riscv引导程序及仿真记录

1.riscv基本的寄存器列表

这里只关注32个通用寄存器x0-x31

2.引导程序代码


# 1 "iriscvboot.casm"
# 1 ""
# 1 ""
# 1 "/usr/include/stdc-predef.h" 1 3 4
# 1 "" 2
# 1 "iriscvboot.casm"
 
###define 0x52080000 0
# 29 "iriscvboot.casm"
 .section .text
 .org 0x0
 
_th0_reset:
 l.j _th0_main
 l.nop
 
_LOOP:
 l.j _LOOP   	
 
## === version info start at 0x80 ==
 .org 0x80
 .global _pack_version
 .global _build_date
 .global _api_version
_pack_version:
 .word 0x0171
_svn_version:
 .word 0x0367ad3
_build_date:
 .word 0x07e60701
_api_version:
 .word 0x0180
_silicon_version:
 .word 1000
## === version info end ===
###################################################################
 
_th0_main:
 l.addi x2,x0,0x0
 l.addi x3,x0,0x0
 l.addi x4,x0,0x0
 l.addi x5,x0,0x0
 l.addi x6,x0,0x0
 l.addi x7,x0,0x0
 l.addi x8,x0,0x0
 l.addi x9,x0,0x0
 l.addi x10,x0,0x0
 l.addi x11,x0,0x0
 l.addi x12,x0,0x0
 l.addi x13,x0,0x0
 l.addi x14,x0,0x0
 l.addi x15,x0,0x0
 l.addi x16,x0,0x0
 l.addi x17,x0,0x0
 l.addi x18,x0,0x0
 l.addi x19,x0,0x0
 l.addi x20,x0,0x0
 l.addi x21,x0,0x0
 l.addi x22,x0,0x0
 l.addi x23,x0,0x0
 l.addi x24,x0,0x0
 l.addi x25,x0,0x0
 l.addi x26,x0,0x0
 l.addi x27,x0,0x0
 l.addi x28,x0,0x0
 l.addi x29,x0,0x0
 l.addi x30,x0,0x0
 l.addi x31,x0,0x0
 l.lui  x2,0x52086
 
 
_init_cmem_done_th0:
 l.jal _mymain
 l.j _LOOP

3.引导代码含义，及相关指令。

.section .text表示下面的代码链接时放在.text段，.org设置当前代码的地址偏移（相对于链接时指定定.text段的起始地址）。

接下来定义了标签_th0_reset，riscv执行时从这儿开始执行指令，l.j _th0_main表示跳转到
_th0_main标签处，
_th0_reset:
l.j _th0_main
l.nop

_th0_main标签处，连续的l.addi 指令可以理解为对32个通用寄存器的清操作。

但是注意 l.lui x2,0x52086指令指定了sp寄存器（栈指针）的，开始地址。（lui 指令将 20 位立即数的值左移 12 位（低 12 位补 0）成为一个 32 位数，将此数写回寄存器 x2 中。）

接着执行_init_cmem_done_th0标签处。此处就是我们定义的c程序的入口处。l.jal _mymain表示跳转到_mymain处，可以看下面c代码的汇编，其中会根据mymain函数创建_mymain标签。（jal 指令完成跳转并且将其下一条指令的 PC（即当前指令 PC+4）的值写入其结果寄存器 ra 中。注意：在实际的汇编程序编写中，跳转的目标往往使用汇编程序中的 label，汇编器会自动根据 label 所在的地址计算出相对的偏移量赋予指令编码。）

到_mymain中后就会执行c代码中内容了。执行完c代码后，会根据ra寄存器的值返回来执行下一句，l.j _LOOP。这里是为了让riscv不乱跑，设置这个循环。

4.c代码

C代码内容很简单，分别对0x1000这个地址写入次，第一次值100，第二次值0x202


void write32(int addr,int value) 
{
		int *addr_value;
		addr_value = (int*)addr;
		*addr_value = value;
}
 
void mymain()
{
	volatile int age=100;
	write32(0x1000,age);
	write32(0x1000,0x202);
}

C代码的汇编结果gcc -S：


	.file	"firmware.c"
	.option nopic
	.text
	.align	2
	.globl	_write32
	.type	_write32, @function
_write32:
	l.sw	a1,0(a0)
	l.ret
	.size	_write32, .-_write32
	.align	2
	.globl	_mymain
	.type	_mymain, @function
_mymain:
	l.add	sp,sp,-32
	l.li	a5,100
	l.sw	a5,12(sp)
	l.lw	a1,12(sp)
	l.li	a0,4096
	l.sw	ra,28(sp)
	call	_write32
	l.li	a1,514
	l.li	a0,4096
	call	_write32
	l.lw	ra,28(sp)
	l.add	sp,sp,32
	l.jr	ra
	.size	_mymain, .-_mymain
	.ident	"GCC: (GNU) 6.1.0"

5.链接

链接脚本


MEMORY
        {
        flash  : ORIGIN = 0x52040000, LENGTH = 0x00040000
        ram    : ORIGIN = 0x5b000000, LENGTH = 0x00006000
        glb    : ORIGIN = 0x52086000, LENGTH = 0x00032000
        rodata : ORIGIN = 0xa0000000, LENGTH = 0x00040000
        }
 
SECTIONS
{
      .text :
        {
        *(.text)
        } > flash
      .data :
        {
        *(.data)
        } > ram
      .bss :
        {
        *(.bss)
        } > ram
 
      .debug :
        {
        *(.debug_frame .zdebug_frame)
        *(.debug_abbrev)
        *(.debug_line)
        *(.debug_str)
        *(.debug_loc)
        *(.debug_macinfo)
        *(.debug_info)
        *(.debug_aranges)
        *(.debug_ranges)
        *(.comment)
        } > ram
      .rodata :
        {
        *(.rodata)
        } > rodata
}

链接结果，通过objdump工具进行反汇编注意使用-D选项，对所有段进行反汇编：


 
isp_firmware:     file format elf32-littleriscv
 
 
Disassembly of section .text:
 
52040000 <_th0_reset>:
52040000:	0940006f          	l.jal 	zero,52040094 <_th0_main>
52040004:	00000013          	l.addi 	zero,zero,0
 
52040008 <_LOOP>:
52040008:	0000006f          	l.jal 	zero,52040008 <_LOOP>
	...
 
52040080 <_pack_version>:
52040080:	00000171          	0x171
 
52040084 <_svn_version>:
52040084:	00367ad3          	l.fadd.s 	fs5,fa2,ft3
 
52040088 <_build_date>:
52040088:	07e60701          	0x7e60701
 
5204008c <_api_version>:
5204008c:	00000180          	0x180
 
52040090 <_silicon_version>:
52040090:	000003e8          	0x3e8
 
52040094 <_th0_main>:
52040094:	00000113          	l.addi 	sp,zero,0
52040098:	00000193          	l.addi 	gp,zero,0
5204009c:	00000213          	l.addi 	tp,zero,0
520400a0:	00000293          	l.addi 	t0,zero,0
520400a4:	00000313          	l.addi 	t1,zero,0
520400a8:	00000393          	l.addi 	t2,zero,0
520400ac:	00000413          	l.addi 	s0,zero,0
520400b0:	00000493          	l.addi 	s1,zero,0
520400b4:	00000513          	l.addi 	a0,zero,0
520400b8:	00000593          	l.addi 	a1,zero,0
520400bc:	00000613          	l.addi 	a2,zero,0
520400c0:	00000693          	l.addi 	a3,zero,0
520400c4:	00000713          	l.addi 	a4,zero,0
520400c8:	00000793          	l.addi 	a5,zero,0
520400cc:	00000813          	l.addi 	a6,zero,0
520400d0:	00000893          	l.addi 	a7,zero,0
520400d4:	00000913          	l.addi 	s2,zero,0
520400d8:	00000993          	l.addi 	s3,zero,0
520400dc:	00000a13          	l.addi 	s4,zero,0
520400e0:	00000a93          	l.addi 	s5,zero,0
520400e4:	00000b13          	l.addi 	s6,zero,0
520400e8:	00000b93          	l.addi 	s7,zero,0
520400ec:	00000c13          	l.addi 	s8,zero,0
520400f0:	00000c93          	l.addi 	s9,zero,0
520400f4:	00000d13          	l.addi 	s10,zero,0
520400f8:	00000d93          	l.addi 	s11,zero,0
520400fc:	00000e13          	l.addi 	t3,zero,0
52040100:	00000e93          	l.addi 	t4,zero,0
52040104:	00000f13          	l.addi 	t5,zero,0
52040108:	00000f93          	l.addi 	t6,zero,0
5204010c:	52086137          	l.lui 	sp,0x52086
 
52040110 <_init_cmem_done_th0>:
52040110:	010000ef          	l.jal 	ra,52040120 <_mymain>
52040114:	ef5ff06f          	l.jal 	zero,52040008 <_LOOP>
 
52040118 <_write32>:
52040118:	00b52023          	l.sw 	a1,0(a0)
5204011c:	00008067          	l.jalr 	zero,0(ra)
 
52040120 <_mymain>:
52040120:	fe010113          	l.addi 	sp,sp,-32 # 52085fe0 <_mymain+0x45ec0>
52040124:	06400793          	l.addi 	a5,zero,100
52040128:	00f12623          	l.sw 	a5,12(sp)
5204012c:	00c12583          	l.lw 	a1,12(sp)
52040130:	00001537          	l.lui 	a0,0x1
52040134:	00112e23          	l.sw 	ra,28(sp)
52040138:	fe1ff0ef          	l.jal 	ra,52040118 <_write32>
5204013c:	20200593          	l.addi 	a1,zero,514
52040140:	00001537          	l.lui 	a0,0x1
52040144:	fd5ff0ef          	l.jal 	ra,52040118 <_write32>
52040148:	01c12083          	l.lw 	ra,28(sp)
5204014c:	02010113          	l.addi 	sp,sp,32
52040150:	00008067          	l.jalr 	zero,0(ra)
 
Disassembly of section .debug:
 
5b000000 <.debug>:
5b000000:	3a434347          	l.fmsub.d 	ft6,ft6,ft4,ft7,rmm
5b000004:	4e472820          	0x4e472820
5b000008:	36202955          	l.c.setireg 	m18,m2,0x1b10
5b00000c:	302e312e          	0x302e312e
	...

6.生成firmware

然后使用python脚本将，对应需要的段的地址和指令编码dump出来。使用的python脚本如下，输入文件是上面的反汇编结果：


#!/usr/bin/python
import sys
import re 
def replace_line(input_file, output_file): 
	input_f  = open(input_file, 'r')
	output_f = open(output_file, 'w')
	text=0;
	rodata=0;
	sdata=0;
	for line in input_f:
		line = line.rstrip() # removing right space
		#print(line)
 
		if("text" in line):
			text=1
			sdata=0
			rodata=0
		if("sdata" in line):
			sdata=1
			text=0
			rodata=0
		if("rodata" in line):
			rodata=1
			text=0
			sdata=0
		if(("debug" in line)):
			sdata=0;
			rodata=0;
			text=0;
 
		if (line.find('          	l.') != -1)&(text==1) : 
			line = line.replace (":", ",")
			words = line.split()
			output_f.write(words[0]+words[1]+'\n')
 
		if (re.findall(r'\d+:\s+\w+',line) != [])&(sdata==1) :  
			line = line.replace (":", ",")
			words = line.split()
			output_f.write(words[0]+words[1]+'\n')
 
		if (re.findall(r'\d+:\s+\w+',line) != [])&(rodata==1) :  
			line = line.replace (":", ",")
			words = line.split()
			output_f.write(words[0]+words[1]+'\n')
 
 
 
arg_list = sys.argv
print(arg_list[1])
print(arg_list[2])
 
if len(arg_list) != 3:
	print("need input file list")
	sys.exit()
 
replace_line(arg_list[1], arg_list[2])

dump出的firmware的文件如下，其中包含指令编码以及所放置的mem中的地址：


52040000,0940006f
52040004,00000013
52040008,0000006f
52040084,00367ad3
52040094,00000113
52040098,00000193
5204009c,00000213
520400a0,00000293
520400a4,00000313
520400a8,00000393
520400ac,00000413
520400b0,00000493
520400b4,00000513
520400b8,00000593
520400bc,00000613
520400c0,00000693
520400c4,00000713
520400c8,00000793
520400cc,00000813
520400d0,00000893
520400d4,00000913
520400d8,00000993
520400dc,00000a13
520400e0,00000a93
520400e4,00000b13
520400e8,00000b93
520400ec,00000c13
520400f0,00000c93
520400f4,00000d13
520400f8,00000d93
520400fc,00000e13
52040100,00000e93
52040104,00000f13
52040108,00000f93
5204010c,52086137
52040110,010000ef
52040114,ef5ff06f
52040118,00b52023
5204011c,00008067
52040120,fe010113
52040124,06400793
52040128,00f12623
5204012c,00c12583
52040130,00001537
52040134,00112e23
52040138,fe1ff0ef
5204013c,20200593
52040140,00001537
52040144,fd5ff0ef
52040148,01c12083
5204014c,02010113
52040150,00008067

7.仿真结果

将上面dump出来的结果，进行仿真。结果如下所示。可以看见和C代码内容一样分别对0x1000这个地址写入次，第一次值100（0x64），第二次值0x202

pc指针的初始值值设置的是52040000，也就是.text的初始地址。

参考：

1.RISC-V架构与嵌入式开发快速入门

相关阅读:
QQd挂源码已更新最新加速项目程序全开源
 声学感知刻度(mel scale、Bark scale、ERB)与声学特征提取(MFCC、BFCC、GFCC)
spring cloud gateway 入门
 uni-app项目由hbuilder项目转化为cli项目
 EasyExcel实现对excel文件读写
 不重装系统，如何将系统从SSD迁移到M2固态硬盘
 基于Python OpenCV的金铲铲自动进游戏、D牌...
手部关键点识别易语言代码
 Redis底层核心数据结构详解
 知识图谱实体对齐2：基于GNN嵌入的方法
原文地址：https://blog.csdn.net/geter_CS/article/details/127671194