cmsis-dap: add JTAG pass-through mode
[openocd.git] / src / jtag / drivers / cmsis_dap_usb.c
index 95f553b..a07064b 100644 (file)
@@ -1,4 +1,13 @@
 /***************************************************************************
+ *   Copyright (C) 2016 by Maksym Hilliaka                                 *
+ *   oter@frozen-team.com                                                  *
+ *                                                                         *
+ *   Copyright (C) 2016 by Phillip Pearson                                 *
+ *   pp@myelin.co.nz                                                       *
+ *                                                                         *
+ *   Copyright (C) 2014 by Paul Fertser                                    *
+ *   fercerpav@gmail.com                                                   *
+ *                                                                         *
  *   Copyright (C) 2013 by mike brown                                      *
  *   mike@theshedworks.org.uk                                              *
  *                                                                         *
@@ -16,9 +25,7 @@
  *   GNU General Public License for more details.                          *
  *                                                                         *
  *   You should have received a copy of the GNU General Public License     *
- *   along with this program; if not, write to the                         *
- *   Free Software Foundation, Inc.,                                       *
- *   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.           *
+ *   along with this program.  If not, see <http://www.gnu.org/licenses/>. *
  ***************************************************************************/
 
 #ifdef HAVE_CONFIG_H
 
 #include <hidapi.h>
 
-#ifdef _DEBUG_JTAG_IO_
- #define DEBUG_IO(expr...) LOG_DEBUG(expr)
-#else
- #define DEBUG_IO(expr...) do {} while (0)
-#endif
-
 /*
  * See CMSIS-DAP documentation:
  * Version 0.01 - Beta.
@@ -125,6 +126,15 @@ static bool swd_mode;
 #define CMD_DAP_JTAG_CONFIGURE    0x15
 #define CMD_DAP_JTAG_IDCODE       0x16
 
+/* CMSIS-DAP JTAG sequence info masks */
+/* Number of bits to clock through (0 means 64) */
+#define DAP_JTAG_SEQ_TCK          0x3F
+/* TMS will be set during the sequence if this bit is set */
+#define DAP_JTAG_SEQ_TMS          0x40
+/* TDO output will be captured if this bit is set */
+#define DAP_JTAG_SEQ_TDO          0x80
+
+
 /* CMSIS-DAP Transfer Commands */
 #define CMD_DAP_TFER_CONFIGURE    0x04
 #define CMD_DAP_TFER              0x05
@@ -155,6 +165,40 @@ struct cmsis_dap {
        uint8_t mode;
 };
 
+struct pending_transfer_result {
+       uint8_t cmd;
+       uint32_t data;
+       void *buffer;
+};
+
+struct pending_scan_result {
+       /** Offset in bytes in the CMD_DAP_JTAG_SEQ response buffer. */
+       unsigned first;
+       /** Number of bits to read. */
+       unsigned length;
+       /** Location to store the result */
+       uint8_t *buffer;
+       /** Offset in the destination buffer */
+       unsigned buffer_offset;
+};
+
+static int pending_transfer_count, pending_queue_len;
+static struct pending_transfer_result *pending_transfers;
+
+/* pointers to buffers that will receive jtag scan results on the next flush */
+#define MAX_PENDING_SCAN_RESULTS 256
+static int pending_scan_result_count;
+static struct pending_scan_result pending_scan_results[MAX_PENDING_SCAN_RESULTS];
+
+/* queued JTAG sequences that will be executed on the next flush */
+#define QUEUED_SEQ_BUF_LEN (cmsis_dap_handle->packet_size - 3)
+static int queued_seq_count;
+static int queued_seq_buf_end;
+static int queued_seq_tdo_ptr;
+static uint8_t queued_seq_buf[1024]; /* TODO: make dynamic / move into cmsis object */
+
+static int queued_retval;
+
 static struct cmsis_dap *cmsis_dap_handle;
 
 static int cmsis_dap_usb_open(void)
@@ -163,8 +207,10 @@ static int cmsis_dap_usb_open(void)
        int i;
        struct hid_device_info *devs, *cur_dev;
        unsigned short target_vid, target_pid;
+       wchar_t *target_serial = NULL;
 
        bool found = false;
+       bool serial_found = false;
 
        target_vid = 0;
        target_pid = 0;
@@ -204,10 +250,14 @@ static int cmsis_dap_usb_open(void)
                        /* we have found an adapter, so exit further checks */
                        /* check serial number matches if given */
                        if (cmsis_dap_serial != NULL) {
-                               if (wcscmp(cmsis_dap_serial, cur_dev->serial_number) == 0)
+                               if ((cur_dev->serial_number != NULL) && wcscmp(cmsis_dap_serial, cur_dev->serial_number) == 0) {
+                                       serial_found = true;
                                        break;
+                               }
                        } else
                                break;
+
+                       found = false;
                }
 
                cur_dev = cur_dev->next;
@@ -216,6 +266,8 @@ static int cmsis_dap_usb_open(void)
        if (NULL != cur_dev) {
                target_vid = cur_dev->vendor_id;
                target_pid = cur_dev->product_id;
+               if (serial_found)
+                       target_serial = cmsis_dap_serial;
        }
 
        hid_free_enumeration(devs);
@@ -230,10 +282,10 @@ static int cmsis_dap_usb_open(void)
                return ERROR_FAIL;
        }
 
-       dev = hid_open(target_vid, target_pid, NULL);
+       dev = hid_open(target_vid, target_pid, target_serial);
 
        if (dev == NULL) {
-               LOG_ERROR("unable to open CMSIS-DAP device");
+               LOG_ERROR("unable to open CMSIS-DAP device 0x%x:0x%x", target_vid, target_pid);
                return ERROR_FAIL;
        }
 
@@ -257,6 +309,8 @@ static int cmsis_dap_usb_open(void)
        int packet_size = PACKET_SIZE;
 
        /* atmel cmsis-dap uses 512 byte reports */
+       /* TODO: HID report descriptor should be parsed instead of
+        * hardcoding a match by VID */
        if (target_vid == 0x03eb)
                packet_size = 512 + 1;
 
@@ -276,18 +330,13 @@ static void cmsis_dap_usb_close(struct cmsis_dap *dap)
        hid_close(dap->dev_handle);
        hid_exit();
 
-       if (cmsis_dap_handle->packet_buffer)
-               free(cmsis_dap_handle->packet_buffer);
-
-       if (cmsis_dap_handle) {
-               free(cmsis_dap_handle);
-               cmsis_dap_handle = NULL;
-       }
-
-       if (cmsis_dap_serial) {
-               free(cmsis_dap_serial);
-               cmsis_dap_serial = NULL;
-       }
+       free(cmsis_dap_handle->packet_buffer);
+       free(cmsis_dap_handle);
+       cmsis_dap_handle = NULL;
+       free(cmsis_dap_serial);
+       cmsis_dap_serial = NULL;
+       free(pending_transfers);
+       pending_transfers = NULL;
 
        return;
 }
@@ -295,8 +344,11 @@ static void cmsis_dap_usb_close(struct cmsis_dap *dap)
 /* Send a message and receive the reply */
 static int cmsis_dap_usb_xfer(struct cmsis_dap *dap, int txlen)
 {
+#ifdef CMSIS_DAP_JTAG_DEBUG
+       LOG_DEBUG("cmsis-dap usb xfer cmd=%02X", dap->packet_buffer[1]);
+#endif
        /* Pad the rest of the TX buffer with 0's */
-       memset(dap->packet_buffer + txlen, 0, dap->packet_size - 1 - txlen);
+       memset(dap->packet_buffer + txlen, 0, dap->packet_size - txlen);
 
        /* write data to device */
        int retval = hid_write(dap->dev_handle, dap->packet_buffer, dap->packet_size);
@@ -364,6 +416,33 @@ static int cmsis_dap_cmd_DAP_SWJ_Clock(uint32_t swj_clock)
        return ERROR_OK;
 }
 
+/* clock a sequence of bits out on TMS, to change JTAG states */
+static int cmsis_dap_cmd_DAP_SWJ_Sequence(uint8_t s_len, const uint8_t *sequence)
+{
+       int retval;
+       uint8_t *buffer = cmsis_dap_handle->packet_buffer;
+
+#ifdef CMSIS_DAP_JTAG_DEBUG
+       LOG_DEBUG("cmsis-dap TMS sequence: len=%d", s_len);
+       for (int i = 0; i < DIV_ROUND_UP(s_len, 8); ++i)
+               printf("%02X ", sequence[i]);
+
+       printf("\n");
+#endif
+
+       buffer[0] = 0;  /* report number */
+       buffer[1] = CMD_DAP_SWJ_SEQ;
+       buffer[2] = s_len;
+       bit_copy(&buffer[3], 0, sequence, 0, s_len);
+
+       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, DIV_ROUND_UP(s_len, 8) + 3);
+
+       if (retval != ERROR_OK || buffer[1] != DAP_OK)
+               return ERROR_FAIL;
+
+       return ERROR_OK;
+}
+
 static int cmsis_dap_cmd_DAP_Info(uint8_t info, uint8_t **data)
 {
        int retval;
@@ -443,7 +522,7 @@ static int cmsis_dap_cmd_DAP_Disconnect(void)
        return ERROR_OK;
 }
 
-static int cmsis_dap_cmd_DAP_TFER_Configure(uint8_t idle, uint16_t delay, uint16_t retry)
+static int cmsis_dap_cmd_DAP_TFER_Configure(uint8_t idle, uint16_t retry_count, uint16_t match_retry)
 {
        int retval;
        uint8_t *buffer = cmsis_dap_handle->packet_buffer;
@@ -451,10 +530,10 @@ static int cmsis_dap_cmd_DAP_TFER_Configure(uint8_t idle, uint16_t delay, uint16
        buffer[0] = 0;  /* report number */
        buffer[1] = CMD_DAP_TFER_CONFIGURE;
        buffer[2] = idle;
-       buffer[3] = delay & 0xff;
-       buffer[4] = (delay >> 8) & 0xff;
-       buffer[5] = retry & 0xff;
-       buffer[6] = (retry >> 8) & 0xff;
+       buffer[3] = retry_count & 0xff;
+       buffer[4] = (retry_count >> 8) & 0xff;
+       buffer[5] = match_retry & 0xff;
+       buffer[6] = (match_retry >> 8) & 0xff;
        retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 7);
 
        if (retval != ERROR_OK || buffer[1] != DAP_OK) {
@@ -504,75 +583,139 @@ static int cmsis_dap_cmd_DAP_Delay(uint16_t delay_us)
 }
 #endif
 
-static int queued_retval;
-
-static void cmsis_dap_swd_read_reg(struct adiv5_dap *dap, uint8_t cmd, uint32_t *value)
+static int cmsis_dap_swd_run_queue(void)
 {
-       if (queued_retval != ERROR_OK)
-               return;
-
        uint8_t *buffer = cmsis_dap_handle->packet_buffer;
-       int retval;
-       uint32_t val;
 
-       DEBUG_IO("CMSIS-DAP: Read  Reg 0x%02" PRIx8, cmd);
+       LOG_DEBUG("Executing %d queued transactions", pending_transfer_count);
 
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_TFER;
-       buffer[2] = 0x00;
-       buffer[3] = 0x01;
-       buffer[4] = cmd;
-       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 5);
-
-       /* TODO - need better response checking */
-       if (retval != ERROR_OK || buffer[1] != 0x01) {
-               LOG_ERROR("CMSIS-DAP: Read Error (0x%02" PRIx8 ")", buffer[2]);
-               queued_retval = buffer[2];
-               return;
+       if (queued_retval != ERROR_OK) {
+               LOG_DEBUG("Skipping due to previous errors: %d", queued_retval);
+               goto skip;
        }
 
-       val = le_to_h_u32(&buffer[3]);
-       DEBUG_IO("0x%08" PRIx32, val);
+       if (!pending_transfer_count)
+               goto skip;
+
+       size_t idx = 0;
+       buffer[idx++] = 0;      /* report number */
+       buffer[idx++] = CMD_DAP_TFER;
+       buffer[idx++] = 0x00;   /* DAP Index */
+       buffer[idx++] = pending_transfer_count;
+
+       for (int i = 0; i < pending_transfer_count; i++) {
+               uint8_t cmd = pending_transfers[i].cmd;
+               uint32_t data = pending_transfers[i].data;
+
+               LOG_DEBUG("%s %s reg %x %"PRIx32,
+                               cmd & SWD_CMD_APnDP ? "AP" : "DP",
+                               cmd & SWD_CMD_RnW ? "read" : "write",
+                         (cmd & SWD_CMD_A32) >> 1, data);
+
+               /* When proper WAIT handling is implemented in the
+                * common SWD framework, this kludge can be
+                * removed. However, this might lead to minor
+                * performance degradation as the adapter wouldn't be
+                * able to automatically retry anything (because ARM
+                * has forgotten to implement sticky error flags
+                * clearing). See also comments regarding
+                * cmsis_dap_cmd_DAP_TFER_Configure() and
+                * cmsis_dap_cmd_DAP_SWD_Configure() in
+                * cmsis_dap_init().
+                */
+               if (!(cmd & SWD_CMD_RnW) &&
+                   !(cmd & SWD_CMD_APnDP) &&
+                   (cmd & SWD_CMD_A32) >> 1 == DP_CTRL_STAT &&
+                   (data & CORUNDETECT)) {
+                       LOG_DEBUG("refusing to enable sticky overrun detection");
+                       data &= ~CORUNDETECT;
+               }
+
+               buffer[idx++] = (cmd >> 1) & 0x0f;
+               if (!(cmd & SWD_CMD_RnW)) {
+                       buffer[idx++] = (data) & 0xff;
+                       buffer[idx++] = (data >> 8) & 0xff;
+                       buffer[idx++] = (data >> 16) & 0xff;
+                       buffer[idx++] = (data >> 24) & 0xff;
+               }
+       }
 
-       if (value)
-               *value = val;
+       queued_retval = cmsis_dap_usb_xfer(cmsis_dap_handle, idx);
+       if (queued_retval != ERROR_OK)
+               goto skip;
+
+       idx = 2;
+       uint8_t ack = buffer[idx] & 0x07;
+       if (ack != SWD_ACK_OK || (buffer[idx] & 0x08)) {
+               LOG_DEBUG("SWD ack not OK: %d %s", buffer[idx-1],
+                         ack == SWD_ACK_WAIT ? "WAIT" : ack == SWD_ACK_FAULT ? "FAULT" : "JUNK");
+               queued_retval = ack == SWD_ACK_WAIT ? ERROR_WAIT : ERROR_FAIL;
+               goto skip;
+       }
+       idx++;
+
+       if (pending_transfer_count != buffer[1])
+               LOG_ERROR("CMSIS-DAP transfer count mismatch: expected %d, got %d",
+                         pending_transfer_count, buffer[1]);
+
+       for (int i = 0; i < buffer[1]; i++) {
+               if (pending_transfers[i].cmd & SWD_CMD_RnW) {
+                       static uint32_t last_read;
+                       uint32_t data = le_to_h_u32(&buffer[idx]);
+                       uint32_t tmp = data;
+                       idx += 4;
+
+                       LOG_DEBUG("Read result: %"PRIx32, data);
+
+                       /* Imitate posted AP reads */
+                       if ((pending_transfers[i].cmd & SWD_CMD_APnDP) ||
+                           ((pending_transfers[i].cmd & SWD_CMD_A32) >> 1 == DP_RDBUFF)) {
+                               tmp = last_read;
+                               last_read = data;
+                       }
 
-       queued_retval = retval;
+                       if (pending_transfers[i].buffer)
+                               *(uint32_t *)pending_transfers[i].buffer = tmp;
+               }
+       }
+
+skip:
+       pending_transfer_count = 0;
+       int retval = queued_retval;
+       queued_retval = ERROR_OK;
+
+       return retval;
 }
 
-static void cmsis_dap_swd_write_reg(struct adiv5_dap *dap, uint8_t cmd, uint32_t value)
+static void cmsis_dap_swd_queue_cmd(uint8_t cmd, uint32_t *dst, uint32_t data)
 {
+       if (pending_transfer_count == pending_queue_len) {
+               /* Not enough room in the queue. Run the queue. */
+               queued_retval = cmsis_dap_swd_run_queue();
+       }
+
        if (queued_retval != ERROR_OK)
                return;
 
-       uint8_t *buffer = cmsis_dap_handle->packet_buffer;
-
-       DEBUG_IO("CMSIS-DAP: Write Reg 0x%02" PRIx8 " 0x%08" PRIx32, cmd, value);
-
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_TFER;
-       buffer[2] = 0x00;
-       buffer[3] = 0x01;
-       buffer[4] = cmd;
-       buffer[5] = (value) & 0xff;
-       buffer[6] = (value >> 8) & 0xff;
-       buffer[7] = (value >> 16) & 0xff;
-       buffer[8] = (value >> 24) & 0xff;
-       int retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 9);
-
-       if (buffer[1] != 0x01) {
-               LOG_ERROR("CMSIS-DAP: Write Error (0x%02" PRIx8 ")", buffer[2]);
-               retval = buffer[2];
+       pending_transfers[pending_transfer_count].data = data;
+       pending_transfers[pending_transfer_count].cmd = cmd;
+       if (cmd & SWD_CMD_RnW) {
+               /* Queue a read transaction */
+               pending_transfers[pending_transfer_count].buffer = dst;
        }
+       pending_transfer_count++;
+}
 
-       queued_retval = retval;
+static void cmsis_dap_swd_write_reg(uint8_t cmd, uint32_t value, uint32_t ap_delay_clk)
+{
+       assert(!(cmd & SWD_CMD_RnW));
+       cmsis_dap_swd_queue_cmd(cmd, NULL, value);
 }
 
-static int cmsis_dap_swd_run(struct adiv5_dap *dap)
+static void cmsis_dap_swd_read_reg(uint8_t cmd, uint32_t *value, uint32_t ap_delay_clk)
 {
-       int retval = queued_retval;
-       queued_retval = ERROR_OK;
-       return retval;
+       assert(cmd & SWD_CMD_RnW);
+       cmsis_dap_swd_queue_cmd(cmd, value, 0);
 }
 
 static int cmsis_dap_get_version_info(void)
@@ -632,125 +775,51 @@ static int cmsis_dap_get_status(void)
        return retval;
 }
 
-static int cmsis_dap_reset_link(void)
+static int cmsis_dap_swd_switch_seq(enum swd_special_seq seq)
 {
-       uint8_t *buffer = cmsis_dap_handle->packet_buffer;
-
-       LOG_DEBUG("CMSIS-DAP: cmsis_dap_reset_link");
-       LOG_INFO("DAP_SWJ Sequence (reset: 50+ '1' followed by 0)");
-
-       /* reset line with SWDIO high for >50 cycles */
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_SWJ_SEQ;
-       buffer[2] = 7 * 8;
-       buffer[3] = 0xff;
-       buffer[4] = 0xff;
-       buffer[5] = 0xff;
-       buffer[6] = 0xff;
-       buffer[7] = 0xff;
-       buffer[8] = 0xff;
-       buffer[9] = 0xff;
-       int retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 10);
-
-       if (retval != ERROR_OK || buffer[1] != DAP_OK)
-               return ERROR_FAIL;
-
-       /* 16bit JTAG-SWD sequence */
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_SWJ_SEQ;
-       buffer[2] = 2 * 8;
-       buffer[3] = 0x9e;
-       buffer[4] = 0xe7;
-       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 5);
-
-       if (retval != ERROR_OK || buffer[1] != DAP_OK)
-               return ERROR_FAIL;
-
-       /* another reset just incase */
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_SWJ_SEQ;
-       buffer[2] = 7 * 8;
-       buffer[3] = 0xff;
-       buffer[4] = 0xff;
-       buffer[5] = 0xff;
-       buffer[6] = 0xff;
-       buffer[7] = 0xff;
-       buffer[8] = 0xff;
-       buffer[9] = 0xff;
-       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 10);
-
-       if (retval != ERROR_OK || buffer[1] != DAP_OK)
-               return ERROR_FAIL;
-
-       /* 16 cycle idle period */
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_SWJ_SEQ;
-       buffer[2] = 2 * 8;
-       buffer[3] = 0x00;
-       buffer[4] = 0x00;
-       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 5);
-
-       if (retval != ERROR_OK || buffer[1] != DAP_OK)
-               return ERROR_FAIL;
-
-       DEBUG_IO("DAP Read IDCODE");
+       const uint8_t *s;
+       unsigned int s_len;
+       int retval;
 
-       /* read the id code is always the next sequence */
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_TFER;
-       buffer[2] = 0x00;
-       buffer[3] = 0x01;
-       buffer[4] = 0x02;
-       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 5);
+       /* First disconnect before connecting, Atmel EDBG needs it for SAMD/R/L/C */
+       cmsis_dap_cmd_DAP_Disconnect();
 
+       /* When we are reconnecting, DAP_Connect needs to be rerun, at
+        * least on Keil ULINK-ME */
+       retval = cmsis_dap_cmd_DAP_Connect(seq == LINE_RESET || seq == JTAG_TO_SWD ?
+                                          CONNECT_SWD : CONNECT_JTAG);
        if (retval != ERROR_OK)
                return retval;
 
-       if (buffer[1] == 0) {
-               LOG_DEBUG("Result 0x%02" PRIx8 " 0x%02" PRIx8, buffer[1], buffer[2]);
-
-               LOG_DEBUG("DAP Reset Target");
-               buffer[0] = 0;  /* report number */
-               buffer[1] = CMD_DAP_RESET_TARGET;
-               retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 2);
-               LOG_DEBUG("Result 0x%02" PRIx8 " 0x%02" PRIx8, buffer[1], buffer[2]);
-
-               LOG_DEBUG("DAP Write Abort");
-               buffer[0] = 0;  /* report number */
-               buffer[1] = CMD_DAP_WRITE_ABORT;
-               buffer[2] = 0x00;
-               buffer[3] = 0x1e/*0x1f*/;
-               buffer[4] = 0x00;
-               buffer[5] = 0x00;
-               buffer[6] = 0x00;
-               retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 7);
-               LOG_DEBUG("Result 0x%02" PRIx8, buffer[1]);
-
-               return 0x80 + buffer[1];
+       switch (seq) {
+       case LINE_RESET:
+               LOG_DEBUG("SWD line reset");
+               s = swd_seq_line_reset;
+               s_len = swd_seq_line_reset_len;
+               break;
+       case JTAG_TO_SWD:
+               LOG_DEBUG("JTAG-to-SWD");
+               s = swd_seq_jtag_to_swd;
+               s_len = swd_seq_jtag_to_swd_len;
+               break;
+       case SWD_TO_JTAG:
+               LOG_DEBUG("SWD-to-JTAG");
+               s = swd_seq_swd_to_jtag;
+               s_len = swd_seq_swd_to_jtag_len;
+               break;
+       default:
+               LOG_ERROR("Sequence %d not supported", seq);
+               return ERROR_FAIL;
        }
 
-       LOG_DEBUG("DAP Write Abort");
-       buffer[0] = 0;  /* report number */
-       buffer[1] = CMD_DAP_WRITE_ABORT;
-       buffer[2] = 0x00;
-       buffer[3] = 0x1e;
-       buffer[4] = 0x00;
-       buffer[5] = 0x00;
-       buffer[6] = 0x00;
-       retval = cmsis_dap_usb_xfer(cmsis_dap_handle, 7);
-       LOG_DEBUG("Result 0x%02" PRIx8, buffer[1]);
-
-       return retval;
+       return cmsis_dap_cmd_DAP_SWJ_Sequence(s_len, s);
 }
 
 static int cmsis_dap_swd_open(void)
 {
        int retval;
 
-       DEBUG_IO("CMSIS-DAP: cmsis_dap_swd_open");
-
        if (cmsis_dap_handle == NULL) {
-
                /* SWD init */
                retval = cmsis_dap_usb_open();
                if (retval != ERROR_OK)
@@ -823,6 +892,16 @@ static int cmsis_dap_init(void)
        if (data[0] == 2) {  /* short */
                uint16_t pkt_sz = data[1] + (data[2] << 8);
 
+               /* 4 bytes of command header + 5 bytes per register
+                * write. For bulk read sequences just 4 bytes are
+                * needed per transfer, so this is suboptimal. */
+               pending_queue_len = (pkt_sz - 4) / 5;
+               pending_transfers = malloc(pending_queue_len * sizeof(*pending_transfers));
+               if (!pending_transfers) {
+                       LOG_ERROR("Unable to allocate memory for CMSIS-DAP queue");
+                       return ERROR_FAIL;
+               }
+
                if (cmsis_dap_handle->packet_size != pkt_sz + 1) {
                        /* reallocate buffer */
                        cmsis_dap_handle->packet_size = pkt_sz + 1;
@@ -854,14 +933,19 @@ static int cmsis_dap_init(void)
 
        /* Now try to connect to the target
         * TODO: This is all SWD only @ present */
-       retval = cmsis_dap_cmd_DAP_SWJ_Clock(100);              /* 100kHz */
+       retval = cmsis_dap_cmd_DAP_SWJ_Clock(jtag_get_speed_khz());
        if (retval != ERROR_OK)
                return ERROR_FAIL;
 
+       /* Ask CMSIS-DAP to automatically retry on receiving WAIT for
+        * up to 64 times. This must be changed to 0 if sticky
+        * overrun detection is enabled. */
        retval = cmsis_dap_cmd_DAP_TFER_Configure(0, 64, 0);
        if (retval != ERROR_OK)
                return ERROR_FAIL;
-       retval = cmsis_dap_cmd_DAP_SWD_Configure(0x00);
+       /* Data Phase (bit 2) must be set to 1 if sticky overrun
+        * detection is enabled */
+       retval = cmsis_dap_cmd_DAP_SWD_Configure(0);    /* 1 TRN, no Data Phase */
        if (retval != ERROR_OK)
                return ERROR_FAIL;
 
@@ -881,11 +965,7 @@ static int cmsis_dap_init(void)
                }
        }
 
-       retval = cmsis_dap_reset_link();
-       if (retval != ERROR_OK)
-               return ERROR_FAIL;
-
-       cmsis_dap_cmd_DAP_LED(0x00);                            /* Both LEDs off */
+       cmsis_dap_cmd_DAP_LED(0x00);                    /* Both LEDs off */
 
        LOG_INFO("CMSIS-DAP: Interface ready");
 
@@ -925,17 +1005,456 @@ static void cmsis_dap_execute_sleep(struct jtag_command *cmd)
                jtag_sleep(cmd->cmd.sleep->us);
 }
 
+/* Set TMS high for five TCK clocks, to move the TAP to the Test-Logic-Reset state */
+static int cmsis_dap_execute_tlr_reset(struct jtag_command *cmd)
+{
+       LOG_INFO("cmsis-dap JTAG TLR_RESET");
+       uint8_t seq = 0xff;
+       int ret = cmsis_dap_cmd_DAP_SWJ_Sequence(8, &seq);
+       if (ret == ERROR_OK)
+               tap_set_state(TAP_RESET);
+       return ret;
+}
+
+/* Set new end state */
+static void cmsis_dap_end_state(tap_state_t state)
+{
+       if (tap_is_state_stable(state))
+               tap_set_end_state(state);
+       else {
+               LOG_ERROR("BUG: %i is not a valid end state", state);
+               exit(-1);
+       }
+}
+
+#ifdef SPRINT_BINARY
+static void sprint_binary(char *s, const uint8_t *buf, int offset, int len)
+{
+       if (!len)
+               return;
+
+       /*
+       buf = { 0x18 } len=5 should result in: 11000
+       buf = { 0xff 0x18 } len=13 should result in: 11111111 11000
+       buf = { 0xc0 0x18 } offset=3 len=10 should result in: 11000 11000
+               i=3 there means i/8 = 0 so c = 0xFF, and
+       */
+       for (int i = offset; i < offset + len; ++i) {
+               uint8_t c = buf[i / 8], mask = 1 << (i % 8);
+               if ((i != offset) && !(i % 8))
+                       putchar(' ');
+               *s++ = (c & mask) ? '1' : '0';
+       }
+       *s = 0;
+}
+#endif
+
+#ifdef CMSIS_DAP_JTAG_DEBUG
+static void debug_parse_cmsis_buf(const uint8_t *cmd, int cmdlen)
+{
+       /* cmd is a usb packet to go to the cmsis-dap interface */
+       printf("cmsis-dap buffer (%d b): ", cmdlen);
+       for (int i = 0; i < cmdlen; ++i)
+               printf(" %02x", cmd[i]);
+       printf("\n");
+       switch (cmd[1]) {
+               case CMD_DAP_JTAG_SEQ: {
+                       printf("cmsis-dap jtag sequence command %02x (n=%d)\n", cmd[1], cmd[2]);
+                       /*
+                        * #2 = number of sequences
+                        * #3 = sequence info 1
+                        * #4...4+n_bytes-1 = sequence 1
+                        * #4+n_bytes = sequence info 2
+                        * #5+n_bytes = sequence 2 (single bit)
+                        */
+                       int pos = 3;
+                       for (int seq = 0; seq < cmd[2]; ++seq) {
+                               uint8_t info = cmd[pos++];
+                               int len = info & DAP_JTAG_SEQ_TCK;
+                               if (len == 0)
+                                       len = 64;
+                               printf("  sequence %d starting %d: info %02x (len=%d tms=%d read_tdo=%d): ",
+                                       seq, pos, info, len, info & DAP_JTAG_SEQ_TMS, info & DAP_JTAG_SEQ_TDO);
+                               for (int i = 0; i < DIV_ROUND_UP(len, 8); ++i)
+                                       printf(" %02x", cmd[pos+i]);
+                               pos += DIV_ROUND_UP(len, 8);
+                               printf("\n");
+                       }
+                       if (pos != cmdlen) {
+                               printf("BUFFER LENGTH MISMATCH looks like %d but %d specified", pos, cmdlen);
+                               exit(-1);
+                       }
+
+                       break;
+               }
+               default:
+                       LOG_DEBUG("unknown cmsis-dap command %02x", cmd[1]);
+                       break;
+       }
+}
+#endif
+
+static void cmsis_dap_flush(void)
+{
+       if (!queued_seq_count)
+               return;
+
+       DEBUG_JTAG_IO("Flushing %d queued sequences (%d bytes) with %d pending scan results to capture",
+               queued_seq_count, queued_seq_buf_end, pending_scan_result_count);
+
+       /* prep CMSIS-DAP packet */
+       uint8_t *buffer = cmsis_dap_handle->packet_buffer;
+       buffer[0] = 0;  /* report number */
+       buffer[1] = CMD_DAP_JTAG_SEQ;
+       buffer[2] = queued_seq_count;
+       memcpy(buffer + 3, queued_seq_buf, queued_seq_buf_end);
+
+#ifdef CMSIS_DAP_JTAG_DEBUG
+       debug_parse_cmsis_buf(buffer, queued_seq_buf_end + 3);
+#endif
+
+       /* send command to USB device */
+       int retval = cmsis_dap_usb_xfer(cmsis_dap_handle, queued_seq_buf_end + 3);
+       if (retval != ERROR_OK || buffer[1] != DAP_OK) {
+               LOG_ERROR("CMSIS-DAP command CMD_DAP_JTAG_SEQ failed.");
+               exit(-1);
+       }
+
+#ifdef CMSIS_DAP_JTAG_DEBUG
+       DEBUG_JTAG_IO("USB response buf:");
+       for (int c = 0; c < queued_seq_buf_end + 3; ++c)
+               printf("%02X ", buffer[c]);
+       printf("\n");
+#endif
+
+       /* copy scan results into client buffers */
+       for (int i = 0; i < pending_scan_result_count; ++i) {
+               struct pending_scan_result *scan = &pending_scan_results[i];
+               DEBUG_JTAG_IO("Copying pending_scan_result %d/%d: %d bits from byte %d -> buffer + %d bits",
+                       i, pending_scan_result_count, scan->length, scan->first + 2, scan->buffer_offset);
+#ifdef CMSIS_DAP_JTAG_DEBUG
+               for (uint32_t b = 0; b < DIV_ROUND_UP(scan->length, 8); ++b)
+                       printf("%02X ", buffer[2+scan->first+b]);
+               printf("\n");
+#endif
+               bit_copy(scan->buffer, scan->buffer_offset, buffer + 2 + scan->first, 0, scan->length);
+       }
+
+       /* reset */
+       queued_seq_count = 0;
+       queued_seq_buf_end = 0;
+       queued_seq_tdo_ptr = 0;
+       pending_scan_result_count = 0;
+}
+
+/* queue a sequence of bits to clock out TDI / in TDO, executing if the buffer is full.
+ *
+ * sequence=NULL means clock out zeros on TDI
+ * tdo_buffer=NULL means don't capture TDO
+ */
+static void cmsis_dap_add_jtag_sequence(int s_len, const uint8_t *sequence, int s_offset,
+                                       bool tms, uint8_t *tdo_buffer, int tdo_buffer_offset)
+{
+       DEBUG_JTAG_IO("[at %d] %d bits, tms %s, seq offset %d, tdo buf %p, tdo offset %d",
+               queued_seq_buf_end,
+               s_len, tms ? "HIGH" : "LOW", s_offset, tdo_buffer, tdo_buffer_offset);
+
+       if (s_len == 0)
+               return;
+
+       if (s_len > 64) {
+               DEBUG_JTAG_IO("START JTAG SEQ SPLIT");
+               for (int offset = 0; offset < s_len; offset += 64) {
+                       int len = s_len - offset;
+                       if (len > 64)
+                               len = 64;
+                       DEBUG_JTAG_IO("Splitting long jtag sequence: %d-bit chunk starting at offset %d", len, offset);
+                       cmsis_dap_add_jtag_sequence(
+                               len,
+                               sequence,
+                               s_offset + offset,
+                               tms,
+                               tdo_buffer,
+                               tdo_buffer == NULL ? 0 : (tdo_buffer_offset + offset)
+                               );
+               }
+               DEBUG_JTAG_IO("END JTAG SEQ SPLIT");
+               return;
+       }
+
+       int cmd_len = 1 + DIV_ROUND_UP(s_len, 8);
+       if (queued_seq_count >= 255 || queued_seq_buf_end + cmd_len > QUEUED_SEQ_BUF_LEN)
+               /* empty out the buffer */
+               cmsis_dap_flush();
+
+       ++queued_seq_count;
+
+       /* control byte */
+       queued_seq_buf[queued_seq_buf_end] =
+               (tms ? DAP_JTAG_SEQ_TMS : 0) |
+               (tdo_buffer != NULL ? DAP_JTAG_SEQ_TDO : 0) |
+               (s_len == 64 ? 0 : s_len);
+
+       if (sequence != NULL)
+               bit_copy(&queued_seq_buf[queued_seq_buf_end + 1], 0, sequence, s_offset, s_len);
+       else
+               memset(&queued_seq_buf[queued_seq_buf_end + 1], 0, DIV_ROUND_UP(s_len, 8));
+
+       queued_seq_buf_end += cmd_len;
+
+       if (tdo_buffer != NULL) {
+               struct pending_scan_result *scan = &pending_scan_results[pending_scan_result_count++];
+               scan->first = queued_seq_tdo_ptr;
+               queued_seq_tdo_ptr += DIV_ROUND_UP(s_len, 8);
+               scan->length = s_len;
+               scan->buffer = tdo_buffer;
+               scan->buffer_offset = tdo_buffer_offset;
+       }
+}
+
+/* queue a sequence of bits to clock out TMS, executing if the buffer is full */
+static void cmsis_dap_add_tms_sequence(const uint8_t *sequence, int s_len)
+{
+       DEBUG_JTAG_IO("%d bits: %02X", s_len, *sequence);
+       /* we use a series of CMD_DAP_JTAG_SEQ commands to toggle TMS,
+          because even though it seems ridiculously inefficient, it
+          allows us to combine TMS and scan sequences into the same
+          USB packet. */
+       /* TODO: combine runs of the same tms value */
+       for (int i = 0; i < s_len; ++i) {
+               bool bit = (sequence[i / 8] & (1 << (i % 8))) != 0;
+               cmsis_dap_add_jtag_sequence(1, NULL, 0, bit, NULL, 0);
+       }
+}
+
+/* Move to the end state by queuing a sequence to clock into TMS */
+static void cmsis_dap_state_move(void)
+{
+       uint8_t tms_scan;
+       uint8_t tms_scan_bits;
+
+       tms_scan = tap_get_tms_path(tap_get_state(), tap_get_end_state());
+       tms_scan_bits = tap_get_tms_path_len(tap_get_state(), tap_get_end_state());
+
+       DEBUG_JTAG_IO("state move from %s to %s: %d clocks, %02X on tms",
+               tap_state_name(tap_get_state()), tap_state_name(tap_get_end_state()),
+               tms_scan_bits, tms_scan);
+       cmsis_dap_add_tms_sequence(&tms_scan, tms_scan_bits);
+
+       tap_set_state(tap_get_end_state());
+}
+
+
+/* Execute a JTAG scan operation by queueing TMS and TDI/TDO sequences */
+static void cmsis_dap_execute_scan(struct jtag_command *cmd)
+{
+       DEBUG_JTAG_IO("%s type:%d", cmd->cmd.scan->ir_scan ? "IRSCAN" : "DRSCAN",
+               jtag_scan_type(cmd->cmd.scan));
+
+       /* Make sure there are no trailing fields with num_bits == 0, or the logic below will fail. */
+       while (cmd->cmd.scan->num_fields > 0
+                       && cmd->cmd.scan->fields[cmd->cmd.scan->num_fields - 1].num_bits == 0) {
+               cmd->cmd.scan->num_fields--;
+               LOG_DEBUG("discarding trailing empty field");
+       }
+
+       if (cmd->cmd.scan->num_fields == 0) {
+               LOG_DEBUG("empty scan, doing nothing");
+               return;
+       }
+
+       if (cmd->cmd.scan->ir_scan) {
+               if (tap_get_state() != TAP_IRSHIFT) {
+                       cmsis_dap_end_state(TAP_IRSHIFT);
+                       cmsis_dap_state_move();
+               }
+       } else {
+               if (tap_get_state() != TAP_DRSHIFT) {
+                       cmsis_dap_end_state(TAP_DRSHIFT);
+                       cmsis_dap_state_move();
+               }
+       }
+
+       cmsis_dap_end_state(cmd->cmd.scan->end_state);
+
+       struct scan_field *field = cmd->cmd.scan->fields;
+       unsigned scan_size = 0;
+
+       for (int i = 0; i < cmd->cmd.scan->num_fields; i++, field++) {
+               scan_size += field->num_bits;
+               DEBUG_JTAG_IO("%s%s field %d/%d %d bits",
+                       field->in_value ? "in" : "",
+                       field->out_value ? "out" : "",
+                       i,
+                       cmd->cmd.scan->num_fields,
+                       field->num_bits);
+
+               if (i == cmd->cmd.scan->num_fields - 1 && tap_get_state() != tap_get_end_state()) {
+                       DEBUG_JTAG_IO("Last field and have to move out of SHIFT state");
+                       /* Last field, and we're leaving IRSHIFT/DRSHIFT. Clock last bit during tap
+                        * movement. This last field can't have length zero, it was checked above. */
+                       cmsis_dap_add_jtag_sequence(
+                               field->num_bits - 1, /* number of bits to clock */
+                               field->out_value, /* output sequence */
+                               0, /* output offset */
+                               false, /* TMS low */
+                               field->in_value,
+                               0);
+
+                       /* Clock the last bit out, with TMS high */
+                       uint8_t last_bit = 0;
+                       if (field->out_value)
+                               bit_copy(&last_bit, 0, field->out_value, field->num_bits - 1, 1);
+                       cmsis_dap_add_jtag_sequence(
+                               1,
+                               &last_bit,
+                               0,
+                               true,
+                               field->in_value,
+                               field->num_bits - 1);
+                       tap_set_state(tap_state_transition(tap_get_state(), 1));
+
+                       /* Now clock one more cycle, with TMS low, to get us into a PAUSE state */
+                       cmsis_dap_add_jtag_sequence(
+                               1,
+                               &last_bit,
+                               0,
+                               false,
+                               NULL,
+                               0);
+                       tap_set_state(tap_state_transition(tap_get_state(), 0));
+               } else {
+                       DEBUG_JTAG_IO("Internal field, staying in SHIFT state afterwards");
+                       /* Clocking part of a sequence into DR or IR with TMS=0,
+                          leaving TMS=0 at the end so we can continue later */
+                       cmsis_dap_add_jtag_sequence(
+                               field->num_bits,
+                               field->out_value,
+                               0,
+                               false,
+                               field->in_value,
+                               0);
+               }
+       }
+
+       if (tap_get_state() != tap_get_end_state()) {
+               cmsis_dap_end_state(tap_get_end_state());
+               cmsis_dap_state_move();
+       }
+
+       DEBUG_JTAG_IO("%s scan, %i bits, end in %s",
+               (cmd->cmd.scan->ir_scan) ? "IR" : "DR", scan_size,
+               tap_state_name(tap_get_end_state()));
+}
+
+static void cmsis_dap_pathmove(int num_states, tap_state_t *path)
+{
+       int i;
+       uint8_t tms0 = 0x00;
+       uint8_t tms1 = 0xff;
+
+       for (i = 0; i < num_states; i++) {
+               if (path[i] == tap_state_transition(tap_get_state(), false))
+                       cmsis_dap_add_tms_sequence(&tms0, 1);
+               else if (path[i] == tap_state_transition(tap_get_state(), true))
+                       cmsis_dap_add_tms_sequence(&tms1, 1);
+               else {
+                       LOG_ERROR("BUG: %s -> %s isn't a valid TAP transition.",
+                                 tap_state_name(tap_get_state()), tap_state_name(path[i]));
+                       exit(-1);
+               }
+
+               tap_set_state(path[i]);
+       }
+
+       cmsis_dap_end_state(tap_get_state());
+}
+
+static void cmsis_dap_execute_pathmove(struct jtag_command *cmd)
+{
+       DEBUG_JTAG_IO("pathmove: %i states, end in %i",
+                     cmd->cmd.pathmove->num_states,
+              cmd->cmd.pathmove->path[cmd->cmd.pathmove->num_states - 1]);
+
+       cmsis_dap_pathmove(cmd->cmd.pathmove->num_states, cmd->cmd.pathmove->path);
+}
+
+static void cmsis_dap_stableclocks(int num_cycles)
+{
+       int i;
+
+       uint8_t tms = tap_get_state() == TAP_RESET;
+       /* TODO: Perform optimizations? */
+       /* Execute num_cycles. */
+       for (i = 0; i < num_cycles; i++)
+               cmsis_dap_add_tms_sequence(&tms, 1);
+}
+
+static void cmsis_dap_runtest(int num_cycles)
+{
+       tap_state_t saved_end_state = tap_get_end_state();
+
+       /* Only do a state_move when we're not already in IDLE. */
+       if (tap_get_state() != TAP_IDLE) {
+               cmsis_dap_end_state(TAP_IDLE);
+               cmsis_dap_state_move();
+       }
+       cmsis_dap_stableclocks(num_cycles);
+
+       /* Finish in end_state. */
+       cmsis_dap_end_state(saved_end_state);
+
+       if (tap_get_state() != tap_get_end_state())
+               cmsis_dap_state_move();
+}
+
+static void cmsis_dap_execute_runtest(struct jtag_command *cmd)
+{
+       DEBUG_JTAG_IO("runtest %i cycles, end in %i", cmd->cmd.runtest->num_cycles,
+                     cmd->cmd.runtest->end_state);
+
+       cmsis_dap_end_state(cmd->cmd.runtest->end_state);
+       cmsis_dap_runtest(cmd->cmd.runtest->num_cycles);
+}
+
+static void cmsis_dap_execute_stableclocks(struct jtag_command *cmd)
+{
+       DEBUG_JTAG_IO("stableclocks %i cycles", cmd->cmd.runtest->num_cycles);
+       cmsis_dap_stableclocks(cmd->cmd.runtest->num_cycles);
+}
+
+/* TODO: Is there need to call cmsis_dap_flush() for the JTAG_PATHMOVE,
+ * JTAG_RUNTEST, JTAG_STABLECLOCKS? */
 static void cmsis_dap_execute_command(struct jtag_command *cmd)
 {
        switch (cmd->type) {
                case JTAG_RESET:
+                       cmsis_dap_flush();
                        cmsis_dap_execute_reset(cmd);
                        break;
                case JTAG_SLEEP:
+                       cmsis_dap_flush();
                        cmsis_dap_execute_sleep(cmd);
                        break;
+               case JTAG_TLR_RESET:
+                       cmsis_dap_flush();
+                       cmsis_dap_execute_tlr_reset(cmd);
+                       break;
+               case JTAG_SCAN:
+                       cmsis_dap_execute_scan(cmd);
+                       break;
+               case JTAG_PATHMOVE:
+                       cmsis_dap_execute_pathmove(cmd);
+                       break;
+               case JTAG_RUNTEST:
+                       cmsis_dap_execute_runtest(cmd);
+                       break;
+               case JTAG_STABLECLOCKS:
+                       cmsis_dap_execute_stableclocks(cmd);
+                       break;
+               case JTAG_TMS:
                default:
-                       LOG_ERROR("BUG: unknown JTAG command type encountered");
+                       LOG_ERROR("BUG: unknown JTAG command type 0x%X encountered", cmd->type);
                        exit(-1);
        }
 }
@@ -949,6 +1468,8 @@ static int cmsis_dap_execute_queue(void)
                cmd = cmd->next;
        }
 
+       cmsis_dap_flush();
+
        return ERROR_OK;
 }
 
@@ -979,6 +1500,15 @@ static int cmsis_dap_khz(int khz, int *jtag_speed)
        return ERROR_OK;
 }
 
+static int_least32_t cmsis_dap_swd_frequency(int_least32_t hz)
+{
+       if (hz > 0)
+               cmsis_dap_speed(hz / 1000);
+
+       return hz;
+}
+
+
 COMMAND_HANDLER(cmsis_dap_handle_info_command)
 {
        if (cmsis_dap_get_version_info() == ERROR_OK)
@@ -1076,12 +1606,14 @@ static const struct command_registration cmsis_dap_command_handlers[] = {
 
 static const struct swd_driver cmsis_dap_swd_driver = {
        .init = cmsis_dap_swd_init,
+       .frequency = cmsis_dap_swd_frequency,
+       .switch_seq = cmsis_dap_swd_switch_seq,
        .read_reg = cmsis_dap_swd_read_reg,
        .write_reg = cmsis_dap_swd_write_reg,
-       .run = cmsis_dap_swd_run,
+       .run = cmsis_dap_swd_run_queue,
 };
 
-const char *cmsis_dap_transport[] = {"cmsis-dap", NULL};
+static const char * const cmsis_dap_transport[] = { "swd", "jtag", NULL };
 
 struct jtag_interface cmsis_dap_interface = {
        .name = "cmsis-dap",