> 1) The ARM processor core has a JTAG port built into it. Has anyone investigated if the processor (or board !) had a JTAG port on it ?
Nope. The whole CHDK is developed without taking a screwdriver. If you so brave you can try to find.
I might do that. If there is a port, it would make debugging a lot easier. Set break points, etc. I use a JTAG debugger for my LPC21XX projects. (Olimex USB JTAG to be exact...)
> 2) Most ARM processors have a provision for encrypting the contents of the ROM. Apparently the ROMs on the cameras are not encrypted, thus the firmware can be dumped ? Do I have this right ?[/i]
I did not know that the ROM can be encrypted. But lucky, Canon's DIGIC do not use this feature.
OK. Its in the ARM documentation. If someone tells me what processor they think we are using, I'll do some searching and find relevant documentation.
> 3) What tools are developers using to debug the code they write?
No tools. At all. The most hardware dependent part was implemented a long ago, so the camera hangs very rarely. If we need an indicator that the code reach some point, we use any LED (switching it ON).
OK. I've done a lot of microcontroller development. I've found it useful to get a serial port working for debugging purposes. It allows one to embed print (printf) statements in the code and track variable values, etc. One might be able to use the same LED setup that is used for dumping the firmware.
> I saw a routine for blinking the camera LED.
It's just for firmware dumping.
So far...
> What sort of baud rate can be accomplished doing that and has anyone written/run a monitor to help with debugging?
Someone dumped a firmware on ~10000 bits per second.
OK. Certainly enough to output data from.
> 4) What hardware specs are we working with ? Typical processor speed, exact processor model, ROM/RAM/(e)Eprom sizes ?
No specs. It's a fun.
Not even any guesses ? Which ARM core are we working with ? Is it the same for Digic II and III ? You could be able to read and dump the processor code and decipher something from that.
Processor - Digic II or Digic III (with ARM9 core integrated). 32M RAM. Eprom - we do not use it.
Are they both ARM9, or just the Digic III ?
> 5) I assume that all of the code stored in the current repository is for the VxWorks OS.
Yes.
> How is the code going to be organized when we start working on the DryOS OS ? Total fork ? Integrated into the current structure ?
Who knows. We return to this question when such porting will be done.
How do you recommend I proceed with regards to code organization ?
> 6) What tools are being used for disassembly?
Mostly - IDA Pro.
Does IDA Pro run on Linux ? Is there a Linux equivalent tool ? I know that most gcc tools have some disassembly components to them. gbd needs this to step through stack traces. But that is about all I know.
> How are various routines discovered for a camera?
One of the Camon's firmware updates had more than 5000 function names. And there is a lot of text strings in the firmware.
OK.
> I assume the disassembler can find the function pre and post setup code and functions can be found, but how are the developers determining what they do ?
Why you do not read For Developers, especially this?
I read that. Basically it shows me that IDA Pro is finding the functions by the pre and post function routines. OK. But that doesn't tell me how the developers are finding what those routines do. Are they calling them and seeing if the focus motor moves, for example or what ? Are they tracing the addresses written to and figuring out that 0x123 is the port that fires the flash ?
Its one thing to find functions in code, another to figure out what those functions do.
This isn't "normal" software development. If the CHDK team wants more developers and a better development system to evolve over time, they need to share what they are doing now so that others can use that as a starting point.
Again, if you feed me information, I will start documenting things.
> 6) Has the DryOS firmware been dumped by anyone yet?
This!
I read that. First of all it doesn't say if anyone has actually dumped the DryOS firmware. It points to the Canon DryOS site and 100 rambling posts (including feature discussions) on DPreview.com. I repeat my question: Has anyone dumped the DryOS firmware ?
I guess someone has because the DPReview post says "But, there is a positive moment - the hardware part is still unchanged (ARM9), because BOOTDISK blinker works."
I guess I also should have noticed that the A720IS and S5IS have been dumped by their colors. They are Digic III and DryOS.
> Is there a functioning "blink the LED" program for a DryOS camera?
This! And this!
Same thing ! First of all, the processor list on the first page has the G9 and 40D as Digic II processors. CLEARLY they are not ! Then it shows that the 40D is of status "either original firmware or firmware dump is available; porting is needed". Again I repeat my question ! HAS ANYONE DUMPED THE DRYOS FIRMWARE ? (See my answer above on the DPReview post.)
"Firmware extraction using the blinker was some trouble but worked."
here:
http://chdk.wikia.com/wiki/A720ISThe Wiki is nice. Its a great OVERVIEW. But it is just that, an overview. As I have shown it doesn't answer the in depth questions that a developer needs answered and it isn't 100% correct.
Teach me and feed me information and I will document and organize as I go.