1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "embeddedice.h"
32 #define ARRAY_SIZE(x) ((int)(sizeof(x)/sizeof((x)[0])))
35 static bitfield_desc_t embeddedice_comms_ctrl_bitfield_desc[] =
45 * From: ARM9E-S TRM, DDI 0165, table C-4 (and similar, for other cores)
55 /* width is assigned based on EICE version */
58 .name = "debug_status",
60 /* width is assigned based on EICE version */
72 [EICE_W0_ADDR_VALUE] = {
73 .name = "watch_0_addr_value",
77 [EICE_W0_ADDR_MASK] = {
78 .name = "watch_0_addr_mask",
82 [EICE_W0_DATA_VALUE ] = {
83 .name = "watch_0_data_value",
87 [EICE_W0_DATA_MASK] = {
88 .name = "watch_0_data_mask",
92 [EICE_W0_CONTROL_VALUE] = {
93 .name = "watch_0_control_value",
97 [EICE_W0_CONTROL_MASK] = {
98 .name = "watch_0_control_mask",
102 [EICE_W1_ADDR_VALUE] = {
103 .name = "watch_1_addr_value",
107 [EICE_W1_ADDR_MASK] = {
108 .name = "watch_1_addr_mask",
112 [EICE_W1_DATA_VALUE] = {
113 .name = "watch_1_data_value",
117 [EICE_W1_DATA_MASK] = {
118 .name = "watch_1_data_mask",
122 [EICE_W1_CONTROL_VALUE] = {
123 .name = "watch_1_control_value",
127 [EICE_W1_CONTROL_MASK] = {
128 .name = "watch_1_control_mask",
132 /* vector_catch isn't always present */
134 .name = "vector_catch",
141 static int embeddedice_reg_arch_type = -1;
143 static int embeddedice_get_reg(reg_t *reg);
145 reg_cache_t* embeddedice_build_reg_cache(target_t *target, arm7_9_common_t *arm7_9)
148 reg_cache_t *reg_cache = malloc(sizeof(reg_cache_t));
149 reg_t *reg_list = NULL;
150 embeddedice_reg_t *arch_info = NULL;
151 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
152 int num_regs = ARRAY_SIZE(eice_regs);
154 int eice_version = 0;
156 /* register a register arch-type for EmbeddedICE registers only once */
157 if (embeddedice_reg_arch_type == -1)
158 embeddedice_reg_arch_type = register_reg_arch_type(
159 embeddedice_get_reg, embeddedice_set_reg_w_exec);
161 /* vector_catch isn't always present */
162 if (!arm7_9->has_vector_catch)
165 /* the actual registers are kept in two arrays */
166 reg_list = calloc(num_regs, sizeof(reg_t));
167 arch_info = calloc(num_regs, sizeof(embeddedice_reg_t));
169 /* fill in values for the reg cache */
170 reg_cache->name = "EmbeddedICE registers";
171 reg_cache->next = NULL;
172 reg_cache->reg_list = reg_list;
173 reg_cache->num_regs = num_regs;
175 /* set up registers */
176 for (i = 0; i < num_regs; i++)
178 reg_list[i].name = eice_regs[i].name;
179 reg_list[i].size = eice_regs[i].width;
180 reg_list[i].dirty = 0;
181 reg_list[i].valid = 0;
182 reg_list[i].bitfield_desc = NULL;
183 reg_list[i].num_bitfields = 0;
184 reg_list[i].value = calloc(1, 4);
185 reg_list[i].arch_info = &arch_info[i];
186 reg_list[i].arch_type = embeddedice_reg_arch_type;
187 arch_info[i].addr = eice_regs[i].addr;
188 arch_info[i].jtag_info = jtag_info;
191 /* identify EmbeddedICE version by reading DCC control register */
192 embeddedice_read_reg(®_list[EICE_COMMS_CTRL]);
193 if ((retval = jtag_execute_queue()) != ERROR_OK)
195 for (i = 0; i < num_regs; i++)
197 free(reg_list[i].value);
204 eice_version = buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 28, 4);
205 LOG_DEBUG("Embedded ICE version %d", eice_version);
207 switch (eice_version)
210 /* ARM7TDMI r3, ARM7TDMI-S r3
212 * REVISIT docs say ARM7TDMI-S r4 uses version 1 but
213 * that it has 6-bit CTRL and 5-bit STAT... doc bug?
214 * ARM7TDMI r4 docs say EICE v4.
216 reg_list[EICE_DBG_CTRL].size = 3;
217 reg_list[EICE_DBG_STAT].size = 5;
221 reg_list[EICE_DBG_CTRL].size = 4;
222 reg_list[EICE_DBG_STAT].size = 5;
223 arm7_9->has_single_step = 1;
226 LOG_ERROR("EmbeddedICE v%d handling might be broken",
228 reg_list[EICE_DBG_CTRL].size = 6;
229 reg_list[EICE_DBG_STAT].size = 5;
230 arm7_9->has_single_step = 1;
231 arm7_9->has_monitor_mode = 1;
235 reg_list[EICE_DBG_CTRL].size = 6;
236 reg_list[EICE_DBG_STAT].size = 5;
237 arm7_9->has_monitor_mode = 1;
241 reg_list[EICE_DBG_CTRL].size = 6;
242 reg_list[EICE_DBG_STAT].size = 5;
243 arm7_9->has_single_step = 1;
244 arm7_9->has_monitor_mode = 1;
247 /* ARM7EJ-S, ARM9E-S rev 2, ARM9EJ-S */
248 reg_list[EICE_DBG_CTRL].size = 6;
249 reg_list[EICE_DBG_STAT].size = 10;
250 /* DBG_STAT has MOE bits */
251 arm7_9->has_monitor_mode = 1;
254 LOG_ERROR("EmbeddedICE v%d handling might be broken",
256 reg_list[EICE_DBG_CTRL].size = 6;
257 reg_list[EICE_DBG_STAT].size = 5;
258 arm7_9->has_monitor_mode = 1;
262 * The Feroceon implementation has the version number
263 * in some unusual bits. Let feroceon.c validate it
264 * and do the appropriate setup itself.
266 if (strcmp(target_get_name(target), "feroceon") == 0)
268 LOG_ERROR("unknown EmbeddedICE version (comms ctrl: 0x%8.8" PRIx32 ")", buf_get_u32(reg_list[EICE_COMMS_CTRL].value, 0, 32));
274 int embeddedice_setup(target_t *target)
277 armv4_5_common_t *armv4_5 = target->arch_info;
278 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
280 /* explicitly disable monitor mode */
281 if (arm7_9->has_monitor_mode)
283 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
285 embeddedice_read_reg(dbg_ctrl);
286 if ((retval = jtag_execute_queue()) != ERROR_OK)
288 buf_set_u32(dbg_ctrl->value, 4, 1, 0);
289 embeddedice_set_reg_w_exec(dbg_ctrl, dbg_ctrl->value);
291 return jtag_execute_queue();
294 static int embeddedice_get_reg(reg_t *reg)
297 if ((retval = embeddedice_read_reg(reg)) != ERROR_OK)
299 LOG_ERROR("BUG: error scheduling EmbeddedICE register read");
303 if ((retval = jtag_execute_queue()) != ERROR_OK)
305 LOG_ERROR("register read failed");
312 int embeddedice_read_reg_w_check(reg_t *reg, uint8_t* check_value, uint8_t* check_mask)
314 embeddedice_reg_t *ice_reg = reg->arch_info;
315 uint8_t reg_addr = ice_reg->addr & 0x1f;
316 scan_field_t fields[3];
317 uint8_t field1_out[1];
318 uint8_t field2_out[1];
320 jtag_set_end_state(TAP_IDLE);
321 arm_jtag_scann(ice_reg->jtag_info, 0x2);
323 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
325 fields[0].tap = ice_reg->jtag_info->tap;
326 fields[0].num_bits = 32;
327 fields[0].out_value = reg->value;
328 fields[0].in_value = NULL;
329 fields[0].check_value = NULL;
330 fields[0].check_mask = NULL;
332 fields[1].tap = ice_reg->jtag_info->tap;
333 fields[1].num_bits = 5;
334 fields[1].out_value = field1_out;
335 buf_set_u32(fields[1].out_value, 0, 5, reg_addr);
336 fields[1].in_value = NULL;
337 fields[1].check_value = NULL;
338 fields[1].check_mask = NULL;
340 fields[2].tap = ice_reg->jtag_info->tap;
341 fields[2].num_bits = 1;
342 fields[2].out_value = field2_out;
343 buf_set_u32(fields[2].out_value, 0, 1, 0);
344 fields[2].in_value = NULL;
345 fields[2].check_value = NULL;
346 fields[2].check_mask = NULL;
348 jtag_add_dr_scan(3, fields, jtag_get_end_state());
350 fields[0].in_value = reg->value;
351 fields[0].check_value = check_value;
352 fields[0].check_mask = check_mask;
354 /* when reading the DCC data register, leaving the address field set to
355 * EICE_COMMS_DATA would read the register twice
356 * reading the control register is safe
358 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_CTRL].addr);
360 jtag_add_dr_scan_check(3, fields, jtag_get_end_state());
365 /* receive <size> words of 32 bit from the DCC
366 * we pretend the target is always going to be fast enough
367 * (relative to the JTAG clock), so we don't need to handshake
369 int embeddedice_receive(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
371 scan_field_t fields[3];
372 uint8_t field1_out[1];
373 uint8_t field2_out[1];
375 jtag_set_end_state(TAP_IDLE);
376 arm_jtag_scann(jtag_info, 0x2);
377 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
379 fields[0].tap = jtag_info->tap;
380 fields[0].num_bits = 32;
381 fields[0].out_value = NULL;
382 fields[0].in_value = NULL;
384 fields[1].tap = jtag_info->tap;
385 fields[1].num_bits = 5;
386 fields[1].out_value = field1_out;
387 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
388 fields[1].in_value = NULL;
390 fields[2].tap = jtag_info->tap;
391 fields[2].num_bits = 1;
392 fields[2].out_value = field2_out;
393 buf_set_u32(fields[2].out_value, 0, 1, 0);
394 fields[2].in_value = NULL;
396 jtag_add_dr_scan(3, fields, jtag_get_end_state());
400 /* when reading the last item, set the register address to the DCC control reg,
401 * to avoid reading additional data from the DCC data reg
404 buf_set_u32(fields[1].out_value, 0, 5,
405 eice_regs[EICE_COMMS_CTRL].addr);
407 fields[0].in_value = (uint8_t *)data;
408 jtag_add_dr_scan(3, fields, jtag_get_end_state());
409 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)data);
415 return jtag_execute_queue();
418 int embeddedice_read_reg(reg_t *reg)
420 return embeddedice_read_reg_w_check(reg, NULL, NULL);
423 void embeddedice_set_reg(reg_t *reg, uint32_t value)
425 embeddedice_write_reg(reg, value);
427 buf_set_u32(reg->value, 0, reg->size, value);
433 int embeddedice_set_reg_w_exec(reg_t *reg, uint8_t *buf)
436 embeddedice_set_reg(reg, buf_get_u32(buf, 0, reg->size));
438 if ((retval = jtag_execute_queue()) != ERROR_OK)
440 LOG_ERROR("register write failed");
446 void embeddedice_write_reg(reg_t *reg, uint32_t value)
448 embeddedice_reg_t *ice_reg = reg->arch_info;
450 LOG_DEBUG("%i: 0x%8.8" PRIx32 "", ice_reg->addr, value);
452 jtag_set_end_state(TAP_IDLE);
453 arm_jtag_scann(ice_reg->jtag_info, 0x2);
455 arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
457 uint8_t reg_addr = ice_reg->addr & 0x1f;
458 embeddedice_write_reg_inner(ice_reg->jtag_info->tap, reg_addr, value);
462 void embeddedice_store_reg(reg_t *reg)
464 embeddedice_write_reg(reg, buf_get_u32(reg->value, 0, reg->size));
467 /* send <size> words of 32 bit to the DCC
468 * we pretend the target is always going to be fast enough
469 * (relative to the JTAG clock), so we don't need to handshake
471 int embeddedice_send(arm_jtag_t *jtag_info, uint32_t *data, uint32_t size)
473 scan_field_t fields[3];
474 uint8_t field0_out[4];
475 uint8_t field1_out[1];
476 uint8_t field2_out[1];
478 jtag_set_end_state(TAP_IDLE);
479 arm_jtag_scann(jtag_info, 0x2);
480 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
482 fields[0].tap = jtag_info->tap;
483 fields[0].num_bits = 32;
484 fields[0].out_value = field0_out;
485 fields[0].in_value = NULL;
487 fields[1].tap = jtag_info->tap;
488 fields[1].num_bits = 5;
489 fields[1].out_value = field1_out;
490 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
491 fields[1].in_value = NULL;
493 fields[2].tap = jtag_info->tap;
494 fields[2].num_bits = 1;
495 fields[2].out_value = field2_out;
496 buf_set_u32(fields[2].out_value, 0, 1, 1);
498 fields[2].in_value = NULL;
502 buf_set_u32(fields[0].out_value, 0, 32, *data);
503 jtag_add_dr_scan(3, fields, jtag_get_end_state());
509 /* call to jtag_execute_queue() intentionally omitted */
513 /* wait for DCC control register R/W handshake bit to become active
515 int embeddedice_handshake(arm_jtag_t *jtag_info, int hsbit, uint32_t timeout)
517 scan_field_t fields[3];
518 uint8_t field0_in[4];
519 uint8_t field1_out[1];
520 uint8_t field2_out[1];
526 if (hsbit == EICE_COMM_CTRL_WBIT)
528 else if (hsbit == EICE_COMM_CTRL_RBIT)
531 return ERROR_INVALID_ARGUMENTS;
533 jtag_set_end_state(TAP_IDLE);
534 arm_jtag_scann(jtag_info, 0x2);
535 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
537 fields[0].tap = jtag_info->tap;
538 fields[0].num_bits = 32;
539 fields[0].out_value = NULL;
540 fields[0].in_value = field0_in;
542 fields[1].tap = jtag_info->tap;
543 fields[1].num_bits = 5;
544 fields[1].out_value = field1_out;
545 buf_set_u32(fields[1].out_value, 0, 5, eice_regs[EICE_COMMS_DATA].addr);
546 fields[1].in_value = NULL;
548 fields[2].tap = jtag_info->tap;
549 fields[2].num_bits = 1;
550 fields[2].out_value = field2_out;
551 buf_set_u32(fields[2].out_value, 0, 1, 0);
552 fields[2].in_value = NULL;
554 jtag_add_dr_scan(3, fields, jtag_get_end_state());
555 gettimeofday(&lap, NULL);
558 jtag_add_dr_scan(3, fields, jtag_get_end_state());
559 if ((retval = jtag_execute_queue()) != ERROR_OK)
562 if (buf_get_u32(field0_in, hsbit, 1) == hsact)
565 gettimeofday(&now, NULL);
567 while ((uint32_t)((now.tv_sec-lap.tv_sec)*1000 + (now.tv_usec-lap.tv_usec)/1000) <= timeout);
569 return ERROR_TARGET_TIMEOUT;
572 #ifndef HAVE_JTAG_MINIDRIVER_H
573 /* this is the inner loop of the open loop DCC write of data to target */
574 void embeddedice_write_dcc(jtag_tap_t *tap, int reg_addr, uint8_t *buffer, int little, int count)
577 for (i = 0; i < count; i++)
579 embeddedice_write_reg_inner(tap, reg_addr, fast_target_buffer_get_u32(buffer, little));
584 /* provided by minidriver */
projects / openocd / blob