9.10.1. Determining the core state

If the processor has entered debug state from Thumb state, it is easiest for the debugger to force the core back into ARM state. When this is done, the debugger can execute the same sequence of instructions to determine the processor state.

To force the processor into ARM state, the following sequence of Thumb instructions can be executed on the core:

STR R0, [R1]    ; Save R0 before use
MOV R0, PC      ; Copy PC into R0
STR R0, [R1]    ; Save the PC in R0
BX  PC          ; Jump into ARM state
MOV R8, R8      ; NOP (no operation)
MOV R8, R8      ; NOP

The above use of R1 as the base register for stores is for illustration only. You can use any register.

Because all Thumb instructions are only 16 bits long, you can duplicate the instruction in the instruction data bus bits, when shifting them into scan chain 1. For example, the encoding for BX R0 is 0x4700. Therefore, if 0x47004700 is shifted into the 32 bits of the instruction data bus of scan chain 1, the debugger does not have to remember the half of the bus that the processor expects to read instructions from.

From this point, you can determine the processor state by the following series of steps of ARM instructions.

When the processor is in ARM state, typically the first instruction executed is:

STM R0, {R0-R15}

This causes the contents of the registers to be made visible on the data data bus. These values can then be sampled and shifted out.

After determining the values in the current bank of registers, you might want to access the banked registers. This can only be done by changing mode. Normally, a mode change can only occur if the core is already in a privileged mode. However, while in debug state, a mode change can occur from any mode into any other mode.

Note

The debugger must restore the original mode before exiting debug state.

For example, assume that the debugger has been asked to return the state of the User mode and FIQ mode registers, and debug state has been entered in Supervisor mode.

The instruction sequence might be:

STMIA   R0, {R0-R15}        ; Save current registers
MRS     R0, CPSR
STR     R0, [R0]            ; Save CPSR to determine current mode
BIC     R0, R0, #0x1F       ; Clear mode bits
ORR     R0, R0, #0x10       ; Select USER mode
MSR     CPSR, R0            ; Enter USER mode
STMIA   R0, {R13-R14}       ; Save registers not previously visible
ORR     R0, R0, #0x01       ; Select FIQ mode
MSR     CPSR, R0            ; Enter FIQ mode
STMIA   R0, {R8-R14}        ; Save banked FIQ registers

All these instructions are said to execute at debug speed. Debug speed is much slower than system speed because, between each core clock, 67 scan clocks occur in order to shift in an instruction or shift out data. Executing instructions more slowly than usual is fine for accessing the core state because the ARM922T is fully static. However, you cannot use this same method for determining the state of the rest of the system.

While in debug state, only the following instructions can be inserted into the instruction pipeline for execution:

Copyright © 2000, 2001 ARM Limited. All rights reserved.ARM DDI 0184B
Non-Confidential