DCC and ITR access modes

The DCC and ITR support two access modes:

 Normal access mode, EDSCR.MA == ‘0’ or in Non-debug state.

 Memory access mode, EDSCR.MA == ‘1’ and in Debug state.

10.3.1 Normal access mode

The normal access mode allows use of the DCC for a communications channel between target and host, and the ITR for issuing instructions to the processor in Debug state.

In Normal access mode, if there is no overrun or underrun:

For accesses by software in AArch64 state:

 direct writes to DBGDTRTX_EL0 update the value in DTRTX and indirectly write 1 to TXfull

 direct reads from DBGDTRRX_EL0 return the value in DTRRX and indirectly write 0 to RXfull

 direct writes to DBGDTR_EL0 update both DTRTX and DTRRX, indirectly write 1 to TXfull, and do not change RXfull

— DTRTX is set from bits [31:0] of the transfer register

— DTRRX is set from bits [63:32] of the transfer register

 direct reads from DBGDTR_EL0 return the concatenation of DTRRX and DTRTX, indirectly write 0 to RXfull, and do not change TXfull

— bits [31:0] of the transfer register are set to DTRRX

— bits [63:32] of the transfer register are set to DTRTX.

Note: For DBGDTR_EL0, the word order is reversed for reads with respect to writes.

Software reads TXfull and RXfull using MDCCSR_EL0.

For accesses by software in AArch32 state:

 direct writes to DBGDTRTXint update the value in DTRTX and indirectly write 1 to TXfull

 direct reads from DBGDTRRXint return the value in DTRRX and indirectly write 0 to RXfull.

Software reads TXfull and RXfull using DBGDSCRint.

For accesses by the external debug interface:

 writes to EDITR trigger the instruction written to be executed if the processor is in Debug state:

— if the processor is in AArch64 state, this is an A64 instruction

— if the processor is in AArch32 state, this is a T32 instruction; that is, a pair of halfwords, with:

 the first halfword ( “hw1”) taken from the lower 16-bits

 the second halfword (“hw2”) from the upper 16-bits

 reads of DBGDTRTX_EL0 return the value in DTRTX and indirectly write 0 to TXfull

 writes of DBGDTRTX_EL0 update the value in DTRTX and do not change TXfull

 reads of DBGDTRRX_EL0 return the value in DTRRX and do not change RXfull

 writes of DBGDTRRX_EL0 update the value in DTRRX and indirectly write 1 to RXfull.

TXfull and RXfull are visible by the external debug interface in EDSCR.

The processor detects overrun and underrun by the external debug interface, and record errors in EDSCR.{TXU, RXO, ITO, ERR}. See also:

 Flow-control of the DCC and ITR registers on page 166

 Synchronization of DCC and ITR accesses on page 168.

10.3.2 Memory access mode

When the processor is in Debug state, a special memory access mode can be selected to accelerate word-aligned block reads or writes of a target’s memory by an external debugger. Memory access mode can only be enabled in Debug state, and no instructions can be issued directly by the debugger when in memory access mode, meaning it is not possible to access the software views of the DTR registers directly in memory access mode.

In memory access mode, normally (if there is no overrun or underrun), for accesses by the external debug interface:

 External reads from DBGDTRTX_EL0 cause:

1. The existing value in DTRTX to be returned. This clears EDSCR.TXfull to 0.

2. The equivalent of the instruction “LDR W1,[X0],#4” (if in AArch64 state) or “LDR R1,[R0],#4” (if in AArch32 state) to be executed.

3. The equivalent of the instruction “MSR DBGDTRTX_EL0,X1” / “MCR p14,0,R1,c0,c5,0” to be executed.

4. EDSCR.{TXfull,ITE} to be set to {1,1}, and X1 / R1 to be set to an UNKNOWN value.

 External writes to DBGDTRRX_EL0 cause:

1. The value in DTRRX to be updated. This sets EDSCR.RXfull to 1.

2. The equivalent of the instruction “MRS X1,DBGDTRRX_EL0” / “MRC p14,0,R1,c0,c5,0” to be executed.

3. The equivalent of the instruction “STR W1,[X0],#4” / “STR R1,[R0],#4” to be executed.

4. EDSCR.{RXfull,ITE} to be set to {0,1}, and X1 / R1 to be set to an UNKNOWN value.

 External reads from DBGDTRRX_EL0 return the last value written to DTRRX.

 External writes to EDITR generate an overrun error.

During these accesses, EDSCR.{TXfull, RXfull, ITE} are used for flow control.

The architecture does not require precisely when this flags get set or cleared by the above sequence of operations. For example, in the case of an external write to DBGDTRRX_EL0, RXfull may be cleared after step (2) or may not be cleared until after step (3), as an implementation is free to fuse these into a single operation. The architecture requires that the flags are set as at step (4), when the processor is ready to accept a further read or write without causing an overrun or underrun error.

The above represents a simple sequential execution model of memory access mode. An implementation is free to pipeline, buffer, and re-order instructions and transactions, so long as all the following remain true:

 data items are transferred into and out of the DTR registers in order and without loss (other than in overrun and underrun)

 Data Aborts happen in order

 the constraints of the memory type are met.

See Flow-control of the DCC and ITR registers on page 166 for more information on overrun and underrun.

Ordering, access sizes and effect on exclusive monitors

For the purposes of memory ordering, access sizes and effect on the exclusive monitor, accesses in memory access mode are consistent with Load Word or Store Word instructions executed on the processor.

Data Aborts

If the memory access generates a Data Abort, then:

 The Data Abort exception is taken. See Exceptions in Debug state on page 156. In particular, EDSCR.ERR is set to 1; see Cumulative error flag on page 168.

— If the exception is due to a stage 2 abort the syndrome values recorded in the ISV bit and ISS[23:14] in ESR_EL2 HSR are UNKNOWN.

 X0 / R0 retains the address that generated the abort.

 X1 / R1 is set to an UNKNOWN value.

 EDSCR.TXfull (for load) or EDSCR.RXfull (for store) is set to an UNKNOWN value.

 DTRTX (for load) or DTRRX (for store) is set to an UNKNOWN value.

 EDSCR.ITE is set to 1.

Illegal State exception

If PSTATE.IL is set to 1 when EDSCR.MA == 1 then on an external write access to DBGDTRRX_EL0 or an external read from DBGDTRTX_EL0, it is CONSTRAINED UNPREDICTABLE whether the processor:

 Does all of the following without performing any operations:

— Take an Illegal State exception. See Exceptions in Debug state on page 156. In particular, EDSCR.ERR is set to 1; see Cumulative error flag on page 168.

— X0 / R0 is unchanged.

— X1 / R1 is set to an UNKNOWN value.

— The applicable one of EDSCR.TXfull and EDSCR.RXfull is set to an UNKNOWN value.

— The applicable one of DTRTX and DTRRX is set to an UNKNOWN value.

— EDSCR.ITE is set to 1

 Ignores PSTATE.IL.

Note: The typical usage model for memory access mode involves executing instructions in Normal mode to set up X0 prior to setting EDSCR.MA to 1. These instructions generate an Illegal State exception if PSTATE.IL is set.

Alignment constraints

If the address in X0 / R0 is not aligned to a multiple of 4, the behavior is as follows:

 For each external DTR access, a CONSTRAINEDUNPREDICTABLE choice of:

— The processor makes an unaligned memory access to X0 / R0. If alignment checking is enabled for the memory access, this generates an alignment fault.

— The processor makes a memory access to Align(X[0],4) (AArch64) or Align(R[0],4) (AArch32).

— The processor generates an alignment fault, regardless of whether alignment checking is enabled.

— The processor does nothing.

 Following each memory access, if there is no Data Abort, X0 / R0 is updated with an UNKNOWN value.

 For external writes to DBGDTRRX_EL0, if the processor writes to memory, an UNKNOWN value is written.

 For external reads of DBGDTRTX_EL0, an UNKNOWN value is returned.

 The RXfull and TXfull flags are left in an UNKNOWN state, meaning that a DBGDTRTX_EL0 read can trigger TX underrun, and a DBGDTRRX write can trigger RX overrun.

The ARM preferred implementation is:

 The processor makes an unaligned memory access to X0 / R0. If alignment checking is enabled for the memory access, this generates an alignment fault.

 Following each memory access, if there is no Data Abort, X0 is updated with X0+4 / R0 is updated with R0+4.

 For external writes to DBGDTRRX_EL0, if the processor writes to memory, the word written to DBGDTRRX_EL0 is written.

 For external reads of DBGDTRTX_EL0, the result of the unaligned load is returned.

 The RXfull and TXfull flags are updated as normal.

10.3.3 Memory-mapped accesses to the DCC and ITR

The writes to flags in EDSCR by external debug interface accesses to the DCC and ITR registers are indirect writes that are side-effects of the access. The indirect write might not occur for a memory-mapped access to the external debug interface. For more information, see Register access permissions for memory-mapped accesses on page 194.