What functions are called and when by the firmware?

  • 20 Replies
  • 2143 Views
  • Publish
    What functions are called and when by the firmware?
    « on: 11 / August / 2011, 09:31:26 »
    Advertisements
    Hi everyone,
    I'm trying to make sense how everything works. I'm not that experience in this stuff, but can follow C pretty well; I can understand how assembly works also, but it pretty hard to follow. The problem is I haven't found a description of whats happening behind the scenes and it's not that obvious.   It doesn't help I only really have time to tinker with this at work where I cannot install programs.

    Here's my understanding so far:

    I think everything is 'hooked' in the platform folder for my firmware starting with the boot function in boot.c which is essentially our 'Main', but I can't follow what's happening.

    kbd_task - calls mykbd_task I believe - boot.c made this to be called instead of the canon version every 10ms.

    spy_task - the while(1) loop in core_spytask - task started in boot.c loops every 20ms.

    capt_seq_task - capt_seq.c? no clue how this one works, but like kbd_task its a canon task hacked to do overrides having to do with the capture itself.


    What I'm looking for is, what functions are called by the hacked firmware upon boot, and in normal operation(tasks).  I know the code in boot.c and such change every firmware, but the basic steps are the same right? If I know what to look for I think I can figure this thing out.

    Thanks,
    Jeff

  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #1 on: 11 / August / 2011, 11:36:40 »
    Let us start by reading member Muck Weerden's explanation :- http://www.mweerden.net/chdk_porting.html


    David

  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #2 on: 13 / August / 2011, 04:40:21 »

    *

    Offline reyalp

    • ******
    • 9957
  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #3 on: 13 / August / 2011, 16:41:51 »
    Don't forget what the H stands for.


  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #4 on: 13 / August / 2011, 21:28:46 »
    So what's the purpose of jogdial_task_my() for cameras that have a jogdial ?  It looks like its job is to basically disable the jog dial while <ALT> mode is active ?   Does it allow the jogdial to be used for other CHDK things ?

    *

    Offline philmoz

    • *****
    • 2936
      • Photos
  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #5 on: 13 / August / 2011, 21:43:59 »
    So what's the purpose of jogdial_task_my() for cameras that have a jogdial ?  It looks like its job is to basically disable the jog dial while <ALT> mode is active ?   Does it allow the jogdial to be used for other CHDK things ?


    If get_jogdial_direction (in platform/CAMERA/kbd.c) is implemented to return JOGDIAL_LEFT and JOGDIAL_RIGHT when the wheel is turned then it will be used in the menus to navigate up/down (plus a few other places like the text reader).

    As you said, the task is only there to try and stop the firmware from processing the wheel events in Alt mode. On some cameras the current implementation stops the wheel events when you are in Alt mode; but the firmware gets them when you leave Alt mode - the current G12 & SX30 code has a fix for this.

    Phil.
    CHDK ports:
      sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
      g12 (1.00c, 1.00e, 1.00f & 1.00g)
      sx130is (1.01d & 1.01f)
      ixus310hs (1.00a & 1.01a)
      sx40hs (1.00d, 1.00g & 1.00i)
      g1x (1.00e, 1.00f & 1.00g)

  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #6 on: 14 / August / 2011, 02:54:20 »
    I think I'm going to have to dump my firmware and give porting a try just to understand everything better.  I also think IDA will help me see how everything links together, especially with Touchgraph. Unfortunately my time at home is limited and my wife insists on occupying most of that available time (not a bad thing  :D)

    I think I've figured out the flow of the assembly now... to verify/clear up confusion:
    "BL   sub_FF98ACEC_my \n"               // patched" calls a function of our modified canon code 
    "BL   shooting_expo_param_override\n"        // added" is calling a new function we added.
    Sometimes a modified canon code piece has a more thorough name (like tasks), but in general this seems to be the case.

    "BL   loc_FF88323C \n""  type branches are a little more confusing though. That particular example is at the end of the capt_seq_task and calls a location near the top (the big loop I was looking for). So these branches are to locations within the function.
    "BL   sub_FF88402C \n"" - "sub" type must call locations outside the function. these aren't relabeled, so are calling the canon firmware.

    another interesting part:
    "LDR   R0, =0xFF882CF4 \n"            // "SsShootTask.c""  I find similar comments many times in boot.c and capt_seq.c - every instance of each comment point to one address and I can find no such file, function or external reference to any of them.  And there's always a "DebugAssert" afterwards.  I see on the "DryOS porting" page all "DebugAssert" does is save a file if there's a fatal error. Those comments must be the name of the file saved with the value of that address. This is just for debugging?

    How am I doing?

    *

    Offline fe50

    • ******
    • 3034
    • IXUS50 & 860, SX10 Star WARs-Star RAWs
      • fe50
  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #7 on: 14 / August / 2011, 04:47:32 »
    "LDR   R0, =0xFF882CF4 \n"            // "SsShootTask.c""  I find similar comments many times in boot.c and capt_seq.c - every instance of each comment point to one address and I can find no such file, function or external reference to any of them.
    "SsShootTask.c": from dissassembling the dump with IDA; string in the original Canon firmware, the origin filename of the (Canon) source code file, debug symbol from Canon's compiler...


    *

    Offline reyalp

    • ******
    • 9957
  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #8 on: 14 / August / 2011, 17:48:43 »
    another interesting part:
    "LDR   R0, =0xFF882CF4 \n"            // "SsShootTask.c""  I find similar comments many times in boot.c and capt_seq.c - every instance of each comment point to one address and I can find no such file, function or external reference to any of them.  And there's always a "DebugAssert" afterwards. 
    Right, those are asserts in the canon firmware, so they have canon source file names and line numbers. Of course, we don't have the canon source files, but the names provide useful clues.

    Canon DebugAssert doesn't write a file. It writes to a sector of onboard flash, and then shuts the camera down. The romlog scripts can be used to retrieve this to a file. See http://chdk.wikia.com/wiki/Debugging#Camera_crash_logs_.28romlog.29

    Note that sub_XXXXXXXX in the files with inline asm is treated specially: some sed scripts search the various files for these and add shims to stubs_auto.S to allow calling functions in the ROM, which would normally be beyond the reach of a 24 bit BL offset. loc_xxxxxxxx is just a label within the file.
    Don't forget what the H stands for.

  • Publish
    Re: What functions are called and when by the firmware?
    « Reply #9 on: 16 / August / 2011, 06:09:58 »
    If I'm seeing this right "wait_until_remote_button_is_released" is always called before a capture is taken and  "capt_seq_hook_raw_here" is always called after (but before image processing).

    even if you have both those options disabled it looks like a lot of processing is happening anyways, especially for the raw saving function which passes back and forth between threads. Why not put "if (conf.remote_enable)" in the beginning of the "wait_until_remote_button_is_released" function and "if (conf.save_raw)" in the beginning of "capt_seq_hook_raw_here"?   

    Even if it's only saving a few fractions of a second this is where we want things as fast as possible.

     

    Related Topics