Debug Communications Channel
ARM7TDMI’s ICEbreaker contains a communication channel for passing information between the target and the host debugger. This is implemented as coprocessor 14.
The communications channel consists of a 32-bit wide Comms Data Read register, a 32-bit wide Comms Data Write Register and a 6-bit wide Comms Control Register for synchronised handshaking between the processor and the asynchronous debugger. These registers live in fixed locations in ICEbreaker’s memory map (as shown in Table 39) and are accessed from the processor via MCR and MRC instructions to coprocessor 14.
Debug comms channel registers
The Debug Comms Control register is read only and allows synchronised hanshaking between the processor and the debugger
Figure 88. Debug Comms Control Register
31 |
30 |
29 |
28 |
... |
1 |
0 |
0 |
0 |
0 |
1 |
... |
W |
R |
|
|
|
|
|
|
|
The function of each register bit is described below:
Bits 31:28 contain a fixed pattern which denote the ICEbreaker version number, in this case 0001.
Bit 1 denotes whether the Comms Data Write register (from the processor’s point of view) is free. From the processor’s point of view, if the Comms Data Write register is free (W=0) then new data may be written. If it is not free (W=1), then the processor must poll until W=0. From the debugger’s point of view, if W=1 then some new data has been written which may then be scanned out.
Bit 0 denotes whether there is some new data in the Comms Data Read register. From the processor’s point of view, if R=1, then there is some new data which may be read via an MRC instruction. From the debugger’s point of view, if R=0 then the Comms Data Read register is free and new data may be placed there through the scan chain. If R=1, then this denotes that data previously placed there through the scan chain has not been collected by the processor and so the debugger must wait.
From the debugger’s point of view, the registers are accessed via the scan chain in the usual way. From the processor, these registers are accessed via coprocessor register transfer instructions.
The following instructions should be used:
MRC CP14, 0, Rd, C0, C0
Returns the Debug Comms Control register into Rd
MCR CP14, 0, Rn, C1, C0
ICEBreaker
Writes the value in Rn to the Comms Data Write register
MRC CP14, 0, Rd, C1, C0
Returns the Debug Data Read register into Rd
Since the THUMB instruction set does not contain coprocessor instructions, it is recommended that these are accessed via SWI instructions when in THUMB state.
Communications via the comms channel
Communication between the debugger and the processor occurs as follows. When the processor wishes to send a message to ICEbreaker, it first checks that the Comms Data Write register is free for use. This is done by reading the Debug Comms Control register to check that the W bit is clear. If it is clear then the Comms Data Write register is empty and a message is written by a register transfer to the coprocessor. The action of this data transfer automatically sets the W bit. If on reading the W bit it is found to be set, then this implys that previously written data has not been picked up by the debugger and thus the processor must poll until the W bit is clear.
As the data transfer occurs from the processor to the Comms Data Write register, the W bit is set in the Debug Comms Control register. When the debugger polls this register it sees a synchronised version of both the R and W bit. When the debugger sees that the W bit is set it can read the Comms Data Write register and scan the data out. The action of reading this data register clears the W bit of the Debug Comms Control register. At this point, the communications process may begin again.
Message transfer from the debugger to the processor is carried out in a similar fashion. Here, the debugger polls the R bit of the Debug Comms Control register. If the R bit is low then the Data Read register is free and so data can be placed there for the processor to read. If the R bit is set, then previously deposited data has not yet been collected and so the debugger must wait.
When the Comms Data Read register is free, data is written there via the scan chain. The action of this write sets the R bit in the Debug Comms Control register. When the processor polls this register, it sees an MCLK synchronised version. If the R bit is set then this denotes that there is data waiting to be collected, and this can be read via a CPRT load. The action of this load clears the R bit in the Debug Comms Control register. When the debugger polls this register and sees that the R bit is clear, this denotes that the data has been taken and the process may now be repeated.
173
ICEBreaker
174
This chapter describes the ARM7TDMI instruction cycle operations.
Instruction
Cycle
Operations
175
Introduction
In the following tables nMREQ and SEQ (which are pipelined up to one cycle ahead of the cycle to which they apply) are shown in the cycle in which they appear, so they predict the type of the next cycle. The address, MAS[1:0], nRW, nOPC, nTRANS and TBIT (which appear up to half a cycle ahead) are shown in the cycle to which they apply. The address is incremented for prefetching of instructions in most cases. Since the instruction width is 4 bytes in ARM state and 2 bytes in THUMB state, the increment will vary accordingly. Hence the letter L is used to indicate instruction length (4 bytes in ARM state and 2 bytes in THUMB state). Similarly, MAS[1:0] will indicate the width of the instruction fetch, i=2 in ARM state and i=1 in THUMB state representing word and halfword accesses respectively.
Branch and Branch with Link
A branch instruction calculates the branch destination in the first cycle, whilst performing a prefetch from the current PC. This prefetch is done in all cases, since by the time the decision to take the branch has been reached it is already too late to prevent the prefetch.
During the second cycle a fetch is performed from the branch destination, and the return address is stored in register 14 if the link bit is set.
The third cycle performs a fetch from the destination + L, refilling the instruction pipeline, and if the branch is with link R14 is modified (4 is subtracted from it) to simplify return from SUB PC,R14,#4 to MOV PC,R14. This makes the
STM..{R14} LDM..{PC} type of subroutine work correctly. The cycle timings are shown below in Table 42.
Table 42. Branch Instruction Cycle Operations
Cycle |
Address |
MAS[1:0] |
nRW |
Data |
nMREQ |
SEQ |
nOPC |
1 |
pc+2L |
i |
0 |
(pc + 2L) |
0 |
0 |
0 |
2 |
alu |
i |
0 |
(alu) |
0 |
1 |
0 |
3 |
alu+L |
i |
0 |
(alu + L) |
0 |
1 |
0 |
|
alu+2L |
|
|
|
|
|
|
pc |
is the address of the branch instruction |
alu |
is an address calculated by ARM7TDMI |
(alu) are the contents of that address
Note: This applies to branches in ARM and THUMB state, and to Branch with Link in ARM state only.
176 |
Operations |
|
|
||
|