TQ2440之uboot---7.start.S中關于bl指令的理解

編譯u-boot時，在Makefile 的ALL變量最后加上$(obj)u-boot.dis，會編譯出u-boot.dis，u-boot.dis是通過arm-linux-objdum –d 生成u-boot的每一條指令的反匯編。

33d80080: e59f13f4 ldr r1, [pc, #1012]
33d80084: e59f03f4 ldr r0, [pc, #1012]
33d80088: e5801000 str r1, [r0]
33d8008c: eb000015 bl 33d800e8

………

33d800e8 :
33d800e8: e3a00000 mov r0, #0 ; 0x0

上面的bl指令，從表面上看 bl 33d800e8,好像是跳到了絕對地址0x33d800e8處，此時是運行在絕對0x0地址處，然后用bl一下子跳到了內(nèi)存地址0x33d800e8處，可是此時內(nèi)存都還沒有初始化就運行，這怎么可能？

這好像是很矛盾，但仔細分析一下，原來是這樣的：

將 eb000015 轉(zhuǎn)為二進制：

1110 1011 0000 0000 0000 0000 0001 0101

看一下它的具體含義，下面是b/bl 指令的格式-- 出自《ARM Instruction Set》

31-28 –> cond

27-25 –> 101

24 --> L

23-0 –> offset

"Branch instructions contain a signed 2's complement 24 bit offset. This is shifted left two bits, sign extended to 32 bits, and added to the PC. The instruction can therefore specify a branch of +/- 32Mbytes. The branch offset must take account of the prefetch operation, which causes the PC to be 2 words (8 bytes) ahead of the current instruction. Branches beyond +/- 32Mbytes must use an offset or absolute destination which has been previously loaded into a register. In this case the PC should be manually saved in R14 if a Branch with Link type operation is required.“ 出自《ARM Instruction Set》

1110 –> cond –> always 無條件跳轉(zhuǎn)

27-25 –> 說明是B 跳轉(zhuǎn)指令

24 –> L位 Branch with Link, 跳轉(zhuǎn)時將下一條指令的地址拷貝到R14(lr)中

23-0 –> offset=0x15

執(zhí)行bl后：pc = 當前pc + ( offset<<2 + 8 ) = 0x8c+(0x15<<2+8)= 0xE8

跳到偏移地址為0xE8的地方，也就是 cpu_init_crit函數(shù)中。