Beginnings of info flash support. It isn't very good.
[goodfet] / firmware / apps / jtag / jtagarm7tdmi.c
1 /*! \file jtagarm7tdmi.c
2   \brief ARM7TDMI JTAG (AT91R40008, AT91SAM7xxx)
3 */
4
5 #include "platform.h"
6 #include "command.h"
7 #include "jtag.h"
8 #include "jtagarm7tdmi.h"
9
10
11 /**** 20-pin Connection Information (pin1 is on top-right for both connectors)****
12 GoodFET  ->  7TDMI 20-pin connector (HE-10 connector)
13   1               13 (TDO)
14   2               1  (Vdd)
15   3               5  (TDI)
16   5               7  (TMS)
17   7               9  (TCK)
18   8               15 (nRST)
19   9               4,6,8,10,12,14,16,18,20 (GND)
20   11              17/3 (nTRST)  (different sources suggest 17 or 3 alternately)
21 ********************************/
22
23 /**** 14-pin Connection Information (pin1 is on top-right for both connectors)****
24 GoodFET  ->  7TDMI 14-pin connector
25   1               11 (TDO)
26   2               1  (Vdd)
27   3               5  (TDI)
28   5               7  (TMS)
29   7               9  (TCK)
30   8               12 (nRST)
31   9               2,4,6,8,10,14 (GND)
32   11              3 (nTRST)
33
34 http://hri.sourceforge.net/tools/jtag_faq_org.html
35 ********************************/
36
37
38
39
40
41
42 /****************************************************************
43 Enabling jtag likely differs with most platforms.  We will attempt to enable most from here.  Override jtagarm7tdmi_start() to extend for other implementations
44 ARM7TDMI enables three different scan chains:
45     * Chain0 - "entire periphery" including data bus
46     * Chain1 - core data bus (subset of Chain0)  - Instruction Pipeline
47     * Chain2 - EmbeddedICE Logic Registers - This is our way into the fun stuff.
48     
49
50 ---
51 You can disable EmbeddedICE-RT by setting the DBGEN input LOW.
52 Caution
53 Hard wiring the DBGEN input LOW permanently disables all debug functionality.
54 When DBGEN is LOW, it inhibits DBGDEWPT, DBGIEBKPT, and EDBGRQ to
55 the core, and DBGACK from the ARM9E-S core is always LOW.
56 ---
57
58
59 ---
60 When the ARM9E-S core is in debug state, you can examine the core and system state
61 by forcing the load and store multiples into the instruction pipeline.
62 Before you can examine the core and system state, the debugger must determine
63 whether the processor entered debug from Thumb state or ARM state, by examining
64 bit 4 of the EmbeddedICE-RT debug status register. If bit 4 is HIGH, the core has
65 entered debug from Thumb state.
66 For more details about determining the core state, see Determining the core and system
67 state on page B-18.
68 ---
69
70
71 --- olimex - http://www.olimex.com/dev/pdf/arm-jtag.pdf
72 JTAG signals description:
73 PIN.1 (VTREF) Target voltage sense. Used to indicate the target’s operating voltage to thedebug tool.
74 PIN.2 (VTARGET) Target voltage. May be used to supply power to the debug tool.
75 PIN.3 (nTRST) JTAG TAP reset, this signal should be pulled up to Vcc in target board.
76 PIN4,6, 8, 10,12,14,16,18,20 Ground. The Gnd-Signal-Gnd-Signal strategy implemented on the 20-way connection scheme improves noiseimmunity on the target connect cable.
77 *PIN.5 (TDI) JTAG serial data in, should be pulled up to Vcc on target board.
78 *PIN.7 (TMS) JTAG TAP Mode Select, should be pulled up to Vcc on target board.
79 *PIN.9 (TCK) JTAG clock.
80 PIN.11 (RTCK) JTAG retimed clock.Implemented on certain ASIC ARM implementations the host ASIC may need to synchronize external inputs (such as JTAG inputs) with its own internal clock.
81 *PIN.13 (TDO) JTAG serial data out.
82 *PIN.15 (nSRST) Target system reset.
83 *PIN.17 (DBGRQ) Asynchronous debug request.  DBGRQ allows an external signal to force the ARM core into debug mode, should be pull down to GND.
84 PIN.19 (DBGACK) Debug acknowledge. The ARM core acknowledges debug-mode inresponse to a DBGRQ input.
85
86
87 -----------  SAMPLE TIMES  -----------
88
89 TDI and TMS are sampled on the rising edge of TCK and TDO transitions appear on the falling edge of TCK. Therefore, TDI and TMS must be written after the falling edge of TCK and TDO must be read after the rising edge of TCK.
90
91 for this module, we keep tck high for all changes/sampling, and then bounce it.
92 ****************************************************************/
93
94
95
96 /************************** JTAGARM7TDMI Primitives ****************************/
97 void jtag_goto_shift_ir() {
98   SETTMS;
99   jtag_arm_tcktock();
100   jtag_arm_tcktock();
101   CLRTMS;
102   jtag_arm_tcktock();
103   jtag_arm_tcktock();
104
105 }
106
107 void jtag_goto_shift_dr() {
108   SETTMS;
109   jtag_arm_tcktock();
110   CLRTMS;
111   jtag_arm_tcktock();
112   jtag_arm_tcktock();
113 }
114
115 void jtag_reset_to_runtest_idle() {
116   SETTMS;
117   jtag_arm_tcktock();
118   jtag_arm_tcktock();
119   jtag_arm_tcktock();
120   jtag_arm_tcktock();
121   jtag_arm_tcktock();
122   jtag_arm_tcktock();
123   jtag_arm_tcktock();
124   jtag_arm_tcktock();  // now in Reset state
125   CLRTMS;
126   jtag_arm_tcktock();  // now in Run-Test/Idle state
127 }
128
129 void jtag_arm_tcktock() {
130   delay(100);  // FIXME: Should never wait this long...
131   CLRTCK; 
132   PLEDOUT^=PLEDPIN; 
133   delay(100);  // FIXME: Should never wait this long...
134   SETTCK; 
135   PLEDOUT^=PLEDPIN;
136 }
137
138
139 // ! Start JTAG, setup pins, reset TAP and return IDCODE
140 unsigned long jtagarm7tdmi_start() {
141   jtagsetup();
142   jtagarm7tdmi_resettap();
143   return jtagarm7tdmi_idcode();
144 }
145
146
147 //! Reset TAP State Machine       
148 void jtagarm7tdmi_resettap(){               // PROVEN
149   current_chain = -1;
150   jtag_reset_to_runtest_idle();
151 }
152
153
154 //  NOTE: important: THIS MODULE REVOLVES AROUND RETURNING TO RUNTEST/IDLE, OR THE FUNCTIONAL EQUIVALENT
155
156
157 //! Shift N bits over TDI/TDO.  May choose LSB or MSB, and select whether to terminate (TMS-high on last bit) and whether to return to RUNTEST/IDLE
158 unsigned long jtagarmtransn(unsigned long word, unsigned char bitcount, unsigned char lsb, unsigned char end, unsigned char retidle){               // PROVEN
159   unsigned int bit;
160   unsigned long high = 1;
161   unsigned long mask;
162
163   //for (bit=(bitcount-1)/8; bit>0; bit--)
164   //  high <<= 8;
165   //high <<= ((bitcount-1)%8);
166   high <<= (bitcount-1);
167
168   mask = high-1;
169
170   if (lsb) {
171     for (bit = bitcount; bit > 0; bit--) {
172       /* write MOSI on trailing edge of previous clock */
173       if (word & 1)
174         {SETMOSI;}
175       else
176         {CLRMOSI;}
177       word >>= 1;
178
179       if (bit==1 && end)
180         SETTMS;//TMS high on last bit to exit.
181        
182       jtag_arm_tcktock();
183
184       /* read MISO on trailing edge */
185       if (READMISO){
186         word += (high);
187       }
188     }
189   } else {
190     for (bit = bitcount; bit > 0; bit--) {
191       /* write MOSI on trailing edge of previous clock */
192       if (word & high)
193         {SETMOSI;}
194       else
195         {CLRMOSI;}
196       word = (word & mask) << 1;
197
198       if (bit==1 && end)
199         SETTMS;//TMS high on last bit to exit.
200
201       jtag_arm_tcktock();
202
203       /* read MISO on trailing edge */
204       word |= (READMISO);
205     }
206   }
207  
208
209   SETMOSI;
210
211   if (end){
212     // exit state
213     jtag_arm_tcktock();
214     // update state
215     if (retidle){
216       CLRTMS;
217       jtag_arm_tcktock();
218     }
219   }
220   return word;
221 }
222
223
224
225 /************************************************************************
226 * ARM7TDMI core has 6 primary registers to be connected between TDI/TDO
227 *   * Bypass Register
228 *   * ID Code Register
229 *   * Scan Chain Select Register    (4 bits_lsb)
230 *   * Scan Chain 0                  (64+* bits: 32_databits_lsb + ctrlbits + 32_addrbits_msb)
231 *   * Scan Chain 1                  (33 bits: 32_bits + BREAKPT)
232 *   * Scan Chain 2                  (38 bits: rw + 5_regbits_msb + 32_databits_msb)
233 ************************************************************************/
234
235
236
237 /************************** Basic JTAG Verb Commands *******************************/
238 //! Grab the core ID.
239 unsigned long jtagarm7tdmi_idcode(){               // PROVEN
240   jtagarm7tdmi_resettap();
241   SHIFT_IR;
242   jtagarmtransn(ARM7TDMI_IR_IDCODE, 4, LSB, END, RETIDLE);
243   SHIFT_DR;
244   return jtagarmtransn(0,32, LSB, END, RETIDLE);
245 }
246
247 //!  Connect Bypass Register to TDO/TDI
248 unsigned char jtagarm7tdmi_bypass(){               // PROVEN
249   jtagarm7tdmi_resettap();
250   SHIFT_IR;
251   return jtagarmtransn(ARM7TDMI_IR_BYPASS, 4, LSB, END, NORETIDLE);
252 }
253 //!  INTEST verb - do internal test
254 unsigned char jtagarm7tdmi_intest() { 
255   SHIFT_IR;
256   return jtagarmtransn(ARM7TDMI_IR_INTEST, 4, LSB, END, NORETIDLE); 
257 }
258
259 //!  EXTEST verb
260 unsigned char jtagarm7tdmi_extest() { 
261   SHIFT_IR;
262   return jtagarmtransn(ARM7TDMI_IR_EXTEST, 4, LSB, END, NORETIDLE);
263 }
264
265 //!  SAMPLE verb
266 //unsigned long jtagarm7tdmi_sample() { 
267 //  jtagarm7tdmi_ir_shift4(ARM7TDMI_IR_SAMPLE);        // ???? same here.
268 //  return jtagtransn(0,32);
269 //}
270
271 //!  RESTART verb
272 unsigned char jtagarm7tdmi_restart() { 
273   jtagarm7tdmi_resettap();
274   SHIFT_IR;
275   return jtagarmtransn(ARM7TDMI_IR_RESTART, 4, LSB, END, RETIDLE); 
276 }
277
278 //!  ARM7TDMI_IR_CLAMP               0x5
279 //unsigned long jtagarm7tdmi_clamp() { 
280 //  jtagarm7tdmi_resettap();
281 //  SHIFT_IR;
282 //  jtagarmtransn(ARM7TDMI_IR_CLAMP, 4, LSB, END, NORETIDLE);
283 //  SHIFT_DR;
284 //  return jtagarmtransn(0, 32, LSB, END, RETIDLE);
285 //}
286
287 //!  ARM7TDMI_IR_HIGHZ               0x7
288 //unsigned char jtagarm7tdmi_highz() { 
289 //  jtagarm7tdmi_resettap();
290 //  SHIFT_IR;
291 //  return jtagarmtransn(ARM7TDMI_IR_HIGHZ, 4, LSB, END, NORETIDLE);
292 //}
293
294 //! define ARM7TDMI_IR_CLAMPZ              0x9
295 //unsigned char jtagarm7tdmi_clampz() { 
296 //  jtagarm7tdmi_resettap();
297 //  SHIFT_IR;
298 //  return jtagarmtransn(ARM7TDMI_IR_CLAMPZ, 4, LSB, END, NORETIDLE);
299 //}
300
301
302 //!  Connect the appropriate scan chain to TDO/TDI.  SCAN_N, INTEST, ENDS IN SHIFT_DR!!!!!
303 unsigned long jtagarm7tdmi_scan(int chain, int testmode) {               // PROVEN
304 /*
305 When selecting a scan chain the “Run Test/Idle” state should never be reached, other-
306 wise, when in debug state, the core will not be correctly isolated and intrusive
307 commands occur. Therefore, it is recommended to pass directly from the “Update”
308 state” to the “Select DR” state each time the “Update” state is reached.
309 */
310   unsigned long retval;
311   if (current_chain != chain) {
312     //debugstr("===change chains===");
313     SHIFT_IR;
314     jtagarmtransn(ARM7TDMI_IR_SCAN_N, 4, LSB, END, NORETIDLE);
315     SHIFT_DR;
316     retval = jtagarmtransn(chain, 4, LSB, END, NORETIDLE);
317     current_chain = chain;
318   }    else
319     //debugstr("===NOT change chains===");
320     retval = current_chain;
321   // put in test mode...
322   SHIFT_IR;
323   jtagarmtransn(testmode, 4, LSB, END, RETIDLE); 
324   return(retval);
325 }
326
327
328 //!  Connect the appropriate scan chain to TDO/TDI.  SCAN_N, INTEST, ENDS IN SHIFT_DR!!!!!
329 unsigned long jtagarm7tdmi_scan_intest(int chain) {               // PROVEN
330   return jtagarm7tdmi_scan(chain, ARM7TDMI_IR_INTEST);
331 }
332
333
334
335
336 //! push an instruction into the pipeline
337 unsigned long jtagarm7tdmi_instr_primitive(unsigned long instr, char breakpt){  // PROVEN
338   unsigned long retval;
339   jtagarm7tdmi_scan_intest(1);
340
341   SHIFT_DR;
342   // if the next instruction is to run using MCLK (master clock), set TDI
343   if (breakpt)
344     {
345     SETMOSI;
346     count_sysspd_instr_since_debug++;
347     } 
348   else
349     {
350     CLRMOSI; 
351     count_dbgspd_instr_since_debug++;
352     }
353   jtag_arm_tcktock();
354   
355   // Now shift in the 32 bits
356   retval = jtagarmtransn(instr, 32, MSB, END, RETIDLE);    // Must return to RUN-TEST/IDLE state for instruction to enter pipeline, and causes debug clock.
357   return(retval);
358   
359 }
360
361 //! push NOP into the instruction pipeline
362 unsigned long jtagarm7tdmi_nop(char breakpt){  // PROVEN
363   return jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP, breakpt);
364 }
365
366 /*    stolen from ARM DDI0029G documentation, translated using ARM Architecture Reference Manual (14128.pdf)
367 STR R0, [R0]; Save R0 before use
368 MOV R0, PC ; Copy PC into R0
369 STR R0, [R0]; Now save the PC in R0
370 BX PC ; Jump into ARM state
371 MOV R8, R8 ;
372 MOV R8, R8 ;
373 NOP
374 NOP
375
376 */
377
378 //! set the current mode to ARM, returns PC (FIXME).  Should be used by haltcpu(), which should also store PC and the THUMB state, for use by releasecpu();
379 unsigned long jtagarm7tdmi_setMode_ARM(){               // PROVEN
380   debugstr("=== Thumb Mode... Switching to ARM mode ===");
381   unsigned long retval = 0xff;
382   while ((jtagarm7tdmi_get_dbgstate() & JTAG_ARM7TDMI_DBG_TBIT)&& retval-- > 0){
383     cmddataword[6] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP,0);
384     cmddataword[1] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_STR_R0_r0,0);
385     cmddataword[2] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_MOV_R0_PC,0);
386     cmddataword[3] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_STR_R0_r0,0);
387     cmddataword[4] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_BX_PC,0);
388     cmddataword[5] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP,0);
389     cmddataword[6] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP,0);
390     jtagarm7tdmi_resettap();                  // seems necessary for some reason.  ugh.
391   }
392   return(retval);
393 }
394
395
396
397
398 /************************* EmbeddedICE Primitives ****************************/
399 //! shifter for writing to chain2 (EmbeddedICE). 
400 unsigned long eice_write(unsigned char reg, unsigned long data){
401   unsigned long retval, temp;
402   debugstr("eice_write");
403   debughex(reg);
404   debughex32(data);
405   jtagarm7tdmi_scan_intest(2);
406   // Now shift in the 32 bits
407   SHIFT_DR;
408   retval = jtagarmtransn(data, 32, LSB, NOEND, NORETIDLE);          // send in the data - 32-bits lsb
409   temp = jtagarmtransn(reg, 5, LSB, NOEND, NORETIDLE);              // send in the register address - 5 bits lsb
410   jtagarmtransn(1, 1, LSB, END, RETIDLE);                           // send in the WRITE bit
411   
412   //SETTMS;   // Last Bit - Exit UPDATE_DR
413   //// is this update a read/write or just read?
414   //SETMOSI;
415   //jtag_arm_tcktock();
416   
417   return(retval); 
418 }
419
420 //! shifter for reading from chain2 (EmbeddedICE).
421 unsigned long eice_read(unsigned char reg){               // PROVEN
422   unsigned long temp, retval;
423   debugstr("eice_read");
424   debughex(reg);
425   jtagarm7tdmi_scan_intest(2);
426
427   // send in the register address - 5 bits LSB
428   SHIFT_DR;
429   temp = jtagarmtransn(reg, 5, LSB, NOEND, NORETIDLE);
430   
431   // clear TDI to select "read only"
432   jtagarmtransn(0, 1, LSB, END, RETIDLE);
433   
434   SHIFT_DR;
435   // Now shift out the 32 bits
436   retval = jtagarmtransn(0, 32, LSB, END, RETIDLE);   // atmel arm jtag docs pp.10-11: LSB first
437   debughex32(retval);
438   return(retval);   // atmel arm jtag docs pp.10-11: LSB first
439   
440 }
441
442
443
444
445 /************************* ICEBreaker/EmbeddedICE Stuff ******************************/
446 //! Grab debug register
447 unsigned long jtagarm7tdmi_get_dbgstate() {       // ICE Debug register, *NOT* ARM register DSCR    //    PROVEN
448   //jtagarm7tdmi_resettap();
449   return eice_read(EICE_DBGSTATUS);
450 }
451
452 //! Grab debug register
453 unsigned long jtagarm7tdmi_get_dbgctrl() {
454   return eice_read(EICE_DBGCTRL);
455 }
456
457 //! Update debug register
458 unsigned long jtagarm7tdmi_set_dbgctrl(unsigned long bits) {
459   return eice_write(EICE_DBGCTRL, bits);
460 }
461
462
463
464 //!  Set and Enable Watchpoint 0
465 void jtagarm7tdmi_set_watchpoint0(unsigned long addr, unsigned long addrmask, unsigned long data, unsigned long datamask, unsigned long ctrl, unsigned long ctrlmask){
466   // store watchpoint info?  - not right now
467     // FIXME: store info
468
469   eice_write(EICE_WP0ADDR, addr);           // write 0 in watchpoint 0 address
470   eice_write(EICE_WP0ADDRMASK, addrmask);   // write 0xffffffff in watchpoint 0 address mask
471   eice_write(EICE_WP0DATA, data);           // write 0 in watchpoint 0 data
472   eice_write(EICE_WP0DATAMASK, datamask);   // write 0xffffffff in watchpoint 0 data mask
473   eice_write(EICE_WP0CTRL, ctrlmask);       // write 0x00000100 in watchpoint 0 control value register (enables watchpoint)
474   eice_write(EICE_WP0CTRLMASK, ctrlmask);   // write 0xfffffff7 in watchpoint 0 control mask - only detect the fetch instruction
475 }
476
477 //!  Set and Enable Watchpoint 1
478 void jtagarm7tdmi_set_watchpoint1(unsigned long addr, unsigned long addrmask, unsigned long data, unsigned long datamask, unsigned long ctrl, unsigned long ctrlmask){
479   // store watchpoint info?  - not right now
480     // FIXME: store info
481
482   eice_write(EICE_WP1ADDR, addr);           // write 0 in watchpoint 1 address
483   eice_write(EICE_WP1ADDRMASK, addrmask);   // write 0xffffffff in watchpoint 1 address mask
484   eice_write(EICE_WP1DATA, data);           // write 0 in watchpoint 1 data
485   eice_write(EICE_WP1DATAMASK, datamask);   // write 0xffffffff in watchpoint 1 data mask
486   eice_write(EICE_WP1CTRL, ctrl);           // write 0x00000100 in watchpoint 1 control value register (enables watchpoint)
487   eice_write(EICE_WP1CTRLMASK, ctrlmask);   // write 0xfffffff7 in watchpoint 1 control mask - only detect the fetch instruction
488 }
489
490 //!  Disable Watchpoint 0
491 void jtagarm7tdmi_disable_watchpoint0(){
492   eice_write(EICE_WP0CTRL, 0x0); // write 0 in watchpoint 0 control value - disables watchpoint 0
493 }
494   
495 //!  Disable Watchpoint 1
496 void jtagarm7tdmi_disable_watchpoint1(){
497   eice_write(EICE_WP1CTRL, 0x0);            // write 0 in watchpoint 0 control value - disables watchpoint 0
498 }
499
500
501
502 /******************** Complex Commands **************************/
503
504 //! Push an instruction into the CPU pipeline
505 //  NOTE!  Must provide EXECNOPARM for parameter if no parm is required.
506 unsigned long jtagarm7tdmi_exec(unsigned long instr, unsigned long parameter, unsigned char systemspeed) {
507   unsigned long retval;
508
509   debughex32(jtagarm7tdmi_nop( 0));
510   debughex32(jtagarm7tdmi_nop(systemspeed));
511   debughex32(jtagarm7tdmi_instr_primitive(instr, 0));      // write 32-bit instruction code into DR
512   debughex32(jtagarm7tdmi_nop( 0));
513   debughex32(jtagarm7tdmi_nop( 0));
514   debughex32(jtagarm7tdmi_instr_primitive(parameter, 0));  // inject long
515   retval = jtagarm7tdmi_nop( 0);
516   debughex32(retval);
517   debughex32(jtagarm7tdmi_nop( 0));
518   debughex32(jtagarm7tdmi_nop( 0));
519
520   return(retval);
521 }
522
523 //! Retrieve a 32-bit Register value
524 unsigned long jtagarm7tdmi_get_register(unsigned long reg) {
525   unsigned long retval = 0, instr, reg2;
526   reg2 = (reg&0xf);
527   // push nop into pipeline - clean out the pipeline...
528   instr = (unsigned long)(reg<<12) | (unsigned long)ARM_READ_REG;   // STR Rx, [R14] 
529   instr |= (unsigned long)((unsigned long)reg2<<8)<<8;
530   //instr = (unsigned long)(((unsigned long)reg<<12) | ARM_READ_REG); 
531   //debugstr("Reading:");
532   debughex32(instr);
533
534   jtagarm7tdmi_nop( 0);
535   jtagarm7tdmi_nop( 0);
536   jtagarm7tdmi_nop( 0);
537   jtagarm7tdmi_instr_primitive(instr, 0);
538   jtagarm7tdmi_nop( 0);                // push nop into pipeline - fetched
539   jtagarm7tdmi_nop( 0);                // push nop into pipeline - decoded
540   jtagarm7tdmi_nop( 0);                // push nop into pipeline - executed 
541   retval = jtagarm7tdmi_nop( 0);                        // recover 32-bit word
542   debughex32(retval);
543   jtagarm7tdmi_nop( 0);
544   jtagarm7tdmi_nop( 0);
545   jtagarm7tdmi_nop( 0);
546   return retval;
547 }
548
549 //! Set a 32-bit Register value
550 void jtagarm7tdmi_set_register(unsigned long reg, unsigned long val) {
551   unsigned long instr, reg2;
552   reg2 = (reg&0xf);
553   instr = (unsigned long)(((unsigned long)reg<<12) | ARM_WRITE_REG); //  LDR Rx, [R14]
554   instr |= (unsigned long)((unsigned long)reg2<<8)<<8;
555   //instr |= (unsigned long)((((unsigned long)reg)&0x7)<<8)<<8;
556   //debugstr("Writing:");
557   debughex32(instr);
558   //debughex32(val);
559   jtagarm7tdmi_nop( 0);            // push nop into pipeline - clean out the pipeline...
560   jtagarm7tdmi_nop( 0);            // push nop into pipeline - clean out the pipeline...
561   jtagarm7tdmi_instr_primitive(instr, 0); // push instr into pipeline - fetch
562   jtagarm7tdmi_nop( 0);            // push nop into pipeline - decode
563   //jtagarm7tdmi_nop( 0);            // push nop into pipeline - execute
564   
565   jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
566   jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
567   jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
568   jtagarm7tdmi_nop( 0);            // push nop into pipeline - executed 
569   jtagarm7tdmi_nop( 0);            // push nop into pipeline - executed 
570
571   if (reg == ARM_REG_PC){
572     jtagarm7tdmi_nop( 0);
573     jtagarm7tdmi_nop( 0);
574   }
575   jtagarm7tdmi_nop( 0);
576 }
577
578
579
580 //! Get all registers, placing them into cmddatalong[0-15]
581 void jtagarm7tdmi_get_registers() {
582   debugstr("First 8 registers:");
583   debugstr("   Instr and the first few pops from the instruction chain:");
584   debughex32(ARM_INSTR_SKANKREGS1);
585   debughex32(jtagarm7tdmi_nop( 0));
586   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_SKANKREGS1,0));
587   debughex32(jtagarm7tdmi_nop( 0));
588   debughex32(jtagarm7tdmi_nop( 0));
589   cmddatalong[ 0] = jtagarm7tdmi_nop( 0);
590   cmddatalong[ 1] = jtagarm7tdmi_nop( 0);
591   cmddatalong[ 2] = jtagarm7tdmi_nop( 0);
592   cmddatalong[ 3] = jtagarm7tdmi_nop( 0);
593   cmddatalong[ 4] = jtagarm7tdmi_nop( 0);
594   cmddatalong[ 5] = jtagarm7tdmi_nop( 0);
595   cmddatalong[ 6] = jtagarm7tdmi_nop( 0);
596   cmddatalong[ 7] = jtagarm7tdmi_nop( 0);
597
598   debugstr("Last 8 registers:");
599   debugstr("   Instr and the first few pops from the instruction chain:");
600   debughex32(ARM_INSTR_SKANKREGS2);
601   debughex32(jtagarm7tdmi_nop( 0));
602   //jtagarm7tdmi_nop( 0);
603   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_SKANKREGS2,0));
604   debughex32(jtagarm7tdmi_nop( 0));
605   debughex32(jtagarm7tdmi_nop( 0));
606   //jtagarm7tdmi_nop( 0);
607   //jtagarm7tdmi_nop( 0);
608   cmddatalong[ 8] = jtagarm7tdmi_nop( 0);
609   cmddatalong[ 9] = jtagarm7tdmi_nop( 0);
610   cmddatalong[10] = jtagarm7tdmi_nop( 0);
611   cmddatalong[11] = jtagarm7tdmi_nop( 0);
612   cmddatalong[12] = jtagarm7tdmi_nop( 0);
613   cmddatalong[13] = jtagarm7tdmi_nop( 0);
614   cmddatalong[14] = jtagarm7tdmi_nop( 0);
615   cmddatalong[15] = jtagarm7tdmi_nop( 0);
616   jtagarm7tdmi_nop( 0);
617 }
618
619 //! Set all registers from cmddatalong[0-15]
620 void jtagarm7tdmi_set_registers() {   //FIXME: BORKEN... TOTALLY TRYING TO BUY A VOWEL
621   debughex32(ARM_INSTR_CLOBBEREGS);
622   jtagarm7tdmi_nop( 0);
623   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_CLOBBEREGS,0));
624   jtagarm7tdmi_nop( 0);
625   jtagarm7tdmi_nop( 0);
626   debughex32(jtagarm7tdmi_instr_primitive(0x40,0));
627   debughex32(jtagarm7tdmi_instr_primitive(0x41,0));
628   debughex32(jtagarm7tdmi_instr_primitive(0x42,0));
629   debughex32(jtagarm7tdmi_instr_primitive(0x43,0));
630   debughex32(jtagarm7tdmi_instr_primitive(0x44,0));
631   debughex32(jtagarm7tdmi_instr_primitive(0x45,0));
632   debughex32(jtagarm7tdmi_instr_primitive(0x46,0));
633   debughex32(jtagarm7tdmi_instr_primitive(0x47,0));
634   debughex32(jtagarm7tdmi_instr_primitive(0x48,0));
635   debughex32(jtagarm7tdmi_instr_primitive(0x49,0));
636   debughex32(jtagarm7tdmi_instr_primitive(0x4a,0));
637   debughex32(jtagarm7tdmi_instr_primitive(0x4b,0));
638   debughex32(jtagarm7tdmi_instr_primitive(0x4c,0));
639   debughex32(jtagarm7tdmi_instr_primitive(0x4d,0));
640   debughex32(jtagarm7tdmi_instr_primitive(0x4e,0));
641   debughex32(jtagarm7tdmi_instr_primitive(0x4f,0));
642 }
643
644 //! Retrieve the CPSR Register value
645 unsigned long jtagarm7tdmi_get_regCPSR() {
646   unsigned long retval = 0;
647
648   debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - clean out the pipeline...
649   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_MRS_R0_CPSR, 0)); // push MRS_R0, CPSR into pipeline
650   debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - fetched
651   debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - decoded
652   debughex32(jtagarm7tdmi_nop( 0)); // push nop into pipeline - executed 
653   retval = jtagarm7tdmi_nop( 0);        // recover 32-bit word
654   debughex32(retval);
655   return retval;
656 }
657
658 //! Retrieve the CPSR Register value
659 unsigned long jtagarm7tdmi_set_regCPSR(unsigned long val) {
660   unsigned long retval = 0;
661
662   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - clean out the pipeline...
663   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_MSR_cpsr_cxsf_R0, 0)); // push MSR cpsr_cxsf, R0 into pipeline
664   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - fetched
665   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - decoded
666   
667   retval = jtagarm7tdmi_instr_primitive(val, 0);// push 32-bit word on data bus
668   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - executed 
669   debughex32(retval);
670   return(retval);
671 }
672
673 //! Write data to address - Assume TAP in run-test/idle state
674 unsigned long jtagarm7tdmi_writemem(unsigned long adr, unsigned long data){
675   unsigned long r0=0, r1=-1;
676
677   r0 = jtagarm7tdmi_get_register(0);        // store R0 and R1
678   r1 = jtagarm7tdmi_get_register(1);
679   jtagarm7tdmi_set_register(0, adr);        // write address into R0
680   jtagarm7tdmi_set_register(1, data);       // write data in R1
681   jtagarm7tdmi_nop( 0);                     // push nop into pipeline to "clean" it ???
682   jtagarm7tdmi_nop( 1);                     // push nop into pipeline with BREAKPT set
683   jtagarm7tdmi_instr_primitive(ARM_INSTR_LDR_R1_r0_4, 0); // push LDR R1, R0, #4 into instruction pipeline
684   jtagarm7tdmi_nop( 0);                     // push nop into pipeline
685   jtagarm7tdmi_set_register(1, r1);         // restore R0 and R1 
686   jtagarm7tdmi_set_register(0, r0);
687   return(-1);
688 }
689
690
691
692
693 //! Read data from address
694 unsigned long jtagarm7tdmi_readmem(unsigned long adr){
695   unsigned long retval = 0;
696   unsigned long r0=0, r1=-1;
697   int waitcount = 0xfff;
698
699   r0 = jtagarm7tdmi_get_register(0);        // store R0 and R1
700   r1 = jtagarm7tdmi_get_register(1);
701   jtagarm7tdmi_set_register(0, adr);        // write address into R0
702   jtagarm7tdmi_nop( 0);                     // push nop into pipeline to "clean" it ???
703   jtagarm7tdmi_nop( 1);                     // push nop into pipeline with BREAKPT set
704   jtagarm7tdmi_instr_primitive(ARM_INSTR_LDR_R1_r0_4, 0); // push LDR R1, R0, #4 into instruction pipeline
705   jtagarm7tdmi_nop( 0);                     // push nop into pipeline
706   jtagarm7tdmi_restart();                   // SHIFT_IR with RESTART instruction
707
708   // Poll the Debug Status Register for DBGACK and nMREQ to be HIGH
709   while ((jtagarm7tdmi_get_dbgstate() & 9) == 0  && waitcount > 0){
710     delay(1);
711     waitcount --;
712   }
713   if (waitcount == 0){
714     return (-1);
715   } else {
716     retval = jtagarm7tdmi_get_register(1);  // read memory value from R1 register
717     jtagarm7tdmi_set_register(1, r1);         // restore R0 and R1 
718     jtagarm7tdmi_set_register(0, r0);
719   }
720   return retval;
721 }
722
723
724 //! Read Program Counter
725 unsigned long jtagarm7tdmi_getpc(){
726   return jtagarm7tdmi_get_register(ARM_REG_PC);
727 }
728
729 //! Set Program Counter
730 void jtagarm7tdmi_setpc(unsigned long adr){
731   jtagarm7tdmi_set_register(ARM_REG_PC, adr);
732 }
733
734 //! Halt CPU - returns 0xffff if the operation fails to complete within 
735 unsigned long jtagarm7tdmi_haltcpu(){                   //  PROVEN
736   int waitcount = 0xfff;
737
738 /********  OLD WAY  ********/
739   // store watchpoint info?  - not right now
740   eice_write(EICE_WP1ADDR, 0);              // write 0 in watchpoint 1 address
741   eice_write(EICE_WP1ADDRMASK, 0xffffffff); // write 0xffffffff in watchpoint 1 address mask
742   eice_write(EICE_WP1DATA, 0);              // write 0 in watchpoint 1 data
743   eice_write(EICE_WP1DATAMASK, 0xffffffff); // write 0xffffffff in watchpoint 1 data mask
744   eice_write(EICE_WP1CTRL, 0x100);          // write 0x00000100 in watchpoint 1 control value register (enables watchpoint)
745   eice_write(EICE_WP1CTRLMASK, 0xfffffff7); // write 0xfffffff7 in watchpoint 1 control mask - only detect the fetch instruction
746 /***************************/
747
748 /********  NEW WAY  *********/
749 //  eice_write(EICE_DBGCTRL, JTAG_ARM7TDMI_DBG_DBGRQ);  // r/o register?
750 /****************************/
751
752   // poll until debug status says the cpu is in debug mode
753   while (!(jtagarm7tdmi_get_dbgstate() & 0x1)   && waitcount-- > 0){
754     delay(1);
755   }
756
757 /********  OLD WAY  ********/
758   eice_write(EICE_WP1CTRL, 0x0);            // write 0 in watchpoint 0 control value - disables watchpoint 0
759 /***************************/
760
761 /********  NEW WAY  ********/
762 //  eice_write(EICE_DBGCTRL, 0);        // r/o register?
763 /***************************/
764
765   // store the debug state
766   last_halt_debug_state = jtagarm7tdmi_get_dbgstate();
767   last_halt_pc = jtagarm7tdmi_getpc() - 4;  // assume -4 for entering debug mode via watchpoint.
768   count_dbgspd_instr_since_debug = 0;
769   count_sysspd_instr_since_debug = 0;
770
771   // get into ARM mode if the T flag is set (Thumb mode)
772   while (jtagarm7tdmi_get_dbgstate() & JTAG_ARM7TDMI_DBG_TBIT && waitcount-- > 0) {
773     jtagarm7tdmi_setMode_ARM();
774   }
775   jtagarm7tdmi_resettap();
776   return waitcount;
777 }
778
779 unsigned long jtagarm7tdmi_releasecpu(){
780   int waitcount = 0xfff;
781   unsigned long instr;
782   // somehow determine what PC should be (a couple ways possible, calculations required)
783   jtagarm7tdmi_nop(0);                          // NOP
784   jtagarm7tdmi_nop(1);                          // NOP/BREAKPT
785
786   if (last_halt_debug_state & JTAG_ARM7TDMI_DBG_TBIT){      // FIXME:  FORNICATED!  BX requires register, thus more instrs... could we get away with the same instruction but +1 to offset?
787     instr = ARM_INSTR_B_PC + 0x1000001 - (count_dbgspd_instr_since_debug) - (count_sysspd_instr_since_debug*3);  //FIXME: make this right  - can't we just do an a7solute b/bx?
788     jtagarm7tdmi_instr_primitive(instr,0);
789   } else {
790     instr = ARM_INSTR_B_PC + 0x1000000 - (count_dbgspd_instr_since_debug*4) - (count_sysspd_instr_since_debug*12);
791     jtagarm7tdmi_instr_primitive(instr,0);
792   }
793
794   SHIFT_IR;
795   jtagarmtransn(ARM7TDMI_IR_RESTART,4,LSB,END,RETIDLE); // VERB_RESTART
796
797   // wait until restart-bit set in debug state register
798   while ((jtagarm7tdmi_get_dbgstate() & JTAG_ARM7TDMI_DBG_DBGACK) && waitcount > 0){
799     msdelay(1);
800     waitcount --;
801   }
802   last_halt_debug_state = -1;
803   last_halt_pc = -1;
804   return 0;
805 }
806  
807
808
809
810 ///////////////////////////////////////////////////////////////////////////////////////////////////
811 //! Handles ARM7TDMI JTAG commands.  Forwards others to JTAG.
812 void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len){
813   register char blocks;
814   
815   unsigned int i,val;
816   unsigned long at;
817   
818   jtagarm7tdmi_resettap();
819  
820   switch(verb){
821   case START:
822     //Enter JTAG mode.
823     debughex32(jtagarm7tdmi_start());
824     debughex32(jtagarm7tdmi_haltcpu());
825     //jtagarm7tdmi_resettap();
826     debughex32(jtagarm7tdmi_get_dbgstate());
827     
828     // DEBUG: FIXME: NOT PART OF OPERATIONAL CODE
829     //for (mlop=2;mlop<4;mlop++){
830     //  jtagarm7tdmi_set_register(mlop, 0x43424140);
831     //} 
832     /////////////////////////////////////////////
833     txdata(app,verb,0x4);
834     break;
835   case JTAGARM7TDMI_READMEM:
836   case PEEK:
837     blocks=(len>4?cmddata[4]:1);
838     at=cmddatalong[0];
839     
840     len=0x80;
841     txhead(app,verb,len);
842     
843     while(blocks--){
844       for(i=0;i<len;i+=2){
845         jtagarm7tdmi_resettap();
846         delay(10);
847         
848         val=jtagarm7tdmi_readmem(at);
849                 
850         at+=2;
851         serial_tx(val&0xFF);
852         serial_tx((val&0xFF00)>>8);
853       }
854     }
855     
856     break;
857   case JTAGARM7TDMI_GET_CHIP_ID:
858         jtagarm7tdmi_resettap();
859     cmddatalong[0] = jtagarm7tdmi_idcode();
860     txdata(app,verb,4);
861     break;
862
863
864   case JTAGARM7TDMI_WRITEMEM:
865   case POKE:
866         jtagarm7tdmi_resettap();
867     jtagarm7tdmi_writemem(cmddatalong[0],
868                        cmddataword[2]);
869     cmddataword[0]=jtagarm7tdmi_readmem(cmddatalong[0]);
870     txdata(app,verb,2);
871     break;
872
873   case JTAGARM7TDMI_HALTCPU:  
874     cmddatalong[0] = jtagarm7tdmi_haltcpu();
875     txdata(app,verb,4);
876     break;
877   case JTAGARM7TDMI_RELEASECPU:
878         jtagarm7tdmi_resettap();
879     cmddatalong[0] = jtagarm7tdmi_releasecpu();
880     txdata(app,verb,4);
881     break;
882   //unimplemented functions
883   //case JTAGARM7TDMI_SETINSTRFETCH:
884   //case JTAGARM7TDMI_WRITEFLASH:
885   //case JTAGARM7TDMI_ERASEFLASH:
886   case JTAGARM7TDMI_SET_PC:
887     jtagarm7tdmi_setpc(cmddatalong[0]);
888     txdata(app,verb,0);
889     break;
890   case JTAGARM7TDMI_GET_DEBUG_CTRL:
891     cmddatalong[0] = jtagarm7tdmi_get_dbgctrl();
892     txdata(app,verb,1);
893     break;
894   case JTAGARM7TDMI_SET_DEBUG_CTRL:
895     cmddatalong[0] = jtagarm7tdmi_set_dbgctrl(cmddata[0]);
896     txdata(app,verb,4);
897     break;
898   case JTAGARM7TDMI_GET_PC:
899     cmddatalong[0] = jtagarm7tdmi_getpc();
900     txdata(app,verb,4);
901     break;
902   case JTAGARM7TDMI_GET_DEBUG_STATE:
903     //jtagarm7tdmi_resettap();            // Shouldn't need this, but currently do.  FIXME!
904     cmddatalong[0] = jtagarm7tdmi_get_dbgstate();
905     txdata(app,verb,4);
906     break;
907   //case JTAGARM7TDMI_GET_WATCHPOINT:
908   //case JTAGARM7TDMI_SET_WATCHPOINT:
909   case JTAGARM7TDMI_GET_REGISTER:
910         jtagarm7tdmi_resettap();
911     val = cmddata[0];
912     cmddatalong[0] = jtagarm7tdmi_get_register(val);
913     //debughex32(cmddatalong[0]);
914     txdata(app,verb,4);
915     break;
916   case JTAGARM7TDMI_SET_REGISTER:           // FIXME: NOT AT ALL CORRECT, THIS IS TESTING CODE ONLY
917         jtagarm7tdmi_resettap();
918     debughex32(cmddatalong[1]);
919     jtagarm7tdmi_set_register(cmddata[0], cmddatalong[1]);
920     cmddatalong[0] = cmddatalong[1];
921     txdata(app,verb,4);
922     break;
923   case JTAGARM7TDMI_GET_REGISTERS:
924         jtagarm7tdmi_resettap();
925     jtagarm7tdmi_get_registers();
926     txdata(app,verb,64);
927     break;
928   case JTAGARM7TDMI_SET_REGISTERS:
929         jtagarm7tdmi_resettap();
930     jtagarm7tdmi_set_registers();
931     txdata(app,verb,64);
932     break;
933   case JTAGARM7TDMI_DEBUG_INSTR:
934         jtagarm7tdmi_resettap();
935     cmddataword[0] = jtagarm7tdmi_exec(cmddataword[0], cmddataword[1], cmddata[9]);
936     txdata(app,verb,80);
937     break;
938   //case JTAGARM7TDMI_STEP_INSTR:
939 /*  case JTAGARM7TDMI_READ_CODE_MEMORY:
940   case JTAGARM7TDMI_WRITE_FLASH_PAGE:
941   case JTAGARM7TDMI_READ_FLASH_PAGE:
942   case JTAGARM7TDMI_MASS_ERASE_FLASH:
943   case JTAGARM7TDMI_PROGRAM_FLASH:
944   case JTAGARM7TDMI_LOCKCHIP:
945   case JTAGARM7TDMI_CHIP_ERASE:
946   */
947 // Really ARM specific stuff
948   case JTAGARM7TDMI_GET_CPSR:
949         jtagarm7tdmi_resettap();
950     cmddatalong[0] = jtagarm7tdmi_get_regCPSR();
951     txdata(app,verb,4);
952     break;
953   case JTAGARM7TDMI_SET_CPSR:
954         jtagarm7tdmi_resettap();
955     cmddatalong[0] = jtagarm7tdmi_set_regCPSR(cmddatalong[0]);
956     txdata(app,verb,4);
957     break;
958   case JTAGARM7TDMI_GET_SPSR:           // FIXME: NOT CORRECT
959         jtagarm7tdmi_resettap();
960     cmddatalong[0] = jtagarm7tdmi_get_regCPSR();
961     txdata(app,verb,4);
962     break;
963   case JTAGARM7TDMI_SET_SPSR:           // FIXME: NOT CORRECT
964         jtagarm7tdmi_resettap();
965     cmddatalong[0] = jtagarm7tdmi_set_regCPSR(cmddatalong[0]);
966     txdata(app,verb,4);
967     break;
968   case JTAGARM7TDMI_SET_MODE_THUMB:
969   case JTAGARM7TDMI_SET_MODE_ARM:
970         jtagarm7tdmi_resettap();
971     cmddataword[0] = jtagarm7tdmi_setMode_ARM();
972     txdata(app,verb,4);
973     break;
974     
975   case 0xD0:          // loopback test
976     jtagarm7tdmi_resettap();
977     cmddatalong[0] = jtagarm7tdmi_bypass(cmddatalong[0]);
978     txdata(app,verb,4);
979     break;
980   case 0xD8:          // EICE_READ
981     jtagarm7tdmi_resettap();
982     cmddatalong[0] = eice_read(cmddatalong[0]);
983     txdata(app,verb,4);
984     break;
985   case 0xD9:          // EICE_WRITE
986     jtagarm7tdmi_resettap();
987     cmddatalong[0] = eice_write(cmddatalong[0], cmddatalong[1]);
988     txdata(app,verb,4);
989     break;
990   case 0xDA:          // TEST MSB THROUGH CHAIN0 and CHAIN1
991     jtagarm7tdmi_resettap();
992     jtagarm7tdmi_scan_intest(0);
993     cmddatalong[0] = jtagarmtransn(0x41414141, 32, LSB, NOEND, NORETIDLE);
994     cmddatalong[1] = jtagarmtransn(0x42424242, 32, MSB, NOEND, NORETIDLE);
995     cmddatalong[2] = jtagarmtransn(0x43434343,  9, MSB, NOEND, NORETIDLE);
996     cmddatalong[3] = jtagarmtransn(0x44444444, 32, MSB, NOEND, NORETIDLE);
997     cmddatalong[4] = jtagarmtransn(cmddatalong[0], 32, LSB, NOEND, NORETIDLE);
998     cmddatalong[5] = jtagarmtransn(cmddatalong[1], 32, MSB, NOEND, NORETIDLE);
999     cmddatalong[6] = jtagarmtransn(cmddatalong[2],  9, MSB, NOEND, NORETIDLE);
1000     cmddatalong[7] = jtagarmtransn(cmddatalong[3], 32, MSB, END, RETIDLE);
1001     jtagarm7tdmi_resettap();
1002     jtagarm7tdmi_scan_intest(1);
1003     cmddatalong[8] = jtagarmtransn(0x41414141, 32, MSB, NOEND, NORETIDLE);
1004     cmddatalong[9] = jtagarmtransn(0x44444444,  1, MSB, NOEND, NORETIDLE);
1005     cmddatalong[10] = jtagarmtransn(cmddatalong[8], 32, MSB, NOEND, NORETIDLE);
1006     cmddatalong[11] = jtagarmtransn(cmddatalong[9],  1, MSB, END, RETIDLE);
1007     jtagarm7tdmi_resettap();
1008     txdata(app,verb,48);
1009     break;
1010     
1011   default:
1012     jtaghandle(app,verb,len);
1013   }
1014 }
1015
1016
1017
1018
1019 /*****************************
1020 Captured from FlySwatter against AT91SAM7S, to be used by me for testing.  ignore
1021
1022 > arm reg
1023 System and User mode registers
1024       r0: 300000df       r1: 00000000       r2: 58000000       r3: 00200a75
1025       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1026       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1027      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 000000fc
1028     cpsr: 00000093
1029
1030 FIQ mode shadow registers
1031   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1032  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1033
1034 Supervisor mode shadow registers
1035   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1036
1037 Abort mode shadow registers
1038   sp_abt: 00000000   lr_abt: 00000000 spsr_abt: e00000ff
1039
1040 IRQ mode shadow registers
1041   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1042
1043 Undefined instruction mode shadow registers
1044   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1045
1046 > step;arm reg
1047 target state: halted
1048 target halted in ARM state due to single-step, current mode: Supervisor
1049 cpsr: 0x00000093 pc: 0x00000100
1050 System and User mode registers
1051       r0: 300000df       r1: 00000000       r2: 00200000       r3: 00200a75 
1052       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c 
1053       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000 
1054      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000100 
1055     cpsr: 00000093 
1056
1057 FIQ mode shadow registers
1058   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000 
1059  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb 
1060
1061 Supervisor mode shadow registers
1062   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3 
1063
1064 Abort mode shadow registers
1065   sp_abt: 00000000   lr_abt: 00000000 spsr_abt: e00000ff 
1066
1067 IRQ mode shadow registers
1068   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b 
1069
1070 Undefined instruction mode shadow registers
1071   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df 
1072
1073  step;arm reg
1074 target state: halted
1075 target halted in ARM state due to single-step, current mode: Abort
1076 cpsr: 0x00000097 pc: 0x00000010
1077 System and User mode registers
1078       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75 
1079       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c 
1080       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000 
1081      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010 
1082     cpsr: 00000097 
1083
1084 FIQ mode shadow registers
1085   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000 
1086  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb 
1087
1088 Supervisor mode shadow registers
1089   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3 
1090
1091 Abort mode shadow registers
1092   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093 
1093
1094 IRQ mode shadow registers
1095   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b 
1096
1097 Undefined instruction mode shadow registers
1098   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df 
1099 > step;arm reg
1100 target state: halted
1101 target halted in ARM state due to single-step, current mode: Abort
1102 cpsr: 0x00000097 pc: 0x00000010
1103 System and User mode registers
1104       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75 
1105       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c 
1106       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000 
1107      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010 
1108     cpsr: 00000097 
1109
1110 FIQ mode shadow registers
1111   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000 
1112  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb 
1113
1114 Supervisor mode shadow registers
1115   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3 
1116
1117 Abort mode shadow registers
1118   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093 
1119
1120 IRQ mode shadow registers
1121   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b 
1122
1123 Undefined instruction mode shadow registers
1124   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df 
1125 > step;arm reg
1126 target state: halted
1127 target halted in ARM state due to single-step, current mode: Abort
1128 cpsr: 0x00000097 pc: 0x00000010
1129 System and User mode registers
1130       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1131       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1132       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1133      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1134     cpsr: 00000097
1135
1136 FIQ mode shadow registers
1137   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1138  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1139
1140 Supervisor mode shadow registers
1141   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1142
1143 Abort mode shadow registers
1144   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1145
1146 IRQ mode shadow registers
1147   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1148
1149 Undefined instruction mode shadow registers
1150   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1151 > step;arm reg
1152 target state: halted
1153 target halted in ARM state due to single-step, current mode: Abort
1154 cpsr: 0x00000097 pc: 0x00000010
1155 System and User mode registers
1156       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1157       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1158       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1159      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1160     cpsr: 00000097
1161
1162 FIQ mode shadow registers
1163   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1164  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1165
1166 Supervisor mode shadow registers
1167   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1168
1169 Abort mode shadow registers
1170   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1171
1172 IRQ mode shadow registers
1173   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1174
1175 Undefined instruction mode shadow registers
1176   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1177 > step;arm reg
1178 target state: halted
1179 target halted in ARM state due to single-step, current mode: Abort
1180 cpsr: 0x00000097 pc: 0x00000010
1181 System and User mode registers
1182       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1183       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1184       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1185      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1186     cpsr: 00000097
1187
1188 FIQ mode shadow registers
1189   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1190  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1191
1192 Supervisor mode shadow registers
1193   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1194
1195 Abort mode shadow registers
1196   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1197
1198 IRQ mode shadow registers
1199   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1200
1201 Undefined instruction mode shadow registers
1202   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1203 > step;arm reg
1204 target state: halted
1205 target halted in ARM state due to single-step, current mode: Abort
1206 cpsr: 0x00000097 pc: 0x00000010
1207 System and User mode registers
1208       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1209       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1210       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1211      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1212     cpsr: 00000097
1213
1214 FIQ mode shadow registers
1215   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1216  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1217
1218 Supervisor mode shadow registers
1219   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1220
1221 Abort mode shadow registers
1222   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1223
1224 IRQ mode shadow registers
1225   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1226
1227 Undefined instruction mode shadow registers
1228   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1229 > step;arm reg
1230 target state: halted
1231 target halted in ARM state due to single-step, current mode: Abort
1232 cpsr: 0x00000097 pc: 0x00000010
1233 System and User mode registers
1234       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1235       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1236       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1237      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1238     cpsr: 00000097
1239
1240 FIQ mode shadow registers
1241   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1242  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1243
1244 Supervisor mode shadow registers
1245   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1246
1247 Abort mode shadow registers
1248   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1249
1250 IRQ mode shadow registers
1251   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1252
1253 Undefined instruction mode shadow registers
1254   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1255 > step;arm reg
1256 target state: halted
1257 target halted in ARM state due to single-step, current mode: Abort
1258 cpsr: 0x00000097 pc: 0x00000010
1259 System and User mode registers
1260       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1261       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1262       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1263      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1264     cpsr: 00000097
1265
1266 FIQ mode shadow registers
1267   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1268  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1269
1270 Supervisor mode shadow registers
1271   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1272
1273 Abort mode shadow registers
1274   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1275
1276 IRQ mode shadow registers
1277   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1278
1279 Undefined instruction mode shadow registers
1280   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1281 > step;arm reg
1282 target state: halted
1283 target halted in ARM state due to single-step, current mode: Abort
1284 cpsr: 0x00000097 pc: 0x00000010
1285 System and User mode registers
1286       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1287       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1288       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1289      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1290     cpsr: 00000097
1291
1292 FIQ mode shadow registers
1293   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1294  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1295
1296 Supervisor mode shadow registers
1297   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1298
1299 Abort mode shadow registers
1300   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1301
1302 IRQ mode shadow registers
1303   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1304
1305 Undefined instruction mode shadow registers
1306   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1307 >
1308 */