1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
26 #include "binarybuffer.h"
30 #ifdef _DEBUG_JTAG_IO_
31 #define DEBUG_JTAG_IO(expr ...) LOG_DEBUG(expr)
33 #define DEBUG_JTAG_IO(expr ...)
36 #ifndef DEBUG_JTAG_IOZ
37 #define DEBUG_JTAG_IOZ 64
40 /*-----<Macros>--------------------------------------------------*/
42 /** When given an array, compute its DIMension, i.e. number of elements in the array */
43 #define DIM(x) (sizeof(x)/sizeof((x)[0]))
45 /** Calculate the number of bytes required to hold @a n TAP scan bits */
46 #define TAP_SCAN_BYTES(n) CEIL(n, 8)
48 /*-----</Macros>-------------------------------------------------*/
53 * Tap states from ARM7TDMI-S Technical reference manual.
54 * Also, validated against several other ARM core technical manuals.
56 * N.B. tap_get_tms_path() was changed to reflect this corrected
57 * numbering and ordering of the TAP states.
59 * DANGER!!!! some interfaces care about the actual numbers used
60 * as they are handed off directly to hardware implementations.
63 typedef enum tap_state
66 /* These are the old numbers. Leave as-is for now... */
67 TAP_RESET
= 0, TAP_IDLE
= 8,
68 TAP_DRSELECT
= 1, TAP_DRCAPTURE
= 2, TAP_DRSHIFT
= 3, TAP_DREXIT1
= 4,
69 TAP_DRPAUSE
= 5, TAP_DREXIT2
= 6, TAP_DRUPDATE
= 7,
70 TAP_IRSELECT
= 9, TAP_IRCAPTURE
= 10, TAP_IRSHIFT
= 11, TAP_IREXIT1
= 12,
71 TAP_IRPAUSE
= 13, TAP_IREXIT2
= 14, TAP_IRUPDATE
= 15,
73 TAP_NUM_STATES
= 16, TAP_INVALID
= -1,
75 /* Proper ARM recommended numbers */
93 TAP_NUM_STATES
= 0x10,
100 * Function tap_state_name
101 * Returns a string suitable for display representing the JTAG tap_state
103 const char* tap_state_name(tap_state_t state
);
105 typedef struct tap_transition_s
111 //extern tap_transition_t tap_transitions[16]; /* describe the TAP state diagram */
115 extern tap_state_t cmd_queue_end_state
; /* finish DR scans in dr_end_state */
116 extern tap_state_t cmd_queue_cur_state
; /* current TAP state */
118 typedef struct scan_field_s
120 jtag_tap_t
* tap
; /* tap pointer this instruction refers to */
121 int num_bits
; /* number of bits this field specifies (up to 32) */
122 u8
* out_value
; /* value to be scanned into the device */
123 u8
* in_value
; /* pointer to a 32-bit memory location to take data scanned out */
125 u8
* check_value
; /* Used together with jtag_add_dr_scan_check() to check data clocked
127 u8
* check_mask
; /* mask to go with check_value */
129 /* internal work space */
130 int allocated
; /* in_value has been allocated for the queue */
131 int modified
; /* did we modify the in_value? */
132 u8 intmp
[4]; /* temporary storage for checking synchronously */
135 #ifdef INCLUDE_JTAG_INTERFACE_H
138 /* IN: from device to host, OUT: from host to device */
139 SCAN_IN
= 1, SCAN_OUT
= 2, SCAN_IO
= 3
142 typedef struct scan_command_s
144 bool ir_scan
; /* instruction/not data scan */
145 int num_fields
; /* number of fields in *fields array */
146 scan_field_t
* fields
; /* pointer to an array of data scan fields */
147 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
150 typedef struct statemove_command_s
152 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
153 } statemove_command_t
;
155 typedef struct pathmove_command_s
157 int num_states
; /* number of states in *path */
158 tap_state_t
* path
; /* states that have to be passed */
159 } pathmove_command_t
;
161 typedef struct runtest_command_s
163 int num_cycles
; /* number of cycles that should be spent in Run-Test/Idle */
164 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
168 typedef struct stableclocks_command_s
170 int num_cycles
; /* number of clock cycles that should be sent */
171 } stableclocks_command_t
;
174 typedef struct reset_command_s
176 int trst
; /* trst/srst 0: deassert, 1: assert, -1: don't change */
180 typedef struct end_state_command_s
182 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
183 } end_state_command_t
;
185 typedef struct sleep_command_s
187 u32 us
; /* number of microseconds to sleep */
190 typedef union jtag_command_container_u
192 scan_command_t
* scan
;
193 statemove_command_t
* statemove
;
194 pathmove_command_t
* pathmove
;
195 runtest_command_t
* runtest
;
196 stableclocks_command_t
* stableclocks
;
197 reset_command_t
* reset
;
198 end_state_command_t
* end_state
;
199 sleep_command_t
* sleep
;
200 } jtag_command_container_t
;
202 enum jtag_command_type
{
209 JTAG_STABLECLOCKS
= 8
212 typedef struct jtag_command_s
214 jtag_command_container_t cmd
;
215 enum jtag_command_type type
;
216 struct jtag_command_s
* next
;
219 extern jtag_command_t
* jtag_command_queue
;
221 extern void* cmd_queue_alloc(size_t size
);
222 extern void cmd_queue_free(void);
224 extern void jtag_queue_command(jtag_command_t
*cmd
);
225 extern void jtag_command_queue_reset(void);
227 #endif // INCLUDE_JTAG_INTERFACE_H
229 /* forward declaration */
230 typedef struct jtag_tap_event_action_s jtag_tap_event_action_t
;
232 /* this is really: typedef jtag_tap_t */
233 /* But - the typedef is done in "types.h" */
234 /* due to "forward decloration reasons" */
239 const char* dotted_name
;
240 int abs_chain_position
;
242 int ir_length
; /* size of instruction register */
243 u32 ir_capture_value
;
244 u8
* expected
; /* Capture-IR expected value */
246 u8
* expected_mask
; /* Capture-IR expected mask */
247 u32 idcode
; /* device identification code */
248 u32
* expected_ids
; /* Array of expected identification codes */
249 u8 expected_ids_cnt
; /* Number of expected identification codes */
250 u8
* cur_instr
; /* current instruction */
251 int bypass
; /* bypass register selected */
253 jtag_tap_event_action_t
* event_action
;
255 jtag_tap_t
* next_tap
;
257 extern jtag_tap_t
* jtag_AllTaps(void);
258 extern jtag_tap_t
* jtag_TapByPosition(int n
);
259 extern jtag_tap_t
* jtag_TapByString(const char* dotted_name
);
260 extern jtag_tap_t
* jtag_TapByJimObj(Jim_Interp
* interp
, Jim_Obj
* obj
);
261 extern jtag_tap_t
* jtag_TapByAbsPosition(int abs_position
);
262 extern int jtag_NumEnabledTaps(void);
263 extern int jtag_NumTotalTaps(void);
265 static __inline__ jtag_tap_t
* jtag_NextEnabledTap(jtag_tap_t
* p
)
269 /* start at the head of list */
274 /* start *after* this one */
293 enum reset_line_mode
{
294 LINE_OPEN_DRAIN
= 0x0,
295 LINE_PUSH_PULL
= 0x1,
302 extern char* jtag_event_strings
[];
304 enum jtag_tap_event
{
305 JTAG_TAP_EVENT_ENABLE
,
306 JTAG_TAP_EVENT_DISABLE
309 extern const Jim_Nvp nvp_jtag_tap_event
[];
311 struct jtag_tap_event_action_s
313 enum jtag_tap_event event
;
315 jtag_tap_event_action_t
* next
;
318 extern int jtag_trst
;
319 extern int jtag_srst
;
321 typedef struct jtag_event_callback_s
323 int (*callback
)(enum jtag_event event
, void* priv
);
325 struct jtag_event_callback_s
* next
;
326 } jtag_event_callback_t
;
328 extern jtag_event_callback_t
* jtag_event_callbacks
;
330 extern int jtag_speed
;
331 extern int jtag_speed_post_reset
;
335 RESET_HAS_TRST
= 0x1,
336 RESET_HAS_SRST
= 0x2,
337 RESET_TRST_AND_SRST
= 0x3,
338 RESET_SRST_PULLS_TRST
= 0x4,
339 RESET_TRST_PULLS_SRST
= 0x8,
340 RESET_TRST_OPEN_DRAIN
= 0x10,
341 RESET_SRST_PUSH_PULL
= 0x20,
344 extern enum reset_types jtag_reset_config
;
346 /* initialize interface upon startup. A successful no-op
347 * upon subsequent invocations
349 extern int jtag_interface_init(struct command_context_s
* cmd_ctx
);
351 /// Shutdown the JTAG interface upon program exit.
352 extern int jtag_interface_quit(void);
354 /* initialize JTAG chain using only a RESET reset. If init fails,
357 extern int jtag_init(struct command_context_s
* cmd_ctx
);
359 /* reset, then initialize JTAG chain */
360 extern int jtag_init_reset(struct command_context_s
* cmd_ctx
);
361 extern int jtag_register_commands(struct command_context_s
* cmd_ctx
);
363 /* JTAG interface, can be implemented with a software or hardware fifo
365 * TAP_DRSHIFT and TAP_IRSHIFT are illegal end states. TAP_DRSHIFT/IRSHIFT as end states
366 * can be emulated by using a larger scan.
368 * Code that is relatively insensitive to the path(as long
369 * as it is JTAG compliant) taken through state machine can use
370 * endstate for jtag_add_xxx_scan(). Otherwise the pause state must be
371 * specified as end state and a subsequent jtag_add_pathmove() must
375 extern void jtag_add_ir_scan(int num_fields
, scan_field_t
* fields
, tap_state_t endstate
);
376 /* same as jtag_add_ir_scan except no verify is performed */
377 extern void jtag_add_ir_scan_noverify(int num_fields
, const scan_field_t
*fields
, tap_state_t state
);
378 extern void jtag_add_dr_scan(int num_fields
, const scan_field_t
* fields
, tap_state_t endstate
);
380 /* set in_value to point to 32 bits of memory to scan into. This function
381 * is a way to handle the case of synchronous and asynchronous
384 * In the event of an asynchronous queue execution the queue buffer
385 * allocation method is used, for the synchronous case the temporary 32 bits come
386 * from the input field itself.
388 extern void jtag_alloc_in_value32(scan_field_t
*field
);
390 /* This version of jtag_add_dr_scan() uses the check_value/mask fields */
391 extern void jtag_add_dr_scan_check(int num_fields
, scan_field_t
* fields
, tap_state_t endstate
);
392 extern void jtag_add_plain_ir_scan(int num_fields
, const scan_field_t
* fields
, tap_state_t endstate
);
393 extern void jtag_add_plain_dr_scan(int num_fields
, const scan_field_t
* fields
, tap_state_t endstate
);
396 /* Simplest/typical callback - do some conversion on the data clocked in.
397 * This callback is for such conversion that can not fail.
398 * For conversion types or checks that can
399 * fail, use the jtag_callback_t variant */
400 typedef void (*jtag_callback1_t
)(u8
*in
);
402 /* A simpler version of jtag_add_callback4 */
403 extern void jtag_add_callback(jtag_callback1_t
, u8
*in
);
406 /* This type can store an integer safely by a normal cast on 64 and
408 typedef intptr_t jtag_callback_data_t
;
410 /* The generic callback mechanism.
412 * The callback is invoked with three arguments. The first argument is
413 * the pointer to the data clocked in.
415 typedef int (*jtag_callback_t
)(u8
*in
, jtag_callback_data_t data1
, jtag_callback_data_t data2
, jtag_callback_data_t data3
);
418 /* This callback can be executed immediately the queue has been flushed. Note that
419 * the JTAG queue can either be executed synchronously or asynchronously. Typically
420 * for USB the queue is executed asynchronously. For low latency interfaces, the
421 * queue may be executed synchronously.
423 * These callbacks are typically executed *after* the *entire* JTAG queue has been
424 * executed for e.g. USB interfaces.
426 * The callbacks are guaranteeed to be invoked in the order that they were queued.
428 * The strange name is due to C's lack of overloading using function arguments
430 * The callback mechansim is very general and does not really make any assumptions
431 * about what the callback does and what the arguments are.
433 * in - typically used to point to the data to operate on. More often than not
434 * this will be the data clocked in during a shift operation
436 * data1 - an integer that is big enough to be used either as an 'int' or
437 * cast to/from a pointer
439 * data2 - an integer that is big enough to be used either as an 'int' or
440 * cast to/from a pointer
442 * Why stop at 'data2' for arguments? Somewhat historical reasons. This is
443 * sufficient to implement the jtag_check_value_mask(), besides the
444 * line is best drawn somewhere...
446 * If the execution of the queue fails before the callbacks, then the
447 * callbacks may or may not be invoked depending on driver implementation.
449 extern void jtag_add_callback4(jtag_callback_t
, u8
*in
,
450 jtag_callback_data_t data1
, jtag_callback_data_t data2
,
451 jtag_callback_data_t data3
);
454 /* run a TAP_RESET reset. End state is TAP_RESET, regardless
457 extern void jtag_add_tlr(void);
459 /* Application code *must* assume that interfaces will
460 * implement transitions between states with different
461 * paths and path lengths through the state diagram. The
462 * path will vary across interface and also across versions
463 * of the same interface over time. Even if the OpenOCD code
464 * is unchanged, the actual path taken may vary over time
465 * and versions of interface firmware or PCB revisions.
467 * Use jtag_add_pathmove() when specific transition sequences
470 * Do not use jtag_add_pathmove() unless you need to, but do use it
473 * DANGER! If the target is dependent upon a particular sequence
474 * of transitions for things to work correctly(e.g. as a workaround
475 * for an errata that contradicts the JTAG standard), then pathmove
476 * must be used, even if some jtag interfaces happen to use the
477 * desired path. Worse, the jtag interface used for testing a
478 * particular implementation, could happen to use the "desired"
479 * path when transitioning to/from end
482 * A list of unambigious single clock state transitions, not
483 * all drivers can support this, but it is required for e.g.
484 * XScale and Xilinx support
486 * Note! TAP_RESET must not be used in the path!
488 * Note that the first on the list must be reachable
489 * via a single transition from the current state.
491 * All drivers are required to implement jtag_add_pathmove().
492 * However, if the pathmove sequence can not be precisely
493 * executed, an interface_jtag_add_pathmove() or jtag_execute_queue()
494 * must return an error. It is legal, but not recommended, that
495 * a driver returns an error in all cases for a pathmove if it
496 * can only implement a few transitions and therefore
497 * a partial implementation of pathmove would have little practical
500 extern void jtag_add_pathmove(int num_states
, const tap_state_t
* path
);
502 /* go to TAP_IDLE, if we're not already there and cycle
503 * precisely num_cycles in the TAP_IDLE after which move
504 * to the end state, if it is != TAP_IDLE
506 * nb! num_cycles can be 0, in which case the fn will navigate
507 * to endstate via TAP_IDLE
509 extern void jtag_add_runtest(int num_cycles
, tap_state_t endstate
);
511 /* A reset of the TAP state machine can be requested.
513 * Whether tms or trst reset is used depends on the capabilities of
514 * the target and jtag interface(reset_config command configures this).
516 * srst can driver a reset of the TAP state machine and vice
519 * Application code may need to examine value of jtag_reset_config
520 * to determine the proper codepath
522 * DANGER! Even though srst drives trst, trst might not be connected to
523 * the interface, and it might actually be *harmful* to assert trst in this case.
525 * This is why combinations such as "reset_config srst_only srst_pulls_trst"
528 * only req_tlr_or_trst and srst can have a transition for a
529 * call as the effects of transitioning both at the "same time"
530 * are undefined, but when srst_pulls_trst or vice versa,
531 * then trst & srst *must* be asserted together.
533 extern void jtag_add_reset(int req_tlr_or_trst
, int srst
);
535 extern void jtag_add_end_state(tap_state_t endstate
);
536 extern void jtag_add_sleep(u32 us
);
540 * Function jtag_add_stable_clocks
541 * first checks that the state in which the clocks are to be issued is
542 * stable, then queues up clock_count clocks for transmission.
544 void jtag_add_clocks(int num_cycles
);
548 * For software FIFO implementations, the queued commands can be executed
549 * during this call or earlier. A sw queue might decide to push out
550 * some of the jtag_add_xxx() operations once the queue is "big enough".
552 * This fn will return an error code if any of the prior jtag_add_xxx()
553 * calls caused a failure, e.g. check failure. Note that it does not
554 * matter if the operation was executed *before* jtag_execute_queue(),
555 * jtag_execute_queue() will still return an error code.
557 * All jtag_add_xxx() calls that have in_handler!=NULL will have been
558 * executed when this fn returns, but if what has been queued only
559 * clocks data out, without reading anything back, then JTAG could
560 * be running *after* jtag_execute_queue() returns. The API does
561 * not define a way to flush a hw FIFO that runs *after*
562 * jtag_execute_queue() returns.
564 * jtag_add_xxx() commands can either be executed immediately or
565 * at some time between the jtag_add_xxx() fn call and jtag_execute_queue().
567 extern int jtag_execute_queue(void);
569 /* same as jtag_execute_queue() but does not clear the error flag */
570 extern void jtag_execute_queue_noclear(void);
572 /* this flag is set when an error occurs while executing the queue. cleared
573 * by jtag_execute_queue()
575 * this flag can also be set from application code if some error happens
576 * during processing that should be reported during jtag_execute_queue().
578 extern int jtag_error
;
580 static __inline__
void jtag_set_error(int error
)
582 if ((error
==ERROR_OK
)||(jtag_error
!=ERROR_OK
))
584 /* keep first error */
592 /* can be implemented by hw+sw */
593 extern int jtag_power_dropout(int* dropout
);
594 extern int jtag_srst_asserted(int* srst_asserted
);
596 /* JTAG support functions */
598 /* execute jtag queue and check value and use mask if mask is != NULL. invokes
599 * jtag_set_error() with any error. */
600 extern void jtag_check_value_mask(scan_field_t
*field
, u8
*value
, u8
*mask
);
602 #ifdef INCLUDE_JTAG_INTERFACE_H
603 extern enum scan_type
jtag_scan_type(const scan_command_t
* cmd
);
604 extern int jtag_scan_size(const scan_command_t
* cmd
);
605 extern int jtag_read_buffer(u8
* buffer
, const scan_command_t
* cmd
);
606 extern int jtag_build_buffer(const scan_command_t
* cmd
, u8
** buffer
);
607 #endif // INCLUDE_JTAG_INTERFACE_H
609 extern void jtag_sleep(u32 us
);
610 extern int jtag_call_event_callbacks(enum jtag_event event
);
611 extern int jtag_register_event_callback(int (* callback
)(enum jtag_event event
, void* priv
), void* priv
);
613 extern int jtag_verify_capture_ir
;
615 void jtag_tap_handle_event(jtag_tap_t
* tap
, enum jtag_tap_event e
);
618 * JTAG subsystem uses codes between -100 and -199 */
620 #define ERROR_JTAG_INIT_FAILED (-100)
621 #define ERROR_JTAG_INVALID_INTERFACE (-101)
622 #define ERROR_JTAG_NOT_IMPLEMENTED (-102)
623 #define ERROR_JTAG_TRST_ASSERTED (-103)
624 #define ERROR_JTAG_QUEUE_FAILED (-104)
625 #define ERROR_JTAG_NOT_STABLE_STATE (-105)
626 #define ERROR_JTAG_DEVICE_ERROR (-107)
628 /* jtag_add_dr_out() is a version of jtag_add_dr_scan() which
629 * only scans data out. It operates on 32 bit integers instead
630 * of 8 bit, which makes it a better impedance match with
631 * the calling code which often operate on 32 bit integers.
633 * Current or end_state can not be TAP_RESET. end_state can be TAP_INVALID
635 * num_bits[i] is the number of bits to clock out from value[i] LSB first.
637 * If the device is in bypass, then that is an error condition in
638 * the caller code that is not detected by this fn, whereas jtag_add_dr_scan()
639 * does detect it. Similarly if the device is not in bypass, data must
642 * If anything fails, then jtag_error will be set and jtag_execute() will
643 * return an error. There is no way to determine if there was a failure
644 * during this function call.
646 * This is an inline fn to speed up embedded hosts. Also note that
647 * interface_jtag_add_dr_out() can be a *small* inline function for
650 * There is no jtag_add_dr_outin() version of this fn that also allows
651 * clocking data back in. Patches gladly accepted!
653 extern void jtag_add_dr_out(jtag_tap_t
* tap
,
654 int num_fields
, const int* num_bits
, const u32
* value
,
655 tap_state_t end_state
);
659 * Function jtag_add_statemove
660 * moves from the current state to the goal \a state. This needs
661 * to be handled according to the xsvf spec, see the XSTATE command
664 extern int jtag_add_statemove(tap_state_t goal_state
);
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)