1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin
5 * Copyright (C) 2008 by Spencer Oliver
8 * Copyright (C) 2009 by Oyvind Harboe
9 * oyvind.harboe@zylin.com
11 * Copyright (C) 2009-2010 by David Brownell
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25 ***************************************************************************/
29 * This file implements JTAG transport support for cores implementing
30 the ARM Debug Interface version 5 (ADIv5).
38 #include "arm_adi_v5.h"
39 #include <helper/time_support.h>
40 #include <helper/list.h>
42 /*#define DEBUG_WAIT*/
44 /* JTAG instructions/registers for JTAG-DP and SWJ-DP */
45 #define JTAG_DP_ABORT 0x8
46 #define JTAG_DP_DPACC 0xA
47 #define JTAG_DP_APACC 0xB
48 #define JTAG_DP_IDCODE 0xE
50 /* three-bit ACK values for DPACC and APACC reads */
51 #define JTAG_ACK_OK_FAULT 0x2
52 #define JTAG_ACK_WAIT 0x1
54 static int jtag_ap_q_abort(struct adiv5_dap
*dap
, uint8_t *ack
);
57 static const char *dap_reg_name(int instr
, int reg_addr
)
59 char *reg_name
= "UNK";
61 if (instr
== JTAG_DP_DPACC
) {
67 reg_name
= "CTRL/STAT";
84 if (instr
== JTAG_DP_APACC
) {
110 case MEM_AP_REG_BASE
:
133 uint32_t memaccess_tck
;
136 struct scan_field fields
[2];
137 uint8_t out_addr_buf
;
138 uint8_t invalue_buf
[4];
139 uint8_t outvalue_buf
[4];
142 static void log_dap_cmd(const char *header
, struct dap_cmd
*el
)
145 LOG_DEBUG("%s: %2s %6s %5s 0x%08x 0x%08x %2s", header
,
146 el
->instr
== JTAG_DP_APACC
? "AP" : "DP",
147 dap_reg_name(el
->instr
, el
->reg_addr
),
148 el
->RnW
== DPAP_READ
? "READ" : "WRITE",
149 buf_get_u32(el
->outvalue_buf
, 0, 32),
150 buf_get_u32(el
->invalue
, 0, 32),
151 el
->ack
== JTAG_ACK_OK_FAULT
? "OK" :
152 (el
->ack
== JTAG_ACK_WAIT
? "WAIT" : "INVAL"));
156 static struct dap_cmd
*dap_cmd_new(uint8_t instr
,
157 uint8_t reg_addr
, uint8_t RnW
,
158 uint8_t *outvalue
, uint8_t *invalue
,
159 uint32_t memaccess_tck
)
163 cmd
= (struct dap_cmd
*)calloc(1, sizeof(struct dap_cmd
));
165 INIT_LIST_HEAD(&cmd
->lh
);
167 cmd
->reg_addr
= reg_addr
;
169 if (outvalue
!= NULL
)
170 memcpy(cmd
->outvalue_buf
, outvalue
, 4);
171 cmd
->invalue
= (invalue
!= NULL
) ? invalue
: cmd
->invalue_buf
;
172 cmd
->memaccess_tck
= memaccess_tck
;
178 static void flush_journal(struct list_head
*lh
)
180 struct dap_cmd
*el
, *tmp
;
182 list_for_each_entry_safe(el
, tmp
, lh
, lh
) {
188 /***************************************************************************
190 * DPACC and APACC scanchain access through JTAG-DP (or SWJ-DP)
192 ***************************************************************************/
194 static int adi_jtag_dp_scan_cmd(struct adiv5_dap
*dap
, struct dap_cmd
*cmd
, uint8_t *ack
)
196 struct jtag_tap
*tap
= dap
->tap
;
199 retval
= arm_jtag_set_instr(tap
, cmd
->instr
, NULL
, TAP_IDLE
);
200 if (retval
!= ERROR_OK
)
203 /* Scan out a read or write operation using some DP or AP register.
204 * For APACC access with any sticky error flag set, this is discarded.
206 cmd
->fields
[0].num_bits
= 3;
207 buf_set_u32(&cmd
->out_addr_buf
, 0, 3, ((cmd
->reg_addr
>> 1) & 0x6) | (cmd
->RnW
& 0x1));
208 cmd
->fields
[0].out_value
= &cmd
->out_addr_buf
;
209 cmd
->fields
[0].in_value
= (ack
!= NULL
) ? ack
: &cmd
->ack
;
211 /* NOTE: if we receive JTAG_ACK_WAIT, the previous operation did not
212 * complete; data we write is discarded, data we read is unpredictable.
213 * When overrun detect is active, STICKYORUN is set.
216 cmd
->fields
[1].num_bits
= 32;
217 cmd
->fields
[1].out_value
= cmd
->outvalue_buf
;
218 cmd
->fields
[1].in_value
= cmd
->invalue
;
220 jtag_add_dr_scan(tap
, 2, cmd
->fields
, TAP_IDLE
);
222 /* Add specified number of tck clocks after starting memory bus
223 * access, giving the hardware time to complete the access.
224 * They provide more time for the (MEM) AP to complete the read ...
225 * See "Minimum Response Time" for JTAG-DP, in the ADIv5 spec.
227 if (cmd
->instr
== JTAG_DP_APACC
) {
228 if (((cmd
->reg_addr
== MEM_AP_REG_DRW
)
229 || ((cmd
->reg_addr
& 0xF0) == MEM_AP_REG_BD0
))
230 && (cmd
->memaccess_tck
!= 0))
231 jtag_add_runtest(cmd
->memaccess_tck
, TAP_IDLE
);
237 static int adi_jtag_dp_scan_cmd_sync(struct adiv5_dap
*dap
, struct dap_cmd
*cmd
, uint8_t *ack
)
241 retval
= adi_jtag_dp_scan_cmd(dap
, cmd
, ack
);
242 if (retval
!= ERROR_OK
)
245 return jtag_execute_queue();
249 * Scan DPACC or APACC using target ordered uint8_t buffers. No endianness
250 * conversions are performed. See section 4.4.3 of the ADIv5 spec, which
251 * discusses operations which access these registers.
253 * Note that only one scan is performed. If RnW is set, a separate scan
254 * will be needed to collect the data which was read; the "invalue" collects
255 * the posted result of a preceding operation, not the current one.
258 * @param instr JTAG_DP_APACC (AP access) or JTAG_DP_DPACC (DP access)
259 * @param reg_addr two significant bits; A[3:2]; for APACC access, the
260 * SELECT register has more addressing bits.
261 * @param RnW false iff outvalue will be written to the DP or AP
262 * @param outvalue points to a 32-bit (little-endian) integer
263 * @param invalue NULL, or points to a 32-bit (little-endian) integer
264 * @param ack points to where the three bit JTAG_ACK_* code will be stored
265 * @param memaccess_tck number of idle cycles to add after AP access
268 static int adi_jtag_dp_scan(struct adiv5_dap
*dap
,
269 uint8_t instr
, uint8_t reg_addr
, uint8_t RnW
,
270 uint8_t *outvalue
, uint8_t *invalue
,
271 uint32_t memaccess_tck
, uint8_t *ack
)
276 cmd
= dap_cmd_new(instr
, reg_addr
, RnW
, outvalue
, invalue
, memaccess_tck
);
278 cmd
->dp_select
= dap
->select
;
280 return ERROR_JTAG_DEVICE_ERROR
;
282 retval
= adi_jtag_dp_scan_cmd(dap
, cmd
, ack
);
283 if (retval
== ERROR_OK
)
284 list_add_tail(&cmd
->lh
, &dap
->cmd_journal
);
290 * Scan DPACC or APACC out and in from host ordered uint32_t buffers.
291 * This is exactly like adi_jtag_dp_scan(), except that endianness
292 * conversions are performed (so the types of invalue and outvalue
293 * must be different).
295 static int adi_jtag_dp_scan_u32(struct adiv5_dap
*dap
,
296 uint8_t instr
, uint8_t reg_addr
, uint8_t RnW
,
297 uint32_t outvalue
, uint32_t *invalue
,
298 uint32_t memaccess_tck
, uint8_t *ack
)
300 uint8_t out_value_buf
[4];
303 buf_set_u32(out_value_buf
, 0, 32, outvalue
);
305 retval
= adi_jtag_dp_scan(dap
, instr
, reg_addr
, RnW
,
306 out_value_buf
, (uint8_t *)invalue
, memaccess_tck
, ack
);
307 if (retval
!= ERROR_OK
)
311 jtag_add_callback(arm_le_to_h_u32
,
312 (jtag_callback_data_t
) invalue
);
317 static int adi_jtag_finish_read(struct adiv5_dap
*dap
)
319 int retval
= ERROR_OK
;
321 if (dap
->last_read
!= NULL
) {
322 retval
= adi_jtag_dp_scan_u32(dap
, JTAG_DP_DPACC
,
323 DP_RDBUFF
, DPAP_READ
, 0, dap
->last_read
, 0, NULL
);
324 dap
->last_read
= NULL
;
330 static int adi_jtag_scan_inout_check_u32(struct adiv5_dap
*dap
,
331 uint8_t instr
, uint8_t reg_addr
, uint8_t RnW
,
332 uint32_t outvalue
, uint32_t *invalue
, uint32_t memaccess_tck
)
336 /* Issue the read or write */
337 retval
= adi_jtag_dp_scan_u32(dap
, instr
, reg_addr
,
338 RnW
, outvalue
, NULL
, memaccess_tck
, NULL
);
339 if (retval
!= ERROR_OK
)
342 /* For reads, collect posted value; RDBUFF has no other effect.
343 * Assumes read gets acked with OK/FAULT, and CTRL_STAT says "OK".
345 if ((RnW
== DPAP_READ
) && (invalue
!= NULL
)) {
346 retval
= adi_jtag_dp_scan_u32(dap
, JTAG_DP_DPACC
,
347 DP_RDBUFF
, DPAP_READ
, 0, invalue
, 0, NULL
);
348 if (retval
!= ERROR_OK
)
352 return jtag_execute_queue();
355 static int jtagdp_overrun_check(struct adiv5_dap
*dap
)
358 struct dap_cmd
*el
, *tmp
, *prev
= NULL
;
361 LIST_HEAD(replay_list
);
363 /* make sure all queued transactions are complete */
364 retval
= jtag_execute_queue();
365 if (retval
!= ERROR_OK
)
368 /* skip all completed transactions up to the first WAIT */
369 list_for_each_entry(el
, &dap
->cmd_journal
, lh
) {
370 if (el
->ack
== JTAG_ACK_OK_FAULT
) {
371 log_dap_cmd("LOG", el
);
372 } else if (el
->ack
== JTAG_ACK_WAIT
) {
376 LOG_ERROR("Invalid ACK (%1x) in DAP response", el
->ack
);
377 log_dap_cmd("ERR", el
);
378 retval
= ERROR_JTAG_DEVICE_ERROR
;
384 * If we found a stalled transaction and a previous transaction
385 * exists, check if it's a READ access.
387 if (found_wait
&& el
!= list_first_entry(&dap
->cmd_journal
, struct dap_cmd
, lh
)) {
388 prev
= list_entry(el
->lh
.prev
, struct dap_cmd
, lh
);
389 if (prev
->RnW
== DPAP_READ
) {
390 log_dap_cmd("PND", prev
);
391 /* search for the next OK transaction, it contains
392 * the result of the previous READ */
394 list_for_each_entry_from(tmp
, &dap
->cmd_journal
, lh
) {
395 if (tmp
->ack
== JTAG_ACK_OK_FAULT
) {
396 /* recover the read value */
397 log_dap_cmd("FND", tmp
);
398 if (el
->invalue
!= el
->invalue_buf
) {
399 uint32_t invalue
= le_to_h_u32(tmp
->invalue
);
400 memcpy(el
->invalue
, &invalue
, sizeof(uint32_t));
408 log_dap_cmd("LST", el
);
411 * At this point we're sure that no previous
412 * transaction completed and the DAP/AP is still
413 * in busy state. We know that the next "OK" scan
414 * will return the READ result we need to recover.
415 * To complete the READ, we just keep polling RDBUFF
416 * until the WAIT condition clears
418 tmp
= dap_cmd_new(JTAG_DP_DPACC
,
419 DP_RDBUFF
, DPAP_READ
, NULL
, NULL
, 0);
421 retval
= ERROR_JTAG_DEVICE_ERROR
;
424 /* synchronously retry the command until it succeeds */
425 time_now
= timeval_ms();
427 retval
= adi_jtag_dp_scan_cmd_sync(dap
, tmp
, NULL
);
428 if (retval
!= ERROR_OK
)
430 if (tmp
->ack
== JTAG_ACK_OK_FAULT
) {
431 log_dap_cmd("FND", tmp
);
432 if (el
->invalue
!= el
->invalue_buf
) {
433 uint32_t invalue
= le_to_h_u32(tmp
->invalue
);
434 memcpy(el
->invalue
, &invalue
, sizeof(uint32_t));
438 if (tmp
->ack
!= JTAG_ACK_WAIT
) {
439 LOG_ERROR("Invalid ACK (%1x) in DAP response", tmp
->ack
);
440 log_dap_cmd("ERR", tmp
);
441 retval
= ERROR_JTAG_DEVICE_ERROR
;
445 } while (timeval_ms() - time_now
< 1000);
447 if (retval
== ERROR_OK
) {
448 /* timeout happened */
449 if (tmp
->ack
!= JTAG_ACK_OK_FAULT
) {
450 LOG_ERROR("Timeout during WAIT recovery");
451 jtag_ap_q_abort(dap
, NULL
);
452 retval
= ERROR_JTAG_DEVICE_ERROR
;
456 /* we're done with this command, release it */
459 if (retval
!= ERROR_OK
)
463 /* make el->invalue point to the default invalue
464 * so that we can safely retry it without clobbering
465 * the result we just recovered */
466 el
->invalue
= el
->invalue_buf
;
470 /* move all remaining transactions over to the replay list */
471 list_for_each_entry_safe_from(el
, tmp
, &dap
->cmd_journal
, lh
) {
472 log_dap_cmd("REP", el
);
473 list_move_tail(&el
->lh
, &replay_list
);
476 /* we're done with the journal, flush it */
477 flush_journal(&dap
->cmd_journal
);
479 /* check for overrun condition in the last batch of transactions */
481 LOG_INFO("DAP transaction stalled (WAIT) - slowing down");
482 /* clear the sticky overrun condition */
483 retval
= adi_jtag_scan_inout_check_u32(dap
, JTAG_DP_DPACC
,
484 DP_CTRL_STAT
, DPAP_WRITE
,
485 dap
->dp_ctrl_stat
| SSTICKYORUN
, NULL
, 0);
486 if (retval
!= ERROR_OK
)
489 /* restore SELECT register first */
490 if (!list_empty(&replay_list
)) {
491 el
= list_first_entry(&replay_list
, struct dap_cmd
, lh
);
492 tmp
= dap_cmd_new(JTAG_DP_DPACC
,
493 DP_SELECT
, DPAP_WRITE
, (uint8_t *)&el
->dp_select
, NULL
, 0);
495 retval
= ERROR_JTAG_DEVICE_ERROR
;
498 list_add(&tmp
->lh
, &replay_list
);
500 dap
->select
= DP_SELECT_INVALID
;
503 list_for_each_entry_safe(el
, tmp
, &replay_list
, lh
) {
504 time_now
= timeval_ms();
506 retval
= adi_jtag_dp_scan_cmd_sync(dap
, el
, NULL
);
507 if (retval
!= ERROR_OK
)
509 log_dap_cmd("REC", el
);
510 if (el
->ack
== JTAG_ACK_OK_FAULT
) {
511 if (el
->invalue
!= el
->invalue_buf
) {
512 uint32_t invalue
= le_to_h_u32(el
->invalue
);
513 memcpy(el
->invalue
, &invalue
, sizeof(uint32_t));
517 if (el
->ack
!= JTAG_ACK_WAIT
) {
518 LOG_ERROR("Invalid ACK (%1x) in DAP response", el
->ack
);
519 log_dap_cmd("ERR", el
);
520 retval
= ERROR_JTAG_DEVICE_ERROR
;
523 } while (timeval_ms() - time_now
< 1000);
525 if (retval
== ERROR_OK
) {
526 if (el
->ack
!= JTAG_ACK_OK_FAULT
) {
527 LOG_ERROR("Timeout during WAIT recovery");
528 jtag_ap_q_abort(dap
, NULL
);
529 retval
= ERROR_JTAG_DEVICE_ERROR
;
537 flush_journal(&replay_list
);
538 flush_journal(&dap
->cmd_journal
);
542 static int jtagdp_transaction_endcheck(struct adiv5_dap
*dap
)
547 /* too expensive to call keep_alive() here */
549 /* Post CTRL/STAT read; discard any previous posted read value
550 * but collect its ACK status.
552 retval
= adi_jtag_scan_inout_check_u32(dap
, JTAG_DP_DPACC
,
553 DP_CTRL_STAT
, DPAP_READ
, 0, &ctrlstat
, 0);
554 if (retval
!= ERROR_OK
)
557 /* REVISIT also STICKYCMP, for pushed comparisons (nyet used) */
559 /* Check for STICKYERR */
560 if (ctrlstat
& SSTICKYERR
) {
561 LOG_DEBUG("jtag-dp: CTRL/STAT 0x%" PRIx32
, ctrlstat
);
562 /* Check power to debug regions */
563 if ((ctrlstat
& (CDBGPWRUPREQ
| CDBGPWRUPACK
| CSYSPWRUPREQ
| CSYSPWRUPACK
)) !=
564 (CDBGPWRUPREQ
| CDBGPWRUPACK
| CSYSPWRUPREQ
| CSYSPWRUPACK
)) {
565 LOG_ERROR("Debug regions are unpowered, an unexpected reset might have happened");
566 retval
= ERROR_JTAG_DEVICE_ERROR
;
570 if (ctrlstat
& SSTICKYERR
)
571 LOG_ERROR("JTAG-DP STICKY ERROR");
572 if (ctrlstat
& SSTICKYORUN
)
573 LOG_DEBUG("JTAG-DP STICKY OVERRUN");
575 /* Clear Sticky Error Bits */
576 retval
= adi_jtag_scan_inout_check_u32(dap
, JTAG_DP_DPACC
,
577 DP_CTRL_STAT
, DPAP_WRITE
,
578 dap
->dp_ctrl_stat
| SSTICKYERR
, NULL
, 0);
579 if (retval
!= ERROR_OK
)
582 if (ctrlstat
& SSTICKYERR
) {
583 retval
= ERROR_JTAG_DEVICE_ERROR
;
589 flush_journal(&dap
->cmd_journal
);
593 /*--------------------------------------------------------------------------*/
595 static int jtag_dp_q_read(struct adiv5_dap
*dap
, unsigned reg
,
598 int retval
= adi_jtag_dp_scan_u32(dap
, JTAG_DP_DPACC
, reg
,
599 DPAP_READ
, 0, dap
->last_read
, 0, NULL
);
600 dap
->last_read
= data
;
604 static int jtag_dp_q_write(struct adiv5_dap
*dap
, unsigned reg
,
607 int retval
= adi_jtag_dp_scan_u32(dap
, JTAG_DP_DPACC
,
608 reg
, DPAP_WRITE
, data
, dap
->last_read
, 0, NULL
);
609 dap
->last_read
= NULL
;
613 /** Select the AP register bank matching bits 7:4 of reg. */
614 static int jtag_ap_q_bankselect(struct adiv5_ap
*ap
, unsigned reg
)
616 struct adiv5_dap
*dap
= ap
->dap
;
617 uint32_t sel
= ((uint32_t)ap
->ap_num
<< 24) | (reg
& 0x000000F0);
619 if (sel
== dap
->select
)
624 return jtag_dp_q_write(dap
, DP_SELECT
, sel
);
627 static int jtag_ap_q_read(struct adiv5_ap
*ap
, unsigned reg
,
630 int retval
= jtag_ap_q_bankselect(ap
, reg
);
631 if (retval
!= ERROR_OK
)
634 retval
= adi_jtag_dp_scan_u32(ap
->dap
, JTAG_DP_APACC
, reg
,
635 DPAP_READ
, 0, ap
->dap
->last_read
, ap
->memaccess_tck
, NULL
);
636 ap
->dap
->last_read
= data
;
641 static int jtag_ap_q_write(struct adiv5_ap
*ap
, unsigned reg
,
644 int retval
= jtag_ap_q_bankselect(ap
, reg
);
645 if (retval
!= ERROR_OK
)
648 retval
= adi_jtag_dp_scan_u32(ap
->dap
, JTAG_DP_APACC
, reg
,
649 DPAP_WRITE
, data
, ap
->dap
->last_read
, ap
->memaccess_tck
, NULL
);
650 ap
->dap
->last_read
= NULL
;
654 static int jtag_ap_q_abort(struct adiv5_dap
*dap
, uint8_t *ack
)
656 /* for JTAG, this is the only valid ABORT register operation */
657 int retval
= adi_jtag_dp_scan_u32(dap
, JTAG_DP_ABORT
,
658 0, DPAP_WRITE
, 1, NULL
, 0, NULL
);
659 if (retval
!= ERROR_OK
)
662 return jtag_execute_queue();
665 static int jtag_dp_run(struct adiv5_dap
*dap
)
668 int retval2
= ERROR_OK
;
670 retval
= adi_jtag_finish_read(dap
);
671 if (retval
!= ERROR_OK
)
673 retval2
= jtagdp_overrun_check(dap
);
674 retval
= jtagdp_transaction_endcheck(dap
);
677 return (retval2
!= ERROR_OK
) ? retval2
: retval
;
680 static int jtag_dp_sync(struct adiv5_dap
*dap
)
682 return jtagdp_overrun_check(dap
);
685 /* FIXME don't export ... just initialize as
688 const struct dap_ops jtag_dp_ops
= {
689 .queue_dp_read
= jtag_dp_q_read
,
690 .queue_dp_write
= jtag_dp_q_write
,
691 .queue_ap_read
= jtag_ap_q_read
,
692 .queue_ap_write
= jtag_ap_q_write
,
693 .queue_ap_abort
= jtag_ap_q_abort
,
695 .sync
= jtag_dp_sync
,
699 static const uint8_t swd2jtag_bitseq
[] = {
700 /* More than 50 TCK/SWCLK cycles with TMS/SWDIO high,
701 * putting both JTAG and SWD logic into reset state.
703 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
704 /* Switching equence disables SWD and enables JTAG
705 * NOTE: bits in the DP's IDCODE can expose the need for
706 * the old/deprecated sequence (0xae 0xde).
709 /* At least 50 TCK/SWCLK cycles with TMS/SWDIO high,
710 * putting both JTAG and SWD logic into reset state.
711 * NOTE: some docs say "at least 5".
713 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
716 /** Put the debug link into JTAG mode, if the target supports it.
717 * The link's initial mode may be either SWD or JTAG.
719 * @param target Enters JTAG mode (if possible).
721 * Note that targets implemented with SW-DP do not support JTAG, and
722 * that some targets which could otherwise support it may have been
723 * configured to disable JTAG signaling
725 * @return ERROR_OK or else a fault code.
727 int dap_to_jtag(struct target
*target
)
731 LOG_DEBUG("Enter JTAG mode");
733 /* REVISIT it's nasty to need to make calls to a "jtag"
734 * subsystem if the link isn't in JTAG mode...
737 retval
= jtag_add_tms_seq(8 * sizeof(swd2jtag_bitseq
),
738 swd2jtag_bitseq
, TAP_RESET
);
739 if (retval
== ERROR_OK
)
740 retval
= jtag_execute_queue();
742 /* REVISIT set up the DAP's ops vector for JTAG mode. */