1 /***************************************************************************
2 * Copyright (C) 2007-2010 by Øyvind Harboe *
4 * This program is free software; you can redistribute it and/or modify *
5 * it under the terms of the GNU General Public License as published by *
6 * the Free Software Foundation; either version 2 of the License, or *
7 * (at your option) any later version. *
9 * This program is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU General Public License for more details. *
14 * You should have received a copy of the GNU General Public License *
15 * along with this program; if not, write to the *
16 * Free Software Foundation, Inc., *
17 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ***************************************************************************/
20 /* This file supports the zy1000 debugger: http://www.zylin.com/zy1000.html
22 * The zy1000 is a standalone debugger that has a web interface and
23 * requires no drivers on the developer host as all communication
24 * is via TCP/IP. The zy1000 gets it performance(~400-700kBytes/s
25 * DCC downloads @ 16MHz target) as it has an FPGA to hardware
26 * accelerate the JTAG commands, while offering *very* low latency
27 * between OpenOCD and the FPGA registers.
29 * The disadvantage of the zy1000 is that it has a feeble CPU compared to
30 * a PC(ca. 50-500 DMIPS depending on how one counts it), whereas a PC
31 * is on the order of 10000 DMIPS(i.e. at a factor of 20-200).
33 * The zy1000 revc hardware is using an Altera Nios CPU, whereas the
34 * revb is using ARM7 + Xilinx.
36 * See Zylin web pages or contact Zylin for more information.
38 * The reason this code is in OpenOCD rather than OpenOCD linked with the
39 * ZY1000 code is that OpenOCD is the long road towards getting
40 * libopenocd into place. libopenocd will support both low performance,
41 * low latency systems(embedded) and high performance high latency
48 #include <target/embeddedice.h>
49 #include <jtag/minidriver.h>
50 #include <jtag/interface.h>
51 #include "zy1000_version.h"
53 #include <cyg/hal/hal_io.h> // low level i/o
54 #include <cyg/hal/hal_diag.h>
58 #ifdef CYGPKG_HAL_NIOS2
59 #include <cyg/hal/io.h>
60 #include <cyg/firmwareutil/firmwareutil.h>
63 #define ZYLIN_VERSION GIT_ZY1000_VERSION
64 #define ZYLIN_DATE __DATE__
65 #define ZYLIN_TIME __TIME__
66 #define ZYLIN_OPENOCD GIT_OPENOCD_VERSION
67 #define ZYLIN_OPENOCD_VERSION "ZY1000 " ZYLIN_VERSION " " ZYLIN_DATE
70 static int zy1000_khz(int khz, int *jtag_speed)
78 *jtag_speed = 64000/khz;
83 static int zy1000_speed_div(int speed, int *khz)
97 static bool readPowerDropout(void)
100 // sample and clear power dropout
101 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x80);
102 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, state);
104 powerDropout = (state & 0x80) != 0;
109 static bool readSRST(void)
112 // sample and clear SRST sensing
113 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000040);
114 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, state);
116 srstAsserted = (state & 0x40) != 0;
120 static int zy1000_srst_asserted(int *srst_asserted)
122 *srst_asserted = readSRST();
126 static int zy1000_power_dropout(int *dropout)
128 *dropout = readPowerDropout();
132 void zy1000_reset(int trst, int srst)
134 LOG_DEBUG("zy1000 trst=%d, srst=%d", trst, srst);
136 /* flush the JTAG FIFO. Not flushing the queue before messing with
137 * reset has such interesting bugs as causing hard to reproduce
138 * RCLK bugs as RCLK will stop responding when TRST is asserted
144 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x00000001);
148 /* Danger!!! if clk != 0 when in
149 * idle in TAP_IDLE, reset halt on str912 will fail.
151 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000001);
156 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x00000002);
161 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000002);
164 if (trst||(srst && (jtag_get_reset_config() & RESET_SRST_PULLS_TRST)))
166 /* we're now in the RESET state until trst is deasserted */
167 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, TAP_RESET);
170 /* We'll get RCLK failure when we assert TRST, so clear any false positives here */
171 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x400);
174 /* wait for srst to float back up */
178 for (i = 0; i < 1000; i++)
180 // We don't want to sense our own reset, so we clear here.
181 // There is of course a timing hole where we could loose
192 LOG_USER("SRST didn't deassert after %dms", i);
195 LOG_USER("SRST took %dms to deassert", i);
200 int zy1000_speed(int speed)
202 /* flush JTAG master FIFO before setting speed */
209 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x100);
210 LOG_DEBUG("jtag_speed using RCLK");
214 if (speed > 8190 || speed < 2)
216 LOG_USER("valid ZY1000 jtag_speed=[8190,2]. Divisor is 64MHz / even values between 8190-2, i.e. min 7814Hz, max 32MHz");
217 return ERROR_INVALID_ARGUMENTS;
220 LOG_USER("jtag_speed %d => JTAG clk=%f", speed, 64.0/(float)speed);
221 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x100);
222 ZY1000_POKE(ZY1000_JTAG_BASE + 0x1c, speed&~1);
227 static bool savePower;
230 static void setPower(bool power)
235 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x8);
238 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x8);
242 COMMAND_HANDLER(handle_power_command)
248 COMMAND_PARSE_ON_OFF(CMD_ARGV[0], enable);
253 LOG_INFO("Target power %s", savePower ? "on" : "off");
256 return ERROR_INVALID_ARGUMENTS;
263 /* Give TELNET a way to find out what version this is */
264 static int jim_zy1000_version(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
266 if ((argc < 1) || (argc > 3))
268 const char *version_str = NULL;
272 version_str = ZYLIN_OPENOCD_VERSION;
275 const char *str = Jim_GetString(argv[1], NULL);
276 const char *str2 = NULL;
278 str2 = Jim_GetString(argv[2], NULL);
279 if (strcmp("openocd", str) == 0)
281 version_str = ZYLIN_OPENOCD;
283 else if (strcmp("zy1000", str) == 0)
285 version_str = ZYLIN_VERSION;
287 else if (strcmp("date", str) == 0)
289 version_str = ZYLIN_DATE;
291 else if (strcmp("time", str) == 0)
293 version_str = ZYLIN_TIME;
295 else if (strcmp("pcb", str) == 0)
297 #ifdef CYGPKG_HAL_NIOS2
303 #ifdef CYGPKG_HAL_NIOS2
304 else if (strcmp("fpga", str) == 0)
307 /* return a list of 32 bit integers to describe the expected
310 static char *fpga_id = "0x12345678 0x12345678 0x12345678 0x12345678";
311 cyg_uint32 id, timestamp;
312 HAL_READ_UINT32(SYSID_BASE, id);
313 HAL_READ_UINT32(SYSID_BASE+4, timestamp);
314 sprintf(fpga_id, "0x%08x 0x%08x 0x%08x 0x%08x", id, timestamp, SYSID_ID, SYSID_TIMESTAMP);
315 version_str = fpga_id;
316 if ((argc>2) && (strcmp("time", str2) == 0))
318 time_t last_mod = timestamp;
319 char * t = ctime (&last_mod) ;
332 Jim_SetResult(interp, Jim_NewStringObj(interp, version_str, -1));
338 #ifdef CYGPKG_HAL_NIOS2
344 struct cyg_upgrade_info *upgraded_file;
347 static void report_info(void *data, const char * format, va_list args)
349 char *s = alloc_vprintf(format, args);
354 struct cyg_upgrade_info firmware_info =
356 (cyg_uint8 *)0x84000000,
362 "ZylinNiosFirmware\n",
366 static int jim_zy1000_writefirmware(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
372 const char *str = Jim_GetString(argv[1], &length);
376 if ((tmpFile = open(firmware_info.file, O_RDWR | O_CREAT | O_TRUNC)) <= 0)
381 success = write(tmpFile, str, length) == length;
386 if (!cyg_firmware_upgrade(NULL, firmware_info))
394 zylinjtag_Jim_Command_powerstatus(Jim_Interp *interp,
396 Jim_Obj * const *argv)
400 Jim_WrongNumArgs(interp, 1, argv, "powerstatus");
405 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, status);
407 Jim_SetResult(interp, Jim_NewIntObj(interp, (status&0x80) != 0));
415 int zy1000_init(void)
417 LOG_USER("%s", ZYLIN_OPENOCD_VERSION);
419 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x30); // Turn on LED1 & LED2
421 setPower(true); // on by default
424 /* deassert resets. Important to avoid infinite loop waiting for SRST to deassert */
426 zy1000_speed(jtag_get_speed());
431 int zy1000_quit(void)
439 int interface_jtag_execute_queue(void)
444 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, empty);
445 /* clear JTAG error register */
446 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x400);
448 if ((empty&0x400) != 0)
450 LOG_WARNING("RCLK timeout");
451 /* the error is informative only as we don't want to break the firmware if there
452 * is a false positive.
454 // return ERROR_FAIL;
463 static cyg_uint32 getShiftValue(void)
467 ZY1000_PEEK(ZY1000_JTAG_BASE + 0xc, value);
468 VERBOSE(LOG_INFO("getShiftValue %08x", value));
472 static cyg_uint32 getShiftValueFlip(void)
476 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x18, value);
477 VERBOSE(LOG_INFO("getShiftValue %08x (flipped)", value));
483 static void shiftValueInnerFlip(const tap_state_t state, const tap_state_t endState, int repeat, cyg_uint32 value)
485 VERBOSE(LOG_INFO("shiftValueInner %s %s %d %08x (flipped)", tap_state_name(state), tap_state_name(endState), repeat, value));
489 ZY1000_POKE(ZY1000_JTAG_BASE + 0xc, value);
490 ZY1000_POKE(ZY1000_JTAG_BASE + 0x8, (1 << 15) | (repeat << 8) | (a << 4) | b);
491 VERBOSE(getShiftValueFlip());
495 static void gotoEndState(tap_state_t end_state)
497 setCurrentState(end_state);
500 static __inline void scanFields(int num_fields, const struct scan_field *fields, tap_state_t shiftState, int pause)
506 for (i = 0; i < num_fields; i++)
510 uint8_t *inBuffer = NULL;
513 // figure out where to store the input data
514 int num_bits = fields[i].num_bits;
515 if (fields[i].in_value != NULL)
517 inBuffer = fields[i].in_value;
520 // here we shuffle N bits out/in
524 tap_state_t pause_state;
527 pause_state = (shiftState == TAP_DRSHIFT)?TAP_DRSHIFT:TAP_IRSHIFT;
531 /* we have more to shift out */
532 } else if (pause&&(i == num_fields-1))
534 /* this was the last to shift out this time */
535 pause_state = (shiftState==TAP_DRSHIFT)?TAP_DRPAUSE:TAP_IRPAUSE;
538 // we have (num_bits + 7)/8 bytes of bits to toggle out.
539 // bits are pushed out LSB to MSB
541 if (fields[i].out_value != NULL)
543 for (l = 0; l < k; l += 8)
545 value|=fields[i].out_value[(j + l)/8]<<l;
548 /* mask away unused bits for easier debugging */
551 value&=~(((uint32_t)0xffffffff) << k);
554 /* Shifting by >= 32 is not defined by the C standard
555 * and will in fact shift by &0x1f bits on nios */
558 shiftValueInner(shiftState, pause_state, k, value);
560 if (inBuffer != NULL)
562 // data in, LSB to MSB
563 value = getShiftValue();
564 // we're shifting in data to MSB, shift data to be aligned for returning the value
567 for (l = 0; l < k; l += 8)
569 inBuffer[(j + l)/8]=(value >> l)&0xff;
577 int interface_jtag_add_ir_scan(struct jtag_tap *active, int num_fields, const struct scan_field *fields, tap_state_t state)
580 struct jtag_tap *tap, *nextTap;
582 assert(num_fields == 1);
584 for (tap = jtag_tap_next_enabled(NULL); tap!= NULL; tap = nextTap)
586 nextTap = jtag_tap_next_enabled(tap);
587 bool pause = (nextTap==NULL);
588 scan_size = tap->ir_length;
590 /* search the list */
593 scanFields(num_fields, fields, TAP_IRSHIFT, pause);
594 /* update device information */
595 buf_cpy(fields[0].out_value, tap->cur_instr, scan_size);
600 /* if a device isn't listed, set it to BYPASS */
601 assert(scan_size <= 32);
602 shiftValueInner(TAP_IRSHIFT, pause?TAP_IRPAUSE:TAP_IRSHIFT, scan_size, 0xffffffff);
616 int interface_jtag_add_plain_ir_scan(int num_fields, const struct scan_field *fields, tap_state_t state)
618 scanFields(num_fields, fields, TAP_IRSHIFT, 1);
624 int interface_jtag_add_dr_scan(struct jtag_tap *active, int num_fields, const struct scan_field *fields, tap_state_t state)
626 struct jtag_tap *tap, *nextTap;
627 for (tap = jtag_tap_next_enabled(NULL); tap!= NULL; tap = nextTap)
629 nextTap = jtag_tap_next_enabled(tap);
630 bool pause = (nextTap==NULL);
632 /* Find a range of fields to write to this tap */
635 assert(!tap->bypass);
637 scanFields(num_fields, fields, TAP_DRSHIFT, pause);
640 /* Shift out a 0 for disabled tap's */
642 shiftValueInner(TAP_DRSHIFT, pause?TAP_DRPAUSE:TAP_DRSHIFT, 1, 0);
649 int interface_jtag_add_plain_dr_scan(int num_fields, const struct scan_field *fields, tap_state_t state)
651 scanFields(num_fields, fields, TAP_DRSHIFT, 1);
656 int interface_jtag_add_tlr()
658 setCurrentState(TAP_RESET);
663 int interface_jtag_add_reset(int req_trst, int req_srst)
665 zy1000_reset(req_trst, req_srst);
669 static int zy1000_jtag_add_clocks(int num_cycles, tap_state_t state, tap_state_t clockstate)
671 /* num_cycles can be 0 */
672 setCurrentState(clockstate);
674 /* execute num_cycles, 32 at the time. */
676 for (i = 0; i < num_cycles; i += 32)
680 if (num_cycles-i < num)
684 shiftValueInner(clockstate, clockstate, num, 0);
688 /* finish in end_state */
689 setCurrentState(state);
691 tap_state_t t = TAP_IDLE;
692 /* test manual drive code on any target */
694 uint8_t tms_scan = tap_get_tms_path(t, state);
695 int tms_count = tap_get_tms_path_len(tap_get_state(), tap_get_end_state());
697 for (i = 0; i < tms_count; i++)
699 tms = (tms_scan >> i) & 1;
701 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, tms);
704 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, state);
710 int interface_jtag_add_runtest(int num_cycles, tap_state_t state)
712 return zy1000_jtag_add_clocks(num_cycles, state, TAP_IDLE);
715 int interface_jtag_add_clocks(int num_cycles)
717 return zy1000_jtag_add_clocks(num_cycles, cmd_queue_cur_state, cmd_queue_cur_state);
720 int interface_jtag_add_sleep(uint32_t us)
726 int interface_add_tms_seq(unsigned num_bits, const uint8_t *seq, enum tap_state state)
728 /*wait for the fifo to be empty*/
731 for (unsigned i = 0; i < num_bits; i++)
735 if (((seq[i/8] >> (i % 8)) & 1) == 0)
745 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, tms);
749 if (state != TAP_INVALID)
751 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, state);
754 /* this would be normal if we are switching to SWD mode */
759 int interface_jtag_add_pathmove(int num_states, const tap_state_t *path)
766 tap_state_t cur_state = cmd_queue_cur_state;
769 memset(seq, 0, sizeof(seq));
770 assert(num_states < (sizeof(seq) * 8));
774 if (tap_state_transition(cur_state, false) == path[state_count])
778 else if (tap_state_transition(cur_state, true) == path[state_count])
784 LOG_ERROR("BUG: %s -> %s isn't a valid TAP transition", tap_state_name(cur_state), tap_state_name(path[state_count]));
788 seq[state_count/8] = seq[state_count/8] | (tms << (state_count % 8));
790 cur_state = path[state_count];
795 return interface_add_tms_seq(state_count, seq, cur_state);
798 void embeddedice_write_dcc(struct jtag_tap *tap, int reg_addr, uint8_t *buffer, int little, int count)
800 // static int const reg_addr = 0x5;
801 tap_state_t end_state = jtag_get_end_state();
802 if (jtag_tap_next_enabled(jtag_tap_next_enabled(NULL)) == NULL)
804 /* better performance via code duplication */
808 for (i = 0; i < count; i++)
810 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, fast_target_buffer_get_u32(buffer, 1));
811 shiftValueInner(TAP_DRSHIFT, end_state, 6, reg_addr | (1 << 5));
817 for (i = 0; i < count; i++)
819 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, fast_target_buffer_get_u32(buffer, 0));
820 shiftValueInner(TAP_DRSHIFT, end_state, 6, reg_addr | (1 << 5));
828 for (i = 0; i < count; i++)
830 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
838 int arm11_run_instr_data_to_core_noack_inner(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count)
841 int arm11_run_instr_data_to_core_noack_inner_default(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count);
842 return arm11_run_instr_data_to_core_noack_inner_default(tap, opcode, data, count);
844 static const int bits[] = {32, 2};
845 uint32_t values[] = {0, 0};
847 /* FIX!!!!!! the target_write_memory() API started this nasty problem
848 * with unaligned uint32_t * pointers... */
849 const uint8_t *t = (const uint8_t *)data;
852 /* bypass bits before and after */
857 struct jtag_tap *cur_tap, *nextTap;
858 for (cur_tap = jtag_tap_next_enabled(NULL); cur_tap!= NULL; cur_tap = nextTap)
860 nextTap = jtag_tap_next_enabled(cur_tap);
881 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, pre_bits, 0);
889 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, value);
890 shiftValueInner(TAP_DRSHIFT, TAP_DRPAUSE, post_bits, 0);
893 /* copy & paste from arm11_dbgtap.c */
894 //TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
897 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
898 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
899 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
900 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
901 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
902 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
903 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
904 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
905 /* we don't have to wait for the queue to empty here. waitIdle(); */
906 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, TAP_DRSHIFT);
908 static const tap_state_t arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay[] =
910 TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
913 jtag_add_pathmove(ARRAY_SIZE(arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay),
914 arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay);
919 values[0] |= (*t++<<8);
920 values[0] |= (*t++<<16);
921 values[0] |= (*t++<<24);
923 /* This will happen on the last iteration updating the current tap state
924 * so we don't have to track it during the common code path */
931 return jtag_execute_queue();
936 static const struct command_registration zy1000_commands[] = {
939 .handler = handle_power_command,
941 .help = "Turn power switch to target on/off. "
942 "With no arguments, prints status.",
943 .usage = "('on'|'off)",
946 .name = "zy1000_version",
948 .jim_handler = jim_zy1000_version,
949 .help = "Print version info for zy1000.",
950 .usage = "['openocd'|'zy1000'|'date'|'time'|'pcb'|'fpga']",
953 .name = "powerstatus",
955 .jim_handler = zylinjtag_Jim_Command_powerstatus,
956 .help = "Returns power status of target",
958 #ifdef CYGPKG_HAL_NIOS2
960 .name = "updatezy1000firmware",
962 .jim_handler = jim_zy1000_writefirmware,
963 .help = "writes firmware to flash",
964 /* .usage = "some_string", */
967 COMMAND_REGISTRATION_DONE
972 struct jtag_interface zy1000_interface =
975 .supported = DEBUG_CAP_TMS_SEQ,
976 .execute_queue = NULL,
977 .speed = zy1000_speed,
978 .commands = zy1000_commands,
982 .speed_div = zy1000_speed_div,
983 .power_dropout = zy1000_power_dropout,
984 .srst_asserted = zy1000_srst_asserted,