8.9.1. Determining the core’s state

If the processor has entered debug state from THUMB state, the simplest course of action is for the debugger to force the core back into ARM state. Once this is done, the debugger can always execute the same sequence of instructions to determine the processor's state.

While in debug state, only the following instructions may legally be scanned into the instruction pipeline for execution:

Moving to ARM state

To force the processor into ARM state, the following sequence of THUMB instructions should be executed on the core:

STR R0, [R0]      ; Save R0 before use
MOV R0, PC        ; Copy PC into R0
STR R0, [R0]      ; Now save the PC in R0
BX  PC            ; Jump into ARM state
MOV R8, R8        ; NOP
MOV R8, R8        ; NOP

As all THUMB instructions are only 16 bits long, the simplest course of action when shifting them into scan chain 1 is to repeat the instruction twice.

For example, the encoding for BX R0 is 0x4700. Therefore, if 0x47004700 is shifted into scan chain 1, the debugger does not have to keep track of which half of the bus the processor expects to read the data from.

From this point on, the processor's state can be determined by the sequences of ARM instructions described below.

In ARM state

Once the processor is in ARM state, the first instruction executed would typically be:

STM R0, {R0-R15}

This makes the contents of the registers visible on the data bus. These values can then be sampled and shifted out.

Note

The above use of R0 as the base register for STM is for illustration only: any register could be used.

Accessing banked registers

After determining the values in the current bank of registers, it may be desirable to access the banked registers. This can only be done by changing mode. Normally, a mode change may only occur if the core is already in a privileged mode. However, while in debug state, a mode change from any mode into any other mode may occur.

Note

The debugger must restore the original mode before exiting debug state.

For example, assume that the debugger had been asked to return the state of the USER and FIQ mode registers, and debug state was entered in supervisor mode.

The instruction sequence could be:

STM R0, {R0-R15}    ; Save current registers
MRS R0, CPSR
STR R0, R0          ; Save CPSR to determine current mode
BIC R0, 0x1F        ; Clear mode bits
ORR R0, 0x10        ; Select user mode
MSR CPSR, R0        ; Enter USER mode
STM R0, {R13,R14}   ; Save register not previously visible
ORR R0, 0x01        ; Select FIQ mode
MSR CPSR, R0        ; Enter FIQ mode
STM R0, {R8-R14}    ; Save banked FIQ registers

All these instructions are said to execute at debug speed. Debug speed is much slower than system speed because between each core clock, 33 scan clocks occur in order to shift in an instruction, or shift out data. Executing instructions more slowly than usual is fine for accessing the core’s state because ARM7DMT is fully static. However, this same method cannot be used for determining the state of the rest of the system.

Copyright © 1997, 1998 ARM Limited. All rights reserved.DDI 0087E
Non-Confidential