1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
26 #include "binarybuffer.h"
30 #ifdef _DEBUG_JTAG_IO_
31 #define DEBUG_JTAG_IO(expr ...) LOG_DEBUG(expr)
33 #define DEBUG_JTAG_IO(expr ...)
36 #ifndef DEBUG_JTAG_IOZ
37 #define DEBUG_JTAG_IOZ 64
40 /*-----<Macros>--------------------------------------------------*/
43 * When given an array, compute its DIMension; in other words, the
44 * number of elements in the array
46 #define DIM(x) (sizeof(x)/sizeof((x)[0]))
48 /** Calculate the number of bytes required to hold @a n TAP scan bits */
49 #define TAP_SCAN_BYTES(n) CEIL(n, 8)
51 /*-----</Macros>-------------------------------------------------*/
54 * Defines JTAG Test Access Port states.
56 * These definitions were gleaned from the ARM7TDMI-S Technical
57 * Reference Manual and validated against several other ARM core
58 * technical manuals. tap_get_tms_path() is sensitive to this numbering
59 * and ordering of the TAP states; furthermore, some interfaces require
60 * specific numbers be used, as they are handed-off directly to their
61 * hardware implementations.
63 typedef enum tap_state
66 /* These are the old numbers. Leave as-is for now... */
67 TAP_RESET = 0, TAP_IDLE = 8,
68 TAP_DRSELECT = 1, TAP_DRCAPTURE = 2, TAP_DRSHIFT = 3, TAP_DREXIT1 = 4,
69 TAP_DRPAUSE = 5, TAP_DREXIT2 = 6, TAP_DRUPDATE = 7,
70 TAP_IRSELECT = 9, TAP_IRCAPTURE = 10, TAP_IRSHIFT = 11, TAP_IREXIT1 = 12,
71 TAP_IRPAUSE = 13, TAP_IREXIT2 = 14, TAP_IRUPDATE = 15,
73 TAP_NUM_STATES = 16, TAP_INVALID = -1,
75 /* Proper ARM recommended numbers */
93 TAP_NUM_STATES = 0x10,
100 * Function tap_state_name
101 * Returns a string suitable for display representing the JTAG tap_state
103 const char* tap_state_name(tap_state_t state);
105 /// The current TAP state of the pending JTAG command queue.
106 extern tap_state_t cmd_queue_cur_state;
109 * This structure defines a single scan field in the scan. It provides
110 * fields for the field's width and pointers to scan input and output
113 * In addition, this structure includes a value and mask that is used by
114 * jtag_add_dr_scan_check() to validate the value that was scanned out.
116 * The allocated, modified, and intmp fields are internal work space.
118 typedef struct scan_field_s
120 /// A pointer to the tap structure to which this field refers.
123 /// The number of bits this field specifies (up to 32)
125 /// A pointer to value to be scanned into the device
127 /// A pointer to a 32-bit memory location for data scanned out
130 /// The value used to check the data scanned out.
132 /// The mask to go with check_value
135 /// in_value has been allocated for the queue
137 /// Indicates we modified the in_value.
139 /// temporary storage for performing value checks synchronously
143 typedef struct jtag_tap_event_action_s jtag_tap_event_action_t;
145 /* this is really: typedef jtag_tap_t */
146 /* But - the typedef is done in "types.h" */
147 /* due to "forward decloration reasons" */
152 const char* dotted_name;
153 int abs_chain_position;
154 /// Is this TAP enabled?
156 int ir_length; /**< size of instruction register */
157 u32 ir_capture_value;
158 u8* expected; /**< Capture-IR expected value */
160 u8* expected_mask; /**< Capture-IR expected mask */
162 /**< device identification code */
164 /// Array of expected identification codes */
166 /// Number of expected identification codes
169 /// current instruction
171 /// Bypass register selected
174 jtag_tap_event_action_t *event_action;
176 jtag_tap_t* next_tap;
178 extern jtag_tap_t* jtag_all_taps(void);
179 extern const char *jtag_tap_name(const jtag_tap_t *tap);
180 extern jtag_tap_t* jtag_tap_by_position(int n);
181 extern jtag_tap_t* jtag_tap_by_string(const char* dotted_name);
182 extern jtag_tap_t* jtag_TapByJimObj(Jim_Interp* interp, Jim_Obj* obj);
183 extern jtag_tap_t* jtag_tap_by_abs_position(int abs_position);
184 extern int jtag_NumEnabledTaps(void);
185 extern int jtag_NumTotalTaps(void);
187 static __inline__ jtag_tap_t* jtag_NextEnabledTap(jtag_tap_t* p)
191 /* start at the head of list */
196 /* start *after* this one */
215 enum reset_line_mode {
216 LINE_OPEN_DRAIN = 0x0,
217 LINE_PUSH_PULL = 0x1,
221 * There are three cases when JTAG_TRST_ASSERTED callback is invoked. The
222 * event is invoked *after* TRST is asserted(or queued rather). It is illegal
223 * to communicate with the JTAG interface during the callback(as there is
224 * currently a queue being built).
235 extern char* jtag_event_strings[];
237 enum jtag_tap_event {
238 JTAG_TAP_EVENT_ENABLE,
239 JTAG_TAP_EVENT_DISABLE
242 extern const Jim_Nvp nvp_jtag_tap_event[];
244 struct jtag_tap_event_action_s
246 enum jtag_tap_event event;
248 jtag_tap_event_action_t* next;
251 extern int jtag_trst;
252 extern int jtag_srst;
254 typedef struct jtag_event_callback_s
256 int (*callback)(enum jtag_event event, void* priv);
258 struct jtag_event_callback_s* next;
259 } jtag_event_callback_t;
261 extern jtag_event_callback_t* jtag_event_callbacks;
263 extern int jtag_speed;
264 extern int jtag_speed_post_reset;
268 RESET_HAS_TRST = 0x1,
269 RESET_HAS_SRST = 0x2,
270 RESET_TRST_AND_SRST = 0x3,
271 RESET_SRST_PULLS_TRST = 0x4,
272 RESET_TRST_PULLS_SRST = 0x8,
273 RESET_TRST_OPEN_DRAIN = 0x10,
274 RESET_SRST_PUSH_PULL = 0x20,
277 extern enum reset_types jtag_reset_config;
280 * Initialize interface upon startup. Return a successful no-op upon
281 * subsequent invocations.
283 extern int jtag_interface_init(struct command_context_s* cmd_ctx);
285 /// Shutdown the JTAG interface upon program exit.
286 extern int jtag_interface_quit(void);
289 * Initialize JTAG chain using only a RESET reset. If init fails,
292 extern int jtag_init(struct command_context_s* cmd_ctx);
294 /// reset, then initialize JTAG chain
295 extern int jtag_init_reset(struct command_context_s* cmd_ctx);
296 extern int jtag_register_commands(struct command_context_s* cmd_ctx);
300 * The JTAG interface can be implemented with a software or hardware fifo.
302 * TAP_DRSHIFT and TAP_IRSHIFT are illegal end states; however,
303 * TAP_DRSHIFT/IRSHIFT can be emulated as end states, by using longer
306 * Code that is relatively insensitive to the path taken through state
307 * machine (as long as it is JTAG compliant) can use @a endstate for
308 * jtag_add_xxx_scan(). Otherwise, the pause state must be specified as
309 * end state and a subsequent jtag_add_pathmove() must be issued.
312 extern void jtag_add_ir_scan(int num_fields, scan_field_t* fields, tap_state_t endstate);
314 * The same as jtag_add_ir_scan except no verification is performed out
317 extern void jtag_add_ir_scan_noverify(int num_fields, const scan_field_t *fields, tap_state_t state);
321 * Set in_value to point to 32 bits of memory to scan into. This
322 * function is a way to handle the case of synchronous and asynchronous
325 * In the event of an asynchronous queue execution the queue buffer
326 * allocation method is used, for the synchronous case the temporary 32
327 * bits come from the input field itself.
329 extern void jtag_alloc_in_value32(scan_field_t *field);
331 extern void jtag_add_dr_scan(int num_fields, const scan_field_t* fields, tap_state_t endstate);
332 /// A version of jtag_add_dr_scan() that uses the check_value/mask fields
333 extern void jtag_add_dr_scan_check(int num_fields, scan_field_t* fields, tap_state_t endstate);
334 extern void jtag_add_plain_ir_scan(int num_fields, const scan_field_t* fields, tap_state_t endstate);
335 extern void jtag_add_plain_dr_scan(int num_fields, const scan_field_t* fields, tap_state_t endstate);
339 * Defines a simple JTAG callback that can allow conversions on data
340 * scanned in from an interface.
342 * This callback should only be used for conversion that cannot fail.
343 * For conversion types or checks that can fail, use the more complete
344 * variant: jtag_callback_t.
346 typedef void (*jtag_callback1_t)(u8 *in);
348 /// A simpler version of jtag_add_callback4().
349 extern void jtag_add_callback(jtag_callback1_t, u8 *in);
353 * Defines the type of data passed to the jtag_callback_t interface.
354 * The underlying type must allow storing an @c int or pointer type.
356 typedef intptr_t jtag_callback_data_t;
359 * Defines the interface of the JTAG callback mechanism.
361 * @param in the pointer to the data clocked in
362 * @param data1 An integer big enough to use as an @c int or a pointer.
363 * @param data2 An integer big enough to use as an @c int or a pointer.
364 * @param data3 An integer big enough to use as an @c int or a pointer.
365 * @returns an error code
367 typedef int (*jtag_callback_t)(u8 *in, jtag_callback_data_t data1, jtag_callback_data_t data2, jtag_callback_data_t data3);
371 * This callback can be executed immediately the queue has been flushed.
373 * The JTAG queue can be executed synchronously or asynchronously.
374 * Typically for USB, the queue is executed asynchronously. For
375 * low-latency interfaces, the queue may be executed synchronously.
377 * The callback mechanism is very general and does not make many
378 * assumptions about what the callback does or what its arguments are.
379 * These callbacks are typically executed *after* the *entire* JTAG
380 * queue has been executed for e.g. USB interfaces, and they are
381 * guaranteeed to be invoked in the order that they were queued.
383 * If the execution of the queue fails before the callbacks, then --
384 * depending on driver implementation -- the callbacks may or may not be
385 * invoked. @todo Can we make this behavior consistent?
387 * The strange name is due to C's lack of overloading using function
390 * @param f The callback function to add.
391 * @param in Typically used to point to the data to operate on.
392 * Frequently this will be the data clocked in during a shift operation.
393 * @param data1 An integer big enough to use as an @c int or a pointer.
394 * @param data2 An integer big enough to use as an @c int or a pointer.
395 * @param data3 An integer big enough to use as an @c int or a pointer.
398 extern void jtag_add_callback4(jtag_callback_t f, u8 *in,
399 jtag_callback_data_t data1, jtag_callback_data_t data2,
400 jtag_callback_data_t data3);
404 * Run a TAP_RESET reset where the end state is TAP_RESET,
405 * regardless of the start state.
407 extern void jtag_add_tlr(void);
410 * Application code *must* assume that interfaces will
411 * implement transitions between states with different
412 * paths and path lengths through the state diagram. The
413 * path will vary across interface and also across versions
414 * of the same interface over time. Even if the OpenOCD code
415 * is unchanged, the actual path taken may vary over time
416 * and versions of interface firmware or PCB revisions.
418 * Use jtag_add_pathmove() when specific transition sequences
421 * Do not use jtag_add_pathmove() unless you need to, but do use it
424 * DANGER! If the target is dependent upon a particular sequence
425 * of transitions for things to work correctly(e.g. as a workaround
426 * for an errata that contradicts the JTAG standard), then pathmove
427 * must be used, even if some jtag interfaces happen to use the
428 * desired path. Worse, the jtag interface used for testing a
429 * particular implementation, could happen to use the "desired"
430 * path when transitioning to/from end
433 * A list of unambigious single clock state transitions, not
434 * all drivers can support this, but it is required for e.g.
435 * XScale and Xilinx support
437 * Note! TAP_RESET must not be used in the path!
439 * Note that the first on the list must be reachable
440 * via a single transition from the current state.
442 * All drivers are required to implement jtag_add_pathmove().
443 * However, if the pathmove sequence can not be precisely
444 * executed, an interface_jtag_add_pathmove() or jtag_execute_queue()
445 * must return an error. It is legal, but not recommended, that
446 * a driver returns an error in all cases for a pathmove if it
447 * can only implement a few transitions and therefore
448 * a partial implementation of pathmove would have little practical
451 extern void jtag_add_pathmove(int num_states, const tap_state_t* path);
454 * Goes to TAP_IDLE (if we're not already there), cycle
455 * precisely num_cycles in the TAP_IDLE state, after which move
456 * to @a endstate (unless it is also TAP_IDLE).
458 * @param num_cycles Number of cycles in TAP_IDLE state. This argument
459 * may be 0, in which case this routine will navigate to @a endstate
461 * @param endstate The final state.
463 extern void jtag_add_runtest(int num_cycles, tap_state_t endstate);
466 * A reset of the TAP state machine can be requested.
468 * Whether tms or trst reset is used depends on the capabilities of
469 * the target and jtag interface(reset_config command configures this).
471 * srst can driver a reset of the TAP state machine and vice
474 * Application code may need to examine value of jtag_reset_config
475 * to determine the proper codepath
477 * DANGER! Even though srst drives trst, trst might not be connected to
478 * the interface, and it might actually be *harmful* to assert trst in this case.
480 * This is why combinations such as "reset_config srst_only srst_pulls_trst"
483 * only req_tlr_or_trst and srst can have a transition for a
484 * call as the effects of transitioning both at the "same time"
485 * are undefined, but when srst_pulls_trst or vice versa,
486 * then trst & srst *must* be asserted together.
488 extern void jtag_add_reset(int req_tlr_or_trst, int srst);
492 * Function jtag_set_end_state
494 * Set a global variable to \a state if \a state != TAP_INVALID.
496 * Return the value of the global variable.
499 extern tap_state_t jtag_set_end_state(tap_state_t state);
501 * Function jtag_get_end_state
503 * Return the value of the global variable for end state
506 extern tap_state_t jtag_get_end_state(void);
507 extern void jtag_add_sleep(u32 us);
511 * Function jtag_add_stable_clocks
512 * first checks that the state in which the clocks are to be issued is
513 * stable, then queues up clock_count clocks for transmission.
515 void jtag_add_clocks(int num_cycles);
519 * For software FIFO implementations, the queued commands can be executed
520 * during this call or earlier. A sw queue might decide to push out
521 * some of the jtag_add_xxx() operations once the queue is "big enough".
523 * This fn will return an error code if any of the prior jtag_add_xxx()
524 * calls caused a failure, e.g. check failure. Note that it does not
525 * matter if the operation was executed *before* jtag_execute_queue(),
526 * jtag_execute_queue() will still return an error code.
528 * All jtag_add_xxx() calls that have in_handler!=NULL will have been
529 * executed when this fn returns, but if what has been queued only
530 * clocks data out, without reading anything back, then JTAG could
531 * be running *after* jtag_execute_queue() returns. The API does
532 * not define a way to flush a hw FIFO that runs *after*
533 * jtag_execute_queue() returns.
535 * jtag_add_xxx() commands can either be executed immediately or
536 * at some time between the jtag_add_xxx() fn call and jtag_execute_queue().
538 extern int jtag_execute_queue(void);
540 /* same as jtag_execute_queue() but does not clear the error flag */
541 extern void jtag_execute_queue_noclear(void);
544 * The jtag_error variable is set when an error occurs while executing
547 * This flag can also be set from application code, if an error happens
548 * during processing that should be reported during jtag_execute_queue().
550 * It is cleared by jtag_execute_queue().
552 extern int jtag_error;
554 static __inline__ void jtag_set_error(int error)
556 if ((error==ERROR_OK)||(jtag_error!=ERROR_OK))
558 /* keep first error */
566 /* can be implemented by hw+sw */
567 extern int jtag_power_dropout(int* dropout);
568 extern int jtag_srst_asserted(int* srst_asserted);
570 /* JTAG support functions */
573 * Execute jtag queue and check value with an optional mask.
574 * @param field Pointer to scan field.
575 * @param value Pointer to scan value.
576 * @param mask Pointer to scan mask; may be NULL.
577 * @returns Nothing, but calls jtag_set_error() on any error.
579 extern void jtag_check_value_mask(scan_field_t *field, u8 *value, u8 *mask);
581 extern void jtag_sleep(u32 us);
582 extern int jtag_call_event_callbacks(enum jtag_event event);
583 extern int jtag_register_event_callback(int (* callback)(enum jtag_event event, void* priv), void* priv);
585 extern int jtag_verify_capture_ir;
587 void jtag_tap_handle_event(jtag_tap_t* tap, enum jtag_tap_event e);
590 * The JTAG subsystem defines a number of error codes,
591 * using codes between -100 and -199.
593 #define ERROR_JTAG_INIT_FAILED (-100)
594 #define ERROR_JTAG_INVALID_INTERFACE (-101)
595 #define ERROR_JTAG_NOT_IMPLEMENTED (-102)
596 #define ERROR_JTAG_TRST_ASSERTED (-103)
597 #define ERROR_JTAG_QUEUE_FAILED (-104)
598 #define ERROR_JTAG_NOT_STABLE_STATE (-105)
599 #define ERROR_JTAG_DEVICE_ERROR (-107)
602 * jtag_add_dr_out() is a version of jtag_add_dr_scan() which
603 * only scans data out. It operates on 32 bit integers instead
604 * of 8 bit, which makes it a better impedance match with
605 * the calling code which often operate on 32 bit integers.
607 * Current or end_state can not be TAP_RESET. end_state can be TAP_INVALID
609 * num_bits[i] is the number of bits to clock out from value[i] LSB first.
611 * If the device is in bypass, then that is an error condition in
612 * the caller code that is not detected by this fn, whereas
613 * jtag_add_dr_scan() does detect it. Similarly if the device is not in
614 * bypass, data must be passed to it.
616 * If anything fails, then jtag_error will be set and jtag_execute() will
617 * return an error. There is no way to determine if there was a failure
618 * during this function call.
620 * This is an inline fn to speed up embedded hosts. Also note that
621 * interface_jtag_add_dr_out() can be a *small* inline function for
624 * There is no jtag_add_dr_outin() version of this fn that also allows
625 * clocking data back in. Patches gladly accepted!
627 extern void jtag_add_dr_out(jtag_tap_t* tap,
628 int num_fields, const int* num_bits, const u32* value,
629 tap_state_t end_state);
633 * jtag_add_statemove() moves from the current state to @a goal_state.
635 * This function was originally designed to handle the XSTATE command
636 * from the XSVF specification.
638 * @param goal_state The final TAP state.
639 * @return ERROR_OK on success, or an error code on failure.
641 extern int jtag_add_statemove(tap_state_t goal_state);
645 /// @returns the number of times the scan queue has been flushed
646 int jtag_get_flush_queue_count(void);
647 void jtag_set_nsrst_delay(unsigned delay);
648 void jtag_set_ntrst_delay(unsigned delay);
649 void jtag_set_speed_khz(unsigned speed);
650 unsigned jtag_get_speed_khz(void);
651 void jtag_set_verify(bool enable);
652 bool jtag_will_verify(void);