FreeCalypso > hg > freecalypso-reveng

changeset 260:863b483bf9e7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pirelli/fw-disasm: CI charging analyzed
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 26 Dec 2017 06:49:53 +0000
parents ea66ce1a0d2e
children 61e0be63559c
files pirelli/fw-disasm
diffstat 1 files changed, 357 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/pirelli/fw-disasm	Tue Dec 26 04:47:58 2017 +0000
+++ b/pirelli/fw-disasm	Tue Dec 26 06:49:53 2017 +0000
@@ -1107,6 +1107,190 @@
   2e27a4:	b002		add	sp, #8
   2e27a6:	bd10		pop	{r4, pc}
 
+$pwr_CI_charge_process:
+  2e2838:	b570		push	{r4, r5, r6, lr}
+  2e283a:	b082		sub	sp, #8
+  2e283c:	2138		mov	r1, #56	; 0x38
+  2e283e:	485c		ldr	r0, =0x1774e70	; via 0x2e29b0
+  2e2840:	6800		ldr	r0, [r0, #0]
+  2e2842:	5e08		ldrsh	r0, [r1, r0]
+  2e2844:	f04b f96b	bl	0x32db1e	; $pwr_bat_temp_within_limits
+  2e2848:	2800		cmp	r0, #0
+  2e284a:	d11a		bne	0x2e2882
+; error path
+  2e284c:	f7ff fd4f	bl	0x2e22ee
+  2e2850:	4856		ldr	r0, =0xa0020	; via 0x2e29ac
+  2e2852:	9000		str	r0, [sp, #0]
+  2e2854:	a0f0		add	r0, pc, #960	; 0x3c0
+  2e2856:	2121		mov	r1, #33	; 0x21
+  2e2858:	2200		mov	r2, #0
+  2e285a:	43d2		mvn	r2, r2
+  2e285c:	2302		mov	r3, #2
+  2e285e:	f0f8 f9e9	bl	0x3dac34
+  2e2862:	2000		mov	r0, #0
+  2e2864:	f0b2 fb2d	bl	0x394ec2
+  2e2868:	2132		mov	r1, #50	; 0x32
+  2e286a:	48f4		ldr	r0, =0x1774e38	; via 0x2e2c3c
+  2e286c:	6800		ldr	r0, [r0, #0]
+  2e286e:	5c08		ldrb	r0, [r1, r0]
+  2e2870:	2800		cmp	r0, #0
+  2e2872:	d000		beq	0x2e2876
+  2e2874:	e096		b	0x2e29a4
+  2e2876:	2001		mov	r0, #1
+  2e2878:	213c		mov	r1, #60	; 0x3c
+  2e287a:	2201		mov	r2, #1
+  2e287c:	f066 fcc6	bl	0x34920c
+  2e2880:	e092		b	0x2e29a8
+; good path
+  2e2882:	2033		mov	r0, #51	; 0x33
+  2e2884:	49ed		ldr	r1, =0x1774e38	; via 0x2e2c3c
+  2e2886:	6809		ldr	r1, [r1, #0]
+  2e2888:	5c40		ldrb	r0, [r0, r1]
+  2e288a:	2800		cmp	r0, #0
+  2e288c:	d10c		bne	0x2e28a8
+; is_adc_on FALSE
+; write 0 to VBATREG
+  2e288e:	2001		mov	r0, #1
+  2e2890:	211e		mov	r1, #30	; 0x1e
+  2e2892:	2200		mov	r2, #0
+  2e2894:	f066 fcba	bl	0x34920c
+; delay one TDMA frame
+  2e2898:	2001		mov	r0, #1
+  2e289a:	f7cf f800	bl	0x2b189e
+; read VBATREG
+  2e289e:	2001		mov	r0, #1
+  2e28a0:	211e		mov	r1, #30	; 0x1e
+  2e28a2:	f066 fcda	bl	0x34925a
+  2e28a6:	e001		b	0x2e28ac
+; is_adc_on TRUE
+; function gets average of the last 6
+  2e28a8:	f04b fc16	bl	0x32e0d8
+; is_adc_on paths join
+  2e28ac:	1c04		add	r4, r0, #0
+  2e28ae:	1c20		add	r0, r4, #0
+; the MADC code is converted to mV, but only for storing in the 0x1774b7c var
+  2e28b0:	f04b f91a	bl	0x32dae8	; $pwr_adc_to_mvolt
+  2e28b4:	4993		ldr	r1, =0x1774b7c	; via 0x2e2b04
+; "TIMER1" trace
+  2e28b6:	8008		strh	r0, [r1, #0]
+  2e28b8:	483c		ldr	r0, =0xa0020	; via 0x2e29ac
+  2e28ba:	9000		str	r0, [sp, #0]
+  2e28bc:	a076		add	r0, pc, #472	; 0x1d8
+  2e28be:	2106		mov	r1, #6
+  2e28c0:	2200		mov	r2, #0
+  2e28c2:	43d2		mvn	r2, r2
+  2e28c4:	2302		mov	r3, #2
+  2e28c6:	f0f8 f9b5	bl	0x3dac34
+; "Vbat (MADC code) " trace
+  2e28ca:	4838		ldr	r0, =0xa0020	; via 0x2e29ac
+  2e28cc:	9000		str	r0, [sp, #0]
+  2e28ce:	a080		add	r0, pc, #512	; 0x200
+  2e28d0:	2111		mov	r1, #17	; 0x11
+  2e28d2:	1c22		add	r2, r4, #0
+  2e28d4:	2305		mov	r3, #5
+  2e28d6:	f0f8 f9ad	bl	0x3dac34
+; check for the voltage threshold exactly as in MV100 version
+  2e28da:	4e35		ldr	r6, =0x1774e70	; via 0x2e29b0
+  2e28dc:	6830		ldr	r0, [r6, #0]
+  2e28de:	8980		ldrh	r0, [r0, #12]	; 0xc
+  2e28e0:	4284		cmp	r4, r0
+  2e28e2:	db0c		blt	0x2e28fe
+  2e28e4:	f7ff fd03	bl	0x2e22ee	; $pwr_stop_charging
+  2e28e8:	f0b2 fa79	bl	0x394dde	; $pwr_send_CV_charge_start_event
+; the CV setting is plain 4200
+  2e28ec:	4886		ldr	r0, =0x1068	; via 0x2e2b08
+  2e28ee:	f7ff fca3	bl	0x2e2238	; $pwr_start_CV_charging
+; same TIMER2 as in MV100 version
+  2e28f2:	2002		mov	r0, #2
+  2e28f4:	4986		ldr	r1, =0x363	; via 0x2e2b10
+  2e28f6:	2200		mov	r2, #0
+  2e28f8:	f048 fabe	bl	0x32ae78
+  2e28fc:	e054		b	0x2e29a8	; return
+; threshold not reached
+  2e28fe:	4df3		ldr	r5, =0x1774b78	; via 0x2e2ccc
+  2e2900:	88a9		ldrh	r1, [r5, #4]
+  2e2902:	4882		ldr	r0, =0xd2a	; via 0x2e2b0c
+  2e2904:	4281		cmp	r1, r0
+  2e2906:	dc08		bgt	0x2e291a
+; emergency-low Vbat
+  2e2908:	4828		ldr	r0, =0xa0020	; via 0x2e29ac
+  2e290a:	9000		str	r0, [sp, #0]
+  2e290c:	a064		add	r0, pc, #400	; 0x190
+  2e290e:	211f		mov	r1, #31	; 0x1f
+  2e2910:	2200		mov	r2, #0
+  2e2912:	43d2		mvn	r2, r2
+  2e2914:	2302		mov	r3, #2
+  2e2916:	f0f8 f98d	bl	0x3dac34
+; end of emergency-low Vbat check
+; TIMER1 restarted, same interval as in MV100
+  2e291a:	2001		mov	r0, #1
+  2e291c:	497c		ldr	r1, =0x363	; via 0x2e2b10
+  2e291e:	2200		mov	r2, #0
+  2e2920:	f048 faaa	bl	0x32ae78
+; Ichg check code begins
+  2e2924:	48c5		ldr	r0, =0x1774e38	; via 0x2e2c3c
+  2e2926:	2133		mov	r1, #51	; 0x33
+  2e2928:	6802		ldr	r2, [r0, #0]
+  2e292a:	5c89		ldrb	r1, [r1, r2]
+  2e292c:	2900		cmp	r1, #0
+  2e292e:	d10d		bne	0x2e294c
+; is_adc_on FALSE
+  2e2930:	2001		mov	r0, #1
+  2e2932:	2122		mov	r1, #34	; 0x22
+  2e2934:	2200		mov	r2, #0
+  2e2936:	f066 fc69	bl	0x34920c
+  2e293a:	2001		mov	r0, #1
+  2e293c:	f7ce ffaf	bl	0x2b189e
+  2e2940:	2001		mov	r0, #1
+  2e2942:	2122		mov	r1, #34	; 0x22
+  2e2944:	f066 fc89	bl	0x34925a
+  2e2948:	1c04		add	r4, r0, #0
+  2e294a:	e001		b	0x2e2950
+; is_adc_on TRUE
+; takes Ichg from SPI ADC results
+  2e294c:	6800		ldr	r0, [r0, #0]
+  2e294e:	8904		ldrh	r4, [r0, #8]
+; is_adc_on paths join
+  2e2950:	1c20		add	r0, r4, #0
+  2e2952:	f04b fbfe	bl	0x32e152
+  2e2956:	1c04		add	r4, r0, #0
+  2e2958:	f04b f8cf	bl	0x32dafa	; $pwr_adc_to_mA
+  2e295c:	80e8		strh	r0, [r5, #6]
+  2e295e:	88e8		ldrh	r0, [r5, #6]
+  2e2960:	f04b fbac	bl	0x32e0bc
+  2e2964:	4811		ldr	r0, =0xa0020	; via 0x2e29ac
+  2e2966:	9000		str	r0, [sp, #0]
+  2e2968:	a0d3		add	r0, pc, #844	; 0x34c
+  2e296a:	2111		mov	r1, #17	; 0x11
+  2e296c:	1c22		add	r2, r4, #0
+  2e296e:	2305		mov	r3, #5
+  2e2970:	f0f8 f960	bl	0x3dac34
+  2e2974:	2033		mov	r0, #51	; 0x33
+  2e2976:	0100		lsl	r0, r0, #4
+  2e2978:	6831		ldr	r1, [r6, #0]
+  2e297a:	8909		ldrh	r1, [r1, #8]
+  2e297c:	1840		add	r0, r0, r1
+  2e297e:	4284		cmp	r4, r0
+  2e2980:	dd12		ble	0x2e29a8
+; current got too high
+  2e2982:	f7ff fcb4	bl	0x2e22ee
+  2e2986:	200a		mov	r0, #10	; 0xa
+  2e2988:	43c0		mvn	r0, r0
+  2e298a:	8028		strh	r0, [r5, #0]
+  2e298c:	4807		ldr	r0, =0xa0020	; via 0x2e29ac
+  2e298e:	9000		str	r0, [sp, #0]
+  2e2990:	a04b		add	r0, pc, #300	; 0x12c
+  2e2992:	210e		mov	r1, #14	; 0xe
+  2e2994:	2200		mov	r2, #0
+  2e2996:	43d2		mvn	r2, r2
+  2e2998:	2302		mov	r3, #2
+  2e299a:	f0f8 f94b	bl	0x3dac34
+  2e299e:	2003		mov	r0, #3
+  2e29a0:	f0b2 fa8f	bl	0x394ec2
+  2e29a4:	f0d1 f905	bl	0x3b3bb2
+  2e29a8:	b002		add	sp, #8
+  2e29aa:	bd70		pop	{r4, r5, r6, pc}
+
 $l1_abb_power_on:
   31c036:	b510		push	{r4, lr}
   31c038:	b084		sub	sp, #16	; 0x10
@@ -2000,6 +2184,176 @@
   32e0a0:	b002		add	sp, #8
   32e0a2:	bd10		pop	{r4, pc}
 
+  32e0bc:	b510		push	{r4, lr}
+  32e0be:	1c04		add	r4, r0, #0
+  32e0c0:	f000 f93e	bl	0x32e340
+  32e0c4:	4284		cmp	r4, r0
+  32e0c6:	dd06		ble	0x32e0d6
+  32e0c8:	4942		ldr	r1, =0x1774e70	; via 0x32e1d4
+  32e0ca:	6809		ldr	r1, [r1, #0]
+  32e0cc:	3144		add	r1, #68	; 0x44
+  32e0ce:	680a		ldr	r2, [r1, #0]
+  32e0d0:	18a2		add	r2, r4, r2
+  32e0d2:	1a10		sub	r0, r2, r0
+  32e0d4:	6008		str	r0, [r1, #0]
+  32e0d6:	bd10		pop	{r4, pc}
+
+; The following function computes and returns the average
+; of the last 6 VBAT ADC measurements, all in raw ADC form
+  32e0d8:	b500		push	{lr}
+  32e0da:	480a		ldr	r0, =0x1774e38	; via 0x32e104
+  32e0dc:	6803		ldr	r3, [r0, #0]
+  32e0de:	2000		mov	r0, #0
+  32e0e0:	2100		mov	r1, #0
+  32e0e2:	004a		lsl	r2, r1, #1
+  32e0e4:	189a		add	r2, r3, r2
+  32e0e6:	8a92		ldrh	r2, [r2, #20]	; 0x14
+  32e0e8:	1810		add	r0, r2, r0
+  32e0ea:	0400		lsl	r0, r0, #16
+  32e0ec:	0c00		lsr	r0, r0, #16
+  32e0ee:	1c49		add	r1, r1, #1
+  32e0f0:	0409		lsl	r1, r1, #16
+  32e0f2:	0c09		lsr	r1, r1, #16
+  32e0f4:	2906		cmp	r1, #6
+  32e0f6:	dbf4		blt	0x32e0e2
+  32e0f8:	2106		mov	r1, #6
+  32e0fa:	f0c9 f897	bl	0x3f722c	; I$DIV
+  32e0fe:	0408		lsl	r0, r1, #16
+  32e100:	0c00		lsr	r0, r0, #16
+  32e102:	bd00		pop	{pc}
+
+; The function dealing with the "ichg new" and "ichg clip" mystery
+; the argument is Ichg as read from MADC (raw, no mA conversion)
+  32e152:	b5f0		push	{r4, r5, r6, r7, lr}
+  32e154:	b082		sub	sp, #8
+  32e156:	1c05		add	r5, r0, #0
+; "ichg new" trace: just the raw reading
+  32e158:	484d		ldr	r0, =0xa0020	; via 0x32e290
+  32e15a:	9000		str	r0, [sp, #0]
+  32e15c:	a0ae		add	r0, pc, #696	; 0x2b8
+  32e15e:	2108		mov	r1, #8
+  32e160:	1c2a		add	r2, r5, #0
+  32e162:	2302		mov	r3, #2
+  32e164:	f0ac fd66	bl	0x3dac34
+; comparing this raw reading against i2v_offset+23
+  32e168:	481a		ldr	r0, =0x1774e70	; via 0x32e1d4
+  32e16a:	6800		ldr	r0, [r0, #0]
+  32e16c:	8900		ldrh	r0, [r0, #8]
+  32e16e:	3017		add	r0, #23	; 0x17
+  32e170:	4285		cmp	r5, r0
+  32e172:	da02		bge	0x32e17a
+; less than this sane minimum!
+  32e174:	48b8		ldr	r0, =0x1774e38	; via 0x32e458
+  32e176:	6800		ldr	r0, [r0, #0]
+  32e178:	e062		b	0x32e240
+; above that minimum
+; get the display backlight current draw
+  32e17a:	f0b1 f8a2	bl	0x3df2c2
+  32e17e:	49b4		ldr	r1, =0x17729dc	; via 0x32e450
+  32e180:	880a		ldrh	r2, [r1, #0]
+  32e182:	4282		cmp	r2, r0
+  32e184:	d00a		beq	0x32e19c
+; display backlight current draw changed
+  32e186:	8008		strh	r0, [r1, #0]
+  32e188:	48b3		ldr	r0, =0x1774e38	; via 0x32e458
+  32e18a:	6801		ldr	r1, [r0, #0]
+  32e18c:	2200		mov	r2, #0
+  32e18e:	860a		strh	r2, [r1, #48]	; 0x30
+  32e190:	6800		ldr	r0, [r0, #0]
+  32e192:	3020		add	r0, #32	; 0x20
+  32e194:	2100		mov	r1, #0
+  32e196:	220c		mov	r2, #12	; 0xc
+  32e198:	f0c9 ffe0	bl	0x3f815c	; $memset
+; end of check for display backlight current draw change
+  32e19c:	4cae		ldr	r4, =0x1774e38	; via 0x32e458
+  32e19e:	6821		ldr	r1, [r4, #0]
+  32e1a0:	6822		ldr	r2, [r4, #0]
+  32e1a2:	8e10		ldrh	r0, [r2, #48]	; 0x30
+  32e1a4:	0040		lsl	r0, r0, #1
+  32e1a6:	1843		add	r3, r0, r1
+  32e1a8:	1840		add	r0, r0, r1
+  32e1aa:	8c06		ldrh	r6, [r0, #32]	; 0x20
+  32e1ac:	2e00		cmp	r6, #0
+  32e1ae:	d113		bne	0x32e1d8
+; filling new entry?
+  32e1b0:	4908		ldr	r1, =0x1774e70	; via 0x32e1d4
+  32e1b2:	2633		mov	r6, #51	; 0x33
+  32e1b4:	0136		lsl	r6, r6, #4
+  32e1b6:	6809		ldr	r1, [r1, #0]
+  32e1b8:	8909		ldrh	r1, [r1, #8]
+  32e1ba:	1871		add	r1, r6, r1
+  32e1bc:	428d		cmp	r5, r1
+  32e1be:	dc01		bgt	0x32e1c4
+  32e1c0:	8405		strh	r5, [r0, #32]	; 0x20
+  32e1c2:	e001		b	0x32e1c8
+  32e1c4:	48a3		ldr	r0, =0x263	; via 0x32e454
+  32e1c6:	8418		strh	r0, [r3, #32]	; 0x20
+  32e1c8:	8e10		ldrh	r0, [r2, #48]	; 0x30
+  32e1ca:	3001		add	r0, #1
+  32e1cc:	0400		lsl	r0, r0, #16
+  32e1ce:	0c01		lsr	r1, r0, #16
+  32e1d0:	e016		b	0x32e200
+  32e1d2:	46c0		nop			(mov r8, r8)
+  32e1d4:	01774e70
+; entry already filled?
+  32e1d8:	8d90		ldrh	r0, [r2, #44]	; 0x2c
+  32e1da:	3023		add	r0, #35	; 0x23
+  32e1dc:	42a8		cmp	r0, r5
+  32e1de:	da0d		bge	0x32e1fc
+  32e1e0:	8418		strh	r0, [r3, #32]	; 0x20
+; "ichg clip" trace
+  32e1e2:	8e10		ldrh	r0, [r2, #48]	; 0x30
+  32e1e4:	0040		lsl	r0, r0, #1
+  32e1e6:	1808		add	r0, r1, r0
+  32e1e8:	8c02		ldrh	r2, [r0, #32]	; 0x20
+  32e1ea:	4829		ldr	r0, =0xa0020	; via 0x32e290
+  32e1ec:	9000		str	r0, [sp, #0]
+  32e1ee:	a08d		add	r0, pc, #564	; 0x234
+  32e1f0:	2109		mov	r1, #9
+  32e1f2:	2302		mov	r3, #2
+  32e1f4:	f0ac fd1e	bl	0x3dac34
+  32e1f8:	6822		ldr	r2, [r4, #0]
+  32e1fa:	e000		b	0x32e1fe
+; not clipping?
+  32e1fc:	841d		strh	r5, [r3, #32]	; 0x20
+  32e1fe:	2106		mov	r1, #6
+; fill paths join
+  32e200:	8e10		ldrh	r0, [r2, #48]	; 0x30
+  32e202:	3001		add	r0, #1
+  32e204:	8610		strh	r0, [r2, #48]	; 0x30
+  32e206:	6823		ldr	r3, [r4, #0]
+  32e208:	8e18		ldrh	r0, [r3, #48]	; 0x30
+  32e20a:	2806		cmp	r0, #6
+  32e20c:	db02		blt	0x32e214
+  32e20e:	2000		mov	r0, #0
+  32e210:	8618		strh	r0, [r3, #48]	; 0x30
+  32e212:	6823		ldr	r3, [r4, #0]
+; array wraparound done
+  32e214:	2000		mov	r0, #0
+  32e216:	2900		cmp	r1, #0
+  32e218:	d00e		beq	0x32e238
+  32e21a:	6827		ldr	r7, [r4, #0]
+  32e21c:	1c0d		add	r5, r1, #0
+  32e21e:	2200		mov	r2, #0
+  32e220:	0056		lsl	r6, r2, #1
+  32e222:	19be		add	r6, r7, r6
+  32e224:	8c36		ldrh	r6, [r6, #32]	; 0x20
+  32e226:	1830		add	r0, r6, r0
+  32e228:	0400		lsl	r0, r0, #16
+  32e22a:	0c00		lsr	r0, r0, #16
+  32e22c:	1c52		add	r2, r2, #1
+  32e22e:	0412		lsl	r2, r2, #16
+  32e230:	0c12		lsr	r2, r2, #16
+  32e232:	3d01		sub	r5, #1
+  32e234:	2d00		cmp	r5, #0
+  32e236:	d1f3		bne	0x32e220
+  32e238:	f0c8 fff8	bl	0x3f722c	; I$DIV
+  32e23c:	8599		strh	r1, [r3, #44]	; 0x2c
+  32e23e:	6820		ldr	r0, [r4, #0]
+  32e240:	8d80		ldrh	r0, [r0, #44]	; 0x2c
+  32e242:	b002		add	sp, #8
+  32e244:	bdf0		pop	{r4, r5, r6, r7, pc}
+
 ; This function seems to be in charge of enforcing some kind of time limit
 ; on the charging process, with non-understood handling when this limit
 ; is exceeded and the "Charge Process exceeds .!!" trace is emitted.
@@ -4925,6 +5279,8 @@
 		005A ( 90) 0017 (23)
 		00AA (170) 002D (45)
 		00FA (250) 0050 (80)
+0x17729dc:	16-bit var stored the last display backlight current draw value
+		for the Ichg munching logic
 
 0x17741e0:	abb_sem
 
@@ -4937,6 +5293,7 @@
 		set to 1 when starting CV charging
 0x1774b7c:	16-bit var battery voltage in mV
 0x1774b7e:	16-bit var zeroed in pwr_stop_charging()
+		Ichg in mA gets written here in CI process
 0x1774b80:	16-bit var zeroed in pwr_stop_charging()
 0x1774b82:	16-bit var gets i2v offset (raw ADC) written into it