B.6.1. Determining the core state

When the processor has entered debug state from Thumb state, the simplest method is for the debugger to force the core back into ARM state. The debugger can then execute the same sequence of instructions to determine the processor state.

To force the processor into ARM state, execute the sequence of Thumb instructions shown in Example B.1 on the core (with the SYSSPEED bit clear).

Example B.1. Forcing the processor from Thumb state to ARM state


STR R0, [R1] ; Save R0 before use
MOV R0, PC   ; Copy PC into R0
STR R0, [R1] ; Now save the PC in R0
BX PC        ; Jump into ARM state
MOV R8, R8   ; NOP
MOV R8, R8   ; NOP

Note

Because all Thumb instructions are only 16 bits long, the simplest method, when shifting scan chain 1, is to repeat the instruction. For example, the encoding for BX R0 is 0x4700, so when 0x47004700 shifts into scan chain 1, the debugger does not have to keep track of the half of the bus on which the processor expects to read the data.

When the processor has entered debug state from Jazelle state, the debugger must force the core into ARM state before doing anything else. The debugger can then execute the same sequence of instructions to determine the processor state.

To force the processor into ARM state from Jazelle state execute the sequence of ARM instructions shown in Example B.2 on the core (with the SYSSPEED bit clear).

Example B.2. Forcing the processor from Jazelle state to ARM state


STMIA r0,{r0,pc} ; save r0 before use and take note of PC at debug entry
LDMIA r0,{r0}    ; load r0 with a word aligned address (to jump to ARM state)
BX r0            ; jump to ARM state

Note

When the processor has entered debug state from Jazelle state the scan chain is used to scan instructions into the ARM instruction decode stage of the pipeline not the Jazelle decode stage.

You can use the sequences of ARM instructions shown in Example B.3 to determine the processor state.

With the processor in the ARM state, typically the first instruction to execute is:

STMIA R0, {R0-R15}

This instruction causes the contents of the registers to appear on the data bus. You can then sample and shift out these values.

Note

The use of r0 as the base register for the STM is only for illustration, and you can use any register.

After you have determined the values in the bank of registers available in the current mode, you might want to access the other banked registers. To do this, you must change mode. Normally, a mode change can occur only if the core is already in a privileged mode. However, while in debug state, a mode change can occur from any mode into any other mode.

The debugger must restore the original mode before exiting debug state. For example, if the debugger has been requested to return the state of the User mode registers and FIQ mode registers, and debug state is entered in Supervisor mode, the instruction sequence can be as shown in Example B.3.

Example B.3. Determining the core state

STMIA R0, {R0-R15}; Save current registers
MRS  R0, CPSR
STR  R0, [R0]; Save CPSR to determine current mode
BIC  R0, 0x1F; Clear mode bits
ORR  R0, 0x10; Select User mode
MSR  CPSR, R0; Enter User mode
STMIA R0, {R13,R14}; Save registers not previously visible
ORR R0, 0x01; Select FIQ mode
MSR CPSR, R0; Enter FIQ mode
STMIA R0, {R8-R14}; Save banked FIQ registers

All these instructions execute at debug speed. Debug speed is much slower than system speed. This is because between each core clock, 67 clocks occur in order to shift in an instruction, or shift out data. Executing instructions this slowly is acceptable for accessing the core state because the ARM7EJ-S processor is fully static. However, you cannot use this method for determining the state of the rest of the system.

While in debug state, you can only scan the following ARM or Thumb instructions into the instruction pipeline for execution:

Copyright ©  2001 ARM Limited. All rights reserved.ARM DDI 0214B
Non-Confidential