1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
27 #include <helper/binarybuffer.h>
28 #include <helper/log.h>
30 #ifdef _DEBUG_JTAG_IO_
31 #define DEBUG_JTAG_IO(expr ...) \
32 do { if (1) LOG_DEBUG(expr); } while (0)
34 #define DEBUG_JTAG_IO(expr ...) \
35 do { if (0) LOG_DEBUG(expr); } while (0)
38 #ifndef DEBUG_JTAG_IOZ
39 #define DEBUG_JTAG_IOZ 64
42 /*-----</Macros>-------------------------------------------------*/
45 * Defines JTAG Test Access Port states.
47 * These definitions were gleaned from the ARM7TDMI-S Technical
48 * Reference Manual and validated against several other ARM core
51 * FIXME some interfaces require specific numbers be used, as they
52 * are handed-off directly to their hardware implementations.
53 * Fix those drivers to map as appropriate ... then pick some
54 * sane set of numbers here (where 0/uninitialized == INVALID).
56 typedef enum tap_state
{
60 /* These are the old numbers. Leave as-is for now... */
61 TAP_RESET
= 0, TAP_IDLE
= 8,
62 TAP_DRSELECT
= 1, TAP_DRCAPTURE
= 2, TAP_DRSHIFT
= 3, TAP_DREXIT1
= 4,
63 TAP_DRPAUSE
= 5, TAP_DREXIT2
= 6, TAP_DRUPDATE
= 7,
64 TAP_IRSELECT
= 9, TAP_IRCAPTURE
= 10, TAP_IRSHIFT
= 11, TAP_IREXIT1
= 12,
65 TAP_IRPAUSE
= 13, TAP_IREXIT2
= 14, TAP_IRUPDATE
= 15,
68 /* Proper ARM recommended numbers */
90 * Function tap_state_name
91 * Returns a string suitable for display representing the JTAG tap_state
93 const char *tap_state_name(tap_state_t state
);
95 /** Provides user-friendly name lookup of TAP states. */
96 tap_state_t
tap_state_by_name(const char *name
);
98 /** The current TAP state of the pending JTAG command queue. */
99 extern tap_state_t cmd_queue_cur_state
;
102 * This structure defines a single scan field in the scan. It provides
103 * fields for the field's width and pointers to scan input and output
106 * In addition, this structure includes a value and mask that is used by
107 * jtag_add_dr_scan_check() to validate the value that was scanned out.
110 /** The number of bits this field specifies (up to 32) */
112 /** A pointer to value to be scanned into the device */
113 const uint8_t *out_value
;
114 /** A pointer to a 32-bit memory location for data scanned out */
117 /** The value used to check the data scanned out. */
118 uint8_t *check_value
;
119 /** The mask to go with check_value */
126 const char *dotted_name
;
127 int abs_chain_position
;
128 /** Is this TAP disabled after JTAG reset? */
129 bool disabled_after_reset
;
130 /** Is this TAP currently enabled? */
132 int ir_length
; /**< size of instruction register */
133 uint32_t ir_capture_value
;
134 uint8_t *expected
; /**< Capture-IR expected value */
135 uint32_t ir_capture_mask
;
136 uint8_t *expected_mask
; /**< Capture-IR expected mask */
137 uint32_t idcode
; /**< device identification code */
138 /** not all devices have idcode,
139 * we'll discover this during chain examination */
142 /** Array of expected identification codes */
143 uint32_t *expected_ids
;
144 /** Number of expected identification codes */
145 uint8_t expected_ids_cnt
;
147 /** Flag saying whether to ignore version field in expected_ids[] */
150 /** current instruction */
152 /** Bypass register selected */
155 struct jtag_tap_event_action
*event_action
;
157 struct jtag_tap
*next_tap
;
158 /* dap instance if some null if no instance , initialized to 0 by calloc*/
159 struct adiv5_dap
*dap
;
160 /* private pointer to support none-jtag specific functions */
164 void jtag_tap_init(struct jtag_tap
*tap
);
165 void jtag_tap_free(struct jtag_tap
*tap
);
167 struct jtag_tap
*jtag_all_taps(void);
168 const char *jtag_tap_name(const struct jtag_tap
*tap
);
169 struct jtag_tap
*jtag_tap_by_string(const char* dotted_name
);
170 struct jtag_tap
*jtag_tap_by_jim_obj(Jim_Interp
* interp
, Jim_Obj
*obj
);
171 struct jtag_tap
*jtag_tap_by_position(unsigned abs_position
);
172 struct jtag_tap
*jtag_tap_next_enabled(struct jtag_tap
*p
);
173 unsigned jtag_tap_count_enabled(void);
174 unsigned jtag_tap_count(void);
177 * - TRST_ASSERTED triggers two sets of callbacks, after operations to
178 * reset the scan chain -- via TMS+TCK signaling, or deasserting the
179 * nTRST signal -- are queued:
181 * + Callbacks in C code fire first, patching internal state
182 * + Then post-reset event scripts fire ... activating JTAG circuits
183 * via TCK cycles, exiting SWD mode via TMS sequences, etc
185 * During those callbacks, scan chain contents have not been validated.
186 * JTAG operations that address a specific TAP (primarily DR/IR scans)
187 * must *not* be queued.
189 * - TAP_EVENT_SETUP is reported after TRST_ASSERTED, and after the scan
190 * chain has been validated. JTAG operations including scans that
191 * target specific TAPs may be performed.
193 * - TAP_EVENT_ENABLE and TAP_EVENT_DISABLE implement TAP activation and
194 * deactivation outside the core using scripted code that understands
195 * the specific JTAG router type. They might be triggered indirectly
196 * from EVENT_SETUP operations.
200 JTAG_TAP_EVENT_SETUP
,
201 JTAG_TAP_EVENT_ENABLE
,
202 JTAG_TAP_EVENT_DISABLE
,
205 struct jtag_tap_event_action
{
206 /** The event for which this action will be triggered. */
207 enum jtag_event event
;
208 /** The interpreter to use for evaluating the @c body. */
210 /** Contains a script to 'eval' when the @c event is triggered. */
212 /* next action in linked list */
213 struct jtag_tap_event_action
*next
;
217 * Defines the function signature requide for JTAG event callback
218 * functions, which are added with jtag_register_event_callback()
219 * and removed jtag_unregister_event_callback().
220 * @param event The event to handle.
221 * @param prive A pointer to data that was passed to
222 * jtag_register_event_callback().
223 * @returns Must return ERROR_OK on success, or an error code on failure.
225 * @todo Change to return void or define a use for its return code.
227 typedef int (*jtag_event_handler_t
)(enum jtag_event event
, void *priv
);
229 int jtag_register_event_callback(jtag_event_handler_t f
, void *x
);
230 int jtag_unregister_event_callback(jtag_event_handler_t f
, void *x
);
232 int jtag_call_event_callbacks(enum jtag_event event
);
235 /** @returns The current JTAG speed setting. */
236 int jtag_get_speed(int *speed
);
239 * Given a @a speed setting, use the interface @c speed_div callback to
240 * adjust the setting.
241 * @param speed The speed setting to convert back to readable KHz.
242 * @returns ERROR_OK if the interface has not been initialized or on success;
243 * otherwise, the error code produced by the @c speed_div callback.
245 int jtag_get_speed_readable(int *speed
);
247 /** Attempt to configure the interface for the specified KHz. */
248 int jtag_config_khz(unsigned khz
);
251 * Attempt to enable RTCK/RCLK. If that fails, fallback to the
252 * specified frequency.
254 int jtag_config_rclk(unsigned fallback_speed_khz
);
256 /** Retreives the clock speed of the JTAG interface in KHz. */
257 unsigned jtag_get_speed_khz(void);
261 RESET_HAS_TRST
= 0x1,
262 RESET_HAS_SRST
= 0x2,
263 RESET_TRST_AND_SRST
= 0x3,
264 RESET_SRST_PULLS_TRST
= 0x4,
265 RESET_TRST_PULLS_SRST
= 0x8,
266 RESET_TRST_OPEN_DRAIN
= 0x10,
267 RESET_SRST_PUSH_PULL
= 0x20,
268 RESET_SRST_NO_GATING
= 0x40,
271 enum reset_types
jtag_get_reset_config(void);
272 void jtag_set_reset_config(enum reset_types type
);
274 void jtag_set_nsrst_delay(unsigned delay
);
275 unsigned jtag_get_nsrst_delay(void);
277 void jtag_set_ntrst_delay(unsigned delay
);
278 unsigned jtag_get_ntrst_delay(void);
280 void jtag_set_nsrst_assert_width(unsigned delay
);
281 unsigned jtag_get_nsrst_assert_width(void);
283 void jtag_set_ntrst_assert_width(unsigned delay
);
284 unsigned jtag_get_ntrst_assert_width(void);
286 /** @returns The current state of TRST. */
287 int jtag_get_trst(void);
288 /** @returns The current state of SRST. */
289 int jtag_get_srst(void);
291 /** Enable or disable data scan verification checking. */
292 void jtag_set_verify(bool enable
);
293 /** @returns True if data scan verification will be performed. */
294 bool jtag_will_verify(void);
296 /** Enable or disable verification of IR scan checking. */
297 void jtag_set_verify_capture_ir(bool enable
);
298 /** @returns True if IR scan verification will be performed. */
299 bool jtag_will_verify_capture_ir(void);
301 /** Initialize debug adapter upon startup. */
302 int adapter_init(struct command_context
*cmd_ctx
);
304 /** Shutdown the debug adapter upon program exit. */
305 int adapter_quit(void);
307 /** Set ms to sleep after jtag_execute_queue() flushes queue. Debug purposes. */
308 void jtag_set_flush_queue_sleep(int ms
);
311 * Initialize JTAG chain using only a RESET reset. If init fails,
314 int jtag_init(struct command_context
*cmd_ctx
);
316 /** reset, then initialize JTAG chain */
317 int jtag_init_reset(struct command_context
*cmd_ctx
);
318 int jtag_register_commands(struct command_context
*cmd_ctx
);
319 int jtag_init_inner(struct command_context
*cmd_ctx
);
323 * The JTAG interface can be implemented with a software or hardware fifo.
325 * TAP_DRSHIFT and TAP_IRSHIFT are illegal end states; however,
326 * TAP_DRSHIFT/IRSHIFT can be emulated as end states, by using longer
329 * Code that is relatively insensitive to the path taken through state
330 * machine (as long as it is JTAG compliant) can use @a endstate for
331 * jtag_add_xxx_scan(). Otherwise, the pause state must be specified as
332 * end state and a subsequent jtag_add_pathmove() must be issued.
336 * Generate an IR SCAN with a list of scan fields with one entry for
339 * If the input field list contains an instruction value for a TAP then
340 * that is used otherwise the TAP is set to bypass.
342 * TAPs for which no fields are passed are marked as bypassed for
343 * subsequent DR SCANs.
346 void jtag_add_ir_scan(struct jtag_tap
*tap
,
347 struct scan_field
*fields
, tap_state_t endstate
);
349 * The same as jtag_add_ir_scan except no verification is performed out
352 void jtag_add_ir_scan_noverify(struct jtag_tap
*tap
,
353 const struct scan_field
*fields
, tap_state_t state
);
355 * Scan out the bits in ir scan mode.
357 * If in_bits == NULL, discard incoming bits.
359 void jtag_add_plain_ir_scan(int num_bits
, const uint8_t *out_bits
, uint8_t *in_bits
,
360 tap_state_t endstate
);
363 * Generate a DR SCAN using the fields passed to the function.
364 * For connected TAPs, the function checks in_fields and uses fields
365 * specified there. For bypassed TAPs, the function generates a dummy
366 * 1-bit field. The bypass status of TAPs is set by jtag_add_ir_scan().
368 void jtag_add_dr_scan(struct jtag_tap
*tap
, int num_fields
,
369 const struct scan_field
*fields
, tap_state_t endstate
);
370 /** A version of jtag_add_dr_scan() that uses the check_value/mask fields */
371 void jtag_add_dr_scan_check(struct jtag_tap
*tap
, int num_fields
,
372 struct scan_field
*fields
, tap_state_t endstate
);
374 * Scan out the bits in ir scan mode.
376 * If in_bits == NULL, discard incoming bits.
378 void jtag_add_plain_dr_scan(int num_bits
,
379 const uint8_t *out_bits
, uint8_t *in_bits
, tap_state_t endstate
);
382 * Defines the type of data passed to the jtag_callback_t interface.
383 * The underlying type must allow storing an @c int or pointer type.
385 typedef intptr_t jtag_callback_data_t
;
388 * Defines a simple JTAG callback that can allow conversions on data
389 * scanned in from an interface.
391 * This callback should only be used for conversion that cannot fail.
392 * For conversion types or checks that can fail, use the more complete
393 * variant: jtag_callback_t.
395 typedef void (*jtag_callback1_t
)(jtag_callback_data_t data0
);
397 /** A simpler version of jtag_add_callback4(). */
398 void jtag_add_callback(jtag_callback1_t
, jtag_callback_data_t data0
);
402 * Defines the interface of the JTAG callback mechanism. Such
403 * callbacks can be executed once the queue has been flushed.
405 * The JTAG queue can be executed synchronously or asynchronously.
406 * Typically for USB, the queue is executed asynchronously. For
407 * low-latency interfaces, the queue may be executed synchronously.
409 * The callback mechanism is very general and does not make many
410 * assumptions about what the callback does or what its arguments are.
411 * These callbacks are typically executed *after* the *entire* JTAG
412 * queue has been executed for e.g. USB interfaces, and they are
413 * guaranteeed to be invoked in the order that they were queued.
415 * If the execution of the queue fails before the callbacks, then --
416 * depending on driver implementation -- the callbacks may or may not be
419 * @todo Make that behavior consistent.
421 * @param data0 Typically used to point to the data to operate on.
422 * Frequently this will be the data clocked in during a shift operation.
423 * @param data1 An integer big enough to use as an @c int or a pointer.
424 * @param data2 An integer big enough to use as an @c int or a pointer.
425 * @param data3 An integer big enough to use as an @c int or a pointer.
426 * @returns an error code
428 typedef int (*jtag_callback_t
)(jtag_callback_data_t data0
,
429 jtag_callback_data_t data1
,
430 jtag_callback_data_t data2
,
431 jtag_callback_data_t data3
);
434 * Run a TAP_RESET reset where the end state is TAP_RESET,
435 * regardless of the start state.
437 void jtag_add_tlr(void);
440 * Application code *must* assume that interfaces will
441 * implement transitions between states with different
442 * paths and path lengths through the state diagram. The
443 * path will vary across interface and also across versions
444 * of the same interface over time. Even if the OpenOCD code
445 * is unchanged, the actual path taken may vary over time
446 * and versions of interface firmware or PCB revisions.
448 * Use jtag_add_pathmove() when specific transition sequences
451 * Do not use jtag_add_pathmove() unless you need to, but do use it
454 * DANGER! If the target is dependent upon a particular sequence
455 * of transitions for things to work correctly(e.g. as a workaround
456 * for an errata that contradicts the JTAG standard), then pathmove
457 * must be used, even if some jtag interfaces happen to use the
458 * desired path. Worse, the jtag interface used for testing a
459 * particular implementation, could happen to use the "desired"
460 * path when transitioning to/from end
463 * A list of unambigious single clock state transitions, not
464 * all drivers can support this, but it is required for e.g.
465 * XScale and Xilinx support
467 * Note! TAP_RESET must not be used in the path!
469 * Note that the first on the list must be reachable
470 * via a single transition from the current state.
472 * All drivers are required to implement jtag_add_pathmove().
473 * However, if the pathmove sequence can not be precisely
474 * executed, an interface_jtag_add_pathmove() or jtag_execute_queue()
475 * must return an error. It is legal, but not recommended, that
476 * a driver returns an error in all cases for a pathmove if it
477 * can only implement a few transitions and therefore
478 * a partial implementation of pathmove would have little practical
481 * If an error occurs, jtag_error will contain one of these error codes:
482 * - ERROR_JTAG_NOT_STABLE_STATE -- The final state was not stable.
483 * - ERROR_JTAG_STATE_INVALID -- The path passed through TAP_RESET.
484 * - ERROR_JTAG_TRANSITION_INVALID -- The path includes invalid
487 void jtag_add_pathmove(int num_states
, const tap_state_t
*path
);
490 * jtag_add_statemove() moves from the current state to @a goal_state.
492 * @param goal_state The final TAP state.
493 * @return ERROR_OK on success, or an error code on failure.
495 * Moves from the current state to the goal \a state.
496 * Both states must be stable.
498 int jtag_add_statemove(tap_state_t goal_state
);
501 * Goes to TAP_IDLE (if we're not already there), cycle
502 * precisely num_cycles in the TAP_IDLE state, after which move
503 * to @a endstate (unless it is also TAP_IDLE).
505 * @param num_cycles Number of cycles in TAP_IDLE state. This argument
506 * may be 0, in which case this routine will navigate to @a endstate
508 * @param endstate The final state.
510 void jtag_add_runtest(int num_cycles
, tap_state_t endstate
);
513 * A reset of the TAP state machine can be requested.
515 * Whether tms or trst reset is used depends on the capabilities of
516 * the target and jtag interface(reset_config command configures this).
518 * srst can driver a reset of the TAP state machine and vice
521 * Application code may need to examine value of jtag_reset_config
522 * to determine the proper codepath
524 * DANGER! Even though srst drives trst, trst might not be connected to
525 * the interface, and it might actually be *harmful* to assert trst in this case.
527 * This is why combinations such as "reset_config srst_only srst_pulls_trst"
530 * only req_tlr_or_trst and srst can have a transition for a
531 * call as the effects of transitioning both at the "same time"
532 * are undefined, but when srst_pulls_trst or vice versa,
533 * then trst & srst *must* be asserted together.
535 void jtag_add_reset(int req_tlr_or_trst
, int srst
);
537 void jtag_add_sleep(uint32_t us
);
539 int jtag_add_tms_seq(unsigned nbits
, const uint8_t *seq
, enum tap_state t
);
542 * Function jtag_add_clocks
543 * first checks that the state in which the clocks are to be issued is
544 * stable, then queues up num_cycles clocks for transmission.
546 void jtag_add_clocks(int num_cycles
);
549 * For software FIFO implementations, the queued commands can be executed
550 * during this call or earlier. A sw queue might decide to push out
551 * some of the jtag_add_xxx() operations once the queue is "big enough".
553 * This fn will return an error code if any of the prior jtag_add_xxx()
554 * calls caused a failure, e.g. check failure. Note that it does not
555 * matter if the operation was executed *before* jtag_execute_queue(),
556 * jtag_execute_queue() will still return an error code.
558 * All jtag_add_xxx() calls that have in_handler != NULL will have been
559 * executed when this fn returns, but if what has been queued only
560 * clocks data out, without reading anything back, then JTAG could
561 * be running *after* jtag_execute_queue() returns. The API does
562 * not define a way to flush a hw FIFO that runs *after*
563 * jtag_execute_queue() returns.
565 * jtag_add_xxx() commands can either be executed immediately or
566 * at some time between the jtag_add_xxx() fn call and jtag_execute_queue().
568 int jtag_execute_queue(void);
570 /** same as jtag_execute_queue() but does not clear the error flag */
571 void jtag_execute_queue_noclear(void);
573 /** @returns the number of times the scan queue has been flushed */
574 int jtag_get_flush_queue_count(void);
576 /** Report Tcl event to all TAPs */
577 void jtag_notify_event(enum jtag_event
);
579 /* can be implemented by hw + sw */
580 int jtag_power_dropout(int *dropout
);
581 int jtag_srst_asserted(int *srst_asserted
);
583 /* JTAG support functions */
586 * Execute jtag queue and check value with an optional mask.
587 * @param field Pointer to scan field.
588 * @param value Pointer to scan value.
589 * @param mask Pointer to scan mask; may be NULL.
590 * @returns Nothing, but calls jtag_set_error() on any error.
592 void jtag_check_value_mask(struct scan_field
*field
, uint8_t *value
, uint8_t *mask
);
594 void jtag_sleep(uint32_t us
);
597 * The JTAG subsystem defines a number of error codes,
598 * using codes between -100 and -199.
600 #define ERROR_JTAG_INIT_FAILED (-100)
601 #define ERROR_JTAG_INVALID_INTERFACE (-101)
602 #define ERROR_JTAG_NOT_IMPLEMENTED (-102)
603 #define ERROR_JTAG_TRST_ASSERTED (-103)
604 #define ERROR_JTAG_QUEUE_FAILED (-104)
605 #define ERROR_JTAG_NOT_STABLE_STATE (-105)
606 #define ERROR_JTAG_DEVICE_ERROR (-107)
607 #define ERROR_JTAG_STATE_INVALID (-108)
608 #define ERROR_JTAG_TRANSITION_INVALID (-109)
609 #define ERROR_JTAG_INIT_SOFT_FAIL (-110)
612 * jtag_add_dr_out() is a version of jtag_add_dr_scan() which
613 * only scans data out. It operates on 32 bit integers instead
614 * of 8 bit, which makes it a better impedance match with
615 * the calling code which often operate on 32 bit integers.
617 * Current or end_state can not be TAP_RESET. end_state can be TAP_INVALID
619 * num_bits[i] is the number of bits to clock out from value[i] LSB first.
621 * If the device is in bypass, then that is an error condition in
622 * the caller code that is not detected by this fn, whereas
623 * jtag_add_dr_scan() does detect it. Similarly if the device is not in
624 * bypass, data must be passed to it.
626 * If anything fails, then jtag_error will be set and jtag_execute() will
627 * return an error. There is no way to determine if there was a failure
628 * during this function call.
630 * This is an inline fn to speed up embedded hosts. Also note that
631 * interface_jtag_add_dr_out() can be a *small* inline function for
634 * There is no jtag_add_dr_outin() version of this fn that also allows
635 * clocking data back in. Patches gladly accepted!
639 * Set the current JTAG core execution error, unless one was set
640 * by a previous call previously. Driver or application code must
641 * use jtag_error_clear to reset jtag_error once this routine has been
642 * called with a non-zero error code.
644 void jtag_set_error(int error
);
646 * Resets jtag_error to ERROR_OK, returning its previous value.
647 * @returns The previous value of @c jtag_error.
649 int jtag_error_clear(void);
652 * Return true if it's safe for a background polling task to access the
653 * JTAG scan chain. Polling may be explicitly disallowed, and is also
654 * unsafe while nTRST is active or the JTAG clock is gated off.
656 bool is_jtag_poll_safe(void);
659 * Return flag reporting whether JTAG polling is disallowed.
661 bool jtag_poll_get_enabled(void);
664 * Assign flag reporting whether JTAG polling is disallowed.
666 void jtag_poll_set_enabled(bool value
);
669 /* The minidriver may have inline versions of some of the low
670 * level APIs that are used in inner loops. */
671 #include <jtag/minidriver.h>
673 bool transport_is_jtag(void);
675 int jim_jtag_newtap(Jim_Interp
*interp
, int argc
, Jim_Obj
*const *argv
);