freecalypso-reveng: pirelli/fw-disasm comparison

comparison pirelli/fw-disasm @ 254:f3f9dd04567e

pirelli/fw-disasm: started proper analysis of pwr_cust code

author	Mychaela Falconia <falcon@freecalypso.org>
date	Mon, 25 Dec 2017 23:32:08 +0000
parents	6f9969cf55a1
children	0f5a24acde3a

comparison

equal deleted inserted replaced

-:6f9969cf55a1
+:f3f9dd04567e
 32af8c:	2104		mov	r1, #4
 32af8e:	f0ce fb45	bl	0x3f961c	; $TMSE_Control_Timer
 32af92:	b001		add	sp, #4
 32af94:	bd00		pop	{pc}
+; pwr_cust module seems to start here
 ; The following function takes a raw ADC VBAT measurement
 ; as input (R0) and returns the mV value per the calibration.
+$pwr_adc_to_mvolt:
 32dae8:	498b		ldr	r1, =0x801734	; via 0x32dd18
 32daea:	880a		ldrh	r2, [r1, #0]
 32daec:	4342		mul	r2, r0
 32daee:	0a90		lsr	r0, r2, #10
 32daf0:	8a49		ldrh	r1, [r1, #18]	; 0x12
 32daf2:	1808		add	r0, r1, r0
 32daf4:	0400		lsl	r0, r0, #16
 32daf6:	0c00		lsr	r0, r0, #16
 32daf8:	4770		bx	lr
+$pwr_adc_to_mA:
+; diff from MV100 version: this version subtracts i2v_madc_offset first
 32dafa:	b500		push	{lr}
 32dafc:	49c2		ldr	r1, =0x1774e70	; via 0x32de08
 32dafe:	6809		ldr	r1, [r1, #0]
 32db00:	8909		ldrh	r1, [r1, #8]
 32db02:	4288		cmp	r0, r1
 32db0a:	1a40		sub	r0, r0, r1
 32db0c:	4983		ldr	r1, =0x357	; via 0x32dd1c
 32db0e:	4348		mul	r0, r1
 32db10:	217d		mov	r1, #125	; 0x7d
 32db12:	00c9		lsl	r1, r1, #3
-32db14:	f0c9 fb8a	bl	0x3f722c
+32db14:	f0c9 fb8a	bl	0x3f722c	; I$DIV
 32db18:	0408		lsl	r0, r1, #16
 32db1a:	0c00		lsr	r0, r0, #16
 32db1c:	bd00		pop	{pc}
+$pwr_bat_temp_within_limits:
+; the limits are the same as in MV100 version: 0 to 50 deg C
+; 1st diff: if the byte var at offset 0x48 is set to 1, then
+; out-of-range T is ignored with a warning trace
+; 2nd diff: if T is out of range and no ignore-with-warning flag is set,
+; the return code is FALSE like in TI's original, but an additional code
+; indicating whether T is too high or too low is written into 16-bit var
+; at 0x1774b78
 32db1e:	b510		push	{r4, lr}
 32db20:	b082		sub	sp, #8
 32db22:	1c04		add	r4, r0, #0
 32db24:	48b9		ldr	r0, =0xa0020	; via 0x32de0c
 32db26:	9000		str	r0, [sp, #0]
 32db84:	2304		mov	r3, #4
 32db86:	f0ad f855	bl	0x3dac34
 32db8a:	2000		mov	r0, #0
 32db8c:	b002		add	sp, #8
 32db8e:	bd10		pop	{r4, pc}
+$pwr_madc_to_Celsius_conv:
+; MV100 version uses 10 uA and 50 uA test currents,
+; this version uses 30 uA and 80 uA instead
+; not analysed further
+32db90:	b5f0		push	{r4, r5, r6, r7, lr}
+32db92:	b082		sub	sp, #8
+32db94:	2351		mov	r3, #81	; 0x51
+32db96:	1ac0		sub	r0, r0, r3
+32db98:	2800		cmp	r0, #0
+32db9a:	d008		beq	0x32dbae
+32db9c:	3828		sub	r0, #40	; 0x28
+32db9e:	2800		cmp	r0, #0
+32dba0:	d001		beq	0x32dba6
+32dba2:	2000		mov	r0, #0
+32dba4:	e04a		b	0x32dc3c
+32dba6:	4ed2		ldr	r6, =0x52e308	; via 0x32def0
+32dba8:	4dd2		ldr	r5, =0x52e2e4	; via 0x32def4
+32dbaa:	200a		mov	r0, #10	; 0xa
+32dbac:	e002		b	0x32dbb4
+32dbae:	4ed2		ldr	r6, =0x52e2f8	; via 0x32def8
+32dbb0:	4dd2		ldr	r5, =0x52e2d4	; via 0x32defc
+32dbb2:	2008		mov	r0, #8
+32dbb4:	8833		ldrh	r3, [r6, #0]
+32dbb6:	4299		cmp	r1, r3
+32dbb8:	dc05		bgt	0x32dbc6
+32dbba:	0043		lsl	r3, r0, #1
+32dbbc:	18f3		add	r3, r6, r3
+32dbbe:	3b02		sub	r3, #2
+32dbc0:	881b		ldrh	r3, [r3, #0]
+32dbc2:	4299		cmp	r1, r3
+32dbc4:	da08		bge	0x32dbd8
+32dbc6:	1c0a		add	r2, r1, #0
+32dbc8:	4890		ldr	r0, =0xa0020	; via 0x32de0c
+32dbca:	9000		str	r0, [sp, #0]
+32dbcc:	a0c1		add	r0, pc, #772	; 0x304
+32dbce:	211a		mov	r1, #26	; 0x1a
+32dbd0:	2305		mov	r3, #5
+32dbd2:	f0ad f82f	bl	0x3dac34
+32dbd6:	e7e4		b	0x32dba2
+32dbd8:	2800		cmp	r0, #0
+32dbda:	d00d		beq	0x32dbf8
+32dbdc:	2300		mov	r3, #0
+32dbde:	005c		lsl	r4, r3, #1
+32dbe0:	19a7		add	r7, r4, r6
+32dbe2:	1ebf		sub	r7, r7, #2
+32dbe4:	46bc		mov	r12, r7
+32dbe6:	5b37		ldrh	r7, [r6, r4]
+32dbe8:	42b9		cmp	r1, r7
+32dbea:	da0a		bge	0x32dc02
+32dbec:	1c5b		add	r3, r3, #1
+32dbee:	061b		lsl	r3, r3, #24
+32dbf0:	0e1b		lsr	r3, r3, #24
+32dbf2:	3801		sub	r0, #1
+32dbf4:	2800		cmp	r0, #0
+32dbf6:	d1f2		bne	0x32dbde
+32dbf8:	49c1		ldr	r1, =0x1774b80	; via 0x32df00
+32dbfa:	2001		mov	r0, #1
+32dbfc:	0280		lsl	r0, r0, #10
+32dbfe:	8008		strh	r0, [r1, #0]
+32dc00:	e7cf		b	0x32dba2
+32dc02:	2b00		cmp	r3, #0
+32dc04:	d014		beq	0x32dc30
+32dc06:	886b		ldrh	r3, [r5, #2]
+32dc08:	8828		ldrh	r0, [r5, #0]
+32dc0a:	1a18		sub	r0, r3, r0
+32dc0c:	0400		lsl	r0, r0, #16
+32dc0e:	0c00		lsr	r0, r0, #16
+32dc10:	1bc9		sub	r1, r1, r7
+32dc12:	0409		lsl	r1, r1, #16
+32dc14:	0c09		lsr	r1, r1, #16
+32dc16:	4348		mul	r0, r1
+32dc18:	4661		mov	r1, r12
+32dc1a:	8809		ldrh	r1, [r1, #0]
+32dc1c:	1bc9		sub	r1, r1, r7
+32dc1e:	0409		lsl	r1, r1, #16
+32dc20:	0c09		lsr	r1, r1, #16
+32dc22:	f0c9 fb03	bl	0x3f722c
+32dc26:	5b60		ldrh	r0, [r4, r5]
+32dc28:	1a40		sub	r0, r0, r1
+32dc2a:	0400		lsl	r0, r0, #16
+32dc2c:	1400		asr	r0, r0, #16
+32dc2e:	e001		b	0x32dc34
+32dc30:	2000		mov	r0, #0
+32dc32:	5e28		ldrsh	r0, [r5, r0]
+32dc34:	49b2		ldr	r1, =0x1774b80	; via 0x32df00
+32dc36:	8010		strh	r0, [r2, #0]
+32dc38:	8008		strh	r0, [r1, #0]
+32dc3a:	2001		mov	r0, #1
+32dc3c:	b002		add	sp, #8
+32dc3e:	bdf0		pop	{r4, r5, r6, r7, pc}
+$pwr_get_battery_temperature:
+32dc40:	b500		push	{lr}
+; setting BCICTL1 to THEN_80uA
+32dc42:	2001		mov	r0, #1
+32dc44:	2138		mov	r1, #56	; 0x38
+32dc46:	2279		mov	r2, #121	; 0x79
+32dc48:	f01b fae0	bl	0x34920c	; $ABB_Write_Register_on_page
+; setting pwr_env_ctrl_blk->timer0_state, same code as in MV100 version
+32dc4c:	486e		ldr	r0, =0x1774e70	; via 0x32de08
+32dc4e:	6800		ldr	r0, [r0, #0]
+32dc50:	2103		mov	r1, #3
+32dc52:	6301		str	r1, [r0, #48]	; 0x30
+; setting TIMER0 to 65 ticks (300 ms)
+32dc54:	2000		mov	r0, #0
+32dc56:	2141		mov	r1, #65	; 0x41
+32dc58:	2200		mov	r2, #0
+32dc5a:	f7fd f90d	bl	0x32ae78	; $rvf_start_timer
+32dc5e:	bd00		pop	{pc}
+$pwr_bat_50uA_temp_test_timer_process:
+32dc60:	b510		push	{r4, lr}
+32dc62:	b082		sub	sp, #8
+; test if we are in CHARGE_STOPPED state
+32dc64:	4868		ldr	r0, =0x1774e70	; via 0x32de08
+32dc66:	6800		ldr	r0, [r0, #0]
+32dc68:	6840		ldr	r0, [r0, #4]
+32dc6a:	2800		cmp	r0, #0
+32dc6c:	d105		bne	0x32dc7a
+; CHARGE_STOPPED state: write 1 (just MESBAT) into BCICTL1
+32dc6e:	2001		mov	r0, #1
+32dc70:	2138		mov	r1, #56	; 0x38
+32dc72:	2201		mov	r2, #1
+32dc74:	f01b faca	bl	0x34920c
+32dc78:	e04b		b	0x32dd12	; return
+; not in CHARGE_STOPPED state
+32dc7a:	f000 fb0b	bl	0x32e294
+32dc7e:	2800		cmp	r0, #0
+32dc80:	d147		bne	0x32dd12	; return
+; mystery function above must return 0 for normal path to continue
+; "TIMER0: Battery coarse temp test" trace emitted here
+32dc82:	4862		ldr	r0, =0xa0020	; via 0x32de0c
+32dc84:	9000		str	r0, [sp, #0]
+32dc86:	a0d1		add	r0, pc, #836	; 0x344
+32dc88:	2120		mov	r1, #32	; 0x20
+32dc8a:	2200		mov	r2, #0
+32dc8c:	43d2		mvn	r2, r2
+32dc8e:	2302		mov	r3, #2
+32dc90:	f0ac ffd0	bl	0x3dac34
+; pwr_env_ctrl_blk->bat_celsius_temp = (INT16)(0xFFFF);
+32dc94:	4c5c		ldr	r4, =0x1774e70	; via 0x32de08
+32dc96:	6821		ldr	r1, [r4, #0]
+32dc98:	2000		mov	r0, #0
+32dc9a:	43c0		mvn	r0, r0
+32dc9c:	8708		strh	r0, [r1, #56]	; 0x38
+; write 0 into ADIN2REG
+32dc9e:	2001		mov	r0, #1
+32dca0:	2128		mov	r1, #40	; 0x28
+32dca2:	2200		mov	r2, #0
+32dca4:	f01b fab2	bl	0x34920c	; $ABB_Write_Register_on_page
+; delay 2 ticks
+32dca8:	2002		mov	r0, #2
+32dcaa:	f783 fdf8	bl	0x2b189e	; rvf_delay()
+; now read ADIN2REG
+32dcae:	2001		mov	r0, #1
+32dcb0:	2128		mov	r1, #40	; 0x28
+32dcb2:	f01b fad2	bl	0x34925a	; $ABB_Read_Register_on_page
+32dcb6:	1c01		add	r1, r0, #0
+32dcb8:	6822		ldr	r2, [r4, #0]
+32dcba:	3238		add	r2, #56	; 0x38
+32dcbc:	2079		mov	r0, #121	; 0x79
+32dcbe:	f7ff ff67	bl	0x32db90	; $pwr_madc_to_Celsius_conv
+32dcc2:	2800		cmp	r0, #0
+32dcc4:	d10d		bne	0x32dce2
+; outside of the "coarse" range
+; set pwr_env_ctrl_blk->timer0_state to the "fine" code, same as in MV100
+32dcc6:	6821		ldr	r1, [r4, #0]
+32dcc8:	2004		mov	r0, #4
+32dcca:	6308		str	r0, [r1, #48]	; 0x30
+; set 30 uA current
+32dccc:	2001		mov	r0, #1
+32dcce:	2138		mov	r1, #56	; 0x38
+32dcd0:	2251		mov	r2, #81	; 0x51
+32dcd2:	f01b fa9b	bl	0x34920c
+; same 65 ticks (300 ms) as before
+32dcd6:	2000		mov	r0, #0
+32dcd8:	2141		mov	r1, #65	; 0x41
+32dcda:	2200		mov	r2, #0
+32dcdc:	f7fd f8cc	bl	0x32ae78
+32dce0:	e017		b	0x32dd12	; return
+; T inside the "coarse" range
+; write 1 (just MESBAT) into BCICTL1
+32dce2:	2001		mov	r0, #1
+32dce4:	2138		mov	r1, #56	; 0x38
+32dce6:	2201		mov	r2, #1
+32dce8:	f01b fa90	bl	0x34920c
+; dispatch by state
+32dcec:	6820		ldr	r0, [r4, #0]
+32dcee:	6840		ldr	r0, [r0, #4]
+32dcf0:	2802		cmp	r0, #2
+32dcf2:	d00c		beq	0x32dd0e
+32dcf4:	2803		cmp	r0, #3
+32dcf6:	d007		beq	0x32dd08
+32dcf8:	2801		cmp	r0, #1
+32dcfa:	d002		beq	0x32dd02
+32dcfc:	f083 fce0	bl	0x3b16c0	; $pwr_get_bat_info
+32dd00:	e007		b	0x32dd12
+32dd02:	f7b4 fb2b	bl	0x2e235c	; $pwr_calibration_process
+32dd06:	e004		b	0x32dd12
+32dd08:	f7b4 ff04	bl	0x2e2b14	; $pwr_CV_charge_process
+32dd0c:	e001		b	0x32dd12
+32dd0e:	f7b4 fd93	bl	0x2e2838	; $pwr_CI_charge_process
+32dd12:	b002		add	sp, #8
+32dd14:	bd10		pop	{r4, pc}
+32dd16:	46c0		nop			(mov r8, r8)
 ; The following function computes the battery remaining % number
 ; from the battery mV passed in R0.  It first increases the mV value
 ; by a factor that depends on the system current draw (it appears
 ; that they are after the "true" battery voltage before the internal
 		00AA (170) 002D (45)
 		00FA (250) 0050 (80)
 0x17741e0:	abb_sem
+0x1774b78:	16-bit var, gets -4 written into it if the battery T
+		is too high, or -5 if it is too low
 0x1774b7c:	16-bit var battery voltage in mV
 0x1774ccc:	16-bit var initial battery % is stored here
 0x1774cd0:	16-bit var, ABB_Read_Status() return value at the beginning

FreeCalypso > hg > freecalypso-reveng

comparison pirelli/fw-disasm @ 254:f3f9dd04567e