1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008,2009 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "embeddedice.h"
32 #define ARRAY_SIZE(x) ((int)(sizeof(x)/sizeof((x)[0])))
35 static bitfield_desc_t embeddedice_comms_ctrl_bitfield_desc[] =
45 * From: ARM9E-S TRM, DDI 0165, table C-4 (and similar, for other cores)
55 /* width is assigned based on EICE version */
58 .name = "debug_status",
60 /* width is assigned based on EICE version */
72 [EICE_W0_ADDR_VALUE] = {
73 .name = "watch_0_addr_value",
77 [EICE_W0_ADDR_MASK] = {
78 .name = "watch_0_addr_mask",
82 [EICE_W0_DATA_VALUE ] = {
83 .name = "watch_0_data_value",
87 [EICE_W0_DATA_MASK] = {
88 .name = "watch_0_data_mask",
92 [EICE_W0_CONTROL_VALUE] = {
93 .name = "watch_0_control_value",
97 [EICE_W0_CONTROL_MASK] = {
98 .name = "watch_0_control_mask",
102 [EICE_W1_ADDR_VALUE] = {
103 .name = "watch_1_addr_value",
107 [EICE_W1_ADDR_MASK] = {
108 .name = "watch_1_addr_mask",
112 [EICE_W1_DATA_VALUE] = {
113 .name = "watch_1_data_value",
117 [EICE_W1_DATA_MASK] = {
118 .name = "watch_1_data_mask",
122 [EICE_W1_CONTROL_VALUE] = {
123 .name = "watch_1_control_value",
127 [EICE_W1_CONTROL_MASK] = {
128 .name = "watch_1_control_mask",
132 /* vector_catch isn't always present */
134 .name = "vector_catch",
141 static int embeddedice_reg_arch_type = -1;
143 static int embeddedice_get_reg(reg_t *reg);
145 reg_cache_t* embeddedice_build_reg_cache(target_t *target, arm7_9_common_t *arm7_9)
148 reg_cache_t *reg_cache = malloc(sizeof(reg_cache_t));
149 reg_t *reg_list = NULL;
150 embeddedice_reg_t *arch_info = NULL;
151 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
152 int num_regs = ARRAY_SIZE(eice_regs);
154 int eice_version = 0;
156 /* register a register arch-type for EmbeddedICE registers only once */
157 if (embeddedice_reg_arch_type == -1)
158 embeddedice_reg_arch_type = register_reg_arch_type(
159 embeddedice_get_reg, embeddedice_set_reg_w_exec);
161 /* vector_catch isn't always present */
162 if (!arm7_9->has_vector_catch)
165 /* the actual registers are kept in two arrays */
166 reg_list = calloc(num_regs, sizeof(reg_t));
167 arch_info = calloc(num_regs, sizeof(embeddedice_reg_t));
169 /* fill in values for the reg cache */
170 reg_cache->name = "EmbeddedICE registers";
171 reg_cache->next = NULL;
172 reg_cache->reg_list = reg_list;
173 reg_cache->num_regs = num_regs;
175 /* set up registers */
176 for (i = 0; i < num_regs; i++)
178 reg_list[i].name = eice_regs[i].name;
179 reg_list[i].size = eice_regs[i].width;
180 reg_list[i].dirty = 0;
181 reg_list[i].valid = 0;
182 reg_list[i].bitfield_desc = NULL;
183 reg_list[i].num_bitfields = 0;
184 reg_list[i].value = calloc(1, 4);
185 reg_list[i].arch_info = &arch_info[i];
186 reg_list[i].arch_type = embeddedice_reg_arch_type;
187 arch_info[i].addr = eice_regs[i].addr;
188 arch_info[i].jtag_info = jtag_info;
191 /* identify EmbeddedICE version by reading DCC control register */
192 embeddedice_read_reg(®_list[EICE_COMMS_CTRL]);
193 if ((retval = jtag_execute_queue()) != ERROR_OK)
195 for (i = 0; i < num_regs; i++)
197 free(reg_list[i].value);
205 eice_version = buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 28, 4);
206 LOG_INFO("Embedded ICE version %d", eice_version);
208 switch (eice_version)
211 /* ARM7TDMI r3, ARM7TDMI-S r3
213 * REVISIT docs say ARM7TDMI-S r4 uses version 1 but
214 * that it has 6-bit CTRL and 5-bit STAT... doc bug?
215 * ARM7TDMI r4 docs say EICE v4.
217 reg_list[EICE_DBG_CTRL].size = 3;
218 reg_list[EICE_DBG_STAT].size = 5;
222 reg_list[EICE_DBG_CTRL].size = 4;
223 reg_list[EICE_DBG_STAT].size = 5;
224 arm7_9->has_single_step = 1;
227 LOG_ERROR("EmbeddedICE v%d handling might be broken",
229 reg_list[EICE_DBG_CTRL].size = 6;
230 reg_list[EICE_DBG_STAT].size = 5;
231 arm7_9->has_single_step = 1;
232 arm7_9->has_monitor_mode = 1;
236 reg_list[EICE_DBG_CTRL].size = 6;
237 reg_list[EICE_DBG_STAT].size = 5;
238 arm7_9->has_monitor_mode = 1;
242 reg_list[EICE_DBG_CTRL].size = 6;
243 reg_list[EICE_DBG_STAT].size = 5;
244 arm7_9->has_single_step = 1;
245 arm7_9->has_monitor_mode = 1;
248 /* ARM7EJ-S, ARM9E-S rev 2, ARM9EJ-S */
249 reg_list[EICE_DBG_CTRL].size = 6;
250 reg_list[EICE_DBG_STAT].size = 10;
251 /* DBG_STAT has MOE bits */
252 arm7_9->has_monitor_mode = 1;
255 LOG_ERROR("EmbeddedICE v%d handling might be broken",
257 reg_list[EICE_DBG_CTRL].size = 6;
258 reg_list[EICE_DBG_STAT].size = 5;
259 arm7_9->has_monitor_mode = 1;
263 * The Feroceon implementation has the version number
264 * in some unusual bits. Let feroceon.c validate it
265 * and do the appropriate setup itself.
267 if (strcmp(target_get_name(target), "feroceon") == 0 ||
268 strcmp(target_get_name(target), "dragonite") == 0)
270 LOG_ERROR("unknown EmbeddedICE version (comms ctrl: 0x%8.8" PRIx32 ")", buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 0, 32));
276 int embeddedice_setup(target_t *target)
279 struct arm7_9_common_s *arm7_9 = target_to_arm7_9(target);
281 /* Explicitly disable monitor mode. For now we only support halting
282 * debug ... we don't know how to talk with a resident debug monitor
283 * that manages break requests. ARM's "Angel Debug Monitor" is one
284 * common example of such code.
286 if (arm7_9->has_monitor_mode)
288 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
290 embeddedice_read_reg(dbg_ctrl);
291 if ((retval = jtag_execute_queue()) != ERROR_OK)
293 buf_set_u32(dbg_ctrl->value, 4, 1, 0);
294 embeddedice_set_reg_w_exec(dbg_ctrl, dbg_ctrl->value);
296 return jtag_execute_queue();
299 static int embeddedice_get_reg(reg_t *reg)
302 if ((retval = embeddedice_read_reg(reg)) != ERROR_OK)
304 LOG_ERROR("BUG: error scheduling EmbeddedICE register read");
308 if ((retval = jtag_execute_queue()) != ERROR_OK)
310 LOG_ERROR("register read failed");
317 int embeddedice_read_reg_w_check(reg_t *reg, uint8_t* check_value, uint8_t* check_mask)
319 embeddedice_reg_t *ice_reg = reg->arch_info;
320 uint8_t reg_addr = ice_reg->addr & 0x1f;
321 scan_field_t fields[3];
322 uint8_t field1_out[1];
323 uint8_t field2_out[1];
325 jtag_set_end_state(TAP_IDLE);
326 arm_jtag_scann(ice_reg->jtag_info, 0x2);
328 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
330 fields[0].tap = ice_reg->jtag_info->tap;
331 fields[0].num_bits = 32;
332 fields[0].out_value = reg->value;
333 fields[0].in_value = NULL;
334 fields[0].check_value = NULL;
335 fields[0].check_mask = NULL;
337 fields[1].tap = ice_reg->jtag_info->tap;
338 fields[1].num_bits = 5;
339 fields[1].out_value = field1_out;
340 buf_set_u32(fields[1].out_value, 0, 5, reg_addr);
341 fields[1].in_value = NULL;
342 fields[1].check_value = NULL;
343 fields[1].check_mask = NULL;
345 fields[2].tap = ice_reg->jtag_info->tap;
346 fields[2].num_bits = 1;
347 fields[2].out_value = field2_out;
348 buf_set_u32(fields[2].out_value, 0, 1, 0);
349 fields[2].in_value = NULL;
350 fields[2].check_value = NULL;
351 fields[2].check_mask = NULL;
353 jtag_add_dr_scan(3, fields, jtag_get_end_state());
355 fields[0].in_value = reg->value;
356 fields[0].check_value = check_value;
357 fields[0].check_mask = check_mask;
359 /* when reading the DCC data register, leaving the address field set to
360 * EICE_COMMS_DATA would read the register twice
361 * reading the control register is safe
363 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_CTRL].addr);
365 jtag_add_dr_scan_check(3, fields, jtag_get_end_state());
370 /* receive <size> words of 32 bit from the DCC
371 * we pretend the target is always going to be fast enough
372 * (relative to the JTAG clock), so we don't need to handshake
374 int embeddedice_receive(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
376 scan_field_t fields[3];
377 uint8_t field1_out[1];
378 uint8_t field2_out[1];
380 jtag_set_end_state(TAP_IDLE);
381 arm_jtag_scann(jtag_info, 0x2);
382 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
384 fields[0].tap = jtag_info->tap;
385 fields[0].num_bits = 32;
386 fields[0].out_value = NULL;
387 fields[0].in_value = NULL;
389 fields[1].tap = jtag_info->tap;
390 fields[1].num_bits = 5;
391 fields[1].out_value = field1_out;
392 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
393 fields[1].in_value = NULL;
395 fields[2].tap = jtag_info->tap;
396 fields[2].num_bits = 1;
397 fields[2].out_value = field2_out;
398 buf_set_u32(fields[2].out_value, 0, 1, 0);
399 fields[2].in_value = NULL;
401 jtag_add_dr_scan(3, fields, jtag_get_end_state());
405 /* when reading the last item, set the register address to the DCC control reg,
406 * to avoid reading additional data from the DCC data reg
409 buf_set_u32(fields[1].out_value, 0, 5,
410 eice_regs[EICE_COMMS_CTRL].addr);
412 fields[0].in_value = (uint8_t *)data;
413 jtag_add_dr_scan(3, fields, jtag_get_end_state());
414 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)data);
420 return jtag_execute_queue();
423 int embeddedice_read_reg(reg_t *reg)
425 return embeddedice_read_reg_w_check(reg, NULL, NULL);
428 void embeddedice_set_reg(reg_t *reg, uint32_t value)
430 embeddedice_write_reg(reg, value);
432 buf_set_u32(reg->value, 0, reg->size, value);
438 int embeddedice_set_reg_w_exec(reg_t *reg, uint8_t *buf)
441 embeddedice_set_reg(reg, buf_get_u32(buf, 0, reg->size));
443 if ((retval = jtag_execute_queue()) != ERROR_OK)
445 LOG_ERROR("register write failed");
451 void embeddedice_write_reg(reg_t *reg, uint32_t value)
453 embeddedice_reg_t *ice_reg = reg->arch_info;
455 LOG_DEBUG("%i: 0x%8.8" PRIx32 "", ice_reg->addr, value);
457 jtag_set_end_state(TAP_IDLE);
458 arm_jtag_scann(ice_reg->jtag_info, 0x2);
460 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
462 uint8_t reg_addr = ice_reg->addr & 0x1f;
463 embeddedice_write_reg_inner(ice_reg->jtag_info->tap, reg_addr, value);
467 void embeddedice_store_reg(reg_t *reg)
469 embeddedice_write_reg(reg, buf_get_u32(reg->value, 0, reg->size));
472 /* send <size> words of 32 bit to the DCC
473 * we pretend the target is always going to be fast enough
474 * (relative to the JTAG clock), so we don't need to handshake
476 int embeddedice_send(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
478 scan_field_t fields[3];
479 uint8_t field0_out[4];
480 uint8_t field1_out[1];
481 uint8_t field2_out[1];
483 jtag_set_end_state(TAP_IDLE);
484 arm_jtag_scann(jtag_info, 0x2);
485 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
487 fields[0].tap = jtag_info->tap;
488 fields[0].num_bits = 32;
489 fields[0].out_value = field0_out;
490 fields[0].in_value = NULL;
492 fields[1].tap = jtag_info->tap;
493 fields[1].num_bits = 5;
494 fields[1].out_value = field1_out;
495 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
496 fields[1].in_value = NULL;
498 fields[2].tap = jtag_info->tap;
499 fields[2].num_bits = 1;
500 fields[2].out_value = field2_out;
501 buf_set_u32(fields[2].out_value, 0, 1, 1);
503 fields[2].in_value = NULL;
507 buf_set_u32(fields[0].out_value, 0, 32, *data);
508 jtag_add_dr_scan(3, fields, jtag_get_end_state());
514 /* call to jtag_execute_queue() intentionally omitted */
518 /* wait for DCC control register R/W handshake bit to become active
520 int embeddedice_handshake(arm_jtag_t *jtag_info, int hsbit, uint32_t timeout)
522 scan_field_t fields[3];
523 uint8_t field0_in[4];
524 uint8_t field1_out[1];
525 uint8_t field2_out[1];
531 if (hsbit == EICE_COMM_CTRL_WBIT)
533 else if (hsbit == EICE_COMM_CTRL_RBIT)
536 return ERROR_INVALID_ARGUMENTS;
538 jtag_set_end_state(TAP_IDLE);
539 arm_jtag_scann(jtag_info, 0x2);
540 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
542 fields[0].tap = jtag_info->tap;
543 fields[0].num_bits = 32;
544 fields[0].out_value = NULL;
545 fields[0].in_value = field0_in;
547 fields[1].tap = jtag_info->tap;
548 fields[1].num_bits = 5;
549 fields[1].out_value = field1_out;
550 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
551 fields[1].in_value = NULL;
553 fields[2].tap = jtag_info->tap;
554 fields[2].num_bits = 1;
555 fields[2].out_value = field2_out;
556 buf_set_u32(fields[2].out_value, 0, 1, 0);
557 fields[2].in_value = NULL;
559 jtag_add_dr_scan(3, fields, jtag_get_end_state());
560 gettimeofday(&lap, NULL);
563 jtag_add_dr_scan(3, fields, jtag_get_end_state());
564 if ((retval = jtag_execute_queue()) != ERROR_OK)
567 if (buf_get_u32(field0_in, hsbit, 1) == hsact)
570 gettimeofday(&now, NULL);
572 while ((uint32_t)((now.tv_sec-lap.tv_sec)*1000 + (now.tv_usec-lap.tv_usec)/1000) <= timeout);
574 return ERROR_TARGET_TIMEOUT;
577 #ifndef HAVE_JTAG_MINIDRIVER_H
578 /* this is the inner loop of the open loop DCC write of data to target */
579 void embeddedice_write_dcc(jtag_tap_t *tap, int reg_addr, uint8_t *buffer, int little, int count)
582 for (i = 0; i < count; i++)
584 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
589 /* provided by minidriver */
projects / fw / openocd / blob