Hi everyone,
as Simon correctly deduced, mostly all that is missing from his
experiments is actually enabling Jazelle.
This can be done by setting the JE bit in the Jazelle Main Control
Register, aka:
mov r0, #1
mcr p14, 7, r0, c2, c0
This part is now fully documented in the ARM Architecture Manual. No
need to mess with the automated Japanese translation and its "Java
Hypothetical Machine" ;)
The other missing part to make Jazelle work is the register
assignment; up so far I've discovered that:
r0-r4: stack top cache.
r5: pointer to handlers table.
r5's lower 5 bits: some internal Jazelle status. might indicate which
registers are being used as stack top cache.
r6: stack pointer. grows downwards.
r14: before invoking bxj, this must contain pointer to first opcode
I've discovered this mostly by experimentation. As for the rest of
registers, I can only make wild guesses so far. As you can see, r0-r4
are used for stack and not only r0-r3 as previously said.
The BXJ instruction takes an argument which is the absolute address of
the instruction to branch to if, for any reason, Jazelle is not
enabled. So, again, as Simon deduced, BXJ acts like a plain BX if the
JE bit is not set. If JE is enabled, I'm yet to see what this
parameter is used for (I believe nothing at all).
The "handlers table" must contain 256 pointers to "handler functions".
Each unhandled opcode will bx to the corresponding handler (1:1
mapping). Opcode 255 incredibly enough seems to be actually handled,
and just hangs indefinitely (gdb will say $pc is the one with 255
opcode and loop forever). The only handler I've written so far is for
the "breakpoint" opcode, which successfully halts the execution.
The breakpoint opcode has the nice added benefit that somehow
"flushes" the stack to memory, so, fortunately, there's no need to
fiddle with r0-r4 and r5's lower bits (which I still don't understand,
even though there are only 2^5 possible combinations so it should be
easy to hardcode).
Here is some code that successfully runs the following Java program:
iconst_4
iconst_4
iconst_4
iconst_4
iconst_4
iconst_4
iadd
(breakpoint)
then prints the resulting stack, which of course is 8,4,4,4,4 (right = oldest)
Source code and binary:
http://cosas.javispedro.com/jaz/
Specially read http://cosas.javispedro.com/jaz/jas.s since it is the
one containing the main logic (GNU assembler file), and I've tried to
at least comment it a bit.
I know I'm being a bit late (2 years :P and with the "N900" not having
full Jazelle DBX this may be not that useful) but either way I did
this as fun project (and to get familiarized with arm assembly, since
I knew x86 only). Check IRC's log for today
http://mg.pov.lt/maemo-irclog/%23maemo.2009-07-14.log.html
.
A teaser: :D
$ ./j
r5 (state&handlers): 36864=0x9000
r6 (stack): 70960=0x11530
r7 (vars?): 70992=0x11550
r8 (cpool?): 71024=0x11570
r12 (not enabled handler): 34156=0x856c
r14 (next opcode): 35840=0x8c00
stack: (at 0x11530, size=8)
0=0x0
0=0x0
0=0x0
0=0x0
0=0x0
0=0x0
0=0x0
0=0x0
r5 (state&handlers): 36864=0x9000
r6 (stack): 70980=0x11544
r7 (vars?): 70992=0x11550
r8 (cpool?): 71024=0x11570
r12 (not enabled handler): 0=0x0
r14 (next opcode): 33712=0x83b0
stack: (at 0x11530, size=8)
4=0x4
4=0x4
4=0x4
4=0x4
8=0x8
0=0x0
0=0x0
0=0x0
Thank you all for your research.
Javier.
_______________________________________________
maemo-developers mailing list
maemo-developers@maemo.org
https://lists.maemo.org/mailman/listinfo/maemo-developers
