w00t! jtagarm7 committed and included in build.
[goodfet] / firmware / apps / jtag / jtagarm7tdmi.c
1 /*! \file jtagarm7tdmi.c
2   \brief ARM7TDMI JTAG (AT91R40008, AT91SAM7xxx)
3 */
4
5 #include "platform.h"
6 #include "command.h"
7 #include "jtag.h"
8 #include "jtagarm7tdmi.h"
9
10
11 /**** 20-pin Connection Information (pin1 is on top-right for both connectors)****
12 GoodFET  ->  7TDMI 20-pin connector (HE-10 connector)
13   1               13 (TDO)
14   2               1  (Vdd)
15   3               5  (TDI)
16   5               7  (TMS)
17   7               9  (TCK)
18   8               15 (nRST)
19   9               4,6,8,10,12,14,16,18,20 (GND)
20   11              17/3 (nTRST)  (different sources suggest 17 or 3 alternately)
21 ********************************/
22
23 /**** 14-pin Connection Information (pin1 is on top-right for both connectors)****
24 GoodFET  ->  7TDMI 14-pin connector
25   1               11 (TDO)
26   2               1  (Vdd)
27   3               5  (TDI)
28   5               7  (TMS)
29   7               9  (TCK)
30   8               12 (nRST)
31   9               2,4,6,8,10,14 (GND)
32   11              3 (nTRST)
33
34 http://hri.sourceforge.net/tools/jtag_faq_org.html
35 ********************************/
36
37
38
39
40
41
42 /****************************************************************
43 Enabling jtag likely differs with most platforms.  We will attempt to enable most from here.  Override jtagarm7tdmi_start() to extend for other implementations
44 ARM7TDMI enables three different scan chains:
45     * Chain0 - "entire periphery" including data bus
46     * Chain1 - core data bus (subset of Chain0)  - Instruction Pipeline
47     * Chain2 - EmbeddedICE Logic Registers - This is our way into the fun stuff.
48     
49
50 ---
51 You can disable EmbeddedICE-RT by setting the DBGEN input LOW.
52 Caution
53 Hard wiring the DBGEN input LOW permanently disables all debug functionality.
54 When DBGEN is LOW, it inhibits DBGDEWPT, DBGIEBKPT, and EDBGRQ to
55 the core, and DBGACK from the ARM9E-S core is always LOW.
56 ---
57
58
59 ---
60 When the ARM9E-S core is in debug state, you can examine the core and system state
61 by forcing the load and store multiples into the instruction pipeline.
62 Before you can examine the core and system state, the debugger must determine
63 whether the processor entered debug from Thumb state or ARM state, by examining
64 bit 4 of the EmbeddedICE-RT debug status register. If bit 4 is HIGH, the core has
65 entered debug from Thumb state.
66 For more details about determining the core state, see Determining the core and system
67 state on page B-18.
68 ---
69
70
71 --- olimex - http://www.olimex.com/dev/pdf/arm-jtag.pdf
72 JTAG signals description:
73 PIN.1 (VTREF) Target voltage sense. Used to indicate the target’s operating voltage to thedebug tool.
74 PIN.2 (VTARGET) Target voltage. May be used to supply power to the debug tool.
75 PIN.3 (nTRST) JTAG TAP reset, this signal should be pulled up to Vcc in target board.
76 PIN4,6, 8, 10,12,14,16,18,20 Ground. The Gnd-Signal-Gnd-Signal strategy implemented on the 20-way connection scheme improves noiseimmunity on the target connect cable.
77 *PIN.5 (TDI) JTAG serial data in, should be pulled up to Vcc on target board.
78 *PIN.7 (TMS) JTAG TAP Mode Select, should be pulled up to Vcc on target board.
79 *PIN.9 (TCK) JTAG clock.
80 PIN.11 (RTCK) JTAG retimed clock.Implemented on certain ASIC ARM implementations the host ASIC may need to synchronize external inputs (such as JTAG inputs) with its own internal clock.
81 *PIN.13 (TDO) JTAG serial data out.
82 *PIN.15 (nSRST) Target system reset.
83 *PIN.17 (DBGRQ) Asynchronous debug request.  DBGRQ allows an external signal to force the ARM core into debug mode, should be pull down to GND.
84 PIN.19 (DBGACK) Debug acknowledge. The ARM core acknowledges debug-mode inresponse to a DBGRQ input.
85
86
87 -----------  SAMPLE TIMES  -----------
88
89 TDI and TMS are sampled on the rising edge of TCK and TDO transitions appear on the falling edge of TCK. Therefore, TDI and TMS must be written after the falling edge of TCK and TDO must be read after the rising edge of TCK.
90
91 for this module, we keep tck high for all changes/sampling, and then bounce it.
92 ****************************************************************/
93
94
95
96
97 // ! Start JTAG, setup pins, reset TAP and return IDCODE
98 unsigned long jtagarm7tdmi_start() {
99   jtagsetup();
100   jtagarm7tdmi_resettap();
101   return jtagarm7tdmi_idcode();
102 }
103
104
105 //! Reset TAP State Machine       
106 void jtagarm7tdmi_resettap(){               // PROVEN
107   current_chain = -1;
108   jtag_reset_to_runtest_idle();
109 }
110
111
112
113 /************************************************************************
114 * ARM7TDMI core has 6 primary registers to be connected between TDI/TDO
115 *   * Bypass Register
116 *   * ID Code Register
117 *   * Scan Chain Select Register    (4 bits_lsb)
118 *   * Scan Chain 0                  (105 bits: 32_databits_lsb + ctrlbits + 32_addrbits_msb)
119 *   * Scan Chain 1                  (33 bits: 32_bits + BREAKPT)
120 *   * Scan Chain 2                  (38 bits: rw + 5_regbits_msb + 32_databits_msb)
121 ************************************************************************/
122
123
124
125 /************************** Basic JTAG Verb Commands *******************************/
126 //! Grab the core ID.
127 unsigned long jtagarm7tdmi_idcode(){               // PROVEN
128   jtagarm7tdmi_resettap();
129   jtag_goto_shift_ir();
130   jtagtransn(ARM7TDMI_IR_IDCODE, 4, LSB);
131   jtag_goto_shift_dr();
132   return jtagtransn(0,32, LSB);
133 }
134
135 //!  Connect Bypass Register to TDO/TDI
136 //unsigned char jtagarm7tdmi_bypass(){               // PROVEN
137 //  jtagarm7tdmi_resettap();
138 //  jtag_goto_shift_ir();
139 //  return jtagarmtransn(ARM7TDMI_IR_BYPASS, 4, LSB, END, NORETIDLE);
140 //}
141 //!  INTEST verb - do internal test
142 //unsigned char jtagarm7tdmi_intest() { 
143 //  jtag_goto_shift_ir();
144 //  return jtagarmtransn(ARM7TDMI_IR_INTEST, 4, LSB, END, NORETIDLE); 
145 //}
146
147 //!  EXTEST verb - act like the processor to external components
148 //unsigned char jtagarm7tdmi_extest() { 
149 //  jtag_goto_shift_ir();
150 //  return jtagarmtransn(ARM7TDMI_IR_EXTEST, 4, LSB, END, NORETIDLE);
151 //}
152
153 //!  SAMPLE verb
154 //unsigned long jtagarm7tdmi_sample() { 
155 //  jtagarm7tdmi_ir_shift4(ARM7TDMI_IR_SAMPLE);        // ???? same here.
156 //  return jtagtransn(0,32);
157 //}
158
159 //!  RESTART verb
160 unsigned long jtagarm7tdmi_restart() { 
161   unsigned long retval;
162   jtag_goto_shift_ir();
163   retval = jtagtransn(ARM7TDMI_IR_RESTART, 4, LSB); 
164   current_chain = -1;
165   //jtagarm7tdmi_resettap();
166   return retval;
167 }
168
169 //!  ARM7TDMI_IR_CLAMP               0x5
170 //unsigned long jtagarm7tdmi_clamp() { 
171 //  jtagarm7tdmi_resettap();
172 //  jtag_goto_shift_ir();
173 //  jtagarmtransn(ARM7TDMI_IR_CLAMP, 4, LSB, END, NORETIDLE);
174 //  jtag_goto_shift_dr();
175 //  return jtagarmtransn(0, 32, LSB, END, RETIDLE);
176 //}
177
178 //!  ARM7TDMI_IR_HIGHZ               0x7
179 //unsigned char jtagarm7tdmi_highz() { 
180 //  jtagarm7tdmi_resettap();
181 //  jtag_goto_shift_ir();
182 //  return jtagarmtransn(ARM7TDMI_IR_HIGHZ, 4, LSB, END, NORETIDLE);
183 //}
184
185 //! define ARM7TDMI_IR_CLAMPZ              0x9
186 //unsigned char jtagarm7tdmi_clampz() { 
187 //  jtagarm7tdmi_resettap();
188 //  jtag_goto_shift_ir();
189 //  return jtagarmtransn(ARM7TDMI_IR_CLAMPZ, 4, LSB, END, NORETIDLE);
190 //}
191
192
193 //!  Connect the appropriate scan chain to TDO/TDI.  SCAN_N, INTEST, ENDS IN SHIFT_DR!!!!!
194 unsigned long jtagarm7tdmi_scan(int chain, int testmode) {               // PROVEN
195 /*
196 When selecting a scan chain the “Run Test/Idle” state should never be reached, other-
197 wise, when in debug state, the core will not be correctly isolated and intrusive
198 commands occur. Therefore, it is recommended to pass directly from the “Update”
199 state” to the “Select DR” state each time the “Update” state is reached.
200 */
201   unsigned long retval;
202   //if (current_chain != chain) {
203   //  //debugstr("===change chains===");
204     jtag_goto_shift_ir();
205     jtagtransn(ARM7TDMI_IR_SCAN_N, 4, LSB | NORETIDLE);
206     jtag_goto_shift_dr();
207     retval = jtagtransn(chain, 4, LSB | NORETIDLE);
208     // put in test mode...
209     //jtag_goto_shift_ir();
210     //jtagarmtransn(testmode, 4, LSB, END, RETIDLE); 
211     current_chain = chain;
212   //}    else  {
213   //  //debugstr("===NOT change chains===");
214   //  retval = current_chain;
215   //}
216   // put in test mode...
217   jtag_goto_shift_ir();
218   jtagtransn(testmode, 4, LSB); 
219   return(retval);
220 }
221
222
223 //!  Connect the appropriate scan chain to TDO/TDI.  SCAN_N, INTEST, ENDS IN SHIFT_DR!!!!!
224 unsigned long jtagarm7tdmi_scan_intest(int chain) {               // PROVEN
225   return jtagarm7tdmi_scan(chain, ARM7TDMI_IR_INTEST);
226 }
227
228
229
230
231 //! push an instruction into the pipeline
232 unsigned long jtagarm7tdmi_instr_primitive(unsigned long instr, char breakpt){  // PROVEN
233   unsigned long retval;
234   jtagarm7tdmi_scan_intest(1);
235
236   jtag_goto_shift_dr();
237   // if the next instruction is to run using MCLK (master clock), set TDI
238   if (breakpt)
239     {
240     SETMOSI;
241     count_sysspd_instr_since_debug++;
242     } 
243   else
244     {
245     CLRMOSI; 
246     count_dbgspd_instr_since_debug++;
247     }
248   jtag_tcktock();
249   
250   // Now shift in the 32 bits
251   retval = jtagtransn(instr, 32, 0);    // Must return to RUN-TEST/IDLE state for instruction to enter pipeline, and causes debug clock.
252   return(retval);
253   
254 }
255
256 //! push NOP into the instruction pipeline
257 unsigned long jtagarm7tdmi_nop(char breakpt){  // PROVEN
258   if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT) 
259     return jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP, breakpt);
260   return jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP, breakpt);
261 }
262
263 /*    stolen from ARM DDI0029G documentation, translated using ARM Architecture Reference Manual (14128.pdf)
264 STR R0, [R0]; Save R0 before use
265 MOV R0, PC ; Copy PC into R0
266 STR R0, [R0]; Now save the PC in R0
267 BX PC ; Jump into ARM state
268 MOV R8, R8 ;
269 MOV R8, R8 ;
270 NOP
271 NOP
272
273 */
274
275 //! set the current mode to ARM, returns PC (FIXME).  Should be used by haltcpu(), which should also store PC and the THUMB state, for use by releasecpu();
276 unsigned long jtagarm7tdmi_setMode_ARM(unsigned char restart){               // PROVEN  BUT FUGLY! FIXME: clean up and store and replace clobbered r0
277   jtagarm7tdmi_resettap();                  // seems necessary for some reason.  ugh.
278   unsigned long retval = 0xffL;
279   if ((current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)){
280     debugstr("=== Switching to ARM mode ===");
281     cmddatalong[1] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_NOP,0);
282     cmddatalong[2] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_STR_R0_r0,0);
283     cmddatalong[3] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_MOV_R0_PC,0);
284     cmddatalong[4] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_STR_R0_r0,restart);
285     cmddatalong[5] = jtagarm7tdmi_instr_primitive(THUMB_INSTR_BX_PC,0);
286   } else {
287     jtagarm7tdmi_set_register(15,(last_halt_pc|0xfffffffc)-24);
288     jtagarm7tdmi_nop( restart);
289     cmddatalong[1] = jtagarm7tdmi_instr_primitive(ARM_INSTR_B_IMM,0);
290   }
291   if (restart) {
292     jtagarm7tdmi_restart();
293   } else {
294     jtagarm7tdmi_nop(0);
295     jtagarm7tdmi_nop(0);
296     jtagarm7tdmi_nop(0);
297     jtagarm7tdmi_set_register(0,cmddataword[5]);
298   }
299   jtagarm7tdmi_resettap();                  // seems necessary for some reason.  ugh.
300   current_dbgstate = jtagarm7tdmi_get_dbgstate();
301   return(retval);
302 }
303
304
305 //! set the current mode to ARM, returns PC (FIXME).  Should be used by releasecpu()
306 unsigned long jtagarm7tdmi_setMode_THUMB(unsigned char restart){               // PROVEN
307   jtagarm7tdmi_resettap();                  // seems necessary for some reason.  ugh.
308   debugstr("=== Switching to THUMB mode ===");
309   unsigned long retval = 0xffL;
310   while (!(current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)&& retval-- > 0){
311     last_halt_pc |= 1;
312     jtagarm7tdmi_set_register(0, last_halt_pc);
313     jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP,restart);
314     jtagarm7tdmi_instr_primitive(ARM_INSTR_BX_R0,0);
315     if (restart) {
316       jtagarm7tdmi_restart();
317     } else {
318       jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP,0);
319       jtagarm7tdmi_instr_primitive(ARM_INSTR_NOP,0);
320       jtagarm7tdmi_resettap();                  // seems necessary for some reason.
321     }
322     current_dbgstate = jtagarm7tdmi_get_dbgstate();
323   }
324   return(retval);
325 }
326
327
328
329
330 /************************* EmbeddedICE Primitives ****************************/
331 //! shifter for writing to chain2 (EmbeddedICE). 
332 unsigned long eice_write(unsigned char reg, unsigned long data){
333   unsigned long retval, temp;
334   jtagarm7tdmi_scan_intest(2);
335   // Now shift in the 32 bits
336   jtag_goto_shift_dr();
337   retval = jtagtransn(data, 32, LSB| NOEND| NORETIDLE);          // send in the data - 32-bits lsb
338   temp = jtagtransn(reg, 5, LSB| NOEND| NORETIDLE);              // send in the register address - 5 bits lsb
339   jtagtransn(1, 1, LSB);                           // send in the WRITE bit
340   
341   return(retval); 
342 }
343
344 //! shifter for reading from chain2 (EmbeddedICE).
345 unsigned long eice_read(unsigned char reg){               // PROVEN
346   unsigned long temp, retval;
347   //debugstr("eice_read");
348   //debughex(reg);
349   jtagarm7tdmi_scan_intest(2);
350
351   // send in the register address - 5 bits LSB
352   jtag_goto_shift_dr();
353   temp = jtagtransn(reg, 5, LSB| NOEND| NORETIDLE);
354   
355   // clear TDI to select "read only"
356   jtagtransn(0L, 1, LSB);
357   
358   jtag_goto_shift_dr();
359   // Now shift out the 32 bits
360   retval = jtagtransn(0L, 32, LSB);   // atmel arm jtag docs pp.10-11: LSB first
361   //debughex32(retval);
362   return(retval);   // atmel arm jtag docs pp.10-11: LSB first
363   
364 }
365
366
367
368
369 /************************* ICEBreaker/EmbeddedICE Stuff ******************************/
370 //! Grab debug register
371 unsigned long jtagarm7tdmi_get_dbgstate() {       // ICE Debug register, *NOT* ARM register DSCR    //    PROVEN
372   //jtagarm7tdmi_resettap();
373   return eice_read(EICE_DBGSTATUS);
374 }
375
376 //! Grab debug register
377 unsigned long jtagarm7tdmi_get_dbgctrl() {
378   return eice_read(EICE_DBGCTRL);
379 }
380
381 //! Update debug register
382 unsigned long jtagarm7tdmi_set_dbgctrl(unsigned long bits) {
383   return eice_write(EICE_DBGCTRL, bits);
384 }
385
386
387
388 //!  Set and Enable Watchpoint 0
389 void jtagarm7tdmi_set_watchpoint0(unsigned long addr, unsigned long addrmask, unsigned long data, unsigned long datamask, unsigned long ctrl, unsigned long ctrlmask){
390   // store watchpoint info?  - not right now
391     // FIXME: store info
392
393   eice_write(EICE_WP0ADDR, addr);           // write 0 in watchpoint 0 address
394   eice_write(EICE_WP0ADDRMASK, addrmask);   // write 0xffffffff in watchpoint 0 address mask
395   eice_write(EICE_WP0DATA, data);           // write 0 in watchpoint 0 data
396   eice_write(EICE_WP0DATAMASK, datamask);   // write 0xffffffff in watchpoint 0 data mask
397   eice_write(EICE_WP0CTRL, ctrlmask);       // write 0x00000100 in watchpoint 0 control value register (enables watchpoint)
398   eice_write(EICE_WP0CTRLMASK, ctrlmask);   // write 0xfffffff7 in watchpoint 0 control mask - only detect the fetch instruction
399 }
400
401 //!  Set and Enable Watchpoint 1
402 void jtagarm7tdmi_set_watchpoint1(unsigned long addr, unsigned long addrmask, unsigned long data, unsigned long datamask, unsigned long ctrl, unsigned long ctrlmask){
403   // store watchpoint info?  - not right now
404     // FIXME: store info
405
406   eice_write(EICE_WP1ADDR, addr);           // write 0 in watchpoint 1 address
407   eice_write(EICE_WP1ADDRMASK, addrmask);   // write 0xffffffff in watchpoint 1 address mask
408   eice_write(EICE_WP1DATA, data);           // write 0 in watchpoint 1 data
409   eice_write(EICE_WP1DATAMASK, datamask);   // write 0xffffffff in watchpoint 1 data mask
410   eice_write(EICE_WP1CTRL, ctrl);           // write 0x00000100 in watchpoint 1 control value register (enables watchpoint)
411   eice_write(EICE_WP1CTRLMASK, ctrlmask);   // write 0xfffffff7 in watchpoint 1 control mask - only detect the fetch instruction
412 }
413
414 /******************** Complex Commands **************************/
415
416 //! Retrieve a 32-bit Register value
417 unsigned long jtagarm7tdmi_get_register(unsigned long reg) {                    //PROVEN
418   unsigned long retval=0L, instr;
419   if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
420     instr = THUMB_INSTR_STR_R0_r0 | reg | (reg<<16);
421   else
422     instr = (unsigned long)(reg<<12L) | (unsigned long)ARM_READ_REG;   // STR Rx, [R14] 
423
424   jtagarm7tdmi_nop( 0);
425   jtagarm7tdmi_nop( 0);
426   jtagarm7tdmi_instr_primitive(instr, 0);
427   jtagarm7tdmi_nop( 0);
428   jtagarm7tdmi_nop( 0);
429   jtagarm7tdmi_nop( 0);
430   retval = jtagarm7tdmi_nop( 0);                        // recover 32-bit word
431   return retval;
432 }
433
434 //! Set a 32-bit Register value
435 void jtagarm7tdmi_set_register(unsigned long reg, unsigned long val) {          // PROVEN (assuming target reg is word aligned)
436   unsigned long instr;
437   //if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
438     //instr = THUMB_WRITE_REG
439     instr = (unsigned long)(((unsigned long)reg<<12L) | ARM_WRITE_REG); //  LDR Rx, [R14]
440   
441   jtagarm7tdmi_nop( 0);            // push nop into pipeline - clean out the pipeline...
442   jtagarm7tdmi_nop( 0);            // push nop into pipeline - clean out the pipeline...
443   jtagarm7tdmi_instr_primitive(instr, 0); // push instr into pipeline - fetch
444   if (reg == ARM_REG_PC){
445     jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
446     jtagarm7tdmi_nop( 0);            // push nop into pipeline - executed 
447     jtagarm7tdmi_nop( 0);            // push nop into pipeline - executed 
448   } else {
449     jtagarm7tdmi_nop( 0);            // push nop into pipeline - decode
450     jtagarm7tdmi_nop( 0);            // push nop into pipeline - execute
451     jtagarm7tdmi_instr_primitive(val, 0); // push 32-bit word on data bus
452   }
453   jtagarm7tdmi_nop( 0);            // push nop into pipeline - executed 
454   jtagarm7tdmi_nop( 0);            // push nop into pipeline - executed 
455   jtagarm7tdmi_nop( 0);
456 }
457
458
459 /*
460 //! Get all registers, placing them into cmddatalong[0-14]
461 void jtagarm7tdmi_get_registers() {         // BORKEN.  FIXME
462   jtagarm7tdmi_nop( 0);
463   jtagarm7tdmi_instr_primitive(ARM_INSTR_SKANKREGS,0);
464   jtagarm7tdmi_nop( 0);
465   jtagarm7tdmi_nop( 0);
466   cmddatalong[ 0] = jtagarm7tdmi_nop( 0);
467   cmddatalong[ 1] = jtagarm7tdmi_nop( 0);
468   cmddatalong[ 2] = jtagarm7tdmi_nop( 0);
469   cmddatalong[ 3] = jtagarm7tdmi_nop( 0);
470   cmddatalong[ 4] = jtagarm7tdmi_nop( 0);
471   cmddatalong[ 5] = jtagarm7tdmi_nop( 0);
472   cmddatalong[ 6] = jtagarm7tdmi_nop( 0);
473   cmddatalong[ 7] = jtagarm7tdmi_nop( 0);
474   cmddatalong[ 8] = jtagarm7tdmi_nop( 0);
475   cmddatalong[ 9] = jtagarm7tdmi_nop( 0);
476   cmddatalong[10] = jtagarm7tdmi_nop( 0);
477   cmddatalong[11] = jtagarm7tdmi_nop( 0);
478   cmddatalong[12] = jtagarm7tdmi_nop( 0);
479   cmddatalong[13] = jtagarm7tdmi_nop( 0);
480   cmddatalong[14] = jtagarm7tdmi_nop( 0);
481   cmddatalong[15] = jtagarm7tdmi_nop( 0);
482   jtagarm7tdmi_nop( 0);
483 }
484
485 //! Set all registers from cmddatalong[0-14]
486 void jtagarm7tdmi_set_registers() {   // using r15 to write through.  not including it.  use set_pc
487   jtagarm7tdmi_nop( 0);
488   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_CLOBBEREGS,0));
489   jtagarm7tdmi_nop( 0);
490   jtagarm7tdmi_nop( 0);
491   jtagarm7tdmi_instr_primitive(cmddatalong[0],0);
492   jtagarm7tdmi_instr_primitive(cmddatalong[1],0);
493   jtagarm7tdmi_instr_primitive(cmddatalong[2],0);
494   jtagarm7tdmi_instr_primitive(cmddatalong[3],0);
495   jtagarm7tdmi_instr_primitive(cmddatalong[4],0);
496   jtagarm7tdmi_instr_primitive(cmddatalong[5],0);
497   jtagarm7tdmi_instr_primitive(cmddatalong[6],0);
498   jtagarm7tdmi_instr_primitive(cmddatalong[7],0);
499   jtagarm7tdmi_instr_primitive(cmddatalong[8],0);
500   jtagarm7tdmi_instr_primitive(cmddatalong[9],0);
501   jtagarm7tdmi_instr_primitive(cmddatalong[10],0);
502   jtagarm7tdmi_instr_primitive(cmddatalong[11],0);
503   jtagarm7tdmi_instr_primitive(cmddatalong[12],0);
504   jtagarm7tdmi_instr_primitive(cmddatalong[13],0);
505   jtagarm7tdmi_instr_primitive(cmddatalong[14],0);
506   jtagarm7tdmi_nop( 0);
507 }
508 */
509 //! Retrieve the CPSR Register value
510 unsigned long jtagarm7tdmi_get_regCPSR() {
511   unsigned long retval = 0L, r0;
512
513   r0 = jtagarm7tdmi_get_register(0);
514   jtagarm7tdmi_nop( 0); // push nop into pipeline - clean out the pipeline...
515   jtagarm7tdmi_instr_primitive(ARM_INSTR_MRS_R0_CPSR, 0); // push MRS_R0, CPSR into pipeline - fetch
516   jtagarm7tdmi_nop( 0); // push nop into pipeline - decoded
517   jtagarm7tdmi_nop( 0); // push nop into pipeline - execute
518   retval = jtagarm7tdmi_get_register(0);
519   jtagarm7tdmi_set_register(0, r0);
520   return retval;
521 }
522
523 //! Retrieve the CPSR Register value
524 unsigned long jtagarm7tdmi_set_regCPSR(unsigned long val) {
525   unsigned long r0;
526
527   r0 = jtagarm7tdmi_get_register(0);
528   jtagarm7tdmi_set_register(0, val);
529   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - clean out the pipeline...
530   debughex32(jtagarm7tdmi_instr_primitive(ARM_INSTR_MSR_cpsr_cxsf_R0, 0)); // push MSR cpsr_cxsf, R0 into pipeline - fetch
531   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - decoded
532   debughex32(jtagarm7tdmi_nop( 0));        // push nop into pipeline - execute
533   jtagarm7tdmi_set_register(0, r0);
534   return(val);
535 }
536
537 unsigned long wait_debug(unsigned long retval){
538   // Poll the Debug Status Register for DBGACK and nMREQ to be HIGH
539   current_dbgstate = jtagarm7tdmi_get_dbgstate();
540   while ((!(current_dbgstate & 9L) == 9)  && retval > 0){
541     delay(1);
542     retval --;
543     current_dbgstate = jtagarm7tdmi_get_dbgstate();
544   }
545   return retval;
546 }
547
548 /****
549 //! Write data to address - Assume TAP in run-test/idle state
550 unsigned long jtagarm7tdmi_writemem(unsigned long adr, unsigned long data){
551   unsigned long retval = 0xffL;
552   unsigned long r0=0L, r1=-1L;
553
554   r0 = jtagarm7tdmi_get_register(0);        // store R0 and R1
555   r1 = jtagarm7tdmi_get_register(1);
556   jtagarm7tdmi_set_register(0, adr);        // write address into R0
557   jtagarm7tdmi_set_register(1, data);       // write data in R1
558   debughex32(jtagarm7tdmi_get_register(0));
559   debughex32(jtagarm7tdmi_get_register(1));
560   jtagarm7tdmi_nop( 0);                     // push nop into pipeline to "clean" it ???
561   jtagarm7tdmi_nop( 1);                     // push nop into pipeline with BREAKPT set
562   jtagarm7tdmi_instr_primitive(ARM_INSTR_STR_R1_r0_4, 0); // push LDR R1, R0, #4 into instruction pipeline
563   jtagarm7tdmi_nop( 0);                     // push nop into pipeline
564   jtagarm7tdmi_restart();                   // SHIFT_IR with RESTART instruction
565
566   if (wait_debug(0xffL) == 0){
567     debugstr("FAILED TO WRITE MEMORY/RE-ENTER DEBUG MODE");
568     return (-1);
569   } else {
570     retval = jtagarm7tdmi_get_register(1);  // read memory value from R1 register
571     jtagarm7tdmi_set_register(1, r1);         // restore R0 and R1 
572     jtagarm7tdmi_set_register(0, r0);
573   }
574   return retval;
575 }
576
577
578
579 //! Read data from address
580 unsigned long jtagarm7tdmi_readmem(unsigned long adr){
581   unsigned long retval = 0xffL;
582   unsigned long r0=0L, r1=-1L;
583
584   r0 = jtagarm7tdmi_get_register(0);        // store R0 and R1
585   r1 = jtagarm7tdmi_get_register(1);
586   jtagarm7tdmi_set_register(0, adr);        // write address into R0
587   jtagarm7tdmi_nop( 0);                     // push nop into pipeline to "clean" it ???
588   jtagarm7tdmi_nop( 1);                     // push nop into pipeline with BREAKPT set
589   jtagarm7tdmi_instr_primitive(ARM_INSTR_LDR_R1_r0_4, 0); // push LDR R1, [R0], #4 into instruction pipeline  (autoincrements for consecutive reads)
590   jtagarm7tdmi_nop( 0);                     // push nop into pipeline
591   jtagarm7tdmi_restart();                   // SHIFT_IR with RESTART instruction
592
593   // Poll the Debug Status Register for DBGACK and nMREQ to be HIGH
594   current_dbgstate = jtagarm7tdmi_get_dbgstate();
595   debughex(current_dbgstate);
596   while ((!(current_dbgstate & 9L) == 9)  && retval > 0){
597     delay(1);
598     retval --;
599     current_dbgstate = jtagarm7tdmi_get_dbgstate();
600   }
601   // FIXME: this may end up changing te current debug-state.  should we compare to current_dbgstate?
602   if (retval == 0){
603     debugstr("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE");
604     return (-1);
605   } else {
606     retval = jtagarm7tdmi_get_register(1);  // read memory value from R1 register
607     //jtagarm7tdmi_set_register(1, r1);       // restore R0 and R1 
608     //jtagarm7tdmi_set_register(0, r0);
609   }
610   return retval;
611 }
612
613 */
614
615
616 //! Read Program Counter
617 unsigned long jtagarm7tdmi_get_real_pc(){
618     unsigned long val;
619     val = jtagarm7tdmi_get_register(ARM_REG_PC);
620     if (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT)
621         val -= (4*2);                           // thumb uses 2 bytes per instruction.
622     else
623         val -= (6*4);                           // assume 6 instructions at 4 bytes a piece.
624     return val;
625 }
626
627 //! Halt CPU - returns 0xffff if the operation fails to complete within 
628 unsigned long jtagarm7tdmi_haltcpu(){                   //  PROVEN
629   int waitcount = 0xffL;
630
631   // store the debug state
632   last_halt_debug_state = jtagarm7tdmi_get_dbgstate();
633
634   //jtagarm7tdmi_set_dbgctrl(7);
635   // store watchpoint info?  - not right now
636   jtagarm7tdmi_set_watchpoint1(0, 0xffffffff, 0, 0xffffffff, 0x100L, 0xfffffff7);
637
638
639   /*  // old method
640   eice_write(EICE_WP1ADDR, 0L);              // write 0 in watchpoint 1 address
641   eice_write(EICE_WP1ADDRMASK, 0xffffffff); // write 0xffffffff in watchpoint 1 address mask
642   eice_write(EICE_WP1DATA, 0L);              // write 0 in watchpoint 1 data
643   eice_write(EICE_WP1DATAMASK, 0xffffffff); // write 0xffffffff in watchpoint 1 data mask
644   eice_write(EICE_WP1CTRL, 0x100L);          // write 0x00000100 in watchpoint 1 control value register (enables watchpoint)
645   eice_write(EICE_WP1CTRLMASK, 0xfffffff7); // write 0xfffffff7 in watchpoint 1 control mask - only detect the fetch instruction
646   */
647
648   // poll until debug status says the cpu is in debug mode
649   while (!(current_dbgstate & 0x1L)   && waitcount-- > 0){
650     current_dbgstate = jtagarm7tdmi_get_dbgstate();
651     delay(1);
652   }
653
654   //jtagarm7tdmi_set_dbgctrl(0);
655   jtagarm7tdmi_set_watchpoint1(0, 0x0, 0, 0x0, 0x0L, 0xfffffff7);
656   //jtagarm7tdmi_disable_watchpoint1();
657
658   //eice_write(EICE_WP1CTRL, 0x0L);            // write 0 in watchpoint 0 control value - disables watchpoint 0
659
660   // store the debug state program counter.
661   last_halt_pc = jtagarm7tdmi_get_real_pc();    // FIXME: grag chain0 to get all state and PC
662   count_dbgspd_instr_since_debug = 0L;          // should be able to clean this up and remove all this tracking nonsense.
663   count_sysspd_instr_since_debug = 0L;          // should be able to clean this up and remove all this tracking nonsense.
664
665   //FIXME: is this necessary?  for now, yes... but perhaps make the rest of the module arm/thumb impervious.
666   // get into ARM mode if the T flag is set (Thumb mode)
667   while (current_dbgstate & JTAG_ARM7TDMI_DBG_TBIT && waitcount-- > 0) {
668     jtagarm7tdmi_setMode_ARM(0);
669     current_dbgstate = jtagarm7tdmi_get_dbgstate();
670   }
671   jtagarm7tdmi_resettap();
672   jtagarm7tdmi_set_register(ARM_REG_PC, last_halt_pc & 0xfffffffc);     // make sure PC is word-aligned.  otherwise all other register accesses get all wonky.
673   return waitcount;
674 }
675
676 unsigned long jtagarm7tdmi_releasecpu(){
677   int waitcount = 0xff;
678   jtagarm7tdmi_nop(0);                          // NOP
679   jtagarm7tdmi_nop(1);                          // NOP/BREAKPT
680
681
682   // four possible states.  arm mode needing arm mode, arm mode needing thumb mode, thumb mode needing arm mode, and thumb mode needing thumb mode
683   // FIXME:  BX is bs.  it requires the clobbering of at least one register.... this is not acceptable.  
684   // FIXME:  so we either switch modes, then correct the register before restarting with bx, or find the way to use SPSR
685   if (last_halt_debug_state & JTAG_ARM7TDMI_DBG_TBIT){
686     // need to get to thumb mode
687     jtagarm7tdmi_set_register(15,last_halt_pc-20);        // 20 bytes will be added to pc before the end of the write.  incorrect and must fix
688     jtagarm7tdmi_setMode_THUMB(1);
689   } else {
690     jtagarm7tdmi_setMode_ARM(1);
691     //jtagarm7tdmi_set_register(15,last_halt_pc-20);        // 20 bytes will be added to pc before the end of the write.  incorrect and must fix
692   }
693
694
695   jtagarm7tdmi_restart();
696   jtagarm7tdmi_resettap();
697   //jtag_goto_shift_ir();
698   //jtagarmtransn(ARM7TDMI_IR_RESTART,4,LSB,END,RETIDLE); // VERB_RESTART
699
700   // wait until restart-bit set in debug state register
701   while ((current_dbgstate & JTAG_ARM7TDMI_DBG_DBGACK) && waitcount > -1){
702     msdelay(1);
703     waitcount --;
704     current_dbgstate = jtagarm7tdmi_get_dbgstate();
705   }
706   last_halt_debug_state = -1;
707   last_halt_pc = -1;
708   return waitcount;
709 }
710  
711
712
713
714 ///////////////////////////////////////////////////////////////////////////////////////////////////
715 //! Handles ARM7TDMI JTAG commands.  Forwards others to JTAG.
716 void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len){
717   //register char blocks;
718   
719   unsigned int val; //, i;
720   //unsigned long at;
721   
722   //jtagarm7tdmi_resettap();
723   //current_dbgstate = jtagarm7tdmi_get_dbgstate();
724  
725   switch(verb){
726   case START:
727     //Enter JTAG mode.
728     debughex32(jtagarm7tdmi_start());
729     cmddatalong[0] = jtagarm7tdmi_get_dbgstate();
730     txdata(app,verb,0x4);
731     current_dbgstate = jtagarm7tdmi_get_dbgstate();
732     break;
733     /*
734   case JTAGARM7TDMI_READMEM:
735     at     = cmddatalong[0];
736     blocks = cmddatalong[1];
737     
738     txhead(app,verb,len);
739     
740         jtagarm7tdmi_resettap();
741         delay(1);
742         
743     for(i=0;i<blocks;i++){
744           val=jtagarm7tdmi_readmem(at);
745                 
746           serial_tx(val&0xFFL);
747           serial_tx((val&0xFF00L)>>8);
748           serial_tx((val&0xFF0000L)>>8);
749           serial_tx((val&0xFF000000L)>>8);
750           at+=4;
751       }
752     
753     
754     break;
755   case PEEK:
756         jtagarm7tdmi_resettap();
757         delay(1);
758         cmddatalong[0] = jtagarm7tdmi_readmem(cmddatalong[0]);
759     txdata(app,verb,4);
760     break;
761     */
762   case JTAGARM7TDMI_GET_CHIP_ID:
763         jtagarm7tdmi_resettap();
764     cmddatalong[0] = jtagarm7tdmi_idcode();
765     txdata(app,verb,4);
766     break;
767
768 /*
769   case JTAGARM7TDMI_WRITEMEM:
770   case POKE:
771         jtagarm7tdmi_resettap();
772     jtagarm7tdmi_writemem(cmddatalong[0],
773                        cmddataword[2]);
774     cmddataword[0]=jtagarm7tdmi_readmem(cmddatalong[0]);
775     txdata(app,verb,4);
776     break;
777 */
778   case JTAGARM7TDMI_HALTCPU:  
779     cmddatalong[0] = jtagarm7tdmi_haltcpu();
780     txdata(app,verb,4);
781     break;
782   case JTAGARM7TDMI_RELEASECPU:
783         //jtagarm7tdmi_resettap();
784     cmddatalong[0] = jtagarm7tdmi_releasecpu();
785     txdata(app,verb,4);
786     break;
787   //unimplemented functions
788   //case JTAGARM7TDMI_SETINSTRFETCH:
789   //case JTAGARM7TDMI_WRITEFLASH:
790   //case JTAGARM7TDMI_ERASEFLASH:
791   case JTAGARM7TDMI_SET_PC:
792     //jtagarm7tdmi_setpc(cmddatalong[0]);
793     last_halt_pc = cmddatalong[0];
794     txdata(app,verb,0);
795     break;
796   case JTAGARM7TDMI_GET_DEBUG_CTRL:
797     cmddatalong[0] = jtagarm7tdmi_get_dbgctrl();
798     txdata(app,verb,1);
799     break;
800   case JTAGARM7TDMI_SET_DEBUG_CTRL:
801     cmddatalong[0] = jtagarm7tdmi_set_dbgctrl(cmddata[0]);
802     txdata(app,verb,4);
803     break;
804   case JTAGARM7TDMI_GET_PC:
805     cmddatalong[0] = last_halt_pc;
806     txdata(app,verb,4);
807     break;
808   case JTAGARM7TDMI_GET_DEBUG_STATE:
809     //jtagarm7tdmi_resettap();            // Shouldn't need this, but currently do.  FIXME!
810     current_dbgstate = jtagarm7tdmi_get_dbgstate();
811     cmddatalong[0] = current_dbgstate;
812     txdata(app,verb,4);
813     break;
814   //case JTAGARM7TDMI_GET_WATCHPOINT:
815   //case JTAGARM7TDMI_SET_WATCHPOINT:
816   case JTAGARM7TDMI_GET_REGISTER:
817         //jtagarm7tdmi_resettap();
818     val = cmddata[0];
819     cmddatalong[0] = jtagarm7tdmi_get_register(val);
820     txdata(app,verb,4);
821     break;
822   case JTAGARM7TDMI_SET_REGISTER:
823         //jtagarm7tdmi_resettap();
824     jtagarm7tdmi_set_register(cmddatalong[1], cmddatalong[0]);
825     txdata(app,verb,4);
826     break;
827   case JTAGARM7TDMI_DEBUG_INSTR:
828         //jtagarm7tdmi_resettap();
829     //cmddataword[0] = jtagarm7tdmi_exec(cmddataword[0], cmddata[4]);
830     cmddatalong[0] = jtagarm7tdmi_instr_primitive(cmddatalong[0],cmddata[4]);
831     txdata(app,verb,8);
832     break;
833   //case JTAGARM7TDMI_STEP_INSTR:
834 /*  case JTAGARM7TDMI_READ_CODE_MEMORY:
835   case JTAGARM7TDMI_WRITE_FLASH_PAGE:
836   case JTAGARM7TDMI_READ_FLASH_PAGE:
837   case JTAGARM7TDMI_MASS_ERASE_FLASH:
838   case JTAGARM7TDMI_PROGRAM_FLASH:
839   case JTAGARM7TDMI_LOCKCHIP:
840   case JTAGARM7TDMI_CHIP_ERASE:
841   */
842 // Really ARM specific stuff
843   case JTAGARM7TDMI_GET_CPSR:
844         jtagarm7tdmi_resettap();
845     cmddatalong[0] = jtagarm7tdmi_get_regCPSR();
846     txdata(app,verb,4);
847     break;
848   case JTAGARM7TDMI_SET_CPSR:
849         jtagarm7tdmi_resettap();
850     cmddatalong[0] = jtagarm7tdmi_set_regCPSR(cmddatalong[0]);
851     txdata(app,verb,4);
852     break;
853   case JTAGARM7TDMI_GET_SPSR:           // FIXME: NOT EVEN CLOSE TO CORRECT
854         jtagarm7tdmi_resettap();
855     cmddatalong[0] = jtagarm7tdmi_get_regCPSR();
856     txdata(app,verb,4);
857     break;
858   case JTAGARM7TDMI_SET_SPSR:           // FIXME: NOT EVEN CLOSE TO CORRECT
859         jtagarm7tdmi_resettap();
860     cmddatalong[0] = jtagarm7tdmi_set_regCPSR(cmddatalong[0]);
861     txdata(app,verb,4);
862     break;
863   case JTAGARM7TDMI_SET_MODE_THUMB:
864         jtagarm7tdmi_resettap();
865     cmddatalong[0] = jtagarm7tdmi_setMode_THUMB(cmddata[0]);
866     txdata(app,verb,4);
867     break;
868   case JTAGARM7TDMI_SET_MODE_ARM:
869         jtagarm7tdmi_resettap();
870     cmddatalong[0] = jtagarm7tdmi_setMode_ARM(cmddata[0]);
871     txdata(app,verb,4);
872     break;
873   case JTAGARM7TDMI_SET_IR:
874         //jtagarm7tdmi_resettap();
875     jtag_goto_shift_ir();
876     cmddataword[0] = jtagtransn(cmddata[0], 4, cmddata[1]);
877     current_chain = -1;
878     txdata(app,verb,2);
879     break;
880   case JTAGARM7TDMI_WAIT_DBG:
881     cmddatalong[0] = wait_debug(cmddatalong[0]);
882     txdata(app,verb,4);
883     break;
884   case JTAGARM7TDMI_SHIFT_DR:
885         jtagarm7tdmi_resettap();
886     jtag_goto_shift_dr();
887     cmddatalong[0] = jtagtransn(cmddatalong[1],cmddata[0],cmddata[1]);
888     txdata(app,verb,4);
889     break;
890   case JTAGARM7TDMI_CHAIN0:
891     jtagarm7tdmi_scan_intest(0);
892     jtag_goto_shift_dr();
893     debughex32(cmddatalong[0]);
894     debughex(cmddataword[4]);
895     debughex32(cmddatalong[1]);
896     debughex32(cmddatalong[3]);
897     cmddatalong[0] = jtagtransn(cmddatalong[0], 32, LSB| NOEND| NORETIDLE);
898     cmddatalong[2] = jtagtransn(cmddataword[4], 9, MSB| NOEND| NORETIDLE);
899     cmddatalong[1] = jtagtransn(cmddatalong[1], 32, MSB| NOEND| NORETIDLE);
900     cmddatalong[3] = jtagtransn(cmddatalong[3], 32, MSB);
901     txdata(app,verb,16);
902     break;
903   case JTAGARM7TDMI_SETWATCH0:
904     jtagarm7tdmi_set_watchpoint0(cmddatalong[0], cmddatalong[1], cmddatalong[2], cmddatalong[3], cmddatalong[4], cmddatalong[5]);
905     txdata(app,verb,4);
906     break;
907   case JTAGARM7TDMI_SETWATCH1:
908     jtagarm7tdmi_set_watchpoint0(cmddatalong[0], cmddatalong[1], cmddatalong[2], cmddatalong[3], cmddatalong[4], cmddatalong[5]);
909     txdata(app,verb,4);
910     break;
911   default:
912     jtaghandle(app,verb,len);
913   }
914 }
915
916
917
918
919 /*****************************
920 Captured from FlySwatter against AT91SAM7S, to be used by me for testing.  ignore
921
922 > arm reg
923 System and User mode registers
924       r0: 300000df       r1: 00000000       r2: 58000000       r3: 00200a75
925       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
926       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
927      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 000000fc
928     cpsr: 00000093
929
930 FIQ mode shadow registers
931   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
932  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
933
934 Supervisor mode shadow registers
935   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
936
937 Abort mode shadow registers
938   sp_abt: 00000000   lr_abt: 00000000 spsr_abt: e00000ff
939
940 IRQ mode shadow registers
941   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
942
943 Undefined instruction mode shadow registers
944   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
945
946 > step;arm reg
947 target state: halted
948 target halted in ARM state due to single-step, current mode: Supervisor
949 cpsr: 0x00000093 pc: 0x00000100
950 System and User mode registers
951       r0: 300000df       r1: 00000000       r2: 00200000       r3: 00200a75 
952       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c 
953       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000 
954      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000100 
955     cpsr: 00000093 
956
957 FIQ mode shadow registers
958   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000 
959  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb 
960
961 Supervisor mode shadow registers
962   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3 
963
964 Abort mode shadow registers
965   sp_abt: 00000000   lr_abt: 00000000 spsr_abt: e00000ff 
966
967 IRQ mode shadow registers
968   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b 
969
970 Undefined instruction mode shadow registers
971   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df 
972
973  step;arm reg
974 target state: halted
975 target halted in ARM state due to single-step, current mode: Abort
976 cpsr: 0x00000097 pc: 0x00000010
977 System and User mode registers
978       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75 
979       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c 
980       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000 
981      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010 
982     cpsr: 00000097 
983
984 FIQ mode shadow registers
985   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000 
986  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb 
987
988 Supervisor mode shadow registers
989   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3 
990
991 Abort mode shadow registers
992   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093 
993
994 IRQ mode shadow registers
995   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b 
996
997 Undefined instruction mode shadow registers
998   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df 
999 > step;arm reg
1000 target state: halted
1001 target halted in ARM state due to single-step, current mode: Abort
1002 cpsr: 0x00000097 pc: 0x00000010
1003 System and User mode registers
1004       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75 
1005       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c 
1006       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000 
1007      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010 
1008     cpsr: 00000097 
1009
1010 FIQ mode shadow registers
1011   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000 
1012  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb 
1013
1014 Supervisor mode shadow registers
1015   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3 
1016
1017 Abort mode shadow registers
1018   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093 
1019
1020 IRQ mode shadow registers
1021   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b 
1022
1023 Undefined instruction mode shadow registers
1024   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df 
1025 > step;arm reg
1026 target state: halted
1027 target halted in ARM state due to single-step, current mode: Abort
1028 cpsr: 0x00000097 pc: 0x00000010
1029 System and User mode registers
1030       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1031       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1032       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1033      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1034     cpsr: 00000097
1035
1036 FIQ mode shadow registers
1037   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1038  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1039
1040 Supervisor mode shadow registers
1041   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1042
1043 Abort mode shadow registers
1044   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1045
1046 IRQ mode shadow registers
1047   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1048
1049 Undefined instruction mode shadow registers
1050   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1051 > step;arm reg
1052 target state: halted
1053 target halted in ARM state due to single-step, current mode: Abort
1054 cpsr: 0x00000097 pc: 0x00000010
1055 System and User mode registers
1056       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1057       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1058       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1059      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1060     cpsr: 00000097
1061
1062 FIQ mode shadow registers
1063   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1064  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1065
1066 Supervisor mode shadow registers
1067   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1068
1069 Abort mode shadow registers
1070   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1071
1072 IRQ mode shadow registers
1073   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1074
1075 Undefined instruction mode shadow registers
1076   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1077 > step;arm reg
1078 target state: halted
1079 target halted in ARM state due to single-step, current mode: Abort
1080 cpsr: 0x00000097 pc: 0x00000010
1081 System and User mode registers
1082       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1083       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1084       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1085      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1086     cpsr: 00000097
1087
1088 FIQ mode shadow registers
1089   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1090  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1091
1092 Supervisor mode shadow registers
1093   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1094
1095 Abort mode shadow registers
1096   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1097
1098 IRQ mode shadow registers
1099   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1100
1101 Undefined instruction mode shadow registers
1102   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1103 > step;arm reg
1104 target state: halted
1105 target halted in ARM state due to single-step, current mode: Abort
1106 cpsr: 0x00000097 pc: 0x00000010
1107 System and User mode registers
1108       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1109       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1110       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1111      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1112     cpsr: 00000097
1113
1114 FIQ mode shadow registers
1115   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1116  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1117
1118 Supervisor mode shadow registers
1119   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1120
1121 Abort mode shadow registers
1122   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1123
1124 IRQ mode shadow registers
1125   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1126
1127 Undefined instruction mode shadow registers
1128   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1129 > step;arm reg
1130 target state: halted
1131 target halted in ARM state due to single-step, current mode: Abort
1132 cpsr: 0x00000097 pc: 0x00000010
1133 System and User mode registers
1134       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1135       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1136       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1137      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1138     cpsr: 00000097
1139
1140 FIQ mode shadow registers
1141   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1142  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1143
1144 Supervisor mode shadow registers
1145   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1146
1147 Abort mode shadow registers
1148   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1149
1150 IRQ mode shadow registers
1151   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1152
1153 Undefined instruction mode shadow registers
1154   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1155 > step;arm reg
1156 target state: halted
1157 target halted in ARM state due to single-step, current mode: Abort
1158 cpsr: 0x00000097 pc: 0x00000010
1159 System and User mode registers
1160       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1161       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1162       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1163      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1164     cpsr: 00000097
1165
1166 FIQ mode shadow registers
1167   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1168  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1169
1170 Supervisor mode shadow registers
1171   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1172
1173 Abort mode shadow registers
1174   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1175
1176 IRQ mode shadow registers
1177   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1178
1179 Undefined instruction mode shadow registers
1180   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1181 > step;arm reg
1182 target state: halted
1183 target halted in ARM state due to single-step, current mode: Abort
1184 cpsr: 0x00000097 pc: 0x00000010
1185 System and User mode registers
1186       r0: 300000e3       r1: 00000000       r2: 00200000       r3: 00200a75
1187       r4: fffb0000       r5: 00000002       r6: 00000000       r7: 00200f6c
1188       r8: 00000000       r9: 00000000      r10: ffffffff      r11: 00000000
1189      r12: 00000009   sp_usr: 00000000   lr_usr: 00000000       pc: 00000010
1190     cpsr: 00000097
1191
1192 FIQ mode shadow registers
1193   r8_fiq: 00000000   r9_fiq: fffcc000  r10_fiq: fffff400  r11_fiq: fffff000
1194  r12_fiq: 00200f44   sp_fiq: 00000000   lr_fiq: 00000000 spsr_fiq: f00000fb
1195
1196 Supervisor mode shadow registers
1197   sp_svc: 00201f78   lr_svc: 00200a75 spsr_svc: 400000b3
1198
1199 Abort mode shadow registers
1200   sp_abt: 00000000   lr_abt: 00000108 spsr_abt: 00000093
1201
1202 IRQ mode shadow registers
1203   sp_irq: 00000000   lr_irq: 00000000 spsr_irq: f000003b
1204
1205 Undefined instruction mode shadow registers
1206   sp_und: 00000000   lr_und: 00000000 spsr_und: 300000df
1207 >
1208 */