[U-Boot-Users] Need help understanding cpu/mpc85xx/start.S

robert lazarski robertlazarski at gmail.com
Wed Sep 26 22:04:07 CEST 2007 

Hi all,

My custom 85xx board code off of the latest u-boot git repo is dying -
or locking up the bdi somehow - and I've spent the last few days
trying to understand the code and how the bdi can tell me what the
registers are doing.

Starting with the basics: R1 has a 4K stack from 0xfffff000-0xffffffff
and the stack grows down?

Here's the part of the code I'm crashing in and which I trying to
understand, shown here from vim with lines enabled:

 158         bl      tlb1_entry
 159         mr      r5,r0
 160         lwzu    r4,0(r5)        /* how many TLB1 entries we actually use */
 161         mtctr   r4
 162
 163 0:      lwzu    r6,4(r5)
 164         lwzu    r7,4(r5)
 165         lwzu    r8,4(r5)
 166         lwzu    r9,4(r5)
 167         mtspr   MAS0,r6
 168         mtspr   MAS1,r7
 169         mtspr   MAS2,r8
 170         mtspr   MAS3,r9
 171         isync
 172         msync
 173         tlbwe
 174         isync
 175         bdnz    0b
 176
 177 1:

Are lines 158-171 setting up the TLB's as defined by 'bl      tlb1_entry'  ?

Line 160 is disassembled to be address fffff0b8 , which I can set a
breakpoint to and analyze as follows:

ATUM>bi 0xfffff0b8
Breakpoint identification is 0
ATUM>go
- TARGET: stopped
ATUM>info
    Target CPU        : MPC85xx (e500v2 rev.2)
    Target state      : halted
    Debug entry cause : instruction breakpoint
    Current PC        : 0xfffff0b8
    Current CR        : 0x00000000
    Current MSR       : 0x00000200
    Current LR        : 0xfffff0b4
    Current CCSRBAR   : 0x0_e0000000
ATUM>rd
GPR00: fffff210 fffff0b4 00010001 00000000
GPR04: 00000000 fffff210 00000000 00000000
GPR08: 00000000 00000000 00000000 00000000
GPR12: 00000000 00000000 00000000 00000000
GPR16: 00000000 00000000 00000000 00000000
GPR20: 00000000 00000000 00000000 00000000
GPR24: 00000000 00000000 00000000 00000000
GPR28: 00000000 00000000 00000000 00000000
CR   : 00000000     MSR: 00000200
ATUM>mdh 0xfffff210 2
0_fffff210 : 0x0000       0  ..
0_fffff212 : 0x000b      11  ..

I read the above to say that the 'rd' command shows all Rx registers
as zero based, and R5 is  fffff210. Line 160's 'lwzu    r4,0(r5)' will
read a 16bit word of a value of 'b' and assign it to R4, confirmed by
the next 'ti' :

ATUM>ti
    Target CPU        : MPC85xx (e500v2 rev.2)
    Target state      : halted
    Debug entry cause : single step
    Current PC        : 0xfffff0bc
    Current CR        : 0x00000000
    Current MSR       : 0x00000200
    Current LR        : 0xfffff0b4
    Current CCSRBAR   : 0x0_e0000000
ATUM>rd
GPR00: fffff210 fffff0b4 00010001 00000000
GPR04: 0000000b fffff210 00000000 00000000
GPR08: 00000000 00000000 00000000 00000000
GPR12: 00000000 00000000 00000000 00000000
GPR16: 00000000 00000000 00000000 00000000
GPR20: 00000000 00000000 00000000 00000000
GPR24: 00000000 00000000 00000000 00000000
GPR28: 00000000 00000000 00000000 00000000
CR   : 00000000     MSR: 00000200

Here's the part where my code or the bdi is crashing, line 163 which
is mapped as fffff0c0 :

163 0:      lwzu    r6,4(r5)

I can single step or set a breakpoint as shown below:

ATUM>info
    Target CPU        : MPC85xx (e500v2 rev.2)
    Target state      : halted
    Debug entry cause : instruction breakpoint
    Current PC        : 0xfffff0c0
    Current CR        : 0x00000000
    Current MSR       : 0x00000200
    Current LR        : 0xfffff0b4
    Current CCSRBAR   : 0x0_e0000000
ATUM>rd
GPR00: fffff210 fffff0b4 00010001 00000000
GPR04: 0000000b fffff210 00000000 00000000
GPR08: 00000000 00000000 00000000 00000000
GPR12: 00000000 00000000 00000000 00000000
GPR16: 00000000 00000000 00000000 00000000
GPR20: 00000000 00000000 00000000 00000000
GPR24: 00000000 00000000 00000000 00000000
GPR28: 00000000 00000000 00000000 00000000
CR   : 00000000     MSR: 00000200

'lwzu    r6,4(r5)' as I read it says: load a word from R5 + 4 bytes,
ie, address fffff214:

ATUM>mdh 0xfffff214 2
0_fffff214 : 0x0000       0  ..
0_fffff216 : 0x0000       0  ..

Disassembled u-boot in both my code _and_ current MPC8548CDS shows:

fffff214:       00 00 00 00     .long 0x0

Is my problem is that I am assigning zero here? I'm confused since the
CDS code seems to work the same way. The result of single stepping
consistently results in:

ATUM>info
    Target CPU        : MPC85xx (e500v2 rev.2)
    Target state      : halted
    Debug entry cause : instruction breakpoint
    Current PC        : 0xfffff0c0
    Current CR        : 0x00000000
    Current MSR       : 0x00000200
    Current LR        : 0xfffff0b4
    Current CCSRBAR   : 0x0_e0000000
ATUM>ti
- Core status is 0x0041
*** Core is stopped, no debugging possible
# PPC: timeout while waiting for halt
ATUM>    Target CPU        : MPC85xx (e500v2 rev.2)
    Target state      : running
# Step timeout detected

I sent a question to Abatron technical support about this in the case
its a bdi issue - still waiting to see what they say.

Any clues please?
Robert

More information about the U-Boot mailing list