uboot relocation code analysis

Overview

The relocation code copies the BootLoader itself from Flash to SDRAM so that it can jump to SDRAM for execution. Relocation is required because the execution speed in Flash is relatively slow, and the system always fetches instructions from address 0x00000000 after reset.

Relocation code, located in /U-Boot/cpu/s3c44b0/start.S:

relocate:

adr r0, _start

ldr r1, _TEXT_BASE

cmp r0, r1

beq stack_setup

ldr r2, _armboot_start

ldr r3, _bss_start

sub r2, r3, r2

add r2, r0, r2

copy_loop:

ldmia r0!, {r3-r10}

stmia r1!, {r3-r10}

cmp r0, r2

ble copy_loop

The above code first determines whether relocation is needed. If necessary, it first determines the source base address, source size and target base address of the copy, and then copies the BootLoader to SDRAM using r3 ~ r13 as the medium.

analyze

copy_loop is easy to understand. Here we mainly analyze the first two instructions at relocate:

1. adr r0, _start

adr is a pseudo-instruction. The assembler always tries to generate add/sub instructions for it, which load the target register with pc as the base address. The following is the disassembled code generated by arm-elf-objdump:

c700048: e24f0050 sub r0, pc, #80; 0x50

e24f0050 is the machine code corresponding to the instruction, and c700048 is the address (in hexadecimal) where the machine code is stored. How does this address come from? The answer to the question in /U-Boot/config.mk is:

LDFLAGS += -Bstatic -T $(LDSCRIPT) -Ttext $(TEXT_BASE) $(PLATFORM_LDFLAGS)

The above macro specifies the command line parameters when linking, -Ttext sets the address of the .text segment, and TEXT_BASE is defined as 0x0C700000 in /U-Boot/board/.../config.mk. This information is finally recorded in the program image file in a hard-coded way, and the program entry _start = TEXT_BASE = 0x0C700000:

Disassembly of section .text:

0c700000 <_start>:

c700000: ea00000a b c700030
...

However, the program image is burned into the Flash and starts to execute, and the address of the Flash starts at 0x00000000. Therefore, the first instruction of the program image is aligned to 0x00000000. Correspondingly, the address of this adr instruction should be aligned to 0x00000048, and r0 is equal to 0 after execution.

2. ldr r1, _TEXT_BASE

The following is the disassembled code generated by arm-elf-objdump:

c70004c: e51f1034 ldr r1, [pc, #-52] ; c700020 <_TEXT_BASE>

It can be seen that the ldr here does not simply load the 4 bytes at the _TEXT_BASE address into r1, but also calculates the source address based on the pc. Here pc = 0x4c + 8 = 0x54, so the instruction loads the 4 bytes at 0x54 – 52 = 0x20 (i.e. TEXT_BASE, i.e. 0x0C700000) into r1.

3. Determination of source size

Through the above analysis, we have a concept: the actual execution address of the program may be different from the load address specified during connection. We have obtained the runtime start address of the BootLoader code, which is stored in r0, and we need to calculate its runtime end address. Runtime end address = runtime start address + code segment size. The code segment size is obtained by the expected start address of the .bss segment - the expected start address of the .text segment.

summary

The address of the .text segment is hard-coded into the program image by the -Ttext option during linking. Although the program image is executed in Flash, its actual execution address is inconsistent with the expected execution address, but before relocating, relative addressing is performed with pc as the base address, so that the execution of these codes is independent of their actual loading address.