x00t!

arm jtag on goodfet is a reality!
or at least most of the hurdles have been conquered.
ARMreadMem works now.  it turns out i was haphazardly running through RUNTEST/IDLE willy nilly, which was messing up the RESTART/BRKPT magic.

still todo:
* complete and test writeMem
* add flash-writing (may need to implement in specific subclasses)
* create goodfet.arm for command-line access
* prettify and complete GoodFETARM7, rename jtagarm7tdmi.h
* create specific subclasses for actual arm7 chips (at91r40008, at91sam7, etc...)

git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@693 12e2690d-a6be-4b82-a7b7-67c4a43b65c8

diff --git a/client/gplay-arm.py b/client/gplay-arm.py
index f8dd394..eb253b3 100755 (executable)
--- a/client/gplay-arm.py
+++ b/client/gplay-arm.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env ipython
 import sys, struct, binascii,time
-from GoodFETARM import *
+from GoodFETARM7 import *
 from intelhex import IntelHex
 
 
@@ -342,6 +342,38 @@ def printResults():
             x=results[y]
             print "%.2x=%s"%(y,repr(["%x"%t for t in x]))
 
+def ARMreadMem(self, adr, wrdcount):
+    retval = [] 
+    r0 = self.ARMget_register(5);        # store R0 and R1
+    r1 = self.ARMget_register(9);
+    #print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
+    for word in range(adr, adr+(wrdcount*4), 4):
+        #sys.stdin.readline()
+        self.ARMset_register(5, word);        # write address into R0
+        self.ARMset_register(9, 0xdeadbeef)
+        self.ARM_nop(0)
+        self.ARM_nop(1)
+        self.ARMdebuginstr(0xe4959004L, 0); # push LDR R1, [R0], #4 into instruction pipeline  (autoincrements for consecutive reads)
+        self.ARM_nop(0)
+        self.ARMrestart()
+        self.ARMwaitDBG()
+        time.sleep(.4)
+        self.ARMdebuginstr(0x47146,0)
+        self.ARMdebuginstr(0x47147,0)
+        print hex(self.ARMget_register(9))
+        # FIXME: this may end up changing te current debug-state.  should we compare to current_dbgstate?
+        #print repr(self.data[4])
+        if (len(self.data)>4 and self.data[4] == '\x00'):
+          print >>sys.stderr,("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
+          raise Exception("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
+          #return -1
+        else:
+          retval.append( self.ARMget_register(9) )  # read memory value from R1 register
+          #print >>sys.stderr,("CPSR: %x\t\tR0: %x\t\tR1: %x"%(self.ARMget_regCPSR(),self.ARMget_register(0),self.ARMget_register(1)))
+    self.ARMset_register(9, r1);       # restore R0 and R1 
+    self.ARMset_register(5, r0);
+    return retval
+
 """
   case 0xD0: // loopback test
     cmddatalong[0] = 0x12345678;

diff --git a/firmware/apps/jtag/jtagarm7.c b/firmware/apps/jtag/jtagarm7.c
index 77e9c38..63ab746 100644 (file)
--- a/firmware/apps/jtag/jtagarm7.c
+++ b/firmware/apps/jtag/jtagarm7.c
@@ -59,10 +59,10 @@ void jtagarm7tdmi_start() {
  *     *set_register
  */
 
-u32 shift_ir(u32 ir){
-  u32 retval;
+u8 shift_ir(u8 ir, u8 flags){
+  u8 retval;
   jtag_goto_shift_ir();
-  retval = jtagtransn(ir, 4, LSB); 
+  retval = jtagtransn(ir, 4, LSB|flags); 
   return retval;
 }
 
@@ -75,12 +75,10 @@ commands occur. Therefore, it is recommended to pass directly from the “Update
 state” to the “Select DR” state each time the “Update” state is reached.
 */
   unsigned long retval;
-  jtag_goto_shift_ir();
-  jtagtransn(ARM7TDMI_IR_SCAN_N, 4, LSB | NORETIDLE);
+  shift_ir(ARM7TDMI_IR_SCAN_N, NORETIDLE);
   jtag_goto_shift_dr();
   retval = jtagtransn(chain, 4, LSB | NORETIDLE);
-  jtag_goto_shift_ir();
-  jtagtransn(testmode, 4, LSB); 
+  shift_ir(testmode, NORETIDLE); 
   return(retval);
 }
 
@@ -120,12 +118,10 @@ unsigned long jtagarm7tdmi_instr_primitive(unsigned long instr, char breakpt){
   if (breakpt)
     {
     SETMOSI;
-    count_sysspd_instr_since_debug++;
     } 
   else
     {
     CLRMOSI; 
-    count_dbgspd_instr_since_debug++;
     }
   jtag_tcktock();
   
@@ -195,12 +191,10 @@ void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len
     txdata(app,verb,0);
     break;
   case JTAG_IR_SHIFT:
-    jtag_goto_shift_ir();
-    cmddataword[0] = jtagtransn(cmddata[0], 4, cmddata[1]);
-    txdata(app,verb,2);
+    cmddataword[0] = shift_ir(cmddata[0], cmddata[1]);
+    txdata(app,verb,1);
     break;
   case JTAG_DR_SHIFT:
-       jtag_resettap();
     jtag_goto_shift_dr();
     cmddatalong[0] = jtagtransn(cmddatalong[1],cmddata[0],cmddata[1]);
     txdata(app,verb,4);
@@ -208,10 +202,10 @@ void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len
   case JTAGARM7_CHAIN0:
     jtagarm7tdmi_scan(0, ARM7TDMI_IR_INTEST);
     jtag_goto_shift_dr();
-    debughex32(cmddatalong[0]);
-    debughex(cmddataword[4]);
-    debughex32(cmddatalong[1]);
-    debughex32(cmddatalong[3]);
+    //debughex32(cmddatalong[0]);
+    //debughex(cmddataword[4]);
+    //debughex32(cmddatalong[1]);
+    //debughex32(cmddatalong[3]);
     cmddatalong[0] = jtagtransn(cmddatalong[0], 32, LSB| NOEND| NORETIDLE);
     cmddatalong[2] = jtagtransn(cmddataword[4], 9, MSB| NOEND| NORETIDLE);
     cmddatalong[1] = jtagtransn(cmddatalong[1], 32, MSB| NOEND| NORETIDLE);

diff --git a/firmware/include/jtagarm7tdmi.h b/firmware/include/jtagarm7tdmi.h
index fe2bc41..ae1d4fd 100644 (file)
--- a/firmware/include/jtagarm7tdmi.h
+++ b/firmware/include/jtagarm7tdmi.h
@@ -17,16 +17,14 @@
 
 unsigned char current_chain;
 unsigned char current_dbgstate = -1;
-unsigned char last_halt_debug_state = -1;
-unsigned long last_halt_pc = -1;
-unsigned long count_dbgspd_instr_since_debug = 0;
-unsigned long count_sysspd_instr_since_debug = 0;
+//unsigned char last_halt_debug_state = -1;
+//unsigned long last_halt_pc = -1;
 
 
-void jtag_goto_shift_ir();
-void jtag_goto_shift_dr();
-void jtag_reset_to_runtest_idle();
-void jtag_arm_tcktock();
+//void jtag_goto_shift_ir();
+//void jtag_goto_shift_dr();
+//void jtag_reset_to_runtest_idle();
+//void jtag_arm_tcktock();
 
 
 // JTAGARM7TDMI Commands