1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
26 #include <helper/binarybuffer.h>
27 #include <helper/log.h>
29 #ifdef _DEBUG_JTAG_IO_
30 #define DEBUG_JTAG_IO(expr ...) \
31 do { if (1) LOG_DEBUG(expr); } while (0)
33 #define DEBUG_JTAG_IO(expr ...) \
34 do { if (0) LOG_DEBUG(expr); } while (0)
37 #ifndef DEBUG_JTAG_IOZ
38 #define DEBUG_JTAG_IOZ 64
41 /*-----</Macros>-------------------------------------------------*/
44 * Defines JTAG Test Access Port states.
46 * These definitions were gleaned from the ARM7TDMI-S Technical
47 * Reference Manual and validated against several other ARM core
50 * FIXME some interfaces require specific numbers be used, as they
51 * are handed-off directly to their hardware implementations.
52 * Fix those drivers to map as appropriate ... then pick some
53 * sane set of numbers here (where 0/uninitialized == INVALID).
55 typedef enum tap_state
60 /* These are the old numbers. Leave as-is for now... */
61 TAP_RESET = 0, TAP_IDLE = 8,
62 TAP_DRSELECT = 1, TAP_DRCAPTURE = 2, TAP_DRSHIFT = 3, TAP_DREXIT1 = 4,
63 TAP_DRPAUSE = 5, TAP_DREXIT2 = 6, TAP_DRUPDATE = 7,
64 TAP_IRSELECT = 9, TAP_IRCAPTURE = 10, TAP_IRSHIFT = 11, TAP_IREXIT1 = 12,
65 TAP_IRPAUSE = 13, TAP_IREXIT2 = 14, TAP_IRUPDATE = 15,
68 /* Proper ARM recommended numbers */
90 * Function tap_state_name
91 * Returns a string suitable for display representing the JTAG tap_state
93 const char *tap_state_name(tap_state_t state);
95 /// Provides user-friendly name lookup of TAP states.
96 tap_state_t tap_state_by_name(const char *name);
98 /// The current TAP state of the pending JTAG command queue.
99 extern tap_state_t cmd_queue_cur_state;
102 * This structure defines a single scan field in the scan. It provides
103 * fields for the field's width and pointers to scan input and output
106 * In addition, this structure includes a value and mask that is used by
107 * jtag_add_dr_scan_check() to validate the value that was scanned out.
109 * The allocated, modified, and intmp fields are internal work space.
112 /// A pointer to the tap structure to which this field refers.
113 struct jtag_tap* tap;
115 /// The number of bits this field specifies (up to 32)
117 /// A pointer to value to be scanned into the device
119 /// A pointer to a 32-bit memory location for data scanned out
122 /// The value used to check the data scanned out.
123 uint8_t* check_value;
124 /// The mask to go with check_value
127 /// in_value has been allocated for the queue
129 /// Indicates we modified the in_value.
131 /// temporary storage for performing value checks synchronously
138 const char* dotted_name;
139 int abs_chain_position;
140 /// Is this TAP disabled after JTAG reset?
141 bool disabled_after_reset;
142 /// Is this TAP currently enabled?
144 int ir_length; /**< size of instruction register */
145 uint32_t ir_capture_value;
146 uint8_t* expected; /**< Capture-IR expected value */
147 uint32_t ir_capture_mask;
148 uint8_t* expected_mask; /**< Capture-IR expected mask */
149 uint32_t idcode; /**< device identification code */
150 /** not all devices have idcode,
151 * we'll discover this during chain examination */
154 /// Array of expected identification codes */
155 uint32_t* expected_ids;
156 /// Number of expected identification codes
157 uint8_t expected_ids_cnt;
159 /// current instruction
161 /// Bypass register selected
164 struct jtag_tap_event_action *event_action;
166 struct jtag_tap* next_tap;
169 void jtag_tap_init(struct jtag_tap *tap);
170 void jtag_tap_free(struct jtag_tap *tap);
172 struct jtag_tap* jtag_all_taps(void);
173 const char *jtag_tap_name(const struct jtag_tap *tap);
174 struct jtag_tap* jtag_tap_by_string(const char* dotted_name);
175 struct jtag_tap* jtag_tap_by_jim_obj(Jim_Interp* interp, Jim_Obj* obj);
176 struct jtag_tap* jtag_tap_next_enabled(struct jtag_tap* p);
177 unsigned jtag_tap_count_enabled(void);
178 unsigned jtag_tap_count(void);
182 * - TRST_ASSERTED triggers two sets of callbacks, after operations to
183 * reset the scan chain -- via TMS+TCK signaling, or deasserting the
184 * nTRST signal -- are queued:
186 * + Callbacks in C code fire first, patching internal state
187 * + Then post-reset event scripts fire ... activating JTAG circuits
188 * via TCK cycles, exiting SWD mode via TMS sequences, etc
190 * During those callbacks, scan chain contents have not been validated.
191 * JTAG operations that address a specific TAP (primarily DR/IR scans)
192 * must *not* be queued.
194 * - TAP_EVENT_SETUP is reported after TRST_ASSERTED, and after the scan
195 * chain has been validated. JTAG operations including scans that
196 * target specific TAPs may be performed.
198 * - TAP_EVENT_ENABLE and TAP_EVENT_DISABLE implement TAP activation and
199 * deactivation outside the core using scripted code that understands
200 * the specific JTAG router type. They might be triggered indirectly
201 * from EVENT_SETUP operations.
205 JTAG_TAP_EVENT_SETUP,
206 JTAG_TAP_EVENT_ENABLE,
207 JTAG_TAP_EVENT_DISABLE,
210 struct jtag_tap_event_action
212 /// The event for which this action will be triggered.
213 enum jtag_event event;
214 /// The interpreter to use for evaluating the @c body.
216 /// Contains a script to 'eval' when the @c event is triggered.
218 // next action in linked list
219 struct jtag_tap_event_action *next;
223 * Defines the function signature requide for JTAG event callback
224 * functions, which are added with jtag_register_event_callback()
225 * and removed jtag_unregister_event_callback().
226 * @param event The event to handle.
227 * @param prive A pointer to data that was passed to
228 * jtag_register_event_callback().
229 * @returns Must return ERROR_OK on success, or an error code on failure.
231 * @todo Change to return void or define a use for its return code.
233 typedef int (*jtag_event_handler_t)(enum jtag_event event, void* priv);
235 int jtag_register_event_callback(jtag_event_handler_t f, void *x);
236 int jtag_unregister_event_callback(jtag_event_handler_t f, void *x);
238 int jtag_call_event_callbacks(enum jtag_event event);
241 /// @returns The current JTAG speed setting.
242 int jtag_get_speed(void);
245 * Given a @a speed setting, use the interface @c speed_div callback to
246 * adjust the setting.
247 * @param speed The speed setting to convert back to readable KHz.
248 * @returns ERROR_OK if the interface has not been initialized or on success;
249 * otherwise, the error code produced by the @c speed_div callback.
251 int jtag_get_speed_readable(int *speed);
253 /// Attempt to configure the interface for the specified KHz.
254 int jtag_config_khz(unsigned khz);
257 * Attempt to enable RTCK/RCLK. If that fails, fallback to the
258 * specified frequency.
260 int jtag_config_rclk(unsigned fallback_speed_khz);
262 /// Retreives the clock speed of the JTAG interface in KHz.
263 unsigned jtag_get_speed_khz(void);
268 RESET_HAS_TRST = 0x1,
269 RESET_HAS_SRST = 0x2,
270 RESET_TRST_AND_SRST = 0x3,
271 RESET_SRST_PULLS_TRST = 0x4,
272 RESET_TRST_PULLS_SRST = 0x8,
273 RESET_TRST_OPEN_DRAIN = 0x10,
274 RESET_SRST_PUSH_PULL = 0x20,
275 RESET_SRST_NO_GATING = 0x40,
278 enum reset_types jtag_get_reset_config(void);
279 void jtag_set_reset_config(enum reset_types type);
281 void jtag_set_nsrst_delay(unsigned delay);
282 unsigned jtag_get_nsrst_delay(void);
284 void jtag_set_ntrst_delay(unsigned delay);
285 unsigned jtag_get_ntrst_delay(void);
287 void jtag_set_nsrst_assert_width(unsigned delay);
288 unsigned jtag_get_nsrst_assert_width(void);
290 void jtag_set_ntrst_assert_width(unsigned delay);
291 unsigned jtag_get_ntrst_assert_width(void);
293 /// @returns The current state of TRST.
294 int jtag_get_trst(void);
295 /// @returns The current state of SRST.
296 int jtag_get_srst(void);
298 /// Enable or disable data scan verification checking.
299 void jtag_set_verify(bool enable);
300 /// @returns True if data scan verification will be performed.
301 bool jtag_will_verify(void);
303 /// Enable or disable verification of IR scan checking.
304 void jtag_set_verify_capture_ir(bool enable);
305 /// @returns True if IR scan verification will be performed.
306 bool jtag_will_verify_capture_ir(void);
309 * Initialize interface upon startup. Return a successful no-op upon
310 * subsequent invocations.
312 int jtag_interface_init(struct command_context* cmd_ctx);
314 /// Shutdown the JTAG interface upon program exit.
315 int jtag_interface_quit(void);
318 * Initialize JTAG chain using only a RESET reset. If init fails,
321 int jtag_init(struct command_context* cmd_ctx);
323 /// reset, then initialize JTAG chain
324 int jtag_init_reset(struct command_context* cmd_ctx);
325 int jtag_register_commands(struct command_context* cmd_ctx);
326 int jtag_init_inner(struct command_context *cmd_ctx);
330 * The JTAG interface can be implemented with a software or hardware fifo.
332 * TAP_DRSHIFT and TAP_IRSHIFT are illegal end states; however,
333 * TAP_DRSHIFT/IRSHIFT can be emulated as end states, by using longer
336 * Code that is relatively insensitive to the path taken through state
337 * machine (as long as it is JTAG compliant) can use @a endstate for
338 * jtag_add_xxx_scan(). Otherwise, the pause state must be specified as
339 * end state and a subsequent jtag_add_pathmove() must be issued.
343 * Generate an IR SCAN with a list of scan fields with one entry for
346 * If the input field list contains an instruction value for a TAP then
347 * that is used otherwise the TAP is set to bypass.
349 * TAPs for which no fields are passed are marked as bypassed for
350 * subsequent DR SCANs.
353 void jtag_add_ir_scan(int num_fields,
354 struct scan_field* fields, tap_state_t endstate);
356 * The same as jtag_add_ir_scan except no verification is performed out
359 void jtag_add_ir_scan_noverify(int num_fields,
360 const struct scan_field *fields, tap_state_t state);
362 * Duplicate the scan fields passed into the function into an IR SCAN
363 * command. This function assumes that the caller handles extra fields
366 void jtag_add_plain_ir_scan(int num_fields,
367 const struct scan_field* fields, tap_state_t endstate);
371 * Set in_value to point to 32 bits of memory to scan into. This
372 * function is a way to handle the case of synchronous and asynchronous
375 * In the event of an asynchronous queue execution the queue buffer
376 * allocation method is used, for the synchronous case the temporary 32
377 * bits come from the input field itself.
379 void jtag_alloc_in_value32(struct scan_field *field);
382 * Generate a DR SCAN using the fields passed to the function.
383 * For connected TAPs, the function checks in_fields and uses fields
384 * specified there. For bypassed TAPs, the function generates a dummy
385 * 1-bit field. The bypass status of TAPs is set by jtag_add_ir_scan().
387 void jtag_add_dr_scan(int num_fields,
388 const struct scan_field* fields, tap_state_t endstate);
389 /// A version of jtag_add_dr_scan() that uses the check_value/mask fields
390 void jtag_add_dr_scan_check(int num_fields,
391 struct scan_field* fields, tap_state_t endstate);
393 * Duplicate the scan fields passed into the function into a DR SCAN
394 * command. Unlike jtag_add_dr_scan(), this function assumes that the
395 * caller handles extra fields for bypassed TAPs.
397 void jtag_add_plain_dr_scan(int num_fields,
398 const struct scan_field* fields, tap_state_t endstate);
401 * Defines the type of data passed to the jtag_callback_t interface.
402 * The underlying type must allow storing an @c int or pointer type.
404 typedef intptr_t jtag_callback_data_t;
407 * Defines a simple JTAG callback that can allow conversions on data
408 * scanned in from an interface.
410 * This callback should only be used for conversion that cannot fail.
411 * For conversion types or checks that can fail, use the more complete
412 * variant: jtag_callback_t.
414 typedef void (*jtag_callback1_t)(jtag_callback_data_t data0);
416 /// A simpler version of jtag_add_callback4().
417 void jtag_add_callback(jtag_callback1_t, jtag_callback_data_t data0);
422 * Defines the interface of the JTAG callback mechanism.
424 * @param in the pointer to the data clocked in
425 * @param data1 An integer big enough to use as an @c int or a pointer.
426 * @param data2 An integer big enough to use as an @c int or a pointer.
427 * @param data3 An integer big enough to use as an @c int or a pointer.
428 * @returns an error code
430 typedef int (*jtag_callback_t)(jtag_callback_data_t data0,
431 jtag_callback_data_t data1,
432 jtag_callback_data_t data2,
433 jtag_callback_data_t data3);
437 * This callback can be executed immediately the queue has been flushed.
439 * The JTAG queue can be executed synchronously or asynchronously.
440 * Typically for USB, the queue is executed asynchronously. For
441 * low-latency interfaces, the queue may be executed synchronously.
443 * The callback mechanism is very general and does not make many
444 * assumptions about what the callback does or what its arguments are.
445 * These callbacks are typically executed *after* the *entire* JTAG
446 * queue has been executed for e.g. USB interfaces, and they are
447 * guaranteeed to be invoked in the order that they were queued.
449 * If the execution of the queue fails before the callbacks, then --
450 * depending on driver implementation -- the callbacks may or may not be
451 * invoked. @todo Can we make this behavior consistent?
453 * The strange name is due to C's lack of overloading using function
456 * @param f The callback function to add.
457 * @param data0 Typically used to point to the data to operate on.
458 * Frequently this will be the data clocked in during a shift operation.
459 * @param data1 An integer big enough to use as an @c int or a pointer.
460 * @param data2 An integer big enough to use as an @c int or a pointer.
461 * @param data3 An integer big enough to use as an @c int or a pointer.
466 * Run a TAP_RESET reset where the end state is TAP_RESET,
467 * regardless of the start state.
469 void jtag_add_tlr(void);
472 * Application code *must* assume that interfaces will
473 * implement transitions between states with different
474 * paths and path lengths through the state diagram. The
475 * path will vary across interface and also across versions
476 * of the same interface over time. Even if the OpenOCD code
477 * is unchanged, the actual path taken may vary over time
478 * and versions of interface firmware or PCB revisions.
480 * Use jtag_add_pathmove() when specific transition sequences
483 * Do not use jtag_add_pathmove() unless you need to, but do use it
486 * DANGER! If the target is dependent upon a particular sequence
487 * of transitions for things to work correctly(e.g. as a workaround
488 * for an errata that contradicts the JTAG standard), then pathmove
489 * must be used, even if some jtag interfaces happen to use the
490 * desired path. Worse, the jtag interface used for testing a
491 * particular implementation, could happen to use the "desired"
492 * path when transitioning to/from end
495 * A list of unambigious single clock state transitions, not
496 * all drivers can support this, but it is required for e.g.
497 * XScale and Xilinx support
499 * Note! TAP_RESET must not be used in the path!
501 * Note that the first on the list must be reachable
502 * via a single transition from the current state.
504 * All drivers are required to implement jtag_add_pathmove().
505 * However, if the pathmove sequence can not be precisely
506 * executed, an interface_jtag_add_pathmove() or jtag_execute_queue()
507 * must return an error. It is legal, but not recommended, that
508 * a driver returns an error in all cases for a pathmove if it
509 * can only implement a few transitions and therefore
510 * a partial implementation of pathmove would have little practical
513 * If an error occurs, jtag_error will contain one of these error codes:
514 * - ERROR_JTAG_NOT_STABLE_STATE -- The final state was not stable.
515 * - ERROR_JTAG_STATE_INVALID -- The path passed through TAP_RESET.
516 * - ERROR_JTAG_TRANSITION_INVALID -- The path includes invalid
519 void jtag_add_pathmove(int num_states, const tap_state_t* path);
522 * jtag_add_statemove() moves from the current state to @a goal_state.
524 * @param goal_state The final TAP state.
525 * @return ERROR_OK on success, or an error code on failure.
527 * Moves from the current state to the goal \a state.
528 * Both states must be stable.
530 int jtag_add_statemove(tap_state_t goal_state);
533 * Goes to TAP_IDLE (if we're not already there), cycle
534 * precisely num_cycles in the TAP_IDLE state, after which move
535 * to @a endstate (unless it is also TAP_IDLE).
537 * @param num_cycles Number of cycles in TAP_IDLE state. This argument
538 * may be 0, in which case this routine will navigate to @a endstate
540 * @param endstate The final state.
542 void jtag_add_runtest(int num_cycles, tap_state_t endstate);
545 * A reset of the TAP state machine can be requested.
547 * Whether tms or trst reset is used depends on the capabilities of
548 * the target and jtag interface(reset_config command configures this).
550 * srst can driver a reset of the TAP state machine and vice
553 * Application code may need to examine value of jtag_reset_config
554 * to determine the proper codepath
556 * DANGER! Even though srst drives trst, trst might not be connected to
557 * the interface, and it might actually be *harmful* to assert trst in this case.
559 * This is why combinations such as "reset_config srst_only srst_pulls_trst"
562 * only req_tlr_or_trst and srst can have a transition for a
563 * call as the effects of transitioning both at the "same time"
564 * are undefined, but when srst_pulls_trst or vice versa,
565 * then trst & srst *must* be asserted together.
567 void jtag_add_reset(int req_tlr_or_trst, int srst);
571 * Function jtag_set_end_state
573 * Set a global variable to \a state if \a state != TAP_INVALID.
575 * Return the value of the global variable.
578 tap_state_t jtag_set_end_state(tap_state_t state);
580 * Function jtag_get_end_state
582 * Return the value of the global variable for end state
585 tap_state_t jtag_get_end_state(void);
586 void jtag_add_sleep(uint32_t us);
590 * Function jtag_add_stable_clocks
591 * first checks that the state in which the clocks are to be issued is
592 * stable, then queues up clock_count clocks for transmission.
594 void jtag_add_clocks(int num_cycles);
598 * For software FIFO implementations, the queued commands can be executed
599 * during this call or earlier. A sw queue might decide to push out
600 * some of the jtag_add_xxx() operations once the queue is "big enough".
602 * This fn will return an error code if any of the prior jtag_add_xxx()
603 * calls caused a failure, e.g. check failure. Note that it does not
604 * matter if the operation was executed *before* jtag_execute_queue(),
605 * jtag_execute_queue() will still return an error code.
607 * All jtag_add_xxx() calls that have in_handler != NULL will have been
608 * executed when this fn returns, but if what has been queued only
609 * clocks data out, without reading anything back, then JTAG could
610 * be running *after* jtag_execute_queue() returns. The API does
611 * not define a way to flush a hw FIFO that runs *after*
612 * jtag_execute_queue() returns.
614 * jtag_add_xxx() commands can either be executed immediately or
615 * at some time between the jtag_add_xxx() fn call and jtag_execute_queue().
617 int jtag_execute_queue(void);
619 /// same as jtag_execute_queue() but does not clear the error flag
620 void jtag_execute_queue_noclear(void);
622 /// @returns the number of times the scan queue has been flushed
623 int jtag_get_flush_queue_count(void);
625 /// Report Tcl event to all TAPs
626 void jtag_notify_event(enum jtag_event);
629 /* can be implemented by hw + sw */
630 int jtag_power_dropout(int* dropout);
631 int jtag_srst_asserted(int* srst_asserted);
633 /* JTAG support functions */
636 * Execute jtag queue and check value with an optional mask.
637 * @param field Pointer to scan field.
638 * @param value Pointer to scan value.
639 * @param mask Pointer to scan mask; may be NULL.
640 * @returns Nothing, but calls jtag_set_error() on any error.
642 void jtag_check_value_mask(struct scan_field *field, uint8_t *value, uint8_t *mask);
644 void jtag_sleep(uint32_t us);
647 * The JTAG subsystem defines a number of error codes,
648 * using codes between -100 and -199.
650 #define ERROR_JTAG_INIT_FAILED (-100)
651 #define ERROR_JTAG_INVALID_INTERFACE (-101)
652 #define ERROR_JTAG_NOT_IMPLEMENTED (-102)
653 #define ERROR_JTAG_TRST_ASSERTED (-103)
654 #define ERROR_JTAG_QUEUE_FAILED (-104)
655 #define ERROR_JTAG_NOT_STABLE_STATE (-105)
656 #define ERROR_JTAG_DEVICE_ERROR (-107)
657 #define ERROR_JTAG_STATE_INVALID (-108)
658 #define ERROR_JTAG_TRANSITION_INVALID (-109)
659 #define ERROR_JTAG_INIT_SOFT_FAIL (-110)
662 * jtag_add_dr_out() is a version of jtag_add_dr_scan() which
663 * only scans data out. It operates on 32 bit integers instead
664 * of 8 bit, which makes it a better impedance match with
665 * the calling code which often operate on 32 bit integers.
667 * Current or end_state can not be TAP_RESET. end_state can be TAP_INVALID
669 * num_bits[i] is the number of bits to clock out from value[i] LSB first.
671 * If the device is in bypass, then that is an error condition in
672 * the caller code that is not detected by this fn, whereas
673 * jtag_add_dr_scan() does detect it. Similarly if the device is not in
674 * bypass, data must be passed to it.
676 * If anything fails, then jtag_error will be set and jtag_execute() will
677 * return an error. There is no way to determine if there was a failure
678 * during this function call.
680 * This is an inline fn to speed up embedded hosts. Also note that
681 * interface_jtag_add_dr_out() can be a *small* inline function for
684 * There is no jtag_add_dr_outin() version of this fn that also allows
685 * clocking data back in. Patches gladly accepted!
690 * Set the current JTAG core execution error, unless one was set
691 * by a previous call previously. Driver or application code must
692 * use jtag_error_clear to reset jtag_error once this routine has been
693 * called with a non-zero error code.
695 void jtag_set_error(int error);
696 /// @returns The current value of jtag_error
697 int jtag_get_error(void);
699 * Resets jtag_error to ERROR_OK, returning its previous value.
700 * @returns The previous value of @c jtag_error.
702 int jtag_error_clear(void);
705 * Return true if it's safe for a background polling task to access the
706 * JTAG scan chain. Polling may be explicitly disallowed, and is also
707 * unsafe while nTRST is active or the JTAG clock is gated off.,
709 bool is_jtag_poll_safe(void);
712 * Return flag reporting whether JTAG polling is disallowed.
714 bool jtag_poll_get_enabled(void);
717 * Assign flag reporting whether JTAG polling is disallowed.
719 void jtag_poll_set_enabled(bool value);
722 /* The minidriver may have inline versions of some of the low
723 * level APIs that are used in inner loops. */
724 #include <jtag/minidriver.h>