int embeddedice_read_reg_w_check(reg_t *reg, u8* check_value, u8* check_mask)
{
embeddedice_reg_t *ice_reg = reg->arch_info;
u8 reg_addr = ice_reg->addr & 0x1f;
scan_field_t fields[3];
u8 field1_out[1];
u8 field2_out[1];
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(ice_reg->jtag_info, 0x2);
arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
fields[0].tap = ice_reg->jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = reg->value;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[0].in_handler = NULL;
fields[0].in_handler_priv = NULL;
fields[1].tap = ice_reg->jtag_info->tap;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
buf_set_u32(fields[1].out_value, 0, 5, reg_addr);
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[2].tap = ice_reg->jtag_info->tap;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
buf_set_u32(fields[2].out_value, 0, 1, 0);
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
jtag_add_dr_scan(3, fields, -1);
fields[0].in_value = reg->value;
jtag_set_check_value(fields+0, check_value, check_mask, NULL);
/* when reading the DCC data register, leaving the address field set to
* EICE_COMMS_DATA would read the register twice
* reading the control register is safe
*/
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_CTRL]);
jtag_add_dr_scan(3, fields, -1);
return ERROR_OK;
}
int arm_jtag_scann(arm_jtag_t *jtag_info, u32 new_scan_chain)
{
int retval = ERROR_OK;
if(jtag_info->cur_scan_chain != new_scan_chain)
{
u32 values[1];
int num_bits[1];
values[0]=new_scan_chain;
num_bits[0]=jtag_info->scann_size;
if((retval = arm_jtag_set_instr(jtag_info, jtag_info->scann_instr, NULL)) != ERROR_OK)
{
return retval;
}
jtag_add_dr_out(jtag_info->tap,
1,
num_bits,
values,
-1);
jtag_info->cur_scan_chain = new_scan_chain;
}
return retval;
}
/* just read data (instruction and data-out = don't care) */
int arm9tdmi_clock_data_in(arm_jtag_t *jtag_info, u32 *in)
{
scan_field_t fields[3];
jtag_add_end_state(TAP_PD);
arm_jtag_scann(jtag_info, 0x1);
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].device = jtag_info->chain_pos;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
fields[0].in_handler = arm_jtag_buf_to_u32;
fields[0].in_handler_priv = in;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[1].device = jtag_info->chain_pos;
fields[1].num_bits = 3;
fields[1].out_value = NULL;
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[2].device = jtag_info->chain_pos;
fields[2].num_bits = 32;
fields[2].out_value = NULL;
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
jtag_add_dr_scan(3, fields, -1, NULL);
jtag_add_runtest(0, -1);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
{
jtag_execute_queue();
if (in)
{
DEBUG("in: 0x%8.8x", *in);
}
else
{
ERROR("BUG: called with in == NULL");
}
}
#endif
return ERROR_OK;
}
/**
* Poll DCC control register until read or write handshake completes.
*/
int embeddedice_handshake(struct arm_jtag *jtag_info, int hsbit, uint32_t timeout)
{
struct scan_field fields[3];
uint8_t field0_in[4];
uint8_t field1_out[1];
uint8_t field2_out[1];
int retval;
uint32_t hsact;
struct timeval lap;
struct timeval now;
if (hsbit == EICE_COMM_CTRL_WBIT)
hsact = 1;
else if (hsbit == EICE_COMM_CTRL_RBIT)
hsact = 0;
else {
LOG_ERROR("Invalid arguments");
return ERROR_COMMAND_SYNTAX_ERROR;
}
retval = arm_jtag_scann(jtag_info, 0x2, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = field0_in;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
field1_out[0] = eice_regs[EICE_COMMS_DATA].addr;
fields[1].in_value = NULL;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
field2_out[0] = 0;
fields[2].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
gettimeofday(&lap, NULL);
do {
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
if (buf_get_u32(field0_in, hsbit, 1) == hsact)
return ERROR_OK;
gettimeofday(&now, NULL);
} while ((uint32_t)((now.tv_sec - lap.tv_sec) * 1000
+ (now.tv_usec - lap.tv_usec) / 1000) <= timeout);
LOG_ERROR("embeddedice handshake timeout");
return ERROR_TARGET_TIMEOUT;
}
/* clock the target, and read the databus
* the *in pointer points to a buffer where elements of 'size' bytes
* are stored in big (be == 1) or little (be == 0) endianness
*/
int arm9tdmi_clock_data_in_endianness(struct arm_jtag *jtag_info,
void *in, int size, int be)
{
int retval = ERROR_OK;
struct scan_field fields[2];
retval = arm_jtag_scann(jtag_info, 0x1, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
if (size == 4) {
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = in;
fields[1].num_bits = 3 + 32;
fields[1].out_value = NULL;
fields[1].in_value = NULL;
} else {
/* Discard irrelevant bits of the scan, making sure we don't write more
* than size bytes to in */
fields[0].num_bits = size * 8;
fields[0].out_value = NULL;
fields[0].in_value = in;
fields[1].num_bits = 3 + 32 + 32 - size * 8;
fields[1].out_value = NULL;
fields[1].in_value = NULL;
}
jtag_add_dr_scan(jtag_info->tap, 2, fields, TAP_DRPAUSE);
jtag_add_callback4(arm7_9_endianness_callback,
(jtag_callback_data_t)in,
(jtag_callback_data_t)size,
(jtag_callback_data_t)be,
(jtag_callback_data_t)0);
jtag_add_runtest(0, TAP_DRPAUSE);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
{
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
if (in)
LOG_DEBUG("in: 0x%8.8x", *(uint32_t *)in);
else
LOG_ERROR("BUG: called with in == NULL");
}
#endif
return ERROR_OK;
}
int arm9tdmi_examine_debug_reason(struct target *target)
{
int retval = ERROR_OK;
struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
/* only check the debug reason if we don't know it already */
if ((target->debug_reason != DBG_REASON_DBGRQ)
&& (target->debug_reason != DBG_REASON_SINGLESTEP)) {
struct scan_field fields[3];
uint8_t databus[4];
uint8_t instructionbus[4];
uint8_t debug_reason;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = databus;
fields[1].num_bits = 3;
fields[1].out_value = NULL;
fields[1].in_value = &debug_reason;
fields[2].num_bits = 32;
fields[2].out_value = NULL;
fields[2].in_value = instructionbus;
retval = arm_jtag_scann(&arm7_9->jtag_info, 0x1, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(arm7_9->jtag_info.tap, arm7_9->jtag_info.intest_instr, NULL, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
jtag_add_dr_scan(arm7_9->jtag_info.tap, 3, fields, TAP_DRPAUSE);
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
fields[0].in_value = NULL;
fields[0].out_value = databus;
fields[1].in_value = NULL;
fields[1].out_value = &debug_reason;
fields[2].in_value = NULL;
fields[2].out_value = instructionbus;
jtag_add_dr_scan(arm7_9->jtag_info.tap, 3, fields, TAP_DRPAUSE);
if (debug_reason & 0x4)
if (debug_reason & 0x2)
target->debug_reason = DBG_REASON_WPTANDBKPT;
else
target->debug_reason = DBG_REASON_WATCHPOINT;
else
target->debug_reason = DBG_REASON_BREAKPOINT;
}
return ERROR_OK;
}
/* See table 9-10 for scan chain 15 format during interpreted access mode.
* If the TESTSTATE register is set for interpreted access, certain CP15
* MRC and MCR instructions may be executed through scan chain 15.
*
* Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
* executed using scan chain 15 interpreted mode.
*/
static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
uint32_t arm_opcode)
{
int retval;
struct arm920t_common *arm920t = target_to_arm920(target);
struct arm_jtag *jtag_info;
struct scan_field fields[4];
uint8_t access_type_buf = 0; /* interpreted access */
uint8_t reg_addr_buf = 0x0;
uint8_t nr_w_buf = 0;
uint8_t cp15_opcode_buf[4];
jtag_info = &arm920t->arm7_9_common.jtag_info;
retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
fields[0].num_bits = 1;
fields[0].out_value = &access_type_buf;
fields[0].in_value = NULL;
fields[1].num_bits = 32;
fields[1].out_value = cp15_opcode_buf;
fields[1].in_value = NULL;
fields[2].num_bits = 6;
fields[2].out_value = ®_addr_buf;
fields[2].in_value = NULL;
fields[3].num_bits = 1;
fields[3].out_value = &nr_w_buf;
fields[3].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
retval = arm7_9_execute_sys_speed(target);
if (retval != ERROR_OK)
return retval;
if ((retval = jtag_execute_queue()) != ERROR_OK)
{
LOG_ERROR("failed executing JTAG queue");
return retval;
}
return ERROR_OK;
}
/* clock the target, and read the databus
* the *in pointer points to a buffer where elements of 'size' bytes
* are stored in big (be == 1) or little (be == 0) endianness
*/
int arm9tdmi_clock_data_in_endianness(struct arm_jtag *jtag_info,
void *in, int size, int be)
{
int retval = ERROR_OK;
struct scan_field fields[3];
jtag_set_end_state(TAP_DRPAUSE);
if ((retval = arm_jtag_scann(jtag_info, 0x1)) != ERROR_OK)
{
return retval;
}
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].tap = jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
jtag_alloc_in_value32(&fields[0]);
fields[1].tap = jtag_info->tap;
fields[1].num_bits = 3;
fields[1].out_value = NULL;
fields[1].in_value = NULL;
fields[2].tap = jtag_info->tap;
fields[2].num_bits = 32;
fields[2].out_value = NULL;
fields[2].in_value = NULL;
jtag_add_dr_scan(3, fields, jtag_get_end_state());
jtag_add_callback4(arm9endianness, (jtag_callback_data_t)in, (jtag_callback_data_t)size, (jtag_callback_data_t)be, (jtag_callback_data_t)fields[0].in_value);
jtag_add_runtest(0, jtag_get_end_state());
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
{
if ((retval = jtag_execute_queue()) != ERROR_OK)
{
return retval;
}
if (in)
{
LOG_DEBUG("in: 0x%8.8x", *(uint32_t*)in);
}
else
{
LOG_ERROR("BUG: called with in == NULL");
}
}
#endif
return ERROR_OK;
}
/* send <size> words of 32 bit to the DCC
* we pretend the target is always going to be fast enough
* (relative to the JTAG clock), so we don't need to handshake
*/
int embeddedice_send(arm_jtag_t *jtag_info, u32 *data, u32 size)
{
scan_field_t fields[3];
u8 field0_out[4];
u8 field1_out[1];
u8 field2_out[1];
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(jtag_info, 0x2);
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].tap = jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = field0_out;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[0].in_handler = NULL;
fields[0].in_handler_priv = NULL;
fields[1].tap = jtag_info->tap;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_DATA]);
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[2].tap = jtag_info->tap;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
buf_set_u32(fields[2].out_value, 0, 1, 1);
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
while (size > 0)
{
buf_set_u32(fields[0].out_value, 0, 32, *data);
jtag_add_dr_scan(3, fields, -1);
data++;
size--;
}
/* call to jtag_execute_queue() intentionally omitted */
return ERROR_OK;
}
static int arm720t_scan_cp15(struct target *target,
uint32_t out, uint32_t *in, int instruction, int clock_arg)
{
int retval;
struct arm720t_common *arm720t = target_to_arm720(target);
struct arm_jtag *jtag_info;
struct scan_field fields[2];
uint8_t out_buf[4];
uint8_t instruction_buf = instruction;
jtag_info = &arm720t->arm7_9_common.jtag_info;
buf_set_u32(out_buf, 0, 32, flip_u32(out, 32));
retval = arm_jtag_scann(jtag_info, 0xf, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 1;
fields[0].out_value = &instruction_buf;
fields[0].in_value = NULL;
fields[1].num_bits = 32;
fields[1].out_value = out_buf;
fields[1].in_value = NULL;
if (in) {
fields[1].in_value = (uint8_t *)in;
jtag_add_dr_scan(jtag_info->tap, 2, fields, TAP_DRPAUSE);
jtag_add_callback(arm7flip32, (jtag_callback_data_t)in);
} else
jtag_add_dr_scan(jtag_info->tap, 2, fields, TAP_DRPAUSE);
if (clock_arg)
jtag_add_runtest(0, TAP_DRPAUSE);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
if (in)
LOG_DEBUG("out: %8.8x, in: %8.8x, instruction: %i, clock: %i", out, *in, instruction, clock);
else
LOG_DEBUG("out: %8.8x, instruction: %i, clock: %i", out, instruction, clock_arg);
#else
LOG_DEBUG("out: %8.8" PRIx32 ", instruction: %i, clock: %i", out, instruction, clock_arg);
#endif
return ERROR_OK;
}
/* put an instruction in the ARM7TDMI pipeline or write the data bus,
* and optionally read data
*
* FIXME remove the unused "deprecated" parameter
*/
static inline int arm7tdmi_clock_out(struct arm_jtag *jtag_info,
uint32_t out, uint32_t *deprecated, int breakpoint)
{
int retval;
retval = arm_jtag_scann(jtag_info, 0x1, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
return arm7tdmi_clock_out_inner(jtag_info, out, breakpoint);
}
/**
* Queue a write for an EmbeddedICE register, bypassing the register cache.
*/
void embeddedice_write_reg(struct reg *reg, uint32_t value)
{
struct embeddedice_reg *ice_reg = reg->arch_info;
LOG_DEBUG("%i: 0x%8.8" PRIx32 "", ice_reg->addr, value);
arm_jtag_scann(ice_reg->jtag_info, 0x2, TAP_IDLE);
arm_jtag_set_instr(ice_reg->jtag_info->tap, ice_reg->jtag_info->intest_instr, NULL, TAP_IDLE);
uint8_t reg_addr = ice_reg->addr & 0x1f;
embeddedice_write_reg_inner(ice_reg->jtag_info->tap, reg_addr, value);
}
static int arm920t_read_cp15_physical(struct target *target,
int reg_addr, uint32_t *value)
{
struct arm920t_common *arm920t = target_to_arm920(target);
struct arm_jtag *jtag_info;
struct scan_field fields[4];
uint8_t access_type_buf = 1;
uint8_t reg_addr_buf = reg_addr & 0x3f;
uint8_t nr_w_buf = 0;
int retval;
jtag_info = &arm920t->arm7_9_common.jtag_info;
retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 1;
fields[0].out_value = &access_type_buf;
fields[0].in_value = NULL;
fields[1].num_bits = 32;
fields[1].out_value = NULL;
fields[1].in_value = NULL;
fields[2].num_bits = 6;
fields[2].out_value = ®_addr_buf;
fields[2].in_value = NULL;
fields[3].num_bits = 1;
fields[3].out_value = &nr_w_buf;
fields[3].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
fields[1].in_value = (uint8_t *)value;
jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
jtag_execute_queue();
LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
#endif
return ERROR_OK;
}
static int arm966e_read_cp15(struct target *target, int reg_addr, uint32_t *value)
{
int retval = ERROR_OK;
struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
struct arm_jtag *jtag_info = &arm7_9->jtag_info;
struct scan_field fields[3];
uint8_t reg_addr_buf = reg_addr & 0x3f;
uint8_t nr_w_buf = 0;
retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
/* REVISIT: table 7-2 shows that bits 31-31 need to be
* specified for accessing BIST registers ...
*/
fields[0].out_value = NULL;
fields[0].in_value = NULL;
fields[1].num_bits = 6;
fields[1].out_value = ®_addr_buf;
fields[1].in_value = NULL;
fields[2].num_bits = 1;
fields[2].out_value = &nr_w_buf;
fields[2].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
fields[1].in_value = (uint8_t *)value;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
#endif
return ERROR_OK;
}
void embeddedice_write_reg(reg_t *reg, u32 value)
{
embeddedice_reg_t *ice_reg = reg->arch_info;
LOG_DEBUG("%i: 0x%8.8x", ice_reg->addr, value);
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(ice_reg->jtag_info, 0x2);
arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
u8 reg_addr = ice_reg->addr & 0x1f;
embeddedice_write_reg_inner(ice_reg->jtag_info->tap, reg_addr, value);
}
static int arm920t_write_cp15_physical(struct target *target,
int reg_addr, uint32_t value)
{
struct arm920t_common *arm920t = target_to_arm920(target);
struct arm_jtag *jtag_info;
struct scan_field fields[4];
uint8_t access_type_buf = 1;
uint8_t reg_addr_buf = reg_addr & 0x3f;
uint8_t nr_w_buf = 1;
uint8_t value_buf[4];
int retval;
jtag_info = &arm920t->arm7_9_common.jtag_info;
buf_set_u32(value_buf, 0, 32, value);
retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 1;
fields[0].out_value = &access_type_buf;
fields[0].in_value = NULL;
fields[1].num_bits = 32;
fields[1].out_value = value_buf;
fields[1].in_value = NULL;
fields[2].num_bits = 6;
fields[2].out_value = ®_addr_buf;
fields[2].in_value = NULL;
fields[3].num_bits = 1;
fields[3].out_value = &nr_w_buf;
fields[3].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
#endif
return ERROR_OK;
}
/**
* Receive a block of size 32-bit words from the DCC.
* We assume the target is always going to be fast enough (relative to
* the JTAG clock) that the debugger won't need to poll the handshake
* bit. The JTAG clock is usually at least six times slower than the
* functional clock, so the 50+ JTAG clocks needed to receive the word
* allow hundreds of instruction cycles (per word) in the target.
*/
int embeddedice_receive(struct arm_jtag *jtag_info, uint32_t *data, uint32_t size)
{
struct scan_field fields[3];
uint8_t field1_out[1];
uint8_t field2_out[1];
int retval;
retval = arm_jtag_scann(jtag_info, 0x2, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = NULL;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
field1_out[0] = eice_regs[EICE_COMMS_DATA].addr;
fields[1].in_value = NULL;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
field2_out[0] = 0;
fields[2].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
while (size > 0) {
/* when reading the last item, set the register address to the DCC control reg,
* to avoid reading additional data from the DCC data reg
*/
if (size == 1)
field1_out[0] = eice_regs[EICE_COMMS_CTRL].addr;
fields[0].in_value = (uint8_t *)data;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)data);
data++;
size--;
}
return jtag_execute_queue();
}
/* just read data (instruction and data-out = don't care) */
int arm9tdmi_clock_data_in(struct arm_jtag *jtag_info, uint32_t *in)
{
int retval = ERROR_OK;
struct scan_field fields[3];
retval = arm_jtag_scann(jtag_info, 0x1, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = (uint8_t *)in;
fields[1].num_bits = 3;
fields[1].out_value = NULL;
fields[1].in_value = NULL;
fields[2].num_bits = 32;
fields[2].out_value = NULL;
fields[2].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_DRPAUSE);
jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)in);
jtag_add_runtest(0, TAP_DRPAUSE);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
{
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
if (in)
LOG_DEBUG("in: 0x%8.8x", *in);
else
LOG_ERROR("BUG: called with in == NULL");
}
#endif
return ERROR_OK;
}
static int adi_jtag_dp_scan(struct adiv5_dap *dap,
uint8_t instr, uint8_t reg_addr, uint8_t RnW,
uint8_t *outvalue, uint8_t *invalue, uint8_t *ack,
uint32_t memaccess_tck)
{
struct jtag_tap *tap = dap->tap;
struct scan_field fields[2];
uint8_t out_addr_buf;
int retval;
retval = arm_jtag_set_instr(tap, instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
/* Scan out a read or write operation using some DP or AP register.
* For APACC access with any sticky error flag set, this is discarded.
*/
fields[0].num_bits = 3;
buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
fields[0].out_value = &out_addr_buf;
fields[0].in_value = ack;
/* NOTE: if we receive JTAG_ACK_WAIT, the previous operation did not
* complete; data we write is discarded, data we read is unpredictable.
* When overrun detect is active, STICKYORUN is set.
*/
fields[1].num_bits = 32;
fields[1].out_value = outvalue;
fields[1].in_value = invalue;
jtag_add_dr_scan(tap, 2, fields, TAP_IDLE);
/* Add specified number of tck clocks after starting memory bus
* access, giving the hardware time to complete the access.
* They provide more time for the (MEM) AP to complete the read ...
* See "Minimum Response Time" for JTAG-DP, in the ADIv5 spec.
*/
if ((instr == JTAG_DP_APACC)
&& ((reg_addr == MEM_AP_REG_DRW)
|| ((reg_addr & 0xF0) == MEM_AP_REG_BD0))
&& memaccess_tck != 0)
jtag_add_runtest(memaccess_tck, TAP_IDLE);
return ERROR_OK;
}
/**
* Send a block of size 32-bit words to the DCC.
* We assume the target is always going to be fast enough (relative to
* the JTAG clock) that the debugger won't need to poll the handshake
* bit. The JTAG clock is usually at least six times slower than the
* functional clock, so the 50+ JTAG clocks needed to receive the word
* allow hundreds of instruction cycles (per word) in the target.
*/
int embeddedice_send(struct arm_jtag *jtag_info, uint32_t *data, uint32_t size)
{
struct scan_field fields[3];
uint8_t field0_out[4];
uint8_t field1_out[1];
uint8_t field2_out[1];
int retval;
retval = arm_jtag_scann(jtag_info, 0x2, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = field0_out;
fields[0].in_value = NULL;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
field1_out[0] = eice_regs[EICE_COMMS_DATA].addr;
fields[1].in_value = NULL;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
field2_out[0] = 1;
fields[2].in_value = NULL;
while (size > 0) {
buf_set_u32(field0_out, 0, 32, *data);
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_IDLE);
data++;
size--;
}
/* call to jtag_execute_queue() intentionally omitted */
return ERROR_OK;
}
int arm_jtag_scann_inner(struct arm_jtag *jtag_info, uint32_t new_scan_chain, tap_state_t end_state)
{
int retval = ERROR_OK;
uint8_t out_value[4];
buf_set_u32(out_value, 0, jtag_info->scann_size, new_scan_chain);
struct scan_field field = { .num_bits = jtag_info->scann_size, .out_value = out_value, };
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->scann_instr, NULL, end_state);
if (retval != ERROR_OK)
return retval;
jtag_add_dr_scan(jtag_info->tap,
1,
&field,
end_state);
jtag_info->cur_scan_chain = new_scan_chain;
return retval;
}
static int arm_jtag_reset_callback(enum jtag_event event, void *priv)
{
struct arm_jtag *jtag_info = priv;
if (event == JTAG_TRST_ASSERTED)
jtag_info->cur_scan_chain = 0;
return ERROR_OK;
}
int arm_jtag_setup_connection(struct arm_jtag *jtag_info)
{
jtag_info->scann_instr = 0x2;
jtag_info->cur_scan_chain = 0;
jtag_info->intest_instr = 0xc;
return jtag_register_event_callback(arm_jtag_reset_callback, jtag_info);
}
int arm_jtag_scann_inner(struct arm_jtag *jtag_info, uint32_t new_scan_chain, tap_state_t end_state)
{
int retval = ERROR_OK;
uint32_t values[1];
int num_bits[1];
values[0] = new_scan_chain;
num_bits[0] = jtag_info->scann_size;
retval = arm_jtag_set_instr(jtag_info, jtag_info->scann_instr, NULL, end_state);
if (retval != ERROR_OK)
return retval;
jtag_add_dr_out(jtag_info->tap,
1,
num_bits,
values,
end_state);
jtag_info->cur_scan_chain = new_scan_chain;
return retval;
}
static int jtag_idcode_q_read(struct adiv5_dap *dap,
uint8_t *ack, uint32_t *data)
{
struct arm_jtag *jtag_info = dap->jtag_info;
int retval;
struct scan_field fields[1];
/* This is a standard JTAG operation -- no DAP tweakage */
retval = arm_jtag_set_instr(jtag_info, JTAG_DP_IDCODE, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = (void *) data;
jtag_add_dr_scan(jtag_info->tap, 1, fields, TAP_IDLE);
jtag_add_callback(arm_le_to_h_u32,
(jtag_callback_data_t) data);
return ERROR_OK;
}
int arm_jtag_scann_inner(struct arm_jtag *jtag_info, uint32_t new_scan_chain)
{
int retval = ERROR_OK;
uint32_t values[1];
int num_bits[1];
values[0]=new_scan_chain;
num_bits[0]=jtag_info->scann_size;
if ((retval = arm_jtag_set_instr(jtag_info, jtag_info->scann_instr, NULL)) != ERROR_OK)
{
return retval;
}
jtag_add_dr_out(jtag_info->tap,
1,
num_bits,
values,
jtag_get_end_state());
jtag_info->cur_scan_chain = new_scan_chain;
return retval;
}
/* clock the target, and read the databus
* the *in pointer points to a buffer where elements of 'size' bytes
* are stored in big (be==1) or little (be==0) endianness
*/
int arm9tdmi_clock_data_in_endianness(arm_jtag_t *jtag_info, void *in, int size, int be)
{
scan_field_t fields[3];
jtag_add_end_state(TAP_PD);
arm_jtag_scann(jtag_info, 0x1);
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].device = jtag_info->chain_pos;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
switch (size)
{
case 4:
fields[0].in_handler = (be) ? arm_jtag_buf_to_be32 : arm_jtag_buf_to_le32;
break;
case 2:
fields[0].in_handler = (be) ? arm_jtag_buf_to_be16 : arm_jtag_buf_to_le16;
break;
case 1:
fields[0].in_handler = arm_jtag_buf_to_8;
break;
}
fields[0].in_handler_priv = in;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[1].device = jtag_info->chain_pos;
fields[1].num_bits = 3;
fields[1].out_value = NULL;
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[2].device = jtag_info->chain_pos;
fields[2].num_bits = 32;
fields[2].out_value = NULL;
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
jtag_add_dr_scan(3, fields, -1, NULL);
jtag_add_runtest(0, -1);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
{
jtag_execute_queue();
if (in)
{
DEBUG("in: 0x%8.8x", *in);
}
else
{
ERROR("BUG: called with in == NULL");
}
}
#endif
return ERROR_OK;
}
/* put an instruction in the ARM9TDMI pipeline or write the data bus,
* and optionally read data
*/
int arm9tdmi_clock_out(struct arm_jtag *jtag_info, uint32_t instr,
uint32_t out, uint32_t *in, int sysspeed)
{
int retval = ERROR_OK;
struct scan_field fields[3];
uint8_t out_buf[4];
uint8_t instr_buf[4];
uint8_t sysspeed_buf = 0x0;
/* prepare buffer */
buf_set_u32(out_buf, 0, 32, out);
buf_set_u32(instr_buf, 0, 32, flip_u32(instr, 32));
if (sysspeed)
buf_set_u32(&sysspeed_buf, 2, 1, 1);
retval = arm_jtag_scann(jtag_info, 0x1, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_DRPAUSE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = out_buf;
fields[0].in_value = NULL;
fields[1].num_bits = 3;
fields[1].out_value = &sysspeed_buf;
fields[1].in_value = NULL;
fields[2].num_bits = 32;
fields[2].out_value = instr_buf;
fields[2].in_value = NULL;
if (in) {
fields[0].in_value = (uint8_t *)in;
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_DRPAUSE);
jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)in);
} else
jtag_add_dr_scan(jtag_info->tap, 3, fields, TAP_DRPAUSE);
jtag_add_runtest(0, TAP_DRPAUSE);
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
{
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
if (in)
LOG_DEBUG("instr: 0x%8.8x, out: 0x%8.8x, in: 0x%8.8x", instr, out, *in);
else
LOG_DEBUG("instr: 0x%8.8x, out: 0x%8.8x", instr, out);
}
#endif
return ERROR_OK;
}
static int arm926ejs_cp15_read(struct target *target, uint32_t op1, uint32_t op2,
uint32_t CRn, uint32_t CRm, uint32_t *value)
{
int retval = ERROR_OK;
struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
struct arm_jtag *jtag_info = &arm7_9->jtag_info;
uint32_t address = ARM926EJS_CP15_ADDR(op1, op2, CRn, CRm);
struct scan_field fields[4];
uint8_t address_buf[2] = {0, 0};
uint8_t nr_w_buf = 0;
uint8_t access_t = 1;
buf_set_u32(address_buf, 0, 14, address);
retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].in_value = (uint8_t *)value;
fields[1].num_bits = 1;
fields[1].out_value = &access_t;
fields[1].in_value = &access_t;
fields[2].num_bits = 14;
fields[2].out_value = address_buf;
fields[2].in_value = NULL;
fields[3].num_bits = 1;
fields[3].out_value = &nr_w_buf;
fields[3].in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
int64_t then = timeval_ms();
for (;;) {
/* rescan with NOP, to wait for the access to complete */
access_t = 0;
nr_w_buf = 0;
jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
if (buf_get_u32(&access_t, 0, 1) == 1)
break;
/* 10ms timeout */
if ((timeval_ms()-then) > 10) {
LOG_ERROR("cp15 read operation timed out");
return ERROR_FAIL;
}
}
#ifdef _DEBUG_INSTRUCTION_EXECUTION_
LOG_DEBUG("addr: 0x%x value: %8.8x", address, *value);
#endif
retval = arm_jtag_set_instr(jtag_info->tap, 0xc, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
return ERROR_OK;
}
/**
* Queue a read for an EmbeddedICE register into the register cache,
* optionally checking the value read.
* Note that at this level, all registers are 32 bits wide.
*/
int embeddedice_read_reg_w_check(struct reg *reg,
uint8_t *check_value, uint8_t *check_mask)
{
struct embeddedice_reg *ice_reg = reg->arch_info;
uint8_t reg_addr = ice_reg->addr & 0x1f;
struct scan_field fields[3];
uint8_t field1_out[1];
uint8_t field2_out[1];
int retval;
retval = arm_jtag_scann(ice_reg->jtag_info, 0x2, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
retval = arm_jtag_set_instr(ice_reg->jtag_info->tap,
ice_reg->jtag_info->intest_instr, NULL, TAP_IDLE);
if (retval != ERROR_OK)
return retval;
/* bits 31:0 -- data (ignored here) */
fields[0].num_bits = 32;
fields[0].out_value = reg->value;
fields[0].in_value = NULL;
fields[0].check_value = NULL;
fields[0].check_mask = NULL;
/* bits 36:32 -- register */
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
field1_out[0] = reg_addr;
fields[1].in_value = NULL;
fields[1].check_value = NULL;
fields[1].check_mask = NULL;
/* bit 37 -- 0/read */
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
field2_out[0] = 0;
fields[2].in_value = NULL;
fields[2].check_value = NULL;
fields[2].check_mask = NULL;
/* traverse Update-DR, setting address for the next read */
jtag_add_dr_scan(ice_reg->jtag_info->tap, 3, fields, TAP_IDLE);
/* bits 31:0 -- the data we're reading (and maybe checking) */
fields[0].in_value = reg->value;
fields[0].check_value = check_value;
fields[0].check_mask = check_mask;
/* when reading the DCC data register, leaving the address field set to
* EICE_COMMS_DATA would read the register twice
* reading the control register is safe
*/
field1_out[0] = eice_regs[EICE_COMMS_CTRL].addr;
/* traverse Update-DR, reading but with no other side effects */
jtag_add_dr_scan_check(ice_reg->jtag_info->tap, 3, fields, TAP_IDLE);
return ERROR_OK;
}
/* wait for DCC control register R/W handshake bit to become active
*/
int embeddedice_handshake(arm_jtag_t *jtag_info, int hsbit, u32 timeout)
{
scan_field_t fields[3];
u8 field0_in[4];
u8 field1_out[1];
u8 field2_out[1];
int retval;
int hsact;
struct timeval lap;
struct timeval now;
if (hsbit == EICE_COMM_CTRL_WBIT)
hsact = 1;
else if (hsbit == EICE_COMM_CTRL_RBIT)
hsact = 0;
else
return ERROR_INVALID_ARGUMENTS;
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(jtag_info, 0x2);
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].tap = jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].out_mask = NULL;
fields[0].in_value = field0_in;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[0].in_handler = NULL;
fields[0].in_handler_priv = NULL;
fields[1].tap = jtag_info->tap;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_CTRL]);
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[2].tap = jtag_info->tap;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
buf_set_u32(fields[2].out_value, 0, 1, 0);
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
jtag_add_dr_scan(3, fields, -1);
gettimeofday(&lap, NULL);
do
{
jtag_add_dr_scan(3, fields, -1);
if ((retval = jtag_execute_queue()) != ERROR_OK)
return retval;
if (buf_get_u32(field0_in, hsbit, 1) == hsact)
return ERROR_OK;
gettimeofday(&now, NULL);
}
while ((now.tv_sec-lap.tv_sec)*1000 + (now.tv_usec-lap.tv_usec)/1000 <= timeout);
return ERROR_TARGET_TIMEOUT;
}
/* receive <size> words of 32 bit from the DCC
* we pretend the target is always going to be fast enough
* (relative to the JTAG clock), so we don't need to handshake
*/
int embeddedice_receive(arm_jtag_t *jtag_info, u32 *data, u32 size)
{
scan_field_t fields[3];
u8 field1_out[1];
u8 field2_out[1];
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(jtag_info, 0x2);
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].tap = jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = NULL;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[0].in_handler = NULL;
fields[0].in_handler_priv = NULL;
fields[1].tap = jtag_info->tap;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_DATA]);
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[2].tap = jtag_info->tap;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
buf_set_u32(fields[2].out_value, 0, 1, 0);
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
jtag_add_dr_scan(3, fields, -1);
while (size > 0)
{
/* when reading the last item, set the register address to the DCC control reg,
* to avoid reading additional data from the DCC data reg
*/
if (size == 1)
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_CTRL]);
fields[0].in_handler = arm_jtag_buf_to_u32;
fields[0].in_handler_priv = data;
jtag_add_dr_scan(3, fields, -1);
data++;
size--;
}
return jtag_execute_queue();
}
