1 /*! \file jtagarm7tdmi.c
2 \brief ARM7TDMI JTAG (AT91R40008, AT91SAM7xxx)
8 #include "jtagarm7tdmi.h"
11 /**** 20-pin Connection Information (pin1 is on top-right for both connectors)****
12 GoodFET -> 7TDMI 20-pin connector (HE-10 connector)
19 9 4,6,8,10,12,14,16,18,20 (GND)
20 11 17/3 (nTRST) (different sources suggest 17 or 3 alternately)
21 ********************************/
23 /**** 14-pin Connection Information (pin1 is on top-right for both connectors)****
24 GoodFET -> 7TDMI 14-pin connector
34 http://hri.sourceforge.net/tools/jtag_faq_org.html
35 ********************************/
42 /****************************************************************
43 Enabling jtag likely differs with most platforms. We will attempt to enable most from here. Override jtagarm7tdmi_start() to extend for other implementations
44 ARM7TDMI enables three different scan chains:
45 * Chain0 - "entire periphery" including data bus
46 * Chain1 - core data bus (subset of Chain0) - Instruction Pipeline
47 * Chain2 - EmbeddedICE Logic Registers - This is our way into the fun stuff.
51 You can disable EmbeddedICE-RT by setting the DBGEN input LOW.
53 Hard wiring the DBGEN input LOW permanently disables all debug functionality.
54 When DBGEN is LOW, it inhibits DBGDEWPT, DBGIEBKPT, and EDBGRQ to
55 the core, and DBGACK from the ARM9E-S core is always LOW.
60 When the ARM9E-S core is in debug state, you can examine the core and system state
61 by forcing the load and store multiples into the instruction pipeline.
62 Before you can examine the core and system state, the debugger must determine
63 whether the processor entered debug from Thumb state or ARM state, by examining
64 bit 4 of the EmbeddedICE-RT debug status register. If bit 4 is HIGH, the core has
65 entered debug from Thumb state.
66 For more details about determining the core state, see Determining the core and system
71 --- olimex - http://www.olimex.com/dev/pdf/arm-jtag.pdf
72 JTAG signals description:
73 PIN.1 (VTREF) Target voltage sense. Used to indicate the target’s operating voltage to thedebug tool.
74 PIN.2 (VTARGET) Target voltage. May be used to supply power to the debug tool.
75 PIN.3 (nTRST) JTAG TAP reset, this signal should be pulled up to Vcc in target board.
76 PIN4,6, 8, 10,12,14,16,18,20 Ground. The Gnd-Signal-Gnd-Signal strategy implemented on the 20-way connection scheme improves noiseimmunity on the target connect cable.
77 *PIN.5 (TDI) JTAG serial data in, should be pulled up to Vcc on target board.
78 *PIN.7 (TMS) JTAG TAP Mode Select, should be pulled up to Vcc on target board.
79 *PIN.9 (TCK) JTAG clock.
80 PIN.11 (RTCK) JTAG retimed clock.Implemented on certain ASIC ARM implementations the host ASIC may need to synchronize external inputs (such as JTAG inputs) with its own internal clock.
81 *PIN.13 (TDO) JTAG serial data out.
82 *PIN.15 (nSRST) Target system reset.
83 *PIN.17 (DBGRQ) Asynchronous debug request. DBGRQ allows an external signal to force the ARM core into debug mode, should be pull down to GND.
84 PIN.19 (DBGACK) Debug acknowledge. The ARM core acknowledges debug-mode inresponse to a DBGRQ input.
87 ----------- SAMPLE TIMES -----------
89 TDI and TMS are sampled on the rising edge of TCK and TDO transitions appear on the falling edge of TCK. Therefore, TDI and TMS must be written after the falling edge of TCK and TDO must be read after the rising edge of TCK.
91 for this module, we keep tck high for all changes/sampling, and then bounce it.
92 ****************************************************************/
97 // ! Start JTAG, setup pins, reset TAP and return IDCODE
98 unsigned long jtagarm7tdmi_start() {
100 jtagarm7tdmi_resettap();
101 return jtagarm7tdmi_idcode();
105 //! Reset TAP State Machine
106 void jtagarm7tdmi_resettap(){ // PROVEN
108 jtag_reset_to_runtest_idle();
113 /************************************************************************
114 * ARM7TDMI core has 6 primary registers to be connected between TDI/TDO
117 * * Scan Chain Select Register (4 bits_lsb)
118 * * Scan Chain 0 (105 bits: 32_databits_lsb + ctrlbits + 32_addrbits_msb)
119 * * Scan Chain 1 (33 bits: 32_bits + BREAKPT)
120 * * Scan Chain 2 (38 bits: rw + 5_regbits_msb + 32_databits_msb)
121 ************************************************************************/
125 /************************** Basic JTAG Verb Commands *******************************/
126 //! Grab the core ID.
127 unsigned long jtagarm7tdmi_idcode(){ // PROVEN
128 jtagarm7tdmi_resettap();
129 jtag_goto_shift_ir();
130 jtagtransn(ARM7TDMI_IR_IDCODE, 4, LSB);
131 jtag_goto_shift_dr();
132 return jtagtransn(0,32, LSB);
135 //! Connect Bypass Register to TDO/TDI
136 //unsigned char jtagarm7tdmi_bypass(){ // PROVEN
137 // jtagarm7tdmi_resettap();
138 // jtag_goto_shift_ir();
139 // return jtagarmtransn(ARM7TDMI_IR_BYPASS, 4, LSB, END, NORETIDLE);
141 //! INTEST verb - do internal test
142 //unsigned char jtagarm7tdmi_intest() {
143 // jtag_goto_shift_ir();
144 // return jtagarmtransn(ARM7TDMI_IR_INTEST, 4, LSB, END, NORETIDLE);
147 //! EXTEST verb - act like the processor to external components
148 //unsigned char jtagarm7tdmi_extest() {
149 // jtag_goto_shift_ir();
150 // return jtagarmtransn(ARM7TDMI_IR_EXTEST, 4, LSB, END, NORETIDLE);
154 //unsigned long jtagarm7tdmi_sample() {
155 // jtagarm7tdmi_ir_shift4(ARM7TDMI_IR_SAMPLE); // ???? same here.
156 // return jtagtransn(0,32);
160 unsigned long jtagarm7tdmi_restart() {
161 unsigned long retval;
162 jtag_goto_shift_ir();
163 retval = jtagtransn(ARM7TDMI_IR_RESTART, 4, LSB);
165 //jtagarm7tdmi_resettap();
169 //! ARM7TDMI_IR_CLAMP 0x5
170 //unsigned long jtagarm7tdmi_clamp() {
171 // jtagarm7tdmi_resettap();
172 // jtag_goto_shift_ir();
173 // jtagarmtransn(ARM7TDMI_IR_CLAMP, 4, LSB, END, NORETIDLE);
174 // jtag_goto_shift_dr();
175 // return jtagarmtransn(0, 32, LSB, END, RETIDLE);
178 //! ARM7TDMI_IR_HIGHZ 0x7
179 //unsigned char jtagarm7tdmi_highz() {
180 // jtagarm7tdmi_resettap();
181 // jtag_goto_shift_ir();
182 // return jtagarmtransn(ARM7TDMI_IR_HIGHZ, 4, LSB, END, NORETIDLE);
185 //! define ARM7TDMI_IR_CLAMPZ 0x9
186 //unsigned char jtagarm7tdmi_clampz() {
187 // jtagarm7tdmi_resettap();
188 // jtag_goto_shift_ir();
189 // return jtagarmtransn(ARM7TDMI_IR_CLAMPZ, 4, LSB, END, NORETIDLE);
193 //! Connect the appropriate scan chain to TDO/TDI. SCAN_N, INTEST, ENDS IN SHIFT_DR!!!!!
194 unsigned long jtagarm7tdmi_scan(int chain, int testmode) { // PROVEN
196 When selecting a scan chain the “Run Test/Idle” state should never be reached, other-
197 wise, when in debug state, the core will not be correctly isolated and intrusive
198 commands occur. Therefore, it is recommended to pass directly from the “Update”
199 state” to the “Select DR” state each time the “Update” state is reached.
201 unsigned long retval;
202 //if (current_chain != chain) {
203 // //debugstr("===change chains===");
204 jtag_goto_shift_ir();
205 jtagtransn(ARM7TDMI_IR_SCAN_N, 4, LSB | NORETIDLE);
206 jtag_goto_shift_dr();
207 retval = jtagtransn(chain, 4, LSB | NORETIDLE);
208 // put in test mode...
209 //jtag_goto_shift_ir();
210 //jtagarmtransn(testmode, 4, LSB, END, RETIDLE);
211 current_chain = chain;
213 // //debugstr("===NOT change chains===");
214 // retval = current_chain;
216 // put in test mode...
217 jtag_goto_shift_ir();
218 jtagtransn(testmode, 4, LSB);
223 //! Connect the appropriate scan chain to TDO/TDI. SCAN_N, INTEST, ENDS IN SHIFT_DR!!!!!
224 unsigned long jtagarm7tdmi_scan_intest(int chain) { // PROVEN
225 return jtagarm7tdmi_scan(chain, ARM7TDMI_IR_INTEST);
231 //! push an instruction into the pipeline
232 unsigned long jtagarm7tdmi_instr_primitive(unsigned long instr, char breakpt){ // PROVEN
233 unsigned long retval;
234 jtagarm7tdmi_scan_intest(1);
236 jtag_goto_shift_dr();
237 // if the next instruction is to run using MCLK (master clock), set TDI
241 count_sysspd_instr_since_debug++;
246 count_dbgspd_instr_since_debug++;
250 // Now shift in the 32 bits
251 retval = jtagtransn(instr, 32, 0); // Must return to RUN-TEST/IDLE state for instruction to enter pipeline, and causes debug clock.
256 //! push NOP into the instruction pipeline
257 unsigned long jtagarm7tdmi_nop(char breakpt){ // PROVEN
258 if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
259 return jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP, breakpt);
260 return jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP, breakpt);
263 /* stolen from ARM DDI0029G documentation, translated using ARM Architecture Reference Manual (14128.pdf)
264 STR R0, [R0]; Save R0 before use
265 MOV R0, PC ; Copy PC into R0
266 STR R0, [R0]; Now save the PC in R0
267 BX PC ; Jump into ARM state
275 //! set the current mode to ARM, returns PC (FIXME). Should be used by haltcpu(), which should also store PC and the THUMB state, for use by releasecpu();
276 unsigned long jtagarm7tdmi_setMode_ARM(unsigned char restart){ // PROVEN BUT FUGLY! FIXME: clean up and store and replace clobbered r0
277 jtagarm7tdmi_resettap(); // seems necessary for some reason. ugh.
278 unsigned long retval = 0xffL;
279 if ((current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)){
280 debugstr("=== Switching to ARM mode ===");
281 cmddatalong[1] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP,0);
282 cmddatalong[2] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_STR_R0_r0,0);
283 cmddatalong[3] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_MOV_R0_PC,0);
284 cmddatalong[4] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_STR_R0_r0,restart);
285 cmddatalong[5] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_BX_PC,0);
287 jtagarm7tdmi_set_register(15,(last_halt_pc|0xfffffffc)-24);
288 jtagarm7tdmi_nop( restart);
289 cmddatalong[1] = jtagarm7tdmi_instr_primitive(ARM_INSTR_B_IMM,0);
292 jtagarm7tdmi_restart();
297 jtagarm7tdmi_set_register(0,cmddataword[5]);
299 jtagarm7tdmi_resettap(); // seems necessary for some reason. ugh.
300 current_dbgstate = jtagarm7tdmi_get_dbgstate();
305 //! set the current mode to ARM, returns PC (FIXME). Should be used by releasecpu()
306 unsigned long jtagarm7tdmi_setMode_THUMB(unsigned char restart){ // PROVEN
307 jtagarm7tdmi_resettap(); // seems necessary for some reason. ugh.
308 debugstr("=== Switching to THUMB mode ===");
309 unsigned long retval = 0xffL;
310 while (!(current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)&& retval-- > 0){
312 jtagarm7tdmi_set_register(0, last_halt_pc);
313 jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP,restart);
314 jtagarm7tdmi_instr_primitive(ARM_INSTR_BX_R0,0);
316 jtagarm7tdmi_restart();
318 jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP,0);
319 jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP,0);
320 jtagarm7tdmi_resettap(); // seems necessary for some reason.
322 current_dbgstate = jtagarm7tdmi_get_dbgstate();
330 /************************* EmbeddedICE Primitives ****************************/
331 //! shifter for writing to chain2 (EmbeddedICE).
332 unsigned long eice_write(unsigned char reg, unsigned long data){
333 unsigned long retval, temp;
334 jtagarm7tdmi_scan_intest(2);
335 // Now shift in the 32 bits
336 jtag_goto_shift_dr();
337 retval = jtagtransn(data, 32, LSB| NOEND| NORETIDLE); // send in the data - 32-bits lsb
338 temp = jtagtransn(reg, 5, LSB| NOEND| NORETIDLE); // send in the register address - 5 bits lsb
339 jtagtransn(1, 1, LSB); // send in the WRITE bit
344 //! shifter for reading from chain2 (EmbeddedICE).
345 unsigned long eice_read(unsigned char reg){ // PROVEN
346 unsigned long temp, retval;
347 //debugstr("eice_read");
349 jtagarm7tdmi_scan_intest(2);
351 // send in the register address - 5 bits LSB
352 jtag_goto_shift_dr();
353 temp = jtagtransn(reg, 5, LSB| NOEND| NORETIDLE);
355 // clear TDI to select "read only"
356 jtagtransn(0L, 1, LSB);
358 jtag_goto_shift_dr();
359 // Now shift out the 32 bits
360 retval = jtagtransn(0L, 32, LSB); // atmel arm jtag docs pp.10-11: LSB first
361 //debughex32(retval);
362 return(retval); // atmel arm jtag docs pp.10-11: LSB first
369 /************************* ICEBreaker/EmbeddedICE Stuff ******************************/
370 //! Grab debug register
371 unsigned long jtagarm7tdmi_get_dbgstate() { // ICE Debug register, *NOT* ARM register DSCR // PROVEN
372 //jtagarm7tdmi_resettap();
373 return eice_read(EICE_DBGSTATUS);
376 //! Grab debug register
377 unsigned long jtagarm7tdmi_get_dbgctrl() {
378 return eice_read(EICE_DBGCTRL);
381 //! Update debug register
382 unsigned long jtagarm7tdmi_set_dbgctrl(unsigned long bits) {
383 return eice_write(EICE_DBGCTRL, bits);
388 //! Set and Enable Watchpoint 0
389 void jtagarm7tdmi_set_watchpoint0(unsigned long addr, unsigned long addrmask, unsigned long data, unsigned long datamask, unsigned long ctrl, unsigned long ctrlmask){
390 // store watchpoint info? - not right now
393 eice_write(EICE_WP0ADDR, addr); // write 0 in watchpoint 0 address
394 eice_write(EICE_WP0ADDRMASK, addrmask); // write 0xffffffff in watchpoint 0 address mask
395 eice_write(EICE_WP0DATA, data); // write 0 in watchpoint 0 data
396 eice_write(EICE_WP0DATAMASK, datamask); // write 0xffffffff in watchpoint 0 data mask
397 eice_write(EICE_WP0CTRL, ctrlmask); // write 0x00000100 in watchpoint 0 control value register (enables watchpoint)
398 eice_write(EICE_WP0CTRLMASK, ctrlmask); // write 0xfffffff7 in watchpoint 0 control mask - only detect the fetch instruction
401 //! Set and Enable Watchpoint 1
402 void jtagarm7tdmi_set_watchpoint1(unsigned long addr, unsigned long addrmask, unsigned long data, unsigned long datamask, unsigned long ctrl, unsigned long ctrlmask){
403 // store watchpoint info? - not right now
406 eice_write(EICE_WP1ADDR, addr); // write 0 in watchpoint 1 address
407 eice_write(EICE_WP1ADDRMASK, addrmask); // write 0xffffffff in watchpoint 1 address mask
408 eice_write(EICE_WP1DATA, data); // write 0 in watchpoint 1 data
409 eice_write(EICE_WP1DATAMASK, datamask); // write 0xffffffff in watchpoint 1 data mask
410 eice_write(EICE_WP1CTRL, ctrl); // write 0x00000100 in watchpoint 1 control value register (enables watchpoint)
411 eice_write(EICE_WP1CTRLMASK, ctrlmask); // write 0xfffffff7 in watchpoint 1 control mask - only detect the fetch instruction
414 /******************** Complex Commands **************************/
416 //! Retrieve a 32-bit Register value
417 unsigned long jtagarm7tdmi_get_register(unsigned long reg) { //PROVEN
418 unsigned long retval=0L, instr;
419 if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
420 instr = THUMB_INSTR_STR_R0_r0 | reg | (reg<<16);
422 instr = (unsigned long)(reg<<12L) | (unsigned long)ARM_READ_REG; // STR Rx, [R14]
424 jtagarm7tdmi_nop( 0);
425 jtagarm7tdmi_nop( 0);
426 jtagarm7tdmi_instr_primitive(instr, 0);
427 jtagarm7tdmi_nop( 0);
428 jtagarm7tdmi_nop( 0);
429 jtagarm7tdmi_nop( 0);
430 retval = jtagarm7tdmi_nop( 0); // recover 32-bit word
434 //! Set a 32-bit Register value
435 void jtagarm7tdmi_set_register(unsigned long reg, unsigned long val) { // PROVEN (assuming target reg is word aligned)
437 //if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
438 //instr = THUMB_WRITE_REG
439 instr = (unsigned long)(((unsigned long)reg<<12L) | ARM_WRITE_REG); // LDR Rx, [R14]
441 jtagarm7tdmi_nop( 0); // push nop into pipeline - clean out the pipeline...
442 jtagarm7tdmi_nop( 0); // push nop into pipeline - clean out the pipeline...
443 jtagarm7tdmi_instr_primitive(instr, 0); // push instr into pipeline - fetch
444 if (reg == ARM_REG_PC){
445 jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
446 jtagarm7tdmi_nop( 0); // push nop into pipeline - executed
447 jtagarm7tdmi_nop( 0); // push nop into pipeline - executed
449 jtagarm7tdmi_nop( 0); // push nop into pipeline - decode
450 jtagarm7tdmi_nop( 0); // push nop into pipeline - execute
451 jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
453 jtagarm7tdmi_nop( 0); // push nop into pipeline - executed
454 jtagarm7tdmi_nop( 0); // push nop into pipeline - executed
455 jtagarm7tdmi_nop( 0);
460 //! Get all registers, placing them into cmddatalong[0-14]
461 void jtagarm7tdmi_get_registers() { // BORKEN. FIXME
462 jtagarm7tdmi_nop( 0);
463 jtagarm7tdmi_instr_primitive(ARM_INSTR_SKANKREGS,0);
464 jtagarm7tdmi_nop( 0);
465 jtagarm7tdmi_nop( 0);
466 cmddatalong[ 0] = jtagarm7tdmi_nop( 0);
467 cmddatalong[ 1] = jtagarm7tdmi_nop( 0);
468 cmddatalong[ 2] = jtagarm7tdmi_nop( 0);
469 cmddatalong[ 3] = jtagarm7tdmi_nop( 0);
470 cmddatalong[ 4] = jtagarm7tdmi_nop( 0);
471 cmddatalong[ 5] = jtagarm7tdmi_nop( 0);
472 cmddatalong[ 6] = jtagarm7tdmi_nop( 0);
473 cmddatalong[ 7] = jtagarm7tdmi_nop( 0);
474 cmddatalong[ 8] = jtagarm7tdmi_nop( 0);
475 cmddatalong[ 9] = jtagarm7tdmi_nop( 0);
476 cmddatalong[10] = jtagarm7tdmi_nop( 0);
477 cmddatalong[11] = jtagarm7tdmi_nop( 0);
478 cmddatalong[12] = jtagarm7tdmi_nop( 0);
479 cmddatalong[13] = jtagarm7tdmi_nop( 0);
480 cmddatalong[14] = jtagarm7tdmi_nop( 0);
481 cmddatalong[15] = jtagarm7tdmi_nop( 0);
482 jtagarm7tdmi_nop( 0);
485 //! Set all registers from cmddatalong[0-14]
486 void jtagarm7tdmi_set_registers() { // using r15 to write through. not including it. use set_pc
487 jtagarm7tdmi_nop( 0);
488 debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_CLOBBEREGS,0));
489 jtagarm7tdmi_nop( 0);
490 jtagarm7tdmi_nop( 0);
491 jtagarm7tdmi_instr_primitive(cmddatalong[0],0);
492 jtagarm7tdmi_instr_primitive(cmddatalong[1],0);
493 jtagarm7tdmi_instr_primitive(cmddatalong[2],0);
494 jtagarm7tdmi_instr_primitive(cmddatalong[3],0);
495 jtagarm7tdmi_instr_primitive(cmddatalong[4],0);
496 jtagarm7tdmi_instr_primitive(cmddatalong[5],0);
497 jtagarm7tdmi_instr_primitive(cmddatalong[6],0);
498 jtagarm7tdmi_instr_primitive(cmddatalong[7],0);
499 jtagarm7tdmi_instr_primitive(cmddatalong[8],0);
500 jtagarm7tdmi_instr_primitive(cmddatalong[9],0);
501 jtagarm7tdmi_instr_primitive(cmddatalong[10],0);
502 jtagarm7tdmi_instr_primitive(cmddatalong[11],0);
503 jtagarm7tdmi_instr_primitive(cmddatalong[12],0);
504 jtagarm7tdmi_instr_primitive(cmddatalong[13],0);
505 jtagarm7tdmi_instr_primitive(cmddatalong[14],0);
506 jtagarm7tdmi_nop( 0);
509 //! Retrieve the CPSR Register value
510 unsigned long jtagarm7tdmi_get_regCPSR() {
511 unsigned long retval = 0L, r0;
513 r0 = jtagarm7tdmi_get_register(0);
514 jtagarm7tdmi_nop( 0); // push nop into pipeline - clean out the pipeline...
515 jtagarm7tdmi_instr_primitive(ARM_INSTR_MRS_R0_CPSR, 0); // push MRS_R0, CPSR into pipeline - fetch
516 jtagarm7tdmi_nop( 0); // push nop into pipeline - decoded
517 jtagarm7tdmi_nop( 0); // push nop into pipeline - execute
518 retval = jtagarm7tdmi_get_register(0);
519 jtagarm7tdmi_set_register(0, r0);
523 //! Retrieve the CPSR Register value
524 unsigned long jtagarm7tdmi_set_regCPSR(unsigned long val) {
527 r0 = jtagarm7tdmi_get_register(0);
528 jtagarm7tdmi_set_register(0, val);
529 debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - clean out the pipeline...
530 debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_MSR_cpsr_cxsf_R0, 0)); // push MSR cpsr_cxsf, R0 into pipeline - fetch
531 debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - decoded
532 debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - execute
533 jtagarm7tdmi_set_register(0, r0);
537 unsigned long wait_debug(unsigned long retval){
538 // Poll the Debug Status Register for DBGACK and nMREQ to be HIGH
539 current_dbgstate = jtagarm7tdmi_get_dbgstate();
540 while ((!(current_dbgstate & 9L) == 9) && retval > 0){
543 current_dbgstate = jtagarm7tdmi_get_dbgstate();
549 //! Write data to address - Assume TAP in run-test/idle state
550 unsigned long jtagarm7tdmi_writemem(unsigned long adr, unsigned long data){
551 unsigned long retval = 0xffL;
552 unsigned long r0=0L, r1=-1L;
554 r0 = jtagarm7tdmi_get_register(0); // store R0 and R1
555 r1 = jtagarm7tdmi_get_register(1);
556 jtagarm7tdmi_set_register(0, adr); // write address into R0
557 jtagarm7tdmi_set_register(1, data); // write data in R1
558 debughex32(jtagarm7tdmi_get_register(0));
559 debughex32(jtagarm7tdmi_get_register(1));
560 jtagarm7tdmi_nop( 0); // push nop into pipeline to "clean" it ???
561 jtagarm7tdmi_nop( 1); // push nop into pipeline with BREAKPT set
562 jtagarm7tdmi_instr_primitive(ARM_INSTR_STR_R1_r0_4, 0); // push LDR R1, R0, #4 into instruction pipeline
563 jtagarm7tdmi_nop( 0); // push nop into pipeline
564 jtagarm7tdmi_restart(); // SHIFT_IR with RESTART instruction
566 if (wait_debug(0xffL) == 0){
567 debugstr("FAILED TO WRITE MEMORY/RE-ENTER DEBUG MODE");
570 retval = jtagarm7tdmi_get_register(1); // read memory value from R1 register
571 jtagarm7tdmi_set_register(1, r1); // restore R0 and R1
572 jtagarm7tdmi_set_register(0, r0);
579 //! Read data from address
580 unsigned long jtagarm7tdmi_readmem(unsigned long adr){
581 unsigned long retval = 0xffL;
582 unsigned long r0=0L, r1=-1L;
584 r0 = jtagarm7tdmi_get_register(0); // store R0 and R1
585 r1 = jtagarm7tdmi_get_register(1);
586 jtagarm7tdmi_set_register(0, adr); // write address into R0
587 jtagarm7tdmi_nop( 0); // push nop into pipeline to "clean" it ???
588 jtagarm7tdmi_nop( 1); // push nop into pipeline with BREAKPT set
589 jtagarm7tdmi_instr_primitive(ARM_INSTR_LDR_R1_r0_4, 0); // push LDR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive reads)
590 jtagarm7tdmi_nop( 0); // push nop into pipeline
591 jtagarm7tdmi_restart(); // SHIFT_IR with RESTART instruction
593 // Poll the Debug Status Register for DBGACK and nMREQ to be HIGH
594 current_dbgstate = jtagarm7tdmi_get_dbgstate();
595 debughex(current_dbgstate);
596 while ((!(current_dbgstate & 9L) == 9) && retval > 0){
599 current_dbgstate = jtagarm7tdmi_get_dbgstate();
601 // FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate?
603 debugstr("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE");
606 retval = jtagarm7tdmi_get_register(1); // read memory value from R1 register
607 //jtagarm7tdmi_set_register(1, r1); // restore R0 and R1
608 //jtagarm7tdmi_set_register(0, r0);
616 //! Read Program Counter
617 unsigned long jtagarm7tdmi_get_real_pc(){
619 val = jtagarm7tdmi_get_register(ARM_REG_PC);
620 if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
621 val -= (4*2); // thumb uses 2 bytes per instruction.
623 val -= (6*4); // assume 6 instructions at 4 bytes a piece.
627 //! Halt CPU - returns 0xffff if the operation fails to complete within
628 unsigned long jtagarm7tdmi_haltcpu(){ // PROVEN
629 int waitcount = 0xffL;
631 // store the debug state
632 last_halt_debug_state = jtagarm7tdmi_get_dbgstate();
634 //jtagarm7tdmi_set_dbgctrl(7);
635 // store watchpoint info? - not right now
636 jtagarm7tdmi_set_watchpoint1(0, 0xffffffff, 0, 0xffffffff, 0x100L, 0xfffffff7);
640 eice_write(EICE_WP1ADDR, 0L); // write 0 in watchpoint 1 address
641 eice_write(EICE_WP1ADDRMASK, 0xffffffff); // write 0xffffffff in watchpoint 1 address mask
642 eice_write(EICE_WP1DATA, 0L); // write 0 in watchpoint 1 data
643 eice_write(EICE_WP1DATAMASK, 0xffffffff); // write 0xffffffff in watchpoint 1 data mask
644 eice_write(EICE_WP1CTRL, 0x100L); // write 0x00000100 in watchpoint 1 control value register (enables watchpoint)
645 eice_write(EICE_WP1CTRLMASK, 0xfffffff7); // write 0xfffffff7 in watchpoint 1 control mask - only detect the fetch instruction
648 // poll until debug status says the cpu is in debug mode
649 while (!(current_dbgstate & 0x1L) && waitcount-- > 0){
650 current_dbgstate = jtagarm7tdmi_get_dbgstate();
654 //jtagarm7tdmi_set_dbgctrl(0);
655 jtagarm7tdmi_set_watchpoint1(0, 0x0, 0, 0x0, 0x0L, 0xfffffff7);
656 //jtagarm7tdmi_disable_watchpoint1();
658 //eice_write(EICE_WP1CTRL, 0x0L); // write 0 in watchpoint 0 control value - disables watchpoint 0
660 // store the debug state program counter.
661 last_halt_pc = jtagarm7tdmi_get_real_pc(); // FIXME: grag chain0 to get all state and PC
662 count_dbgspd_instr_since_debug = 0L; // should be able to clean this up and remove all this tracking nonsense.
663 count_sysspd_instr_since_debug = 0L; // should be able to clean this up and remove all this tracking nonsense.
665 //FIXME: is this necessary? for now, yes... but perhaps make the rest of the module arm/thumb impervious.
666 // get into ARM mode if the T flag is set (Thumb mode)
667 while (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT && waitcount-- > 0) {
668 jtagarm7tdmi_setMode_ARM(0);
669 current_dbgstate = jtagarm7tdmi_get_dbgstate();
671 jtagarm7tdmi_resettap();
672 jtagarm7tdmi_set_register(ARM_REG_PC, last_halt_pc & 0xfffffffc); // make sure PC is word-aligned. otherwise all other register accesses get all wonky.
676 unsigned long jtagarm7tdmi_releasecpu(){
677 int waitcount = 0xff;
678 jtagarm7tdmi_nop(0); // NOP
679 jtagarm7tdmi_nop(1); // NOP/BREAKPT
682 // four possible states. arm mode needing arm mode, arm mode needing thumb mode, thumb mode needing arm mode, and thumb mode needing thumb mode
683 // FIXME: BX is bs. it requires the clobbering of at least one register.... this is not acceptable.
684 // FIXME: so we either switch modes, then correct the register before restarting with bx, or find the way to use SPSR
685 if (last_halt_debug_state & JTAG_ARM7TDMI_DBG_TBIT){
686 // need to get to thumb mode
687 jtagarm7tdmi_set_register(15,last_halt_pc-20); // 20 bytes will be added to pc before the end of the write. incorrect and must fix
688 jtagarm7tdmi_setMode_THUMB(1);
690 jtagarm7tdmi_setMode_ARM(1);
691 //jtagarm7tdmi_set_register(15,last_halt_pc-20); // 20 bytes will be added to pc before the end of the write. incorrect and must fix
695 jtagarm7tdmi_restart();
696 jtagarm7tdmi_resettap();
697 //jtag_goto_shift_ir();
698 //jtagarmtransn(ARM7TDMI_IR_RESTART,4,LSB,END,RETIDLE); // VERB_RESTART
700 // wait until restart-bit set in debug state register
701 while ((current_dbgstate & JTAG_ARM7TDMI_DBG_DBGACK) && waitcount > -1){
704 current_dbgstate = jtagarm7tdmi_get_dbgstate();
706 last_halt_debug_state = -1;
714 ///////////////////////////////////////////////////////////////////////////////////////////////////
715 //! Handles ARM7TDMI JTAG commands. Forwards others to JTAG.
716 void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len){
717 //register char blocks;
719 unsigned int val; //, i;
722 //jtagarm7tdmi_resettap();
723 //current_dbgstate = jtagarm7tdmi_get_dbgstate();
728 debughex32(jtagarm7tdmi_start());
729 cmddatalong[0] = jtagarm7tdmi_get_dbgstate();
730 txdata(app,verb,0x4);
731 current_dbgstate = jtagarm7tdmi_get_dbgstate();
734 case JTAGARM7TDMI_READMEM:
736 blocks = cmddatalong[1];
738 txhead(app,verb,len);
740 jtagarm7tdmi_resettap();
743 for(i=0;i<blocks;i++){
744 val=jtagarm7tdmi_readmem(at);
746 serial_tx(val&0xFFL);
747 serial_tx((val&0xFF00L)>>8);
748 serial_tx((val&0xFF0000L)>>8);
749 serial_tx((val&0xFF000000L)>>8);
756 jtagarm7tdmi_resettap();
758 cmddatalong[0] = jtagarm7tdmi_readmem(cmddatalong[0]);
762 case JTAGARM7TDMI_GET_CHIP_ID:
763 jtagarm7tdmi_resettap();
764 cmddatalong[0] = jtagarm7tdmi_idcode();
769 case JTAGARM7TDMI_WRITEMEM:
771 jtagarm7tdmi_resettap();
772 jtagarm7tdmi_writemem(cmddatalong[0],
774 cmddataword[0]=jtagarm7tdmi_readmem(cmddatalong[0]);
778 case JTAGARM7TDMI_HALTCPU:
779 cmddatalong[0] = jtagarm7tdmi_haltcpu();
782 case JTAGARM7TDMI_RELEASECPU:
783 //jtagarm7tdmi_resettap();
784 cmddatalong[0] = jtagarm7tdmi_releasecpu();
787 //unimplemented functions
788 //case JTAGARM7TDMI_SETINSTRFETCH:
789 //case JTAGARM7TDMI_WRITEFLASH:
790 //case JTAGARM7TDMI_ERASEFLASH:
791 case JTAGARM7TDMI_SET_PC:
792 //jtagarm7tdmi_setpc(cmddatalong[0]);
793 last_halt_pc = cmddatalong[0];
796 case JTAGARM7TDMI_GET_DEBUG_CTRL:
797 cmddatalong[0] = jtagarm7tdmi_get_dbgctrl();
800 case JTAGARM7TDMI_SET_DEBUG_CTRL:
801 cmddatalong[0] = jtagarm7tdmi_set_dbgctrl(cmddata[0]);
804 case JTAGARM7TDMI_GET_PC:
805 cmddatalong[0] = last_halt_pc;
808 case JTAGARM7TDMI_GET_DEBUG_STATE:
809 //jtagarm7tdmi_resettap(); // Shouldn't need this, but currently do. FIXME!
810 current_dbgstate = jtagarm7tdmi_get_dbgstate();
811 cmddatalong[0] = current_dbgstate;
814 //case JTAGARM7TDMI_GET_WATCHPOINT:
815 //case JTAGARM7TDMI_SET_WATCHPOINT:
816 case JTAGARM7TDMI_GET_REGISTER:
817 //jtagarm7tdmi_resettap();
819 cmddatalong[0] = jtagarm7tdmi_get_register(val);
822 case JTAGARM7TDMI_SET_REGISTER:
823 //jtagarm7tdmi_resettap();
824 jtagarm7tdmi_set_register(cmddatalong[1], cmddatalong[0]);
827 case JTAGARM7TDMI_DEBUG_INSTR:
828 //jtagarm7tdmi_resettap();
829 //cmddataword[0] = jtagarm7tdmi_exec(cmddataword[0], cmddata[4]);
830 cmddatalong[0] = jtagarm7tdmi_instr_primitive(cmddatalong[0],cmddata[4]);
833 //case JTAGARM7TDMI_STEP_INSTR:
834 /* case JTAGARM7TDMI_READ_CODE_MEMORY:
835 case JTAGARM7TDMI_WRITE_FLASH_PAGE:
836 case JTAGARM7TDMI_READ_FLASH_PAGE:
837 case JTAGARM7TDMI_MASS_ERASE_FLASH:
838 case JTAGARM7TDMI_PROGRAM_FLASH:
839 case JTAGARM7TDMI_LOCKCHIP:
840 case JTAGARM7TDMI_CHIP_ERASE:
842 // Really ARM specific stuff
843 case JTAGARM7TDMI_GET_CPSR:
844 jtagarm7tdmi_resettap();
845 cmddatalong[0] = jtagarm7tdmi_get_regCPSR();
848 case JTAGARM7TDMI_SET_CPSR:
849 jtagarm7tdmi_resettap();
850 cmddatalong[0] = jtagarm7tdmi_set_regCPSR(cmddatalong[0]);
853 case JTAGARM7TDMI_GET_SPSR: // FIXME: NOT EVEN CLOSE TO CORRECT
854 jtagarm7tdmi_resettap();
855 cmddatalong[0] = jtagarm7tdmi_get_regCPSR();
858 case JTAGARM7TDMI_SET_SPSR: // FIXME: NOT EVEN CLOSE TO CORRECT
859 jtagarm7tdmi_resettap();
860 cmddatalong[0] = jtagarm7tdmi_set_regCPSR(cmddatalong[0]);
863 case JTAGARM7TDMI_SET_MODE_THUMB:
864 jtagarm7tdmi_resettap();
865 cmddatalong[0] = jtagarm7tdmi_setMode_THUMB(cmddata[0]);
868 case JTAGARM7TDMI_SET_MODE_ARM:
869 jtagarm7tdmi_resettap();
870 cmddatalong[0] = jtagarm7tdmi_setMode_ARM(cmddata[0]);
873 case JTAGARM7TDMI_SET_IR:
874 //jtagarm7tdmi_resettap();
875 jtag_goto_shift_ir();
876 cmddataword[0] = jtagtransn(cmddata[0], 4, cmddata[1]);
880 case JTAGARM7TDMI_WAIT_DBG:
881 cmddatalong[0] = wait_debug(cmddatalong[0]);
884 case JTAGARM7TDMI_SHIFT_DR:
885 jtagarm7tdmi_resettap();
886 jtag_goto_shift_dr();
887 cmddatalong[0] = jtagtransn(cmddatalong[1],cmddata[0],cmddata[1]);
890 case JTAGARM7TDMI_CHAIN0:
891 jtagarm7tdmi_scan_intest(0);
892 jtag_goto_shift_dr();
893 debughex32(cmddatalong[0]);
894 debughex(cmddataword[4]);
895 debughex32(cmddatalong[1]);
896 debughex32(cmddatalong[3]);
897 cmddatalong[0] = jtagtransn(cmddatalong[0], 32, LSB| NOEND| NORETIDLE);
898 cmddatalong[2] = jtagtransn(cmddataword[4], 9, MSB| NOEND| NORETIDLE);
899 cmddatalong[1] = jtagtransn(cmddatalong[1], 32, MSB| NOEND| NORETIDLE);
900 cmddatalong[3] = jtagtransn(cmddatalong[3], 32, MSB);
903 case JTAGARM7TDMI_SETWATCH0:
904 jtagarm7tdmi_set_watchpoint0(cmddatalong[0], cmddatalong[1], cmddatalong[2], cmddatalong[3], cmddatalong[4], cmddatalong[5]);
907 case JTAGARM7TDMI_SETWATCH1:
908 jtagarm7tdmi_set_watchpoint0(cmddatalong[0], cmddatalong[1], cmddatalong[2], cmddatalong[3], cmddatalong[4], cmddatalong[5]);
912 jtaghandle(app,verb,len);
919 /*****************************
920 Captured from FlySwatter against AT91SAM7S, to be used by me for testing. ignore
923 System and User mode registers
924 r0: 300000df r1: 00000000 r2: 58000000 r3: 00200a75
925 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
926 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
927 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 000000fc
930 FIQ mode shadow registers
931 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
932 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
934 Supervisor mode shadow registers
935 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
937 Abort mode shadow registers
938 sp_abt: 00000000 lr_abt: 00000000 spsr_abt: e00000ff
940 IRQ mode shadow registers
941 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
943 Undefined instruction mode shadow registers
944 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
948 target halted in ARM state due to single-step, current mode: Supervisor
949 cpsr: 0x00000093 pc: 0x00000100
950 System and User mode registers
951 r0: 300000df r1: 00000000 r2: 00200000 r3: 00200a75
952 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
953 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
954 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000100
957 FIQ mode shadow registers
958 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
959 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
961 Supervisor mode shadow registers
962 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
964 Abort mode shadow registers
965 sp_abt: 00000000 lr_abt: 00000000 spsr_abt: e00000ff
967 IRQ mode shadow registers
968 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
970 Undefined instruction mode shadow registers
971 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
975 target halted in ARM state due to single-step, current mode: Abort
976 cpsr: 0x00000097 pc: 0x00000010
977 System and User mode registers
978 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
979 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
980 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
981 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
984 FIQ mode shadow registers
985 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
986 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
988 Supervisor mode shadow registers
989 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
991 Abort mode shadow registers
992 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
994 IRQ mode shadow registers
995 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
997 Undefined instruction mode shadow registers
998 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1000 target state: halted
1001 target halted in ARM state due to single-step, current mode: Abort
1002 cpsr: 0x00000097 pc: 0x00000010
1003 System and User mode registers
1004 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1005 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1006 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1007 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1010 FIQ mode shadow registers
1011 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1012 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1014 Supervisor mode shadow registers
1015 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1017 Abort mode shadow registers
1018 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1020 IRQ mode shadow registers
1021 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1023 Undefined instruction mode shadow registers
1024 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1026 target state: halted
1027 target halted in ARM state due to single-step, current mode: Abort
1028 cpsr: 0x00000097 pc: 0x00000010
1029 System and User mode registers
1030 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1031 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1032 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1033 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1036 FIQ mode shadow registers
1037 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1038 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1040 Supervisor mode shadow registers
1041 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1043 Abort mode shadow registers
1044 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1046 IRQ mode shadow registers
1047 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1049 Undefined instruction mode shadow registers
1050 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1052 target state: halted
1053 target halted in ARM state due to single-step, current mode: Abort
1054 cpsr: 0x00000097 pc: 0x00000010
1055 System and User mode registers
1056 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1057 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1058 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1059 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1062 FIQ mode shadow registers
1063 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1064 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1066 Supervisor mode shadow registers
1067 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1069 Abort mode shadow registers
1070 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1072 IRQ mode shadow registers
1073 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1075 Undefined instruction mode shadow registers
1076 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1078 target state: halted
1079 target halted in ARM state due to single-step, current mode: Abort
1080 cpsr: 0x00000097 pc: 0x00000010
1081 System and User mode registers
1082 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1083 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1084 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1085 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1088 FIQ mode shadow registers
1089 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1090 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1092 Supervisor mode shadow registers
1093 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1095 Abort mode shadow registers
1096 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1098 IRQ mode shadow registers
1099 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1101 Undefined instruction mode shadow registers
1102 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1104 target state: halted
1105 target halted in ARM state due to single-step, current mode: Abort
1106 cpsr: 0x00000097 pc: 0x00000010
1107 System and User mode registers
1108 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1109 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1110 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1111 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1114 FIQ mode shadow registers
1115 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1116 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1118 Supervisor mode shadow registers
1119 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1121 Abort mode shadow registers
1122 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1124 IRQ mode shadow registers
1125 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1127 Undefined instruction mode shadow registers
1128 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1130 target state: halted
1131 target halted in ARM state due to single-step, current mode: Abort
1132 cpsr: 0x00000097 pc: 0x00000010
1133 System and User mode registers
1134 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1135 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1136 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1137 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1140 FIQ mode shadow registers
1141 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1142 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1144 Supervisor mode shadow registers
1145 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1147 Abort mode shadow registers
1148 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1150 IRQ mode shadow registers
1151 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1153 Undefined instruction mode shadow registers
1154 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1156 target state: halted
1157 target halted in ARM state due to single-step, current mode: Abort
1158 cpsr: 0x00000097 pc: 0x00000010
1159 System and User mode registers
1160 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1161 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1162 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1163 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1166 FIQ mode shadow registers
1167 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1168 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1170 Supervisor mode shadow registers
1171 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1173 Abort mode shadow registers
1174 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1176 IRQ mode shadow registers
1177 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1179 Undefined instruction mode shadow registers
1180 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df
1182 target state: halted
1183 target halted in ARM state due to single-step, current mode: Abort
1184 cpsr: 0x00000097 pc: 0x00000010
1185 System and User mode registers
1186 r0: 300000e3 r1: 00000000 r2: 00200000 r3: 00200a75
1187 r4: fffb0000 r5: 00000002 r6: 00000000 r7: 00200f6c
1188 r8: 00000000 r9: 00000000 r10: ffffffff r11: 00000000
1189 r12: 00000009 sp_usr: 00000000 lr_usr: 00000000 pc: 00000010
1192 FIQ mode shadow registers
1193 r8_fiq: 00000000 r9_fiq: fffcc000 r10_fiq: fffff400 r11_fiq: fffff000
1194 r12_fiq: 00200f44 sp_fiq: 00000000 lr_fiq: 00000000 spsr_fiq: f00000fb
1196 Supervisor mode shadow registers
1197 sp_svc: 00201f78 lr_svc: 00200a75 spsr_svc: 400000b3
1199 Abort mode shadow registers
1200 sp_abt: 00000000 lr_abt: 00000108 spsr_abt: 00000093
1202 IRQ mode shadow registers
1203 sp_irq: 00000000 lr_irq: 00000000 spsr_irq: f000003b
1205 Undefined instruction mode shadow registers
1206 sp_und: 00000000 lr_und: 00000000 spsr_und: 300000df