1 /*! \file jtagarm7tdmi.h
2 \brief JTAG handler functions for the ARM7TDMI family of processors
8 #define JTAGSTATE_ARM 0 // bit 4 on dbg status reg is low
9 #define JTAGSTATE_THUMB 1
11 #define ARMTCKTOCK CLRTCK; PLEDOUT^=PLEDPIN; SETTCK; PLEDOUT^=PLEDPIN;
12 // ASSUME RUN-TEST/IDLE STATE
13 #define SHIFT_IR SETTMS;TCKTOCK;TCKTOCK;CLRTMS;TCKTOCK;TCKTOCK;
14 #define SHIFT_DR SETTMS;TCKTOCK;CLRTMS;TCKTOCK;TCKTOCK;
18 unsigned char current_chain;
19 unsigned char current_dbgstate = -1;
20 //unsigned char last_halt_debug_state = -1;
21 //unsigned long last_halt_pc = -1;
24 //void jtag_goto_shift_ir();
25 //void jtag_goto_shift_dr();
26 //void jtag_reset_to_runtest_idle();
27 //void jtag_arm_tcktock();
30 // JTAGARM7TDMI Commands
32 //! Write data to address.
33 unsigned long jtagarm7tdmi_writemem(unsigned long adr, unsigned long data);
34 //! Read data from address
35 unsigned long jtagarm7tdmi_readmem(unsigned long adr);
38 unsigned long jtagarm7tdmi_haltcpu();
40 unsigned long jtagarm7tdmi_releasecpu();
42 //! Set the program counter.
43 void jtagarm7tdmi_setpc(unsigned long adr);
45 //! Write data to address.
46 unsigned long jtagarm7tdmi_writeflash(unsigned long adr, unsigned long data);
50 void jtagarm7tdmi_start(void);
51 //! Reset TAP State Machine
52 void jtagarm7tdmi_resettap();
54 //! ARM-specific JTAG bit-transfer
55 unsigned long jtagarmtransn(unsigned long word, unsigned char bitcount, unsigned char lsb, unsigned char end, unsigned char retidle);
57 //! Grab debug register - Expect chain 2 to be selected
58 unsigned long jtagarm7tdmi_get_dbgstate() ;
60 unsigned long jtagarm7tdmi_idcode();
61 //! Connect Bypass Register to TDO/TDI
62 unsigned char jtagarm7tdmi_bypass();
63 //! Connect the appropriate scan chain to TDO/TDI
64 unsigned long jtagarm7tdmi_scan_intest(int n);
65 //! Set a 32-bit ARM register
66 void jtagarm7tdmi_set_register(unsigned long reg, unsigned long val);
67 //! Get a 32-bit ARM register
68 unsigned long jtagarm7tdmi_get_register(unsigned long reg);
70 // ARM7TDMI-specific pins
71 // DBGRQ - GoodFET Pin 8
75 The instruction register is 4 bits in length.
76 There is no parity bit.
77 The fixed value 0001 is loaded into the instruction register during the CAPTURE-IR
79 The least significant bit of the instruction register is scanned in and scanned out first.
82 //4-bit ARM7TDMI JTAG commands, bit-swapped
83 #define ARM7TDMI_IR_EXTEST 0x0
84 #define ARM7TDMI_IR_SCAN_N 0x2
85 #define ARM7TDMI_IR_SAMPLE 0x3
86 #define ARM7TDMI_IR_RESTART 0x4
87 #define ARM7TDMI_IR_CLAMP 0x5
88 #define ARM7TDMI_IR_HIGHZ 0x7
89 #define ARM7TDMI_IR_CLAMPZ 0x9
90 #define ARM7TDMI_IR_INTEST 0xC
91 #define ARM7TDMI_IR_IDCODE 0xE
92 #define ARM7TDMI_IR_BYPASS 0xF
94 // read 3 bit - Debug Control
95 #define EICE_DBGCTRL 0
96 #define EICE_DBGCTRL_BITLEN 3
97 // read 5 bit - Debug Status
98 #define EICE_DBGSTATUS 1
99 #define EICE_DBGSTATUS_BITLEN 5
100 // read 6 bit - Debug Comms Control Register
101 #define EICE_DBGCCR 4
102 #define EICE_DBGCCR_BITLEN 6
103 // r/w 32 bit - Debug Comms Data Register
104 #define EICE_DBGCDR 5
105 // r/w 32 bit - Watchpoint 0 Address
106 #define EICE_WP0ADDR 8
107 // r/w 32 bit - Watchpoint 0 Addres Mask
108 #define EICE_WP0ADDRMASK 9
109 // r/w 32 bit - Watchpoint 0 Data
110 #define EICE_WP0DATA 10
111 // r/w 32 bit - Watchpoint 0 Data Masl
112 #define EICE_WP0DATAMASK 11
113 // r/w 9 bit - Watchpoint 0 Control Value
114 #define EICE_WP0CTRL 12
115 // r/w 8 bit - Watchpoint 0 Control Mask
116 #define EICE_WP0CTRLMASK 13
117 // r/w 32 bit - Watchpoint 0 Address
118 #define EICE_WP1ADDR 16
119 // r/w 32 bit - Watchpoint 0 Addres Mask
120 #define EICE_WP1ADDRMASK 17
121 // r/w 32 bit - Watchpoint 0 Data
122 #define EICE_WP1DATA 18
123 // r/w 32 bit - Watchpoint 0 Data Masl
124 #define EICE_WP1DATAMASK 19
125 // r/w 9 bit - Watchpoint 0 Control Value
126 #define EICE_WP1CTRL 20
127 // r/w 8 bit - Watchpoint 0 Control Mask
128 #define EICE_WP1CTRLMASK 21
131 //JTAGARM7TDMI commands
132 #define JTAGARM7_GET_REGISTER 0x87
133 #define JTAGARM7_SET_REGISTER 0x88
134 #define JTAGARM7_DEBUG_INSTR 0x89
135 // Really ARM specific stuff
136 #define JTAGARM7_SET_IR 0x90
137 #define JTAGARM7_WAIT_DBG 0x91
138 #define JTAGARM7_SHIFT_DR 0x92
139 #define JTAGARM7_CHAIN0 0x93
140 #define JTAGARM7_SCANCHAIN1 0x94
141 #define JTAGARM7_EICE_READ 0x95
142 #define JTAGARM7_EICE_WRITE 0x96
145 // for deeper understanding, read the instruction cycle timing section of:
146 // http://www.atmel.com/dyn/resources/prod_documents/DDI0029G_7TDMI_R3_trm.pdf
147 #define EXECNOPARM 0xe1a00000L
148 #define ARM_INSTR_NOP 0xe1a00000L
149 #define ARM_INSTR_BX_R0 0xe12fff10L
150 #define ARM_INSTR_STR_Rx_r14 0xe58f0000L // from atmel docs
151 #define ARM_READ_REG ARM_INSTR_STR_Rx_r14
152 #define ARM_INSTR_LDR_Rx_r14 0xe59f0000L // from atmel docs
153 #define ARM_WRITE_REG ARM_INSTR_LDR_Rx_r14
154 #define ARM_INSTR_LDR_R1_r0_4 0xe4901004L
155 #define ARM_READ_MEM ARM_INSTR_LDR_R1_r0_4
156 #define ARM_INSTR_STR_R1_r0_4 0xe4801004L
157 #define ARM_WRITE_MEM ARM_INSTR_STR_R1_r0_4
158 #define ARM_INSTR_MRS_R0_CPSR 0xe10f0000L
159 #define ARM_INSTR_MSR_cpsr_cxsf_R0 0xe12ff000L
160 #define ARM_INSTR_STMIA_R14_r0_rx 0xE88E0000L // add up to 65k to indicate which registers...
161 #define ARM_STORE_MULTIPLE ARM_INSTR_STMIA_R14_r0_rx
162 #define ARM_INSTR_SKANKREGS 0xE88F7fffL
163 #define ARM_INSTR_CLOBBEREGS 0xE89F7fffL
165 #define ARM_INSTR_B_IMM 0xea000000L
166 #define ARM_INSTR_BX_PC 0xe12fff10L // need to set r0 to the desired address
167 #define THUMB_INSTR_STR_R0_r0 0x60006000L
168 #define THUMB_INSTR_MOV_R0_PC 0x46b846b8L
169 #define THUMB_INSTR_BX_PC 0x47784778L
170 #define THUMB_INSTR_NOP 0x1c001c00L
171 #define ARM_REG_PC 15
173 #define JTAG_ARM7TDMI_DBG_DBGACK 1
174 #define JTAG_ARM7TDMI_DBG_DBGRQ 2
175 #define JTAG_ARM7TDMI_DBG_IFEN 4
176 #define JTAG_ARM7TDMI_DBG_cgenL 8
177 #define JTAG_ARM7TDMI_DBG_TBIT 16