On Thu, Sep 14, 2006 at 09:14:08AM +0200, Johannes Berg wrote: > Well, let's take a look at instruction 0x0001 again: > 0x0001 c0bc0797 77fb > ^^^^ > That just has to be a 'jump' instruction since the instructions starting > from 0x0797 are fairly obviously the routine that initialises the static > SHM entries.
It could also jump to 0x797 * sizeof(instruction word) = 0x797 * 0x04 = 0x1e5c. > At 0x07e3 I find: > 0x07e3 c0bc0002 771b > so that's probably the end of the init subroutine... > > I wonder if there's no 'call subroutine' instruction. Guess not, or > 0x07e3 is a different function already. Just FYI: on ARM the "jump" and "call" instructions are almost the same. A jump is the "b" (branch) instruction, call is "bl" (branch and link). The latter stores the address of instruction after the "bl" in the link register and then jumps. Returning from that subroutine is as easy as moving the contents of the link register back into the program counter (mov pc,lr). The mnemonics are almost the same, but also the actual instruction word is almost the same (i.e.: one bit difference). Could be that the Broadcom CPU does the same trick. Erik -- +-- Erik Mouw -- www.harddisk-recovery.com -- +31 70 370 12 90 -- | Lab address: Delftechpark 26, 2628 XH, Delft, The Netherlands _______________________________________________ Bcm43xx-dev mailing list Bcm43xx-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/bcm43xx-dev
