accidentally invoked return jtag_execute_queue() in the
middle of a fn. Hmm.... I would have expected gcc or
at least lint to catch this.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
the patchup code would get false positives when checking
whether a dbgbase had to be corrected.
The solution is to have autodetect default, with manual override
in scripts.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Could this cause confusion as data sent to write would be flipped
and then if the caller subsequently used the data, e.g. a
compare mismatch might happen?
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Really a Cortex-A specific option, but there is no
system in place to support target specific options
currently and there has been no need for such a system
until now.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The patch below fixes step <address> on mips_m4k.
Spencer Oliver <spen@spen-soft.co.uk>:
The current code is used on all other arch's - is
there a underlying issue with those aswell ?
I don't think dsp563xx_once_read_register() would ever
be called with len==0, but it would have been broken in
that case.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Problem is, trying to print "Hello, world!\n" just prints endless H's, because r1 is never incremented.
One way to fix it would be to add a "++" after "r1".
Fix a bunch of typos.
Most are in code comments, so nothing should break. UNKOWN_COMMAND and
CMD_UNKOWN are not used elsewhere, so correcting the spelling should
also not break anything.
This patch add rudimentary gdb support. The gdb register list
order is corrected. All registers are now 32bit width. Events are
send to signalize gdb the current target status. Resume and step
function was corrected to consider a modified pc register. Read/write
memory now support L memory type, this means a memory with alternating
y/x memory words. The memspace variable, used by gdb, is now observed
before a default memory access is initiated. Dummy functions for breakpoint
and watchpoint are added.
This patch tries to make some order in "apsel" mess.
"dap apsel" command was quite useless (and broken) by itself.
With this patch we can use it to select between AHB or APB memory access
(previous patch 05ab8bdb81 was somehow broken).
- moves member apsel (in struct adiv5_dap) to ap_current
- adds apsel member
this strange choice is made trying to keep coherence in "dap apsel" command
and to keep compatibility with other code (for example cortex_a8).
Signed-off-by: Luca Ellero <lroluk@gmail.com>
This patch move the dsp563xx_target_create function to the
related code block. Also the target examine function was added
and the register cache is initialized in a separate function. The
missing functionality to invalidate the x memory context on memory
writes was also added.
This patch change the return value on a jtag communication error
to TARGET_UNKNOWN because this function should return the current
target status and not a error code from the underlying api call.
Also the validity of the jtag_status is extended to all static
bits in this value.
I've been working on Rodrigo on adding support to flash
Freescale dsp56800e devices and have been looking at the
dsp563xx code. I think the define for the JTAG CLAMP
instruction in dsp563xx_once.c is incorrect. It should
be 0x05 according the Freescale AN2074 (and is also
0x05 in the dsp568xx according to AN1935). It won't
actually change anything in OpenOCD since this define
is not used anywhere (as far as I can tell).
dap_ap_select was used in the code at various points, but that can lead to
confusion, without any knowledge of what AP is really selected at some
points.
Some bugs derive from this (for example md/mw doesn't work well after
issueing "dap apsel" command).
Moving it to arm_adi_v5.c (using mem_ap_sel* functions instead of mem_ap_*)
make the code more clear and more easier to maintain.
In the future it should be made "static" to avoid its use outside arm_adi_v5
One further benefit is the various goto has been removed as well
Signed-off-by: Luca Ellero <lroluk@gmail.com>
This patch adds read/write capability to memory addresses not
accessible through AHB-AP (for example "boot ROM code").
To select AHB or APB, a "dap apsel" command must be issued:
dap apsel 0 -> following memory accesses are through AHB
dap apsel 1 -> following memory accesses are through APB
NOTE: at the moment APB memory accesses are very slow, compared
to AHB accesses. Work has to be done to get it faster (for
example LDR/STR instead od LDRB/STRB)
Signed-off-by: Luca Ellero <lroluk@gmail.com>
Save, select and restore AP in cortex_a9_step and cortex_a9_init_debug_access.
Fixes a bug where the wrong AP is selected after a reset.
Signed-off-by: Aaron Carroll <aaronc@cse.unsw.edu.au>
Hello,
this patch add commands to access to x,y and p memory. For run time optimization some local jtag
function was changed to static inline.
Regards,
Mathias
Hello,
this patch adds the missing cpu registers and the correct read/write register functions and fixed
most of the halt/step/resume issues. The complete missing error propagation was added.
+ fix tab/spaces
Regards,
Mathias
If a handler for the reset-assert event it present, skip the usual reset
handling. This is needed, for example, for board-level resets.
Signed-off-by: Aaron Carroll <aaronc@cse.unsw.edu.au>
ARM Cortex-A9 multi-core chips expose a single TAP/DAP which connects
to both cores. The '-coreid' option selects which core the target
should connect to.
Note that at present, OpenOCD can connect to either core, but not both
simulatenously, until ADI contexts can be shared.
Signed-off-by: Aaron Carroll <aaronc@cse.unsw.edu.au>
ahbap_debugport_init was queueing reads to a local stack variable but
didn't execute the queue before returning. Since the result of the reads
are not used anyway, it's better to pass NULL as the destination instead of
a dummy variable. I changed this throughout the function, even for the
reads that were actually executed.
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Remove extra \n from LOG_DEBUG, LOG_INFO, and LOG_WARNING messages
Remove LOG_INFO_N
LOG_INFO_N was only used once and had a \n at the end
Change LOG_USER_N calls that end with \n to LOG_USER
Add a working area that is preserved between calls to
mips_m4k_bulk_write_memory - this gives us a speed increase
of approx 3kb/sec during flash writes to the pic32mx.
This area is released during a resume/reset.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
We only use the struct working_area member 'free' as a
true/false type so might as well use a bool data type.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Do not propagate error number to user. This is for internal
programming purposes only. Error messages to the user is
reported as text via LOG_ERROR().
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This patch fixes the issue where the OMAP CPU (and possibly others) was mistaken
for iMX51 and therefore had misadjusted debug base.
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
I received a number of "-Wshadow" related warnings (treated as errors) while
trying to build on OS X Leopard. In addition, there were two miscellaneous
other warnings in the flash drivers. Attached are two patches which correct
these issues and the commit messages to accompany them.
My system has the following configuration (taken from uname -a):
Darwin 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009;
root:xnu-1228.15.4~1/RELEASE_I386 i386
=== Werror_patch.txt Commit Message ===
compilation: fixes for -Wshadow warnings on OS X
These changes fix -Wshadow compilation warnings on OS X 10.5.8
Compiled with the following configure command:
../configure --prefix=/usr/local --enable-maintainer-mode --enable-jlink
--enable-ft2232_libftdi
=== flash_patch.txt Commit Message ===
compilation: fixes for flash driver warnings on OS X
These changes fix two compilation warnings on OS X 10.5.8:
../../../../src/flash/nor/at91sam3.c:2767: warning: redundant redeclaration
of 'at91sam3_flash'
../../../../src/flash/nor/at91sam3.c:101: warning: previous declaration of
'at91sam3_flash' was here
and
../../../../src/flash/nor/stmsmi.c:205: warning: format not a string literal
and no format arguments
Compiled with the following configure command:
../configure --prefix=/usr/local --enable-maintainer-mode --enable-jlink
--enable-ft2232_libftdi
===
Andrew
error numbers are only reported at DEBUG log levels and
used internally, they are not part of the user interface.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This piggy backs on JTAG so it's not yet pretty, but that
seems unavoidable so far given today's OpenOCD internals.
SWD init and data transfer are unfinished and untested, but
that should cause no regressions, and will be addressed by
the time drivers start using this infrastructure. Checking
in whould get the code working better sooner, and turn up any
structural/architectural issues while they're easier to fix.
The debug adapter drivers will provide simple SWD driver
structs with methods that kick in as needed (instead of JTAG).
So far just one adapter driver has been updated (not yet
ready to use or circulate).
The biggest issues are probably
- fault handling, where the ARM Debug Interface V5 pipelining
needs work in both JTAG and SWD modes and
- missing rewrite of block I/O code to work on both of our
Cortex-ready transports (Current code is hard-wired to JTAG);
relates also to the pipelining issue.
- omitted support to activate/deactivate SWO/SWV trace (this is
technically trivial, but configuring what to trace is NOT.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
----
doc/openocd.texi | 17 ++
src/jtag/core.c | 3
src/jtag/interface.h | 4
src/jtag/jtag.h | 2
src/jtag/swd.h | 114 +++++++++++++++++++
src/jtag/tcl.c | 2
src/target/adi_v5_swd.c | 281 ++++++++++++++++++++++++++++++++++++++++++++++--
src/target/arm_adi_v5.c | 8 +
src/target/arm_adi_v5.h | 3
9 files changed, 425 insertions(+), 9 deletions(-)
this allows configuration scripts to export a init_targets proc
rather than setting up the target directly.
This allows for new conventions in how to set up target vs. board
script and how to transfer default settings between board and
target scripts.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Hi everyone,
Since a call went out for patches... been sitting on this for months. For some
reason, the xscale trace buffer is automatically disabled as soon as a break
occurs and the trace data is collected. This patch was a result of the
frustration of always re-enabling it, or else hitting a breakpoint and checking
the trace data, only to discover that I forgot to re-enable it before resuming.
Don't see why it should work this way. There is no run-time penalty, AFAIK.
Along the way, I also cleaned up a little by removing the ugly practice of
recording wrap mode by setting the fill count variable to "-1", replacing it
with an enum that records the trace mode.
I've been using this for months. Comments, criticisms gratefully received.
Mike
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Currently the cmd 'cortex_m3 reset_config' will overide the default
target's 'reset_config'.
Chnage the behaviour to use the target 'reset_config' if configured and
fallback if not.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
it's a lie that is somewhere in the vicinity of the
truth. Certainly 64MHz confuses gprof and produces
zero output and no error messages.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
If the CPU crashed at some point, poll will discover this.
Previously the poll fn would clear the error and print a warning,
rather than propagating the error.
The new behavior is to report the error back up, but still
clear the error.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Implement autodetection of debug base. Also, implement a function solving
various hardware quirks (like iMX51 ROM Table location bug).
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
This patch implements "dap_lookup_cs_component()", which allows to lookup CS
component by it's identification.
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
This patch adds function called "dap_detect_debug_base()", which should be
called to get location of the ROM Table. By walking ROM Table, it's possible to
discover the location of DAP.
Sadly, some CPUs misreport this value, therefore I had to introduce an fixup
table, which will be used in case such CPU is detected.
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
So far most of the people have been using existing ARM966E in the
place of ARM946E, because they have practically the same scan chains.
However, ARM946E has caches, which further complicates JATG handling
via scan-chain. this was preventing single-stepping for ARM946E when
SW breakpoints are used.
This patch thus introduces :
1) Correct cache handling on memory write
2) Possibility to flush whole cache and turn it off during debug, or
just to flush affected lines (faster and better)
3) Correct SW breakpoint handling and correct single-stepping
4) Corrects the bug on CP15 read and write, so CP15 values
are now correctly R/W
Collect variable definitions.
Report syntax error to command dispatcher.
Propagate error when unable to open file.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
short story: if the JTAG clock is too high, then the
behavior will be flaky and kludging the code may
seem to make things beter, but really it's just a red
herring.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Hi everyone,
A while back I sent in a patch that adds support for watchpoint lengths greater
than four on xscale. It's been working well, until the other day, when it
caused an unexpected debug exception. Looking into this I realized there is a
case where it breaks: when the length arg is greater than the base address.
This is a consequence of the way the hardware works. Don't see a work-around,
so I added code to xscale_add_watchpoint() to check for and disallow this
combination.
Some more detail... xscale watchpoint hardware does not support a length
directly. Instead, a mask value can be specified (not to be confused with the
optional mask arg to the wp command, which xscale does not support). Any bits
set in the mask are ignored when the watchpoint hardware compares the access
address to the watchpoint address. So as long as the length is a power of two,
setting the mask to length-1 effectively specifies the length. Or so I thought,
until I realized that if the length exceeds the base address, *all* bits of the
base address are ignored by the comaparator, and the watchpoint range
effectively becomes 0 .. length.
Questions, comments, criticisms gratefully received.
Thanks,
Mike
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Hi everyone,
Added more LOG_ERROR messsages to watchpoint and breakpoint code, given that the
infrastructure no longer interprets returned error codes. Also changed
existing LOG_INFO and LOG_WARNING to LOG_ERROR for cases where an error is
returned.
Note that the check of the target state is superflous, since the infrastruture
code currently checks this before calling target code. Is this being
reconsidered as well? Also, should we stop returning anything other than
ERROR_OK and ERROR_FAIL?
Comments gratefully received.
Thanks,
Mike
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
do not try to interpret "retval" into a string, just
amend a bit about the context of the already reported
error.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Hi everyone,
Version 2 of this patch. Code added to breakpoints.c was removed from previous
patch, and item 3 added, per discussion with Øyvind regarding error reporting.
Item 4 added, which I just noticed.
I tried to use a software breakpoint in thumb code on the xscale for the first
time recently, and was surprised to find that it didn't work. The result was
this patch, which does four things:
1): fix trivial cut-n-paste error that caused thumb breakpoints to not work
2): call xscale_set_breakpoint() from xscale_add_breakpoint()
3): log error on data abort in xscale_write_memory()
4): fixed incorrect error code returned by xscale_set_breakpoint() when no
breakpoint register is available; added comment
Item 2 not only makes the xscale breakpoint code consistent with other targets,
but also alerts the user immediately if an error occurs when writing the
breakpoint instruction to target memory (previously, xscale_set_breakpoint() was
not called until execution resumed). Also, calling xscale_breakpoint_set() as
part of the call chain starting with handle_bp_command() and propagating the
return status back up the chain avoids the situation where OpenOCD "thinks" the
breakpoint is set when in reality an error ocurred.
Item 3 provides a helpful message for a common reason for failure to set sw
breakpoint.
This was thoroughly tested, mindful of the fact that breakpoint management is
somewhat dicey during single-stepping.
Comments and criticisms of course gratefully received.
Mike
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Hi everyone,
I figured since I was poking around in the breakpoint code on other arches, I'd
add this change to those arches that don't do it already. This patch propagates
the return code of <arch>_set_breakpoint() up the call stack. This ensures that
the higher layer breakpoint infrastructure is aware that an error ocurred, in
which case the breakpoint is not recorded.
Normally I wouldn't touch code that I can't test, but the code is very
uniform across architectures, and the change is rather benign, so I figured
after careful inspection that it is safe. If the maintainers or others think
this is imprudent, the patch can be dropped.
Also changed the error code to something more appropriate in two cases where
hardware resources are unavailable.
Comments and criticisms of course gratefully received.
Mike
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Hi everyone,
This simple patch fixes a problem I noticed on the xscale where incorrect values
are sometimes reported by the reg command. The problem can occur when
requesting the value of registers in the xscale-specific register cache. With a
couple of exceptions, none of the registers in the xscale register cache are
automatically retrieved on debug entry. This is probably fine, as they are
unlikely to be needed on a regular basis during a typical debug session, and
they can be retrieved when explicitly requested by name using the reg command.
The problem is that once this is done, the register remains marked as valid for
the remainder of the OpenOCD session, and the reg command will henceforth always
report the same value because it is obtained from the cache and is never again
retrieved from the debug handler on the target.
The fix is to mark all registers in the xscale register cache as invalid on
debug entry (before the two exceptions are retrieved), thus forcing retrieval
(when requested) from the target across resumptions in execution, and avoiding
the reporting of stale values.
Small addition change by Øyvind: change 'i' to unsigned to fix compiler
warning for xscale_debug_entry() fn.
Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This new cmd adds the ability to choose the Cortex-M3
reset method used.
It defaults to using SRST for reset if available otherwise
it falls back to using NVIC VECTRESET. This is known to work
on all cores.
Move any luminary specific reset handling to the stellaris cfg file.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
committed so as to ease cooperation and to let it be improved
over time.
So far it supports:
- halt/resume
- registers inspection
- memory inspection/modification
I'm still getting up to speed with OpenOCD internals and AVR32 so code is a little
bit messy and I'd appreciate any feedback.
ocd_ prefix is used internally in OpenOCD as a kludge more
or less to deal with the two kinds of commands that OpenOCD
has.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
if polling is off, then "reset run + halt" would fail
since halt incorrectly assumed the target was in the
reset state as it is the internal poll implementation
that moves the sw tracking of the target state out
of the reset state.
To reproduce:
> reset run; halt
JTAG tap: zy1000.cpu tap/device found: 0x1f0f0f0f (mfg: 0x787, part: 0xf0f0, ver: 0x1)
BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
back-off algorithm for polling. Double polling
interval up to 5000ms when it fails.
when polling succeeds, reset backoff.
This avoids flooding logs(as much) when working
with conditions where the target polling will fail.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
It is useful to know that the printed errors are *all* the
errors there were.
Added missing error handling(found by inspection).
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
As the mips32 uses instruction breakpoints for algorithms we do not really
need to check the pc on exit.
This now matches the behaviour of the arm codebase.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
As the armv7m uses instruction breakpoints for algorithms we do not really
need to check the pc on exit.
This now matches the behaviour of the arm4_5 codebase.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Update the arm_checksum_memory and arm_blank_check_memory
algorithms to use a breakpoint instruction on v5 arch.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Use addition for offsetting, not masking. Shorten some lines.
Make "component_start" print-only (unused otherwise; don't save).
Still doesn't resolve the issue where multiple components
are wrongly displaying as NVICs on some Cortex-M3 parts because
many PIDs appear to be zeroes ... maybe adapter related??
Signed-off-by: David Brownell <db@helium.(none)>
Mask the upper bits after 32-bit reads.
Alsoo revert the ugly changes to use PRIx32; just cast to unsized
integers when printing (two chars not eight).
Signed-off-by: David Brownell <db@helium.(none)>
This reverts the incorrect change made to the arm9 cmd group in commit
d1eca9a74c.
The code now matches the docs and the release notes.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
The code did not transfer the last word in no-ack transfers.
The strange thing is that this did not lead to any
observable errors.
This gaffe was introduced in commit 1f5883ea56
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Review allocation of error numbers in openocd
to avoid overlap.
Put brackets around negative numbers to avoid
issues during macro expansion.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Memory read/writes to virtual memory, requires that the CPU is
halted.
Use 'phys' option to write to memory while target is running.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
when locking the debug access fails on the first try, it's a
bit noisy, so print out message that it succeeded on second try.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Add "static" qualifier to private functions.
Move duplicated global declarations from "target/avrt.c"
and "nor/avrf.c" to "target/avrt.h".
Remove unused declarations form "nor/avrf.c".
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
normal code should not call jtag_get_error(), but rather check
the return code from jtag_execute_queue().
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
failure to write to memory was not propagated.
This is an interesting case of broken error handling:
with exceptions we wouldn't have had this at all,
and I also wonder if there is a GCC option to warn
about these kinds of potential bugs.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Parameter "type" of function armv4_5_mmu_translate_va()
is now not used.
Remove the parameter and the "enum" listing its values.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Function armv4_5_mmu_translate_va() now properly signals
errors in the return value.
Remove former error handling by setting variable "type" to
value "-1".
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Function arm920t_write_memory() default return value
should be ERROR_OK.
All cases of local errors are handled immediately and
not further propagated.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Commit 0538081246
introduces a compile time warning:
arm920t.c: In function ‘arm920t_write_memory’:
arm920t.c:567: warning: ‘retval’ may be used uninitialized in this function
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
ETM analyze produced no output when the trace buffer was empty.
This patch provides users with a clue.
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
We request a id register read at the end of ahbap_debugport_init
but we never actually run the queue. In some cases this causes a
segfault.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
This second half of the patch is proposed to clean up some GDB keep alive
issues on arm7_9 targets that start up with very slow clocks. If an attempt
is made to write to key registers on the processor with a slow jtag speed,
GDB timeout warnings appear on the console (at least mine) when "reset halt"
or "reset init" commands are issued from the gdb client:
*** BEFORE PATCH ***
(gdb) monitor reset init
fast memory access is disabled
2 kHz
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1026). Workaround: increase "set remotetimeout" in GDB
JTAG tap: at91sam9g20.cpu tap/device found: 0x0792603f (mfg: 0x01f, part:
0x7926, ver: 0x0)
target state: halted
target halted in ARM state due to breakpoint, current mode: Supervisor
cpsr: 0x000000d3 pc: 0x00000000
MMU: disabled, D-Cache: disabled, I-Cache: disabled
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1027). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1006). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1006). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1006). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1004). Workaround: increase "set remotetimeout" in GDB
RCLK - adaptive
dcc downloads are enabled
fast memory access is enabled
NAND flash device 'NAND 256MiB 3,3V 8-bit' found
(gdb)
I added additional keep alive steps in areas that troubleshooting revealed
were causing problems. I only did this however for non-fast write memory
accesses. I don't think most people would be using fast memory accesses to
write to memory when the jtag and system clocks are slow anyway.
If you disagree with my feeling, think there is a more elegant way to handle
the problem, or think the patch will cause other unforeseen problems with
other targets, let me know. As you can see below, the patch does eliminate
the problem on my development station and I suspect that it will benefit
others.
*** AFTER PATCH ***
(gdb) monitor reset init
fast memory access is disabled
2 kHz
JTAG tap: at91sam9g20.cpu tap/device found: 0x0792603f (mfg: 0x01f, part:
0x7926, ver: 0x0)
target state: halted
target halted in ARM state due to breakpoint, current mode: Supervisor
cpsr: 0x000000d3 pc: 0x00000000
MMU: disabled, D-Cache: disabled, I-Cache: disabled
RCLK - adaptive
dcc downloads are enabled
fast memory access is enabled
NAND flash device 'NAND 256MiB 3,3V 8-bit' found
(gdb)
Gary Carlson
Gary Carlson, MSEE
Principal Engineer
Carlson-Minot Inc.
Change download rate messages about kibibytes from "kb/s" to "KiB/s" units.
See: http://en.wikipedia.org/wiki/Data_rate_units
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
There are a million reasons why cached protection state might
be stale: power cycling of target, reset, code executing on
the target, etc.
The "flash protect_check" command is now gone. This is *always*
executed when running a "flash info".
As a bonus for more a more robust approach, lots of code could
be deleted.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Various commands, e.g. "arm mcr xxxx" would fail if invoked upon startup
since it there was no command context defined for the jim interpreter
in that case.
A Jim interpreter is now associated with a command context(telnet,
gdb server's) or the default global command context.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
target memory allocation can be implemented not to show
bogus error messages.
E.g. when trying a big allocation first and then a
smaller one if that fails.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This patch adds support for the length argument to the xscale implementation of
the wp command. Per discussion with David, the length argument specifies the
range of addresses over which a memory access should generate a debug exception.
This patch utilizes the "mask" feature of the xscale debug hardware to implement
the correct functionality of the length argument. Some limitations imposed by
the hardware are:
- The length must be a power of two, with a minumum of 4.
- Two data breakpoint registers are available, allowing for two watchpoints.
However, if the length of a watchpoint is greater than four, both registers
are used (the second for a mask value), limiting the number of watchpoints
to one.
This patch also removes a useless call to xscale_get_reg(dbcon) in
xscale_set_watchpoint() (value had already been read from the register cache,
and the same previously read value is then modified and written back).
I have been using and testing this patch for a couple days.
Questions, corrections, criticisms of course gratefully received.
This patch fixes the xscale_analyze_trace() function. This function was
defective for a trace collected in 'fill' mode (hiccups with repeated
instructions) and completely broken when buffer overflowed in 'wrap' mode. The
reason for the latter case is that the checkpoint registers were interpreted
incorrectly when two checkpoints are present in the trace (which will be true in
'wrap' mode once the buffer fills). In this case, checkpoint1 register will
contain the older entry, and checkpoint0 the newer. The original code assumed
the opposite. I eventually gave up trying to understand all the logic of the
function, and rewrote it. I think it's much cleaner and understandable now. I
have been using and testing this for a few weeks now. I'm confident it hasn't
regressed in any way.
Also added capability to handle (as best as possible) the case where an
instruction can not be read from the loaded trace image; e.g., partial image.
This was a 'TODO' comment in the original xscale_analyze_trace().
Outside of xcsale_analyze_trace(), these (related) changes were made:
- Remove pc_ok and current_pc elements from struct xscale_trace. These elements
and associated logic are useless clutter because the very first entry placed
in the trace buffer is always an indirect jump to the address at which
execution resumed. This type of trace entry includes the literal address in
the trace buffer, so the initial address of the trace is immediately
determined from the trace buffer contents and does not need to be recorded
when trace is enabled.
- Added num_checkpoints to struct xscale_trace_data, which is necessary in order
to correctly interpret the checkpoint register contents.
- In xscale_read_trace()
- Fix potential array out-of-bounds condition.
- Eliminate partial address entries when parsing trace (can occur in wrap mode).
- Count and record number of checkpoints in trace.
- Added small, inlined utility function xscale_display_instruction() to help
make the code more concise and clear.
TODO:
- Save processor state (arm or thumb) in struct xscale_trace when trace is
enabled so that trace can be analyzed correctly (currently assumes arm mode).
- Add element to struct xscale_trace that records (when trace is enabled)
whether vector table is relocated high (to 0xffff0000) or not, so that a
branch to an exception vector is traced correctly (curently assumes vectors
at 0x0).
+ virt2phys() can now convert virtual address to real
+ read_memory() and write_memory() are renamed to read_phys_memory()
and write_phys_memory()
+ new read_memory() and write_memory() try to resolve real address if
mmu is enambled than perform real address reading/writing
+ if address is bellow 0xc000000 than TTB0 is used for page table
dereference, if above - than TTB1. Linux style of user/kernel address
separation
+ if above fails (i.e address is unspecified) than mode is checked
whether it is Supervisor (than TTB1) or User (than TTB0)
- Software breakpoints doesn't work. You should invoke
"gdb_breakpoint_override hard" before you start debugging
+ cortex_a8_mmu(), cortex_a8_enable_mmu_caches(),
cortex_a8_disable_mmu_caches() are implemented
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
I'm not sure what caused this significant character to get deleted.
it may be related to intermittent Editor or terminal flakes I've
been seeing lately (sigh). This fix is trivial.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Fixing one bug can easily uncover another .... in this case,
making sure that we properly invalidate some cached NOR state when
resuming arbitrary target code turned up an issue when the code
wasn't quite arbitrary (and we couldn't know that, but some parts
of OpenOCD assumed the cache would not be invalidated.
Specifically: some flash drivers (like CFI) update that state in loops
with downloaded algorithms, thus invalidating the state as it's probed.
+ Add a new target state flag, to record whether the target is
running downloaded algorithm code.
+ Use that flag to add a special case: "trust" downloaded algorithms
not to corrupt that cached state, bypassing cache invalidation.
Also update some of the documentation to stipulate that this flavor of
trustworthiness is now *required* ... not just a fortuitous acident.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
For some reason there are *two* schemes for interposing logic into
the run_algorithm() code path... One is a standard procedural wapper
around the target method invocation.
the other (superfluous) one hacked the method table by splicing
a second procedural wrapper into the method table. Remove it:
* Rename its slightly-more-featureful wrapper so it becomes
the standard procedural wrapper, leaving its added logic
(where it should have been in the first place.
Also add a paranoia check, to report targets that don't
support algorithms without traversing a NULL pointer, and
tweak its code structure a bit so it's easier to modify.
* Get rid of the superfluous/conusing method table hacks.
This is a net simplification, making it simpler to analyse what's
going on, and then interpose logic . ... by ensuring there's only one
natural place for it to live.
------------
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Problem: halt at a breakpoint, enable trace buffer ('xscale trace_buffer enable
fill'), then resume. Wait for debug exception when trace buffer fills (if not
sooner due to another breakpoint, vector catch, etc). Instead, never halts.
When halted explicitly from OpenOCD and trace buffer dumped, it contains only
one entry; a branch to the address of the original breakpoint. If the above
steps are repeated, except that the breakpoint is removed before resuming, the
trace buffer fills and the debug exception is generated, as expected.
Cause: related to how a breakpoint is stepped over on resume. The breakpoint is
temporarily removed, and a hardware breakpoint is set on the next instruction
that will execute. xscale_debug_entry() is called when that breakpoint hits.
This function checks if the trace buffer is enabled, and if so reads the trace
buffer from the target and then disables the trace (unless multiple trace
buffers are specified by the user when trace is enabled). Thus you only trace
one instruction before it is disabled.
Solution: kind of a hack on top of a hack, but it's simple. Anything better
would involve some refactoring. This has been tested and trace now works as
intended, except that the very first instruction is not part of the trace when
resuming from a breakpoint.
TODO: still many issues with trace: doesn't work during single-stepping (trace
buffer is flushed each step), 'xscale analyze_trace' works only marginally for
a trace captured in 'fill' mode, and not at all for a trace captured in 'wrap'
mode.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
I don't know when "poll off" broke, but "poll off" didn't
stop background polling of target. The polling status flag
simply wasn't checked in the handle_target timer callback.
All target polling(including power/reset state) is now stopped
upon "poll off".
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This patch fixes xscale software breakpoints by cleaning the dcache and
invalidating the icache after the bkpt instruction is inserted or removed. The
icache operation is necessary in order to flush the fetch buffers, even if the
icache is disabled (see section 4.2.7 of the xscale core developer's manual).
The dcache is presumed to be enabled; no harm done if not. The dcache is also
invalidated after cleaning in order to safeguard against a future load of
invalid data, in the event that cache_clean_address points to memory that is
valid and in use.
Also corrected a confusing typo I noticed in a comment.
TODO (or not TODO...?): the xscale's 2K "mini dcache" is not cleaned. This
cache is not used unless the 'X' bit in the page table entry is set. This is a
proprietary xscale extension to the ARM architecture. If a target's OS or
executive makes use of this for memory regions holding code, the breakpoint
problem will persist. Flushing the mini dcache requires that 2K of valid
cacheable memory (mapped with 'X' bit set) be designated by the user for this
purpose. The debug handler that gets downloaded to the target will also need to
be extended.
the handling of caches, should be moved into the breakpoint
specific callbacks rather than being plonked into generic
memory write fn's.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
By a bit of code inspection it seems like all of these
instances of jtag_get_end_state() can be unambigously
replaced by constants.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Fix problem with the xscale icache and dcache commands. Both commands were
enabling or disabling the mmu, not the caches
I didn't look any further after my earlier patch fixed the trivial problem
with command argument parsing. Turns out the underlying code was broken.
The resolution is straightforward when you look at the arguments to
xscale_enable_mmu_caches() and xscale_disable_mmu_caches(). I finally
took a deeper look after dumping the cp15 control register (XSCALE_CTRL)
and seeing that the cache bits weren't changing, but the mmu bit was
(which caused all manner of grief, as you can imagine). This has been
tested and works OK now.
src/target/xscale.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
So don't use the name "swjdp" for all DAPs; rename to
plain old "dap", which *is* always correct.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Not sure how the original "move code to adi_v5_swd.c" patch left
some code in the "arm_adi_v5.c" file, but a recent patch was only
a partial fix -- it didn't remove all the duplication.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
jtag_get/set_end_state() is now deprecated.
There were lots of places in the code where the end state was
unintentionally modified.
The big Q is whether there were any places where the intention
was to modify the end state. 0.5 is a long way off, so we'll
get a fair amount of testing.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
A fn was copied instead of moved to a new file. The linker
can discard exact copies of fn's without warning.
This is a C++'ism.
However on my Ubuntu 9.10 machine, it fails.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The PIC32MX does not support the ejtag software reset - it is
optional in the ejtag spec.
We perform the equivalent using the microchip specific MTAP cmd's.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
The mips_m4k_assert_reset has now been restructured
so the variant ejtag_srst is not required anymore.
The ejtag software reset will be used if the target does not
have srst connected.
Remove ejtag_srst from docs.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Unused. If something should happen after context restore, then the
calling code can just do it afterwards.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Unclutter arm_adi_v5.c by moving most transport-specific code
to a transport-specific files adi_v5_{jtag,swd}.c ... it's not
a full cleanup, because of some issues which need to be addressed
as part of SWD support (along with implementing the DAP operations
on top of SWD transport):
- The mess where mem_ap_read_buf_u32() is currently coded to
know about JTAG scan chains, and thus needs rewriting before
it will work with SWD;
- Initialization is still JTAG-specific
Also move JTAG_{DP,ACK}_* constants from adi_v5.h to the JTAG
file; no other code should care about those values.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Fixes bug that prevented users from specifying a base address of
0x80000000 or higher in image commands (flash write_image, etm image,
xscale trace_image).
image.base_address is an offset from the start address contained in
the image file (if there is one), or from 0 (for binary files). As a
signed 32-bit int, it couldn't be greater than 0x7fffffff, which is a
problem when trying to write a binary file to flash above that
address. Changing it to a 64-bit long long keeps it as a signed
offset, but allows it to cover the entire 32-bit address space.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Simple patch that fixes the broken xscale icache and dcache commands.
This broke when the helper functions and macros were changed.
[ dbrownell@users.sourceforge.net: don't use strcasecmp ]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Add flash algorithm support for the PIC32MX.
Still a few things todo but this dramatically decreases
the programing time, eg. approx programming for 2.5k test file.
- without fastload: 60secs
- with fastload: 45secs
- with fastload and algorithm: 2secs.
Add new devices to supported list.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
In the code a single field was all that was ever used. Makes
jtag_add_ir_scan() simpler and leaves more complicated stuff
to jtag_add_plain_ir_scan().
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
jtag_add_dr/ir_scan() now takes the tap as the first
argument, rather than for each of the fields passed
in.
The code never exercised the path where there was
more than one tap being scanned, who knows if it even
worked.
This simplifies the implementation and reduces clutter
in the calling code.
use jtag_add_ir/dr_plain_scan() for more fancy situations.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Get rid of needless and undesirable code duplication for
all the DAP commands (resolving a FIXME) ... there's no
need for coreas to have private copies of that stuff.
Stick a pointer to the DAP in "struct arm", letting common
code get to it.
Also rename the "swjdp_info" symbol; just call it "dap".
This is an overall code shrink.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This partially corrects an inappropriate name choice (and its
associated FIXME).
There are still too many variables named "swjdp", bug little
current code actually relies on them referencing an SWJ-DP instead
of some other flavor of DAP. Only the two new dap_to{swd,jtag}()
calls could behave differently on an SWJ-DP instead of a SW-DP or
a JTAG-DP.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The NOR infrastructure caches some per-sector state, but
it's not used much ... because the cache is not trustworthy.
This patch addresses one part of that problem, by ensuring
that state cached by NOR drivers gets invalidated once we
resume the target -- since targets may then modify sectors.
Now if we see sector protection or erase status marked as
anything other than "unknown", we should be able to rely
on that as being accurate. (That is ... if we assume the
drivers initialize and update this state correctly.)
Another part of that problem is that the cached state isn't
much used (being unreliable, it would have been unsafe).
Those issues can be addressed in later patches.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Make ADIv5 internals use the two new transport-neutral calls for reading
and writing DP registers; and do the same for external callers. Also,
bugfix some of their call sites to handle the fault returns, instead of
ignoring them.
Remove most of the JTAG-specific calls, using their code as the bodies
of the JTAG-specific implementation for the new methods.
NOTE that there's a remaining issue: mem_ap_read_buf_u32() makes calls
which are JTAG-specific. A later patch will need to remove those, so
JTAG-specific operations can be removed from this file, and so that SWD
support will be able to properly drop in as just a transport layer to the
ADIv5 infrastructure. (The way read results are posted may need some more
attention in the transport-neutrality interface.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Make ADIv5 internals use the two new transport-neutral calls for reading
and writing DP registers. Also, bugfix some of their call sites to
handle the fault returns, instead of ignoring them.
Remove the old JTAG-specific calls, using their code as the bodies
of the JTAG-specific implementation for the new methods.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Make ADIv5 use one of the new transport-neutral interfaces: call
dap_run(), not jtagdp_transaction_endcheck().
Also, make that old interface private; and bugfix some of its call
sites to handle the fault returns, instead of ignoring them.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Michel JAOUEN
Drasko DRASKOVIC
Øyvind Harboe
Andrew Lyon
Mathias K
John and Tina Peterson
Uwe Hermann
Luca Ellero
Phil Fong
Spencer Oliver
Aaron Carroll
Andreas Fritiofson
Eric Wetzel
Marek Vasut
Andrew MacIsaac
David Brownell
Mike Dunn
ddraskovic
Peter Stuge
Antonio Borneo
Oleksandr Tymoshenko
Edgar Grimberg
Jon Povey
Gary Carlson
Jun Ma
Anton Fedotov
Daniel Bäder
Bradey Honsinger