1 /***************************************************************************
2 * Copyright (C) 2007-2010 by Øyvind Harboe *
4 * This program is free software; you can redistribute it and/or modify *
5 * it under the terms of the GNU General Public License as published by *
6 * the Free Software Foundation; either version 2 of the License, or *
7 * (at your option) any later version. *
9 * This program is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU General Public License for more details. *
14 * You should have received a copy of the GNU General Public License *
15 * along with this program; if not, write to the *
16 * Free Software Foundation, Inc., *
17 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ***************************************************************************/
20 /* This file supports the zy1000 debugger: http://www.zylin.com/zy1000.html
22 * The zy1000 is a standalone debugger that has a web interface and
23 * requires no drivers on the developer host as all communication
24 * is via TCP/IP. The zy1000 gets it performance(~400-700kBytes/s
25 * DCC downloads @ 16MHz target) as it has an FPGA to hardware
26 * accelerate the JTAG commands, while offering *very* low latency
27 * between OpenOCD and the FPGA registers.
29 * The disadvantage of the zy1000 is that it has a feeble CPU compared to
30 * a PC(ca. 50-500 DMIPS depending on how one counts it), whereas a PC
31 * is on the order of 10000 DMIPS(i.e. at a factor of 20-200).
33 * The zy1000 revc hardware is using an Altera Nios CPU, whereas the
34 * revb is using ARM7 + Xilinx.
36 * See Zylin web pages or contact Zylin for more information.
38 * The reason this code is in OpenOCD rather than OpenOCD linked with the
39 * ZY1000 code is that OpenOCD is the long road towards getting
40 * libopenocd into place. libopenocd will support both low performance,
41 * low latency systems(embedded) and high performance high latency
48 #include <target/embeddedice.h>
49 #include <jtag/minidriver.h>
50 #include <jtag/interface.h>
55 #include "zy1000_version.h"
57 #include <cyg/hal/hal_io.h> // low level i/o
58 #include <cyg/hal/hal_diag.h>
60 #ifdef CYGPKG_HAL_NIOS2
61 #include <cyg/hal/io.h>
62 #include <cyg/firmwareutil/firmwareutil.h>
65 #define ZYLIN_VERSION GIT_ZY1000_VERSION
66 #define ZYLIN_DATE __DATE__
67 #define ZYLIN_TIME __TIME__
68 #define ZYLIN_OPENOCD GIT_OPENOCD_VERSION
69 #define ZYLIN_OPENOCD_VERSION "ZY1000 " ZYLIN_VERSION " " ZYLIN_DATE
73 static int zy1000_khz(int khz, int *jtag_speed)
81 *jtag_speed = 64000/khz;
86 static int zy1000_speed_div(int speed, int *khz)
100 static bool readPowerDropout(void)
103 // sample and clear power dropout
104 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x80);
105 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, state);
107 powerDropout = (state & 0x80) != 0;
112 static bool readSRST(void)
115 // sample and clear SRST sensing
116 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000040);
117 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, state);
119 srstAsserted = (state & 0x40) != 0;
123 static int zy1000_srst_asserted(int *srst_asserted)
125 *srst_asserted = readSRST();
129 static int zy1000_power_dropout(int *dropout)
131 *dropout = readPowerDropout();
135 void zy1000_reset(int trst, int srst)
137 LOG_DEBUG("zy1000 trst=%d, srst=%d", trst, srst);
139 /* flush the JTAG FIFO. Not flushing the queue before messing with
140 * reset has such interesting bugs as causing hard to reproduce
141 * RCLK bugs as RCLK will stop responding when TRST is asserted
147 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x00000001);
151 /* Danger!!! if clk != 0 when in
152 * idle in TAP_IDLE, reset halt on str912 will fail.
154 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000001);
159 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x00000002);
164 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x00000002);
167 if (trst||(srst && (jtag_get_reset_config() & RESET_SRST_PULLS_TRST)))
169 /* we're now in the RESET state until trst is deasserted */
170 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, TAP_RESET);
173 /* We'll get RCLK failure when we assert TRST, so clear any false positives here */
174 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x400);
177 /* wait for srst to float back up */
181 for (i = 0; i < 1000; i++)
183 // We don't want to sense our own reset, so we clear here.
184 // There is of course a timing hole where we could loose
195 LOG_USER("SRST didn't deassert after %dms", i);
198 LOG_USER("SRST took %dms to deassert", i);
203 int zy1000_speed(int speed)
205 /* flush JTAG master FIFO before setting speed */
212 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x100);
213 LOG_DEBUG("jtag_speed using RCLK");
217 if (speed > 8190 || speed < 2)
219 LOG_USER("valid ZY1000 jtag_speed=[8190,2]. Divisor is 64MHz / even values between 8190-2, i.e. min 7814Hz, max 32MHz");
220 return ERROR_INVALID_ARGUMENTS;
223 LOG_USER("jtag_speed %d => JTAG clk=%f", speed, 64.0/(float)speed);
224 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x100);
225 ZY1000_POKE(ZY1000_JTAG_BASE + 0x1c, speed&~1);
230 static bool savePower;
233 static void setPower(bool power)
238 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x8);
241 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x8);
245 COMMAND_HANDLER(handle_power_command)
251 COMMAND_PARSE_ON_OFF(CMD_ARGV[0], enable);
256 LOG_INFO("Target power %s", savePower ? "on" : "off");
259 return ERROR_INVALID_ARGUMENTS;
267 /* Give TELNET a way to find out what version this is */
268 static int jim_zy1000_version(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
270 if ((argc < 1) || (argc > 3))
272 const char *version_str = NULL;
276 version_str = ZYLIN_OPENOCD_VERSION;
279 const char *str = Jim_GetString(argv[1], NULL);
280 const char *str2 = NULL;
282 str2 = Jim_GetString(argv[2], NULL);
283 if (strcmp("openocd", str) == 0)
285 version_str = ZYLIN_OPENOCD;
287 else if (strcmp("zy1000", str) == 0)
289 version_str = ZYLIN_VERSION;
291 else if (strcmp("date", str) == 0)
293 version_str = ZYLIN_DATE;
295 else if (strcmp("time", str) == 0)
297 version_str = ZYLIN_TIME;
299 else if (strcmp("pcb", str) == 0)
301 #ifdef CYGPKG_HAL_NIOS2
307 #ifdef CYGPKG_HAL_NIOS2
308 else if (strcmp("fpga", str) == 0)
311 /* return a list of 32 bit integers to describe the expected
314 static char *fpga_id = "0x12345678 0x12345678 0x12345678 0x12345678";
315 uint32_t id, timestamp;
316 HAL_READ_UINT32(SYSID_BASE, id);
317 HAL_READ_UINT32(SYSID_BASE+4, timestamp);
318 sprintf(fpga_id, "0x%08x 0x%08x 0x%08x 0x%08x", id, timestamp, SYSID_ID, SYSID_TIMESTAMP);
319 version_str = fpga_id;
320 if ((argc>2) && (strcmp("time", str2) == 0))
322 time_t last_mod = timestamp;
323 char * t = ctime (&last_mod) ;
336 Jim_SetResult(interp, Jim_NewStringObj(interp, version_str, -1));
342 #ifdef CYGPKG_HAL_NIOS2
348 struct cyg_upgrade_info *upgraded_file;
351 static void report_info(void *data, const char * format, va_list args)
353 char *s = alloc_vprintf(format, args);
358 struct cyg_upgrade_info firmware_info =
360 (uint8_t *)0x84000000,
366 "ZylinNiosFirmware\n",
370 static int jim_zy1000_writefirmware(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
376 const char *str = Jim_GetString(argv[1], &length);
380 if ((tmpFile = open(firmware_info.file, O_RDWR | O_CREAT | O_TRUNC)) <= 0)
385 success = write(tmpFile, str, length) == length;
390 if (!cyg_firmware_upgrade(NULL, firmware_info))
398 zylinjtag_Jim_Command_powerstatus(Jim_Interp *interp,
400 Jim_Obj * const *argv)
404 Jim_WrongNumArgs(interp, 1, argv, "powerstatus");
409 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, status);
411 Jim_SetResult(interp, Jim_NewIntObj(interp, (status&0x80) != 0));
419 int zy1000_init(void)
422 LOG_USER("%s", ZYLIN_OPENOCD_VERSION);
425 ZY1000_POKE(ZY1000_JTAG_BASE + 0x10, 0x30); // Turn on LED1 & LED2
427 setPower(true); // on by default
430 /* deassert resets. Important to avoid infinite loop waiting for SRST to deassert */
432 zy1000_speed(jtag_get_speed());
437 int zy1000_quit(void)
445 int interface_jtag_execute_queue(void)
450 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x10, empty);
451 /* clear JTAG error register */
452 ZY1000_POKE(ZY1000_JTAG_BASE + 0x14, 0x400);
454 if ((empty&0x400) != 0)
456 LOG_WARNING("RCLK timeout");
457 /* the error is informative only as we don't want to break the firmware if there
458 * is a false positive.
460 // return ERROR_FAIL;
469 static uint32_t getShiftValue(void)
473 ZY1000_PEEK(ZY1000_JTAG_BASE + 0xc, value);
474 VERBOSE(LOG_INFO("getShiftValue %08x", value));
478 static uint32_t getShiftValueFlip(void)
482 ZY1000_PEEK(ZY1000_JTAG_BASE + 0x18, value);
483 VERBOSE(LOG_INFO("getShiftValue %08x (flipped)", value));
489 static void shiftValueInnerFlip(const tap_state_t state, const tap_state_t endState, int repeat, uint32_t value)
491 VERBOSE(LOG_INFO("shiftValueInner %s %s %d %08x (flipped)", tap_state_name(state), tap_state_name(endState), repeat, value));
495 ZY1000_POKE(ZY1000_JTAG_BASE + 0xc, value);
496 ZY1000_POKE(ZY1000_JTAG_BASE + 0x8, (1 << 15) | (repeat << 8) | (a << 4) | b);
497 VERBOSE(getShiftValueFlip());
501 // here we shuffle N bits out/in
502 static __inline void scanBits(const uint8_t *out_value, uint8_t *in_value, int num_bits, bool pause, tap_state_t shiftState, tap_state_t end_state)
504 tap_state_t pause_state = shiftState;
505 for (int j = 0; j < num_bits; j += 32)
507 int k = num_bits - j;
511 /* we have more to shift out */
514 /* this was the last to shift out this time */
515 pause_state = end_state;
518 // we have (num_bits + 7)/8 bytes of bits to toggle out.
519 // bits are pushed out LSB to MSB
522 if (out_value != NULL)
524 for (int l = 0; l < k; l += 8)
526 value|=out_value[(j + l)/8]<<l;
529 /* mask away unused bits for easier debugging */
532 value&=~(((uint32_t)0xffffffff) << k);
535 /* Shifting by >= 32 is not defined by the C standard
536 * and will in fact shift by &0x1f bits on nios */
539 shiftValueInner(shiftState, pause_state, k, value);
541 if (in_value != NULL)
543 // data in, LSB to MSB
544 value = getShiftValue();
545 // we're shifting in data to MSB, shift data to be aligned for returning the value
548 for (int l = 0; l < k; l += 8)
550 in_value[(j + l)/8]=(value >> l)&0xff;
556 static __inline void scanFields(int num_fields, const struct scan_field *fields, tap_state_t shiftState, tap_state_t end_state)
558 for (int i = 0; i < num_fields; i++)
560 scanBits(fields[i].out_value,
569 int interface_jtag_add_ir_scan(struct jtag_tap *active, const struct scan_field *fields, tap_state_t state)
572 struct jtag_tap *tap, *nextTap;
573 tap_state_t pause_state = TAP_IRSHIFT;
575 for (tap = jtag_tap_next_enabled(NULL); tap!= NULL; tap = nextTap)
577 nextTap = jtag_tap_next_enabled(tap);
582 scan_size = tap->ir_length;
584 /* search the list */
587 scanFields(1, fields, TAP_IRSHIFT, pause_state);
588 /* update device information */
589 buf_cpy(fields[0].out_value, tap->cur_instr, scan_size);
594 /* if a device isn't listed, set it to BYPASS */
595 assert(scan_size <= 32);
596 shiftValueInner(TAP_IRSHIFT, pause_state, scan_size, 0xffffffff);
609 int interface_jtag_add_plain_ir_scan(int num_bits, const uint8_t *out_bits, uint8_t *in_bits, tap_state_t state)
611 scanBits(out_bits, in_bits, num_bits, true, TAP_IRSHIFT, state);
615 int interface_jtag_add_dr_scan(struct jtag_tap *active, int num_fields, const struct scan_field *fields, tap_state_t state)
617 struct jtag_tap *tap, *nextTap;
618 tap_state_t pause_state = TAP_DRSHIFT;
619 for (tap = jtag_tap_next_enabled(NULL); tap!= NULL; tap = nextTap)
621 nextTap = jtag_tap_next_enabled(tap);
627 /* Find a range of fields to write to this tap */
630 assert(!tap->bypass);
632 scanFields(num_fields, fields, TAP_DRSHIFT, pause_state);
635 /* Shift out a 0 for disabled tap's */
637 shiftValueInner(TAP_DRSHIFT, pause_state, 1, 0);
643 int interface_jtag_add_plain_dr_scan(int num_bits, const uint8_t *out_bits, uint8_t *in_bits, tap_state_t state)
645 scanBits(out_bits, in_bits, num_bits, true, TAP_DRSHIFT, state);
649 int interface_jtag_add_tlr()
651 setCurrentState(TAP_RESET);
656 int interface_jtag_add_reset(int req_trst, int req_srst)
658 zy1000_reset(req_trst, req_srst);
662 static int zy1000_jtag_add_clocks(int num_cycles, tap_state_t state, tap_state_t clockstate)
664 /* num_cycles can be 0 */
665 setCurrentState(clockstate);
667 /* execute num_cycles, 32 at the time. */
669 for (i = 0; i < num_cycles; i += 32)
673 if (num_cycles-i < num)
677 shiftValueInner(clockstate, clockstate, num, 0);
681 /* finish in end_state */
682 setCurrentState(state);
684 tap_state_t t = TAP_IDLE;
685 /* test manual drive code on any target */
687 uint8_t tms_scan = tap_get_tms_path(t, state);
688 int tms_count = tap_get_tms_path_len(tap_get_state(), tap_get_end_state());
690 for (i = 0; i < tms_count; i++)
692 tms = (tms_scan >> i) & 1;
694 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, tms);
697 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, state);
703 int interface_jtag_add_runtest(int num_cycles, tap_state_t state)
705 return zy1000_jtag_add_clocks(num_cycles, state, TAP_IDLE);
708 int interface_jtag_add_clocks(int num_cycles)
710 return zy1000_jtag_add_clocks(num_cycles, cmd_queue_cur_state, cmd_queue_cur_state);
713 int interface_jtag_add_sleep(uint32_t us)
719 int interface_add_tms_seq(unsigned num_bits, const uint8_t *seq, enum tap_state state)
721 /*wait for the fifo to be empty*/
724 for (unsigned i = 0; i < num_bits; i++)
728 if (((seq[i/8] >> (i % 8)) & 1) == 0)
738 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, tms);
742 if (state != TAP_INVALID)
744 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, state);
747 /* this would be normal if we are switching to SWD mode */
752 int interface_jtag_add_pathmove(int num_states, const tap_state_t *path)
759 tap_state_t cur_state = cmd_queue_cur_state;
762 memset(seq, 0, sizeof(seq));
763 assert(num_states < (int)((sizeof(seq) * 8)));
767 if (tap_state_transition(cur_state, false) == path[state_count])
771 else if (tap_state_transition(cur_state, true) == path[state_count])
777 LOG_ERROR("BUG: %s -> %s isn't a valid TAP transition", tap_state_name(cur_state), tap_state_name(path[state_count]));
781 seq[state_count/8] = seq[state_count/8] | (tms << (state_count % 8));
783 cur_state = path[state_count];
788 return interface_add_tms_seq(state_count, seq, cur_state);
791 static void jtag_pre_post_bits(struct jtag_tap *tap, int *pre, int *post)
793 /* bypass bits before and after */
798 struct jtag_tap *cur_tap, *nextTap;
799 for (cur_tap = jtag_tap_next_enabled(NULL); cur_tap!= NULL; cur_tap = nextTap)
801 nextTap = jtag_tap_next_enabled(cur_tap);
820 void embeddedice_write_dcc(struct jtag_tap *tap, int reg_addr, uint8_t *buffer, int little, int count)
825 jtag_pre_post_bits(tap, &pre_bits, &post_bits);
827 if (pre_bits + post_bits + 6 > 32)
830 for (i = 0; i < count; i++)
832 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
837 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, pre_bits, 0);
839 for (i = 0; i < count - 1; i++)
841 /* Fewer pokes means we get to use the FIFO more efficiently */
842 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, fast_target_buffer_get_u32(buffer, little));
843 shiftValueInner(TAP_DRSHIFT, TAP_IDLE, 6 + post_bits + pre_bits, (reg_addr | (1 << 5)));
846 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, fast_target_buffer_get_u32(buffer, little));
847 shiftValueInner(TAP_DRSHIFT, TAP_IDLE, 6 + post_bits, (reg_addr | (1 << 5)));
853 int arm11_run_instr_data_to_core_noack_inner(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count)
856 int arm11_run_instr_data_to_core_noack_inner_default(struct jtag_tap * tap, uint32_t opcode, uint32_t * data, size_t count);
857 return arm11_run_instr_data_to_core_noack_inner_default(tap, opcode, data, count);
859 static const int bits[] = {32, 2};
860 uint32_t values[] = {0, 0};
862 /* FIX!!!!!! the target_write_memory() API started this nasty problem
863 * with unaligned uint32_t * pointers... */
864 const uint8_t *t = (const uint8_t *)data;
867 /* bypass bits before and after */
870 jtag_pre_post_bits(tap, &pre_bits, &post_bits);
873 struct jtag_tap *cur_tap, *nextTap;
874 for (cur_tap = jtag_tap_next_enabled(NULL); cur_tap!= NULL; cur_tap = nextTap)
876 nextTap = jtag_tap_next_enabled(cur_tap);
897 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, pre_bits, 0);
905 shiftValueInner(TAP_DRSHIFT, TAP_DRSHIFT, 32, value);
907 shiftValueInner(TAP_DRSHIFT, TAP_DRPAUSE, post_bits, 0);
910 /* copy & paste from arm11_dbgtap.c */
911 //TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
914 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
915 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
916 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
917 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
918 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
919 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 1);
920 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
921 ZY1000_POKE(ZY1000_JTAG_BASE + 0x28, 0);
922 /* we don't have to wait for the queue to empty here. waitIdle(); */
923 ZY1000_POKE(ZY1000_JTAG_BASE + 0x20, TAP_DRSHIFT);
925 static const tap_state_t arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay[] =
927 TAP_DREXIT2, TAP_DRUPDATE, TAP_IDLE, TAP_IDLE, TAP_IDLE, TAP_DRSELECT, TAP_DRCAPTURE, TAP_DRSHIFT
930 jtag_add_pathmove(ARRAY_SIZE(arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay),
931 arm11_MOVE_DRPAUSE_IDLE_DRPAUSE_with_delay);
936 values[0] |= (*t++<<8);
937 values[0] |= (*t++<<16);
938 values[0] |= (*t++<<24);
940 /* This will happen on the last iteration updating the current tap state
941 * so we don't have to track it during the common code path */
948 return jtag_execute_queue();
953 static const struct command_registration zy1000_commands[] = {
956 .handler = handle_power_command,
958 .help = "Turn power switch to target on/off. "
959 "With no arguments, prints status.",
960 .usage = "('on'|'off)",
964 .name = "zy1000_version",
966 .jim_handler = jim_zy1000_version,
967 .help = "Print version info for zy1000.",
968 .usage = "['openocd'|'zy1000'|'date'|'time'|'pcb'|'fpga']",
972 .name = "powerstatus",
974 .jim_handler = zylinjtag_Jim_Command_powerstatus,
975 .help = "Returns power status of target",
977 #ifdef CYGPKG_HAL_NIOS2
979 .name = "updatezy1000firmware",
981 .jim_handler = jim_zy1000_writefirmware,
982 .help = "writes firmware to flash",
983 /* .usage = "some_string", */
986 COMMAND_REGISTRATION_DONE
991 struct jtag_interface zy1000_interface =
994 .supported = DEBUG_CAP_TMS_SEQ,
995 .execute_queue = NULL,
996 .speed = zy1000_speed,
997 .commands = zy1000_commands,
1001 .speed_div = zy1000_speed_div,
1002 .power_dropout = zy1000_power_dropout,
1003 .srst_asserted = zy1000_srst_asserted,
projects / openocd / blob