FreeCalypso > hg > freecalypso-reveng
changeset 260:863b483bf9e7
pirelli/fw-disasm: CI charging analyzed
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Tue, 26 Dec 2017 06:49:53 +0000 |
parents | ea66ce1a0d2e |
children | 61e0be63559c |
files | pirelli/fw-disasm |
diffstat | 1 files changed, 357 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/pirelli/fw-disasm Tue Dec 26 04:47:58 2017 +0000 +++ b/pirelli/fw-disasm Tue Dec 26 06:49:53 2017 +0000 @@ -1107,6 +1107,190 @@ 2e27a4: b002 add sp, #8 2e27a6: bd10 pop {r4, pc} +$pwr_CI_charge_process: + 2e2838: b570 push {r4, r5, r6, lr} + 2e283a: b082 sub sp, #8 + 2e283c: 2138 mov r1, #56 ; 0x38 + 2e283e: 485c ldr r0, =0x1774e70 ; via 0x2e29b0 + 2e2840: 6800 ldr r0, [r0, #0] + 2e2842: 5e08 ldrsh r0, [r1, r0] + 2e2844: f04b f96b bl 0x32db1e ; $pwr_bat_temp_within_limits + 2e2848: 2800 cmp r0, #0 + 2e284a: d11a bne 0x2e2882 +; error path + 2e284c: f7ff fd4f bl 0x2e22ee + 2e2850: 4856 ldr r0, =0xa0020 ; via 0x2e29ac + 2e2852: 9000 str r0, [sp, #0] + 2e2854: a0f0 add r0, pc, #960 ; 0x3c0 + 2e2856: 2121 mov r1, #33 ; 0x21 + 2e2858: 2200 mov r2, #0 + 2e285a: 43d2 mvn r2, r2 + 2e285c: 2302 mov r3, #2 + 2e285e: f0f8 f9e9 bl 0x3dac34 + 2e2862: 2000 mov r0, #0 + 2e2864: f0b2 fb2d bl 0x394ec2 + 2e2868: 2132 mov r1, #50 ; 0x32 + 2e286a: 48f4 ldr r0, =0x1774e38 ; via 0x2e2c3c + 2e286c: 6800 ldr r0, [r0, #0] + 2e286e: 5c08 ldrb r0, [r1, r0] + 2e2870: 2800 cmp r0, #0 + 2e2872: d000 beq 0x2e2876 + 2e2874: e096 b 0x2e29a4 + 2e2876: 2001 mov r0, #1 + 2e2878: 213c mov r1, #60 ; 0x3c + 2e287a: 2201 mov r2, #1 + 2e287c: f066 fcc6 bl 0x34920c + 2e2880: e092 b 0x2e29a8 +; good path + 2e2882: 2033 mov r0, #51 ; 0x33 + 2e2884: 49ed ldr r1, =0x1774e38 ; via 0x2e2c3c + 2e2886: 6809 ldr r1, [r1, #0] + 2e2888: 5c40 ldrb r0, [r0, r1] + 2e288a: 2800 cmp r0, #0 + 2e288c: d10c bne 0x2e28a8 +; is_adc_on FALSE +; write 0 to VBATREG + 2e288e: 2001 mov r0, #1 + 2e2890: 211e mov r1, #30 ; 0x1e + 2e2892: 2200 mov r2, #0 + 2e2894: f066 fcba bl 0x34920c +; delay one TDMA frame + 2e2898: 2001 mov r0, #1 + 2e289a: f7cf f800 bl 0x2b189e +; read VBATREG + 2e289e: 2001 mov r0, #1 + 2e28a0: 211e mov r1, #30 ; 0x1e + 2e28a2: f066 fcda bl 0x34925a + 2e28a6: e001 b 0x2e28ac +; is_adc_on TRUE +; function gets average of the last 6 + 2e28a8: f04b fc16 bl 0x32e0d8 +; is_adc_on paths join + 2e28ac: 1c04 add r4, r0, #0 + 2e28ae: 1c20 add r0, r4, #0 +; the MADC code is converted to mV, but only for storing in the 0x1774b7c var + 2e28b0: f04b f91a bl 0x32dae8 ; $pwr_adc_to_mvolt + 2e28b4: 4993 ldr r1, =0x1774b7c ; via 0x2e2b04 +; "TIMER1" trace + 2e28b6: 8008 strh r0, [r1, #0] + 2e28b8: 483c ldr r0, =0xa0020 ; via 0x2e29ac + 2e28ba: 9000 str r0, [sp, #0] + 2e28bc: a076 add r0, pc, #472 ; 0x1d8 + 2e28be: 2106 mov r1, #6 + 2e28c0: 2200 mov r2, #0 + 2e28c2: 43d2 mvn r2, r2 + 2e28c4: 2302 mov r3, #2 + 2e28c6: f0f8 f9b5 bl 0x3dac34 +; "Vbat (MADC code) " trace + 2e28ca: 4838 ldr r0, =0xa0020 ; via 0x2e29ac + 2e28cc: 9000 str r0, [sp, #0] + 2e28ce: a080 add r0, pc, #512 ; 0x200 + 2e28d0: 2111 mov r1, #17 ; 0x11 + 2e28d2: 1c22 add r2, r4, #0 + 2e28d4: 2305 mov r3, #5 + 2e28d6: f0f8 f9ad bl 0x3dac34 +; check for the voltage threshold exactly as in MV100 version + 2e28da: 4e35 ldr r6, =0x1774e70 ; via 0x2e29b0 + 2e28dc: 6830 ldr r0, [r6, #0] + 2e28de: 8980 ldrh r0, [r0, #12] ; 0xc + 2e28e0: 4284 cmp r4, r0 + 2e28e2: db0c blt 0x2e28fe + 2e28e4: f7ff fd03 bl 0x2e22ee ; $pwr_stop_charging + 2e28e8: f0b2 fa79 bl 0x394dde ; $pwr_send_CV_charge_start_event +; the CV setting is plain 4200 + 2e28ec: 4886 ldr r0, =0x1068 ; via 0x2e2b08 + 2e28ee: f7ff fca3 bl 0x2e2238 ; $pwr_start_CV_charging +; same TIMER2 as in MV100 version + 2e28f2: 2002 mov r0, #2 + 2e28f4: 4986 ldr r1, =0x363 ; via 0x2e2b10 + 2e28f6: 2200 mov r2, #0 + 2e28f8: f048 fabe bl 0x32ae78 + 2e28fc: e054 b 0x2e29a8 ; return +; threshold not reached + 2e28fe: 4df3 ldr r5, =0x1774b78 ; via 0x2e2ccc + 2e2900: 88a9 ldrh r1, [r5, #4] + 2e2902: 4882 ldr r0, =0xd2a ; via 0x2e2b0c + 2e2904: 4281 cmp r1, r0 + 2e2906: dc08 bgt 0x2e291a +; emergency-low Vbat + 2e2908: 4828 ldr r0, =0xa0020 ; via 0x2e29ac + 2e290a: 9000 str r0, [sp, #0] + 2e290c: a064 add r0, pc, #400 ; 0x190 + 2e290e: 211f mov r1, #31 ; 0x1f + 2e2910: 2200 mov r2, #0 + 2e2912: 43d2 mvn r2, r2 + 2e2914: 2302 mov r3, #2 + 2e2916: f0f8 f98d bl 0x3dac34 +; end of emergency-low Vbat check +; TIMER1 restarted, same interval as in MV100 + 2e291a: 2001 mov r0, #1 + 2e291c: 497c ldr r1, =0x363 ; via 0x2e2b10 + 2e291e: 2200 mov r2, #0 + 2e2920: f048 faaa bl 0x32ae78 +; Ichg check code begins + 2e2924: 48c5 ldr r0, =0x1774e38 ; via 0x2e2c3c + 2e2926: 2133 mov r1, #51 ; 0x33 + 2e2928: 6802 ldr r2, [r0, #0] + 2e292a: 5c89 ldrb r1, [r1, r2] + 2e292c: 2900 cmp r1, #0 + 2e292e: d10d bne 0x2e294c +; is_adc_on FALSE + 2e2930: 2001 mov r0, #1 + 2e2932: 2122 mov r1, #34 ; 0x22 + 2e2934: 2200 mov r2, #0 + 2e2936: f066 fc69 bl 0x34920c + 2e293a: 2001 mov r0, #1 + 2e293c: f7ce ffaf bl 0x2b189e + 2e2940: 2001 mov r0, #1 + 2e2942: 2122 mov r1, #34 ; 0x22 + 2e2944: f066 fc89 bl 0x34925a + 2e2948: 1c04 add r4, r0, #0 + 2e294a: e001 b 0x2e2950 +; is_adc_on TRUE +; takes Ichg from SPI ADC results + 2e294c: 6800 ldr r0, [r0, #0] + 2e294e: 8904 ldrh r4, [r0, #8] +; is_adc_on paths join + 2e2950: 1c20 add r0, r4, #0 + 2e2952: f04b fbfe bl 0x32e152 + 2e2956: 1c04 add r4, r0, #0 + 2e2958: f04b f8cf bl 0x32dafa ; $pwr_adc_to_mA + 2e295c: 80e8 strh r0, [r5, #6] + 2e295e: 88e8 ldrh r0, [r5, #6] + 2e2960: f04b fbac bl 0x32e0bc + 2e2964: 4811 ldr r0, =0xa0020 ; via 0x2e29ac + 2e2966: 9000 str r0, [sp, #0] + 2e2968: a0d3 add r0, pc, #844 ; 0x34c + 2e296a: 2111 mov r1, #17 ; 0x11 + 2e296c: 1c22 add r2, r4, #0 + 2e296e: 2305 mov r3, #5 + 2e2970: f0f8 f960 bl 0x3dac34 + 2e2974: 2033 mov r0, #51 ; 0x33 + 2e2976: 0100 lsl r0, r0, #4 + 2e2978: 6831 ldr r1, [r6, #0] + 2e297a: 8909 ldrh r1, [r1, #8] + 2e297c: 1840 add r0, r0, r1 + 2e297e: 4284 cmp r4, r0 + 2e2980: dd12 ble 0x2e29a8 +; current got too high + 2e2982: f7ff fcb4 bl 0x2e22ee + 2e2986: 200a mov r0, #10 ; 0xa + 2e2988: 43c0 mvn r0, r0 + 2e298a: 8028 strh r0, [r5, #0] + 2e298c: 4807 ldr r0, =0xa0020 ; via 0x2e29ac + 2e298e: 9000 str r0, [sp, #0] + 2e2990: a04b add r0, pc, #300 ; 0x12c + 2e2992: 210e mov r1, #14 ; 0xe + 2e2994: 2200 mov r2, #0 + 2e2996: 43d2 mvn r2, r2 + 2e2998: 2302 mov r3, #2 + 2e299a: f0f8 f94b bl 0x3dac34 + 2e299e: 2003 mov r0, #3 + 2e29a0: f0b2 fa8f bl 0x394ec2 + 2e29a4: f0d1 f905 bl 0x3b3bb2 + 2e29a8: b002 add sp, #8 + 2e29aa: bd70 pop {r4, r5, r6, pc} + $l1_abb_power_on: 31c036: b510 push {r4, lr} 31c038: b084 sub sp, #16 ; 0x10 @@ -2000,6 +2184,176 @@ 32e0a0: b002 add sp, #8 32e0a2: bd10 pop {r4, pc} + 32e0bc: b510 push {r4, lr} + 32e0be: 1c04 add r4, r0, #0 + 32e0c0: f000 f93e bl 0x32e340 + 32e0c4: 4284 cmp r4, r0 + 32e0c6: dd06 ble 0x32e0d6 + 32e0c8: 4942 ldr r1, =0x1774e70 ; via 0x32e1d4 + 32e0ca: 6809 ldr r1, [r1, #0] + 32e0cc: 3144 add r1, #68 ; 0x44 + 32e0ce: 680a ldr r2, [r1, #0] + 32e0d0: 18a2 add r2, r4, r2 + 32e0d2: 1a10 sub r0, r2, r0 + 32e0d4: 6008 str r0, [r1, #0] + 32e0d6: bd10 pop {r4, pc} + +; The following function computes and returns the average +; of the last 6 VBAT ADC measurements, all in raw ADC form + 32e0d8: b500 push {lr} + 32e0da: 480a ldr r0, =0x1774e38 ; via 0x32e104 + 32e0dc: 6803 ldr r3, [r0, #0] + 32e0de: 2000 mov r0, #0 + 32e0e0: 2100 mov r1, #0 + 32e0e2: 004a lsl r2, r1, #1 + 32e0e4: 189a add r2, r3, r2 + 32e0e6: 8a92 ldrh r2, [r2, #20] ; 0x14 + 32e0e8: 1810 add r0, r2, r0 + 32e0ea: 0400 lsl r0, r0, #16 + 32e0ec: 0c00 lsr r0, r0, #16 + 32e0ee: 1c49 add r1, r1, #1 + 32e0f0: 0409 lsl r1, r1, #16 + 32e0f2: 0c09 lsr r1, r1, #16 + 32e0f4: 2906 cmp r1, #6 + 32e0f6: dbf4 blt 0x32e0e2 + 32e0f8: 2106 mov r1, #6 + 32e0fa: f0c9 f897 bl 0x3f722c ; I$DIV + 32e0fe: 0408 lsl r0, r1, #16 + 32e100: 0c00 lsr r0, r0, #16 + 32e102: bd00 pop {pc} + +; The function dealing with the "ichg new" and "ichg clip" mystery +; the argument is Ichg as read from MADC (raw, no mA conversion) + 32e152: b5f0 push {r4, r5, r6, r7, lr} + 32e154: b082 sub sp, #8 + 32e156: 1c05 add r5, r0, #0 +; "ichg new" trace: just the raw reading + 32e158: 484d ldr r0, =0xa0020 ; via 0x32e290 + 32e15a: 9000 str r0, [sp, #0] + 32e15c: a0ae add r0, pc, #696 ; 0x2b8 + 32e15e: 2108 mov r1, #8 + 32e160: 1c2a add r2, r5, #0 + 32e162: 2302 mov r3, #2 + 32e164: f0ac fd66 bl 0x3dac34 +; comparing this raw reading against i2v_offset+23 + 32e168: 481a ldr r0, =0x1774e70 ; via 0x32e1d4 + 32e16a: 6800 ldr r0, [r0, #0] + 32e16c: 8900 ldrh r0, [r0, #8] + 32e16e: 3017 add r0, #23 ; 0x17 + 32e170: 4285 cmp r5, r0 + 32e172: da02 bge 0x32e17a +; less than this sane minimum! + 32e174: 48b8 ldr r0, =0x1774e38 ; via 0x32e458 + 32e176: 6800 ldr r0, [r0, #0] + 32e178: e062 b 0x32e240 +; above that minimum +; get the display backlight current draw + 32e17a: f0b1 f8a2 bl 0x3df2c2 + 32e17e: 49b4 ldr r1, =0x17729dc ; via 0x32e450 + 32e180: 880a ldrh r2, [r1, #0] + 32e182: 4282 cmp r2, r0 + 32e184: d00a beq 0x32e19c +; display backlight current draw changed + 32e186: 8008 strh r0, [r1, #0] + 32e188: 48b3 ldr r0, =0x1774e38 ; via 0x32e458 + 32e18a: 6801 ldr r1, [r0, #0] + 32e18c: 2200 mov r2, #0 + 32e18e: 860a strh r2, [r1, #48] ; 0x30 + 32e190: 6800 ldr r0, [r0, #0] + 32e192: 3020 add r0, #32 ; 0x20 + 32e194: 2100 mov r1, #0 + 32e196: 220c mov r2, #12 ; 0xc + 32e198: f0c9 ffe0 bl 0x3f815c ; $memset +; end of check for display backlight current draw change + 32e19c: 4cae ldr r4, =0x1774e38 ; via 0x32e458 + 32e19e: 6821 ldr r1, [r4, #0] + 32e1a0: 6822 ldr r2, [r4, #0] + 32e1a2: 8e10 ldrh r0, [r2, #48] ; 0x30 + 32e1a4: 0040 lsl r0, r0, #1 + 32e1a6: 1843 add r3, r0, r1 + 32e1a8: 1840 add r0, r0, r1 + 32e1aa: 8c06 ldrh r6, [r0, #32] ; 0x20 + 32e1ac: 2e00 cmp r6, #0 + 32e1ae: d113 bne 0x32e1d8 +; filling new entry? + 32e1b0: 4908 ldr r1, =0x1774e70 ; via 0x32e1d4 + 32e1b2: 2633 mov r6, #51 ; 0x33 + 32e1b4: 0136 lsl r6, r6, #4 + 32e1b6: 6809 ldr r1, [r1, #0] + 32e1b8: 8909 ldrh r1, [r1, #8] + 32e1ba: 1871 add r1, r6, r1 + 32e1bc: 428d cmp r5, r1 + 32e1be: dc01 bgt 0x32e1c4 + 32e1c0: 8405 strh r5, [r0, #32] ; 0x20 + 32e1c2: e001 b 0x32e1c8 + 32e1c4: 48a3 ldr r0, =0x263 ; via 0x32e454 + 32e1c6: 8418 strh r0, [r3, #32] ; 0x20 + 32e1c8: 8e10 ldrh r0, [r2, #48] ; 0x30 + 32e1ca: 3001 add r0, #1 + 32e1cc: 0400 lsl r0, r0, #16 + 32e1ce: 0c01 lsr r1, r0, #16 + 32e1d0: e016 b 0x32e200 + 32e1d2: 46c0 nop (mov r8, r8) + 32e1d4: 01774e70 +; entry already filled? + 32e1d8: 8d90 ldrh r0, [r2, #44] ; 0x2c + 32e1da: 3023 add r0, #35 ; 0x23 + 32e1dc: 42a8 cmp r0, r5 + 32e1de: da0d bge 0x32e1fc + 32e1e0: 8418 strh r0, [r3, #32] ; 0x20 +; "ichg clip" trace + 32e1e2: 8e10 ldrh r0, [r2, #48] ; 0x30 + 32e1e4: 0040 lsl r0, r0, #1 + 32e1e6: 1808 add r0, r1, r0 + 32e1e8: 8c02 ldrh r2, [r0, #32] ; 0x20 + 32e1ea: 4829 ldr r0, =0xa0020 ; via 0x32e290 + 32e1ec: 9000 str r0, [sp, #0] + 32e1ee: a08d add r0, pc, #564 ; 0x234 + 32e1f0: 2109 mov r1, #9 + 32e1f2: 2302 mov r3, #2 + 32e1f4: f0ac fd1e bl 0x3dac34 + 32e1f8: 6822 ldr r2, [r4, #0] + 32e1fa: e000 b 0x32e1fe +; not clipping? + 32e1fc: 841d strh r5, [r3, #32] ; 0x20 + 32e1fe: 2106 mov r1, #6 +; fill paths join + 32e200: 8e10 ldrh r0, [r2, #48] ; 0x30 + 32e202: 3001 add r0, #1 + 32e204: 8610 strh r0, [r2, #48] ; 0x30 + 32e206: 6823 ldr r3, [r4, #0] + 32e208: 8e18 ldrh r0, [r3, #48] ; 0x30 + 32e20a: 2806 cmp r0, #6 + 32e20c: db02 blt 0x32e214 + 32e20e: 2000 mov r0, #0 + 32e210: 8618 strh r0, [r3, #48] ; 0x30 + 32e212: 6823 ldr r3, [r4, #0] +; array wraparound done + 32e214: 2000 mov r0, #0 + 32e216: 2900 cmp r1, #0 + 32e218: d00e beq 0x32e238 + 32e21a: 6827 ldr r7, [r4, #0] + 32e21c: 1c0d add r5, r1, #0 + 32e21e: 2200 mov r2, #0 + 32e220: 0056 lsl r6, r2, #1 + 32e222: 19be add r6, r7, r6 + 32e224: 8c36 ldrh r6, [r6, #32] ; 0x20 + 32e226: 1830 add r0, r6, r0 + 32e228: 0400 lsl r0, r0, #16 + 32e22a: 0c00 lsr r0, r0, #16 + 32e22c: 1c52 add r2, r2, #1 + 32e22e: 0412 lsl r2, r2, #16 + 32e230: 0c12 lsr r2, r2, #16 + 32e232: 3d01 sub r5, #1 + 32e234: 2d00 cmp r5, #0 + 32e236: d1f3 bne 0x32e220 + 32e238: f0c8 fff8 bl 0x3f722c ; I$DIV + 32e23c: 8599 strh r1, [r3, #44] ; 0x2c + 32e23e: 6820 ldr r0, [r4, #0] + 32e240: 8d80 ldrh r0, [r0, #44] ; 0x2c + 32e242: b002 add sp, #8 + 32e244: bdf0 pop {r4, r5, r6, r7, pc} + ; This function seems to be in charge of enforcing some kind of time limit ; on the charging process, with non-understood handling when this limit ; is exceeded and the "Charge Process exceeds .!!" trace is emitted. @@ -4925,6 +5279,8 @@ 005A ( 90) 0017 (23) 00AA (170) 002D (45) 00FA (250) 0050 (80) +0x17729dc: 16-bit var stored the last display backlight current draw value + for the Ichg munching logic 0x17741e0: abb_sem @@ -4937,6 +5293,7 @@ set to 1 when starting CV charging 0x1774b7c: 16-bit var battery voltage in mV 0x1774b7e: 16-bit var zeroed in pwr_stop_charging() + Ichg in mA gets written here in CI process 0x1774b80: 16-bit var zeroed in pwr_stop_charging() 0x1774b82: 16-bit var gets i2v offset (raw ADC) written into it