1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "embeddedice.h"
32 #define ARRAY_SIZE(x) ((int)(sizeof(x)/sizeof((x)[0])))
35 static bitfield_desc_t embeddedice_comms_ctrl_bitfield_desc[] =
45 * From: ARM9E-S TRM, DDI 0165, table C-4 (and similar, for other cores)
55 /* width is assigned based on EICE version */
58 .name = "debug_status",
60 /* width is assigned based on EICE version */
72 [EICE_W0_ADDR_VALUE] = {
73 .name = "watch_0_addr_value",
77 [EICE_W0_ADDR_MASK] = {
78 .name = "watch_0_addr_mask",
82 [EICE_W0_DATA_VALUE ] = {
83 .name = "watch_0_data_value",
87 [EICE_W0_DATA_MASK] = {
88 .name = "watch_0_data_mask",
92 [EICE_W0_CONTROL_VALUE] = {
93 .name = "watch_0_control_value",
97 [EICE_W0_CONTROL_MASK] = {
98 .name = "watch_0_control_mask",
102 [EICE_W1_ADDR_VALUE] = {
103 .name = "watch_1_addr_value",
107 [EICE_W1_ADDR_MASK] = {
108 .name = "watch_1_addr_mask",
112 [EICE_W1_DATA_VALUE] = {
113 .name = "watch_1_data_value",
117 [EICE_W1_DATA_MASK] = {
118 .name = "watch_1_data_mask",
122 [EICE_W1_CONTROL_VALUE] = {
123 .name = "watch_1_control_value",
127 [EICE_W1_CONTROL_MASK] = {
128 .name = "watch_1_control_mask",
132 /* vector_catch isn't always present */
134 .name = "vector_catch",
141 static int embeddedice_reg_arch_type = -1;
143 static int embeddedice_get_reg(reg_t *reg);
145 reg_cache_t* embeddedice_build_reg_cache(target_t *target, arm7_9_common_t *arm7_9)
148 reg_cache_t *reg_cache = malloc(sizeof(reg_cache_t));
149 reg_t *reg_list = NULL;
150 embeddedice_reg_t *arch_info = NULL;
151 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
152 int num_regs = ARRAY_SIZE(eice_regs);
154 int eice_version = 0;
156 /* register a register arch-type for EmbeddedICE registers only once */
157 if (embeddedice_reg_arch_type == -1)
158 embeddedice_reg_arch_type = register_reg_arch_type(
159 embeddedice_get_reg, embeddedice_set_reg_w_exec);
161 /* vector_catch isn't always present */
162 if (!arm7_9->has_vector_catch)
165 /* the actual registers are kept in two arrays */
166 reg_list = calloc(num_regs, sizeof(reg_t));
167 arch_info = calloc(num_regs, sizeof(embeddedice_reg_t));
169 /* fill in values for the reg cache */
170 reg_cache->name = "EmbeddedICE registers";
171 reg_cache->next = NULL;
172 reg_cache->reg_list = reg_list;
173 reg_cache->num_regs = num_regs;
175 /* set up registers */
176 for (i = 0; i < num_regs; i++)
178 reg_list[i].name = eice_regs[i].name;
179 reg_list[i].size = eice_regs[i].width;
180 reg_list[i].dirty = 0;
181 reg_list[i].valid = 0;
182 reg_list[i].bitfield_desc = NULL;
183 reg_list[i].num_bitfields = 0;
184 reg_list[i].value = calloc(1, 4);
185 reg_list[i].arch_info = &arch_info[i];
186 reg_list[i].arch_type = embeddedice_reg_arch_type;
187 arch_info[i].addr = eice_regs[i].addr;
188 arch_info[i].jtag_info = jtag_info;
191 /* identify EmbeddedICE version by reading DCC control register */
192 embeddedice_read_reg(®_list[EICE_COMMS_CTRL]);
193 if ((retval = jtag_execute_queue()) != ERROR_OK)
195 for (i = 0; i < num_regs; i++)
197 free(reg_list[i].value);
205 eice_version = buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 28, 4);
206 LOG_DEBUG("Embedded ICE version %d", eice_version);
208 switch (eice_version)
211 /* ARM7TDMI r3, ARM7TDMI-S r3
213 * REVISIT docs say ARM7TDMI-S r4 uses version 1 but
214 * that it has 6-bit CTRL and 5-bit STAT... doc bug?
215 * ARM7TDMI r4 docs say EICE v4.
217 reg_list[EICE_DBG_CTRL].size = 3;
218 reg_list[EICE_DBG_STAT].size = 5;
222 reg_list[EICE_DBG_CTRL].size = 4;
223 reg_list[EICE_DBG_STAT].size = 5;
224 arm7_9->has_single_step = 1;
227 LOG_ERROR("EmbeddedICE v%d handling might be broken",
229 reg_list[EICE_DBG_CTRL].size = 6;
230 reg_list[EICE_DBG_STAT].size = 5;
231 arm7_9->has_single_step = 1;
232 arm7_9->has_monitor_mode = 1;
236 reg_list[EICE_DBG_CTRL].size = 6;
237 reg_list[EICE_DBG_STAT].size = 5;
238 arm7_9->has_monitor_mode = 1;
242 reg_list[EICE_DBG_CTRL].size = 6;
243 reg_list[EICE_DBG_STAT].size = 5;
244 arm7_9->has_single_step = 1;
245 arm7_9->has_monitor_mode = 1;
248 /* ARM7EJ-S, ARM9E-S rev 2, ARM9EJ-S */
249 reg_list[EICE_DBG_CTRL].size = 6;
250 reg_list[EICE_DBG_STAT].size = 10;
251 /* DBG_STAT has MOE bits */
252 arm7_9->has_monitor_mode = 1;
255 LOG_ERROR("EmbeddedICE v%d handling might be broken",
257 reg_list[EICE_DBG_CTRL].size = 6;
258 reg_list[EICE_DBG_STAT].size = 5;
259 arm7_9->has_monitor_mode = 1;
263 * The Feroceon implementation has the version number
264 * in some unusual bits. Let feroceon.c validate it
265 * and do the appropriate setup itself.
267 if (strcmp(target_get_name(target), "feroceon") == 0)
269 LOG_ERROR("unknown EmbeddedICE version (comms ctrl: 0x%8.8" PRIx32 ")", buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 0, 32));
275 int embeddedice_setup(target_t *target)
278 armv4_5_common_t *armv4_5 = target->arch_info;
279 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
281 /* explicitly disable monitor mode */
282 if (arm7_9->has_monitor_mode)
284 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
286 embeddedice_read_reg(dbg_ctrl);
287 if ((retval = jtag_execute_queue()) != ERROR_OK)
289 buf_set_u32(dbg_ctrl->value, 4, 1, 0);
290 embeddedice_set_reg_w_exec(dbg_ctrl, dbg_ctrl->value);
292 return jtag_execute_queue();
295 static int embeddedice_get_reg(reg_t *reg)
298 if ((retval = embeddedice_read_reg(reg)) != ERROR_OK)
300 LOG_ERROR("BUG: error scheduling EmbeddedICE register read");
304 if ((retval = jtag_execute_queue()) != ERROR_OK)
306 LOG_ERROR("register read failed");
313 int embeddedice_read_reg_w_check(reg_t *reg, uint8_t* check_value, uint8_t* check_mask)
315 embeddedice_reg_t *ice_reg = reg->arch_info;
316 uint8_t reg_addr = ice_reg->addr & 0x1f;
317 scan_field_t fields[3];
318 uint8_t field1_out[1];
319 uint8_t field2_out[1];
321 jtag_set_end_state(TAP_IDLE);
322 arm_jtag_scann(ice_reg->jtag_info, 0x2);
324 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
326 fields[0].tap = ice_reg->jtag_info->tap;
327 fields[0].num_bits = 32;
328 fields[0].out_value = reg->value;
329 fields[0].in_value = NULL;
330 fields[0].check_value = NULL;
331 fields[0].check_mask = NULL;
333 fields[1].tap = ice_reg->jtag_info->tap;
334 fields[1].num_bits = 5;
335 fields[1].out_value = field1_out;
336 buf_set_u32(fields[1].out_value, 0, 5, reg_addr);
337 fields[1].in_value = NULL;
338 fields[1].check_value = NULL;
339 fields[1].check_mask = NULL;
341 fields[2].tap = ice_reg->jtag_info->tap;
342 fields[2].num_bits = 1;
343 fields[2].out_value = field2_out;
344 buf_set_u32(fields[2].out_value, 0, 1, 0);
345 fields[2].in_value = NULL;
346 fields[2].check_value = NULL;
347 fields[2].check_mask = NULL;
349 jtag_add_dr_scan(3, fields, jtag_get_end_state());
351 fields[0].in_value = reg->value;
352 fields[0].check_value = check_value;
353 fields[0].check_mask = check_mask;
355 /* when reading the DCC data register, leaving the address field set to
356 * EICE_COMMS_DATA would read the register twice
357 * reading the control register is safe
359 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_CTRL].addr);
361 jtag_add_dr_scan_check(3, fields, jtag_get_end_state());
366 /* receive <size> words of 32 bit from the DCC
367 * we pretend the target is always going to be fast enough
368 * (relative to the JTAG clock), so we don't need to handshake
370 int embeddedice_receive(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
372 scan_field_t fields[3];
373 uint8_t field1_out[1];
374 uint8_t field2_out[1];
376 jtag_set_end_state(TAP_IDLE);
377 arm_jtag_scann(jtag_info, 0x2);
378 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
380 fields[0].tap = jtag_info->tap;
381 fields[0].num_bits = 32;
382 fields[0].out_value = NULL;
383 fields[0].in_value = NULL;
385 fields[1].tap = jtag_info->tap;
386 fields[1].num_bits = 5;
387 fields[1].out_value = field1_out;
388 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
389 fields[1].in_value = NULL;
391 fields[2].tap = jtag_info->tap;
392 fields[2].num_bits = 1;
393 fields[2].out_value = field2_out;
394 buf_set_u32(fields[2].out_value, 0, 1, 0);
395 fields[2].in_value = NULL;
397 jtag_add_dr_scan(3, fields, jtag_get_end_state());
401 /* when reading the last item, set the register address to the DCC control reg,
402 * to avoid reading additional data from the DCC data reg
405 buf_set_u32(fields[1].out_value, 0, 5,
406 eice_regs[EICE_COMMS_CTRL].addr);
408 fields[0].in_value = (uint8_t *)data;
409 jtag_add_dr_scan(3, fields, jtag_get_end_state());
410 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)data);
416 return jtag_execute_queue();
419 int embeddedice_read_reg(reg_t *reg)
421 return embeddedice_read_reg_w_check(reg, NULL, NULL);
424 void embeddedice_set_reg(reg_t *reg, uint32_t value)
426 embeddedice_write_reg(reg, value);
428 buf_set_u32(reg->value, 0, reg->size, value);
434 int embeddedice_set_reg_w_exec(reg_t *reg, uint8_t *buf)
437 embeddedice_set_reg(reg, buf_get_u32(buf, 0, reg->size));
439 if ((retval = jtag_execute_queue()) != ERROR_OK)
441 LOG_ERROR("register write failed");
447 void embeddedice_write_reg(reg_t *reg, uint32_t value)
449 embeddedice_reg_t *ice_reg = reg->arch_info;
451 LOG_DEBUG("%i: 0x%8.8" PRIx32 "", ice_reg->addr, value);
453 jtag_set_end_state(TAP_IDLE);
454 arm_jtag_scann(ice_reg->jtag_info, 0x2);
456 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
458 uint8_t reg_addr = ice_reg->addr & 0x1f;
459 embeddedice_write_reg_inner(ice_reg->jtag_info->tap, reg_addr, value);
463 void embeddedice_store_reg(reg_t *reg)
465 embeddedice_write_reg(reg, buf_get_u32(reg->value, 0, reg->size));
468 /* send <size> words of 32 bit to the DCC
469 * we pretend the target is always going to be fast enough
470 * (relative to the JTAG clock), so we don't need to handshake
472 int embeddedice_send(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
474 scan_field_t fields[3];
475 uint8_t field0_out[4];
476 uint8_t field1_out[1];
477 uint8_t field2_out[1];
479 jtag_set_end_state(TAP_IDLE);
480 arm_jtag_scann(jtag_info, 0x2);
481 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
483 fields[0].tap = jtag_info->tap;
484 fields[0].num_bits = 32;
485 fields[0].out_value = field0_out;
486 fields[0].in_value = NULL;
488 fields[1].tap = jtag_info->tap;
489 fields[1].num_bits = 5;
490 fields[1].out_value = field1_out;
491 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
492 fields[1].in_value = NULL;
494 fields[2].tap = jtag_info->tap;
495 fields[2].num_bits = 1;
496 fields[2].out_value = field2_out;
497 buf_set_u32(fields[2].out_value, 0, 1, 1);
499 fields[2].in_value = NULL;
503 buf_set_u32(fields[0].out_value, 0, 32, *data);
504 jtag_add_dr_scan(3, fields, jtag_get_end_state());
510 /* call to jtag_execute_queue() intentionally omitted */
514 /* wait for DCC control register R/W handshake bit to become active
516 int embeddedice_handshake(arm_jtag_t *jtag_info, int hsbit, uint32_t timeout)
518 scan_field_t fields[3];
519 uint8_t field0_in[4];
520 uint8_t field1_out[1];
521 uint8_t field2_out[1];
527 if (hsbit == EICE_COMM_CTRL_WBIT)
529 else if (hsbit == EICE_COMM_CTRL_RBIT)
532 return ERROR_INVALID_ARGUMENTS;
534 jtag_set_end_state(TAP_IDLE);
535 arm_jtag_scann(jtag_info, 0x2);
536 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
538 fields[0].tap = jtag_info->tap;
539 fields[0].num_bits = 32;
540 fields[0].out_value = NULL;
541 fields[0].in_value = field0_in;
543 fields[1].tap = jtag_info->tap;
544 fields[1].num_bits = 5;
545 fields[1].out_value = field1_out;
546 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
547 fields[1].in_value = NULL;
549 fields[2].tap = jtag_info->tap;
550 fields[2].num_bits = 1;
551 fields[2].out_value = field2_out;
552 buf_set_u32(fields[2].out_value, 0, 1, 0);
553 fields[2].in_value = NULL;
555 jtag_add_dr_scan(3, fields, jtag_get_end_state());
556 gettimeofday(&lap, NULL);
559 jtag_add_dr_scan(3, fields, jtag_get_end_state());
560 if ((retval = jtag_execute_queue()) != ERROR_OK)
563 if (buf_get_u32(field0_in, hsbit, 1) == hsact)
566 gettimeofday(&now, NULL);
568 while ((uint32_t)((now.tv_sec-lap.tv_sec)*1000 + (now.tv_usec-lap.tv_usec)/1000) <= timeout);
570 return ERROR_TARGET_TIMEOUT;
573 #ifndef HAVE_JTAG_MINIDRIVER_H
574 /* this is the inner loop of the open loop DCC write of data to target */
575 void embeddedice_write_dcc(jtag_tap_t *tap, int reg_addr, uint8_t *buffer, int little, int count)
578 for (i = 0; i < count; i++)
580 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
585 /* provided by minidriver */
projects / fw / openocd / blob