===== Global information =====
Here's the commented firmware file :  {{re:firmware_comment.asm.gz}}
Here are additional comments, to be formatted... {{re:firmware_notes.txt}}

 --- //[[jean-baptiste.note@wanadoo.fr|Jean-Baptiste Note]] 2005/08/31 22:47//

==== register use ====

standard. 
  *r7 points to what seems to me a data segment, usually. In the
irq handling routines, for instance (in which is is shadowed ?), points
to the data segment of the program in the data TCM ?
  *r8 usually is loaded with 0xc0000000 (done at init in FIQ mode ;)

==== IRQ hardware register usage ====

=== 0xc0000000 ===
interrupt source. go to address db4.

  *bit 0x40 @ 0xc0000000 -- PCI interrupt
  *bit 0x80000 @ 0xc0000000 -- Timer interrupt ?
 

==== Registers around 0xc0000300 ====
 seems to control some kind of clock / timer

=== #772, 0xc0000304 ===
 this register read in routine f70 and various others
 thought to be a descending register

      f74:	e5920304 	ldr	r0, [r2, #772]
      f78:	e5971274 	ldr	r1, [r7, #628]

=== #800, 0xc0000320 ===

 write
      eac:	e588c320 	str	ip, [r8, #800]

=== #808, 0xc0000328 ===
 write
      ea8:	e5881328 	str	r1, [r8, #808]
      eb0:	e3a01080 	mov	r1, #128	; 0x80
      eb4:	e5881328 	str	r1, [r8, #808]

=== #812, 0xc000032C ===	
 write 
      e88:	e588332c 	str	r3, [r8, #812]	

=== #896, 0xc0000380 ===
 write
     52ac:	05810380 	streq	r0, [r1, #896] (write 40004)
     48b4:	e5821380 	str	r1, [r2, #896] (write 40000)

==== PCI IRQ registers ====
=== #2320, 0xc0000910 ===
=== #2328, 0xc0000918 ===

 on exit from the irq handling routine
      e44:	e5980910 	ldr	r0, [r8, #2320]
      e48:	e5981918 	ldr	r1, [r8, #2328]

=== IRQ registers, from the ARM side ===
  *#2304:	0xc0000900
  *#2312:	0xc0000908
  *#2308:	0xc0000904
 
  * 900 is status register (ISL38XX_DEV_INT_REG)
  * 908 is enable register (ISL38XX_DEV_INT_EN_REG)
  * 904 is ack (ISL38XX_DEV_INT_ACK_REG)

      e5c:	e5980900 	ldr	r0, [r8, #2304]
      e60:	e59712bc 	ldr	r1, [r7, #700]

      e70:	05881908 	streq	r1, [r8, #2312]
      e74:	058712bc 	streq	r1, [r7, #700]

For details about the meaning of each bit in the status register, please
go to 

    4cb0:	e92d4f70 	stmdb	sp!, {r4, r5, r6, r8, r9, sl, fp, lr}

and following. Of note are (in addition to isl38xx.h)

  *dev_int_mgmt 0x80
  *dev_int_data 0x40
  *(1<<27) PCI_FATAL_ERROR
  *(1<<26) PCI PARITY ERROR
  *(1<<31) PCI_DMA_TIMEOUT

==== Misc registers ====

=== #532, 0xc0000214 ===

=== #2048, 0xc0000800 ===

 read

=== #488, 0xc00001E8 ===

=== IRQ bit 0x1000 @ 0xc0000000 ===
GPIO zone
	;; #1044 :	0xc0000414 (status, read)
	;; #1048 :	0xc0000418 (write)

===== Routine location =====

  * routine info f38 : printf
  * routing info f70 : fetch time & update jiffies on 63 bits.
  * routine DMA master control 7650:	e3a0c480 	mov	ip, #-2147483648	; 0x80000000
  * other transfert routine     47a8:	e92d4010 	stmdb	sp!, {r4, lr}
  * routine treating data incoming :     4808:	e92d4f70 	stmdb	sp!, {r4, r5, r6, r8, r9, sl, fp, lr}
  * 5f04; much used. If waits for some delay (in what unit ?) specified in r0

===== Some string locations =====
indicated in the code

===== Process information =====

=== DMA TX ===
done with putting 0xc instead of 0x4 in DMA_MASTER_CTL

===== Data transmission routine =====

<code asm>
	;; Send data routine
    2024:	e92d4010 	stmdb	sp!, {r4, lr}
    2028:	e1a04000 	mov	r4, r0
    202c:	e350000a 	cmp	r0, #10	; 0xa
    2030:	03a0000d 	moveq	r0, #13	; 0xd
    2034:	0bfffffa 	bleq	2024 <_binary_memory_dump_1m_bin_start+0x2024>
    2038:	e59f036c 	ldr	r0, [pc, #876]	; 23ac <_binary_memory_dump_1m_bin_start+0x23ac>
    203c:	e3a014c0 	mov	r1, #-1073741824	; 0xc0000000
    2040:	e5900000 	ldr	r0, [r0]
    2044:	e3500000 	cmp	r0, #0	; 0x0
    2048:	0a000009 	beq	2074 <_binary_memory_dump_1m_bin_start+0x2074>
	;; where from ? test for CTS from host
    204c:	e5910900 	ldr	r0, [r1, #2304]
    2050:	e3100c40 	tst	r0, #16384	; 0x4000
    2054:	0afffffc 	beq	204c <_binary_memory_dump_1m_bin_start+0x204c>
	;; send data
    2058:	e5814924 	str	r4, [r1, #2340]
    205c:	e3a00c40 	mov	r0, #16384	; 0x4000
	;; ack just this interrupt
    2060:	e5810904 	str	r0, [r1, #2308]
	;; send DR signal to host
    2064:	e5910910 	ldr	r0, [r1, #2320]
    2068:	e3800c80 	orr	r0, r0, #32768	; 0x8000
    206c:	e3800010 	orr	r0, r0, #16	; 0x10
    2070:	e5810910 	str	r0, [r1, #2320]
	;; wait for bit 0x20 @0xc0000494
    2074:	e5910494 	ldr	r0, [r1, #1172]
    2078:	e3100020 	tst	r0, #32	; 0x20
    207c:	0afffffc 	beq	2074 <_binary_memory_dump_1m_bin_start+0x2074>
        ;; rewrite data to 0xc0000480
    2080:	e5814480 	str	r4, [r1, #1152]
    2084:	e8bd8010 	ldmia	sp!, {r4, pc}
	;; END OF ROUTINE
</code>

===== TODO ======

We see event 0x400000 and 0x000008 raised : what are they (they are not raised in the firmware) ?