1 /***************************************************************************
2 * Copyright (C) 2007-2010 by Øyvind Harboe *
4 * This program is free software; you can redistribute it and/or modify *
5 * it under the terms of the GNU General Public License as published by *
6 * the Free Software Foundation; either version 2 of the License, or *
7 * (at your option) any later version. *
9 * This program is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU General Public License for more details. *
14 * You should have received a copy of the GNU General Public License *
15 * along with this program; if not, write to the *
16 * Free Software Foundation, Inc., *
17 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ***************************************************************************/
20 /* This file supports the zy1000 debugger: http://www.zylin.com/zy1000.html
22 * The zy1000 is a standalone debugger that has a web interface and
23 * requires no drivers on the developer host as all communication
24 * is via TCP/IP. The zy1000 gets it performance(~400-700kBytes/s
25 * DCC downloads @ 16MHz target) as it has an FPGA to hardware
26 * accelerate the JTAG commands, while offering *very* low latency
27 * between OpenOCD and the FPGA registers.
29 * The disadvantage of the zy1000 is that it has a feeble CPU compared to
30 * a PC(ca. 50-500 DMIPS depending on how one counts it), whereas a PC
31 * is on the order of 10000 DMIPS(i.e. at a factor of 20-200).
33 * The zy1000 revc hardware is using an Altera Nios CPU, whereas the
34 * revb is using ARM7 + Xilinx.
36 * See Zylin web pages or contact Zylin for more information.
38 * The reason this code is in OpenOCD rather than OpenOCD linked with the
39 * ZY1000 code is that OpenOCD is the long road towards getting
40 * libopenocd into place. libopenocd will support both low performance,
41 * low latency systems(embedded) and high performance high latency
48 #include <target/embeddedice.h>
49 #include <jtag/minidriver.h>
50 #include <jtag/interface.h>
51 #include "zy1000_version.h"
53 #include <cyg/hal/hal_io.h> // low level i/o
54 #include <cyg/hal/hal_diag.h>
58 #ifdef CYGPKG_HAL_NIOS2
59 #include <cyg/hal/io.h>
60 #include <cyg/firmwareutil/firmwareutil.h>
63 #define ZYLIN_VERSION GIT_ZY1000_VERSION
64 #define ZYLIN_DATE __DATE__
65 #define ZYLIN_TIME __TIME__
66 #define ZYLIN_OPENOCD GIT_OPENOCD_VERSION
67 #define ZYLIN_OPENOCD_VERSION "ZY1000 " ZYLIN_VERSION " " ZYLIN_DATE
70 static int zy1000_khz(int khz, int *jtag_speed)
78 *jtag_speed = 64000/khz;
83 static int zy1000_speed_div(int speed, int *khz)
97 static bool readPowerDropout(void)
100 // sample and clear power dropout
101 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x80);
102 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, state);
104 powerDropout = (state & 0x80) != 0;
109 static bool readSRST(void)
112 // sample and clear SRST sensing
113 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000040);
114 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, state);
116 srstAsserted = (state & 0x40) != 0;
120 static int zy1000_srst_asserted(int *srst_asserted)
122 *srst_asserted = readSRST();
126 static int zy1000_power_dropout(int *dropout)
128 *dropout = readPowerDropout();
132 void zy1000_reset(int trst, int srst)
134 LOG_DEBUG("zy1000 trst=%d, srst=%d", trst, srst);
136 /* flush the JTAG FIFO. Not flushing the queue before messing with
137 * reset has such interesting bugs as causing hard to reproduce
138 * RCLK bugs as RCLK will stop responding when TRST is asserted
144 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x00000001);
148 /* Danger!!! if clk != 0 when in
149 * idle in TAP_IDLE, reset halt on str912 will fail.
151 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000001);
156 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x00000002);
161 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000002);
164 if (trst||(srst && (jtag_get_reset_config() & RESET_SRST_PULLS_TRST)))
166 /* we're now in the RESET state until trst is deasserted */
167 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, TAP_RESET);
170 /* We'll get RCLK failure when we assert TRST, so clear any false positives here */
171 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x400);
174 /* wait for srst to float back up */
178 for (i = 0; i < 1000; i++)
180 // We don't want to sense our own reset, so we clear here.
181 // There is of course a timing hole where we could loose
192 LOG_USER("SRST didn't deassert after %dms", i);
195 LOG_USER("SRST took %dms to deassert", i);
200 int zy1000_speed(int speed)
202 /* flush JTAG master FIFO before setting speed */
209 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x100);
210 LOG_DEBUG("jtag_speed using RCLK");
214 if (speed > 8190 || speed < 2)
216 LOG_USER("valid ZY1000 jtag_speed=[8190,2]. Divisor is 64MHz / even values between 8190-2, i.e. min 7814Hz, max 32MHz");
217 return ERROR_INVALID_ARGUMENTS;
220 LOG_USER("jtag_speed %d => JTAG clk=%f", speed, 64.0/(float)speed);
221 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x100);
222 ZY1000_POKE(ZY1000_JTAG_BASE + 0x1c, speed&~1);
227 static bool savePower;
230 static void setPower(bool power)
235 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x8);
238 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x8);
242 COMMAND_HANDLER(handle_power_command)
248 COMMAND_PARSE_ON_OFF(CMD_ARGV[0], enable);
253 LOG_INFO("Target power %s", savePower ? "on" : "off");
256 return ERROR_INVALID_ARGUMENTS;
263 /* Give TELNET a way to find out what version this is */
264 static int jim_zy1000_version(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
266 if ((argc < 1) || (argc > 3))
268 const char *version_str = NULL;
272 version_str = ZYLIN_OPENOCD_VERSION;
275 const char *str = Jim_GetString(argv[1], NULL);
276 const char *str2 = NULL;
278 str2 = Jim_GetString(argv[2], NULL);
279 if (strcmp("openocd", str) == 0)
281 version_str = ZYLIN_OPENOCD;
283 else if (strcmp("zy1000", str) == 0)
285 version_str = ZYLIN_VERSION;
287 else if (strcmp("date", str) == 0)
289 version_str = ZYLIN_DATE;
291 else if (strcmp("time", str) == 0)
293 version_str = ZYLIN_TIME;
295 else if (strcmp("pcb", str) == 0)
297 #ifdef CYGPKG_HAL_NIOS2
303 #ifdef CYGPKG_HAL_NIOS2
304 else if (strcmp("fpga", str) == 0)
307 /* return a list of 32 bit integers to describe the expected
310 static char *fpga_id = "0x12345678 0x12345678 0x12345678 0x12345678";
311 cyg_uint32 id, timestamp;
312 HAL_READ_UINT32(SYSID_BASE, id);
313 HAL_READ_UINT32(SYSID_BASE+4, timestamp);
314 sprintf(fpga_id, "0x%08x 0x%08x 0x%08x 0x%08x", id, timestamp, SYSID_ID, SYSID_TIMESTAMP);
315 version_str = fpga_id;
316 if ((argc>2) && (strcmp("time", str2) == 0))
318 time_t last_mod = timestamp;
319 char * t = ctime (&last_mod) ;
332 Jim_SetResult(interp, Jim_NewStringObj(interp, version_str, -1));
338 #ifdef CYGPKG_HAL_NIOS2
344 struct cyg_upgrade_info *upgraded_file;
347 static void report_info(void *data, const char * format, va_list args)
349 char *s = alloc_vprintf(format, args);
354 struct cyg_upgrade_info firmware_info =
356 (cyg_uint8 *)0x84000000,
362 "ZylinNiosFirmware\n",
366 static int jim_zy1000_writefirmware(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
372 const char *str = Jim_GetString(argv[1], &length);
376 if ((tmpFile = open(firmware_info.file, O_RDWR | O_CREAT | O_TRUNC)) <= 0)
381 success = write(tmpFile, str, length) == length;
386 if (!cyg_firmware_upgrade(NULL, firmware_info))
394 zylinjtag_Jim_Command_powerstatus(Jim_Interp *interp,
396 Jim_Obj * const *argv)
400 Jim_WrongNumArgs(interp, 1, argv, "powerstatus");
405 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, status);
407 Jim_SetResult(interp, Jim_NewIntObj(interp, (status&0x80) != 0));
415 int zy1000_init(void)
417 LOG_USER("%s", ZYLIN_OPENOCD_VERSION);
419 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x30); // Turn on LED1 & LED2
421 setPower(true); // on by default
424 /* deassert resets. Important to avoid infinite loop waiting for SRST to deassert */
426 zy1000_speed(jtag_get_speed());
431 int zy1000_quit(void)
439 int interface_jtag_execute_queue(void)
444 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, empty);
445 /* clear JTAG error register */
446 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x400);
448 if ((empty&0x400) != 0)
450 LOG_WARNING("RCLK timeout");
451 /* the error is informative only as we don't want to break the firmware if there
452 * is a false positive.
454 // return ERROR_FAIL;
463 static cyg_uint32 getShiftValue(void)
467 ZY1000_PEEK(ZY1000_JTAG_BASE + 0xc, value);
468 VERBOSE(LOG_INFO("getShiftValue %08x", value));
472 static cyg_uint32 getShiftValueFlip(void)
476 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x18, value);
477 VERBOSE(LOG_INFO("getShiftValue %08x (flipped)", value));
483 static void shiftValueInnerFlip(const tap_state_t state, const tap_state_t endState, int repeat, cyg_uint32 value)
485 VERBOSE(LOG_INFO("shiftValueInner %s %s %d %08x (flipped)", tap_state_name(state), tap_state_name(endState), repeat, value));
489 ZY1000_POKE(ZY1000_JTAG_BASE + 0xc, value);
490 ZY1000_POKE(ZY1000_JTAG_BASE + 0x8, (1 << 15) | (repeat << 8) | (a << 4) | b);
491 VERBOSE(getShiftValueFlip());
495 // here we shuffle N bits out/in
496 static __inline void scanBits(const uint8_t *out_value, uint8_t *in_value, int num_bits, bool pause, tap_state_t shiftState, tap_state_t end_state)
498 tap_state_t pause_state = shiftState;
499 for (int j = 0; j < num_bits; j += 32)
501 int k = num_bits - j;
505 /* we have more to shift out */
508 /* this was the last to shift out this time */
509 pause_state = end_state;
512 // we have (num_bits + 7)/8 bytes of bits to toggle out.
513 // bits are pushed out LSB to MSB
516 if (out_value != NULL)
518 for (int l = 0; l < k; l += 8)
520 value|=out_value[(j + l)/8]<<l;
523 /* mask away unused bits for easier debugging */
526 value&=~(((uint32_t)0xffffffff) << k);
529 /* Shifting by >= 32 is not defined by the C standard
530 * and will in fact shift by &0x1f bits on nios */
533 shiftValueInner(shiftState, pause_state, k, value);
535 if (in_value != NULL)
537 // data in, LSB to MSB
538 value = getShiftValue();
539 // we're shifting in data to MSB, shift data to be aligned for returning the value
542 for (int l = 0; l < k; l += 8)
544 in_value[(j + l)/8]=(value >> l)&0xff;
550 static __inline void scanFields(int num_fields, const struct scan_field *fields, tap_state_t shiftState, tap_state_t end_state)
552 for (int i = 0; i < num_fields; i++)
554 scanBits(fields[i].out_value,
563 int interface_jtag_add_ir_scan(struct jtag_tap *active, const struct scan_field *fields, tap_state_t state)
566 struct jtag_tap *tap, *nextTap;
567 tap_state_t pause_state = TAP_IRSHIFT;
569 for (tap = jtag_tap_next_enabled(NULL); tap!= NULL; tap = nextTap)
571 nextTap = jtag_tap_next_enabled(tap);
576 scan_size = tap->ir_length;
578 /* search the list */
581 scanFields(1, fields, TAP_IRSHIFT, pause_state);
582 /* update device information */
583 buf_cpy(fields[0].out_value, tap->cur_instr, scan_size);
588 /* if a device isn't listed, set it to BYPASS */
589 assert(scan_size <= 32);
590 shiftValueInner(TAP_IRSHIFT, pause_state, scan_size, 0xffffffff);
603 int interface_jtag_add_plain_ir_scan(int num_bits, const uint8_t *out_bits, uint8_t *in_bits, tap_state_t state)
605 scanBits(out_bits, in_bits, num_bits, true, TAP_IRSHIFT, state);
609 int interface_jtag_add_dr_scan(struct jtag_tap *active, int num_fields, const struct scan_field *fields, tap_state_t state)
611 struct jtag_tap *tap, *nextTap;
612 tap_state_t pause_state = TAP_DRSHIFT;
613 for (tap = jtag_tap_next_enabled(NULL); tap!= NULL; tap = nextTap)
615 nextTap = jtag_tap_next_enabled(tap);
621 /* Find a range of fields to write to this tap */
624 assert(!tap->bypass);
626 scanFields(num_fields, fields, TAP_DRSHIFT, pause_state);
629 /* Shift out a 0 for disabled tap's */
631 shiftValueInner(TAP_DRSHIFT, pause_state, 1, 0);
637 int interface_jtag_add_plain_dr_scan(int num_bits, const uint8_t *out_bits, uint8_t *in_bits, tap_state_t state)
639 scanBits(out_bits, in_bits, num_bits, true, TAP_DRSHIFT, state);
643 int interface_jtag_add_tlr()
645 setCurrentState(TAP_RESET);
650 int interface_jtag_add_reset(int req_trst, int req_srst)
652 zy1000_reset(req_trst, req_srst);
656 static int zy1000_jtag_add_clocks(int num_cycles, tap_state_t state, tap_state_t clockstate)
658 /* num_cycles can be 0 */
659 setCurrentState(clockstate);
661 /* execute num_cycles, 32 at the time. */
663 for (i = 0; i < num_cycles; i += 32)
667 if (num_cycles-i < num)
671 shiftValueInner(clockstate, clockstate, num, 0);
675 /* finish in end_state */
676 setCurrentState(state);
678 tap_state_t t = TAP_IDLE;
679 /* test manual drive code on any target */
681 uint8_t tms_scan = tap_get_tms_path(t, state);
682 int tms_count = tap_get_tms_path_len(tap_get_state(), tap_get_end_state());
684 for (i = 0; i < tms_count; i++)
686 tms = (tms_scan >> i) & 1;
688 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, tms);
691 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, state);
697 int interface_jtag_add_runtest(int num_cycles, tap_state_t state)
699 return zy1000_jtag_add_clocks(num_cycles, state, TAP_IDLE);
702 int interface_jtag_add_clocks(int num_cycles)
704 return zy1000_jtag_add_clocks(num_cycles, cmd_queue_cur_state, cmd_queue_cur_state);
707 int interface_jtag_add_sleep(uint32_t us)
713 int interface_add_tms_seq(unsigned num_bits, const uint8_t *seq, enum tap_state state)
715 /*wait for the fifo to be empty*/
718 for (unsigned i = 0; i < num_bits; i++)
722 if (((seq[i/8] >> (i % 8)) & 1) == 0)
732 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, tms);
736 if (state != TAP_INVALID)
738 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, state);
741 /* this would be normal if we are switching to SWD mode */
746 int interface_jtag_add_pathmove(int num_states, const tap_state_t *path)
753 tap_state_t cur_state = cmd_queue_cur_state;
756 memset(seq, 0, sizeof(seq));
757 assert(num_states < (int)((sizeof(seq) * 8)));
761 if (tap_state_transition(cur_state, false) == path[state_count])
765 else if (tap_state_transition(cur_state, true) == path[state_count])
771 LOG_ERROR("BUG: %s -> %s isn't a valid TAP transition", tap_state_name(cur_state), tap_state_name(path[state_count]));
775 seq[state_count/8] = seq[state_count/8] | (tms << (state_count % 8));
777 cur_state = path[state_count];
782 return interface_add_tms_seq(state_count, seq, cur_state);
785 static void jtag_pre_post_bits(struct jtag_tap *tap, int *pre, int *post)
787 /* bypass bits before and after */
792 struct jtag_tap *cur_tap, *nextTap;
793 for (cur_tap = jtag_tap_next_enabled(NULL); cur_tap!= NULL; cur_tap = nextTap)
795 nextTap = jtag_tap_next_enabled(cur_tap);
814 void embeddedice_write_dcc(struct jtag_tap *tap, int reg_addr, uint8_t *buffer, int little, int count)
819 jtag_pre_post_bits(tap, &pre_bits, &post_bits);
821 if (pre_bits + post_bits + 6 > 32)
824 for (i = 0; i < count; i++)
826 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
831 tap_state_t end_state = TAP_IDLE;
832 tap_state_t shift_end_state = TAP_DRSHIFT;
834 shift_end_state = end_state;
836 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, pre_bits, 0);
838 for (i = 0; i < count - 1; i++)
840 /* Fewer pokes means we get to use the FIFO more efficiently */
841 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, fast_target_buffer_get_u32(buffer, little));
842 shiftValueInner(TAP_DRSHIFT, shift_end_state, 6 + post_bits + pre_bits, (reg_addr | (1 << 5)));
845 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, fast_target_buffer_get_u32(buffer, little));
846 shiftValueInner(TAP_DRSHIFT, shift_end_state, 6, reg_addr | (1 << 5));
847 shiftValueInner(shift_end_state, end_state, post_bits, 0);
853 int arm11_run_instr_data_to_core_noack_inner(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count)
856 int arm11_run_instr_data_to_core_noack_inner_default(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count);
857 return arm11_run_instr_data_to_core_noack_inner_default(tap, opcode, data, count);
859 static const int bits[] = {32, 2};
860 uint32_t values[] = {0, 0};
862 /* FIX!!!!!! the target_write_memory() API started this nasty problem
863 * with unaligned uint32_t * pointers... */
864 const uint8_t *t = (const uint8_t *)data;
867 /* bypass bits before and after */
870 jtag_pre_post_bits(tap, &pre_bits, &post_bits);
873 struct jtag_tap *cur_tap, *nextTap;
874 for (cur_tap = jtag_tap_next_enabled(NULL); cur_tap!= NULL; cur_tap = nextTap)
876 nextTap = jtag_tap_next_enabled(cur_tap);
897 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, pre_bits, 0);
905 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, value);
907 shiftValueInner(TAP_DRSHIFT, TAP_DRPAUSE, post_bits, 0);
910 /* copy & paste from arm11_dbgtap.c */
911 //TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
914 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
915 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
916 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
917 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
918 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
919 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
920 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
921 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
922 /* we don't have to wait for the queue to empty here. waitIdle(); */
923 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, TAP_DRSHIFT);
925 static const tap_state_t arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay[] =
927 TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
930 jtag_add_pathmove(ARRAY_SIZE(arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay),
931 arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay);
936 values[0] |= (*t++<<8);
937 values[0] |= (*t++<<16);
938 values[0] |= (*t++<<24);
940 /* This will happen on the last iteration updating the current tap state
941 * so we don't have to track it during the common code path */
948 return jtag_execute_queue();
953 static const struct command_registration zy1000_commands[] = {
956 .handler = handle_power_command,
958 .help = "Turn power switch to target on/off. "
959 "With no arguments, prints status.",
960 .usage = "('on'|'off)",
963 .name = "zy1000_version",
965 .jim_handler = jim_zy1000_version,
966 .help = "Print version info for zy1000.",
967 .usage = "['openocd'|'zy1000'|'date'|'time'|'pcb'|'fpga']",
970 .name = "powerstatus",
972 .jim_handler = zylinjtag_Jim_Command_powerstatus,
973 .help = "Returns power status of target",
975 #ifdef CYGPKG_HAL_NIOS2
977 .name = "updatezy1000firmware",
979 .jim_handler = jim_zy1000_writefirmware,
980 .help = "writes firmware to flash",
981 /* .usage = "some_string", */
984 COMMAND_REGISTRATION_DONE
989 struct jtag_interface zy1000_interface =
992 .supported = DEBUG_CAP_TMS_SEQ,
993 .execute_queue = NULL,
994 .speed = zy1000_speed,
995 .commands = zy1000_commands,
999 .speed_div = zy1000_speed_div,
1000 .power_dropout = zy1000_power_dropout,
1001 .srst_asserted = zy1000_srst_asserted,