1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * This program is free software; you can redistribute it and/or modify *
9 * it under the terms of the GNU General Public License as published by *
10 * the Free Software Foundation; either version 2 of the License, or *
11 * (at your option) any later version. *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the *
20 * Free Software Foundation, Inc., *
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
22 ***************************************************************************/
26 #include "binarybuffer.h"
30 #ifdef _DEBUG_JTAG_IO_
31 #define DEBUG_JTAG_IO(expr ...) LOG_DEBUG(expr)
33 #define DEBUG_JTAG_IO(expr ...)
36 #ifndef DEBUG_JTAG_IOZ
37 #define DEBUG_JTAG_IOZ 64
40 /*-----<Macros>--------------------------------------------------*/
42 /** When given an array, compute its DIMension, i.e. number of elements in the array */
43 #define DIM(x) (sizeof(x)/sizeof((x)[0]))
45 /** Calculate the number of bytes required to hold @a n TAP scan bits */
46 #define TAP_SCAN_BYTES(n) CEIL(n, 8)
48 /*-----</Macros>-------------------------------------------------*/
53 * Tap states from ARM7TDMI-S Technical reference manual.
54 * Also, validated against several other ARM core technical manuals.
56 * N.B. tap_get_tms_path() was changed to reflect this corrected
57 * numbering and ordering of the TAP states.
59 * DANGER!!!! some interfaces care about the actual numbers used
60 * as they are handed off directly to hardware implementations.
63 typedef enum tap_state
66 /* These are the old numbers. Leave as-is for now... */
67 TAP_RESET
= 0, TAP_IDLE
= 8,
68 TAP_DRSELECT
= 1, TAP_DRCAPTURE
= 2, TAP_DRSHIFT
= 3, TAP_DREXIT1
= 4,
69 TAP_DRPAUSE
= 5, TAP_DREXIT2
= 6, TAP_DRUPDATE
= 7,
70 TAP_IRSELECT
= 9, TAP_IRCAPTURE
= 10, TAP_IRSHIFT
= 11, TAP_IREXIT1
= 12,
71 TAP_IRPAUSE
= 13, TAP_IREXIT2
= 14, TAP_IRUPDATE
= 15,
73 TAP_NUM_STATES
= 16, TAP_INVALID
= -1,
75 /* Proper ARM recommended numbers */
93 TAP_NUM_STATES
= 0x10,
100 * Function tap_state_name
101 * Returns a string suitable for display representing the JTAG tap_state
103 const char* tap_state_name(tap_state_t state
);
106 extern tap_state_t cmd_queue_end_state
; /* finish DR scans in dr_end_state */
107 extern tap_state_t cmd_queue_cur_state
; /* current TAP state */
109 typedef struct scan_field_s
111 jtag_tap_t
* tap
; /* tap pointer this instruction refers to */
112 int num_bits
; /* number of bits this field specifies (up to 32) */
113 u8
* out_value
; /* value to be scanned into the device */
114 u8
* in_value
; /* pointer to a 32-bit memory location to take data scanned out */
116 u8
* check_value
; /* Used together with jtag_add_dr_scan_check() to check data clocked
118 u8
* check_mask
; /* mask to go with check_value */
120 /* internal work space */
121 int allocated
; /* in_value has been allocated for the queue */
122 int modified
; /* did we modify the in_value? */
123 u8 intmp
[4]; /* temporary storage for checking synchronously */
126 #ifdef INCLUDE_JTAG_INTERFACE_H
129 /* IN: from device to host, OUT: from host to device */
130 SCAN_IN
= 1, SCAN_OUT
= 2, SCAN_IO
= 3
133 typedef struct scan_command_s
135 bool ir_scan
; /* instruction/not data scan */
136 int num_fields
; /* number of fields in *fields array */
137 scan_field_t
* fields
; /* pointer to an array of data scan fields */
138 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
141 typedef struct statemove_command_s
143 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
144 } statemove_command_t
;
146 typedef struct pathmove_command_s
148 int num_states
; /* number of states in *path */
149 tap_state_t
* path
; /* states that have to be passed */
150 } pathmove_command_t
;
152 typedef struct runtest_command_s
154 int num_cycles
; /* number of cycles that should be spent in Run-Test/Idle */
155 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
159 typedef struct stableclocks_command_s
161 int num_cycles
; /* number of clock cycles that should be sent */
162 } stableclocks_command_t
;
165 typedef struct reset_command_s
167 int trst
; /* trst/srst 0: deassert, 1: assert, -1: don't change */
171 typedef struct end_state_command_s
173 tap_state_t end_state
; /* TAP state in which JTAG commands should finish */
174 } end_state_command_t
;
176 typedef struct sleep_command_s
178 u32 us
; /* number of microseconds to sleep */
181 typedef union jtag_command_container_u
183 scan_command_t
* scan
;
184 statemove_command_t
* statemove
;
185 pathmove_command_t
* pathmove
;
186 runtest_command_t
* runtest
;
187 stableclocks_command_t
* stableclocks
;
188 reset_command_t
* reset
;
189 end_state_command_t
* end_state
;
190 sleep_command_t
* sleep
;
191 } jtag_command_container_t
;
193 enum jtag_command_type
{
200 JTAG_STABLECLOCKS
= 8
203 typedef struct jtag_command_s
205 jtag_command_container_t cmd
;
206 enum jtag_command_type type
;
207 struct jtag_command_s
* next
;
210 extern jtag_command_t
* jtag_command_queue
;
212 extern void* cmd_queue_alloc(size_t size
);
213 extern void cmd_queue_free(void);
215 extern void jtag_queue_command(jtag_command_t
*cmd
);
216 extern void jtag_command_queue_reset(void);
218 #endif // INCLUDE_JTAG_INTERFACE_H
220 /* forward declaration */
221 typedef struct jtag_tap_event_action_s jtag_tap_event_action_t
;
223 /* this is really: typedef jtag_tap_t */
224 /* But - the typedef is done in "types.h" */
225 /* due to "forward decloration reasons" */
230 const char* dotted_name
;
231 int abs_chain_position
;
233 int ir_length
; /* size of instruction register */
234 u32 ir_capture_value
;
235 u8
* expected
; /* Capture-IR expected value */
237 u8
* expected_mask
; /* Capture-IR expected mask */
238 u32 idcode
; /* device identification code */
239 u32
* expected_ids
; /* Array of expected identification codes */
240 u8 expected_ids_cnt
; /* Number of expected identification codes */
241 u8
* cur_instr
; /* current instruction */
242 int bypass
; /* bypass register selected */
244 jtag_tap_event_action_t
* event_action
;
246 jtag_tap_t
* next_tap
;
248 extern jtag_tap_t
* jtag_AllTaps(void);
249 extern jtag_tap_t
* jtag_TapByPosition(int n
);
250 extern jtag_tap_t
* jtag_TapByString(const char* dotted_name
);
251 extern jtag_tap_t
* jtag_TapByJimObj(Jim_Interp
* interp
, Jim_Obj
* obj
);
252 extern jtag_tap_t
* jtag_TapByAbsPosition(int abs_position
);
253 extern int jtag_NumEnabledTaps(void);
254 extern int jtag_NumTotalTaps(void);
256 static __inline__ jtag_tap_t
* jtag_NextEnabledTap(jtag_tap_t
* p
)
260 /* start at the head of list */
265 /* start *after* this one */
284 enum reset_line_mode
{
285 LINE_OPEN_DRAIN
= 0x0,
286 LINE_PUSH_PULL
= 0x1,
293 extern char* jtag_event_strings
[];
295 enum jtag_tap_event
{
296 JTAG_TAP_EVENT_ENABLE
,
297 JTAG_TAP_EVENT_DISABLE
300 extern const Jim_Nvp nvp_jtag_tap_event
[];
302 struct jtag_tap_event_action_s
304 enum jtag_tap_event event
;
306 jtag_tap_event_action_t
* next
;
309 extern int jtag_trst
;
310 extern int jtag_srst
;
312 typedef struct jtag_event_callback_s
314 int (*callback
)(enum jtag_event event
, void* priv
);
316 struct jtag_event_callback_s
* next
;
317 } jtag_event_callback_t
;
319 extern jtag_event_callback_t
* jtag_event_callbacks
;
321 extern int jtag_speed
;
322 extern int jtag_speed_post_reset
;
326 RESET_HAS_TRST
= 0x1,
327 RESET_HAS_SRST
= 0x2,
328 RESET_TRST_AND_SRST
= 0x3,
329 RESET_SRST_PULLS_TRST
= 0x4,
330 RESET_TRST_PULLS_SRST
= 0x8,
331 RESET_TRST_OPEN_DRAIN
= 0x10,
332 RESET_SRST_PUSH_PULL
= 0x20,
335 extern enum reset_types jtag_reset_config
;
337 /* initialize interface upon startup. A successful no-op
338 * upon subsequent invocations
340 extern int jtag_interface_init(struct command_context_s
* cmd_ctx
);
342 /// Shutdown the JTAG interface upon program exit.
343 extern int jtag_interface_quit(void);
345 /* initialize JTAG chain using only a RESET reset. If init fails,
348 extern int jtag_init(struct command_context_s
* cmd_ctx
);
350 /* reset, then initialize JTAG chain */
351 extern int jtag_init_reset(struct command_context_s
* cmd_ctx
);
352 extern int jtag_register_commands(struct command_context_s
* cmd_ctx
);
354 /* JTAG interface, can be implemented with a software or hardware fifo
356 * TAP_DRSHIFT and TAP_IRSHIFT are illegal end states. TAP_DRSHIFT/IRSHIFT as end states
357 * can be emulated by using a larger scan.
359 * Code that is relatively insensitive to the path(as long
360 * as it is JTAG compliant) taken through state machine can use
361 * endstate for jtag_add_xxx_scan(). Otherwise the pause state must be
362 * specified as end state and a subsequent jtag_add_pathmove() must
366 extern void jtag_add_ir_scan(int num_fields
, scan_field_t
* fields
, tap_state_t endstate
);
367 /* same as jtag_add_ir_scan except no verify is performed */
368 extern void jtag_add_ir_scan_noverify(int num_fields
, const scan_field_t
*fields
, tap_state_t state
);
369 extern void jtag_add_dr_scan(int num_fields
, const scan_field_t
* fields
, tap_state_t endstate
);
371 /* set in_value to point to 32 bits of memory to scan into. This function
372 * is a way to handle the case of synchronous and asynchronous
375 * In the event of an asynchronous queue execution the queue buffer
376 * allocation method is used, for the synchronous case the temporary 32 bits come
377 * from the input field itself.
379 extern void jtag_alloc_in_value32(scan_field_t
*field
);
381 /* This version of jtag_add_dr_scan() uses the check_value/mask fields */
382 extern void jtag_add_dr_scan_check(int num_fields
, scan_field_t
* fields
, tap_state_t endstate
);
383 extern void jtag_add_plain_ir_scan(int num_fields
, const scan_field_t
* fields
, tap_state_t endstate
);
384 extern void jtag_add_plain_dr_scan(int num_fields
, const scan_field_t
* fields
, tap_state_t endstate
);
387 /* Simplest/typical callback - do some conversion on the data clocked in.
388 * This callback is for such conversion that can not fail.
389 * For conversion types or checks that can
390 * fail, use the jtag_callback_t variant */
391 typedef void (*jtag_callback1_t
)(u8
*in
);
393 /* A simpler version of jtag_add_callback4 */
394 extern void jtag_add_callback(jtag_callback1_t
, u8
*in
);
397 /* This type can store an integer safely by a normal cast on 64 and
399 typedef intptr_t jtag_callback_data_t
;
401 /* The generic callback mechanism.
403 * The callback is invoked with three arguments. The first argument is
404 * the pointer to the data clocked in.
406 typedef int (*jtag_callback_t
)(u8
*in
, jtag_callback_data_t data1
, jtag_callback_data_t data2
, jtag_callback_data_t data3
);
409 /* This callback can be executed immediately the queue has been flushed. Note that
410 * the JTAG queue can either be executed synchronously or asynchronously. Typically
411 * for USB the queue is executed asynchronously. For low latency interfaces, the
412 * queue may be executed synchronously.
414 * These callbacks are typically executed *after* the *entire* JTAG queue has been
415 * executed for e.g. USB interfaces.
417 * The callbacks are guaranteeed to be invoked in the order that they were queued.
419 * The strange name is due to C's lack of overloading using function arguments
421 * The callback mechansim is very general and does not really make any assumptions
422 * about what the callback does and what the arguments are.
424 * in - typically used to point to the data to operate on. More often than not
425 * this will be the data clocked in during a shift operation
427 * data1 - an integer that is big enough to be used either as an 'int' or
428 * cast to/from a pointer
430 * data2 - an integer that is big enough to be used either as an 'int' or
431 * cast to/from a pointer
433 * Why stop at 'data2' for arguments? Somewhat historical reasons. This is
434 * sufficient to implement the jtag_check_value_mask(), besides the
435 * line is best drawn somewhere...
437 * If the execution of the queue fails before the callbacks, then the
438 * callbacks may or may not be invoked depending on driver implementation.
440 extern void jtag_add_callback4(jtag_callback_t
, u8
*in
,
441 jtag_callback_data_t data1
, jtag_callback_data_t data2
,
442 jtag_callback_data_t data3
);
445 /* run a TAP_RESET reset. End state is TAP_RESET, regardless
448 extern void jtag_add_tlr(void);
450 /* Application code *must* assume that interfaces will
451 * implement transitions between states with different
452 * paths and path lengths through the state diagram. The
453 * path will vary across interface and also across versions
454 * of the same interface over time. Even if the OpenOCD code
455 * is unchanged, the actual path taken may vary over time
456 * and versions of interface firmware or PCB revisions.
458 * Use jtag_add_pathmove() when specific transition sequences
461 * Do not use jtag_add_pathmove() unless you need to, but do use it
464 * DANGER! If the target is dependent upon a particular sequence
465 * of transitions for things to work correctly(e.g. as a workaround
466 * for an errata that contradicts the JTAG standard), then pathmove
467 * must be used, even if some jtag interfaces happen to use the
468 * desired path. Worse, the jtag interface used for testing a
469 * particular implementation, could happen to use the "desired"
470 * path when transitioning to/from end
473 * A list of unambigious single clock state transitions, not
474 * all drivers can support this, but it is required for e.g.
475 * XScale and Xilinx support
477 * Note! TAP_RESET must not be used in the path!
479 * Note that the first on the list must be reachable
480 * via a single transition from the current state.
482 * All drivers are required to implement jtag_add_pathmove().
483 * However, if the pathmove sequence can not be precisely
484 * executed, an interface_jtag_add_pathmove() or jtag_execute_queue()
485 * must return an error. It is legal, but not recommended, that
486 * a driver returns an error in all cases for a pathmove if it
487 * can only implement a few transitions and therefore
488 * a partial implementation of pathmove would have little practical
491 extern void jtag_add_pathmove(int num_states
, const tap_state_t
* path
);
493 /* go to TAP_IDLE, if we're not already there and cycle
494 * precisely num_cycles in the TAP_IDLE after which move
495 * to the end state, if it is != TAP_IDLE
497 * nb! num_cycles can be 0, in which case the fn will navigate
498 * to endstate via TAP_IDLE
500 extern void jtag_add_runtest(int num_cycles
, tap_state_t endstate
);
502 /* A reset of the TAP state machine can be requested.
504 * Whether tms or trst reset is used depends on the capabilities of
505 * the target and jtag interface(reset_config command configures this).
507 * srst can driver a reset of the TAP state machine and vice
510 * Application code may need to examine value of jtag_reset_config
511 * to determine the proper codepath
513 * DANGER! Even though srst drives trst, trst might not be connected to
514 * the interface, and it might actually be *harmful* to assert trst in this case.
516 * This is why combinations such as "reset_config srst_only srst_pulls_trst"
519 * only req_tlr_or_trst and srst can have a transition for a
520 * call as the effects of transitioning both at the "same time"
521 * are undefined, but when srst_pulls_trst or vice versa,
522 * then trst & srst *must* be asserted together.
524 extern void jtag_add_reset(int req_tlr_or_trst
, int srst
);
526 extern void jtag_add_end_state(tap_state_t endstate
);
527 extern void jtag_add_sleep(u32 us
);
531 * Function jtag_add_stable_clocks
532 * first checks that the state in which the clocks are to be issued is
533 * stable, then queues up clock_count clocks for transmission.
535 void jtag_add_clocks(int num_cycles
);
539 * For software FIFO implementations, the queued commands can be executed
540 * during this call or earlier. A sw queue might decide to push out
541 * some of the jtag_add_xxx() operations once the queue is "big enough".
543 * This fn will return an error code if any of the prior jtag_add_xxx()
544 * calls caused a failure, e.g. check failure. Note that it does not
545 * matter if the operation was executed *before* jtag_execute_queue(),
546 * jtag_execute_queue() will still return an error code.
548 * All jtag_add_xxx() calls that have in_handler!=NULL will have been
549 * executed when this fn returns, but if what has been queued only
550 * clocks data out, without reading anything back, then JTAG could
551 * be running *after* jtag_execute_queue() returns. The API does
552 * not define a way to flush a hw FIFO that runs *after*
553 * jtag_execute_queue() returns.
555 * jtag_add_xxx() commands can either be executed immediately or
556 * at some time between the jtag_add_xxx() fn call and jtag_execute_queue().
558 extern int jtag_execute_queue(void);
560 /* same as jtag_execute_queue() but does not clear the error flag */
561 extern void jtag_execute_queue_noclear(void);
563 /* this flag is set when an error occurs while executing the queue. cleared
564 * by jtag_execute_queue()
566 * this flag can also be set from application code if some error happens
567 * during processing that should be reported during jtag_execute_queue().
569 extern int jtag_error
;
571 static __inline__
void jtag_set_error(int error
)
573 if ((error
==ERROR_OK
)||(jtag_error
!=ERROR_OK
))
575 /* keep first error */
583 /* can be implemented by hw+sw */
584 extern int jtag_power_dropout(int* dropout
);
585 extern int jtag_srst_asserted(int* srst_asserted
);
587 /* JTAG support functions */
589 /* execute jtag queue and check value and use mask if mask is != NULL. invokes
590 * jtag_set_error() with any error. */
591 extern void jtag_check_value_mask(scan_field_t
*field
, u8
*value
, u8
*mask
);
593 #ifdef INCLUDE_JTAG_INTERFACE_H
594 extern enum scan_type
jtag_scan_type(const scan_command_t
* cmd
);
595 extern int jtag_scan_size(const scan_command_t
* cmd
);
596 extern int jtag_read_buffer(u8
* buffer
, const scan_command_t
* cmd
);
597 extern int jtag_build_buffer(const scan_command_t
* cmd
, u8
** buffer
);
598 #endif // INCLUDE_JTAG_INTERFACE_H
600 extern void jtag_sleep(u32 us
);
601 extern int jtag_call_event_callbacks(enum jtag_event event
);
602 extern int jtag_register_event_callback(int (* callback
)(enum jtag_event event
, void* priv
), void* priv
);
604 extern int jtag_verify_capture_ir
;
606 void jtag_tap_handle_event(jtag_tap_t
* tap
, enum jtag_tap_event e
);
609 * JTAG subsystem uses codes between -100 and -199 */
611 #define ERROR_JTAG_INIT_FAILED (-100)
612 #define ERROR_JTAG_INVALID_INTERFACE (-101)
613 #define ERROR_JTAG_NOT_IMPLEMENTED (-102)
614 #define ERROR_JTAG_TRST_ASSERTED (-103)
615 #define ERROR_JTAG_QUEUE_FAILED (-104)
616 #define ERROR_JTAG_NOT_STABLE_STATE (-105)
617 #define ERROR_JTAG_DEVICE_ERROR (-107)
619 /* jtag_add_dr_out() is a version of jtag_add_dr_scan() which
620 * only scans data out. It operates on 32 bit integers instead
621 * of 8 bit, which makes it a better impedance match with
622 * the calling code which often operate on 32 bit integers.
624 * Current or end_state can not be TAP_RESET. end_state can be TAP_INVALID
626 * num_bits[i] is the number of bits to clock out from value[i] LSB first.
628 * If the device is in bypass, then that is an error condition in
629 * the caller code that is not detected by this fn, whereas jtag_add_dr_scan()
630 * does detect it. Similarly if the device is not in bypass, data must
633 * If anything fails, then jtag_error will be set and jtag_execute() will
634 * return an error. There is no way to determine if there was a failure
635 * during this function call.
637 * This is an inline fn to speed up embedded hosts. Also note that
638 * interface_jtag_add_dr_out() can be a *small* inline function for
641 * There is no jtag_add_dr_outin() version of this fn that also allows
642 * clocking data back in. Patches gladly accepted!
644 extern void jtag_add_dr_out(jtag_tap_t
* tap
,
645 int num_fields
, const int* num_bits
, const u32
* value
,
646 tap_state_t end_state
);
650 * Function jtag_add_statemove
651 * moves from the current state to the goal \a state. This needs
652 * to be handled according to the xsvf spec, see the XSTATE command
655 extern int jtag_add_statemove(tap_state_t goal_state
);
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)