1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin
5 * Copyright (C) 2008 by Spencer Oliver
8 * Copyright (C) 2009 by Oyvind Harboe
9 * oyvind.harboe@zylin.com
11 * Copyright (C) 2009-2010 by David Brownell
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the
25 * Free Software Foundation, Inc.,
26 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 ***************************************************************************/
31 * This file implements JTAG transport support for cores implementing
32 the ARM Debug Interface version 5 (ADIv5).
40 #include "arm_adi_v5.h"
41 #include <helper/time_support.h>
42 #include <helper/list.h>
44 /*#define DEBUG_WAIT*/
46 /* JTAG instructions/registers for JTAG-DP and SWJ-DP */
47 #define JTAG_DP_ABORT 0x8
48 #define JTAG_DP_DPACC 0xA
49 #define JTAG_DP_APACC 0xB
50 #define JTAG_DP_IDCODE 0xE
52 /* three-bit ACK values for DPACC and APACC reads */
53 #define JTAG_ACK_OK_FAULT 0x2
54 #define JTAG_ACK_WAIT 0x1
56 static int jtag_ap_q_abort(struct adiv5_dap *dap, uint8_t *ack);
59 static const char *dap_reg_name(int instr, int reg_addr)
61 char *reg_name = "UNK";
63 if (instr == JTAG_DP_DPACC) {
69 reg_name = "CTRL/STAT";
86 if (instr == JTAG_DP_APACC) {
112 case MEM_AP_REG_BASE:
135 uint32_t memaccess_tck;
138 struct scan_field fields[2];
139 uint8_t out_addr_buf;
140 uint8_t invalue_buf[4];
141 uint8_t outvalue_buf[4];
144 static void log_dap_cmd(const char *header, struct dap_cmd *el)
147 LOG_DEBUG("%s: %2s %6s %5s 0x%08x 0x%08x %2s", header,
148 el->instr == JTAG_DP_APACC ? "AP" : "DP",
149 dap_reg_name(el->instr, el->reg_addr),
150 el->RnW == DPAP_READ ? "READ" : "WRITE",
151 buf_get_u32(el->outvalue_buf, 0, 32),
152 buf_get_u32(el->invalue, 0, 32),
153 el->ack == JTAG_ACK_OK_FAULT ? "OK" :
154 (el->ack == JTAG_ACK_WAIT ? "WAIT" : "INVAL"));
158 static struct dap_cmd *dap_cmd_new(uint8_t instr,
159 uint8_t reg_addr, uint8_t RnW,
160 uint8_t *outvalue, uint8_t *invalue,
161 uint32_t memaccess_tck)
165 cmd = (struct dap_cmd *)calloc(1, sizeof(struct dap_cmd));
167 INIT_LIST_HEAD(&cmd->lh);
169 cmd->reg_addr = reg_addr;
171 if (outvalue != NULL)
172 memcpy(cmd->outvalue_buf, outvalue, 4);
173 cmd->invalue = (invalue != NULL) ? invalue : cmd->invalue_buf;
174 cmd->memaccess_tck = memaccess_tck;
180 static void flush_journal(struct list_head *lh)
182 struct dap_cmd *el, *tmp;
184 list_for_each_entry_safe(el, tmp, lh, lh) {
190 /***************************************************************************
192 * DPACC and APACC scanchain access through JTAG-DP (or SWJ-DP)
194 ***************************************************************************/
196 static int adi_jtag_dp_scan_cmd(struct adiv5_dap *dap, struct dap_cmd *cmd, uint8_t *ack)
198 struct jtag_tap *tap = dap->tap;
201 retval = arm_jtag_set_instr(tap, cmd->instr, NULL, TAP_IDLE);
202 if (retval != ERROR_OK)
205 /* Scan out a read or write operation using some DP or AP register.
206 * For APACC access with any sticky error flag set, this is discarded.
208 cmd->fields[0].num_bits = 3;
209 buf_set_u32(&cmd->out_addr_buf, 0, 3, ((cmd->reg_addr >> 1) & 0x6) | (cmd->RnW & 0x1));
210 cmd->fields[0].out_value = &cmd->out_addr_buf;
211 cmd->fields[0].in_value = (ack != NULL) ? ack : &cmd->ack;
213 /* NOTE: if we receive JTAG_ACK_WAIT, the previous operation did not
214 * complete; data we write is discarded, data we read is unpredictable.
215 * When overrun detect is active, STICKYORUN is set.
218 cmd->fields[1].num_bits = 32;
219 cmd->fields[1].out_value = cmd->outvalue_buf;
220 cmd->fields[1].in_value = cmd->invalue;
222 jtag_add_dr_scan(tap, 2, cmd->fields, TAP_IDLE);
224 /* Add specified number of tck clocks after starting memory bus
225 * access, giving the hardware time to complete the access.
226 * They provide more time for the (MEM) AP to complete the read ...
227 * See "Minimum Response Time" for JTAG-DP, in the ADIv5 spec.
229 if (cmd->instr == JTAG_DP_APACC) {
230 if (((cmd->reg_addr == MEM_AP_REG_DRW)
231 || ((cmd->reg_addr & 0xF0) == MEM_AP_REG_BD0))
232 && (cmd->memaccess_tck != 0))
233 jtag_add_runtest(cmd->memaccess_tck, TAP_IDLE);
239 static int adi_jtag_dp_scan_cmd_sync(struct adiv5_dap *dap, struct dap_cmd *cmd, uint8_t *ack)
243 retval = adi_jtag_dp_scan_cmd(dap, cmd, ack);
244 if (retval != ERROR_OK)
247 return jtag_execute_queue();
251 * Scan DPACC or APACC using target ordered uint8_t buffers. No endianness
252 * conversions are performed. See section 4.4.3 of the ADIv5 spec, which
253 * discusses operations which access these registers.
255 * Note that only one scan is performed. If RnW is set, a separate scan
256 * will be needed to collect the data which was read; the "invalue" collects
257 * the posted result of a preceding operation, not the current one.
260 * @param instr JTAG_DP_APACC (AP access) or JTAG_DP_DPACC (DP access)
261 * @param reg_addr two significant bits; A[3:2]; for APACC access, the
262 * SELECT register has more addressing bits.
263 * @param RnW false iff outvalue will be written to the DP or AP
264 * @param outvalue points to a 32-bit (little-endian) integer
265 * @param invalue NULL, or points to a 32-bit (little-endian) integer
266 * @param ack points to where the three bit JTAG_ACK_* code will be stored
267 * @param memaccess_tck number of idle cycles to add after AP access
270 static int adi_jtag_dp_scan(struct adiv5_dap *dap,
271 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
272 uint8_t *outvalue, uint8_t *invalue,
273 uint32_t memaccess_tck, uint8_t *ack)
278 cmd = dap_cmd_new(instr, reg_addr, RnW, outvalue, invalue, memaccess_tck);
280 cmd->dp_select = dap->select;
282 return ERROR_JTAG_DEVICE_ERROR;
284 retval = adi_jtag_dp_scan_cmd(dap, cmd, ack);
285 if (retval == ERROR_OK)
286 list_add_tail(&cmd->lh, &dap->cmd_journal);
292 * Scan DPACC or APACC out and in from host ordered uint32_t buffers.
293 * This is exactly like adi_jtag_dp_scan(), except that endianness
294 * conversions are performed (so the types of invalue and outvalue
295 * must be different).
297 static int adi_jtag_dp_scan_u32(struct adiv5_dap *dap,
298 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
299 uint32_t outvalue, uint32_t *invalue,
300 uint32_t memaccess_tck, uint8_t *ack)
302 uint8_t out_value_buf[4];
305 buf_set_u32(out_value_buf, 0, 32, outvalue);
307 retval = adi_jtag_dp_scan(dap, instr, reg_addr, RnW,
308 out_value_buf, (uint8_t *)invalue, memaccess_tck, ack);
309 if (retval != ERROR_OK)
313 jtag_add_callback(arm_le_to_h_u32,
314 (jtag_callback_data_t) invalue);
319 static int adi_jtag_finish_read(struct adiv5_dap *dap)
321 int retval = ERROR_OK;
323 if (dap->last_read != NULL) {
324 retval = adi_jtag_dp_scan_u32(dap, JTAG_DP_DPACC,
325 DP_RDBUFF, DPAP_READ, 0, dap->last_read, 0, NULL);
326 dap->last_read = NULL;
332 static int adi_jtag_scan_inout_check_u32(struct adiv5_dap *dap,
333 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
334 uint32_t outvalue, uint32_t *invalue, uint32_t memaccess_tck)
338 /* Issue the read or write */
339 retval = adi_jtag_dp_scan_u32(dap, instr, reg_addr,
340 RnW, outvalue, NULL, memaccess_tck, NULL);
341 if (retval != ERROR_OK)
344 /* For reads, collect posted value; RDBUFF has no other effect.
345 * Assumes read gets acked with OK/FAULT, and CTRL_STAT says "OK".
347 if ((RnW == DPAP_READ) && (invalue != NULL)) {
348 retval = adi_jtag_dp_scan_u32(dap, JTAG_DP_DPACC,
349 DP_RDBUFF, DPAP_READ, 0, invalue, 0, NULL);
350 if (retval != ERROR_OK)
354 return jtag_execute_queue();
357 static int jtagdp_overrun_check(struct adiv5_dap *dap)
360 struct dap_cmd *el, *tmp, *prev = NULL;
363 LIST_HEAD(replay_list);
365 /* make sure all queued transactions are complete */
366 retval = jtag_execute_queue();
367 if (retval != ERROR_OK)
370 /* skip all completed transactions up to the first WAIT */
371 list_for_each_entry(el, &dap->cmd_journal, lh) {
372 if (el->ack == JTAG_ACK_OK_FAULT) {
373 log_dap_cmd("LOG", el);
374 } else if (el->ack == JTAG_ACK_WAIT) {
378 LOG_ERROR("Invalid ACK (%1x) in DAP response", el->ack);
379 log_dap_cmd("ERR", el);
380 retval = ERROR_JTAG_DEVICE_ERROR;
386 * If we found a stalled transaction and a previous transaction
387 * exists, check if it's a READ access.
389 if (found_wait && el != list_first_entry(&dap->cmd_journal, struct dap_cmd, lh)) {
390 prev = list_entry(el->lh.prev, struct dap_cmd, lh);
391 if (prev->RnW == DPAP_READ) {
392 log_dap_cmd("PND", prev);
393 /* search for the next OK transaction, it contains
394 * the result of the previous READ */
396 list_for_each_entry_from(tmp, &dap->cmd_journal, lh) {
397 if (tmp->ack == JTAG_ACK_OK_FAULT) {
398 /* recover the read value */
399 log_dap_cmd("FND", tmp);
400 if (el->invalue != el->invalue_buf) {
401 uint32_t invalue = le_to_h_u32(tmp->invalue);
402 memcpy(el->invalue, &invalue, sizeof(uint32_t));
410 log_dap_cmd("LST", el);
413 * At this point we're sure that no previous
414 * transaction completed and the DAP/AP is still
415 * in busy state. We know that the next "OK" scan
416 * will return the READ result we need to recover.
417 * To complete the READ, we just keep polling RDBUFF
418 * until the WAIT condition clears
420 tmp = dap_cmd_new(JTAG_DP_DPACC,
421 DP_RDBUFF, DPAP_READ, NULL, NULL, 0);
423 retval = ERROR_JTAG_DEVICE_ERROR;
426 /* synchronously retry the command until it succeeds */
427 time_now = timeval_ms();
429 retval = adi_jtag_dp_scan_cmd_sync(dap, tmp, NULL);
430 if (retval != ERROR_OK)
432 if (tmp->ack == JTAG_ACK_OK_FAULT) {
433 log_dap_cmd("FND", tmp);
434 if (el->invalue != el->invalue_buf) {
435 uint32_t invalue = le_to_h_u32(tmp->invalue);
436 memcpy(el->invalue, &invalue, sizeof(uint32_t));
440 if (tmp->ack != JTAG_ACK_WAIT) {
441 LOG_ERROR("Invalid ACK (%1x) in DAP response", tmp->ack);
442 log_dap_cmd("ERR", tmp);
443 retval = ERROR_JTAG_DEVICE_ERROR;
447 } while (timeval_ms() - time_now < 1000);
449 if (retval == ERROR_OK) {
450 /* timeout happened */
451 if (tmp->ack != JTAG_ACK_OK_FAULT) {
452 LOG_ERROR("Timeout during WAIT recovery");
453 jtag_ap_q_abort(dap, NULL);
454 retval = ERROR_JTAG_DEVICE_ERROR;
458 /* we're done with this command, release it */
461 if (retval != ERROR_OK)
465 /* make el->invalue point to the default invalue
466 * so that we can safely retry it without clobbering
467 * the result we just recovered */
468 el->invalue = el->invalue_buf;
472 /* move all remaining transactions over to the replay list */
473 list_for_each_entry_safe_from(el, tmp, &dap->cmd_journal, lh) {
474 log_dap_cmd("REP", el);
475 list_move_tail(&el->lh, &replay_list);
478 /* we're done with the journal, flush it */
479 flush_journal(&dap->cmd_journal);
481 /* check for overrun condition in the last batch of transactions */
483 LOG_INFO("DAP transaction stalled (WAIT) - slowing down");
484 /* clear the sticky overrun condition */
485 retval = adi_jtag_scan_inout_check_u32(dap, JTAG_DP_DPACC,
486 DP_CTRL_STAT, DPAP_WRITE,
487 dap->dp_ctrl_stat | SSTICKYORUN, NULL, 0);
488 if (retval != ERROR_OK)
491 /* restore SELECT register first */
492 if (!list_empty(&replay_list)) {
493 el = list_first_entry(&replay_list, struct dap_cmd, lh);
494 tmp = dap_cmd_new(JTAG_DP_DPACC,
495 DP_SELECT, DPAP_WRITE, (uint8_t *)&el->dp_select, NULL, 0);
497 retval = ERROR_JTAG_DEVICE_ERROR;
500 list_add(&tmp->lh, &replay_list);
502 dap->select = DP_SELECT_INVALID;
505 list_for_each_entry_safe(el, tmp, &replay_list, lh) {
506 time_now = timeval_ms();
508 retval = adi_jtag_dp_scan_cmd_sync(dap, el, NULL);
509 if (retval != ERROR_OK)
511 log_dap_cmd("REC", el);
512 if (el->ack == JTAG_ACK_OK_FAULT) {
513 if (el->invalue != el->invalue_buf) {
514 uint32_t invalue = le_to_h_u32(el->invalue);
515 memcpy(el->invalue, &invalue, sizeof(uint32_t));
519 if (el->ack != JTAG_ACK_WAIT) {
520 LOG_ERROR("Invalid ACK (%1x) in DAP response", el->ack);
521 log_dap_cmd("ERR", el);
522 retval = ERROR_JTAG_DEVICE_ERROR;
525 } while (timeval_ms() - time_now < 1000);
527 if (retval == ERROR_OK) {
528 if (el->ack != JTAG_ACK_OK_FAULT) {
529 LOG_ERROR("Timeout during WAIT recovery");
530 jtag_ap_q_abort(dap, NULL);
531 retval = ERROR_JTAG_DEVICE_ERROR;
539 flush_journal(&replay_list);
540 flush_journal(&dap->cmd_journal);
544 static int jtagdp_transaction_endcheck(struct adiv5_dap *dap)
549 /* too expensive to call keep_alive() here */
551 /* Post CTRL/STAT read; discard any previous posted read value
552 * but collect its ACK status.
554 retval = adi_jtag_scan_inout_check_u32(dap, JTAG_DP_DPACC,
555 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat, 0);
556 if (retval != ERROR_OK)
559 /* REVISIT also STICKYCMP, for pushed comparisons (nyet used) */
561 /* Check for STICKYERR */
562 if (ctrlstat & SSTICKYERR) {
563 LOG_DEBUG("jtag-dp: CTRL/STAT 0x%" PRIx32, ctrlstat);
564 /* Check power to debug regions */
565 if ((ctrlstat & (CDBGPWRUPREQ | CDBGPWRUPACK | CSYSPWRUPREQ | CSYSPWRUPACK)) !=
566 (CDBGPWRUPREQ | CDBGPWRUPACK | CSYSPWRUPREQ | CSYSPWRUPACK)) {
567 LOG_ERROR("Debug regions are unpowered, an unexpected reset might have happened");
568 retval = ERROR_JTAG_DEVICE_ERROR;
572 if (ctrlstat & SSTICKYERR)
573 LOG_ERROR("JTAG-DP STICKY ERROR");
574 if (ctrlstat & SSTICKYORUN)
575 LOG_DEBUG("JTAG-DP STICKY OVERRUN");
577 /* Clear Sticky Error Bits */
578 retval = adi_jtag_scan_inout_check_u32(dap, JTAG_DP_DPACC,
579 DP_CTRL_STAT, DPAP_WRITE,
580 dap->dp_ctrl_stat | SSTICKYERR, NULL, 0);
581 if (retval != ERROR_OK)
584 if (ctrlstat & SSTICKYERR) {
585 retval = ERROR_JTAG_DEVICE_ERROR;
591 flush_journal(&dap->cmd_journal);
595 /*--------------------------------------------------------------------------*/
597 static int jtag_dp_q_read(struct adiv5_dap *dap, unsigned reg,
600 int retval = adi_jtag_dp_scan_u32(dap, JTAG_DP_DPACC, reg,
601 DPAP_READ, 0, dap->last_read, 0, NULL);
602 dap->last_read = data;
606 static int jtag_dp_q_write(struct adiv5_dap *dap, unsigned reg,
609 int retval = adi_jtag_dp_scan_u32(dap, JTAG_DP_DPACC,
610 reg, DPAP_WRITE, data, dap->last_read, 0, NULL);
611 dap->last_read = NULL;
615 /** Select the AP register bank matching bits 7:4 of reg. */
616 static int jtag_ap_q_bankselect(struct adiv5_ap *ap, unsigned reg)
618 struct adiv5_dap *dap = ap->dap;
619 uint32_t sel = ((uint32_t)ap->ap_num << 24) | (reg & 0x000000F0);
621 if (sel == dap->select)
626 return jtag_dp_q_write(dap, DP_SELECT, sel);
629 static int jtag_ap_q_read(struct adiv5_ap *ap, unsigned reg,
632 int retval = jtag_ap_q_bankselect(ap, reg);
633 if (retval != ERROR_OK)
636 retval = adi_jtag_dp_scan_u32(ap->dap, JTAG_DP_APACC, reg,
637 DPAP_READ, 0, ap->dap->last_read, ap->memaccess_tck, NULL);
638 ap->dap->last_read = data;
643 static int jtag_ap_q_write(struct adiv5_ap *ap, unsigned reg,
646 int retval = jtag_ap_q_bankselect(ap, reg);
647 if (retval != ERROR_OK)
650 retval = adi_jtag_dp_scan_u32(ap->dap, JTAG_DP_APACC, reg,
651 DPAP_WRITE, data, ap->dap->last_read, ap->memaccess_tck, NULL);
652 ap->dap->last_read = NULL;
656 static int jtag_ap_q_abort(struct adiv5_dap *dap, uint8_t *ack)
658 /* for JTAG, this is the only valid ABORT register operation */
659 int retval = adi_jtag_dp_scan_u32(dap, JTAG_DP_ABORT,
660 0, DPAP_WRITE, 1, NULL, 0, NULL);
661 if (retval != ERROR_OK)
664 return jtag_execute_queue();
667 static int jtag_dp_run(struct adiv5_dap *dap)
670 int retval2 = ERROR_OK;
672 retval = adi_jtag_finish_read(dap);
673 if (retval != ERROR_OK)
675 retval2 = jtagdp_overrun_check(dap);
676 retval = jtagdp_transaction_endcheck(dap);
679 return (retval2 != ERROR_OK) ? retval2 : retval;
682 static int jtag_dp_sync(struct adiv5_dap *dap)
684 return jtagdp_overrun_check(dap);
687 /* FIXME don't export ... just initialize as
690 const struct dap_ops jtag_dp_ops = {
691 .queue_dp_read = jtag_dp_q_read,
692 .queue_dp_write = jtag_dp_q_write,
693 .queue_ap_read = jtag_ap_q_read,
694 .queue_ap_write = jtag_ap_q_write,
695 .queue_ap_abort = jtag_ap_q_abort,
697 .sync = jtag_dp_sync,
701 static const uint8_t swd2jtag_bitseq[] = {
702 /* More than 50 TCK/SWCLK cycles with TMS/SWDIO high,
703 * putting both JTAG and SWD logic into reset state.
705 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
706 /* Switching equence disables SWD and enables JTAG
707 * NOTE: bits in the DP's IDCODE can expose the need for
708 * the old/deprecated sequence (0xae 0xde).
711 /* At least 50 TCK/SWCLK cycles with TMS/SWDIO high,
712 * putting both JTAG and SWD logic into reset state.
713 * NOTE: some docs say "at least 5".
715 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
718 /** Put the debug link into JTAG mode, if the target supports it.
719 * The link's initial mode may be either SWD or JTAG.
721 * @param target Enters JTAG mode (if possible).
723 * Note that targets implemented with SW-DP do not support JTAG, and
724 * that some targets which could otherwise support it may have been
725 * configured to disable JTAG signaling
727 * @return ERROR_OK or else a fault code.
729 int dap_to_jtag(struct target *target)
733 LOG_DEBUG("Enter JTAG mode");
735 /* REVISIT it's nasty to need to make calls to a "jtag"
736 * subsystem if the link isn't in JTAG mode...
739 retval = jtag_add_tms_seq(8 * sizeof(swd2jtag_bitseq),
740 swd2jtag_bitseq, TAP_RESET);
741 if (retval == ERROR_OK)
742 retval = jtag_execute_queue();
744 /* REVISIT set up the DAP's ops vector for JTAG mode. */
projects / fw / openocd / blob