Some early notes:
* There seem to be 2 CPU cores (PU0/PU1 or puId 0/1). Current core ID is read from 0x1000.
* There seem to be 2 DryOS instances:
- first runs E0012E88 init_task_1, does the usual stdio setup, then starts RomStarter
- second DryOS is launched from RomStarter, at E0020000; it runs E00202E0 init_task_2, runs the stdio setup again, then launches the Startup task
* There are 2 types of interrupts: old-style (similar to D6) and new style (GIC, see Generic Interrupt Controller Architecture Specification):
- old-style: PU0 uses 0xD4011000 (same as D6), PU1 uses 0xD5011000
- new style: 0xC1000000 (this appears to be the
Private memory region):
- 0x010C: GICC_IAR, returns 0x20 for an old-style interrupt
- 0x1100: GICD_ISENABLERn (bit array to enable interrupts; not sure how many)
- 0x1800: GICD_ITARGETSRn (one byte for each interrupt, unaligned access)
- full list in
arm_gic_architecture_specification.pdf -> see e.g. Distributor register map at 0x1000 or CPU interface register map at 0x100
- DryOS heartbeat is identical to D6 (timer 1, interrupt 1B, 10ms)
Memory blocks copied to RAM during startup:
0xE001AF2C -> 0xDF020000 size 0x3B8 at E0005AAC
0xE001B2E4 -> 0x4000 size 0xF1C at E000492C
0xE115CF88 -> 0x8000 size 0x6054C at E002003C
0xE11BD4D4 -> 0x1900000 size 0x1444 at E0020060
0xE11BE918 -> 0xDFFC4900 size 0x152A0 at E0020084
Excerpt from emulation log (QEMU, processor "cortex-a9"):
E0017B98: MRC p15,0,Rd,cr0,cr0,5: MPIDR -> 0x80000000
E0017BBE: MCR p15,0,Rd,cr12,cr0,0: VBAR <- 0xE000001D
E0017BEA: MRC p15,0,Rd,cr1,cr0,0: SCTLR -> 0xC52078
E0017BE0: MCR p15, ... : CACHEMAINT x1 (omitted)
E0017C02: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- 0x40C50878
E0004CE6: MRC p15,0,Rd,cr1,cr0,0: SCTLR -> 0x40C50878
E0004CE6: MCR p15, ... : CACHEMAINT x3 (omitted)
E0004CE6: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- 0x40C51878
E0017C2A: MRC p15,0,Rd,cr0,cr0,5: MPIDR -> 0x80000000
E0004D0A: MRC p15,0,Rd,cr1,cr0,0: SCTLR -> 0x40C51878
E0004DD4: MCR p15, ... : CACHEMAINT x512 (omitted)
E0004D0A: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- 0x40C50878
E0004D1A: MCR p15, ... : CACHEMAINT x1 (omitted)
E0004C7A: MCR p15,0,Rd,cr3,cr0,0: DACR <- 0x55555555
E0004C82: MCR p15,0,Rd,cr2,cr0,0: TTBR0_EL1 <- 0xE0004800
E0004C86: MCR p15,0,Rd,cr2,cr0,1: TTBR1_EL1 <- 0xE0000080
E0004C8A: MCR p15,0,Rd,cr13,cr0,1: CONTEXTIDR(S) <- 0x0
E0004C8E: MCR p15,0,Rd,cr2,cr0,2: TTBCR <- 0x7
E0004C96: MCR p15,0,Rd,cr8,cr7,0: TLBIALL <- 0x0
E0004C9E: MRC p15,0,Rd,cr1,cr0,0: SCTLR -> 0x40C50878
E0004C9E: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- 0x40C50879
E0017C90: MRC p15,0,Rd,cr1,cr0,0: SCTLR -> 0x40C50879
E0017C90: MCR p15, ... : CACHEMAINT x1 (omitted)
E0017C90: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- 0x40C51879
E0017CA8: MRC p15,0,Rd,cr1,cr0,0: SCTLR -> 0x40C51879
E0017CA8: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- 0x40C5187D
E0017CB4: MRC p15,0,Rd,cr1,cr0,1: ACTLR_EL1 -> 0x0
E0017CB4: MCR p15,0,Rd,cr1,cr0,1: ACTLR_EL1 <- 0x45
E0017CB4: MRC p15,0,Rd,cr15,cr0,0: A9_PWRCTL -> 0x0
E0017CB4: MCR p15,0,Rd,cr15,cr0,0: A9_PWRCTL <- 0x1
E0017CD4: MRC p15,0,Rd,cr15,cr0,1: A9_DIAG -> 0x0
E0017CD4: MCR p15,0,Rd,cr15,cr0,1: A9_DIAG <- 0x400000
E0004900: MCR p15,0,Rd,cr12,cr0,0: VBAR <- 0xE0018C40
E000490A: MRC p15,0,Rd,cr0,cr0,5: MPIDR -> 0x80000000
E0011E3A: MRC p15,0,Rd,cr0,cr0,5: MPIDR -> 0x80000000
[ :e0008301 ] set_int_handler(0, 1ca, e00082e1)
[ :e0008305 ] set_int_handler(0, 1cc, e0011749)
[ :e0010d8d ] set_int_handler(0, 1eb, e0004a87)
[ :e0010d99 ] set_int_handler(0, 1ed, e0004a87)
[ :e0010db7 ] enable_interrupt_1(1eb)
[ :e0010dbd ] enable_interrupt_1(1ed)
E0004E38: MCR p15, ... : CACHEMAINT x512 (omitted)
E0004CC6: MCR p15,0,Rd,cr7,cr8,0: ATS <- 0xC6000000
E0004CCE: MRC p15,0,Rd,cr7,cr4,0: PAR -> 0xB
E0004CC6: MCR p15,0,Rd,cr7,cr8,0: ATS <- 0xC2000000
E0004CCE: MRC p15,0,Rd,cr7,cr4,0: PAR -> 0xB
[ :e000846d ] set_int_handler(0, 1cb, e0008449)
[ :e0008477 ] set_int_handler(0, 1b, e00083dd)
[ :e0008485 ] enable_interrupt_1(1b)
[EOS] trigger int 0x1B (delayed!)
DRYOS version 2.3, release #0059+p3
Copyright (C) 1997-2015 by CANON Inc.
[ init:e00079cb ] set_int_handler(0, df, e0007967)
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
[ init:e00079d9 ] set_int_handler(0, 16d, e0007955)
[ init:e0007a0f ] enable_interrupt_1(df)
[ init:e0007a15 ] enable_interrupt_1(16d)
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
#[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
E002000C: MCR p15,0,Rd,cr12,cr0,0: VBAR <- 0xE0020200
E002001A: MRC p15,0,Rd,cr0,cr0,5: MPIDR -> 0x80000000
[EOS] trigger int 0x1B (delayed)
E002010E: MRC p15,0,Rd,cr0,cr0,5: MPIDR -> 0x80000000
[ :e002189b ] enable_interrupt_2(1eb)
[ :e00218a1 ] enable_interrupt_2(1ed)
E036C51A: MCR p15, ... : CACHEMAINT x3038 (omitted)
DFFC49BE: MCR p15,0,Rd,cr7,cr8,0: ATS <- 0xC6000000
DFFC49C6: MRC p15,0,Rd,cr7,cr4,0: PAR -> 0xB
DFFC49BE: MCR p15,0,Rd,cr7,cr8,0: ATS <- 0xC2000000
DFFC49C6: MRC p15,0,Rd,cr7,cr4,0: PAR -> 0xB
[ :e002135d ] enable_interrupt_2(1b)
[EOS] trigger int 0x1B (delayed)
[EOS] trigger int 0x1B (delayed!)
DRYOS version 2.3, release #0059+p3
Copyright (C) 1997-2015 by CANON Inc.
Taking exception 5 [IRQ]
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
[ init:e0021773 ] enable_interrupt_2(df)
[ init:e0021779 ] enable_interrupt_2(16d)
[ init:e00206cb ] task_create(Startup, prio=19, stack=0, entry=e002061d, arg=0)
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
[ Startup:dffcd187 ] task_create(ClockSavePU0, prio=20, stack=200, entry=e010af35, arg=0)
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
[ Startup:e0466b45 ] task_create(SD1stInit, prio=18, stack=0, entry=e0466ad5, arg=0)
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
[EOS] trigger int 0x1B (delayed)
Taking exception 5 [IRQ]
...
HTH