Preliminary Exploration of WindowsCE exceptions and service interruptions (-)

--------- By nasiry

1. The loading and execution methods of interrupted/abnormal phases.

Both the interrupt and exception occur asynchronously. When this event occurs, the system will stop the currently running Code Instead, the event response service is executed. Program . The entry point of the Event Service Program is the position of the interrupt/exception vector. Arm's interrupt vector can be a low address vector starting with 0x0, or a high vector address at ffff0000. The high address is used as the trap area in wince, so the arm uses the high address vector in CE. Next, let's take a look at the installation and execution of Interrupt/exception vectors.

In the kernelstart process, the following code is copied to the ffff0000 position through the program.

Vectorinstructions

Ldr pc, [PC, #0x3e0-8]; Reset

Ldr pc, [PC, #0x3e0-8]; undefined instruction

Ldr pc, [PC, #0x3e0-8]; SVC

Ldr pc, [PC, #0x3e0-8]; prefetch abort

Ldr pc, [PC, #0x3e0-8]; Data abort

Ldr pc, [PC, #0x3e0-8]; unused vector location

Ldr pc, [PC, #0x3e0-8]; IRQ

Ldr pc, [PC, #0x3e0-8]; Fiq

Put the following data at the ffff03e0 position. Each item (32bit) corresponds to an abnormal jump address, that is, the abnormal/interrupt vector jump table of wince. The entry address of the service program to be executed after an exception occurs. The details are as follows.

Vectortable

DCD-1; Reset

DCD undefexception; undefined instruction

DCD swihandler; SVC

DCD prefetchabort; prefetch abort

If: Def: armv4t: lor: Def: armv4i

DCD oemdataaborthandler; Data abort

Else

DCD dataaborthandler; Data abort

Endif

DCD-1; unused Vector

DCD irqhandler; IRQ

DCD fiqhandler; Fiq

After the above Code/data is placed in the memory space according to the above requirements, each time an exception is triggered, it will automatically run to the address corresponding to the corresponding jump table item for execution.



2. Exceptions/service interruptions

In arm, seven abnormal states are involved: reset, UNDEF exception, software interrupt (SWI), prefech abort, dataabort, IRQ, and FIQ. A reset only occurs when it is reset, and the other six occur when the system is running. The ARM Kernel automatically performs the following actions when any exception occurs and an response is received:

Copy CPSR to spsr _ <mode>

Set the appropriate CPSR bit:

Change processor status to arm status

Change the processor mode to the corresponding exception Mode

Set the interrupt prohibition bit to disable the corresponding interrupt

Update LR _ <mode>

Set the PC to the corresponding exception Vector

At the same time, the processor automatically enters the arm status regardless of whether the exception occurs in arm or thumb. And the interrupted enable will be automatically disabled. At this time, because some general registers are public in different modes, you also need to save these registers that will be destroyed and restore the status before these registers are interrupted when the processing is complete. In addition, after entering the exception mode, the LR value is not necessarily the location where we need to resume execution. This location is affected by the exception type and pipeline error. In SWI mode, LR is the return value. In IRQ and fiq lr = LR-4, dataabort LR = LR-8; specific reasons we will not discuss, interested can see <ARM-based embedded Program Development points> Article. The following is an analysis of these service programs.



2-1.undef exception Service Program



UNDEF exception is generated when an invalid command is executed. It is usually used to simulate functions not supported by the processor, such as floating point operations. To put it simply, the UNDEF exception process: when the current command is a command not supported by the processor, the processor automatically sends the command to each coprocessor (such as MMU and FPU) for processing, this exception occurs when these coprocessors cannot recognize this command. The following describes the corresponding code.

Nested_entry undefexception

Sub LR, LR, #4; (LR) = address of undefined instruction

Stmdb sp, {r0-r3, LR}

MoV R1, # id_undef_instr

B commonhandler

Entry_end undefexception

The above is the entrance to the UNDEF exception service program (the code that is not involved in compilation and thumb mode has been removed), and the command address before triggering the exception is calculated through LR-= 4, save the r0-r3 and LR at the same time into the undef_exception stack for the last recovery site and get the exception command itself, then enter the distribution program commonhandler. commonhandler is a common exception service program that uses different input parameters for processing. Here mov R1, # id_undef_instr specifies the exception mode as UNDEF exception.



2-2.swi Service Program



According to the design intent of the ARM processor, the system calls (systemcils) of the system software are all completed through SWI commands. SWI is equivalent to an interrupt command. The difference is that SWI is not generated by an external interrupt source, and the exception vector corresponding to SWI is located at 0xc or 0 xFFFF 000c. That is to say, when a SWI command is executed, the current program is interrupted and transferred to 0xc or 0xffff000c for execution. At the same time, cpsr_mode (current Program Status Register) is copied to spsr_svc, run in SVC mode (register group in privileged mode ). That is to say, the system switches to the privileged mode after the system SWI exception is thrown by running SWI. The system call function number is determined by the XX after SWI xx, after the code of the specified function is run, the address of the exception is returned and the user mode is restored. Let's take a look at how the code in wince is implemented.

DCD swihandler; SVC <-------------------------- SWI entry point.



Leaf_entry swihandler

If {false}

...

Endif

Movs PC, LR

Entry_end swihandler

The above code between if {false} And endif cannot be compiled during compilation (in fact, this part of the code is used for debugging during development, for special hardware platforms, it is generally irrelevant to the hardware platform we use. Therefore, the extracted code below does not write any content that does not participate in compilation. Therefore, the SWI service program is a sentence. Movs PC and LR are directly returned to SWI, And the spsr_svc is restored to cpsr_mode. In this process, the execution of specific system commands in the system state is not performed, but only a simple return, so this is not a system call, system calls also need to run the specified core State Code according to different call numbers. That is to say, the system calls of Wince are not completed through SWI, but through other exception handling methods.

2-3 interrupt the Service Program

IRQ (probably the most familiar exception method) occurs when the external interrupt source needs to request services from the processor, such as clock, FIFO overflow of the peripheral device, and buttons. Irqhandler is the Interrupt Processing handle. Let's take a look at it.

----------------------------------------------------------------------------------

Nested_entry irqhandler

Sub LR, LR, #4; fix return address

Stmfd SP !, {R0-r3, R12, LR}; Save the register and lr to be used into stack_irq

Prolog_end

As above, the entrance to the service program is routinely computed to return locations to offset pipeline errors. Then press the register to be used into stack_irq, so that the preparation is complete.

; Test interlocked API status.

; Interlocked_start equ user_kpage + 0x380

; Interlocked_end equ user_kpage + 0x400

Sub r0, LR, # interlocked_start

CMP r0, # INTERLOCKED_END-INTERLOCKED_START

Bllo checkinterlockedrestart

The above content is about mutual lock detection, because the synchronization methods such as semaphores must be used as atomic operations and cannot be interrupted. Therefore, if the interruption occurs during the execution of the interlock API, special processing is required. These APIs are placed between interlocked_start and interlocked_end. Through LR, it is easy to check whether interlockedxxx is used. Here, we do not care about the implementation of mutual locks. we can bypass this part of code and continue to look at it as the interruption does not occur in the interlock process.

;

; Careful! The stack frame is being altered here. It's OK since

; The only routine relying on this was the Interlock check. Note that

; We re-push LR onto the stack so that the incoming argument area

; Oeminterrupthandler will be correct.

;

Mrs R1, spsr; (R1) = saved status Reg

Stmfd SP !, {R1}; save spsr onto the IRQ Stack

MoV r0, LR; parameter to oeminterrupthandler

MSR cpsr_c, # svc_mode: Or: 0x80; Switch to supervisor Mode w/irqs disabled

Stmfd SP !, {LR}; save LR onto the SVC Stack

Stmfd SP !, {R0}; save irq lr (in R0) onto the SVC stack (PARAM)

;

; Now we call the OEM's interrupt handler Code. It is up to them

; Enable interrupts if they so desire. We can't do it for them since

; There's only on interrupt and they haven't yet defined their nesting.

;

Call oeminterrupthandler

Ldmfd SP !, {R1}; dummy POP (parameter)

Ldmfd SP !, {LR}; restore svc lr from the SVC Stack

MSR cpsr_c, # irq_mode: Or: 0x80; switch back to IRQ Mode w/irqs disabled

; Restore the saved Program Status Register from the stack.

;

Ldmfd SP !, {R1}; restore IRQ spsr from the IRQ Stack

MSR spsr, R1; (R1) = saved status Reg

Ldr lr, = kdata; (LR) = PTR to kdatastruct





CMP r0, # sysintr_resched;-> the time slice has arrived for scheduling

Beq % F10

; Sysintr_devices equ 8; whether the device is interrupted, and whether the interrupt number is valid

; Sysintr_max_devices equ 32

Sub r0, R0, # sysintr_devices

CMP r0, # sysintr_max_devices

From this we can see that the system interrupt Number of WindowsCE supports a maximum of 32 types from 9 to 40.

Where 16th (24) is defined as sysintr_firmware

; If not a device request (and not sysintr_resched)



Ldrhsb r0, [LR, # bresched]; (R0) = reschedule flag

BHS % F20; not a device request



; Pendevents equ 0x340; offset 0x10 * sizeof (DWORD) of ainfo

Device interruption

LDR R2, [LR, # pendevents]; (R2) = pending interrupt event mask

MoV R1, #1

ORR R2, R2, R1, LSL R0; (R2) = new pending mask

STR R2, [LR, # pendevents]; save it

; * Pendevents = * pendevents | (1 <interruptno );

;

; Mark reschedule needed

; Case 1: R0 = sysintr_resched = 1

; Case 2: R0 = r0-SYSINTR_DEVICES> = sysintr_max_devices

10 ldrb r0, [LR, # bresched]; (R0) = reschedule flag

ORR r0, R0, #1; Set "reschedule needed bit"

Strb r0, [LR, # bresched]; update flag

20 Mrs R1, spsr; (R1) = saved Status Register Value

And R1, R1, # 0x1f; (R1) = interrupted Mode

CMP R1, # user_mode; previusly in user mode?

Cmpne R1, # system_mode; if not, was it system mode?

Cmpeq r0, #1; user or system: Is resched = 1

; If (sytemmode (spsr) | usermode (spsr) & R0! = 1) return;

Ldmnefd SP !, {R0-r3, R12, PC} ^; can't reschedule right now so return

**************************************** **************************************** *****

Sub LR, LR, #4

Ldmfd SP !, R0-r3, R12}

Analytic dB LR, {r0-r3}

Ldmfd SP !, {R0}

STR r0, [LR]; save resume address

MoV R1, # id_reschedule; (R1) = Exception ID

B commonhandler

Entry_end irqhandler

Press spsr_irq into the IRQ stack to save. Prepare for calling oeminterrupthandler. (Generally, the interrupt handler switches to the system state for execution. The purpose is to avoid using registers in Terminal Mode to facilitate terminal nesting, the terminal can be switched off when switching to the system state. I am confused about the cause of modal switching .) Oeminterrupt needs to be executed in privileged mode, so the content for switching to privileged mode (SVC) is added here. Then it will be saved using the register with the passed parameter. When the input parameter is set, R0 can start to call oeminterrupthandler. The Calling rules here follow the WindowsCE specification rather than the atpcs specification. For detailed procedures, see arm parameter passing @ msdn. The following figure shows the original function. Int oeminterrupthandler (unsigned int RA); the input parameter here is the R0 above. In fact, the RA parameter represented by R0 has no substantial effect. Here it is just a formal implementation, however, we can see that the imported Ra is actually the interrupted address. If you need to know the interrupted location, you can use Ra to query the address. In msdn, this parameter is retained. The returned parameters are also saved in R0. The return value is of the system interruption type. Sysintr_resched indicates that the system clock is interrupted. When each time slice is used up, the clock is interrupted and the bresched bit of the kdata structure is set to enter the scheduling process. If the interruption type is system device interruption, set pendevents to handle the interruption when scheduling again. Therefore, oeminterrupthandler must respond to the interrupt in advance and set a mask for the interrupt source to prevent the same interruption from happening continuously during this process, resulting in interruption saturation affecting the execution of the Program Stream, the masks of the interrupt are opened again after the process is completed. Here we can also see that the range of the system device interrupt number is from sysintr_devices to sysintr_max_devices, that is, a total of 32 device interrupt numbers from 9 to 40, where sysintr_firmware is 8 + 16, note This when writing oal interrupt service programs. If the current return value is neither the device interrupt number nor the scheduling interrupt number, read the current scheduling identifier and determine whether to schedule or return the result based on the identifier. in the scheduling process, the initial register status is restored, and the registers are saved as required by commonhandler. Enter commonhandler and wait for distribution.



2-3 FIQ Service Program

Take a look at the program as an Example

Nested_entry fiqhandler

Sub LR, LR, #4; fix return address

Stmfd SP !, {R0-r3, R12, LR}

Prolog_end

Call oeminterrupthandlerfiq

Ldmfd SP !, {R0-r3, R12, PC} ^; restore regs & return for NOP

Entry_end fiqhandler

Ltorg

FIQ is a unique exception mode in the arm system. Its operation process is similar to that of IRQ, which is triggered by external pins but is designed for different purposes. IRQ is used to process common external interrupt sources, as a unified and universal means of interaction with external devices, IRQ is only used for handling scenarios with short processing cycles and fast processing. In addition, the event source triggered by IRQ is often interrupted by FIQ. For example, changing the battery and data transmission. FIQ is quick and competent. Therefore, FIQ service programs are generally not distributed, but are only processed for a single task to ensure real-time processing. Therefore, FIQ processing is much simpler than IRQ and can be called directly.

After oeminterrupthandlerfiq is processed, the entire FIQ service program is completed.