#include #include #include #ifdef HAVE_CONFIG_H #include "config.h" #endif #include "target.h" #include "target_type.h" #include "log.h" #include "jtag/jtag.h" #include "opcodes.h" #include "register.h" #include "breakpoints.h" /** * Since almost everything can be accomplish by scanning the dbus register, all * functions here assume dbus is already selected. The exception are functions * called directly by OpenOCD, which can't assume anything about what's * currently in IR. They should set IR to dbus explicitly. */ #define get_field(reg, mask) (((reg) & (mask)) / ((mask) & ~((mask) << 1))) #define set_field(reg, mask, val) (((reg) & ~(mask)) | (((val) * ((mask) & ~((mask) << 1))) & (mask))) #define DIM(x) (sizeof(x)/sizeof(*x)) #define CSR_TDRSELECT 0x7a0 #define CSR_TDRDATA1 0x7a1 #define CSR_TDRDATA2 0x7a2 #define CSR_TDRDATA3 0x7a3 #define CSR_BPCONTROL_X (1<<0) #define CSR_BPCONTROL_W (1<<1) #define CSR_BPCONTROL_R (1<<2) #define CSR_BPCONTROL_U (1<<3) #define CSR_BPCONTROL_S (1<<4) #define CSR_BPCONTROL_H (1<<5) #define CSR_BPCONTROL_M (1<<6) #define CSR_BPCONTROL_BPMATCH (0xf<<7) #define CSR_BPCONTROL_BPACTION (0xff<<11) #define DEBUG_ROM_START 0x800 #define DEBUG_ROM_RESUME (DEBUG_ROM_START + 4) #define DEBUG_ROM_EXCEPTION (DEBUG_ROM_START + 8) #define DEBUG_RAM_START 0x400 #define SETHALTNOT 0x10c /*** JTAG registers. ***/ #define DTMINFO 0x10 #define DTMINFO_ADDRBITS (0xf<<4) #define DTMINFO_VERSION (0xf) #define DBUS 0x11 #define DBUS_OP_START 0 #define DBUS_OP_SIZE 2 typedef enum { DBUS_OP_NOP = 0, DBUS_OP_READ = 1, DBUS_OP_WRITE = 2, DBUS_OP_CONDITIONAL_WRITE = 3 } dbus_op_t; typedef enum { DBUS_STATUS_SUCCESS = 0, DBUS_STATUS_NO_WRITE = 1, DBUS_STATUS_FAILED = 2, DBUS_STATUS_BUSY = 3 } dbus_status_t; #define DBUS_DATA_START 2 #define DBUS_DATA_SIZE 34 #define DBUS_ADDRESS_START 36 typedef enum { RE_OK, RE_FAIL, RE_AGAIN } riscv_error_t; /*** Debug Bus registers. ***/ #define DMCONTROL 0x10 #define DMCONTROL_INTERRUPT (((uint64_t)1)<<33) #define DMCONTROL_HALTNOT (((uint64_t)1)<<32) #define DMCONTROL_BUSERROR (7<<19) #define DMCONTROL_SERIAL (3<<16) #define DMCONTROL_AUTOINCREMENT (1<<15) #define DMCONTROL_ACCESS (7<<12) #define DMCONTROL_HARTID (0x3ff<<2) #define DMCONTROL_NDRESET (1<<1) #define DMCONTROL_FULLRESET 1 #define DMINFO 0x11 #define DMINFO_ABUSSIZE (0x7f<<25) #define DMINFO_SERIALCOUNT (0xf<<21) #define DMINFO_ACCESS128 (1<<20) #define DMINFO_ACCESS64 (1<<19) #define DMINFO_ACCESS32 (1<<18) #define DMINFO_ACCESS16 (1<<17) #define DMINFO_ACCESS8 (1<<16) #define DMINFO_DRAMSIZE (0x3f<<10) #define DMINFO_AUTHENTICATED (1<<5) #define DMINFO_AUTHBUSY (1<<4) #define DMINFO_AUTHTYPE (3<<2) #define DMINFO_VERSION 3 /*** Info about the core being debugged. ***/ #define DBUS_ADDRESS_UNKNOWN 0xffff // gdb's register list is defined in riscv_gdb_reg_names gdb/riscv-tdep.c in // its source tree. We must interpret the numbers the same here. enum { REG_XPR0 = 0, REG_XPR31 = 31, REG_PC = 32, REG_FPR0 = 33, REG_FPR31 = 64, REG_CSR0 = 65, REG_CSR4095 = 4160, REG_PRIV = 4161, REG_COUNT }; #define MAX_HWBPS 16 #define DRAM_CACHE_SIZE 16 struct memory_cache_line { uint32_t data; bool valid; bool dirty; }; typedef struct { /* Number of address bits in the dbus register. */ uint8_t addrbits; /* Width of a GPR (and many other things) in bits. */ uint8_t xlen; /* Number of words in Debug RAM. */ unsigned int dramsize; uint32_t dcsr; uint32_t dpc; struct memory_cache_line dram_cache[DRAM_CACHE_SIZE]; struct reg *reg_list; /* Single buffer that contains all register names, instead of calling * malloc for each register. Needs to be freed when reg_list is freed. */ char *reg_names; /* Single buffer that contains all register values. */ void *reg_values; // For each physical hwbp, contains ~0 if the hwbp is available, or the // unique_id of the breakpoint that is using it. uint32_t hwbp_unique_id[MAX_HWBPS]; // This value is incremented every time a dbus access comes back as "busy". // It's used to determine how many run-test/idle cycles to feed the target // in between accesses. unsigned int dbus_busy_delay; // This value is incremented every time we read the debug interrupt as // high. It's used to add extra run-test/idle cycles after setting debug // interrupt high, so ideally we never have to perform a whole extra scan // before the interrupt is cleared. unsigned int interrupt_high_delay; // This cache is write-through, and always valid when the target is halted. uint32_t gpr_cache[32]; } riscv_info_t; typedef struct { bool haltnot; bool interrupt; } bits_t; /*** Necessary prototypes. ***/ static int riscv_poll(struct target *target); /*** Utility functions. ***/ static uint8_t ir_dtminfo[1] = {DTMINFO}; static struct scan_field select_dtminfo = { .in_value = NULL, .out_value = ir_dtminfo }; static uint8_t ir_dbus[1] = {DBUS}; static struct scan_field select_dbus = { .in_value = NULL, .out_value = ir_dbus }; static uint8_t ir_debug[1] = {0x5}; static struct scan_field select_debug = { .in_value = NULL, .out_value = ir_debug }; #define DEBUG_LENGTH 264 static uint16_t dram_address(unsigned int index) { if (index < 0x10) return index; else return 0x40 + index - 0x10; } static void increase_dbus_busy_delay(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; info->dbus_busy_delay++; LOG_INFO("Increment dbus_busy_delay to %d", info->dbus_busy_delay); } static void increase_interrupt_high_delay(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; info->interrupt_high_delay++; LOG_INFO("Increment interrupt_high_delay to %d", info->interrupt_high_delay); } static void add_dbus_scan(struct target *target, struct scan_field *field, uint8_t *out_value, uint8_t *in_value, dbus_op_t op, uint16_t address, uint64_t data) { riscv_info_t *info = (riscv_info_t *) target->arch_info; LOG_DEBUG("op=%d address=0x%02x data=0x%09" PRIx64, op, address, data); field->num_bits = info->addrbits + DBUS_OP_SIZE + DBUS_DATA_SIZE; field->in_value = in_value; field->out_value = out_value; buf_set_u64(out_value, DBUS_OP_START, DBUS_OP_SIZE, op); buf_set_u64(out_value, DBUS_DATA_START, DBUS_DATA_SIZE, data); buf_set_u64(out_value, DBUS_ADDRESS_START, info->addrbits, address); jtag_add_dr_scan(target->tap, 1, field, TAP_IDLE); // TODO: 1 should come from the dtminfo register int idle_count = 1 + info->dbus_busy_delay; if (data & DMCONTROL_INTERRUPT) { idle_count += info->interrupt_high_delay; } jtag_add_runtest(idle_count, TAP_IDLE); } static dbus_status_t dbus_scan(struct target *target, uint16_t *address_in, uint64_t *data_in, dbus_op_t op, uint16_t address_out, uint64_t data_out) { riscv_info_t *info = (riscv_info_t *) target->arch_info; uint8_t in[8] = {0}; uint8_t out[8]; struct scan_field field = { .num_bits = info->addrbits + DBUS_OP_SIZE + DBUS_DATA_SIZE, .out_value = out, .in_value = in }; assert(info->addrbits != 0); buf_set_u64(out, DBUS_OP_START, DBUS_OP_SIZE, op); buf_set_u64(out, DBUS_DATA_START, DBUS_DATA_SIZE, data_out); buf_set_u64(out, DBUS_ADDRESS_START, info->addrbits, address_out); /* Assume dbus is already selected. */ jtag_add_dr_scan(target->tap, 1, &field, TAP_IDLE); jtag_add_runtest(1, TAP_IDLE); int retval = jtag_execute_queue(); if (retval != ERROR_OK) { LOG_ERROR("dbus_scan failed jtag scan"); return retval; } if (data_in) { *data_in = buf_get_u64(in, DBUS_DATA_START, DBUS_DATA_SIZE); } if (address_in) { *address_in = buf_get_u32(in, DBUS_ADDRESS_START, info->addrbits); } static const char *op_string[] = {"nop", "r", "w", "cw"}; static const char *status_string[] = {"+", "nw", "F", "b"}; /* LOG_DEBUG("vvv $display(\"hardware: dbus scan %db %s %01x:%08x @%02x -> %s %01x:%08x @%02x\");", field.num_bits, op_string[buf_get_u32(out, 0, 2)], buf_get_u32(out, 34, 2), buf_get_u32(out, 2, 32), buf_get_u32(out, 36, info->addrbits), status_string[buf_get_u32(in, 0, 2)], buf_get_u32(in, 34, 2), buf_get_u32(in, 2, 32), buf_get_u32(in, 36, info->addrbits)); */ LOG_DEBUG("dbus scan %db %s %01x:%08x @%02x -> %s %01x:%08x @%02x", field.num_bits, op_string[buf_get_u32(out, 0, 2)], buf_get_u32(out, 34, 2), buf_get_u32(out, 2, 32), buf_get_u32(out, 36, info->addrbits), status_string[buf_get_u32(in, 0, 2)], buf_get_u32(in, 34, 2), buf_get_u32(in, 2, 32), buf_get_u32(in, 36, info->addrbits)); //debug_scan(target); return buf_get_u32(in, DBUS_OP_START, DBUS_OP_SIZE); } static uint64_t dbus_read(struct target *target, uint16_t address) { uint64_t value; dbus_status_t status; uint16_t address_in; do { do { status = dbus_scan(target, &address_in, &value, DBUS_OP_READ, address, 0); } while (status == DBUS_STATUS_BUSY); } while (address_in != address); return value; } static void dbus_write(struct target *target, uint16_t address, uint64_t value) { dbus_status_t status = DBUS_STATUS_BUSY; while (status == DBUS_STATUS_BUSY) { status = dbus_scan(target, NULL, NULL, DBUS_OP_WRITE, address, value); } if (status != DBUS_STATUS_SUCCESS) { LOG_ERROR("dbus_write failed write 0x%" PRIx64 " to 0x%x; status=%d\n", value, address, status); } } static uint32_t dtminfo_read(struct target *target) { struct scan_field field; uint8_t in[4]; jtag_add_ir_scan(target->tap, &select_dtminfo, TAP_IDLE); field.num_bits = 32; field.out_value = NULL; field.in_value = in; jtag_add_dr_scan(target->tap, 1, &field, TAP_IDLE); int retval = jtag_execute_queue(); if (retval != ERROR_OK) { LOG_ERROR("dtminfo_read failed jtag scan"); return retval; } /* Always return to dbus. */ jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); return buf_get_u32(field.in_value, 0, 32); } static uint32_t dram_read32(struct target *target, unsigned int index) { uint16_t address = dram_address(index); uint32_t value = dbus_read(target, address); return value; } static void dram_write32(struct target *target, unsigned int index, uint32_t value, bool set_interrupt) { uint64_t dbus_value = DMCONTROL_HALTNOT | value; if (set_interrupt) dbus_value |= DMCONTROL_INTERRUPT; dbus_write(target, dram_address(index), dbus_value); } /** Read the haltnot and interrupt bits. */ static bits_t read_bits(struct target *target) { uint64_t value; dbus_status_t status; uint16_t address_in; do { do { status = dbus_scan(target, &address_in, &value, DBUS_OP_READ, 0, 0); } while (status == DBUS_STATUS_BUSY); } while (address_in > 0x10 && address_in != DMCONTROL); bits_t result = { .haltnot = get_field(value, DMCONTROL_HALTNOT), .interrupt = get_field(value, DMCONTROL_INTERRUPT) }; return result; } static int wait_for_debugint_clear(struct target *target, bool ignore_first) { time_t start = time(NULL); if (ignore_first) { // Throw away the results of the first read, since they'll contain the // result of the read that happened just before debugint was set. // (Assuming the last scan before calling this function was one that // sets debugint.) read_bits(target); } while (1) { bits_t bits = read_bits(target); if (!bits.interrupt) { return ERROR_OK; } if (time(NULL) - start > 2) { LOG_ERROR("Timed out waiting for debug int to clear."); return ERROR_FAIL; } } } static int dram_check32(struct target *target, unsigned int index, uint32_t expected) { uint16_t address = dram_address(index); uint32_t actual = dbus_read(target, address); if (expected != actual) { LOG_ERROR("Wrote 0x%x to Debug RAM at %d, but read back 0x%x", expected, index, actual); return ERROR_FAIL; } return ERROR_OK; } static void cache_set(struct target *target, unsigned int index, uint32_t data) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (info->dram_cache[index].valid && info->dram_cache[index].data == data) { // This is already preset on the target. LOG_DEBUG("Cache hit at 0x%x for data 0x%x", index, data); return; } info->dram_cache[index].data = data; info->dram_cache[index].valid = true; info->dram_cache[index].dirty = true; } static void cache_set_jump(struct target *target, unsigned int index) { cache_set(target, index, jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*index)))); } static void dump_debug_ram(struct target *target) { for (unsigned int i = 0; i < 16; i++) { uint32_t value = dram_read32(target, i); LOG_ERROR("Debug RAM 0x%x: 0x%08x", i, value); } } /* Call this if the code you just ran writes to debug RAM entries 0 through 3. */ static void cache_invalidate(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) { info->dram_cache[i].valid = false; info->dram_cache[i].dirty = false; } } /* Called by cache_write() after the program has run. Also call this if you're * running programs without calling cache_write(). */ static void cache_clean(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) { if (i >= 4) { info->dram_cache[i].valid = false; } else { info->dram_cache[i].dirty = false; } } } static int cache_check(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; int error = 0; for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) { if (info->dram_cache[i].valid && !info->dram_cache[i].dirty) { if (dram_check32(target, i, info->dram_cache[i].data) != ERROR_OK) { error++; } } } if (error) { dump_debug_ram(target); return ERROR_FAIL; } return ERROR_OK; } /** Write cache to the target, and optionally run the program. */ static int cache_write(struct target *target, unsigned int address, bool run) { LOG_DEBUG("enter"); riscv_info_t *info = (riscv_info_t *) target->arch_info; uint8_t in[(DRAM_CACHE_SIZE + 2) * 8] = {0}; uint8_t out[(DRAM_CACHE_SIZE + 2) * 8]; struct scan_field field[DRAM_CACHE_SIZE + 2]; unsigned int last = DRAM_CACHE_SIZE; for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) { if (info->dram_cache[i].dirty) { assert(i < info->dramsize); last = i; } } unsigned int scan = 0; if (last == DRAM_CACHE_SIZE) { // Nothing needs to be written to RAM. dbus_write(target, DMCONTROL, DMCONTROL_HALTNOT | DMCONTROL_INTERRUPT); } else { for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) { if (info->dram_cache[i].dirty) { uint64_t data = DMCONTROL_HALTNOT | info->dram_cache[i].data; if (i == last && run) { data |= DMCONTROL_INTERRUPT; } add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, i, data); scan++; } } } // Throw away the results of the first read, since it'll contain the result // of the read that happened just before debugint was set. add_dbus_scan(target, &field[scan], out + 8*scan, NULL, DBUS_OP_READ, address, DMCONTROL_HALTNOT); scan++; // This scan contains the results of the read the caller requested, as well // as an interrupt bit worth looking at. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_READ, address, DMCONTROL_HALTNOT); scan++; int retval = jtag_execute_queue(); if (retval != ERROR_OK) { LOG_ERROR("JTAG execute failed."); return retval; } int errors = 0; for (unsigned int i = 0; i < scan; i++) { dbus_status_t status = buf_get_u32(in + 8*i, DBUS_OP_START, DBUS_OP_SIZE); switch (status) { case DBUS_STATUS_SUCCESS: break; case DBUS_STATUS_NO_WRITE: LOG_ERROR("Got no-write response to unconditional write. Hardware error?"); return ERROR_FAIL; case DBUS_STATUS_FAILED: LOG_ERROR("Debug RAM write failed. Hardware error?"); return ERROR_FAIL; case DBUS_STATUS_BUSY: errors++; break; } LOG_DEBUG("read scan=%d result=%d data=%09" PRIx64 " address=%02x", i, buf_get_u32(in + 8*i, DBUS_OP_START, DBUS_OP_SIZE), buf_get_u64(in + 8*i, DBUS_DATA_START, DBUS_DATA_SIZE), buf_get_u32(in + 8*i, DBUS_ADDRESS_START, info->addrbits)); } if (errors) { increase_dbus_busy_delay(target); // Try again, using the slow careful code. for (unsigned int i = 0; i < DRAM_CACHE_SIZE; i++) { if (i == last && run) { dram_write32(target, last, info->dram_cache[last].data, true); } else { dram_write32(target, i, info->dram_cache[i].data, false); } info->dram_cache[i].dirty = false; } cache_clean(target); if (wait_for_debugint_clear(target, true) != ERROR_OK) { LOG_ERROR("Debug interrupt didn't clear."); dump_debug_ram(target); return ERROR_FAIL; } } else { cache_clean(target); int interrupt = buf_get_u32(in + 8*(scan-1), DBUS_DATA_START + 33, 1); if (interrupt) { increase_interrupt_high_delay(target); // Slow path wait for it to clear. if (wait_for_debugint_clear(target, false) != ERROR_OK) { LOG_ERROR("Debug interrupt didn't clear."); dump_debug_ram(target); return ERROR_FAIL; } } else { // We read a useful value in that last scan. unsigned int read_addr = buf_get_u32(in + 8*(scan-1), DBUS_ADDRESS_START, info->addrbits); if (read_addr != address) { LOG_INFO("Got data from 0x%x but expected it from 0x%x", read_addr, address); } info->dram_cache[read_addr].data = buf_get_u64(in + 8*(scan-1), DBUS_DATA_START, DBUS_DATA_SIZE); info->dram_cache[read_addr].valid = true; } } LOG_DEBUG("exit"); return ERROR_OK; } uint32_t cache_get32(struct target *target, unsigned int address) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (!info->dram_cache[address].valid) { info->dram_cache[address].data = dram_read32(target, address); info->dram_cache[address].valid = true; } return info->dram_cache[address].data; } /* Write instruction that jumps from the specified word in Debug RAM to resume * in Debug ROM. */ static void dram_write_jump(struct target *target, unsigned int index, bool set_interrupt) { dram_write32(target, index, jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*index))), set_interrupt); } static int wait_for_state(struct target *target, enum target_state state) { time_t start = time(NULL); while (1) { int result = riscv_poll(target); if (result != ERROR_OK) { return result; } if (target->state == state) { return ERROR_OK; } if (time(NULL) - start > 2) { LOG_ERROR("Timed out waiting for state %d.", state); return ERROR_FAIL; } } } static int read_csr(struct target *target, uint32_t *value, uint32_t csr) { cache_set(target, 0, csrr(S0, csr)); cache_set(target, 1, sw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set_jump(target, 2); if (cache_write(target, 4, true) != ERROR_OK) { return ERROR_FAIL; } *value = cache_get32(target, 4); return ERROR_OK; } static int write_csr(struct target *target, uint32_t csr, uint32_t value) { cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, csrw(S0, csr)); cache_set_jump(target, 2); cache_set(target, 4, value); if (cache_write(target, 4, true) != ERROR_OK) { return ERROR_FAIL; } return ERROR_OK; } static int write_gpr(struct target *target, unsigned int gpr, uint32_t value) { cache_set(target, 0, lw(gpr, ZERO, DEBUG_RAM_START + 16)); cache_set_jump(target, 1); cache_set(target, 4, value); if (cache_write(target, 4, true) != ERROR_OK) { return ERROR_FAIL; } return ERROR_OK; } static int resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution, bool step) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (!current) { if (info->xlen > 32) { LOG_WARNING("Asked to resume at 32-bit PC on %d-bit target.", info->xlen); } LOG_ERROR("TODO: current is false"); return ERROR_FAIL; } if (handle_breakpoints) { LOG_ERROR("TODO: handle_breakpoints is true"); return ERROR_FAIL; } if (debug_execution) { LOG_ERROR("TODO: debug_execution is true"); return ERROR_FAIL; } // TODO: check if dpc is dirty (which also is true if an exception was hit // at any time) cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, csrw(S0, CSR_DPC)); cache_set_jump(target, 2); cache_set(target, 4, info->dpc); if (cache_write(target, 4, true) != ERROR_OK) { return ERROR_FAIL; } info->dcsr |= DCSR_EBREAKM | DCSR_EBREAKH | DCSR_EBREAKS | DCSR_EBREAKU; info->dcsr &= ~DCSR_HALT; if (step) { info->dcsr |= DCSR_STEP; } else { info->dcsr &= ~DCSR_STEP; } dram_write32(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16), false); dram_write32(target, 1, csrw(S0, CSR_DCSR), false); dram_write32(target, 2, fence_i(), false); dram_write_jump(target, 3, false); // Write DCSR value, set interrupt and clear haltnot. uint64_t dbus_value = DMCONTROL_INTERRUPT | info->dcsr; dbus_write(target, dram_address(4), dbus_value); cache_invalidate(target); if (wait_for_debugint_clear(target, true) != ERROR_OK) { LOG_ERROR("Debug interrupt didn't clear."); return ERROR_FAIL; } target->state = TARGET_RUNNING; for (unsigned int i = 0; i < 32; i++) { info->gpr_cache[i] = 0xbadbad; } return ERROR_OK; } /** Update register sizes based on xlen. */ static void update_reg_list(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (info->reg_values) { free(info->reg_values); } info->reg_values = malloc(REG_COUNT * info->xlen / 4); for (unsigned int i = 0; i < REG_COUNT; i++) { struct reg *r = &info->reg_list[i]; r->value = info->reg_values + i * info->xlen / 4; if (r->dirty) { LOG_ERROR("Register %d was dirty. Its value is lost.", i); } if (i == REG_PRIV) { r->size = 8; } else { r->size = info->xlen; } r->valid = false; } } /*** OpenOCD target functions. ***/ static int register_get(struct reg *reg) { struct target *target = (struct target *) reg->arch_info; riscv_info_t *info = (riscv_info_t *) target->arch_info; if (reg->number <= REG_XPR31) { buf_set_u64(reg->value, 0, info->xlen, info->gpr_cache[reg->number]); LOG_DEBUG("%s=0x%x", reg->name, info->gpr_cache[reg->number]); return ERROR_OK; } else if (reg->number == REG_PC) { buf_set_u32(reg->value, 0, 32, info->dpc); LOG_DEBUG("%s=0x%x (cached)", reg->name, info->dpc); return ERROR_OK; } else if (reg->number >= REG_FPR0 && reg->number <= REG_FPR31) { cache_set(target, 0, fsw(reg->number - REG_FPR0, 0, DEBUG_RAM_START + 16)); cache_set_jump(target, 1); } else if (reg->number >= REG_CSR0 && reg->number <= REG_CSR4095) { cache_set(target, 0, csrr(S0, reg->number - REG_CSR0)); cache_set(target, 1, sw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set_jump(target, 2); } else if (reg->number == REG_PRIV) { buf_set_u64(reg->value, 0, 8, get_field(info->dcsr, DCSR_PRV)); LOG_DEBUG("%s=%d (cached)", reg->name, get_field(info->dcsr, DCSR_PRV)); return ERROR_OK; } else { LOG_ERROR("Don't know how to read register %d (%s)", reg->number, reg->name); return ERROR_FAIL; } if (cache_write(target, 4, true) != ERROR_OK) { return ERROR_FAIL; } uint32_t value = cache_get32(target, 4); if (reg->number < 32 && info->gpr_cache[reg->number] != value) { LOG_ERROR("cached value for %s is 0x%x but just read 0x%x", reg->name, info->gpr_cache[reg->number], value); assert(info->gpr_cache[reg->number] == value); } uint32_t exception = cache_get32(target, info->dramsize-1); if (exception) { LOG_ERROR("Got exception 0x%x when reading register %d", exception, reg->number); return ERROR_FAIL; } LOG_DEBUG("%s=0x%x", reg->name, value); buf_set_u32(reg->value, 0, 32, value); return ERROR_OK; } static int register_write(struct target *target, unsigned int number, uint32_t value) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (number == S0) { cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, csrw(S0, CSR_DSCRATCH)); cache_set_jump(target, 2); } else if (number == S1) { cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, sw(S0, ZERO, DEBUG_RAM_START + 4 * info->dramsize - 4)); cache_set_jump(target, 2); } else if (number <= REG_XPR31) { cache_set(target, 0, lw(number - REG_XPR0, ZERO, DEBUG_RAM_START + 16)); cache_set_jump(target, 1); } else if (number == REG_PC) { info->dpc = value; return ERROR_OK; } else if (number >= REG_FPR0 && number <= REG_FPR31) { cache_set(target, 0, flw(number - REG_FPR0, 0, DEBUG_RAM_START + 16)); cache_set_jump(target, 1); } else if (number >= REG_CSR0 && number <= REG_CSR4095) { cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, csrw(S0, number - REG_CSR0)); cache_set_jump(target, 2); } else if (number == REG_PRIV) { info->dcsr = set_field(info->dcsr, DCSR_PRV, value); return ERROR_OK; } else { LOG_ERROR("Don't know how to read register %d", number); return ERROR_FAIL; } cache_set(target, 4, value); if (cache_write(target, 4, true) != ERROR_OK) { return ERROR_FAIL; } return ERROR_OK; } static int register_set(struct reg *reg, uint8_t *buf) { struct target *target = (struct target *) reg->arch_info; riscv_info_t *info = (riscv_info_t *) target->arch_info; uint32_t value = buf_get_u32(buf, 0, 32); LOG_DEBUG("write 0x%x to %s", value, reg->name); if (reg->number <= REG_XPR31) { info->gpr_cache[reg->number] = value; } return register_write(target, reg->number, value); } static struct reg_arch_type riscv_reg_arch_type = { .get = register_get, .set = register_set }; static int riscv_init_target(struct command_context *cmd_ctx, struct target *target) { LOG_DEBUG("riscv_init_target()"); target->arch_info = calloc(1, sizeof(riscv_info_t)); if (!target->arch_info) return ERROR_FAIL; riscv_info_t *info = (riscv_info_t *) target->arch_info; select_dtminfo.num_bits = target->tap->ir_length; select_dbus.num_bits = target->tap->ir_length; select_debug.num_bits = target->tap->ir_length; const unsigned int max_reg_name_len = 12; info->reg_list = calloc(REG_COUNT, sizeof(struct reg)); info->reg_names = calloc(1, REG_COUNT * max_reg_name_len); char *reg_name = info->reg_names; info->reg_values = NULL; for (unsigned int i = 0; i < REG_COUNT; i++) { struct reg *r = &info->reg_list[i]; r->number = i; r->caller_save = true; r->dirty = false; r->valid = false; r->exist = true; r->type = &riscv_reg_arch_type; r->arch_info = target; if (i <= REG_XPR31) { sprintf(reg_name, "x%d", i); } else if (i == REG_PC) { sprintf(reg_name, "pc"); } else if (i >= REG_FPR0 && i <= REG_FPR31) { sprintf(reg_name, "f%d", i - REG_FPR0); } else if (i >= REG_CSR0 && i <= REG_CSR4095) { sprintf(reg_name, "csr%d", i - REG_CSR0); } else if (i == REG_PRIV) { sprintf(reg_name, "priv"); } if (reg_name[0]) { r->name = reg_name; } reg_name += strlen(reg_name) + 1; assert(reg_name < info->reg_names + REG_COUNT * max_reg_name_len); } update_reg_list(target); memset(info->hwbp_unique_id, 0xff, sizeof(info->hwbp_unique_id)); return ERROR_OK; } static void riscv_deinit_target(struct target *target) { LOG_DEBUG("riscv_deinit_target()"); riscv_info_t *info = (riscv_info_t *) target->arch_info; free(info); target->arch_info = NULL; } static int riscv_halt(struct target *target) { LOG_DEBUG("riscv_halt()"); jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); cache_set(target, 0, csrsi(CSR_DCSR, DCSR_HALT)); cache_set(target, 1, csrr(S0, CSR_MHARTID)); cache_set(target, 2, sw(S0, ZERO, SETHALTNOT)); cache_set_jump(target, 3); if (cache_write(target, 4, true) != ERROR_OK) { LOG_ERROR("cache_write() failed."); return ERROR_FAIL; } return ERROR_OK; } static int riscv_step(struct target *target, int current, uint32_t address, int handle_breakpoints) { jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); return resume(target, current, address, handle_breakpoints, 0, true); } static int riscv_examine(struct target *target) { LOG_DEBUG("riscv_examine()"); if (target_was_examined(target)) { return ERROR_OK; } // Don't need to select dbus, since the first thing we do is read dtminfo. uint32_t dtminfo = dtminfo_read(target); LOG_DEBUG("dtminfo=0x%x", dtminfo); LOG_DEBUG(" addrbits=%d", get_field(dtminfo, DTMINFO_ADDRBITS)); LOG_DEBUG(" version=%d", get_field(dtminfo, DTMINFO_VERSION)); // TODO: Add support for the idle field, once it's implemented in the FPGA // image. if (dtminfo == 0) { LOG_ERROR("dtminfo is 0. Check JTAG connectivity/board power."); return ERROR_FAIL; } if (get_field(dtminfo, DTMINFO_VERSION) != 0) { LOG_ERROR("Unsupported DTM version %d. (dtminfo=0x%x)", get_field(dtminfo, DTMINFO_VERSION), dtminfo); return ERROR_FAIL; } riscv_info_t *info = (riscv_info_t *) target->arch_info; info->addrbits = get_field(dtminfo, DTMINFO_ADDRBITS); uint32_t dminfo = dbus_read(target, DMINFO); LOG_DEBUG("dminfo: 0x%08x", dminfo); LOG_DEBUG(" abussize=0x%x", get_field(dminfo, DMINFO_ABUSSIZE)); LOG_DEBUG(" serialcount=0x%x", get_field(dminfo, DMINFO_SERIALCOUNT)); LOG_DEBUG(" access128=%d", get_field(dminfo, DMINFO_ACCESS128)); LOG_DEBUG(" access64=%d", get_field(dminfo, DMINFO_ACCESS64)); LOG_DEBUG(" access32=%d", get_field(dminfo, DMINFO_ACCESS32)); LOG_DEBUG(" access16=%d", get_field(dminfo, DMINFO_ACCESS16)); LOG_DEBUG(" access8=%d", get_field(dminfo, DMINFO_ACCESS8)); LOG_DEBUG(" dramsize=0x%x", get_field(dminfo, DMINFO_DRAMSIZE)); LOG_DEBUG(" authenticated=0x%x", get_field(dminfo, DMINFO_AUTHENTICATED)); LOG_DEBUG(" authbusy=0x%x", get_field(dminfo, DMINFO_AUTHBUSY)); LOG_DEBUG(" authtype=0x%x", get_field(dminfo, DMINFO_AUTHTYPE)); LOG_DEBUG(" version=0x%x", get_field(dminfo, DMINFO_VERSION)); if (get_field(dminfo, DMINFO_VERSION) != 1) { LOG_ERROR("OpenOCD only supports Debug Module version 1, not %d " "(dminfo=0x%x)", get_field(dminfo, DMINFO_VERSION), dminfo); return ERROR_FAIL; } info->dramsize = get_field(dminfo, DMINFO_DRAMSIZE) + 1; if (get_field(dminfo, DMINFO_AUTHTYPE) != 0) { LOG_ERROR("Authentication required by RISC-V core but not " "supported by OpenOCD. dminfo=0x%x", dminfo); return ERROR_FAIL; } // Figure out XLEN. cache_set(target, 0, xori(S1, ZERO, -1)); // 0xffffffff 0xffffffff:ffffffff 0xffffffff:ffffffff:ffffffff:ffffffff cache_set(target, 1, srli(S1, S1, 31)); // 0x00000001 0x00000001:ffffffff 0x00000001:ffffffff:ffffffff:ffffffff cache_set(target, 2, sw(S1, ZERO, DEBUG_RAM_START)); cache_set(target, 3, srli(S1, S1, 31)); // 0x00000000 0x00000000:00000003 0x00000000:00000003:ffffffff:ffffffff cache_set(target, 4, sw(S1, ZERO, DEBUG_RAM_START + 4)); cache_set_jump(target, 5); cache_write(target, 0, false); // Check that we can actually read/write dram. if (cache_check(target) != ERROR_OK) { return ERROR_FAIL; } cache_write(target, 0, true); cache_invalidate(target); uint32_t word0 = cache_get32(target, 0); uint32_t word1 = cache_get32(target, 1); if (word0 == 1 && word1 == 0) { info->xlen = 32; } else if (word0 == 0xffffffff && word1 == 3) { info->xlen = 64; } else if (word0 == 0xffffffff && word1 == 0xffffffff) { info->xlen = 128; } else { uint32_t exception = cache_get32(target, info->dramsize-1); LOG_ERROR("Failed to discover xlen; word0=0x%x, word1=0x%x, exception=0x%x", word0, word1, exception); dump_debug_ram(target); return ERROR_FAIL; } LOG_DEBUG("Discovered XLEN is %d", info->xlen); // Update register list to match discovered XLEN. update_reg_list(target); target_set_examined(target); //write_constants(target); //light_leds(target); //dram_test(target); //test_s1(target); return ERROR_OK; } static riscv_error_t handle_halt_routine(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; const unsigned int max_scan = 256; uint8_t *in = malloc(max_scan * 8); uint8_t *out = malloc(max_scan * 8); struct scan_field *field = calloc(max_scan, sizeof(struct scan_field)); unsigned int scan = 0; // Read all GPRs as fast as we can, because gdb is going to ask for them // anyway. Reading them one at a time is much slower. // TODO // Write the jump back to address 1. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, 1, DMCONTROL_HALTNOT | jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*1)))); scan++; for (int reg = 1; reg < 32; reg++) { if (reg == S0 || reg == S1) { continue; } // Write store instruction. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, 0, DMCONTROL_INTERRUPT | DMCONTROL_HALTNOT | sw(reg, ZERO, DEBUG_RAM_START + 16)); scan++; // Read value. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_READ, 4, DMCONTROL_HALTNOT); scan++; assert(scan < max_scan); } // Write store of s0 at index 1. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, 1, DMCONTROL_HALTNOT | sw(S0, ZERO, DEBUG_RAM_START + 16)); scan++; // Write jump at index 2. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, 2, DMCONTROL_HALTNOT | jal(0, (uint32_t) (DEBUG_ROM_RESUME - (DEBUG_RAM_START + 4*2)))); cache_set(target, 0, csrr(S0, CSR_DSCRATCH)); scan++; // Read S1 from debug RAM add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, 0, DMCONTROL_INTERRUPT | DMCONTROL_HALTNOT | lw(S0, ZERO, DEBUG_RAM_START + 4 * info->dramsize - 4)); scan++; // Read value. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_READ, 4, DMCONTROL_HALTNOT); scan++; // Read S0 from dscratch unsigned int csr[] = {CSR_DSCRATCH, CSR_DPC, CSR_DCSR}; for (unsigned int i = 0; i < DIM(csr); i++) { add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_WRITE, 0, DMCONTROL_INTERRUPT | DMCONTROL_HALTNOT | csrr(S0, csr[i])); scan++; // Read value. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_READ, 4, DMCONTROL_HALTNOT); scan++; assert(scan < max_scan); } // Final read to get the last value out. add_dbus_scan(target, &field[scan], out + 8*scan, in + 8*scan, DBUS_OP_READ, 4, DMCONTROL_HALTNOT); scan++; assert(scan < max_scan); int retval = jtag_execute_queue(); if (retval != ERROR_OK) { LOG_ERROR("JTAG execute failed: %d", retval); goto error; } unsigned int dbus_busy = 0; unsigned int interrupt_set = 0; unsigned result = 0; info->gpr_cache[0] = 0; // The first scan result is the result from something old we don't care // about. for (unsigned int i = 1; i < scan && dbus_busy == 0; i++) { dbus_status_t status = buf_get_u32(in + 8*i, DBUS_OP_START, DBUS_OP_SIZE); uint64_t data = buf_get_u64(in + 8*i, DBUS_DATA_START, DBUS_DATA_SIZE); uint32_t address = buf_get_u32(in + 8*i, DBUS_ADDRESS_START, info->addrbits); LOG_DEBUG("read scan=%d result=%d data=%09" PRIx64 " address=%02x", i, status, data, address); switch (status) { case DBUS_STATUS_SUCCESS: break; case DBUS_STATUS_NO_WRITE: LOG_ERROR("Got no-write response without conditional write. Hardware error?"); goto error; case DBUS_STATUS_FAILED: LOG_ERROR("Debug access failed. Hardware error?"); goto error; case DBUS_STATUS_BUSY: dbus_busy++; break; } if (data & DMCONTROL_INTERRUPT) { interrupt_set++; break; } if (address == 4) { switch (result) { case 0: info->gpr_cache[1] = data; break; case 1: info->gpr_cache[2] = data; break; case 2: info->gpr_cache[3] = data; break; case 3: info->gpr_cache[4] = data; break; case 4: info->gpr_cache[5] = data; break; case 5: info->gpr_cache[6] = data; break; case 6: info->gpr_cache[7] = data; break; // S0 // S1 case 7: info->gpr_cache[10] = data; break; case 8: info->gpr_cache[11] = data; break; case 9: info->gpr_cache[12] = data; break; case 10: info->gpr_cache[13] = data; break; case 11: info->gpr_cache[14] = data; break; case 12: info->gpr_cache[15] = data; break; case 13: info->gpr_cache[16] = data; break; case 14: info->gpr_cache[17] = data; break; case 15: info->gpr_cache[18] = data; break; case 16: info->gpr_cache[19] = data; break; case 17: info->gpr_cache[20] = data; break; case 18: info->gpr_cache[21] = data; break; case 19: info->gpr_cache[22] = data; break; case 20: info->gpr_cache[23] = data; break; case 21: info->gpr_cache[24] = data; break; case 22: info->gpr_cache[25] = data; break; case 23: info->gpr_cache[26] = data; break; case 24: info->gpr_cache[27] = data; break; case 25: info->gpr_cache[28] = data; break; case 26: info->gpr_cache[29] = data; break; case 27: info->gpr_cache[30] = data; break; case 28: info->gpr_cache[31] = data; break; case 29: info->gpr_cache[S1] = data; break; case 30: info->gpr_cache[S0] = data; break; case 31: info->dpc = data; break; case 32: info->dcsr = data; break; default: assert(0); } result++; } } free(in); free(out); free(field); cache_invalidate(target); if (dbus_busy) { increase_dbus_busy_delay(target); return RE_AGAIN; } if (interrupt_set) { increase_interrupt_high_delay(target); return RE_AGAIN; } return RE_OK; error: free(in); free(out); free(field); return RE_FAIL; } static int handle_halt(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; target->state = TARGET_HALTED; riscv_error_t re; do { re = handle_halt_routine(target); } while (re == RE_AGAIN); if (re != RE_OK) { LOG_ERROR("handle_halt_routine failed"); return ERROR_FAIL; } int cause = get_field(info->dcsr, DCSR_CAUSE); LOG_DEBUG("halt cause is %d; dcsr=0x%x", cause, info->dcsr); switch (cause) { case DCSR_CAUSE_SWBP: case DCSR_CAUSE_HWBP: target->debug_reason = DBG_REASON_BREAKPOINT; break; case DCSR_CAUSE_DEBUGINT: target->debug_reason = DBG_REASON_DBGRQ; break; case DCSR_CAUSE_STEP: target->debug_reason = DBG_REASON_SINGLESTEP; break; case DCSR_CAUSE_HALT: default: LOG_ERROR("Invalid halt cause %d in DCSR (0x%x)", cause, info->dcsr); } target_call_event_callbacks(target, TARGET_EVENT_HALTED); LOG_DEBUG("halted at 0x%x", info->dpc); return ERROR_OK; } static int riscv_poll(struct target *target) { jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); bits_t bits = read_bits(target); if (bits.haltnot && bits.interrupt) { target->state = TARGET_DEBUG_RUNNING; LOG_DEBUG("debug running"); } else if (bits.haltnot && !bits.interrupt) { if (target->state != TARGET_HALTED) { return handle_halt(target); } } else if (!bits.haltnot && bits.interrupt) { // Target is halting. There is no state for that, so don't change anything. LOG_DEBUG("halting"); } else if (!bits.haltnot && !bits.interrupt) { target->state = TARGET_RUNNING; LOG_DEBUG("running"); } return ERROR_OK; } static int riscv_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution) { jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); return resume(target, current, address, handle_breakpoints, debug_execution, false); } static int riscv_assert_reset(struct target *target) { riscv_info_t *info = (riscv_info_t *) target->arch_info; // TODO: Maybe what I implemented here is more like soft_reset_halt()? jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); // The only assumption we can make is that the TAP was reset. if (wait_for_debugint_clear(target, true) != ERROR_OK) { LOG_ERROR("Debug interrupt didn't clear."); return ERROR_FAIL; } // Not sure what we should do when there are multiple cores. // Here just reset the single hart we're talking to. info->dcsr |= DCSR_EBREAKM | DCSR_EBREAKH | DCSR_EBREAKS | DCSR_EBREAKU | DCSR_HALT; if (target->reset_halt) { info->dcsr |= DCSR_NDRESET; } else { info->dcsr |= DCSR_FULLRESET; } dram_write32(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16), false); dram_write32(target, 1, csrw(S0, CSR_DCSR), false); // We shouldn't actually need the jump because a reset should happen. dram_write_jump(target, 2, false); dram_write32(target, 4, info->dcsr, true); cache_invalidate(target); target->state = TARGET_RESET; return ERROR_OK; } static int riscv_deassert_reset(struct target *target) { jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); if (target->reset_halt) { return wait_for_state(target, TARGET_HALTED); } else { return wait_for_state(target, TARGET_RUNNING); } } static int riscv_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer) { jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); switch (size) { case 1: cache_set(target, 1, lb(S1, S0, 0)); cache_set(target, 2, sw(S1, ZERO, DEBUG_RAM_START + 16)); break; case 2: cache_set(target, 1, lh(S1, S0, 0)); cache_set(target, 2, sw(S1, ZERO, DEBUG_RAM_START + 16)); break; case 4: cache_set(target, 1, lw(S1, S0, 0)); cache_set(target, 2, sw(S1, ZERO, DEBUG_RAM_START + 16)); break; default: LOG_ERROR("Unsupported size: %d", size); return ERROR_FAIL; } cache_set_jump(target, 3); cache_write(target, 4, false); riscv_info_t *info = (riscv_info_t *) target->arch_info; const int max_batch_size = 256; uint8_t *in = malloc(max_batch_size * 8); uint8_t *out = malloc(max_batch_size * 8); struct scan_field *field = calloc(max_batch_size, sizeof(struct scan_field)); uint32_t result_value = 0x777; uint32_t i = 0; while (i < count + 3) { unsigned int batch_size = MIN(count + 3 - i, max_batch_size); for (unsigned int j = 0; j < batch_size; j++) { if (i + j == count) { // Just insert a read so we can scan out the last value. add_dbus_scan(target, &field[j], out + 8*j, in + 8*j, DBUS_OP_READ, 4, DMCONTROL_HALTNOT); } else if (i + j >= count + 1) { // And check for errors. add_dbus_scan(target, &field[j], out + 8*j, in + 8*j, DBUS_OP_READ, info->dramsize-1, DMCONTROL_HALTNOT); } else { // Write the next address and set interrupt. uint32_t offset = size * (i + j); add_dbus_scan(target, &field[j], out + 8*j, in + 8*j, DBUS_OP_WRITE, 4, DMCONTROL_HALTNOT | DMCONTROL_INTERRUPT | (address + offset)); } } int retval = jtag_execute_queue(); if (retval != ERROR_OK) { LOG_ERROR("JTAG execute failed: %d", retval); goto error; } int dbus_busy = 0; for (unsigned int j = 0; j < batch_size; j++) { dbus_status_t status = buf_get_u32(in + 8*j, DBUS_OP_START, DBUS_OP_SIZE); switch (status) { case DBUS_STATUS_SUCCESS: break; case DBUS_STATUS_NO_WRITE: LOG_ERROR("Got no-write status without conditional write."); goto error; case DBUS_STATUS_FAILED: LOG_ERROR("Debug RAM write failed. Hardware error?"); goto error; case DBUS_STATUS_BUSY: dbus_busy++; break; } uint64_t data = buf_get_u64(in + 8*j, DBUS_DATA_START, DBUS_DATA_SIZE); if (i + j == count + 2) { result_value = data; } else if (i + j > 1) { uint32_t offset = size * (i + j - 2); switch (size) { case 1: buffer[offset] = data; break; case 2: buffer[offset] = data; buffer[offset+1] = data >> 8; break; case 4: buffer[offset] = data; buffer[offset+1] = data >> 8; buffer[offset+2] = data >> 16; buffer[offset+3] = data >> 24; break; } } LOG_DEBUG("j=%d status=%d data=%09" PRIx64, j, status, data); } if (dbus_busy) { increase_dbus_busy_delay(target); wait_for_debugint_clear(target, false); // Retry. LOG_INFO("Retrying memory read starting from 0x%x with more delays", address + size * i); } else { i += batch_size; } } if (result_value != 0) { LOG_ERROR("Core got an exception (0x%x) while reading from 0x%x", result_value, address + size * (count-1)); if (count > 1) { LOG_ERROR("(It may have failed between 0x%x and 0x%x as well, but we " "didn't check then.)", address, address + size * (count-2) + size - 1); } goto error; } free(in); free(out); free(field); cache_clean(target); return ERROR_OK; error: free(in); free(out); free(field); cache_clean(target); return ERROR_FAIL; } static int setup_write_memory(struct target *target, uint32_t size) { switch (size) { case 1: cache_set(target, 0, lb(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, sb(S0, T0, 0)); break; case 2: cache_set(target, 0, lh(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, sh(S0, T0, 0)); break; case 4: cache_set(target, 0, lw(S0, ZERO, DEBUG_RAM_START + 16)); cache_set(target, 1, sw(S0, T0, 0)); break; default: LOG_ERROR("Unsupported size: %d", size); return ERROR_FAIL; } cache_set(target, 2, addi(T0, T0, size)); cache_set_jump(target, 3); cache_write(target, 4, false); return ERROR_OK; } static int riscv_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, const uint8_t *buffer) { riscv_info_t *info = (riscv_info_t *) target->arch_info; jtag_add_ir_scan(target->tap, &select_dbus, TAP_IDLE); // Set up the address. cache_set(target, 0, sw(T0, ZERO, DEBUG_RAM_START + 20)); cache_set(target, 1, lw(T0, ZERO, DEBUG_RAM_START + 16)); cache_set_jump(target, 2); cache_set(target, 4, address); if (cache_write(target, 5, true) != ERROR_OK) { return ERROR_FAIL; } uint32_t t0 = cache_get32(target, 5); if (setup_write_memory(target, size) != ERROR_OK) { return ERROR_FAIL; } const int max_batch_size = 256; uint8_t *in = malloc(max_batch_size * 8); uint8_t *out = malloc(max_batch_size * 8); struct scan_field *field = calloc(max_batch_size, sizeof(struct scan_field)); uint32_t result_value = 0x777; uint32_t i = 0; while (i < count + 2) { unsigned int batch_size = MIN(count + 2 - i, max_batch_size); for (unsigned int j = 0; j < batch_size; j++) { if (i + j >= count) { // Check for an exception. add_dbus_scan(target, &field[j], out + 8*j, in + 8*j, DBUS_OP_READ, info->dramsize-1, DMCONTROL_HALTNOT | 0); } else { // Write the next value and set interrupt. uint32_t value; uint32_t offset = size * (i + j); switch (size) { case 1: value = buffer[offset]; break; case 2: value = buffer[offset] | (buffer[offset+1] << 8); break; case 4: value = buffer[offset] | ((uint32_t) buffer[offset+1] << 8) | ((uint32_t) buffer[offset+2] << 16) | ((uint32_t) buffer[offset+3] << 24); break; default: goto error; } add_dbus_scan(target, &field[j], out + 8*j, in + 8*j, DBUS_OP_CONDITIONAL_WRITE, 4, DMCONTROL_HALTNOT | DMCONTROL_INTERRUPT | value); } } int retval = jtag_execute_queue(); if (retval != ERROR_OK) { LOG_ERROR("JTAG execute failed: %d", retval); goto error; } int dbus_busy = 0; int execute_busy = 0; for (unsigned int j = 0; j < batch_size; j++) { dbus_status_t status = buf_get_u32(in + 8*j, DBUS_OP_START, DBUS_OP_SIZE); switch (status) { case DBUS_STATUS_SUCCESS: break; case DBUS_STATUS_NO_WRITE: execute_busy++; break; case DBUS_STATUS_FAILED: LOG_ERROR("Debug RAM write failed. Hardware error?"); goto error; case DBUS_STATUS_BUSY: dbus_busy++; break; } uint64_t data = buf_get_u64(in + 8*j, DBUS_DATA_START, DBUS_DATA_SIZE); if (i + j == count + 1) { result_value = data; } LOG_DEBUG("j=%d status=%d data=%09" PRIx64, j, status, data); } if (dbus_busy) { increase_dbus_busy_delay(target); } if (execute_busy) { increase_interrupt_high_delay(target); } if (dbus_busy || execute_busy) { wait_for_debugint_clear(target, false); // Retry. // Set t0 back to what it should have been at the beginning of this // batch. LOG_INFO("Retrying memory write starting from 0x%x with more delays", address + size * i); cache_clean(target); if (write_gpr(target, T0, address + size * i) != ERROR_OK) { goto error; } if (setup_write_memory(target, size) != ERROR_OK) { goto error; } } else { i += batch_size; } } if (result_value != 0) { LOG_ERROR("Core got an exception (0x%x) while writing to 0x%x", result_value, address + size * (count-1)); if (count > 1) { LOG_ERROR("(It may have failed between 0x%x and 0x%x as well, but we " "didn't check then.)", address, address + size * (count-2) + size - 1); } goto error; } free(in); free(out); free(field); cache_clean(target); return register_write(target, T0, t0); error: free(in); free(out); free(field); cache_clean(target); return ERROR_FAIL; } static int riscv_get_gdb_reg_list(struct target *target, struct reg **reg_list[], int *reg_list_size, enum target_register_class reg_class) { riscv_info_t *info = (riscv_info_t *) target->arch_info; LOG_DEBUG("reg_class=%d", reg_class); switch (reg_class) { case REG_CLASS_GENERAL: *reg_list_size = 32; break; case REG_CLASS_ALL: *reg_list_size = REG_COUNT; break; default: LOG_ERROR("Unsupported reg_class: %d", reg_class); return ERROR_FAIL; } *reg_list = calloc(*reg_list_size, sizeof(struct reg *)); if (!*reg_list) { return ERROR_FAIL; } for (int i = 0; i < *reg_list_size; i++) { (*reg_list)[i] = &info->reg_list[i]; } return ERROR_OK; } int riscv_add_breakpoint(struct target *target, struct breakpoint *breakpoint) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (breakpoint->type == BKPT_SOFT) { if (target_read_memory(target, breakpoint->address, breakpoint->length, 1, breakpoint->orig_instr) != ERROR_OK) { LOG_ERROR("Failed to read original instruction at 0x%x", breakpoint->address); return ERROR_FAIL; } int retval; if (breakpoint->length == 4) { retval = target_write_u32(target, breakpoint->address, ebreak()); } else { retval = target_write_u16(target, breakpoint->address, ebreak_c()); } if (retval != ERROR_OK) { LOG_ERROR("Failed to write %d-byte breakpoint instruction at 0x%x", breakpoint->length, breakpoint->address); return ERROR_FAIL; } } else if (breakpoint->type == BKPT_HARD) { int i; uint32_t tdrdata1; uint32_t tdrselect, tdrselect_rb; for (i = 0; i < MAX_HWBPS; i++) { if (info->hwbp_unique_id[i] == ~0U) { // TODO 0x80000000 is a hack until the core supports proper // debug hwbps. tdrselect = 0x80000000 | i; write_csr(target, CSR_TDRSELECT, tdrselect); read_csr(target, &tdrselect_rb, CSR_TDRSELECT); if (tdrselect_rb != tdrselect) { // We've run out of breakpoints. LOG_ERROR("Couldn't find an available hardware breakpoint. " "(0x%x != 0x%x)", tdrselect, tdrselect_rb); return ERROR_TARGET_RESOURCE_NOT_AVAILABLE; } read_csr(target, &tdrdata1, CSR_TDRDATA1); if ((tdrdata1 >> (info->xlen - 4)) == 1) { break; } } } if (i >= MAX_HWBPS) { LOG_ERROR("Couldn't find an available hardware breakpoint."); return ERROR_TARGET_RESOURCE_NOT_AVAILABLE; } LOG_DEBUG("Start using resource %d for bp %d", i, breakpoint->unique_id); tdrdata1 |= CSR_BPCONTROL_X; tdrdata1 |= CSR_BPCONTROL_U; tdrdata1 |= CSR_BPCONTROL_S; tdrdata1 |= CSR_BPCONTROL_H; tdrdata1 |= CSR_BPCONTROL_M; write_csr(target, CSR_TDRDATA1, tdrdata1); write_csr(target, CSR_TDRDATA2, breakpoint->address); uint32_t tdrdata1_rb; read_csr(target, &tdrdata1_rb, CSR_TDRDATA1); LOG_DEBUG("tdrdata1=0x%x", tdrdata1_rb); if (!(tdrdata1_rb & CSR_BPCONTROL_X)) { LOG_ERROR("Breakpoint %d doesn't support execute", i); return ERROR_TARGET_RESOURCE_NOT_AVAILABLE; } info->hwbp_unique_id[i] = breakpoint->unique_id; } else { LOG_INFO("OpenOCD only supports hardware and software breakpoints."); return ERROR_TARGET_RESOURCE_NOT_AVAILABLE; } breakpoint->set = true; return ERROR_OK; } static int riscv_remove_breakpoint(struct target *target, struct breakpoint *breakpoint) { riscv_info_t *info = (riscv_info_t *) target->arch_info; if (breakpoint->type == BKPT_SOFT) { if (target_write_memory(target, breakpoint->address, breakpoint->length, 1, breakpoint->orig_instr) != ERROR_OK) { LOG_ERROR("Failed to restore instruction for %d-byte breakpoint at 0x%x", breakpoint->length, breakpoint->address); return ERROR_FAIL; } } else if (breakpoint->type == BKPT_HARD) { int i; for (i = 0; i < MAX_HWBPS; i++) { if (info->hwbp_unique_id[i] == breakpoint->unique_id) { break; } } if (i >= MAX_HWBPS) { LOG_ERROR("Couldn't find the hardware resources used by hardware breakpoint."); return ERROR_FAIL; } LOG_DEBUG("Stop using resource %d for bp %d", i, breakpoint->unique_id); write_csr(target, CSR_TDRSELECT, 0x80000000 | i); write_csr(target, CSR_TDRDATA1, 0); info->hwbp_unique_id[i] = ~0U; } else { LOG_INFO("OpenOCD only supports hardware and software breakpoints."); return ERROR_TARGET_RESOURCE_NOT_AVAILABLE; } breakpoint->set = false; return ERROR_OK; } int riscv_arch_state(struct target *target) { return ERROR_OK; } struct target_type riscv_target = { .name = "riscv", .init_target = riscv_init_target, .deinit_target = riscv_deinit_target, .examine = riscv_examine, /* poll current target status */ .poll = riscv_poll, .halt = riscv_halt, .resume = riscv_resume, .step = riscv_step, .assert_reset = riscv_assert_reset, .deassert_reset = riscv_deassert_reset, .read_memory = riscv_read_memory, .write_memory = riscv_write_memory, .get_gdb_reg_list = riscv_get_gdb_reg_list, .add_breakpoint = riscv_add_breakpoint, .remove_breakpoint = riscv_remove_breakpoint, .arch_state = riscv_arch_state, };