (byte_addr_select << 5)
1392 brp_list[brp_i].used = 1;
1393 brp_list[brp_i].value = (breakpoint->asid);
1394 brp_list[brp_i].control = control;
1395 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1396 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1397 brp_list[brp_i].value);
1398 if (retval != ERROR_OK)
1400 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1401 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1402 brp_list[brp_i].control);
1403 if (retval != ERROR_OK)
1405 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1406 brp_list[brp_i].control,
1407 brp_list[brp_i].value);
1412 static int cortex_a_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1414 int retval = ERROR_FAIL;
1415 int brp_1 = 0; /* holds the contextID pair */
1416 int brp_2 = 0; /* holds the IVA pair */
1417 uint32_t control_CTX, control_IVA;
1418 uint8_t CTX_byte_addr_select = 0x0F;
1419 uint8_t IVA_byte_addr_select = 0x0F;
1420 uint8_t CTX_machmode = 0x03;
1421 uint8_t IVA_machmode = 0x01;
1422 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1423 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1424 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1426 if (breakpoint->set) {
1427 LOG_WARNING("breakpoint already set");
1430 /*check available context BRPs*/
1431 while ((brp_list[brp_1].used ||
1432 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < cortex_a->brp_num))
1435 printf("brp(CTX) found num: %d\n", brp_1);
1436 if (brp_1 >= cortex_a->brp_num) {
1437 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1441 while ((brp_list[brp_2].used ||
1442 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < cortex_a->brp_num))
1445 printf("brp(IVA) found num: %d\n", brp_2);
1446 if (brp_2 >= cortex_a->brp_num) {
1447 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1451 breakpoint->set = brp_1 + 1;
1452 breakpoint->linked_BRP = brp_2;
1453 control_CTX = ((CTX_machmode & 0x7) << 20)
1456 | (CTX_byte_addr_select << 5)
1458 brp_list[brp_1].used = 1;
1459 brp_list[brp_1].value = (breakpoint->asid);
1460 brp_list[brp_1].control = control_CTX;
1461 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1462 + CPUDBG_BVR_BASE + 4 * brp_list[brp_1].BRPn,
1463 brp_list[brp_1].value);
1464 if (retval != ERROR_OK)
1466 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1467 + CPUDBG_BCR_BASE + 4 * brp_list[brp_1].BRPn,
1468 brp_list[brp_1].control);
1469 if (retval != ERROR_OK)
1472 control_IVA = ((IVA_machmode & 0x7) << 20)
1474 | (IVA_byte_addr_select << 5)
1476 brp_list[brp_2].used = 1;
1477 brp_list[brp_2].value = (breakpoint->address & 0xFFFFFFFC);
1478 brp_list[brp_2].control = control_IVA;
1479 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1480 + CPUDBG_BVR_BASE + 4 * brp_list[brp_2].BRPn,
1481 brp_list[brp_2].value);
1482 if (retval != ERROR_OK)
1484 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1485 + CPUDBG_BCR_BASE + 4 * brp_list[brp_2].BRPn,
1486 brp_list[brp_2].control);
1487 if (retval != ERROR_OK)
1493 static int cortex_a_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1496 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1497 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1498 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1500 if (!breakpoint->set) {
1501 LOG_WARNING("breakpoint not set");
1505 if (breakpoint->type == BKPT_HARD) {
1506 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1507 int brp_i = breakpoint->set - 1;
1508 int brp_j = breakpoint->linked_BRP;
1509 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1510 LOG_DEBUG("Invalid BRP number in breakpoint");
1513 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1514 brp_list[brp_i].control, brp_list[brp_i].value);
1515 brp_list[brp_i].used = 0;
1516 brp_list[brp_i].value = 0;
1517 brp_list[brp_i].control = 0;
1518 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1519 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1520 brp_list[brp_i].control);
1521 if (retval != ERROR_OK)
1523 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1524 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1525 brp_list[brp_i].value);
1526 if (retval != ERROR_OK)
1528 if ((brp_j < 0) || (brp_j >= cortex_a->brp_num)) {
1529 LOG_DEBUG("Invalid BRP number in breakpoint");
1532 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_j,
1533 brp_list[brp_j].control, brp_list[brp_j].value);
1534 brp_list[brp_j].used = 0;
1535 brp_list[brp_j].value = 0;
1536 brp_list[brp_j].control = 0;
1537 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1538 + CPUDBG_BCR_BASE + 4 * brp_list[brp_j].BRPn,
1539 brp_list[brp_j].control);
1540 if (retval != ERROR_OK)
1542 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1543 + CPUDBG_BVR_BASE + 4 * brp_list[brp_j].BRPn,
1544 brp_list[brp_j].value);
1545 if (retval != ERROR_OK)
1547 breakpoint->linked_BRP = 0;
1548 breakpoint->set = 0;
1552 int brp_i = breakpoint->set - 1;
1553 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1554 LOG_DEBUG("Invalid BRP number in breakpoint");
1557 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1558 brp_list[brp_i].control, brp_list[brp_i].value);
1559 brp_list[brp_i].used = 0;
1560 brp_list[brp_i].value = 0;
1561 brp_list[brp_i].control = 0;
1562 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1563 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1564 brp_list[brp_i].control);
1565 if (retval != ERROR_OK)
1567 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1568 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1569 brp_list[brp_i].value);
1570 if (retval != ERROR_OK)
1572 breakpoint->set = 0;
1577 /* make sure data cache is cleaned & invalidated down to PoC */
1578 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1579 armv7a_cache_flush_virt(target, breakpoint->address,
1580 breakpoint->length);
1583 /* restore original instruction (kept in target endianness) */
1584 if (breakpoint->length == 4) {
1585 retval = target_write_memory(target,
1586 breakpoint->address & 0xFFFFFFFE,
1587 4, 1, breakpoint->orig_instr);
1588 if (retval != ERROR_OK)
1591 retval = target_write_memory(target,
1592 breakpoint->address & 0xFFFFFFFE,
1593 2, 1, breakpoint->orig_instr);
1594 if (retval != ERROR_OK)
1598 /* update i-cache at breakpoint location */
1599 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1600 breakpoint->length);
1601 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1602 breakpoint->length);
1604 breakpoint->set = 0;
1609 static int cortex_a_add_breakpoint(struct target *target,
1610 struct breakpoint *breakpoint)
1612 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1614 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1615 LOG_INFO("no hardware breakpoint available");
1616 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1619 if (breakpoint->type == BKPT_HARD)
1620 cortex_a->brp_num_available--;
1622 return cortex_a_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1625 static int cortex_a_add_context_breakpoint(struct target *target,
1626 struct breakpoint *breakpoint)
1628 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1630 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1631 LOG_INFO("no hardware breakpoint available");
1632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1635 if (breakpoint->type == BKPT_HARD)
1636 cortex_a->brp_num_available--;
1638 return cortex_a_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1641 static int cortex_a_add_hybrid_breakpoint(struct target *target,
1642 struct breakpoint *breakpoint)
1644 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1646 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1647 LOG_INFO("no hardware breakpoint available");
1648 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1651 if (breakpoint->type == BKPT_HARD)
1652 cortex_a->brp_num_available--;
1654 return cortex_a_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1658 static int cortex_a_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1660 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1663 /* It is perfectly possible to remove breakpoints while the target is running */
1664 if (target->state != TARGET_HALTED) {
1665 LOG_WARNING("target not halted");
1666 return ERROR_TARGET_NOT_HALTED;
1670 if (breakpoint->set) {
1671 cortex_a_unset_breakpoint(target, breakpoint);
1672 if (breakpoint->type == BKPT_HARD)
1673 cortex_a->brp_num_available++;
1681 * Cortex-A Reset functions
1684 static int cortex_a_assert_reset(struct target *target)
1686 struct armv7a_common *armv7a = target_to_armv7a(target);
1690 /* FIXME when halt is requested, make it work somehow... */
1692 /* This function can be called in "target not examined" state */
1694 /* Issue some kind of warm reset. */
1695 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1696 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1697 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1698 /* REVISIT handle "pulls" cases, if there's
1699 * hardware that needs them to work.
1703 * FIXME: fix reset when transport is SWD. This is a temporary
1704 * work-around for release v0.10 that is not intended to stay!
1706 if (transport_is_swd() ||
1707 (target->reset_halt && (jtag_get_reset_config() & RESET_SRST_NO_GATING)))
1708 jtag_add_reset(0, 1);
1711 LOG_ERROR("%s: how to reset?", target_name(target));
1715 /* registers are now invalid */
1716 if (target_was_examined(target))
1717 register_cache_invalidate(armv7a->arm.core_cache);
1719 target->state = TARGET_RESET;
1724 static int cortex_a_deassert_reset(struct target *target)
1730 /* be certain SRST is off */
1731 jtag_add_reset(0, 0);
1733 if (target_was_examined(target)) {
1734 retval = cortex_a_poll(target);
1735 if (retval != ERROR_OK)
1739 if (target->reset_halt) {
1740 if (target->state != TARGET_HALTED) {
1741 LOG_WARNING("%s: ran after reset and before halt ...",
1742 target_name(target));
1743 if (target_was_examined(target)) {
1744 retval = target_halt(target);
1745 if (retval != ERROR_OK)
1748 target->state = TARGET_UNKNOWN;
1755 static int cortex_a_set_dcc_mode(struct target *target, uint32_t mode, uint32_t *dscr)
1757 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1758 * New desired mode must be in mode. Current value of DSCR must be in
1759 * *dscr, which is updated with new value.
1761 * This function elides actually sending the mode-change over the debug
1762 * interface if the mode is already set as desired.
1764 uint32_t new_dscr = (*dscr & ~DSCR_EXT_DCC_MASK) | mode;
1765 if (new_dscr != *dscr) {
1766 struct armv7a_common *armv7a = target_to_armv7a(target);
1767 int retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1768 armv7a->debug_base + CPUDBG_DSCR, new_dscr);
1769 if (retval == ERROR_OK)
1777 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
1778 uint32_t value, uint32_t *dscr)
1780 /* Waits until the specified bit(s) of DSCR take on a specified value. */
1781 struct armv7a_common *armv7a = target_to_armv7a(target);
1782 int64_t then = timeval_ms();
1785 while ((*dscr & mask) != value) {
1786 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1787 armv7a->debug_base + CPUDBG_DSCR, dscr);
1788 if (retval != ERROR_OK)
1790 if (timeval_ms() > then + 1000) {
1791 LOG_ERROR("timeout waiting for DSCR bit change");
1798 static int cortex_a_read_copro(struct target *target, uint32_t opcode,
1799 uint32_t *data, uint32_t *dscr)
1802 struct armv7a_common *armv7a = target_to_armv7a(target);
1804 /* Move from coprocessor to R0. */
1805 retval = cortex_a_exec_opcode(target, opcode, dscr);
1806 if (retval != ERROR_OK)
1809 /* Move from R0 to DTRTX. */
1810 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr);
1811 if (retval != ERROR_OK)
1814 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
1815 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
1816 * must also check TXfull_l). Most of the time this will be free
1817 * because TXfull_l will be set immediately and cached in dscr. */
1818 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
1819 DSCR_DTRTX_FULL_LATCHED, dscr);
1820 if (retval != ERROR_OK)
1823 /* Read the value transferred to DTRTX. */
1824 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1825 armv7a->debug_base + CPUDBG_DTRTX, data);
1826 if (retval != ERROR_OK)
1832 static int cortex_a_read_dfar_dfsr(struct target *target, uint32_t *dfar,
1833 uint32_t *dfsr, uint32_t *dscr)
1838 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar, dscr);
1839 if (retval != ERROR_OK)
1844 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr, dscr);
1845 if (retval != ERROR_OK)
1852 static int cortex_a_write_copro(struct target *target, uint32_t opcode,
1853 uint32_t data, uint32_t *dscr)
1856 struct armv7a_common *armv7a = target_to_armv7a(target);
1858 /* Write the value into DTRRX. */
1859 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1860 armv7a->debug_base + CPUDBG_DTRRX, data);
1861 if (retval != ERROR_OK)
1864 /* Move from DTRRX to R0. */
1865 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr);
1866 if (retval != ERROR_OK)
1869 /* Move from R0 to coprocessor. */
1870 retval = cortex_a_exec_opcode(target, opcode, dscr);
1871 if (retval != ERROR_OK)
1874 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
1875 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
1876 * check RXfull_l). Most of the time this will be free because RXfull_l
1877 * will be cleared immediately and cached in dscr. */
1878 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
1879 if (retval != ERROR_OK)
1885 static int cortex_a_write_dfar_dfsr(struct target *target, uint32_t dfar,
1886 uint32_t dfsr, uint32_t *dscr)
1890 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar, dscr);
1891 if (retval != ERROR_OK)
1894 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr, dscr);
1895 if (retval != ERROR_OK)
1901 static int cortex_a_dfsr_to_error_code(uint32_t dfsr)
1903 uint32_t status, upper4;
1905 if (dfsr & (1 << 9)) {
1907 status = dfsr & 0x3f;
1908 upper4 = status >> 2;
1909 if (upper4 == 1 || upper4 == 2 || upper4 == 3 || upper4 == 15)
1910 return ERROR_TARGET_TRANSLATION_FAULT;
1911 else if (status == 33)
1912 return ERROR_TARGET_UNALIGNED_ACCESS;
1914 return ERROR_TARGET_DATA_ABORT;
1916 /* Normal format. */
1917 status = ((dfsr >> 6) & 0x10) | (dfsr & 0xf);
1919 return ERROR_TARGET_UNALIGNED_ACCESS;
1920 else if (status == 5 || status == 7 || status == 3 || status == 6 ||
1921 status == 9 || status == 11 || status == 13 || status == 15)
1922 return ERROR_TARGET_TRANSLATION_FAULT;
1924 return ERROR_TARGET_DATA_ABORT;
1928 static int cortex_a_write_cpu_memory_slow(struct target *target,
1929 uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
1931 /* Writes count objects of size size from *buffer. Old value of DSCR must
1932 * be in *dscr; updated to new value. This is slow because it works for
1933 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
1934 * the address is aligned, cortex_a_write_cpu_memory_fast should be
1937 * - Address is in R0.
1938 * - R0 is marked dirty.
1940 struct armv7a_common *armv7a = target_to_armv7a(target);
1941 struct arm *arm = &armv7a->arm;
1944 /* Mark register R1 as dirty, to use for transferring data. */
1945 arm_reg_current(arm, 1)->dirty = true;
1947 /* Switch to non-blocking mode if not already in that mode. */
1948 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
1949 if (retval != ERROR_OK)
1952 /* Go through the objects. */
1954 /* Write the value to store into DTRRX. */
1955 uint32_t data, opcode;
1959 data = target_buffer_get_u16(target, buffer);
1961 data = target_buffer_get_u32(target, buffer);
1962 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1963 armv7a->debug_base + CPUDBG_DTRRX, data);
1964 if (retval != ERROR_OK)
1967 /* Transfer the value from DTRRX to R1. */
1968 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr);
1969 if (retval != ERROR_OK)
1972 /* Write the value transferred to R1 into memory. */
1974 opcode = ARMV4_5_STRB_IP(1, 0);
1976 opcode = ARMV4_5_STRH_IP(1, 0);
1978 opcode = ARMV4_5_STRW_IP(1, 0);
1979 retval = cortex_a_exec_opcode(target, opcode, dscr);
1980 if (retval != ERROR_OK)
1983 /* Check for faults and return early. */
1984 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
1985 return ERROR_OK; /* A data fault is not considered a system failure. */
1987 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
1988 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
1989 * must also check RXfull_l). Most of the time this will be free
1990 * because RXfull_l will be cleared immediately and cached in dscr. */
1991 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
1992 if (retval != ERROR_OK)
2003 static int cortex_a_write_cpu_memory_fast(struct target *target,
2004 uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2006 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2007 * in *dscr; updated to new value. This is fast but only works for
2008 * word-sized objects at aligned addresses.
2010 * - Address is in R0 and must be a multiple of 4.
2011 * - R0 is marked dirty.
2013 struct armv7a_common *armv7a = target_to_armv7a(target);
2016 /* Switch to fast mode if not already in that mode. */
2017 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2018 if (retval != ERROR_OK)
2021 /* Latch STC instruction. */
2022 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2023 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2024 if (retval != ERROR_OK)
2027 /* Transfer all the data and issue all the instructions. */
2028 return mem_ap_write_buf_noincr(armv7a->debug_ap, buffer,
2029 4, count, armv7a->debug_base + CPUDBG_DTRRX);
2032 static int cortex_a_write_cpu_memory(struct target *target,
2033 uint32_t address, uint32_t size,
2034 uint32_t count, const uint8_t *buffer)
2036 /* Write memory through the CPU. */
2037 int retval, final_retval;
2038 struct armv7a_common *armv7a = target_to_armv7a(target);
2039 struct arm *arm = &armv7a->arm;
2040 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2042 LOG_DEBUG("Writing CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2043 address, size, count);
2044 if (target->state != TARGET_HALTED) {
2045 LOG_WARNING("target not halted");
2046 return ERROR_TARGET_NOT_HALTED;
2052 /* Clear any abort. */
2053 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2054 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2055 if (retval != ERROR_OK)
2059 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2060 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2061 if (retval != ERROR_OK)
2064 /* Switch to non-blocking mode if not already in that mode. */
2065 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2066 if (retval != ERROR_OK)
2069 /* Mark R0 as dirty. */
2070 arm_reg_current(arm, 0)->dirty = true;
2072 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2073 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2074 if (retval != ERROR_OK)
2077 /* Get the memory address into R0. */
2078 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2079 armv7a->debug_base + CPUDBG_DTRRX, address);
2080 if (retval != ERROR_OK)
2082 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2083 if (retval != ERROR_OK)
2086 if (size == 4 && (address % 4) == 0) {
2087 /* We are doing a word-aligned transfer, so use fast mode. */
2088 retval = cortex_a_write_cpu_memory_fast(target, count, buffer, &dscr);
2090 /* Use slow path. */
2091 retval = cortex_a_write_cpu_memory_slow(target, size, count, buffer, &dscr);
2095 final_retval = retval;
2097 /* Switch to non-blocking mode if not already in that mode. */
2098 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2099 if (final_retval == ERROR_OK)
2100 final_retval = retval;
2102 /* Wait for last issued instruction to complete. */
2103 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2104 if (final_retval == ERROR_OK)
2105 final_retval = retval;
2107 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2108 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2109 * check RXfull_l). Most of the time this will be free because RXfull_l
2110 * will be cleared immediately and cached in dscr. However, don't do this
2111 * if there is fault, because then the instruction might not have completed
2113 if (!(dscr & DSCR_STICKY_ABORT_PRECISE)) {
2114 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, &dscr);
2115 if (retval != ERROR_OK)
2119 /* If there were any sticky abort flags, clear them. */
2120 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2122 mem_ap_write_atomic_u32(armv7a->debug_ap,
2123 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2124 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2129 /* Handle synchronous data faults. */
2130 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2131 if (final_retval == ERROR_OK) {
2132 /* Final return value will reflect cause of fault. */
2133 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2134 if (retval == ERROR_OK) {
2135 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2136 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2138 final_retval = retval;
2140 /* Fault destroyed DFAR/DFSR; restore them. */
2141 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2142 if (retval != ERROR_OK)
2143 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2146 /* Handle asynchronous data faults. */
2147 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2148 if (final_retval == ERROR_OK)
2149 /* No other error has been recorded so far, so keep this one. */
2150 final_retval = ERROR_TARGET_DATA_ABORT;
2153 /* If the DCC is nonempty, clear it. */
2154 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2156 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2157 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2158 if (final_retval == ERROR_OK)
2159 final_retval = retval;
2161 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2162 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2163 if (final_retval == ERROR_OK)
2164 final_retval = retval;
2168 return final_retval;
2171 static int cortex_a_read_cpu_memory_slow(struct target *target,
2172 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
2174 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2175 * in *dscr; updated to new value. This is slow because it works for
2176 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2177 * the address is aligned, cortex_a_read_cpu_memory_fast should be
2180 * - Address is in R0.
2181 * - R0 is marked dirty.
2183 struct armv7a_common *armv7a = target_to_armv7a(target);
2184 struct arm *arm = &armv7a->arm;
2187 /* Mark register R1 as dirty, to use for transferring data. */
2188 arm_reg_current(arm, 1)->dirty = true;
2190 /* Switch to non-blocking mode if not already in that mode. */
2191 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2192 if (retval != ERROR_OK)
2195 /* Go through the objects. */
2197 /* Issue a load of the appropriate size to R1. */
2198 uint32_t opcode, data;
2200 opcode = ARMV4_5_LDRB_IP(1, 0);
2202 opcode = ARMV4_5_LDRH_IP(1, 0);
2204 opcode = ARMV4_5_LDRW_IP(1, 0);
2205 retval = cortex_a_exec_opcode(target, opcode, dscr);
2206 if (retval != ERROR_OK)
2209 /* Issue a write of R1 to DTRTX. */
2210 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr);
2211 if (retval != ERROR_OK)
2214 /* Check for faults and return early. */
2215 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2216 return ERROR_OK; /* A data fault is not considered a system failure. */
2218 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2219 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2220 * must also check TXfull_l). Most of the time this will be free
2221 * because TXfull_l will be set immediately and cached in dscr. */
2222 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2223 DSCR_DTRTX_FULL_LATCHED, dscr);
2224 if (retval != ERROR_OK)
2227 /* Read the value transferred to DTRTX into the buffer. */
2228 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2229 armv7a->debug_base + CPUDBG_DTRTX, &data);
2230 if (retval != ERROR_OK)
2233 *buffer = (uint8_t) data;
2235 target_buffer_set_u16(target, buffer, (uint16_t) data);
2237 target_buffer_set_u32(target, buffer, data);
2247 static int cortex_a_read_cpu_memory_fast(struct target *target,
2248 uint32_t count, uint8_t *buffer, uint32_t *dscr)
2250 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2251 * *dscr; updated to new value. This is fast but only works for word-sized
2252 * objects at aligned addresses.
2254 * - Address is in R0 and must be a multiple of 4.
2255 * - R0 is marked dirty.
2257 struct armv7a_common *armv7a = target_to_armv7a(target);
2261 /* Switch to non-blocking mode if not already in that mode. */
2262 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2263 if (retval != ERROR_OK)
2266 /* Issue the LDC instruction via a write to ITR. */
2267 retval = cortex_a_exec_opcode(target, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr);
2268 if (retval != ERROR_OK)
2274 /* Switch to fast mode if not already in that mode. */
2275 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2276 if (retval != ERROR_OK)
2279 /* Latch LDC instruction. */
2280 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2281 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2282 if (retval != ERROR_OK)
2285 /* Read the value transferred to DTRTX into the buffer. Due to fast
2286 * mode rules, this blocks until the instruction finishes executing and
2287 * then reissues the read instruction to read the next word from
2288 * memory. The last read of DTRTX in this call reads the second-to-last
2289 * word from memory and issues the read instruction for the last word.
2291 retval = mem_ap_read_buf_noincr(armv7a->debug_ap, buffer,
2292 4, count, armv7a->debug_base + CPUDBG_DTRTX);
2293 if (retval != ERROR_OK)
2297 buffer += count * 4;
2300 /* Wait for last issued instruction to complete. */
2301 retval = cortex_a_wait_instrcmpl(target, dscr, false);
2302 if (retval != ERROR_OK)
2305 /* Switch to non-blocking mode if not already in that mode. */
2306 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2307 if (retval != ERROR_OK)
2310 /* Check for faults and return early. */
2311 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2312 return ERROR_OK; /* A data fault is not considered a system failure. */
2314 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2315 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2316 * check TXfull_l). Most of the time this will be free because TXfull_l
2317 * will be set immediately and cached in dscr. */
2318 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2319 DSCR_DTRTX_FULL_LATCHED, dscr);
2320 if (retval != ERROR_OK)
2323 /* Read the value transferred to DTRTX into the buffer. This is the last
2325 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2326 armv7a->debug_base + CPUDBG_DTRTX, &u32);
2327 if (retval != ERROR_OK)
2329 target_buffer_set_u32(target, buffer, u32);
2334 static int cortex_a_read_cpu_memory(struct target *target,
2335 uint32_t address, uint32_t size,
2336 uint32_t count, uint8_t *buffer)
2338 /* Read memory through the CPU. */
2339 int retval, final_retval;
2340 struct armv7a_common *armv7a = target_to_armv7a(target);
2341 struct arm *arm = &armv7a->arm;
2342 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2344 LOG_DEBUG("Reading CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2345 address, size, count);
2346 if (target->state != TARGET_HALTED) {
2347 LOG_WARNING("target not halted");
2348 return ERROR_TARGET_NOT_HALTED;
2354 /* Clear any abort. */
2355 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2356 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2357 if (retval != ERROR_OK)
2361 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2362 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2363 if (retval != ERROR_OK)
2366 /* Switch to non-blocking mode if not already in that mode. */
2367 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2368 if (retval != ERROR_OK)
2371 /* Mark R0 as dirty. */
2372 arm_reg_current(arm, 0)->dirty = true;
2374 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2375 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2376 if (retval != ERROR_OK)
2379 /* Get the memory address into R0. */
2380 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2381 armv7a->debug_base + CPUDBG_DTRRX, address);
2382 if (retval != ERROR_OK)
2384 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2385 if (retval != ERROR_OK)
2388 if (size == 4 && (address % 4) == 0) {
2389 /* We are doing a word-aligned transfer, so use fast mode. */
2390 retval = cortex_a_read_cpu_memory_fast(target, count, buffer, &dscr);
2392 /* Use slow path. */
2393 retval = cortex_a_read_cpu_memory_slow(target, size, count, buffer, &dscr);
2397 final_retval = retval;
2399 /* Switch to non-blocking mode if not already in that mode. */
2400 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2401 if (final_retval == ERROR_OK)
2402 final_retval = retval;
2404 /* Wait for last issued instruction to complete. */
2405 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2406 if (final_retval == ERROR_OK)
2407 final_retval = retval;
2409 /* If there were any sticky abort flags, clear them. */
2410 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2412 mem_ap_write_atomic_u32(armv7a->debug_ap,
2413 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2414 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2419 /* Handle synchronous data faults. */
2420 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2421 if (final_retval == ERROR_OK) {
2422 /* Final return value will reflect cause of fault. */
2423 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2424 if (retval == ERROR_OK) {
2425 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2426 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2428 final_retval = retval;
2430 /* Fault destroyed DFAR/DFSR; restore them. */
2431 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2432 if (retval != ERROR_OK)
2433 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2436 /* Handle asynchronous data faults. */
2437 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2438 if (final_retval == ERROR_OK)
2439 /* No other error has been recorded so far, so keep this one. */
2440 final_retval = ERROR_TARGET_DATA_ABORT;
2443 /* If the DCC is nonempty, clear it. */
2444 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2446 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2447 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2448 if (final_retval == ERROR_OK)
2449 final_retval = retval;
2451 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2452 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2453 if (final_retval == ERROR_OK)
2454 final_retval = retval;
2458 return final_retval;
2463 * Cortex-A Memory access
2465 * This is same Cortex-M3 but we must also use the correct
2466 * ap number for every access.
2469 static int cortex_a_read_phys_memory(struct target *target,
2470 target_addr_t address, uint32_t size,
2471 uint32_t count, uint8_t *buffer)
2475 if (!count || !buffer)
2476 return ERROR_COMMAND_SYNTAX_ERROR;
2478 LOG_DEBUG("Reading memory at real address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2479 address, size, count);
2481 /* read memory through the CPU */
2482 cortex_a_prep_memaccess(target, 1);
2483 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2484 cortex_a_post_memaccess(target, 1);
2489 static int cortex_a_read_memory(struct target *target, target_addr_t address,
2490 uint32_t size, uint32_t count, uint8_t *buffer)
2494 /* cortex_a handles unaligned memory access */
2495 LOG_DEBUG("Reading memory at address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2496 address, size, count);
2498 cortex_a_prep_memaccess(target, 0);
2499 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2500 cortex_a_post_memaccess(target, 0);
2505 static int cortex_a_write_phys_memory(struct target *target,
2506 target_addr_t address, uint32_t size,
2507 uint32_t count, const uint8_t *buffer)
2511 if (!count || !buffer)
2512 return ERROR_COMMAND_SYNTAX_ERROR;
2514 LOG_DEBUG("Writing memory to real address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2515 address, size, count);
2517 /* write memory through the CPU */
2518 cortex_a_prep_memaccess(target, 1);
2519 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2520 cortex_a_post_memaccess(target, 1);
2525 static int cortex_a_write_memory(struct target *target, target_addr_t address,
2526 uint32_t size, uint32_t count, const uint8_t *buffer)
2530 /* cortex_a handles unaligned memory access */
2531 LOG_DEBUG("Writing memory at address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2532 address, size, count);
2534 /* memory writes bypass the caches, must flush before writing */
2535 armv7a_cache_auto_flush_on_write(target, address, size * count);
2537 cortex_a_prep_memaccess(target, 0);
2538 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2539 cortex_a_post_memaccess(target, 0);
2543 static int cortex_a_read_buffer(struct target *target, target_addr_t address,
2544 uint32_t count, uint8_t *buffer)
2548 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2549 * will have something to do with the size we leave to it. */
2550 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2551 if (address & size) {
2552 int retval = target_read_memory(target, address, size, 1, buffer);
2553 if (retval != ERROR_OK)
2561 /* Read the data with as large access size as possible. */
2562 for (; size > 0; size /= 2) {
2563 uint32_t aligned = count - count % size;
2565 int retval = target_read_memory(target, address, size, aligned / size, buffer);
2566 if (retval != ERROR_OK)
2577 static int cortex_a_write_buffer(struct target *target, target_addr_t address,
2578 uint32_t count, const uint8_t *buffer)
2582 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2583 * will have something to do with the size we leave to it. */
2584 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2585 if (address & size) {
2586 int retval = target_write_memory(target, address, size, 1, buffer);
2587 if (retval != ERROR_OK)
2595 /* Write the data with as large access size as possible. */
2596 for (; size > 0; size /= 2) {
2597 uint32_t aligned = count - count % size;
2599 int retval = target_write_memory(target, address, size, aligned / size, buffer);
2600 if (retval != ERROR_OK)
2611 static int cortex_a_handle_target_request(void *priv)
2613 struct target *target = priv;
2614 struct armv7a_common *armv7a = target_to_armv7a(target);
2617 if (!target_was_examined(target))
2619 if (!target->dbg_msg_enabled)
2622 if (target->state == TARGET_RUNNING) {
2625 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2626 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2628 /* check if we have data */
2629 int64_t then = timeval_ms();
2630 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2631 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2632 armv7a->debug_base + CPUDBG_DTRTX, &request);
2633 if (retval == ERROR_OK) {
2634 target_request(target, request);
2635 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2636 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2638 if (timeval_ms() > then + 1000) {
2639 LOG_ERROR("Timeout waiting for dtr tx full");
2649 * Cortex-A target information and configuration
2652 static int cortex_a_examine_first(struct target *target)
2654 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2655 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2656 struct adiv5_dap *swjdp = armv7a->arm.dap;
2659 int retval = ERROR_OK;
2660 uint32_t didr, cpuid, dbg_osreg;
2662 /* Search for the APB-AP - it is needed for access to debug registers */
2663 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
2664 if (retval != ERROR_OK) {
2665 LOG_ERROR("Could not find APB-AP for debug access");
2669 retval = mem_ap_init(armv7a->debug_ap);
2670 if (retval != ERROR_OK) {
2671 LOG_ERROR("Could not initialize the APB-AP");
2675 armv7a->debug_ap->memaccess_tck = 80;
2677 if (!target->dbgbase_set) {
2679 /* Get ROM Table base */
2681 int32_t coreidx = target->coreid;
2682 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
2684 retval = dap_get_debugbase(armv7a->debug_ap, &dbgbase, &apid);
2685 if (retval != ERROR_OK)
2687 /* Lookup 0x15 -- Processor DAP */
2688 retval = dap_lookup_cs_component(armv7a->debug_ap, dbgbase, 0x15,
2689 &armv7a->debug_base, &coreidx);
2690 if (retval != ERROR_OK) {
2691 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
2695 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32,
2696 target->coreid, armv7a->debug_base);
2698 armv7a->debug_base = target->dbgbase;
2700 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2701 armv7a->debug_base + CPUDBG_DIDR, &didr);
2702 if (retval != ERROR_OK) {
2703 LOG_DEBUG("Examine %s failed", "DIDR");
2707 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2708 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
2709 if (retval != ERROR_OK) {
2710 LOG_DEBUG("Examine %s failed", "CPUID");
2714 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
2715 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
2717 cortex_a->didr = didr;
2718 cortex_a->cpuid = cpuid;
2720 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2721 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
2722 if (retval != ERROR_OK)
2724 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
2726 if ((dbg_osreg & PRSR_POWERUP_STATUS) == 0) {
2727 LOG_ERROR("target->coreid %" PRId32 " powered down!", target->coreid);
2728 target->state = TARGET_UNKNOWN; /* TARGET_NO_POWER? */
2729 return ERROR_TARGET_INIT_FAILED;
2732 if (dbg_osreg & PRSR_STICKY_RESET_STATUS)
2733 LOG_DEBUG("target->coreid %" PRId32 " was reset!", target->coreid);
2735 /* Read DBGOSLSR and check if OSLK is implemented */
2736 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2737 armv7a->debug_base + CPUDBG_OSLSR, &dbg_osreg);
2738 if (retval != ERROR_OK)
2740 LOG_DEBUG("target->coreid %" PRId32 " DBGOSLSR 0x%" PRIx32, target->coreid, dbg_osreg);
2742 /* check if OS Lock is implemented */
2743 if ((dbg_osreg & OSLSR_OSLM) == OSLSR_OSLM0 || (dbg_osreg & OSLSR_OSLM) == OSLSR_OSLM1) {
2744 /* check if OS Lock is set */
2745 if (dbg_osreg & OSLSR_OSLK) {
2746 LOG_DEBUG("target->coreid %" PRId32 " OSLock set! Trying to unlock", target->coreid);
2748 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2749 armv7a->debug_base + CPUDBG_OSLAR,
2751 if (retval == ERROR_OK)
2752 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2753 armv7a->debug_base + CPUDBG_OSLSR, &dbg_osreg);
2755 /* if we fail to access the register or cannot reset the OSLK bit, bail out */
2756 if (retval != ERROR_OK || (dbg_osreg & OSLSR_OSLK) != 0) {
2757 LOG_ERROR("target->coreid %" PRId32 " OSLock sticky, core not powered?",
2759 target->state = TARGET_UNKNOWN; /* TARGET_NO_POWER? */
2760 return ERROR_TARGET_INIT_FAILED;
2765 armv7a->arm.core_type = ARM_MODE_MON;
2767 /* Avoid recreating the registers cache */
2768 if (!target_was_examined(target)) {
2769 retval = cortex_a_dpm_setup(cortex_a, didr);
2770 if (retval != ERROR_OK)
2774 /* Setup Breakpoint Register Pairs */
2775 cortex_a->brp_num = ((didr >> 24) & 0x0F) + 1;
2776 cortex_a->brp_num_context = ((didr >> 20) & 0x0F) + 1;
2777 cortex_a->brp_num_available = cortex_a->brp_num;
2778 free(cortex_a->brp_list);
2779 cortex_a->brp_list = calloc(cortex_a->brp_num, sizeof(struct cortex_a_brp));
2780 /* cortex_a->brb_enabled = ????; */
2781 for (i = 0; i < cortex_a->brp_num; i++) {
2782 cortex_a->brp_list[i].used = 0;
2783 if (i < (cortex_a->brp_num-cortex_a->brp_num_context))
2784 cortex_a->brp_list[i].type = BRP_NORMAL;
2786 cortex_a->brp_list[i].type = BRP_CONTEXT;
2787 cortex_a->brp_list[i].value = 0;
2788 cortex_a->brp_list[i].control = 0;
2789 cortex_a->brp_list[i].BRPn = i;
2792 LOG_DEBUG("Configured %i hw breakpoints", cortex_a->brp_num);
2794 /* select debug_ap as default */
2795 swjdp->apsel = armv7a->debug_ap->ap_num;
2797 target_set_examined(target);
2801 static int cortex_a_examine(struct target *target)
2803 int retval = ERROR_OK;
2805 /* Reestablish communication after target reset */
2806 retval = cortex_a_examine_first(target);
2808 /* Configure core debug access */
2809 if (retval == ERROR_OK)
2810 retval = cortex_a_init_debug_access(target);
2816 * Cortex-A target creation and initialization
2819 static int cortex_a_init_target(struct command_context *cmd_ctx,
2820 struct target *target)
2822 /* examine_first() does a bunch of this */
2823 arm_semihosting_init(target);
2827 static int cortex_a_init_arch_info(struct target *target,
2828 struct cortex_a_common *cortex_a, struct adiv5_dap *dap)
2830 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2832 /* Setup struct cortex_a_common */
2833 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
2834 armv7a->arm.dap = dap;
2836 /* register arch-specific functions */
2837 armv7a->examine_debug_reason = NULL;
2839 armv7a->post_debug_entry = cortex_a_post_debug_entry;
2841 armv7a->pre_restore_context = NULL;
2843 armv7a->armv7a_mmu.read_physical_memory = cortex_a_read_phys_memory;
2846 /* arm7_9->handle_target_request = cortex_a_handle_target_request; */
2848 /* REVISIT v7a setup should be in a v7a-specific routine */
2849 armv7a_init_arch_info(target, armv7a);
2850 target_register_timer_callback(cortex_a_handle_target_request, 1, 1, target);
2855 static int cortex_a_target_create(struct target *target, Jim_Interp *interp)
2857 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
2858 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
2859 struct adiv5_private_config *pc;
2861 if (target->private_config == NULL)
2864 pc = (struct adiv5_private_config *)target->private_config;
2866 cortex_a->armv7a_common.is_armv7r = false;
2868 cortex_a->armv7a_common.arm.arm_vfp_version = ARM_VFP_V3;
2870 return cortex_a_init_arch_info(target, cortex_a, pc->dap);
2873 static int cortex_r4_target_create(struct target *target, Jim_Interp *interp)
2875 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
2876 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
2877 struct adiv5_private_config *pc;
2879 pc = (struct adiv5_private_config *)target->private_config;
2880 if (adiv5_verify_config(pc) != ERROR_OK)
2883 cortex_a->armv7a_common.is_armv7r = true;
2885 return cortex_a_init_arch_info(target, cortex_a, pc->dap);
2888 static void cortex_a_deinit_target(struct target *target)
2890 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2891 struct arm_dpm *dpm = &cortex_a->armv7a_common.dpm;
2893 free(cortex_a->brp_list);
2896 free(target->private_config);
2900 static int cortex_a_mmu(struct target *target, int *enabled)
2902 struct armv7a_common *armv7a = target_to_armv7a(target);
2904 if (target->state != TARGET_HALTED) {
2905 LOG_ERROR("%s: target not halted", __func__);
2906 return ERROR_TARGET_INVALID;
2909 if (armv7a->is_armv7r)
2912 *enabled = target_to_cortex_a(target)->armv7a_common.armv7a_mmu.mmu_enabled;
2917 static int cortex_a_virt2phys(struct target *target,
2918 target_addr_t virt, target_addr_t *phys)
2921 int mmu_enabled = 0;
2924 * If the MMU was not enabled at debug entry, there is no
2925 * way of knowing if there was ever a valid configuration
2926 * for it and thus it's not safe to enable it. In this case,
2927 * just return the virtual address as physical.
2929 cortex_a_mmu(target, &mmu_enabled);
2935 /* mmu must be enable in order to get a correct translation */
2936 retval = cortex_a_mmu_modify(target, 1);
2937 if (retval != ERROR_OK)
2939 return armv7a_mmu_translate_va_pa(target, (uint32_t)virt,
2940 (uint32_t *)phys, 1);
2943 COMMAND_HANDLER(cortex_a_handle_cache_info_command)
2945 struct target *target = get_current_target(CMD_CTX);
2946 struct armv7a_common *armv7a = target_to_armv7a(target);
2948 return armv7a_handle_cache_info_command(CMD_CTX,
2949 &armv7a->armv7a_mmu.armv7a_cache);
2953 COMMAND_HANDLER(cortex_a_handle_dbginit_command)
2955 struct target *target = get_current_target(CMD_CTX);
2956 if (!target_was_examined(target)) {
2957 LOG_ERROR("target not examined yet");
2961 return cortex_a_init_debug_access(target);
2963 COMMAND_HANDLER(cortex_a_handle_smp_off_command)
2965 struct target *target = get_current_target(CMD_CTX);
2966 /* check target is an smp target */
2967 struct target_list *head;
2968 struct target *curr;
2969 head = target->head;
2971 if (head != (struct target_list *)NULL) {
2972 while (head != (struct target_list *)NULL) {
2973 curr = head->target;
2977 /* fixes the target display to the debugger */
2978 target->gdb_service->target = target;
2983 COMMAND_HANDLER(cortex_a_handle_smp_on_command)
2985 struct target *target = get_current_target(CMD_CTX);
2986 struct target_list *head;
2987 struct target *curr;
2988 head = target->head;
2989 if (head != (struct target_list *)NULL) {
2991 while (head != (struct target_list *)NULL) {
2992 curr = head->target;
3000 COMMAND_HANDLER(cortex_a_handle_smp_gdb_command)
3002 struct target *target = get_current_target(CMD_CTX);
3003 int retval = ERROR_OK;
3004 struct target_list *head;
3005 head = target->head;
3006 if (head != (struct target_list *)NULL) {
3007 if (CMD_ARGC == 1) {
3009 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], coreid);
3010 if (ERROR_OK != retval)
3012 target->gdb_service->core[1] = coreid;
3015 command_print(CMD_CTX, "gdb coreid %" PRId32 " -> %" PRId32, target->gdb_service->core[0]
3016 , target->gdb_service->core[1]);
3021 COMMAND_HANDLER(handle_cortex_a_mask_interrupts_command)
3023 struct target *target = get_current_target(CMD_CTX);
3024 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3026 static const Jim_Nvp nvp_maskisr_modes[] = {
3027 { .name = "off", .value = CORTEX_A_ISRMASK_OFF },
3028 { .name = "on", .value = CORTEX_A_ISRMASK_ON },
3029 { .name = NULL, .value = -1 },
3034 n = Jim_Nvp_name2value_simple(nvp_maskisr_modes, CMD_ARGV[0]);
3035 if (n->name == NULL) {
3036 LOG_ERROR("Unknown parameter: %s - should be off or on", CMD_ARGV[0]);
3037 return ERROR_COMMAND_SYNTAX_ERROR;
3040 cortex_a->isrmasking_mode = n->value;
3043 n = Jim_Nvp_value2name_simple(nvp_maskisr_modes, cortex_a->isrmasking_mode);
3044 command_print(CMD_CTX, "cortex_a interrupt mask %s", n->name);
3049 COMMAND_HANDLER(handle_cortex_a_dacrfixup_command)
3051 struct target *target = get_current_target(CMD_CTX);
3052 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3054 static const Jim_Nvp nvp_dacrfixup_modes[] = {
3055 { .name = "off", .value = CORTEX_A_DACRFIXUP_OFF },
3056 { .name = "on", .value = CORTEX_A_DACRFIXUP_ON },
3057 { .name = NULL, .value = -1 },
3062 n = Jim_Nvp_name2value_simple(nvp_dacrfixup_modes, CMD_ARGV[0]);
3063 if (n->name == NULL)
3064 return ERROR_COMMAND_SYNTAX_ERROR;
3065 cortex_a->dacrfixup_mode = n->value;
3069 n = Jim_Nvp_value2name_simple(nvp_dacrfixup_modes, cortex_a->dacrfixup_mode);
3070 command_print(CMD_CTX, "cortex_a domain access control fixup %s", n->name);
3075 static const struct command_registration cortex_a_exec_command_handlers[] = {
3077 .name = "cache_info",
3078 .handler = cortex_a_handle_cache_info_command,
3079 .mode = COMMAND_EXEC,
3080 .help = "display information about target caches",
3085 .handler = cortex_a_handle_dbginit_command,
3086 .mode = COMMAND_EXEC,
3087 .help = "Initialize core debug",
3090 { .name = "smp_off",
3091 .handler = cortex_a_handle_smp_off_command,
3092 .mode = COMMAND_EXEC,
3093 .help = "Stop smp handling",
3097 .handler = cortex_a_handle_smp_on_command,
3098 .mode = COMMAND_EXEC,
3099 .help = "Restart smp handling",
3104 .handler = cortex_a_handle_smp_gdb_command,
3105 .mode = COMMAND_EXEC,
3106 .help = "display/fix current core played to gdb",
3111 .handler = handle_cortex_a_mask_interrupts_command,
3112 .mode = COMMAND_ANY,
3113 .help = "mask cortex_a interrupts",
3114 .usage = "['on'|'off']",
3117 .name = "dacrfixup",
3118 .handler = handle_cortex_a_dacrfixup_command,
3119 .mode = COMMAND_ANY,
3120 .help = "set domain access control (DACR) to all-manager "
3122 .usage = "['on'|'off']",
3125 COMMAND_REGISTRATION_DONE
3127 static const struct command_registration cortex_a_command_handlers[] = {
3129 .chain = arm_command_handlers,
3132 .chain = armv7a_command_handlers,
3136 .mode = COMMAND_ANY,
3137 .help = "Cortex-A command group",
3139 .chain = cortex_a_exec_command_handlers,
3141 COMMAND_REGISTRATION_DONE
3144 struct target_type cortexa_target = {
3146 .deprecated_name = "cortex_a8",
3148 .poll = cortex_a_poll,
3149 .arch_state = armv7a_arch_state,
3151 .halt = cortex_a_halt,
3152 .resume = cortex_a_resume,
3153 .step = cortex_a_step,
3155 .assert_reset = cortex_a_assert_reset,
3156 .deassert_reset = cortex_a_deassert_reset,
3158 /* REVISIT allow exporting VFP3 registers ... */
3159 .get_gdb_reg_list = arm_get_gdb_reg_list,
3161 .read_memory = cortex_a_read_memory,
3162 .write_memory = cortex_a_write_memory,
3164 .read_buffer = cortex_a_read_buffer,
3165 .write_buffer = cortex_a_write_buffer,
3167 .checksum_memory = arm_checksum_memory,
3168 .blank_check_memory = arm_blank_check_memory,
3170 .run_algorithm = armv4_5_run_algorithm,
3172 .add_breakpoint = cortex_a_add_breakpoint,
3173 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3174 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3175 .remove_breakpoint = cortex_a_remove_breakpoint,
3176 .add_watchpoint = NULL,
3177 .remove_watchpoint = NULL,
3179 .commands = cortex_a_command_handlers,
3180 .target_create = cortex_a_target_create,
3181 .target_jim_configure = adiv5_jim_configure,
3182 .init_target = cortex_a_init_target,
3183 .examine = cortex_a_examine,
3184 .deinit_target = cortex_a_deinit_target,
3186 .read_phys_memory = cortex_a_read_phys_memory,
3187 .write_phys_memory = cortex_a_write_phys_memory,
3188 .mmu = cortex_a_mmu,
3189 .virt2phys = cortex_a_virt2phys,
3192 static const struct command_registration cortex_r4_exec_command_handlers[] = {
3195 .handler = cortex_a_handle_dbginit_command,
3196 .mode = COMMAND_EXEC,
3197 .help = "Initialize core debug",
3202 .handler = handle_cortex_a_mask_interrupts_command,
3203 .mode = COMMAND_EXEC,
3204 .help = "mask cortex_r4 interrupts",
3205 .usage = "['on'|'off']",
3208 COMMAND_REGISTRATION_DONE
3210 static const struct command_registration cortex_r4_command_handlers[] = {
3212 .chain = arm_command_handlers,
3215 .name = "cortex_r4",
3216 .mode = COMMAND_ANY,
3217 .help = "Cortex-R4 command group",
3219 .chain = cortex_r4_exec_command_handlers,
3221 COMMAND_REGISTRATION_DONE
3224 struct target_type cortexr4_target = {
3225 .name = "cortex_r4",
3227 .poll = cortex_a_poll,
3228 .arch_state = armv7a_arch_state,
3230 .halt = cortex_a_halt,
3231 .resume = cortex_a_resume,
3232 .step = cortex_a_step,
3234 .assert_reset = cortex_a_assert_reset,
3235 .deassert_reset = cortex_a_deassert_reset,
3237 /* REVISIT allow exporting VFP3 registers ... */
3238 .get_gdb_reg_list = arm_get_gdb_reg_list,
3240 .read_memory = cortex_a_read_phys_memory,
3241 .write_memory = cortex_a_write_phys_memory,
3243 .checksum_memory = arm_checksum_memory,
3244 .blank_check_memory = arm_blank_check_memory,
3246 .run_algorithm = armv4_5_run_algorithm,
3248 .add_breakpoint = cortex_a_add_breakpoint,
3249 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3250 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3251 .remove_breakpoint = cortex_a_remove_breakpoint,
3252 .add_watchpoint = NULL,
3253 .remove_watchpoint = NULL,
3255 .commands = cortex_r4_command_handlers,
3256 .target_create = cortex_r4_target_create,
3257 .target_jim_configure = adiv5_jim_configure,
3258 .init_target = cortex_a_init_target,
3259 .examine = cortex_a_examine,
3260 .deinit_target = cortex_a_deinit_target,
projects / openocd / blob