Epson ARM720T 9.16.1 Determining the core state

9: Debugging Your System

ARM720T CORE CPU MANUAL EPSON 9-27

9.16.1 Determining the core state

When the processor has entered debug state from Thumb state, the simplest course of action

is for the debugger to force the core back into ARM state. The debugger can then execute the

same sequence of instructions to determine the processor state.

To force the processor into ARM state, execute the following sequence of Thumb instructions

on the core:

STR R0, [R0] ; Save R0 before use

MOV R0, PC ; Copy PC into R0

STR R0, [R0] ; Now save the PC in R0

BX PC ; Jump into ARM state

MOV R8, R8 ; NOP

MOV R8, R8 ; NOP

Note: Because all Thumb instructions are only 16 bits long, you can repeat the instruction

when shifting scan chain 1. For example, the encoding for BX R0 is 0x4700, so when

0x47004700 shifts into scan chain 1, the debugger does not have to keep track of the

half of the bus on which the processor expects to read the data.

You can use the sequences of ARM instructions below to determine the state of the processor.

With the processor in the ARM state, the first instruction to execute is typically:

STM R0, {r0-r15}

This instruction causes the contents of the registers to appear on the data bus. You can then

sample and shift out these values.

Note: The use of r0 as the base register for the STM is only for illustration, any register

can be used.

After you have determined the values in the current bank of registers, you might wish to

access the banked registers. To do this, you must change mode. Normally, a mode change can

occur only if the core is already in a privileged mode. However, while in debug state, a mode

change from one mode into any other mode can occur.

The debugger must restore the original mode before exiting debug state. For example, if the

debugger was requested to return the state of the User mode registers, and FIQ mode

registers, and debug state was entered in Supervisor mode, the instruction sequence might be:

STM R0, {r0-r15} ; Save current registers

MRS R0, CPSR

STR R0, R0 ; Save CPSR to determine current mode

BIC R0, 0x1F ; Clear mode bits

ORR R0, 0x10 ; Select user mode

MSR CPSR, R0 ; Enter USER mode

STM R0, {r13,r14} ; Save register not previously visible

ORR R0, 0x01 ; Select FIQ mode

MSR CPSR, R0 ; Enter FIQ mode

STM R0, {r8-r14} ; Save banked FIQ registers

Contents

Main CORE CPU MANUAL ARM720T Revision 4 (AMBA AHB Bus Interface Version) Page Page Page Contents Preface 1 Introduction 2 Programmers Model 3 Configuration 4 Instruction and Data Cache 7 Memory Management Unit 8 Coprocessor Interface 9 Debugging Your System 10 ETM Interface 11 Test Support Glossary Index List of Figures Page List of Tables Page Page Page Page Preface About this document Coprocessor Interface Debugging Your System italic Signal Descriptions Test Support Timing diagram conventions AMBA Specification (Rev 2.0) Further reading Standard Test Access Port and Boundary Scan Architecture ARM7TDMI-S (Rev 4) Technical Reference Manual Page Page Page 1 1.1 About the ARM720T processor Reduced Instruction Set Computer Embedded Trace Macrocell Direct Memory Access A block diagram of the ARM720T processor is shown in Figure 1-1. Figure 1-1 720T Block diagram ARM720T CORE CPU MANUAL EPSON 1-3 The functional signals on the ARM720T processor are shown in Figure 1-2. Figure 1-2 ARM720T processor functional signals 1.1.1 EmbeddedICE-RT logic Debug Communications Channel Joint Test Action Group (JTAG) test access port. Debugging Your System 1.2 Coprocessors Configuration 1.3 About the instruction set 1.3.1 Format summary ARM instruction set Thumb instruction set ARM Architecture Reference Manual ARM720T CORE CPU MANUAL EPSON 1-7 1.3.2 ARM instruction set . The ARM instruction set formats are shown in Figure 1-3. Figure 1-3 ARM instruction set formats Note: Some instruction codes are not defined but do not cause the Undefined instruction The ARM instruction set summary is shown in Table 1-2. Table 1-2 ARM inst ru ctio n su mm ary Table1-2 ARM inst ru ctio n su mm ary (contin ue d) Addressing mode 2, <a_mode2>, is shown in Table 1-3. Table1-3 Addressing mode 2 Table1-2 ARM instruction summary (continued) Page Page Condition fields, {cond}, are shown in Table 1-11. Table1-11 Condition fields 1-14 EPSON ARM720T CORE CPU MANUAL 1.3.3 Thumb instruction set . The Thumb instruction set formats are shown in Figure 1-4. Figure 1-4 Thumb instruction set formats The Thumb instruction set summary is shown in Table 1-12. Table 1-12 Thumb instruction summary Table1-12 Thumb instruction summary (continued) prefetch buffer. Table1-12 Thumb instruction summary (continued) Page Page Page 2 2.1 Processor operating states Fast Interrupt reQuest Interrupt ReQuest 2.1.1 Switching between processor states 2.2 Memory formats Big-endian format Little-endian format 2.2.1 Big-endian format 2.2.2 Little-endian format 2.3 Instruction length 2.4 Data types 2.5 Operating modes 2.5.1 Changing operating modes Current Program Status Register Program Counter Branch and Link Figure 2-3 Register organization in ARM state ARM state general registers and program counter ARM state program status registers 2: Programmers Model 2-6 EPSON ARM720T CORE CPU MANUAL 2.6.2 The Thumb state register set Saved Program Status Registers Link Register a (SP) 2.6.3 The relationship between ARM and Thumb state registers 2.6.4 Accessing high registers in Thumb state 2.7 Program status registers 2.7.1 The condition code flags 2.7.2 The control bits 2.7.3 Reserved bits 2.8 Exceptions Exception priorities Exception restrictions Exception priorities Exception vectors 2.8.2 Action on leaving an exception 2.8.3 Exception entry and exit summary 2.8.4 Fast interrupt request 2.8.5 Interrupt request 2.8.6 Abort External aborts 2.8.7 Software interrupt 2.8.8 Undefined instruction 2.8.9 Exception vectors Control Register 2.8.10 Exception priorities 2.8.11 Exception restrictions 2.9 Relocation of low virtual addresses by the FCSE PID Fast Context Switch Extension Process IDentifier 2.10 Reset Translation Lookaside Buffer Write Buffer 2.11 Implementation-defined behavior of instructions Indexed addressing on a Data Abort Early termination 2.11.1 Indexed addressing on a Data Abort 2.11.2 Early termination Page Page Page 3 3.1 About configuration 3.1.1 Compatibility 3.1.2 Notation 3.2 Internal coprocessor instructions 3.3 Registers 3.3.1 ID Register 3.3.2 Control Register Interaction of the MMU and cache 3.3.3 Translation Table Base Register 3.3.4 Domain Access Control Register 3.3.5 Fault Status Register Fault address and fault status registers Fault Status Register 3.3.6 Fault Address Register Fault Address Register Translation Lookaside Buffer 3.3.7 Cache Operations Register 3.3.8 TLB Operations Register 3.3.9 Process Identifier Registers Page Page Page Page 4 4.1 About the instruction and data cache Instruction and Data Cache 4.1.1 IDC operation 4.1.2 Cachable bit 4.2 IDC validity 4.2.1 Software IDC flush 4.2.2 Doubly-mapped space 4.3 IDC enable, disable, and reset Page Page 5 5.1 About the write buffer Bufferable 5.1.1 Bufferable bit 5.2 Write buffer operation 5.2.1 Bufferable write 5.2.2 Unbufferable write 5.2.3 Read-lock-write 5.2.4 Reading from a noncachable area Page Page 6 6.1 About the bus interface AMBA specification Advanced High-performance Bus 6.1.1 Summary of the AHB transfer mechanism Address and control signals AMBA Specification (Rev 2.0) 6.2 Bus interface signals Tran sfer typ es Reset Bus clocking Arbitration The AHB bus master interface signals are shown in Figure 6-2. Figure 6-2 AHB bus master interface 6.3 Transfer types Page 6.4 Address and control signals HADDR[31:0] HPROT[3:0] HBURST[2:0] HWRITE 6.4.4 HBURST[2:0] 6.4.5 HPROT[3:0] 6.5 Slave transfer response signals 6.5.1 HREADY 6.5.2 HRESP[1:0] 6.6 Data buses 6.6.1 HWDATA[31:0] 6.6.2 HRDATA[31:0] 6.6.3 Endianness 6.7 Arbitration 6.7.1 HBUSREQ 6.7.2 HLOCK 6.7.3 HGRANT 6.8 Bus clocking 6.8.1 HCLK 6.8.2 HCLKEN 6.9 Reset Page Page Page 7 Memory Management Unit Modified Virtual Address 7.1 About the MMU 7.1.1 Access permissions and domains 7.1.2 Translated entries 7.2 MMU program-accessible registers Configuration 7.3 Address translation 7.3.1 Translation Table Base Register Translat ion Table Base 7: Memory Management Unit ARM720T CORE CPU MANUAL EPSON 7-5 Figure 7-2 Translating page tables Level one fetch Level two fetch 7.3.2 Level one fetch 7.3.3 Level one descriptor Level one descriptor bit assignments are shown in Table 7-2. Table7-2 Level one de scripto r bits Table7-3 Interpreting level one descripto r bits [1:0] 7.3.4 Section descriptor 7.3.5 Coarse page table descriptor 7.3.6 Fine page table descriptor 7.3.7 Translating section references 7.3.8 Level two descriptor Page 7-12 EPSON ARM720T CORE CPU MANUAL 7.3.9 Translating large page references TableindexTranslation base Figure 7-10 shows the complete translation sequence for a 64KB large page. ARM720T CORE CPU MANUAL EPSON 7-13 7.3.10 Translating small page references TableindexTranslation base Figure 7-11 shows the complete translation sequence for a 4KB small page. 7.3.11 Translating tiny page references Domain access control 7.3.12 Subpages 7.4 MMU faults and CPU aborts Fault address and fault status registers 7.5 Fault address and fault status registers 7.5.1 Fault Status 7.6 Domain access control Access Permission Table 7-10 shows how to interpret the 7.7 Fault checking sequence Alignment fault Permission fault Domain fault Translation fault 7.7.2 Translation fault 7.7.3 Domain fault 7.7.4 Permission fault 7.8 External aborts Bus Interface Unit Enabling the MMU Disabling the MMU 7.9 Interaction of the MMU and cache Page Page Page 8 8.1 About coprocessors 8.1.1 Coprocessor availability 8.2 Coprocessor interface signals Pipeline-following signals Privileged instructions Undefined instructions Not using an external coprocessor 8.3 Pipeline-following signals all 8.4 Coprocessor interface handshaking Coprocessor signaling 8.4.1 The coprocessor 8.4.2 The ARM720T core 8.4.3 Coprocessor signaling 8.4.4 Consequences of busy-waiting 8.4.5 Coprocessor register transfer instructions 8.4.6 Coprocessor data operations 8.4.7 Coprocessor load and store operations 8.5 Connecting coprocessors 8.5.1 Connecting a single coprocessor . 8.5.2 Connecting multiple coprocessors 8.6 Not using an external coprocessor 8.7 STC operations 8.8 Undefined instructions 8.9 Privileged instructions Page Page 9 9.1 About debugging your system 9.1.1 A typical debug system ARM Debugger for Windows 9.2 Controlling debugging The EmbeddedICE-RT macrocell The TAP controller 9.2.1 Debug modes debug state Examining the core and the system in debug state Store Multiple Monitor mode debugging 9.3 Entry into debug state 9.3.1 Entry into debug state on breakpoint 9.3.2 Entry into debug state on watchpoint Abort 9.3.3 Entry into debug state on debug request Programming breakpoints Programming watchpoints 9.3.4 Action of the ARM720T processor in debug state 9.3.5 Clocks 9.4 Debug interface Standard Test Access Port and Boundary-Scan Architecture 9.4.1 Debug interface signals 9.5 ARM720T core clock domains 9.6 The EmbeddedICE-RT macrocell Watchpoint unit registers The debug communications channel EmbeddedICE-RT timing 9.7 Disabling EmbeddedICE-RT Debug 9.8 EmbeddedICE-RT register map 9.9 Monitor mode debugging 9.9.1 Enabling monitor mode Debug 9.9.2 Restrictions on monitor-mode debugging 9.10 The debug communications channel Debug Communication Channel Domain Access Control Register Communications through the DCC 9.10.1 Domain Access Control Register Page 9.10.2 Communications through the DCC 9.11 Scan chains and the JTAG interface Test Access Port Test data registers Standard Test Access Port and Boundary-Scan Architecture 9.11.1 Scan chain implementation 9.11.2 Controlling the JTAG interface Instruction register The TAP controller Test Access Port 9.12 The TAP controller 9.12.1 Resetting the TAP controller 9.13 Public JTAG instructions 9.13.1 SCAN_N (b0010) 9.13.2 INTEST (b1100) 9.13.3 IDCODE (b1110) ARM720T processor device identification (ID) code register 9.13.4 BYPASS (b1111) 9.13.5 RESTART (b0100) Exit from debug state 9.14 Test data registers Bypass register Scan chain 2 Scan chain 1 Scan path select register 9.14.3 Instruction register 9.14.4 Scan path select register 9.14.5 Scan ch ains 1 and 2 System speed access 9.15 Scan timing 9.15.1 Scan chain 1 cells 9.16 Examining the core and the system in debug state 9.16.1 Determining the core state 9.16.2 Determining system state Exit from debug state 9.17 Exit from debug state The program counter during debug 9.18 The program counter during debug Breakpoints System speed access Debug request Watchpoint with another exception 9.18.3 Watchpoint with another exception 9.18.4 Debug request 9.18.5 System speed access 9.18.6 Summary of return address calculations 9.19 Priorities and exceptions Data Aborts The program counter during debug Breakpoint with Prefetch Abort Interrupts 9.20 Watchpoint unit registers 9.20.1 Programming and reading watchpoint registers + 9.20.2 Using the data, and address mask registers 9.20.3 The watchpoint unit control registers 9.21 Programming breakpoints Hardware breakpoints Software breakpoints Hardware breakpoints 9.21.1 Hardware breakpoints 9.21.2 Software breakpoints 9.22 Programming watchpoints 9.23 Abort status register 9.24 Debug control register Watchpoint unit registers 9.24.1 Disabling interrupts 9.24.2 Forcing DBGRQ 9.24.3 Forcing DBGACK 9.25 Debug status register 9: Debugging Your System 9-42 EPSON ARM720T CORE CPU MANUAL The structure of the debug control and status registers is shown in Figure 9-17. Figure 9-17 Debug control and status register structure 9.26 Coupling breakpoints and watchpoints 9.26.1 Breakpoint and watchpoint coupling example 9.26.2 DBGRNG signal 9.27 EmbeddedICE-RT timing Page Page 10 10.1 About the ETM interface Embedded Trace Macrocell Specification Embedded Trace Macrocell 10.2 Enabling and disabling the ETM7 interface 10.3 Connections between the ETM7 macrocell and the ARM720T processor 10.4 Clocks and resets ETM7 Technical Reference Manual ETM7 Technical Reference Manual 10.5 Debug request wiring 10.6 TAP interface wiring Page Page Page 11 11.1 About the ARM720T test registers MMU test registers and operations Cache test registers and operations Test State Register 11.2 Automatic Test Pattern Generation (ATPG) Automatic Test Pattern Generation 11.2.1 ARM720T processor INTEST/EXTEST wrapper 11.3 Test State Register 11.4 Cache test registers and operations Page Page 11.4.1 Addressing the CAM and RAM Page 11.5 MMU test registers and operations Translat ion Table Base Fault Address Register Fault Status Register Domain Access Control Page Page Page 11.5.1 Addressing the CAM, RAM1, and RAM2 Page Page Page Page A A.1 AMBA interface signals A.2 Coprocessor interface signals A.3 JTAG and test signals A.4 Debugger signals The debugger signal descriptions are shown in Table A-4. TableA-4 De bugger signal descriptions TableA-3 JTAG and test signal descriptions (continued) A.5 Embedded trace macrocell interface signals The ETM interface signals are shown in TableA-5. TableA-5 ETM interface signal descriptions TableA-4 Debugger signal descriptions TableA-5 ETM interface signal descriptions (continued) A.6 ATPG test signals ATPG test signals used by the ARM720T processor are shown in TableA-6. Miscellaneous signals used by the ARM720T processor are shown in Table A-7. A.7 Miscellaneous signals TableA-6 ATPG test signal descriptions Page Page Page Glossary See also See monitor mode halt mode See Monitor mode See Joint Test Action Group See also In-Circuit Emulator Halt mode See See also See Saved PSR Page Page Page Page ARM DDI 0229B EPSON Index-1 Index A B C D E F G H I O P R S Index-4 EPSON ARM DDI 0229B T U W International Sales Operations ASIA EUROPE AMERICA ARM720T Revision 4 (AMBA AHB Bus Interface Version)