This was needed for ahb access
Change-Id: I638f45a276a593c08140b5d9d7480617aa85f096
Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
Reviewed-on: http://openocd.zylin.com/2796
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Tested-by: jenkins
Problem
dap->ap_current is register value, not field value.
it restores invalid ap when it calls dap_ap_select(dap, ap_old) later.
* assume the current ap is 1, dap->ap_current value would be (1 << 24).
ap_old = dap->ap_current; <-- ap_old = 1<<24 = 0x1000000.
...
dap_ap_select(dap, ap_old); <-- select 0x1000000, not 1.
* All AP registers accessing fail afterwards.
One of the reproducible case(s): CORE residents in AP >= 1
dap_lookup_cs_component() being used to find PE(*).
In most cases, PE would be found in AP==0, hence the problem is hidden.
When AP number is 1, dap->ap_current would have the value of 1<<24.
Anyone get the AP value with dap->ap_current and resotre it later would
select the wrong AP and all accessing later would fail.
The ARM Versatile and/or FPGA would have better chance to provide this
kind of environment that PE residents in AP>=1. As they have an 'umbrella'
system at AP0, and main system at AP>=1.
* PE: Processing Element. AKA Core. See ARM Glossary at
http://infocenter.arm.com/help/topic/com.arm.doc.aeg0014g/ABCDEFGH.html
Fix
Use dap_ap_get_select() to get ap value.
a. Retrieve current ap value by calling dap_ap_get_select();
src/flash/nor/kinetis.c
src/target/arm_adi_v5.c
b. The code is correct (dap->ap_current >> 24), but it's better to use
dap_ap_get_select() so everything could be synchronized.
src/flash/nor/sim3x.c
Change-Id: I97b5a13a3fc5506cf287e299c6c35699374de74f
Signed-off-by: Alamy Liu <alamy.liu@gmail.com>
Reviewed-on: http://openocd.zylin.com/2935
Reviewed-by: Andreas Färber <afaerber@suse.de>
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
Commit 68101e67ac introduced a
regression which resulted for ever-growing registers list (as output
by "reg" command), its contents were doubled every reset (actually,
every examination).
Change-Id: Ie3409c795160a2fc840a5e8a892928df0bcc0c57
Reported-by: Daniele Emancipato <daniele12457@hotmail.com>
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/3100
Tested-by: jenkins
Reviewed-by: Matthias Welwarsky <matthias@welwarsky.de>
Reviewed-by: Freddie Chopin <freddie.chopin@gmail.com>
This patch brings the calculation of the address ranges handled by
ttbr0 and ttbr1 registers in line with ARM DDI 0406C, Table B3-1
Change-Id: Ib807c4b1cb328a6f661e1a0898e744e60d3eccac
Signed-off-by: Matthias Welwarsky <matthias@welwarsky.de>
Reviewed-on: http://openocd.zylin.com/3006
Tested-by: jenkins
Reviewed-by: Freddie Chopin <freddie.chopin@gmail.com>
If ttbcr is changed after the debugger has examined a target for the
first time, address translations may fail. This problem does not show up
with Linux because it doesn't use ttbr1, but it shows with other OS that
use this feature. If the debugger connects to the target while it's in
u-boot, all address translations will fail after the OS has booted and
the target can not be debugged.
This patch reads the ttbcr in armv7a_mmu_translate_va() and compares it
a cached value. If a difference is detected, armv7a_read_ttbcr() is called
to re-parse the ttb configuration and update the cache.
Change-Id: I1c3adf53ea9d748a0e1e3091d9581e5c43ed64e8
Signed-off-by: Matthias Welwarsky <matthias@welwarsky.de>
Reviewed-on: http://openocd.zylin.com/3005
Tested-by: jenkins
Reviewed-by: Freddie Chopin <freddie.chopin@gmail.com>
If we work on smp system, the output of step command will depend
on Id of default target.
This patch adds additional information to help find what on which
core is happening.
Example of LOG after this patch.
imx6.cpu.1: target state: halted
^^^^^^^^^^
target halted in ARM state due to breakpoint, current mode: Supervisor
cpsr: 0x60000093 pc: 0x80076c0c
MMU: enabled, D-Cache: enabled, I-Cache: enabled
imx6.cpu.0: target state: halted
^^^^^^^^^^
target halted in ARM state due to debug-request, current mode: Supervisor
cpsr: 0x20000193 pc: 0x802ccb6c
MMU: enabled, D-Cache: enabled, I-Cache: enabled
Change-Id: I536a2cce33b5ab10af9de2a43b9960320c17729f
Signed-off-by: Oleksij Rempel <external.Oleksij.Rempel@de.bosch.com>
Reviewed-on: http://openocd.zylin.com/2691
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
A segmentation fault in cortex_m_endreset_event() is sometimes raised
with very broken target like Kinetis Kx with erased flash and active WDOG.
Debugging revealed that cortex_m->dwt_num_comp is 4 and
dwt_list is NULL at cortex_m:290
Change-Id: I229c59d6da13d816df513d1dbb19968e4b5951e2
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/2989
Reviewed-by: Thomas Schmid <thomas@rfranging.com>
Tested-by: jenkins
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Intel is relicensing our contributions to OpenOCD under GPL
version 2 or any later version. We previously contributed code
under GPL version 2 only. It was not our intention to differ
from the standard OpenOCD license. We're correcting that here.
This also applies retroactively to previous versions of our
contributions to OpenOCD.
Change-Id: I5e831ed95d03d2044d8e5a8375b21c6e52c933d7
Signed-off-by: Ivan De Cesaris <ivan.de.cesaris@intel.com>
Reviewed-on: http://openocd.zylin.com/3044
Tested-by: jenkins
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
The testee target is usefull for certain non-cpu pass-through
situations, for example in the case of a spi flash mapped to the DR of
a JTAG tap, as is the case for most FPGAs with SPI flashs behind them.
We just manage the RUNNING/RESET/HALTED state in the testee driver to
support it being halted which is a requirement for flash banks.
Change-Id: I1b4d52c58a1f6bd753e126bfde74dcc5164d7b69
Signed-off-by: Robert Jordens <jordens@gmail.com>
Reviewed-on: http://openocd.zylin.com/2840
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
MMU types were checking and installing fakes at init, but this wasn't catching
all devices. Fixes segfaults when attempting mdw and friends on avr.
Change-Id: I5b11f9913157a21f1aeb11ec852f593b529d9be8
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Reviewed-on: http://openocd.zylin.com/2791
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Reviewed-by: Andreas Färber <afaerber@suse.de>
It was observed on AM437x that after every reset the target's debug
regions are unpowered. To be able to properly communicate with the
target and perform cortex_a init debug access after a reset event the
examination need to be performed every time, not just on OpenOCD
start.
Change-Id: Idf272e127ee88341e806ee00df154eade573451d
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2723
Tested-by: jenkins
Reviewed-by: Felipe Balbi <balbi@ti.com>
After intermittent connection failures or target power failures it
might be necessary to try reexamination even when polling fails. This
should make communication with Cortex-A targets more reliable.
This was runtime tested with stlink attached to an stm32l1 and an FTDI JTAG
adapter attached to an stm32f1 target.
Change-Id: I38c4db8124b7f4bbf53ddda53c13273449f49c15
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2721
Tested-by: jenkins
Reviewed-by: Felipe Balbi <balbi@ti.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Some targets need arbitrary amount of time (usually not too long)
after reset (both sysresetreq and srst) to do initialisation, and
SWD/JTAG is not available during that. According to PSoC4 docs, the
debugger should try connecting until it succeeds.
Also ahbap_debugport_init might be necessary to perform after using
hardware srst too, so add it there (except for the targets that
support srst_nogate since they are very unlikely to need it).
Change-Id: I3598d5ff7b8e0bf3a5566a57dec4b0b2b243d297
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2601
Tested-by: jenkins
In some cases (the most obvious are TI's SoCs) ROM table lacks entries
for the cores, so OpenOCD has no way to determine what debug base to
use. Due to an error fixed in ec9ccaa288 it wasn't handled properly,
and OpenOCD would continue to try using dbgbase = 0, which happened to
work for e.g. AM437x.
This patch adds a clear indication to the user that to access such a
target, dbgbase must be set manually in the config.
Reported by Felipe Balbi on IRC.
Change-Id: Id8533e708f44b76550eb8b659564f5f45717c298
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2603
Tested-by: jenkins
Calling ahbap_debugport_init() is wrong here because the actions
performed by it might lead to jtagdp_transaction_endcheck errors thus
leading to infinite recursion.
The removed code is not needed now because target polling should lead
to reexamination automatically, and both cortex_a and cortex_m call
ahbap_debugport_init() as part of their target examine handler.
This was reported as a real life issue on IRC by Weaselweb with
Cortex-A target. Quitte reports similar results in some circumstances
(adapter_khz too high) with LPC17xx.
Change-Id: I7148022f76a1272b5262d251f2e807ffb1543547
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2697
Tested-by: jenkins
When the SCTLR has C set but M unset (i.e. Caching on, but MMU off) the cache
if effectively off. So only flush the cache if MMU is on, otherwise stale
entries might be committed to memory.
Change-Id: Iaff8b6f25b7a41ba838b91d45684c98f99fc0b27
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-on: http://openocd.zylin.com/2429
Tested-by: jenkins
Reviewed-by: Christopher Head <chead@zaber.com>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-by: Vladimir Svoboda <ze.vlad@gmail.com>
Bug in read pointer check within flash write algorithm made incorrect check
if block size is more than 4 bytes (bug was detected with 16 bytes block size).
Change-Id: I5b8e7ebca619a0a85ae6e9e496ff792248134d81
Signed-off-by: DmitryShpak <disona@yandex.ru>
Reviewed-on: http://openocd.zylin.com/2657
Tested-by: jenkins
Reviewed-by: Jens Bauer <jens@gpio.dk>
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
This brings SWD reconnection procedure in line with the ARM
documentation and changes cortex_m reset procedure to make use of it.
The motivation behind this patch is to make SAM4L "reset" and "reset
halt" properly without SRST. The complication here is that EDBG issues
an additional read of DP_RDBUFF automatically right after writing
SYSRESETREQ, that leads to a FAULT which needs to be dealt with
properly. With this patch the very first ahbap_debugport_init DAP
access will make SWD layer properly reinitialise the link before
continuing.
Runtime tested with mbed CMIS-DAP + KL25 only.
Change-Id: Ic506f9db30931dfa60860036b83f73b897975909
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2596
Tested-by: jenkins
Reviewed-by: Andrey Yurovsky <yurovsky@gmail.com>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Valgrind-tested.
Comparison of flashing performance on an FRDM-KL25Z board running mbed
CMSIS-DAP variant, 5MHz clock, old driver:
wrote 28096 bytes from file demo.elf in 26.833590s (1.023 KiB/s)
verified 27264 bytes in 1.754972s (15.171 KiB/s)
this implementation:
wrote 28096 bytes from file demo.elf in 3.691939s (7.432 KiB/s)
verified 27264 bytes in 0.598987s (44.450 KiB/s)
Also tested "Keil ULINK-ME CMSIS-DAP" with an STM32F100 target, 5MHz
clock, results reading from flash, old driver:
dumped 131072 bytes in 98.445305s (1.300 KiB/s)
this implementation:
dumped 131072 bytes in 8.242686s (15.529 KiB/s)
Change-Id: Ic64d3124b1d6cd9dd1016445bb627c71e189ae95
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2356
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
This provides support for various trace-related subsystems in a
generic and expandable way.
Change-Id: I3a27fa7b8cfb111753088bb8c3d760dd12d1395f
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2538
Tested-by: jenkins
This should facilitate dynamic target creation and removal.
Currently it helps with getting 0 bytes lost report from Valgrind on
exit (after talking to a nucleo board). However, 1,223,886 bytes in
5,268 blocks are still reachable which means the app holds pointers to
that data on exit. The majority comes from the jtag command queue,
there're also many blocks from TCL command registration.
Change-Id: I7523234bb90fffd26f7d29cdd7648ddd221d46ab
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2544
Tested-by: jenkins
Reviewed-by: Stian Skjelstad <stian@nixia.no>
The target might be using Tcl examine-start and examine-end handlers,
they need to be called when the target gets reexamined after polling
succeeds again.
Change-Id: I371380c6f3c427ec7a0206d73426f6589f18a9bd
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2536
Tested-by: jenkins
Reviewed-by: Stian Skjelstad <stian@nixia.no>
This bug was exposed by Valgrind.
Change-Id: If50878664d928c0a44e309ca1452089c1ac71466
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2542
Tested-by: jenkins
Reviewed-by: Stian Skjelstad <stian@nixia.no>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Warning, behaviour change: before this patch if a timer callback
returned an error, the other handlers in the list were not called.
This patch fixes two different issues with the way timer callbacks are
called:
1. The function is not designed to be reentrant but a nested call is
possible via: target_handle timer event -> poll -> target events
before/after reexaminantion -> script_command_run ->
target_call_timer_callbacks_now . This patch makes function a no-op
when called recursively;
2. The current code can deal with the case when calling a handler
leads to its removal but not when it leads to removal of the next
callback in the list. This patch defers actual removal to consolidate
it with the calling loop.
These bugs were exposed by Valgrind.
Change-Id: Ia628a744634f5d2911eb329747e826cb9772e789
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2541
Tested-by: jenkins
Reviewed-by: Stian Skjelstad <stian@nixia.no>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
When target was already halted during the initial examination,
arm11_check_init() was trying to read, store and interpret DSCR
contents before the DPM structure is initialised. This caused
a segfault like described on
http://sourceforge.net/apps/trac/openocd/ticket/65 .
This is a totally untested attempt to fix this issue.
Change-Id: I2fff115679a3f0023e7a88c749ccb5f045d6cf01
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2043
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
This is runtime and valgrind tested with l0, l1 and f3 hla boards.
Change-Id: I49b0b042253d5f3bf216997f0203583db319fe23
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2516
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
This patch adds the fpv4-sp-d16 registers to the armv7m register set.
The work is inspired by Mathias K but takes a different approach:
instead of having both double and single presicion registers in the
cache this patch works only with the doubles and counts on GDB to
split the data in halves whenever needed.
Tested with HLA only (on an STM32F334 disco board).
Currently this patch makes all ARMv7-M targets report an FPU-enabled
target description to GDB. It shouldn't harm if the user is not trying
to access non-existing FPU. However, the plan is to make this depend
on actual FPU presence later.
Change-Id: Ifcc72c80ef745230c42e4dc3995f792753fc4e7a
Signed-off-by: Mathias K <kesmtp@freenet.de>
[fercerpav@gmail.com: rework to fit target description framework]
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/514
Tested-by: jenkins
Reviewed-by: Peter Stuge <peter@stuge.se>
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Found by clang static checker.
Change-Id: I77b0dc18188328fdb28d07b9e5c52e06182d9e2b
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/2561
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
Given that the manual states that these two subcommands are
deprecated and were scheduled to be removed back in 2010,
remove them and the corresponding documentation from the
manual.
Change-Id: Iaac633349d7fcb8b7f964109c7d26dd0cc5fc233
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-on: http://openocd.zylin.com/1860
Tested-by: jenkins
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Without this patch, to perform a memory read, OpenOCD first issues an
LDC instruction into DBGITR in Stall mode (thus executing the
instruction), then switches to Fast mode and reads from DBGDTRTX once
for each word to transfer.
At the very end of the transfer, the final Fast mode read of DBGDTRTX
has, as always, the side effect of re-issuing the LDC instruction. This
causes two problems:
(1) If the word immediately beyond the end of the requested region is
inaccessible, this spurious LDC will cause a fault. On a fast CPU, the
LDC will finish executing by the time the poll of DSCR takes place,
failing the entire memory read. On a slow CPU, the LDC might finish
executing later, leaving an unexpected and confusing sticky fault lying
around for the next operation to see.
(2) If the LDC succeeds, it will leave the loaded word in DBGDTRTX, thus
setting DBGDSCR.TXFULL=1. The cortex_a_read_apb_ab_memory routine
completes without consuming that last word, thus confusing the next
routine that tries to use DBGDTRTX (this may not have any visible effect
on some implementations, because writing to DBGDTRTXint when TXFULL=1 is
defined as Unpredictable, but I believe it caused a visible problem for
me).
With this patch, the bulk mem_ap_sel_read_buf_noincr is modified to omit
the last word of the block. The second-to-last read of DBGDTRTX by that
function will cause the issue of the LDC for the last word. After
switching back to Normal mode and waiting for that instruction to
finish, do a final read of DBGDTRTX to extract the last word into the
buffer, leaving TXFULL=0.
Without this patch, memory accesses are always expanded such that they
are aligned to the access size. With this patch, accesses are issued
exactly as ordered by the caller. The caller is expected to handle
fragments at the beginning and end of the transfer if the address is
unaligned and an unaligned access is not desired.
Without this patch, the DFAR and DFSR registers, which report the
location and status of data faults, are ignored while performing memory
accesses, which could cause problems debugging an OS page fault handler.
With this patch, DFAR and DFSR are preserved across memory accesses, and
DFSR is decoded in the event of a synchronous fault to provide the
caller with more information about the reason for failure.
Thanks to Boris Brezillon for the original patch whose ideas led to the
non-word access mechanism implemented here and to various code reviewers
for their comments.
Change-Id: I11ae7104fbe69a522efadefc705c9a217a7eef41
Signed-off-by: Christopher Head <chead@zaber.com>
Reviewed-on: http://openocd.zylin.com/2381
Tested-by: jenkins
Reviewed-by: Olivier Schonken <olivier.schonken@gmail.com>
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Oleksij Rempel
Alamy Liu
Paul Fertser
Evan Hunter
Matthias Welwarsky
Marc Schink
Oleksij Rempel
Tomas Vanek
Ivan De Cesaris
Uwe Bonnes
Austin Morton
Robert Jordens
Karl Palsson
Uwe Kleine-König
DmitryShpak
Franck Jullien
pierre Kuo
Robert P. J. Day
Christopher Head
Andreas Fritiofson