1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008,2009 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "embeddedice.h"
32 #define ARRAY_SIZE(x) ((int)(sizeof(x)/sizeof((x)[0])))
35 static bitfield_desc_t embeddedice_comms_ctrl_bitfield_desc[] =
45 * From: ARM9E-S TRM, DDI 0165, table C-4 (and similar, for other cores)
55 /* width is assigned based on EICE version */
58 .name = "debug_status",
60 /* width is assigned based on EICE version */
72 [EICE_W0_ADDR_VALUE] = {
73 .name = "watch_0_addr_value",
77 [EICE_W0_ADDR_MASK] = {
78 .name = "watch_0_addr_mask",
82 [EICE_W0_DATA_VALUE ] = {
83 .name = "watch_0_data_value",
87 [EICE_W0_DATA_MASK] = {
88 .name = "watch_0_data_mask",
92 [EICE_W0_CONTROL_VALUE] = {
93 .name = "watch_0_control_value",
97 [EICE_W0_CONTROL_MASK] = {
98 .name = "watch_0_control_mask",
102 [EICE_W1_ADDR_VALUE] = {
103 .name = "watch_1_addr_value",
107 [EICE_W1_ADDR_MASK] = {
108 .name = "watch_1_addr_mask",
112 [EICE_W1_DATA_VALUE] = {
113 .name = "watch_1_data_value",
117 [EICE_W1_DATA_MASK] = {
118 .name = "watch_1_data_mask",
122 [EICE_W1_CONTROL_VALUE] = {
123 .name = "watch_1_control_value",
127 [EICE_W1_CONTROL_MASK] = {
128 .name = "watch_1_control_mask",
132 /* vector_catch isn't always present */
134 .name = "vector_catch",
141 static int embeddedice_reg_arch_type = -1;
143 static int embeddedice_get_reg(reg_t *reg);
145 reg_cache_t* embeddedice_build_reg_cache(target_t *target, arm7_9_common_t *arm7_9)
148 reg_cache_t *reg_cache = malloc(sizeof(reg_cache_t));
149 reg_t *reg_list = NULL;
150 embeddedice_reg_t *arch_info = NULL;
151 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
152 int num_regs = ARRAY_SIZE(eice_regs);
154 int eice_version = 0;
156 /* register a register arch-type for EmbeddedICE registers only once */
157 if (embeddedice_reg_arch_type == -1)
158 embeddedice_reg_arch_type = register_reg_arch_type(
159 embeddedice_get_reg, embeddedice_set_reg_w_exec);
161 /* vector_catch isn't always present */
162 if (!arm7_9->has_vector_catch)
165 /* the actual registers are kept in two arrays */
166 reg_list = calloc(num_regs, sizeof(reg_t));
167 arch_info = calloc(num_regs, sizeof(embeddedice_reg_t));
169 /* fill in values for the reg cache */
170 reg_cache->name = "EmbeddedICE registers";
171 reg_cache->next = NULL;
172 reg_cache->reg_list = reg_list;
173 reg_cache->num_regs = num_regs;
175 /* set up registers */
176 for (i = 0; i < num_regs; i++)
178 reg_list[i].name = eice_regs[i].name;
179 reg_list[i].size = eice_regs[i].width;
180 reg_list[i].dirty = 0;
181 reg_list[i].valid = 0;
182 reg_list[i].bitfield_desc = NULL;
183 reg_list[i].num_bitfields = 0;
184 reg_list[i].value = calloc(1, 4);
185 reg_list[i].arch_info = &arch_info[i];
186 reg_list[i].arch_type = embeddedice_reg_arch_type;
187 arch_info[i].addr = eice_regs[i].addr;
188 arch_info[i].jtag_info = jtag_info;
191 /* identify EmbeddedICE version by reading DCC control register */
192 embeddedice_read_reg(®_list[EICE_COMMS_CTRL]);
193 if ((retval = jtag_execute_queue()) != ERROR_OK)
195 for (i = 0; i < num_regs; i++)
197 free(reg_list[i].value);
205 eice_version = buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 28, 4);
206 LOG_INFO("Embedded ICE version %d", eice_version);
208 switch (eice_version)
211 /* ARM7TDMI r3, ARM7TDMI-S r3
213 * REVISIT docs say ARM7TDMI-S r4 uses version 1 but
214 * that it has 6-bit CTRL and 5-bit STAT... doc bug?
215 * ARM7TDMI r4 docs say EICE v4.
217 reg_list[EICE_DBG_CTRL].size = 3;
218 reg_list[EICE_DBG_STAT].size = 5;
222 reg_list[EICE_DBG_CTRL].size = 4;
223 reg_list[EICE_DBG_STAT].size = 5;
224 arm7_9->has_single_step = 1;
227 LOG_ERROR("EmbeddedICE v%d handling might be broken",
229 reg_list[EICE_DBG_CTRL].size = 6;
230 reg_list[EICE_DBG_STAT].size = 5;
231 arm7_9->has_single_step = 1;
232 arm7_9->has_monitor_mode = 1;
236 reg_list[EICE_DBG_CTRL].size = 6;
237 reg_list[EICE_DBG_STAT].size = 5;
238 arm7_9->has_monitor_mode = 1;
242 reg_list[EICE_DBG_CTRL].size = 6;
243 reg_list[EICE_DBG_STAT].size = 5;
244 arm7_9->has_single_step = 1;
245 arm7_9->has_monitor_mode = 1;
248 /* ARM7EJ-S, ARM9E-S rev 2, ARM9EJ-S */
249 reg_list[EICE_DBG_CTRL].size = 6;
250 reg_list[EICE_DBG_STAT].size = 10;
251 /* DBG_STAT has MOE bits */
252 arm7_9->has_monitor_mode = 1;
255 LOG_ERROR("EmbeddedICE v%d handling might be broken",
257 reg_list[EICE_DBG_CTRL].size = 6;
258 reg_list[EICE_DBG_STAT].size = 5;
259 arm7_9->has_monitor_mode = 1;
263 * The Feroceon implementation has the version number
264 * in some unusual bits. Let feroceon.c validate it
265 * and do the appropriate setup itself.
267 if (strcmp(target_get_name(target), "feroceon") == 0 ||
268 strcmp(target_get_name(target), "dragonite") == 0)
270 LOG_ERROR("unknown EmbeddedICE version (comms ctrl: 0x%8.8" PRIx32 ")", buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 0, 32));
276 int embeddedice_setup(target_t *target)
279 armv4_5_common_t *armv4_5 = target->arch_info;
280 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
282 /* explicitly disable monitor mode */
283 if (arm7_9->has_monitor_mode)
285 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
287 embeddedice_read_reg(dbg_ctrl);
288 if ((retval = jtag_execute_queue()) != ERROR_OK)
290 buf_set_u32(dbg_ctrl->value, 4, 1, 0);
291 embeddedice_set_reg_w_exec(dbg_ctrl, dbg_ctrl->value);
293 return jtag_execute_queue();
296 static int embeddedice_get_reg(reg_t *reg)
299 if ((retval = embeddedice_read_reg(reg)) != ERROR_OK)
301 LOG_ERROR("BUG: error scheduling EmbeddedICE register read");
305 if ((retval = jtag_execute_queue()) != ERROR_OK)
307 LOG_ERROR("register read failed");
314 int embeddedice_read_reg_w_check(reg_t *reg, uint8_t* check_value, uint8_t* check_mask)
316 embeddedice_reg_t *ice_reg = reg->arch_info;
317 uint8_t reg_addr = ice_reg->addr & 0x1f;
318 scan_field_t fields[3];
319 uint8_t field1_out[1];
320 uint8_t field2_out[1];
322 jtag_set_end_state(TAP_IDLE);
323 arm_jtag_scann(ice_reg->jtag_info, 0x2);
325 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
327 fields[0].tap = ice_reg->jtag_info->tap;
328 fields[0].num_bits = 32;
329 fields[0].out_value = reg->value;
330 fields[0].in_value = NULL;
331 fields[0].check_value = NULL;
332 fields[0].check_mask = NULL;
334 fields[1].tap = ice_reg->jtag_info->tap;
335 fields[1].num_bits = 5;
336 fields[1].out_value = field1_out;
337 buf_set_u32(fields[1].out_value, 0, 5, reg_addr);
338 fields[1].in_value = NULL;
339 fields[1].check_value = NULL;
340 fields[1].check_mask = NULL;
342 fields[2].tap = ice_reg->jtag_info->tap;
343 fields[2].num_bits = 1;
344 fields[2].out_value = field2_out;
345 buf_set_u32(fields[2].out_value, 0, 1, 0);
346 fields[2].in_value = NULL;
347 fields[2].check_value = NULL;
348 fields[2].check_mask = NULL;
350 jtag_add_dr_scan(3, fields, jtag_get_end_state());
352 fields[0].in_value = reg->value;
353 fields[0].check_value = check_value;
354 fields[0].check_mask = check_mask;
356 /* when reading the DCC data register, leaving the address field set to
357 * EICE_COMMS_DATA would read the register twice
358 * reading the control register is safe
360 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_CTRL].addr);
362 jtag_add_dr_scan_check(3, fields, jtag_get_end_state());
367 /* receive <size> words of 32 bit from the DCC
368 * we pretend the target is always going to be fast enough
369 * (relative to the JTAG clock), so we don't need to handshake
371 int embeddedice_receive(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
373 scan_field_t fields[3];
374 uint8_t field1_out[1];
375 uint8_t field2_out[1];
377 jtag_set_end_state(TAP_IDLE);
378 arm_jtag_scann(jtag_info, 0x2);
379 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
381 fields[0].tap = jtag_info->tap;
382 fields[0].num_bits = 32;
383 fields[0].out_value = NULL;
384 fields[0].in_value = NULL;
386 fields[1].tap = jtag_info->tap;
387 fields[1].num_bits = 5;
388 fields[1].out_value = field1_out;
389 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
390 fields[1].in_value = NULL;
392 fields[2].tap = jtag_info->tap;
393 fields[2].num_bits = 1;
394 fields[2].out_value = field2_out;
395 buf_set_u32(fields[2].out_value, 0, 1, 0);
396 fields[2].in_value = NULL;
398 jtag_add_dr_scan(3, fields, jtag_get_end_state());
402 /* when reading the last item, set the register address to the DCC control reg,
403 * to avoid reading additional data from the DCC data reg
406 buf_set_u32(fields[1].out_value, 0, 5,
407 eice_regs[EICE_COMMS_CTRL].addr);
409 fields[0].in_value = (uint8_t *)data;
410 jtag_add_dr_scan(3, fields, jtag_get_end_state());
411 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)data);
417 return jtag_execute_queue();
420 int embeddedice_read_reg(reg_t *reg)
422 return embeddedice_read_reg_w_check(reg, NULL, NULL);
425 void embeddedice_set_reg(reg_t *reg, uint32_t value)
427 embeddedice_write_reg(reg, value);
429 buf_set_u32(reg->value, 0, reg->size, value);
435 int embeddedice_set_reg_w_exec(reg_t *reg, uint8_t *buf)
438 embeddedice_set_reg(reg, buf_get_u32(buf, 0, reg->size));
440 if ((retval = jtag_execute_queue()) != ERROR_OK)
442 LOG_ERROR("register write failed");
448 void embeddedice_write_reg(reg_t *reg, uint32_t value)
450 embeddedice_reg_t *ice_reg = reg->arch_info;
452 LOG_DEBUG("%i: 0x%8.8" PRIx32 "", ice_reg->addr, value);
454 jtag_set_end_state(TAP_IDLE);
455 arm_jtag_scann(ice_reg->jtag_info, 0x2);
457 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
459 uint8_t reg_addr = ice_reg->addr & 0x1f;
460 embeddedice_write_reg_inner(ice_reg->jtag_info->tap, reg_addr, value);
464 void embeddedice_store_reg(reg_t *reg)
466 embeddedice_write_reg(reg, buf_get_u32(reg->value, 0, reg->size));
469 /* send <size> words of 32 bit to the DCC
470 * we pretend the target is always going to be fast enough
471 * (relative to the JTAG clock), so we don't need to handshake
473 int embeddedice_send(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
475 scan_field_t fields[3];
476 uint8_t field0_out[4];
477 uint8_t field1_out[1];
478 uint8_t field2_out[1];
480 jtag_set_end_state(TAP_IDLE);
481 arm_jtag_scann(jtag_info, 0x2);
482 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
484 fields[0].tap = jtag_info->tap;
485 fields[0].num_bits = 32;
486 fields[0].out_value = field0_out;
487 fields[0].in_value = NULL;
489 fields[1].tap = jtag_info->tap;
490 fields[1].num_bits = 5;
491 fields[1].out_value = field1_out;
492 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
493 fields[1].in_value = NULL;
495 fields[2].tap = jtag_info->tap;
496 fields[2].num_bits = 1;
497 fields[2].out_value = field2_out;
498 buf_set_u32(fields[2].out_value, 0, 1, 1);
500 fields[2].in_value = NULL;
504 buf_set_u32(fields[0].out_value, 0, 32, *data);
505 jtag_add_dr_scan(3, fields, jtag_get_end_state());
511 /* call to jtag_execute_queue() intentionally omitted */
515 /* wait for DCC control register R/W handshake bit to become active
517 int embeddedice_handshake(arm_jtag_t *jtag_info, int hsbit, uint32_t timeout)
519 scan_field_t fields[3];
520 uint8_t field0_in[4];
521 uint8_t field1_out[1];
522 uint8_t field2_out[1];
528 if (hsbit == EICE_COMM_CTRL_WBIT)
530 else if (hsbit == EICE_COMM_CTRL_RBIT)
533 return ERROR_INVALID_ARGUMENTS;
535 jtag_set_end_state(TAP_IDLE);
536 arm_jtag_scann(jtag_info, 0x2);
537 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
539 fields[0].tap = jtag_info->tap;
540 fields[0].num_bits = 32;
541 fields[0].out_value = NULL;
542 fields[0].in_value = field0_in;
544 fields[1].tap = jtag_info->tap;
545 fields[1].num_bits = 5;
546 fields[1].out_value = field1_out;
547 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
548 fields[1].in_value = NULL;
550 fields[2].tap = jtag_info->tap;
551 fields[2].num_bits = 1;
552 fields[2].out_value = field2_out;
553 buf_set_u32(fields[2].out_value, 0, 1, 0);
554 fields[2].in_value = NULL;
556 jtag_add_dr_scan(3, fields, jtag_get_end_state());
557 gettimeofday(&lap, NULL);
560 jtag_add_dr_scan(3, fields, jtag_get_end_state());
561 if ((retval = jtag_execute_queue()) != ERROR_OK)
564 if (buf_get_u32(field0_in, hsbit, 1) == hsact)
567 gettimeofday(&now, NULL);
569 while ((uint32_t)((now.tv_sec-lap.tv_sec)*1000 + (now.tv_usec-lap.tv_usec)/1000) <= timeout);
571 return ERROR_TARGET_TIMEOUT;
574 #ifndef HAVE_JTAG_MINIDRIVER_H
575 /* this is the inner loop of the open loop DCC write of data to target */
576 void embeddedice_write_dcc(jtag_tap_t *tap, int reg_addr, uint8_t *buffer, int little, int count)
579 for (i = 0; i < count; i++)
581 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
586 /* provided by minidriver */
projects / fw / openocd / blob