1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009-2010 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * Copyright (C) 2009-2010 by David Brownell *
13 * Copyright (C) 2013 by Andreas Fritiofson *
14 * andreas.fritiofson@gmail.com *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
30 ***************************************************************************/
34 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
35 * debugging architecture. Compared with previous versions, this includes
36 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
37 * transport, and focusses on memory mapped resources as defined by the
38 * CoreSight architecture.
40 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
41 * basic components: a Debug Port (DP) transporting messages to and from a
42 * debugger, and an Access Port (AP) accessing resources. Three types of DP
43 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
44 * One uses only SWD for communication, and is called SW-DP. The third can
45 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
46 * is used to access memory mapped resources and is called a MEM-AP. Also a
47 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
49 * This programming interface allows DAP pipelined operations through a
50 * transaction queue. This primarily affects AP operations (such as using
51 * a MEM-AP to access memory or registers). If the current transaction has
52 * not finished by the time the next one must begin, and the ORUNDETECT bit
53 * is set in the DP_CTRL_STAT register, the SSTICKYORUN status is set and
54 * further AP operations will fail. There are two basic methods to avoid
55 * such overrun errors. One involves polling for status instead of using
56 * transaction piplining. The other involves adding delays to ensure the
57 * AP has enough time to complete one operation before starting the next
58 * one. (For JTAG these delays are controlled by memaccess_tck.)
62 * Relevant specifications from ARM include:
64 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
65 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
67 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
68 * Cortex-M3(tm) TRM, ARM DDI 0337G
75 #include "jtag/interface.h"
77 #include "arm_adi_v5.h"
78 #include <helper/time_support.h>
80 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
83 uint32_t tar_block_size(uint32_t address)
84 Return the largest block starting at address that does not cross a tar block size alignment boundary
86 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
88 return tar_autoincr_block - ((tar_autoincr_block - 1) & address);
91 /***************************************************************************
93 * DP and MEM-AP register access through APACC and DPACC *
95 ***************************************************************************/
98 * Select one of the APs connected to the specified DAP. The
99 * selection is implicitly used with future AP transactions.
100 * This is a NOP if the specified AP is already selected.
103 * @param apsel Number of the AP to (implicitly) use with further
104 * transactions. This normally identifies a MEM-AP.
106 void dap_ap_select(struct adiv5_dap *dap, uint8_t ap)
108 uint32_t new_ap = (ap << 24) & 0xFF000000;
110 if (new_ap != dap->ap_current) {
111 dap->ap_current = new_ap;
112 /* Switching AP invalidates cached values.
113 * Values MUST BE UPDATED BEFORE AP ACCESS.
115 dap->ap_bank_value = -1;
116 dap->ap_csw_value = -1;
117 dap->ap_tar_value = -1;
121 static int dap_setup_accessport_csw(struct adiv5_dap *dap, uint32_t csw)
123 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT |
124 dap->apcsw[dap->ap_current >> 24];
126 if (csw != dap->ap_csw_value) {
127 /* LOG_DEBUG("DAP: Set CSW %x",csw); */
128 int retval = dap_queue_ap_write(dap, AP_REG_CSW, csw);
129 if (retval != ERROR_OK)
131 dap->ap_csw_value = csw;
136 static int dap_setup_accessport_tar(struct adiv5_dap *dap, uint32_t tar)
138 if (tar != dap->ap_tar_value || dap->ap_csw_value & CSW_ADDRINC_MASK) {
139 /* LOG_DEBUG("DAP: Set TAR %x",tar); */
140 int retval = dap_queue_ap_write(dap, AP_REG_TAR, tar);
141 if (retval != ERROR_OK)
143 dap->ap_tar_value = tar;
149 * Queue transactions setting up transfer parameters for the
150 * currently selected MEM-AP.
152 * Subsequent transfers using registers like AP_REG_DRW or AP_REG_BD2
153 * initiate data reads or writes using memory or peripheral addresses.
154 * If the CSW is configured for it, the TAR may be automatically
155 * incremented after each transfer.
157 * @todo Rename to reflect it being specifically a MEM-AP function.
159 * @param dap The DAP connected to the MEM-AP.
160 * @param csw MEM-AP Control/Status Word (CSW) register to assign. If this
161 * matches the cached value, the register is not changed.
162 * @param tar MEM-AP Transfer Address Register (TAR) to assign. If this
163 * matches the cached address, the register is not changed.
165 * @return ERROR_OK if the transaction was properly queued, else a fault code.
167 int dap_setup_accessport(struct adiv5_dap *dap, uint32_t csw, uint32_t tar)
170 retval = dap_setup_accessport_csw(dap, csw);
171 if (retval != ERROR_OK)
173 retval = dap_setup_accessport_tar(dap, tar);
174 if (retval != ERROR_OK)
180 * Asynchronous (queued) read of a word from memory or a system register.
182 * @param dap The DAP connected to the MEM-AP performing the read.
183 * @param address Address of the 32-bit word to read; it must be
184 * readable by the currently selected MEM-AP.
185 * @param value points to where the word will be stored when the
186 * transaction queue is flushed (assuming no errors).
188 * @return ERROR_OK for success. Otherwise a fault code.
190 int mem_ap_read_u32(struct adiv5_dap *dap, uint32_t address,
195 /* Use banked addressing (REG_BDx) to avoid some link traffic
196 * (updating TAR) when reading several consecutive addresses.
198 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_OFF,
199 address & 0xFFFFFFF0);
200 if (retval != ERROR_OK)
203 return dap_queue_ap_read(dap, AP_REG_BD0 | (address & 0xC), value);
207 * Synchronous read of a word from memory or a system register.
208 * As a side effect, this flushes any queued transactions.
210 * @param dap The DAP connected to the MEM-AP performing the read.
211 * @param address Address of the 32-bit word to read; it must be
212 * readable by the currently selected MEM-AP.
213 * @param value points to where the result will be stored.
215 * @return ERROR_OK for success; *value holds the result.
216 * Otherwise a fault code.
218 int mem_ap_read_atomic_u32(struct adiv5_dap *dap, uint32_t address,
223 retval = mem_ap_read_u32(dap, address, value);
224 if (retval != ERROR_OK)
231 * Asynchronous (queued) write of a word to memory or a system register.
233 * @param dap The DAP connected to the MEM-AP.
234 * @param address Address to be written; it must be writable by
235 * the currently selected MEM-AP.
236 * @param value Word that will be written to the address when transaction
237 * queue is flushed (assuming no errors).
239 * @return ERROR_OK for success. Otherwise a fault code.
241 int mem_ap_write_u32(struct adiv5_dap *dap, uint32_t address,
246 /* Use banked addressing (REG_BDx) to avoid some link traffic
247 * (updating TAR) when writing several consecutive addresses.
249 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_OFF,
250 address & 0xFFFFFFF0);
251 if (retval != ERROR_OK)
254 return dap_queue_ap_write(dap, AP_REG_BD0 | (address & 0xC),
259 * Synchronous write of a word to memory or a system register.
260 * As a side effect, this flushes any queued transactions.
262 * @param dap The DAP connected to the MEM-AP.
263 * @param address Address to be written; it must be writable by
264 * the currently selected MEM-AP.
265 * @param value Word that will be written.
267 * @return ERROR_OK for success; the data was written. Otherwise a fault code.
269 int mem_ap_write_atomic_u32(struct adiv5_dap *dap, uint32_t address,
272 int retval = mem_ap_write_u32(dap, address, value);
274 if (retval != ERROR_OK)
281 * Synchronous write of a block of memory, using a specific access size.
283 * @param dap The DAP connected to the MEM-AP.
284 * @param buffer The data buffer to write. No particular alignment is assumed.
285 * @param size Which access size to use, in bytes. 1, 2 or 4.
286 * @param count The number of writes to do (in size units, not bytes).
287 * @param address Address to be written; it must be writable by the currently selected MEM-AP.
288 * @param addrinc Whether the target address should be increased for each write or not. This
289 * should normally be true, except when writing to e.g. a FIFO.
290 * @return ERROR_OK on success, otherwise an error code.
292 int mem_ap_write(struct adiv5_dap *dap, const uint8_t *buffer, uint32_t size, uint32_t count,
293 uint32_t address, bool addrinc)
295 size_t nbytes = size * count;
296 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
301 /* TI BE-32 Quirks mode:
302 * Writes on big-endian TMS570 behave very strangely. Observed behavior:
303 * size write address bytes written in order
304 * 4 TAR ^ 0 (val >> 24), (val >> 16), (val >> 8), (val)
305 * 2 TAR ^ 2 (val >> 8), (val)
307 * For example, if you attempt to write a single byte to address 0, the processor
308 * will actually write a byte to address 3.
310 * To make writes of size < 4 work as expected, we xor a value with the address before
311 * setting the TAP, and we set the TAP after every transfer rather then relying on
312 * address increment. */
315 csw_size = CSW_32BIT;
317 } else if (size == 2) {
318 csw_size = CSW_16BIT;
319 addr_xor = dap->ti_be_32_quirks ? 2 : 0;
320 } else if (size == 1) {
322 addr_xor = dap->ti_be_32_quirks ? 3 : 0;
324 return ERROR_TARGET_UNALIGNED_ACCESS;
327 if (dap->unaligned_access_bad && (address % size != 0))
328 return ERROR_TARGET_UNALIGNED_ACCESS;
330 retval = dap_setup_accessport_tar(dap, address ^ addr_xor);
331 if (retval != ERROR_OK)
335 uint32_t this_size = size;
337 /* Select packed transfer if possible */
338 if (addrinc && dap->packed_transfers && nbytes >= 4
339 && max_tar_block_size(dap->tar_autoincr_block, address) >= 4) {
341 retval = dap_setup_accessport_csw(dap, csw_size | CSW_ADDRINC_PACKED);
343 retval = dap_setup_accessport_csw(dap, csw_size | csw_addrincr);
346 if (retval != ERROR_OK)
349 /* How many source bytes each transfer will consume, and their location in the DRW,
350 * depends on the type of transfer and alignment. See ARM document IHI0031C. */
351 uint32_t outvalue = 0;
352 if (dap->ti_be_32_quirks) {
355 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
356 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
357 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
358 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
361 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (address++ & 3) ^ addr_xor);
362 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (address++ & 3) ^ addr_xor);
365 outvalue |= (uint32_t)*buffer++ << 8 * (0 ^ (address++ & 3) ^ addr_xor);
371 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
372 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
374 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
376 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
382 retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
383 if (retval != ERROR_OK)
386 /* Rewrite TAR if it wrapped or we're xoring addresses */
387 if (addrinc && (addr_xor || (address % dap->tar_autoincr_block < size && nbytes > 0))) {
388 retval = dap_setup_accessport_tar(dap, address ^ addr_xor);
389 if (retval != ERROR_OK)
394 /* REVISIT: Might want to have a queued version of this function that does not run. */
395 if (retval == ERROR_OK)
396 retval = dap_run(dap);
398 if (retval != ERROR_OK) {
400 if (dap_queue_ap_read(dap, AP_REG_TAR, &tar) == ERROR_OK
401 && dap_run(dap) == ERROR_OK)
402 LOG_ERROR("Failed to write memory at 0x%08"PRIx32, tar);
404 LOG_ERROR("Failed to write memory and, additionally, failed to find out where");
411 * Synchronous read of a block of memory, using a specific access size.
413 * @param dap The DAP connected to the MEM-AP.
414 * @param buffer The data buffer to receive the data. No particular alignment is assumed.
415 * @param size Which access size to use, in bytes. 1, 2 or 4.
416 * @param count The number of reads to do (in size units, not bytes).
417 * @param address Address to be read; it must be readable by the currently selected MEM-AP.
418 * @param addrinc Whether the target address should be increased after each read or not. This
419 * should normally be true, except when reading from e.g. a FIFO.
420 * @return ERROR_OK on success, otherwise an error code.
422 int mem_ap_read(struct adiv5_dap *dap, uint8_t *buffer, uint32_t size, uint32_t count,
423 uint32_t adr, bool addrinc)
425 size_t nbytes = size * count;
426 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
428 uint32_t address = adr;
431 /* TI BE-32 Quirks mode:
432 * Reads on big-endian TMS570 behave strangely differently than writes.
433 * They read from the physical address requested, but with DRW byte-reversed.
434 * For example, a byte read from address 0 will place the result in the high bytes of DRW.
435 * Also, packed 8-bit and 16-bit transfers seem to sometimes return garbage in some bytes,
439 csw_size = CSW_32BIT;
441 csw_size = CSW_16BIT;
445 return ERROR_TARGET_UNALIGNED_ACCESS;
447 if (dap->unaligned_access_bad && (adr % size != 0))
448 return ERROR_TARGET_UNALIGNED_ACCESS;
450 /* Allocate buffer to hold the sequence of DRW reads that will be made. This is a significant
451 * over-allocation if packed transfers are going to be used, but determining the real need at
452 * this point would be messy. */
453 uint32_t *read_buf = malloc(count * sizeof(uint32_t));
454 uint32_t *read_ptr = read_buf;
455 if (read_buf == NULL) {
456 LOG_ERROR("Failed to allocate read buffer");
460 retval = dap_setup_accessport_tar(dap, address);
461 if (retval != ERROR_OK) {
466 /* Queue up all reads. Each read will store the entire DRW word in the read buffer. How many
467 * useful bytes it contains, and their location in the word, depends on the type of transfer
470 uint32_t this_size = size;
472 /* Select packed transfer if possible */
473 if (addrinc && dap->packed_transfers && nbytes >= 4
474 && max_tar_block_size(dap->tar_autoincr_block, address) >= 4) {
476 retval = dap_setup_accessport_csw(dap, csw_size | CSW_ADDRINC_PACKED);
478 retval = dap_setup_accessport_csw(dap, csw_size | csw_addrincr);
480 if (retval != ERROR_OK)
483 retval = dap_queue_ap_read(dap, AP_REG_DRW, read_ptr++);
484 if (retval != ERROR_OK)
488 address += this_size;
490 /* Rewrite TAR if it wrapped */
491 if (addrinc && address % dap->tar_autoincr_block < size && nbytes > 0) {
492 retval = dap_setup_accessport_tar(dap, address);
493 if (retval != ERROR_OK)
498 if (retval == ERROR_OK)
499 retval = dap_run(dap);
503 nbytes = size * count;
506 /* If something failed, read TAR to find out how much data was successfully read, so we can
507 * at least give the caller what we have. */
508 if (retval != ERROR_OK) {
510 if (dap_queue_ap_read(dap, AP_REG_TAR, &tar) == ERROR_OK
511 && dap_run(dap) == ERROR_OK) {
512 LOG_ERROR("Failed to read memory at 0x%08"PRIx32, tar);
513 if (nbytes > tar - address)
514 nbytes = tar - address;
516 LOG_ERROR("Failed to read memory and, additionally, failed to find out where");
521 /* Replay loop to populate caller's buffer from the correct word and byte lane */
523 uint32_t this_size = size;
525 if (addrinc && dap->packed_transfers && nbytes >= 4
526 && max_tar_block_size(dap->tar_autoincr_block, address) >= 4) {
530 if (dap->ti_be_32_quirks) {
533 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
534 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
536 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
538 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
543 *buffer++ = *read_ptr >> 8 * (address++ & 3);
544 *buffer++ = *read_ptr >> 8 * (address++ & 3);
546 *buffer++ = *read_ptr >> 8 * (address++ & 3);
548 *buffer++ = *read_ptr >> 8 * (address++ & 3);
560 /*--------------------------------------------------------------------*/
561 /* Wrapping function with selection of AP */
562 /*--------------------------------------------------------------------*/
563 int mem_ap_sel_read_u32(struct adiv5_dap *swjdp, uint8_t ap,
564 uint32_t address, uint32_t *value)
566 dap_ap_select(swjdp, ap);
567 return mem_ap_read_u32(swjdp, address, value);
570 int mem_ap_sel_write_u32(struct adiv5_dap *swjdp, uint8_t ap,
571 uint32_t address, uint32_t value)
573 dap_ap_select(swjdp, ap);
574 return mem_ap_write_u32(swjdp, address, value);
577 int mem_ap_sel_read_atomic_u32(struct adiv5_dap *swjdp, uint8_t ap,
578 uint32_t address, uint32_t *value)
580 dap_ap_select(swjdp, ap);
581 return mem_ap_read_atomic_u32(swjdp, address, value);
584 int mem_ap_sel_write_atomic_u32(struct adiv5_dap *swjdp, uint8_t ap,
585 uint32_t address, uint32_t value)
587 dap_ap_select(swjdp, ap);
588 return mem_ap_write_atomic_u32(swjdp, address, value);
591 int mem_ap_sel_read_buf(struct adiv5_dap *swjdp, uint8_t ap,
592 uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
594 dap_ap_select(swjdp, ap);
595 return mem_ap_read(swjdp, buffer, size, count, address, true);
598 int mem_ap_sel_write_buf(struct adiv5_dap *swjdp, uint8_t ap,
599 const uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
601 dap_ap_select(swjdp, ap);
602 return mem_ap_write(swjdp, buffer, size, count, address, true);
605 int mem_ap_sel_read_buf_noincr(struct adiv5_dap *swjdp, uint8_t ap,
606 uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
608 dap_ap_select(swjdp, ap);
609 return mem_ap_read(swjdp, buffer, size, count, address, false);
612 int mem_ap_sel_write_buf_noincr(struct adiv5_dap *swjdp, uint8_t ap,
613 const uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
615 dap_ap_select(swjdp, ap);
616 return mem_ap_write(swjdp, buffer, size, count, address, false);
619 /*--------------------------------------------------------------------------*/
622 #define DAP_POWER_DOMAIN_TIMEOUT (10)
624 /* FIXME don't import ... just initialize as
625 * part of DAP transport setup
627 extern const struct dap_ops jtag_dp_ops;
629 /*--------------------------------------------------------------------------*/
632 * Initialize a DAP. This sets up the power domains, prepares the DP
633 * for further use, and arranges to use AP #0 for all AP operations
634 * until dap_ap-select() changes that policy.
636 * @param dap The DAP being initialized.
638 * @todo Rename this. We also need an initialization scheme which account
639 * for SWD transports not just JTAG; that will need to address differences
640 * in layering. (JTAG is useful without any debug target; but not SWD.)
641 * And this may not even use an AHB-AP ... e.g. DAP-Lite uses an APB-AP.
643 int ahbap_debugport_init(struct adiv5_dap *dap)
649 /* JTAG-DP or SWJ-DP, in JTAG mode
650 * ... for SWD mode this is patched as part
654 dap->ops = &jtag_dp_ops;
656 /* Default MEM-AP setup.
658 * REVISIT AP #0 may be an inappropriate default for this.
659 * Should we probe, or take a hint from the caller?
660 * Presumably we can ignore the possibility of multiple APs.
662 dap->ap_current = !0;
663 dap_ap_select(dap, 0);
665 /* DP initialization */
667 dap->dp_bank_value = 0;
669 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
670 if (retval != ERROR_OK)
673 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, SSTICKYERR);
674 if (retval != ERROR_OK)
677 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
678 if (retval != ERROR_OK)
681 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
682 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
683 if (retval != ERROR_OK)
686 /* Check that we have debug power domains activated */
687 LOG_DEBUG("DAP: wait CDBGPWRUPACK");
688 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
689 CDBGPWRUPACK, CDBGPWRUPACK,
690 DAP_POWER_DOMAIN_TIMEOUT);
691 if (retval != ERROR_OK)
694 LOG_DEBUG("DAP: wait CSYSPWRUPACK");
695 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
696 CSYSPWRUPACK, CSYSPWRUPACK,
697 DAP_POWER_DOMAIN_TIMEOUT);
698 if (retval != ERROR_OK)
701 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
702 if (retval != ERROR_OK)
704 /* With debug power on we can activate OVERRUN checking */
705 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
706 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
707 if (retval != ERROR_OK)
709 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
710 if (retval != ERROR_OK)
713 /* check that we support packed transfers */
716 retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_PACKED, 0);
717 if (retval != ERROR_OK)
720 retval = dap_queue_ap_read(dap, AP_REG_CSW, &csw);
721 if (retval != ERROR_OK)
724 retval = dap_queue_ap_read(dap, AP_REG_CFG, &cfg);
725 if (retval != ERROR_OK)
728 retval = dap_run(dap);
729 if (retval != ERROR_OK)
732 if (csw & CSW_ADDRINC_PACKED)
733 dap->packed_transfers = true;
735 dap->packed_transfers = false;
737 /* Packed transfers on TI BE-32 processors do not work correctly in
739 if (dap->ti_be_32_quirks)
740 dap->packed_transfers = false;
742 LOG_DEBUG("MEM_AP Packed Transfers: %s",
743 dap->packed_transfers ? "enabled" : "disabled");
745 /* The ARM ADI spec leaves implementation-defined whether unaligned
746 * memory accesses work, only work partially, or cause a sticky error.
747 * On TI BE-32 processors, reads seem to return garbage in some bytes
748 * and unaligned writes seem to cause a sticky error.
749 * TODO: it would be nice to have a way to detect whether unaligned
750 * operations are supported on other processors. */
751 dap->unaligned_access_bad = dap->ti_be_32_quirks;
753 LOG_DEBUG("MEM_AP CFG: large data %d, long address %d, big-endian %d",
754 !!(cfg & 0x04), !!(cfg & 0x02), !!(cfg & 0x01));
759 /* CID interpretation -- see ARM IHI 0029B section 3
760 * and ARM IHI 0031A table 13-3.
762 static const char *class_description[16] = {
763 "Reserved", "ROM table", "Reserved", "Reserved",
764 "Reserved", "Reserved", "Reserved", "Reserved",
765 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
766 "Reserved", "OptimoDE DESS",
767 "Generic IP component", "PrimeCell or System component"
770 static bool is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
772 return cid3 == 0xb1 && cid2 == 0x05
773 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
777 * This function checks the ID for each access port to find the requested Access Port type
779 int dap_find_ap(struct adiv5_dap *dap, enum ap_type type_to_find, uint8_t *ap_num_out)
783 /* Maximum AP number is 255 since the SELECT register is 8 bits */
784 for (ap = 0; ap <= 255; ap++) {
786 /* read the IDR register of the Access Port */
788 dap_ap_select(dap, ap);
790 int retval = dap_queue_ap_read(dap, AP_REG_IDR, &id_val);
791 if (retval != ERROR_OK)
794 retval = dap_run(dap);
798 * 27-24 : JEDEC bank (0x4 for ARM)
799 * 23-17 : JEDEC code (0x3B for ARM)
802 * 7-0 : AP Identity (1=AHB-AP 2=APB-AP 0x10=JTAG-AP)
805 /* Reading register for a non-existant AP should not cause an error,
806 * but just to be sure, try to continue searching if an error does happen.
808 if ((retval == ERROR_OK) && /* Register read success */
809 ((id_val & 0x0FFF0000) == 0x04770000) && /* Jedec codes match */
810 ((id_val & 0xFF) == type_to_find)) { /* type matches*/
812 LOG_DEBUG("Found %s at AP index: %d (IDR=0x%08" PRIX32 ")",
813 (type_to_find == AP_TYPE_AHB_AP) ? "AHB-AP" :
814 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
815 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown",
823 LOG_DEBUG("No %s found",
824 (type_to_find == AP_TYPE_AHB_AP) ? "AHB-AP" :
825 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
826 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown");
830 int dap_get_debugbase(struct adiv5_dap *dap, int ap,
831 uint32_t *dbgbase, uint32_t *apid)
836 /* AP address is in bits 31:24 of DP_SELECT */
838 return ERROR_COMMAND_SYNTAX_ERROR;
840 ap_old = dap->ap_current;
841 dap_ap_select(dap, ap);
843 retval = dap_queue_ap_read(dap, AP_REG_BASE, dbgbase);
844 if (retval != ERROR_OK)
846 retval = dap_queue_ap_read(dap, AP_REG_IDR, apid);
847 if (retval != ERROR_OK)
849 retval = dap_run(dap);
850 if (retval != ERROR_OK)
853 dap_ap_select(dap, ap_old);
858 int dap_lookup_cs_component(struct adiv5_dap *dap, int ap,
859 uint32_t dbgbase, uint8_t type, uint32_t *addr)
862 uint32_t romentry, entry_offset = 0, component_base, devtype;
863 int retval = ERROR_FAIL;
866 return ERROR_COMMAND_SYNTAX_ERROR;
868 ap_old = dap->ap_current;
869 dap_ap_select(dap, ap);
872 retval = mem_ap_read_atomic_u32(dap, (dbgbase&0xFFFFF000) |
873 entry_offset, &romentry);
874 if (retval != ERROR_OK)
877 component_base = (dbgbase & 0xFFFFF000)
878 + (romentry & 0xFFFFF000);
880 if (romentry & 0x1) {
881 retval = mem_ap_read_atomic_u32(dap,
882 (component_base & 0xfffff000) | 0xfcc,
884 if (retval != ERROR_OK)
886 if ((devtype & 0xff) == type) {
887 *addr = component_base;
893 } while (romentry > 0);
895 dap_ap_select(dap, ap_old);
900 static int dap_rom_display(struct command_context *cmd_ctx,
901 struct adiv5_dap *dap, int ap, uint32_t dbgbase, int depth)
904 uint32_t cid0, cid1, cid2, cid3, memtype, romentry;
905 uint16_t entry_offset;
909 command_print(cmd_ctx, "\tTables too deep");
914 snprintf(tabs, sizeof(tabs), "[L%02d] ", depth);
916 /* bit 16 of apid indicates a memory access port */
918 command_print(cmd_ctx, "\t%sValid ROM table present", tabs);
920 command_print(cmd_ctx, "\t%sROM table in legacy format", tabs);
922 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
923 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
924 if (retval != ERROR_OK)
926 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
927 if (retval != ERROR_OK)
929 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
930 if (retval != ERROR_OK)
932 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
933 if (retval != ERROR_OK)
935 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
936 if (retval != ERROR_OK)
938 retval = dap_run(dap);
939 if (retval != ERROR_OK)
942 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
943 command_print(cmd_ctx, "\t%sCID3 0x%02x"
948 (unsigned)cid3, (unsigned)cid2,
949 (unsigned)cid1, (unsigned)cid0);
951 command_print(cmd_ctx, "\t%sMEMTYPE system memory present on bus", tabs);
953 command_print(cmd_ctx, "\t%sMEMTYPE system memory not present: dedicated debug bus", tabs);
955 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
956 for (entry_offset = 0; ; entry_offset += 4) {
957 retval = mem_ap_read_atomic_u32(dap, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
958 if (retval != ERROR_OK)
960 command_print(cmd_ctx, "\t%sROMTABLE[0x%x] = 0x%" PRIx32 "",
961 tabs, entry_offset, romentry);
962 if (romentry & 0x01) {
963 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
964 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
965 uint32_t component_base;
969 component_base = (dbgbase & 0xFFFFF000) + (romentry & 0xFFFFF000);
971 /* IDs are in last 4K section */
972 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFE0, &c_pid0);
973 if (retval != ERROR_OK) {
974 command_print(cmd_ctx, "\t%s\tCan't read component with base address 0x%" PRIx32
975 ", the corresponding core might be turned off", tabs, component_base);
979 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFE4, &c_pid1);
980 if (retval != ERROR_OK)
983 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFE8, &c_pid2);
984 if (retval != ERROR_OK)
987 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFEC, &c_pid3);
988 if (retval != ERROR_OK)
991 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFD0, &c_pid4);
992 if (retval != ERROR_OK)
996 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFF0, &c_cid0);
997 if (retval != ERROR_OK)
1000 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFF4, &c_cid1);
1001 if (retval != ERROR_OK)
1004 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFF8, &c_cid2);
1005 if (retval != ERROR_OK)
1008 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFFC, &c_cid3);
1009 if (retval != ERROR_OK)
1013 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32 ", "
1014 "start address 0x%" PRIx32, component_base,
1015 /* component may take multiple 4K pages */
1016 (uint32_t)(component_base - 0x1000*(c_pid4 >> 4)));
1017 command_print(cmd_ctx, "\t\tComponent class is 0x%" PRIx8 ", %s",
1018 (uint8_t)((c_cid1 >> 4) & 0xf),
1019 /* See ARM IHI 0029B Table 3-3 */
1020 class_description[(c_cid1 >> 4) & 0xf]);
1022 /* CoreSight component? */
1023 if (((c_cid1 >> 4) & 0x0f) == 9) {
1026 char *major = "Reserved", *subtype = "Reserved";
1028 retval = mem_ap_read_atomic_u32(dap,
1029 (component_base & 0xfffff000) | 0xfcc,
1031 if (retval != ERROR_OK)
1033 minor = (devtype >> 4) & 0x0f;
1034 switch (devtype & 0x0f) {
1036 major = "Miscellaneous";
1042 subtype = "Validation component";
1047 major = "Trace Sink";
1064 major = "Trace Link";
1070 subtype = "Funnel, router";
1076 subtype = "FIFO, buffer";
1081 major = "Trace Source";
1087 subtype = "Processor";
1093 subtype = "Engine/Coprocessor";
1099 subtype = "Software";
1104 major = "Debug Control";
1110 subtype = "Trigger Matrix";
1113 subtype = "Debug Auth";
1116 subtype = "Power Requestor";
1121 major = "Debug Logic";
1127 subtype = "Processor";
1133 subtype = "Engine/Coprocessor";
1144 major = "Perfomance Monitor";
1150 subtype = "Processor";
1156 subtype = "Engine/Coprocessor";
1167 command_print(cmd_ctx, "\t\tType is 0x%02" PRIx8 ", %s, %s",
1168 (uint8_t)(devtype & 0xff),
1170 /* REVISIT also show 0xfc8 DevId */
1173 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1174 command_print(cmd_ctx,
1183 command_print(cmd_ctx,
1184 "\t\tPeripheral ID[4..0] = hex "
1185 "%02x %02x %02x %02x %02x",
1186 (int)c_pid4, (int)c_pid3, (int)c_pid2,
1187 (int)c_pid1, (int)c_pid0);
1189 /* Part number interpretations are from Cortex
1190 * core specs, the CoreSight components TRM
1191 * (ARM DDI 0314H), CoreSight System Design
1192 * Guide (ARM DGI 0012D) and ETM specs; also
1193 * from chip observation (e.g. TI SDTI).
1195 part_num = (c_pid0 & 0xff);
1196 part_num |= (c_pid1 & 0x0f) << 8;
1199 type = "Cortex-M3 NVIC";
1200 full = "(Interrupt Controller)";
1203 type = "Cortex-M3 ITM";
1204 full = "(Instrumentation Trace Module)";
1207 type = "Cortex-M3 DWT";
1208 full = "(Data Watchpoint and Trace)";
1211 type = "Cortex-M3 FBP";
1212 full = "(Flash Patch and Breakpoint)";
1215 type = "Cortex-M4 SCS";
1216 full = "(System Control Space)";
1219 type = "CoreSight ETM11";
1220 full = "(Embedded Trace)";
1222 /* case 0x113: what? */
1223 case 0x120: /* from OMAP3 memmap */
1225 full = "(System Debug Trace Interface)";
1227 case 0x343: /* from OMAP3 memmap */
1232 type = "Coresight CTI";
1233 full = "(Cross Trigger)";
1236 type = "Coresight ETB";
1237 full = "(Trace Buffer)";
1240 type = "Coresight CSTF";
1241 full = "(Trace Funnel)";
1244 type = "CoreSight ETM9";
1245 full = "(Embedded Trace)";
1248 type = "Coresight TPIU";
1249 full = "(Trace Port Interface Unit)";
1252 type = "Coresight ITM";
1253 full = "(Instrumentation Trace Macrocell)";
1256 type = "Coresight HTM";
1257 full = "(AHB Trace Macrocell)";
1260 type = "CoreSight ETM11";
1261 full = "(Embedded Trace)";
1264 type = "Cortex-A8 ETM";
1265 full = "(Embedded Trace)";
1268 type = "Cortex-A8 CTI";
1269 full = "(Cross Trigger)";
1272 type = "Cortex-M3 TPIU";
1273 full = "(Trace Port Interface Unit)";
1276 type = "Cortex-M3 ETM";
1277 full = "(Embedded Trace)";
1280 type = "Cortex-M4 ETM";
1281 full = "(Embedded Trace)";
1284 type = "Cortex-R4 ETM";
1285 full = "(Embedded Trace)";
1288 type = "CoreSight Component";
1289 full = "(unidentified Cortex-A9 component)";
1292 type = "CoreSight STM";
1293 full = "(System Trace Macrocell)";
1296 type = "CoreSight PMU";
1297 full = "(Performance Monitoring Unit)";
1300 type = "Cortex-M4 TPUI";
1301 full = "(Trace Port Interface Unit)";
1304 type = "Cortex-A8 Debug";
1305 full = "(Debug Unit)";
1308 type = "Cortex-A9 Debug";
1309 full = "(Debug Unit)";
1312 type = "-*- unrecognized -*-";
1316 command_print(cmd_ctx, "\t\tPart is %s %s",
1320 if (((c_cid1 >> 4) & 0x0f) == 1) {
1321 retval = dap_rom_display(cmd_ctx, dap, ap, component_base, depth + 1);
1322 if (retval != ERROR_OK)
1327 command_print(cmd_ctx, "\t\tComponent not present");
1332 command_print(cmd_ctx, "\t%s\tEnd of ROM table", tabs);
1336 static int dap_info_command(struct command_context *cmd_ctx,
1337 struct adiv5_dap *dap, int ap)
1340 uint32_t dbgbase, apid;
1341 int romtable_present = 0;
1345 retval = dap_get_debugbase(dap, ap, &dbgbase, &apid);
1346 if (retval != ERROR_OK)
1349 ap_old = dap->ap_current;
1350 dap_ap_select(dap, ap);
1352 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1353 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1354 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1356 switch (apid&0x0F) {
1358 command_print(cmd_ctx, "\tType is JTAG-AP");
1361 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1364 command_print(cmd_ctx, "\tType is MEM-AP APB");
1367 command_print(cmd_ctx, "\tUnknown AP type");
1371 /* NOTE: a MEM-AP may have a single CoreSight component that's
1372 * not a ROM table ... or have no such components at all.
1375 command_print(cmd_ctx, "AP BASE 0x%8.8" PRIx32, dbgbase);
1377 command_print(cmd_ctx, "No AP found at this ap 0x%x", ap);
1379 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1380 if (romtable_present) {
1381 dap_rom_display(cmd_ctx, dap, ap, dbgbase, 0);
1383 command_print(cmd_ctx, "\tNo ROM table present");
1384 dap_ap_select(dap, ap_old);
1389 COMMAND_HANDLER(handle_dap_info_command)
1391 struct target *target = get_current_target(CMD_CTX);
1392 struct arm *arm = target_to_arm(target);
1393 struct adiv5_dap *dap = arm->dap;
1401 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1404 return ERROR_COMMAND_SYNTAX_ERROR;
1407 return dap_info_command(CMD_CTX, dap, apsel);
1410 COMMAND_HANDLER(dap_baseaddr_command)
1412 struct target *target = get_current_target(CMD_CTX);
1413 struct arm *arm = target_to_arm(target);
1414 struct adiv5_dap *dap = arm->dap;
1416 uint32_t apsel, baseaddr;
1424 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1425 /* AP address is in bits 31:24 of DP_SELECT */
1427 return ERROR_COMMAND_SYNTAX_ERROR;
1430 return ERROR_COMMAND_SYNTAX_ERROR;
1433 dap_ap_select(dap, apsel);
1435 /* NOTE: assumes we're talking to a MEM-AP, which
1436 * has a base address. There are other kinds of AP,
1437 * though they're not common for now. This should
1438 * use the ID register to verify it's a MEM-AP.
1440 retval = dap_queue_ap_read(dap, AP_REG_BASE, &baseaddr);
1441 if (retval != ERROR_OK)
1443 retval = dap_run(dap);
1444 if (retval != ERROR_OK)
1447 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1452 COMMAND_HANDLER(dap_memaccess_command)
1454 struct target *target = get_current_target(CMD_CTX);
1455 struct arm *arm = target_to_arm(target);
1456 struct adiv5_dap *dap = arm->dap;
1458 uint32_t memaccess_tck;
1462 memaccess_tck = dap->memaccess_tck;
1465 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1468 return ERROR_COMMAND_SYNTAX_ERROR;
1470 dap->memaccess_tck = memaccess_tck;
1472 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1473 dap->memaccess_tck);
1478 COMMAND_HANDLER(dap_apsel_command)
1480 struct target *target = get_current_target(CMD_CTX);
1481 struct arm *arm = target_to_arm(target);
1482 struct adiv5_dap *dap = arm->dap;
1484 uint32_t apsel, apid;
1492 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1493 /* AP address is in bits 31:24 of DP_SELECT */
1495 return ERROR_COMMAND_SYNTAX_ERROR;
1498 return ERROR_COMMAND_SYNTAX_ERROR;
1502 dap_ap_select(dap, apsel);
1504 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1505 if (retval != ERROR_OK)
1507 retval = dap_run(dap);
1508 if (retval != ERROR_OK)
1511 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1517 COMMAND_HANDLER(dap_apcsw_command)
1519 struct target *target = get_current_target(CMD_CTX);
1520 struct arm *arm = target_to_arm(target);
1521 struct adiv5_dap *dap = arm->dap;
1523 uint32_t apcsw = dap->apcsw[dap->apsel], sprot = 0;
1527 command_print(CMD_CTX, "apsel %" PRIi32 " selected, csw 0x%8.8" PRIx32,
1528 (dap->apsel), apcsw);
1531 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], sprot);
1532 /* AP address is in bits 31:24 of DP_SELECT */
1534 return ERROR_COMMAND_SYNTAX_ERROR;
1538 apcsw &= ~CSW_SPROT;
1541 return ERROR_COMMAND_SYNTAX_ERROR;
1543 dap->apcsw[dap->apsel] = apcsw;
1550 COMMAND_HANDLER(dap_apid_command)
1552 struct target *target = get_current_target(CMD_CTX);
1553 struct arm *arm = target_to_arm(target);
1554 struct adiv5_dap *dap = arm->dap;
1556 uint32_t apsel, apid;
1564 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1565 /* AP address is in bits 31:24 of DP_SELECT */
1567 return ERROR_COMMAND_SYNTAX_ERROR;
1570 return ERROR_COMMAND_SYNTAX_ERROR;
1573 dap_ap_select(dap, apsel);
1575 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1576 if (retval != ERROR_OK)
1578 retval = dap_run(dap);
1579 if (retval != ERROR_OK)
1582 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1587 COMMAND_HANDLER(dap_ti_be_32_quirks_command)
1589 struct target *target = get_current_target(CMD_CTX);
1590 struct arm *arm = target_to_arm(target);
1591 struct adiv5_dap *dap = arm->dap;
1593 uint32_t enable = dap->ti_be_32_quirks;
1599 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], enable);
1601 return ERROR_COMMAND_SYNTAX_ERROR;
1604 return ERROR_COMMAND_SYNTAX_ERROR;
1606 dap->ti_be_32_quirks = enable;
1607 command_print(CMD_CTX, "TI BE-32 quirks mode %s",
1608 enable ? "enabled" : "disabled");
1613 static const struct command_registration dap_commands[] = {
1616 .handler = handle_dap_info_command,
1617 .mode = COMMAND_EXEC,
1618 .help = "display ROM table for MEM-AP "
1619 "(default currently selected AP)",
1620 .usage = "[ap_num]",
1624 .handler = dap_apsel_command,
1625 .mode = COMMAND_EXEC,
1626 .help = "Set the currently selected AP (default 0) "
1627 "and display the result",
1628 .usage = "[ap_num]",
1632 .handler = dap_apcsw_command,
1633 .mode = COMMAND_EXEC,
1634 .help = "Set csw access bit ",
1640 .handler = dap_apid_command,
1641 .mode = COMMAND_EXEC,
1642 .help = "return ID register from AP "
1643 "(default currently selected AP)",
1644 .usage = "[ap_num]",
1648 .handler = dap_baseaddr_command,
1649 .mode = COMMAND_EXEC,
1650 .help = "return debug base address from MEM-AP "
1651 "(default currently selected AP)",
1652 .usage = "[ap_num]",
1655 .name = "memaccess",
1656 .handler = dap_memaccess_command,
1657 .mode = COMMAND_EXEC,
1658 .help = "set/get number of extra tck for MEM-AP memory "
1659 "bus access [0-255]",
1660 .usage = "[cycles]",
1663 .name = "ti_be_32_quirks",
1664 .handler = dap_ti_be_32_quirks_command,
1665 .mode = COMMAND_CONFIG,
1666 .help = "set/get quirks mode for TI TMS450/TMS570 processors",
1667 .usage = "[enable]",
1669 COMMAND_REGISTRATION_DONE
1672 const struct command_registration dap_command_handlers[] = {
1675 .mode = COMMAND_EXEC,
1676 .help = "DAP command group",
1678 .chain = dap_commands,
1680 COMMAND_REGISTRATION_DONE
projects / openocd / blob