1 /*
2 * ARM9TDMI core bus driver
3 * Copyright (C) 2003, Rongkai zhan <zhanrk@163.com>
4 * Copyright (C) 2009, Jochen Friedrich <jochen@scram.de>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 * 02111-1307, USA.
20 *
21 */
22
23 #define ARM9DEBUG 0
24
25 #include <sysdep.h>
26
27 #include <stdlib.h>
28 #include <stdint.h>
29 #include <string.h>
30 #include <unistd.h>
31
32 #include <urjtag/part.h>
33 #include <urjtag/bus.h>
34 #include <urjtag/chain.h>
35 #include <urjtag/bssignal.h>
36 #include <urjtag/tap_state.h>
37 #include <urjtag/tap_register.h>
38 #include <urjtag/data_register.h>
39
40 #include "buses.h"
41 #include "generic_bus.h"
42
43 typedef struct
44 {
45 uint32_t chain; /* Chain number */
46 } bus_params_t;
47
48 #define BP ((bus_params_t *) bus->params)
49
50 #define ARM9TDMI_ICE_DBGCTL 0x00
51 #define ARM9TDMI_ICE_DBGSTAT 0x01
52
53 #define DEBUG_SPEED 0
54 #define SYSTEM_SPEED 1
55
56 #define ARM_NOP 0xE1A00000
57
58 static urj_data_register_t *scann = NULL;
59 static urj_data_register_t *scan1 = NULL;
60 static urj_data_register_t *scan2 = NULL;
61
62 static uint32_t _data_read;
63
64 /**
65 * bus->driver->(*new_bus)
66 *
67 */
68 static urj_bus_t *
arm9tdmi_bus_new(urj_chain_t * chain,const urj_bus_driver_t * driver,const urj_param_t * cmd_params[])69 arm9tdmi_bus_new (urj_chain_t *chain, const urj_bus_driver_t *driver,
70 const urj_param_t *cmd_params[])
71 {
72 return urj_bus_generic_new (chain, driver, sizeof (bus_params_t));
73 }
74
75 /**
76 * bus->driver->(*printinfo)
77 *
78 */
79 static void
arm9tdmi_bus_printinfo(urj_log_level_t ll,urj_bus_t * bus)80 arm9tdmi_bus_printinfo (urj_log_level_t ll, urj_bus_t *bus)
81 {
82 int i;
83
84 for (i = 0; i < bus->chain->parts->len; i++)
85 if (bus->part == bus->chain->parts->parts[i])
86 break;
87 urj_log (ll, _("ARM9TDMI compatible bus driver (JTAG part No. %d)\n"),
88 i);
89 }
90
91 /**
92 * helper functions
93 *
94 */
95
96 #if (ARM9DEBUG)
97 static void
arm9tdmi_debug_in_reg(urj_data_register_t * reg)98 arm9tdmi_debug_in_reg(urj_data_register_t *reg)
99 {
100 int i;
101
102 urj_log(URJ_LOG_LEVEL_ALL, "in :");
103 for (i = 0; i < reg->in->len; i++)
104 urj_log(URJ_LOG_LEVEL_ALL, reg->in->data[i]?"1":"0");
105 urj_log(URJ_LOG_LEVEL_ALL, "\n");
106 }
107
108 static void
arm9tdmi_debug_out_reg(urj_data_register_t * reg)109 arm9tdmi_debug_out_reg(urj_data_register_t *reg)
110 {
111 int i;
112
113 urj_log(URJ_LOG_LEVEL_ALL, "out :");
114 for (i = 0; i < reg->out->len; i++)
115 urj_log(URJ_LOG_LEVEL_ALL, reg->out->data[i]?"1":"0");
116 urj_log(URJ_LOG_LEVEL_ALL, "\n");
117 }
118 #endif
119
120 static void
arm9tdmi_exec_instruction(urj_bus_t * bus,unsigned int c1_inst,unsigned int c1_data,unsigned int flags)121 arm9tdmi_exec_instruction(urj_bus_t *bus, unsigned int c1_inst, unsigned int c1_data, unsigned int flags)
122 {
123 int i;
124
125 for (i = 0; i < 32; i++)
126 scan1->in->data[66-i] = (c1_inst >> i) & 1;
127 scan1->in->data[34] = flags;
128 scan1->in->data[33] = 0;
129 scan1->in->data[32] = 0;
130 for (i = 0; i < 32; i++)
131 scan1->in->data[i] = (c1_data >> i) & 1;
132 #if (ARM9DEBUG)
133 arm9tdmi_debug_in_reg(scan1);
134 #endif
135 urj_tap_chain_shift_data_registers (bus->chain, 1);
136 #if (ARM9DEBUG)
137 arm9tdmi_debug_out_reg(scan1);
138 #endif
139 }
140
141 static void
arm9tdmi_select_scanchain(urj_bus_t * bus,unsigned int chain)142 arm9tdmi_select_scanchain(urj_bus_t *bus, unsigned int chain)
143 {
144 int i;
145
146 urj_part_set_instruction (bus->part, "SCAN_N");
147 urj_tap_chain_shift_instructions (bus->chain);
148
149 for (i = 0; i < scann->in->len; i++)
150 scann->in->data[i] = (chain >> i) & 1;
151 urj_tap_chain_shift_data_registers (bus->chain, 0);
152 }
153
154 static void
arm9tdmi_ice_read(urj_bus_t * bus,unsigned int reg_addr,unsigned int * reg_val)155 arm9tdmi_ice_read(urj_bus_t *bus, unsigned int reg_addr, unsigned int *reg_val)
156 {
157 int i;
158
159 for (i = 0; i < 32; i++)
160 scan2->in->data[i] = 0;
161 for (i = 0; i < 5; i++)
162 scan2->in->data[i+32] = (reg_addr >> i) & 1;
163 scan2->in->data[37] = 0;
164 urj_tap_chain_shift_data_registers (bus->chain, 1);
165
166 for (i = 0; i < 32; i++)
167 if (scan2->out->data[i])
168 *reg_val |= (1 << i);
169 }
170
171 static void
arm9tdmi_ice_write(urj_bus_t * bus,unsigned int reg_addr,unsigned int reg_val)172 arm9tdmi_ice_write(urj_bus_t *bus, unsigned int reg_addr, unsigned int reg_val)
173 {
174 int i;
175
176 for (i = 0; i < 32; i++)
177 scan2->in->data[i] = (reg_val >> i) & 1;
178 for (i = 0; i < 5; i++)
179 scan2->in->data[i+32] = (reg_addr >> i) & 1;
180 scan2->in->data[37] = 1;
181 urj_tap_chain_shift_data_registers (bus->chain, 0);
182 }
183
184 /**
185 * low-level memory write
186 *
187 */
188
189 static void
arm9tdmi_write(urj_bus_t * bus,unsigned int addr,unsigned int data,unsigned int sz)190 arm9tdmi_write(urj_bus_t *bus, unsigned int addr, unsigned int data, unsigned int sz)
191 {
192 unsigned int c1_inst, c1_data;
193
194 /*
195 * Load R0 with the address to write.
196 * Load R1 with the data to write.
197 */
198
199 c1_inst = 0xE59F0000; /* LDR R0, [PC] */
200 c1_data = 0;
201 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
202 c1_inst = 0xE59F1000; /* LDR R1, [PC] */
203 c1_data = 0;
204 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
205
206 /* Flush pipeline before SYSTEM_SPEED access */
207
208 c1_inst = ARM_NOP;
209 c1_data = 0;
210 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
211 c1_data = addr;
212 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
213 c1_data = data;
214 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
215 c1_data = 0;
216 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
217
218 if (sz == 32)
219 c1_inst = 0xE5801000; /* STR R1, [R0] */
220
221 else if (sz == 16)
222 c1_inst = 0xE1C010B0; /* STRH R1, [R0] */
223
224 else if (sz == 8)
225 c1_inst = 0xE5C01000; /* STRB R1, [R0] */
226
227 c1_data = 0;
228 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
229
230 /*
231 * Execute instruction at SYSTEM_SPEED as we need to access memory
232 */
233 c1_inst = ARM_NOP;
234 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, SYSTEM_SPEED);
235 urj_tap_chain_flush(bus->chain);
236 /* Write RESTART instruction into the TAP controller.
237 * When the state machine enters the Run-Test/Idle state,
238 * the ARM9TDMI core will revert back to system mode,
239 * and it will resynchronize clock to MCLK.
240 */
241 urj_part_set_instruction (bus->part, "RESTART");
242 urj_tap_chain_shift_instructions (bus->chain);
243
244 /*
245 * Now, the ARM9TDMI core re-entered the debug state.
246 * Before the debug session continues, we must load the
247 * TAP controller with the INTEST instruction. We can use
248 * the instruction "STR R1, [R1]" running at debug-speed to
249 * read out the contents of register R1.
250 */
251
252 urj_part_set_instruction (bus->part, "INTEST1");
253 urj_tap_chain_shift_instructions_mode (bus->chain, 0, 1,
254 URJ_CHAIN_EXITMODE_UPDATE);
255 }
256
257 /**
258 * low level memory read
259 *
260 */
261 static unsigned int
arm9tdmi_read(urj_bus_t * bus,unsigned int addr,unsigned int sz)262 arm9tdmi_read (urj_bus_t *bus, unsigned int addr, unsigned int sz)
263 {
264 unsigned int c1_inst, c1_data, result, i;
265
266 /*
267 * Load R0 with the address to read
268 */
269 c1_inst = 0xE59F0000; /* LDR R0, [PC] */
270 c1_data = 0;
271 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
272 c1_inst = ARM_NOP;
273 c1_data = 0;
274 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
275 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
276 c1_data = addr;
277 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
278 c1_data = 0;
279 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
280
281 if (sz == 32)
282 c1_inst = 0xE5901000; /* LDR R1, [R0] */
283
284 else if (sz == 16)
285 c1_inst = 0xE1D010B0; /* LDRH R1, [R0] */
286
287 else if (sz == 8)
288 c1_inst = 0xE5D01000; /* LDRB R1, [R0] */
289
290 c1_data = 0;
291 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
292
293 /*
294 * Execute instruction at SYSTEM_SPEED as we need to access memory
295 */
296 c1_inst = ARM_NOP;
297 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, SYSTEM_SPEED);
298 urj_tap_chain_flush(bus->chain);
299
300 /* Write RESTART instruction into the TAP controller.
301 * When the state machine enters the Run-Test/Idle state,
302 * the ARM9TDMI core will revert back to system mode,
303 * and it will resynchronize clock to MCLK.
304 */
305 urj_part_set_instruction (bus->part, "RESTART");
306 urj_tap_chain_shift_instructions (bus->chain);
307
308 /*
309 * Now, the ARM9TDMI core re-entered the debug state.
310 * Before the debug session continues, we must load the
311 * TAP controller with the INTEST instruction. We can use
312 * the instruction "STR R1, [PC]" running at debug-speed to
313 * read out the contents of register R1.
314 */
315
316 urj_part_set_instruction (bus->part, "INTEST1");
317 urj_tap_chain_shift_instructions_mode (bus->chain, 0, 1,
318 URJ_CHAIN_EXITMODE_UPDATE);
319
320 c1_inst = 0xE58F1000; /* STR R1, [PC] */
321 c1_data = 0;
322 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
323 c1_inst = ARM_NOP;
324 c1_data = 0;
325 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
326 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
327 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
328
329 result = 0;
330 for (i = 0; i < 32; i++)
331 {
332 if (scan1->out->data[i])
333 result |= (1 << i);
334 }
335 arm9tdmi_exec_instruction(bus, c1_inst, c1_data, DEBUG_SPEED);
336 return result;
337 }
338
339 /**
340 * bus->driver->(*initbus)
341 *
342 */
343 static int
arm9tdmi_bus_init(urj_bus_t * bus)344 arm9tdmi_bus_init (urj_bus_t *bus)
345 {
346 unsigned int i, status, success;
347
348 if (urj_tap_state (bus->chain) != URJ_TAP_STATE_RUN_TEST_IDLE)
349 {
350 /* silently skip initialization if TAP isn't in RUNTEST/IDLE state
351 this is required to avoid interfering with detect when initbus
352 is contained in the part description file
353 URJ_BUS_INIT() will be called latest by URJ_BUS_PREPARE() */
354 return URJ_STATUS_OK;
355 }
356
357 if (scann == NULL)
358 scann = urj_part_find_data_register (bus->part, "SCANN");
359 if (scan1 == NULL)
360 scan1 = urj_part_find_data_register (bus->part, "SCAN1");
361 if (scan2 == NULL)
362 scan2 = urj_part_find_data_register (bus->part, "SCAN2");
363
364 if (!(scann))
365 {
366 urj_error_set (URJ_ERROR_NOTFOUND,
367 _("SCANN register"));
368 return URJ_STATUS_FAIL;
369 }
370 if (!(scan1))
371 {
372 urj_error_set (URJ_ERROR_NOTFOUND,
373 _("SCAN1 register"));
374 return URJ_STATUS_FAIL;
375 }
376 if (!(scan2))
377 {
378 urj_error_set (URJ_ERROR_NOTFOUND,
379 _("SCAN2 register"));
380 return URJ_STATUS_FAIL;
381 }
382
383 /*
384 * select scan chain 2 -- EmbeddedICE-RT
385 */
386 arm9tdmi_select_scanchain(bus, 2);
387
388 urj_part_set_instruction (bus->part, "INTEST2");
389 urj_tap_chain_shift_instructions (bus->chain);
390
391 arm9tdmi_ice_write(bus, ARM9TDMI_ICE_DBGCTL, 0x3);
392
393 urj_part_set_instruction (bus->part, "RESTART");
394 urj_tap_chain_shift_instructions (bus->chain);
395
396 i = 0;
397 success = 0;
398 status = 0;
399
400 while (i++ < 10) {
401 urj_part_set_instruction (bus->part, "INTEST2");
402 urj_tap_chain_shift_instructions (bus->chain);
403
404 arm9tdmi_ice_read(bus, ARM9TDMI_ICE_DBGSTAT, &status);
405
406 if (status & 0x01) {
407 success = 1;
408 break;
409 }
410 urj_part_set_instruction (bus->part, "RESTART");
411 urj_tap_chain_shift_instructions (bus->chain);
412 usleep(100);
413 }
414
415 if (!success)
416 {
417 urj_error_set (URJ_ERROR_TIMEOUT,
418 _("Failed to enter debug mode, ctrl=%s"),
419 urj_tap_register_get_string (scan2->out));
420 return URJ_STATUS_FAIL;
421 }
422
423 arm9tdmi_ice_write(bus, ARM9TDMI_ICE_DBGCTL, 0x00);
424 urj_log (URJ_LOG_LEVEL_NORMAL, _("The target is halted in "));
425 if (status & 0x10)
426 urj_log (URJ_LOG_LEVEL_NORMAL, _("THUMB mode.\n"));
427 else
428 urj_log (URJ_LOG_LEVEL_NORMAL, _("ARM mode.\n"));
429
430 /* select scan chain 1, and use INTEST instruction */
431 arm9tdmi_select_scanchain(bus, 1);
432
433 urj_part_set_instruction (bus->part, "INTEST1");
434 urj_tap_chain_shift_instructions_mode (bus->chain, 0, 1,
435 URJ_CHAIN_EXITMODE_UPDATE);
436
437 bus->initialized = 1;
438 return URJ_STATUS_OK;
439 }
440
441 /**
442 * bus->driver->(*prepare)
443 *
444 */
445 static void
arm9tdmi_bus_prepare(urj_bus_t * bus)446 arm9tdmi_bus_prepare (urj_bus_t *bus)
447 {
448 if (!bus->initialized)
449 URJ_BUS_INIT (bus);
450 }
451
452 /**
453 * bus->driver->(*area)
454 *
455 */
456 static int
arm9tdmi_bus_area(urj_bus_t * bus,uint32_t adr,urj_bus_area_t * area)457 arm9tdmi_bus_area (urj_bus_t *bus, uint32_t adr, urj_bus_area_t *area)
458 {
459
460 if (adr < UINT32_C (0xF0000000))
461 {
462 area->description = "USEG : User addresses";
463 area->start = UINT32_C (0x00000000);
464 area->length = UINT64_C (0xF0000000);
465 area->width = 32;
466 }
467 else
468 {
469 area->description = "FLASH : Addresses in flash (boot=0xffff0000)";
470 area->start = UINT32_C (0xF0000000);
471 area->length = UINT64_C (0x10000000);
472 area->width = 16;
473 }
474 return URJ_STATUS_OK;
475 }
476
477 static int
get_sz(uint32_t adr)478 get_sz (uint32_t adr)
479 {
480 urj_bus_area_t area;
481
482 arm9tdmi_bus_area (NULL, adr, &area);
483
484 return area.width;
485 }
486
487 /**
488 * bus->driver->(*write)
489 *
490 */
491 static void
arm9tdmi_bus_write(urj_bus_t * bus,uint32_t adr,uint32_t data)492 arm9tdmi_bus_write (urj_bus_t *bus, uint32_t adr, uint32_t data)
493 {
494 urj_log (URJ_LOG_LEVEL_ALL, "%s:adr=0x%lx,got=0x%lx\n", __func__,
495 (long unsigned) adr, (long unsigned) data);
496 arm9tdmi_write (bus, adr, data, get_sz (adr));
497 }
498
499 /**
500 * bus->driver->(*read)
501 *
502 */
503 static uint32_t
arm9tdmi_bus_read(urj_bus_t * bus,uint32_t adr)504 arm9tdmi_bus_read (urj_bus_t *bus, uint32_t adr)
505 {
506 int data = arm9tdmi_read (bus, adr, get_sz (adr));
507 urj_log (URJ_LOG_LEVEL_ALL, "%s:adr=0x%lx,got=0x%lx\n", __func__,
508 (long unsigned) adr, (long unsigned) data);
509 return data;
510 }
511
512 /**
513 * bus->driver->(*read_start)
514 *
515 */
516 static int
arm9tdmi_bus_read_start(urj_bus_t * bus,uint32_t adr)517 arm9tdmi_bus_read_start (urj_bus_t *bus, uint32_t adr)
518 {
519 _data_read = arm9tdmi_read (bus, adr, get_sz (adr));
520 urj_log (URJ_LOG_LEVEL_ALL, "%s:adr=0x%lx, got=0x%lx\n", __func__,
521 (long unsigned) adr, (long unsigned) _data_read);
522
523 return URJ_STATUS_OK;
524 }
525
526 /**
527 * bus->driver->(*read_next)
528 *
529 */
530 static uint32_t
arm9tdmi_bus_read_next(urj_bus_t * bus,uint32_t adr)531 arm9tdmi_bus_read_next (urj_bus_t *bus, uint32_t adr)
532 {
533 uint32_t tmp_value = _data_read;
534 _data_read = arm9tdmi_read (bus, adr, get_sz (adr));
535 urj_log (URJ_LOG_LEVEL_ALL, "%s:adr=0x%lx, got=0x%lx\n", __func__,
536 (long unsigned) adr, (long unsigned) _data_read);
537 return tmp_value;
538 }
539
540 /**
541 * bus->driver->(*read_end)
542 *
543 */
544 static uint32_t
arm9tdmi_bus_read_end(urj_bus_t * bus)545 arm9tdmi_bus_read_end (urj_bus_t *bus)
546 {
547 return _data_read;
548 }
549
550
551 const urj_bus_driver_t urj_bus_arm9tdmi_bus = {
552 "arm9tdmi",
553 N_("ARM9TDMI compatible bus driver"),
554 arm9tdmi_bus_new,
555 urj_bus_generic_free,
556 arm9tdmi_bus_printinfo,
557 arm9tdmi_bus_prepare,
558 arm9tdmi_bus_area,
559 arm9tdmi_bus_read_start,
560 arm9tdmi_bus_read_next,
561 arm9tdmi_bus_read_end,
562 arm9tdmi_bus_read,
563 urj_bus_generic_write_start,
564 arm9tdmi_bus_write,
565 arm9tdmi_bus_init,
566 urj_bus_generic_no_enable,
567 urj_bus_generic_no_disable,
568 URJ_BUS_TYPE_PARALLEL,
569 };
570