US20160196170A1 - Integrated-circuit radio - Google Patents

Integrated-circuit radio Download PDF

Info

Publication number
US20160196170A1
US20160196170A1 US15/068,046 US201615068046A US2016196170A1 US 20160196170 A1 US20160196170 A1 US 20160196170A1 US 201615068046 A US201615068046 A US 201615068046A US 2016196170 A1 US2016196170 A1 US 2016196170A1
Authority
US
United States
Prior art keywords
firmware module
software application
supervisor call
radio communication
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/068,046
Inventor
Joel David Stapleton
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nordic Semiconductor ASA
Original Assignee
Nordic Semiconductor ASA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nordic Semiconductor ASA filed Critical Nordic Semiconductor ASA
Priority to US15/068,046 priority Critical patent/US20160196170A1/en
Assigned to NORDIC SEMICONDUCTOR ASA reassignment NORDIC SEMICONDUCTOR ASA ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: STAPLETON, Joel David
Publication of US20160196170A1 publication Critical patent/US20160196170A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44557Code layout in executable memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/0003Software-defined radio [SDR] systems, i.e. systems wherein components typically implemented in hardware, e.g. filters or modulators/demodulators, are implented using software, e.g. by involving an AD or DA conversion stage such that at least part of the signal processing is performed in the digital domain

Definitions

  • This invention relates to integrated-circuit radio-communication devices and methods of configuring such devices.
  • Integrated-circuit radio-communication devices typically integrate a processor, memory and radio communication logic on a silicon chip.
  • An antenna may be fabricated on the silicon or may be connecting externally.
  • the device will have pins for connecting to a power supply, clock source and any external peripherals such as sensors, timers, digital-to-analog converters and output devices.
  • the processor interfaces with the radio communication logic in order to supervise the sending and/or receiving of radio messages.
  • radio-communication devices can be used in a wide range of wireless products, such as wireless mice and keyboards, controllers for game consoles, bicycle speedometers, remote controls, garage-door openers, wireless loudspeakers, etc.
  • the processor on such a device may run software directly from non-volatile memory in order to control the radio communication logic according to a predetermined radio protocol, such as Bluetooth® or ZigBee®.
  • a predetermined radio protocol such as Bluetooth® or ZigBee®.
  • the manufacturing of a complete product, such as a wireless mouse, that incorporates such a radio-communication chip typically involves the manufacturer of the radio chip supplying it to a product manufacturer, who will integrate the chip into the rest of the product.
  • the chip manufacturer may also provide a development kit, containing tools, such as a cross compiler, loader and debugger, and documentation that allow the product manufacturer to develop, install and debug custom application software for the radio device.
  • the custom application software may, for instance, include routines for receiving input from a movement sensor on a wireless mouse and for transmitting suitable radio messages according to a desired protocol.
  • a development kit may additionally include source code for a software library and/or operating system, written by the chip manufacturer.
  • the product manufacturer can then compile and link the supplied source code with its own custom software application, to create a single object file for loading to a predetermined address in the memory of each chip.
  • the library or operating system may contain instructions that implement a particular radio protocol. It could include other functions, such as memory management, processor scheduling, inter-process communication, etc.
  • the application developer can call these supplied functions from its application code, rather than having to write them from scratch. This can make development of the application software simpler and quicker. It can also ease portability between different models of the radio chip.
  • the invention provides a method of configuring an integrated-circuit radio communication device, wherein:
  • a software application can be loaded onto a radio-communication chip so as to interface via supervisor call instructions with a firmware module that provides radio control functions.
  • the firmware module stored at the firmware memory address, is a linked binary.
  • the firmware module will usually be a compiled binary module (e.g. compiled from the C programming language), although it is possible that it could be assembled directly from machine code.
  • the only non-standard information i.e. not determined by the processor or device architecture
  • the predetermined software-application memory address information relating to the amount of any data memory (e.g. in RAM) available for the software application to use, and the predetermined correspondence between supervisor call numbers and radio communication functions in the firmware module.
  • This information can be sufficient to write, compile and load a software application for the device.
  • the application developer could conveniently be provided with a header file (e.g. in the C programming language) which would contain this information. (Such a header file may, of course, optionally contain other, additional features to provide further assistance to the application developer.)
  • Another advantage of configuring a device according to methods of the invention is that the device manufacturer need not reveal confidential source code in its firmware module to the application developer.
  • the integrated-circuit device may be provided to a developer of the software application with the firmware module already pre-loaded on the device. This can further increase the security of any confidential information contained in the firmware module. However, this is not essential.
  • the application developer may instead receive the firmware module as a binary image of pre-compiled instructions and load the firmware module onto the device.
  • the invention provides a method of configuring an integrated-circuit radio communication device, wherein the device comprises a processor, memory, and radio communication logic, the method comprising:
  • the firmware module and the software application may be loaded onto the device in any order or substantially simultaneously. It will be appreciated that loading the two simultaneously is still fundamentally different from loading a single, linked software application and library as the skilled person might have done in the past.
  • the firmware module is preferably a compiled and linked binary module (but without being linked to the software application).
  • the invention also extends to an integrated-circuit radio communication device itself.
  • the invention provides an integrated-circuit radio communication device, wherein:
  • the invention provides a firmware module, and a transitory or non-transitory medium storing the same, for loading on an integrated-circuit radio communication device comprising a processor, memory, and radio communication logic, at a firmware memory address, the firmware module comprising:
  • the firmware module is preferably a linked binary module.
  • the invention provides a software application, and a transitory or non-transitory medium storing the same, for loading on an integrated-circuit radio communication device comprising a processor, memory, and radio communication logic, at a predetermined software application memory address, the software application being arranged to invoke a radio communication function by issuing a supervisor call instruction having an associated, predetermined supervisor call number corresponding to the function to be invoked.
  • the firmware module is arranged so that all the radio communication functions provided by the firmware module are invoked by supervisor call instructions having respective supervisor call numbers according to a predetermined correspondence between numbers and functions. In this way, no other mechanism for invoking firmware functions need be supported by the device, thereby avoiding substantial static or run-time link dependencies, and simplifying the device and development of the software application.
  • firmware module may provide other functions, not necessarily related to radio communication, which the software application can invoke; for example, an encryption algorithm.
  • the device is configured so that the invoking of all such functions is carried out by the issuing of supervisor call instructions.
  • embodiments of the device need not contain a traditional, full operating system, the application developer can be free to develop the software application as a native application for the processor architecture, without having to learn how to interface with a proprietary operating system supplied by the chip manufacturer. Especially when the processor is well-known in the art, this is a particularly attractive feature for the application developer.
  • the software application may interface directly with this layer.
  • Application-specific drivers may also be loaded onto the device.
  • Configuring the device may comprise using the correspondence between supervisor call numbers and radio communication functions when compiling the software application. Compiling or loading the software application may make use of the predetermined software-application memory address. In some embodiments, configuring the device may comprise receiving the correspondence between supervisor call numbers and radio communication functions and/or receiving the predetermined software-application memory address, e.g. as a header file. Such information may then be used when compiling the software application.
  • the device is preferably configured so that no run-time linking is required when executing the software application on the device.
  • the processor may implement the supervisor call instructions in any appropriate way.
  • the processor is an ARM Ltd.® processor, such as a processor from the Cortex-M family, and the supervisor call instructions are then SVC instructions, supported by the processor.
  • the software application may issue a supervisor call instruction by executing a dedicated SVC processor instruction.
  • a supervisor call instruction may be generated by a compiler when compiling the software application, e.g. by the developer including a specific pre-processor directive in the source code for the software application.
  • the number associated with the supervisor call may be made available to the call handler via a register or via the call stack or via any other appropriate mechanism.
  • the processor and/or software application are configured to make the values of one or more arguments available to the supervisor call handler.
  • the software application can pass arguments to a radio communication function, such as data to be transmitted.
  • the call handler may be able to pass a return value from the radio communication function to the software application.
  • the processor is preferably configured to handle a supervisor call instruction from the software application as an exception (software interrupt).
  • exception software interrupt
  • the processor preferably supports a plurality of interrupt priorities.
  • some event-driven functions in the firmware module are assigned a relatively high priority, while others are assigned a relatively low priority.
  • functions associated with time-critical radio communication operations are assigned the relatively high priority.
  • the software application may be arranged to handle interrupts (forwarded by the firmware module, as explained below) and may have a relatively high priority for some event-driven functions and a relatively low priority for others.
  • the software application priorities are preferably interleaved with those of the firmware module.
  • the highest firmware priority level is preferably higher than the highest software-application priority level, so that critical radio communication operations, implemented in the firmware module, can always take precedence over the software application. This can provide protection against careless programming in the software application.
  • the firmware module is preferably configured to invoke a function in the software application in response to the firmware module receiving an interrupt.
  • an interrupt may arise, for example, from a peripheral, such as a movement sensor.
  • the firmware module and the software application may each have a respective interrupt vector table.
  • the two tables preferably use the same interrupt-vector-address offsets as each other.
  • the offsets of interrupt vector addresses in the firmware module's vector table (and hence the software application's vector table, when the two use the same offsets) are typically fixed by the processor architecture.
  • the device is preferably configured to use the firmware module's vector table when processing an interrupt (i.e. as the system interrupt vector table).
  • the firmware module is preferably configured so that all interrupts that the firmware module is not programmed to handle itself are passed on to the software application. This may be implemented by the firmware module causing execution to branch to the address contained in the corresponding offset in the software application's vector table whenever it is not configured to handle a particular interrupt. This is possible because the software application is loaded to a predetermined memory address, so that the firmware module can know, in advance, where to find the software application's vector table once the application has been loaded onto the device.
  • This interrupt forwarding mechanism conveniently allows the software application to be programmed to handle hardware interrupts in substantially the same way as if no firmware module were present on the device. I.e. the firmware module can be invisible to the software application for the purposes of receiving interrupts.
  • the forwarding is preferably implemented in such a way that it adds latency of fewer than about 30 instructions or less than about 3 microseconds, compared with a direct hardware interrupt to a software application.
  • the firmware module may be arranged to be substantially disabled. Such disabling may be carried out via a call to the firmware module (preferably using the SVC mechanism). Disabling the firmware module may cause the firmware module to reset the protocol stack and to disable any memory protection (if present) in order to give resources back to the software application. When disabled, the firmware module preferably forwards all interrupts to the software application (even those which it might otherwise have handled itself).
  • the processor preferably supports seamless transitions from one interrupt priority level to another. This is sometimes referred to as tail-chaining. This provides an elegant means of transferring control between the software application and the firmware module (and vice versa) so as to allow time-critical radio communication functions to take precedence when necessary.
  • the device preferably comprises memory protection logic arranged to intercept memory access instructions. This logic may be located between the processor and the memory. It may use the location of a memory-access instruction (i.e. where the processor has read the instruction from) to determine whether to allow access.
  • the memory protection logic is preferably configured to prevent the software application from reading or overwriting the firmware module (or both).
  • Such memory protection can provide benefits in protecting sensitive information in the firmware module from being read by the developer of the software application. It can also minimise potential damage from programming errors in the software application, as well as aiding the detection and correction of bugs in the software application.
  • the memory protection logic may be configured to protect RAM associated with the firmware module from being read or written to by the software application (or both).
  • the processor, memory, and radio communication logic are preferably integrated on a single silicon chip. However, they may alternatively be integrated in a multi-chip module.
  • the memory is preferably a non-volatile memory such as EEPROM or flash. It preferably supports random-access reading, so that the firmware module and software application can be executed directly from the memory.
  • the device will typically also comprise volatile memory. It may additionally comprise one or more peripherals. It may have connections for receiving power and a clock signal. It may have a connection for an antenna. It may have one or more input and/or output interfaces such as a serial connection.
  • FIG. 1 is a schematic drawing of a microcontroller embodying the invention
  • FIG. 2 is a schematic drawing showing major software components within the microcontroller architecture
  • FIG. 3 is a schematic memory map for the microcontroller
  • FIG. 4 is a figurative diagram of different processor interrupt priority levels
  • FIGS. 5 a -5 c are figurative diagrams illustrating various interrupt scenarios
  • FIG. 6 is a figurative diagram of source code elements illustrating the software application calling a function in the firmware module
  • FIG. 7 is a figurative diagram of source code elements illustrating the software application using a system call to invoke an internal function
  • FIG. 8 is a figurative diagram of source code elements illustrating the software application receiving a hardware interrupt.
  • FIG. 1 shows an integrated-circuit microcontroller 1 , sometimes known as a system-on-chip, which comprises clock logic 3 , which may include a resistor-capacitor oscillator and/or may receive an input from an off-chip crystal oscillator (not shown), power management circuitry 5 , a processor 7 (e.g. an ARM® Cortex-M0), memory protection logic 9 , RAM 11 , non-volatile flash memory 13 , one or more peripherals 15 , radio communication logic 17 and input/output circuitry 19 .
  • clock logic 3 which may include a resistor-capacitor oscillator and/or may receive an input from an off-chip crystal oscillator (not shown)
  • power management circuitry 5 e.g. an ARM® Cortex-M0
  • memory protection logic 9 e.g. an ARM® Cortex-M0
  • the memory protection logic 9 is situated so as to intercept instructions from the processor 7 to the RAM 11 and flash memory 13 .
  • the microcontroller 1 may be connected to a number of external components such as a power supply, radio antenna, crystal oscillator, sensors, output devices, etc.
  • FIG. 2 shows the microcontroller 1 , above which sits an optional hardware abstraction layer 21 , such as the ARM® Cortex Microcontroller Software Interface Standard.
  • the architecture also includes a firmware module 23 , drivers 25 and software application 27 .
  • the drivers 25 may be specific to the software application 27 .
  • the firmware module 23 is a binary application comprising a number of embedded software blocks.
  • a radio protocol block 31 implements one or more wireless protocol stacks.
  • a radio event manager 33 provides access scheduling for the radio communication logic 17 and event multiplexing.
  • a library 35 provides shared hardware resource management and functions such as random number generation, configuring interrupts and priority, power management (e.g. for enabling and disabling peripherals), encryption functions, etc.
  • a firmware manager 37 supports enabling and disabling the firmware module, and enabling and disabling the wireless protocol stack.
  • the firmware module 23 owns the system vector table and is the entry point for the program on all resets.
  • An application programming interface (API) 29 for the firmware module 23 allows the software application 27 to invoke functions in the firmware module 23 . It is implemented entirely using system calls. When using an ARM® processor, each API function prototype is mapped to a firmware function via an associated supervisor call (SVC) number at compile time. This mapping can be provided to the developer of the software application 27 to allow the functions to be called correctly.
  • API application programming interface
  • the firmware module 23 can communicate events to the software application 27 as software interrupts, the content of which is buffered until read (polled) by the software application 27 .
  • the reading is done through an API call (e.g. event_get( )).
  • the software application 27 can access the microcontroller ( 1 ) hardware directly or via a hardware abstraction layer 21 , e.g. by means of application-specific drivers 25 , in addition to being able to use the firmware module 23 to use the hardware indirectly.
  • FIG. 3 shows how the RAM 11 and flash 13 are shared between the firmware module 23 and the software application 27 (including any application-specific drivers 25 ).
  • the flash 13 is assigned addresses from zero (0x0000 0000) upwards, to its capacity, SizeOfProgMem and the RAM 11 is assigned addresses from 0x2000 0000 upwards to (0x2000 0000+SizeOfRAM). Different address values may be used if a different type of processor is used.
  • the flash 13 comprises two distinct regions either side of address CLENR0 (code length region 0). Region 0, between zero and CLENR0, is where the firmware module 23 is loaded. Its interrupt vector table is stored at address zero. Region 1, extending upwards from CLENR0, is where the software application 27 is loaded. It too has an interrupt vector table, at address CLENR0, the purpose of which is explained below. It will be appreciated that the device 1 may have other non-volatile memory (not shown) which may be used for other purposes, such as storing configuration information or flags.
  • the RAM 11 similarly has a Region 0, from the base address 0x2000 000 to RLENR0, and a Region 1, extended upwards from RLENR0.
  • RAM Region 0 provides data storage for the firmware module 23 while RAM Region 1 provides data storage for the software application 27 .
  • a call stack is shared between the firmware module 23 and the software application 27 and grows downwards, e.g. from 0x2000 0000+SizeOfRAM. The memory allocated to the call stack must be big enough for the needs of both the software application 27 and the firmware module 23 .
  • the firmware module 23 call-stack usage requirement may be published for the device 1 by the chip manufacturer.
  • the developer of the software application 27 must then define an initial stack pointer and reserve sufficient stack memory for both the firmware module 23 and his software application 27 .
  • the firmware module 23 will initialize the main stack pointer on reset.
  • the memory protection logic 9 is arranged to intercept all memory access requests (e.g. read requests) from the processor 7 to the flash 13 and the RAM 11 . It determines the source of the access request instruction (e.g. whether the request is from the firmware module 23 or from the software application 27 ). It also accesses memory protection configuration data (e.g. stored in one or more dedicated registers) which specifies respective access permissions for the various sources, and allows or denies the access request accordingly.
  • memory protection configuration data e.g. stored in one or more dedicated registers
  • the software application 27 is denied read and/or write access to flash Region 0 and to RAM Region 0. This protects confidentiality for the firmware module 23 and can prevent inadvertent or malicious writing by the software application 27 to memory locations allocated to the firmware module 23 , thereby increasing robustness and security.
  • the software application flash Region 1 may also be protected from read access, e.g. to protect against read back via an external debugging interface.
  • the call stack may be in two parts, where the firmware module 23 call stack is located in RAM Region 0 and the software application 27 call stack is located in RAM Region 1.
  • FIG. 4 shows the different interrupt levels 41 provided by an ARM® Cortex-M0 processor, with increasing priority in the direction of the arrow, and how these levels are mapped to the interrupt levels 43 used by the firmware module 23 and software application 27 .
  • FIGS. 5 a -5 c show various examples of possible changes in priority level.
  • FIG. 5 a illustrates a background main process being interrupts by the software application at low priority, e.g. by a serial driver.
  • the software application 27 then makes an API call to the firmware module 23 (by triggering an supervisor call (SVC) exception).
  • SVC supervisor call
  • the firmware module 23 handles the call at the low-priority firmware level before returning to the application low-priority level.
  • the software application 27 completes its operation and execution returns to the main background level.
  • FIG. 5 b illustrates an API call to the firmware module 23 being made from the main context (by triggering an SVC exception).
  • the execution of the API function in firmware low-priority is interrupted by a high-priority software application exception. This may be to service a sensor input, for example.
  • the firmware API call can continue at the lower priority level, before finally returning to the background main process.
  • FIG. 5 c illustrates a high-priority interrupt of a background main process by the firmware module 23 .
  • the interrupt service routine in the firmware module 23 sets a low-priority firmware exception flag to signal to the higher levels of the radio protocol stack.
  • the low-priority routine is executing immediately due to the tail-chaining capabilities of the processor 7 (i.e. without having to revert to the background main level in between).
  • the low-priority firmware routine in turn sets an exception flag to signal the software application 27 that a radio data packet has been received.
  • FIGS. 6-8 illustrate by example how control can pass between the software application 27 and the firmware module 23 .
  • Uncompiled C language code extracts are used for illustration. Of course, in reality, binary instructions from the flash memory 13 are executed by the processor 7 . The numbered arrows indicate successive execution steps.
  • FIG. 6 shows the software application 27 calling a function through the API 29 of the firmware module 23 .
  • the application 27 calls a function with a prototype imported from the firmware API 29 using a firmware header file supplied to the software-application developer by the chip manufacturer.
  • the _SVC(x) pragma causes the compiler to insert an instruction in the object code which causes a supervisor call (SVC) exception when the function is called by the software application 23 .
  • the processor 7 invokes the SVC handler via the firmware module's interrupt vector table (which acts as the system interrupt vector table).
  • the SVC number associated with the function called by the software application 27 is passed to the SVC handler, along with any arguments. Such arguments may be passed via registers or via the call stack, depending on the processor.
  • the SVC handler uses the SVC number to call the correct firmware module function. This could be a radio control function (e.g. an instruction to transmit data by radio), or a firmware management function (e.g. to disable the firmware module), or a library function (e.g. to generate a random number).
  • the function executes and then returns to the software application 27 .
  • a return value may be available in a register or on the call stack.
  • FIG. 7 shows the software application 27 invoking one of its own functions via a system call. It might do this in order to change from a low priority to a high priority execution level.
  • the software application 27 triggering a SVC so as to cause execution to pass to an SVC handler in the firmware module 27 .
  • the instruction uses an SVC number in a range that is reserved for the software application's own use.
  • the firmware module 23 thus causes execution to branch to a handler function (app_systemcall_function( )) in the software application 27 , potentially at a different priority level to that of the preceding operation.
  • FIG. 8 shows how a hardware interrupt can be received by the software application 27 .
  • the firmware module 23 is arranged to forward interrupts to the software application 27 by default, unless they are interrupts that the firmware module 23 is configured to handled. Additionally, if the firmware module 23 has been disabled by the software application 27 (e.g. via a suitable API call to the firmware manager 37 ), then the firmware module will forward all interrupts to the software application 27 .
  • an interrupt handler in the firmware module 23 is vectored to. This checks whether the firmware module 23 is enabled and whether it is an interrupt that the firmware module 23 is set up to deal with. If so, the firmware module 23 handles the interrupt. If not, it branches execution to an interrupt handler routine in the software application 27 .
  • the firmware module 23 can know where to find this routine because the location of the software application vector table (at CLENR0) is predetermined, and the offsets into this vector table are the same as the offsets into the firmware module's vector table.
  • a firmware module implementing radio control logic programmed to a firmware memory address on an integrated radio communication chip, can be configured and used both securely and conveniently.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Transceivers (AREA)

Abstract

An integrated-circuit radio communication device (1) comprises a processor (7), memory (13), and radio communication logic (17). The memory (13) has a firmware module (23) stored at a firmware memory address, the firmware module (23) comprising instructions for controlling the radio communication logic (17) according to a predetermined radio protocol. The processor (7) is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module (23), and (ii) making the supervisor call number available to the call handler. A software application (27) is loaded into the memory (13) of the device (1), and stored at a predetermined application memory address. It is arranged to invoke a radio communication function from the firmware module (23) by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of and is a continuation of U.S. patent application Ser. No. 13/924,160 to Joel David Stapleton and entitled “Integrated-Circuit Radio,” filed on Jun. 21, 2013, which is incorporated herein by reference in its entirety.
  • This invention relates to integrated-circuit radio-communication devices and methods of configuring such devices.
  • Integrated-circuit radio-communication devices typically integrate a processor, memory and radio communication logic on a silicon chip. An antenna may be fabricated on the silicon or may be connecting externally. The device will have pins for connecting to a power supply, clock source and any external peripherals such as sensors, timers, digital-to-analog converters and output devices. The processor interfaces with the radio communication logic in order to supervise the sending and/or receiving of radio messages.
  • Such radio-communication devices, or chips, can be used in a wide range of wireless products, such as wireless mice and keyboards, controllers for game consoles, bicycle speedometers, remote controls, garage-door openers, wireless loudspeakers, etc.
  • The processor on such a device may run software directly from non-volatile memory in order to control the radio communication logic according to a predetermined radio protocol, such as Bluetooth® or ZigBee®.
  • The manufacturing of a complete product, such as a wireless mouse, that incorporates such a radio-communication chip typically involves the manufacturer of the radio chip supplying it to a product manufacturer, who will integrate the chip into the rest of the product. The chip manufacturer may also provide a development kit, containing tools, such as a cross compiler, loader and debugger, and documentation that allow the product manufacturer to develop, install and debug custom application software for the radio device. The custom application software may, for instance, include routines for receiving input from a movement sensor on a wireless mouse and for transmitting suitable radio messages according to a desired protocol.
  • A development kit may additionally include source code for a software library and/or operating system, written by the chip manufacturer. The product manufacturer can then compile and link the supplied source code with its own custom software application, to create a single object file for loading to a predetermined address in the memory of each chip.
  • The library or operating system may contain instructions that implement a particular radio protocol. It could include other functions, such as memory management, processor scheduling, inter-process communication, etc. The application developer can call these supplied functions from its application code, rather than having to write them from scratch. This can make development of the application software simpler and quicker. It can also ease portability between different models of the radio chip.
  • The applicant has come to realise, however, that such traditional approaches can be improved upon.
  • From one aspect, the invention provides a method of configuring an integrated-circuit radio communication device, wherein:
      • the device comprises a processor, memory, and radio communication logic;
      • the memory has a firmware module stored at a firmware memory address, the firmware module comprising instructions for controlling the radio communication logic according to a predetermined radio protocol; and
      • the processor is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module, and (ii) making the supervisor call number available to the call handler,
        the method comprising loading a software application into the memory of the device, such that the application is stored at a predetermined application memory address, wherein the software application is arranged to invoke a radio communication function from the firmware module by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.
  • Thus it will be seen by those skilled in the art that, in accordance with the invention, a software application can be loaded onto a radio-communication chip so as to interface via supervisor call instructions with a firmware module that provides radio control functions.
  • This removes the need for the software application developer to link the application code with a library or operating system supplied by the chip manufacturer, thereby resulting in a simpler and more efficient development process. By avoiding the need for link-time dependencies, the chances of bugs arising during development of the software application can be reduced. Because there is no need to keep re-linking the firmware module that provides radio control functions at successive development stages, the location of member objects in memory can remain unchanged during the development process. This continuity in memory location can avoid bugs occurring and can also aid debugging if errors do arise.
  • In preferred embodiments, the firmware module, stored at the firmware memory address, is a linked binary. Thus no linking between the firmware module and the software application is required, or is even possible. It is envisaged that the firmware module will usually be a compiled binary module (e.g. compiled from the C programming language), although it is possible that it could be assembled directly from machine code.
  • In order to develop the software application, the only non-standard information (i.e. not determined by the processor or device architecture) that the application developer need know is: the predetermined software-application memory address; information relating to the amount of any data memory (e.g. in RAM) available for the software application to use, and the predetermined correspondence between supervisor call numbers and radio communication functions in the firmware module. This information can be sufficient to write, compile and load a software application for the device. It is envisaged that the application developer could conveniently be provided with a header file (e.g. in the C programming language) which would contain this information. (Such a header file may, of course, optionally contain other, additional features to provide further assistance to the application developer.)
  • Another advantage of configuring a device according to methods of the invention is that the device manufacturer need not reveal confidential source code in its firmware module to the application developer.
  • The integrated-circuit device may be provided to a developer of the software application with the firmware module already pre-loaded on the device. This can further increase the security of any confidential information contained in the firmware module. However, this is not essential. The application developer may instead receive the firmware module as a binary image of pre-compiled instructions and load the firmware module onto the device.
  • Thus, from a further aspect, the invention provides a method of configuring an integrated-circuit radio communication device, wherein the device comprises a processor, memory, and radio communication logic, the method comprising:
      • loading a software application into the memory of the device, such that the application is stored at a predetermined application memory address; and
      • loading a firmware module into the memory of the device, such that the firmware module is stored at a predetermined firmware memory address, the firmware module comprising instructions for controlling the radio communication logic according to a predetermined radio protocol,
        wherein:
      • the processor is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module, and (ii) making the supervisor call number available to the call handler; and
      • the software application is arranged to invoke a radio communication function from the firmware module by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.
  • The firmware module and the software application may be loaded onto the device in any order or substantially simultaneously. It will be appreciated that loading the two simultaneously is still fundamentally different from loading a single, linked software application and library as the skilled person might have done in the past. As before, the firmware module is preferably a compiled and linked binary module (but without being linked to the software application).
  • The invention also extends to an integrated-circuit radio communication device itself.
  • Thus, from a third aspect, the invention provides an integrated-circuit radio communication device, wherein:
      • the device comprises a processor, memory, and radio communication logic;
      • the memory has a firmware module stored at a firmware memory address, the firmware module comprising instructions for controlling the radio communication logic according to a predetermined radio protocol; and
      • the processor is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module, and (ii) making the supervisor call number available to the call handler;
      • the memory has a software application stored at a predetermined application memory address, the software application being arranged to invoke a radio communication function from the firmware module by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.
  • From further aspects, the invention provides a firmware module, and a transitory or non-transitory medium storing the same, for loading on an integrated-circuit radio communication device comprising a processor, memory, and radio communication logic, at a firmware memory address, the firmware module comprising:
      • instructions for controlling the radio communication logic according to a predetermined radio protocol; and
      • a supervisor call handler arranged to respond to a supervisor call instruction being issued by a software application by performing a radio communication function corresponding to a supervisor call number associated with the supervisor call instruction.
  • The firmware module is preferably a linked binary module.
  • From still further aspects, the invention provides a software application, and a transitory or non-transitory medium storing the same, for loading on an integrated-circuit radio communication device comprising a processor, memory, and radio communication logic, at a predetermined software application memory address, the software application being arranged to invoke a radio communication function by issuing a supervisor call instruction having an associated, predetermined supervisor call number corresponding to the function to be invoked.
  • In preferred embodiments of any of the above aspects, the firmware module is arranged so that all the radio communication functions provided by the firmware module are invoked by supervisor call instructions having respective supervisor call numbers according to a predetermined correspondence between numbers and functions. In this way, no other mechanism for invoking firmware functions need be supported by the device, thereby avoiding substantial static or run-time link dependencies, and simplifying the device and development of the software application.
  • It will be appreciated that the firmware module may provide other functions, not necessarily related to radio communication, which the software application can invoke; for example, an encryption algorithm. Preferably the device is configured so that the invoking of all such functions is carried out by the issuing of supervisor call instructions.
  • Because embodiments of the device need not contain a traditional, full operating system, the application developer can be free to develop the software application as a native application for the processor architecture, without having to learn how to interface with a proprietary operating system supplied by the chip manufacturer. Especially when the processor is well-known in the art, this is a particularly attractive feature for the application developer.
  • If the device has a hardware abstraction layer in addition to the firmware module, the software application may interface directly with this layer. Application-specific drivers may also be loaded onto the device.
  • Configuring the device may comprise using the correspondence between supervisor call numbers and radio communication functions when compiling the software application. Compiling or loading the software application may make use of the predetermined software-application memory address. In some embodiments, configuring the device may comprise receiving the correspondence between supervisor call numbers and radio communication functions and/or receiving the predetermined software-application memory address, e.g. as a header file. Such information may then be used when compiling the software application.
  • The device is preferably configured so that no run-time linking is required when executing the software application on the device.
  • The processor may implement the supervisor call instructions in any appropriate way. In one set of preferred embodiments, the processor is an ARM Ltd.® processor, such as a processor from the Cortex-M family, and the supervisor call instructions are then SVC instructions, supported by the processor.
  • The software application may issue a supervisor call instruction by executing a dedicated SVC processor instruction. Such an instruction may be generated by a compiler when compiling the software application, e.g. by the developer including a specific pre-processor directive in the source code for the software application.
  • The number associated with the supervisor call may be made available to the call handler via a register or via the call stack or via any other appropriate mechanism.
  • Preferably, the processor and/or software application are configured to make the values of one or more arguments available to the supervisor call handler. In this way, the software application can pass arguments to a radio communication function, such as data to be transmitted. The call handler may be able to pass a return value from the radio communication function to the software application.
  • The processor is preferably configured to handle a supervisor call instruction from the software application as an exception (software interrupt). In this way, the software application can interrupt less time-critical processing when a time-critical radio communication function needs to be invoked.
  • The processor preferably supports a plurality of interrupt priorities. In some embodiments, some event-driven functions in the firmware module are assigned a relatively high priority, while others are assigned a relatively low priority. Preferably, functions associated with time-critical radio communication operations are assigned the relatively high priority.
  • The software application may be arranged to handle interrupts (forwarded by the firmware module, as explained below) and may have a relatively high priority for some event-driven functions and a relatively low priority for others. The software application priorities are preferably interleaved with those of the firmware module. The highest firmware priority level is preferably higher than the highest software-application priority level, so that critical radio communication operations, implemented in the firmware module, can always take precedence over the software application. This can provide protection against careless programming in the software application.
  • The firmware module is preferably configured to invoke a function in the software application in response to the firmware module receiving an interrupt. Such an interrupt may arise, for example, from a peripheral, such as a movement sensor.
  • The firmware module and the software application may each have a respective interrupt vector table. The two tables preferably use the same interrupt-vector-address offsets as each other. The offsets of interrupt vector addresses in the firmware module's vector table (and hence the software application's vector table, when the two use the same offsets) are typically fixed by the processor architecture. The device is preferably configured to use the firmware module's vector table when processing an interrupt (i.e. as the system interrupt vector table).
  • However, the firmware module is preferably configured so that all interrupts that the firmware module is not programmed to handle itself are passed on to the software application. This may be implemented by the firmware module causing execution to branch to the address contained in the corresponding offset in the software application's vector table whenever it is not configured to handle a particular interrupt. This is possible because the software application is loaded to a predetermined memory address, so that the firmware module can know, in advance, where to find the software application's vector table once the application has been loaded onto the device.
  • For example, in some embodiments the RESET interrupt handler address is always placed at offset=0 by the compiler. Therefore, the RESET handler address in the firmware module's vector table will be at address 0x0000 0000+0=0x0000 0000 in the memory. The RESET handler address in the software application's vector table is at address CLENR0+0=CLENR0, where CLENR0 is the predetermined base memory address at which the software application is located.
  • This interrupt forwarding mechanism conveniently allows the software application to be programmed to handle hardware interrupts in substantially the same way as if no firmware module were present on the device. I.e. the firmware module can be invisible to the software application for the purposes of receiving interrupts. The forwarding is preferably implemented in such a way that it adds latency of fewer than about 30 instructions or less than about 3 microseconds, compared with a direct hardware interrupt to a software application.
  • The firmware module may be arranged to be substantially disabled. Such disabling may be carried out via a call to the firmware module (preferably using the SVC mechanism). Disabling the firmware module may cause the firmware module to reset the protocol stack and to disable any memory protection (if present) in order to give resources back to the software application. When disabled, the firmware module preferably forwards all interrupts to the software application (even those which it might otherwise have handled itself).
  • The processor preferably supports seamless transitions from one interrupt priority level to another. This is sometimes referred to as tail-chaining. This provides an elegant means of transferring control between the software application and the firmware module (and vice versa) so as to allow time-critical radio communication functions to take precedence when necessary.
  • The device preferably comprises memory protection logic arranged to intercept memory access instructions. This logic may be located between the processor and the memory. It may use the location of a memory-access instruction (i.e. where the processor has read the instruction from) to determine whether to allow access. The memory protection logic is preferably configured to prevent the software application from reading or overwriting the firmware module (or both).
  • Such memory protection can provide benefits in protecting sensitive information in the firmware module from being read by the developer of the software application. It can also minimise potential damage from programming errors in the software application, as well as aiding the detection and correction of bugs in the software application.
  • The memory protection logic may be configured to protect RAM associated with the firmware module from being read or written to by the software application (or both).
  • The processor, memory, and radio communication logic are preferably integrated on a single silicon chip. However, they may alternatively be integrated in a multi-chip module.
  • The memory is preferably a non-volatile memory such as EEPROM or flash. It preferably supports random-access reading, so that the firmware module and software application can be executed directly from the memory.
  • The skilled person will appreciate that the device will typically also comprise volatile memory. It may additionally comprise one or more peripherals. It may have connections for receiving power and a clock signal. It may have a connection for an antenna. It may have one or more input and/or output interfaces such as a serial connection.
  • Optional or preferred features of one aspect or embodiment described herein may, wherever appropriate, be applied to any other aspect or embodiment.
  • Certain preferred embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which:
  • FIG. 1 is a schematic drawing of a microcontroller embodying the invention;
  • FIG. 2 is a schematic drawing showing major software components within the microcontroller architecture;
  • FIG. 3 is a schematic memory map for the microcontroller;
  • FIG. 4 is a figurative diagram of different processor interrupt priority levels;
  • FIGS. 5a-5c are figurative diagrams illustrating various interrupt scenarios;
  • FIG. 6 is a figurative diagram of source code elements illustrating the software application calling a function in the firmware module;
  • FIG. 7 is a figurative diagram of source code elements illustrating the software application using a system call to invoke an internal function; and
  • FIG. 8 is a figurative diagram of source code elements illustrating the software application receiving a hardware interrupt.
    •
  • FIG. 1 shows an integrated-circuit microcontroller 1, sometimes known as a system-on-chip, which comprises clock logic 3, which may include a resistor-capacitor oscillator and/or may receive an input from an off-chip crystal oscillator (not shown), power management circuitry 5, a processor 7 (e.g. an ARM® Cortex-M0), memory protection logic 9, RAM 11, non-volatile flash memory 13, one or more peripherals 15, radio communication logic 17 and input/output circuitry 19.
  • These components are interconnected in a conventional manner, e.g. using lines and buses (not shown). The memory protection logic 9 is situated so as to intercept instructions from the processor 7 to the RAM 11 and flash memory 13. When installed in a product, the microcontroller 1 may be connected to a number of external components such as a power supply, radio antenna, crystal oscillator, sensors, output devices, etc.
  • FIG. 2 shows the microcontroller 1, above which sits an optional hardware abstraction layer 21, such as the ARM® Cortex Microcontroller Software Interface Standard. The architecture also includes a firmware module 23, drivers 25 and software application 27. The drivers 25 may be specific to the software application 27.
  • The firmware module 23 is a binary application comprising a number of embedded software blocks. A radio protocol block 31 implements one or more wireless protocol stacks. A radio event manager 33 provides access scheduling for the radio communication logic 17 and event multiplexing. A library 35 provides shared hardware resource management and functions such as random number generation, configuring interrupts and priority, power management (e.g. for enabling and disabling peripherals), encryption functions, etc. A firmware manager 37 supports enabling and disabling the firmware module, and enabling and disabling the wireless protocol stack.
  • The firmware module 23 owns the system vector table and is the entry point for the program on all resets.
  • An application programming interface (API) 29 for the firmware module 23 allows the software application 27 to invoke functions in the firmware module 23. It is implemented entirely using system calls. When using an ARM® processor, each API function prototype is mapped to a firmware function via an associated supervisor call (SVC) number at compile time. This mapping can be provided to the developer of the software application 27 to allow the functions to be called correctly.
  • The firmware module 23 can communicate events to the software application 27 as software interrupts, the content of which is buffered until read (polled) by the software application 27. The reading is done through an API call (e.g. event_get( )).
  • The software application 27 can access the microcontroller (1) hardware directly or via a hardware abstraction layer 21, e.g. by means of application-specific drivers 25, in addition to being able to use the firmware module 23 to use the hardware indirectly.
  • FIG. 3 shows how the RAM 11 and flash 13 are shared between the firmware module 23 and the software application 27 (including any application-specific drivers 25). When using an ARM® Cortex-M0 processor 7, the flash 13 is assigned addresses from zero (0x0000 0000) upwards, to its capacity, SizeOfProgMem and the RAM 11 is assigned addresses from 0x2000 0000 upwards to (0x2000 0000+SizeOfRAM). Different address values may be used if a different type of processor is used.
  • The flash 13 comprises two distinct regions either side of address CLENR0 (code length region 0). Region 0, between zero and CLENR0, is where the firmware module 23 is loaded. Its interrupt vector table is stored at address zero. Region 1, extending upwards from CLENR0, is where the software application 27 is loaded. It too has an interrupt vector table, at address CLENR0, the purpose of which is explained below. It will be appreciated that the device 1 may have other non-volatile memory (not shown) which may be used for other purposes, such as storing configuration information or flags.
  • The RAM 11 similarly has a Region 0, from the base address 0x2000 000 to RLENR0, and a Region 1, extended upwards from RLENR0. RAM Region 0 provides data storage for the firmware module 23 while RAM Region 1 provides data storage for the software application 27. A call stack is shared between the firmware module 23 and the software application 27 and grows downwards, e.g. from 0x2000 0000+SizeOfRAM. The memory allocated to the call stack must be big enough for the needs of both the software application 27 and the firmware module 23.
  • The firmware module 23 call-stack usage requirement may be published for the device 1 by the chip manufacturer. The developer of the software application 27 must then define an initial stack pointer and reserve sufficient stack memory for both the firmware module 23 and his software application 27. The firmware module 23 will initialize the main stack pointer on reset.
  • The memory protection logic 9 is arranged to intercept all memory access requests (e.g. read requests) from the processor 7 to the flash 13 and the RAM 11. It determines the source of the access request instruction (e.g. whether the request is from the firmware module 23 or from the software application 27). It also accesses memory protection configuration data (e.g. stored in one or more dedicated registers) which specifies respective access permissions for the various sources, and allows or denies the access request accordingly.
  • In some preferred embodiments of the invention, the software application 27 is denied read and/or write access to flash Region 0 and to RAM Region 0. This protects confidentiality for the firmware module 23 and can prevent inadvertent or malicious writing by the software application 27 to memory locations allocated to the firmware module 23, thereby increasing robustness and security. The software application flash Region 1 may also be protected from read access, e.g. to protect against read back via an external debugging interface.
  • This means that the initial stack pointer cannot be in RAM Region 0 as the software application 27 does not have write access to this region. In other embodiments of the invention, the call stack may be in two parts, where the firmware module 23 call stack is located in RAM Region 0 and the software application 27 call stack is located in RAM Region 1.
  • FIG. 4 shows the different interrupt levels 41 provided by an ARM® Cortex-M0 processor, with increasing priority in the direction of the arrow, and how these levels are mapped to the interrupt levels 43 used by the firmware module 23 and software application 27.
  • Above the Main background context are four interrupt priorities which are used as follows, in increasing order of priority: software application low priority, firmware module low priority, software application high priority and firmware module high priority. The high-priority software application interrupt is used for critical interrupts where low latency is required.
  • FIGS. 5a-5c show various examples of possible changes in priority level.
  • FIG. 5a illustrates a background main process being interrupts by the software application at low priority, e.g. by a serial driver. The software application 27 then makes an API call to the firmware module 23 (by triggering an supervisor call (SVC) exception). The firmware module 23 handles the call at the low-priority firmware level before returning to the application low-priority level. Finally, the software application 27 completes its operation and execution returns to the main background level.
  • FIG. 5b illustrates an API call to the firmware module 23 being made from the main context (by triggering an SVC exception). The execution of the API function in firmware low-priority is interrupted by a high-priority software application exception. This may be to service a sensor input, for example. Once the software application finishes its high-priority execution, the firmware API call can continue at the lower priority level, before finally returning to the background main process.
  • FIG. 5c illustrates a high-priority interrupt of a background main process by the firmware module 23. This could be due to a time-critical radio communication interrupt, such as an incoming radio packet, to which the radio event manager 33 must respond. The interrupt service routine in the firmware module 23 sets a low-priority firmware exception flag to signal to the higher levels of the radio protocol stack. On completion of the high-priority routine, the low-priority routine is executing immediately due to the tail-chaining capabilities of the processor 7 (i.e. without having to revert to the background main level in between). The low-priority firmware routine in turn sets an exception flag to signal the software application 27 that a radio data packet has been received. This exception is chained after completion of the low-priority firmware module routine. In this example, the software application 27 then makes an API call to the firmware module 23 via an SVC which completes and returns context from the SVC to the software application 27. Finally, the software application low-priority operation completes and execution returns to the main level.
  • FIGS. 6-8 illustrate by example how control can pass between the software application 27 and the firmware module 23. Uncompiled C language code extracts are used for illustration. Of course, in reality, binary instructions from the flash memory 13 are executed by the processor 7. The numbered arrows indicate successive execution steps.
  • FIG. 6 shows the software application 27 calling a function through the API 29 of the firmware module 23. The application 27 calls a function with a prototype imported from the firmware API 29 using a firmware header file supplied to the software-application developer by the chip manufacturer. The _SVC(x) pragma causes the compiler to insert an instruction in the object code which causes a supervisor call (SVC) exception when the function is called by the software application 23.
  • The processor 7 invokes the SVC handler via the firmware module's interrupt vector table (which acts as the system interrupt vector table). The SVC number associated with the function called by the software application 27 is passed to the SVC handler, along with any arguments. Such arguments may be passed via registers or via the call stack, depending on the processor. The SVC handler uses the SVC number to call the correct firmware module function. This could be a radio control function (e.g. an instruction to transmit data by radio), or a firmware management function (e.g. to disable the firmware module), or a library function (e.g. to generate a random number). The function executes and then returns to the software application 27. A return value may be available in a register or on the call stack.
  • FIG. 7 shows the software application 27 invoking one of its own functions via a system call. It might do this in order to change from a low priority to a high priority execution level. Similarly to the situation in FIG. 6, the software application 27 triggering a SVC so as to cause execution to pass to an SVC handler in the firmware module 27. However, in this case, the instruction uses an SVC number in a range that is reserved for the software application's own use. The firmware module 23 thus causes execution to branch to a handler function (app_systemcall_function( )) in the software application 27, potentially at a different priority level to that of the preceding operation.
  • FIG. 8 shows how a hardware interrupt can be received by the software application 27. The firmware module 23 is arranged to forward interrupts to the software application 27 by default, unless they are interrupts that the firmware module 23 is configured to handled. Additionally, if the firmware module 23 has been disabled by the software application 27 (e.g. via a suitable API call to the firmware manager 37), then the firmware module will forward all interrupts to the software application 27.
  • On receiving an interrupt, e.g. from a motion sensor, an interrupt handler in the firmware module 23 is vectored to. This checks whether the firmware module 23 is enabled and whether it is an interrupt that the firmware module 23 is set up to deal with. If so, the firmware module 23 handles the interrupt. If not, it branches execution to an interrupt handler routine in the software application 27. The firmware module 23 can know where to find this routine because the location of the software application vector table (at CLENR0) is predetermined, and the offsets into this vector table are the same as the offsets into the firmware module's vector table.
  • In this way, a firmware module implementing radio control logic, programmed to a firmware memory address on an integrated radio communication chip, can be configured and used both securely and conveniently.

Claims (29)

1. A method of configuring an integrated-circuit radio communication device, wherein:
the device comprises a processor, memory, and radio communication logic;
the memory has a firmware module stored at a firmware memory address, the firmware module comprising instructions for controlling the radio communication logic according to a predetermined radio protocol; and
the processor is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module, and (ii) making the supervisor call number available to the call handler,
the method comprising loading a software application into the memory of the device, such that the application is stored at a predetermined application memory address, wherein the software application is arranged to invoke a radio communication function from the firmware module by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.
2. The method of claim 1, wherein the firmware module is a linked binary module.
3. The method of claim 1, wherein the firmware module is arranged so that all radio communication functions provided by the firmware module are invoked by supervisor call instructions having respective supervisor call numbers, according to a predetermined correspondence between numbers and functions.
4. The method of claim 1, further comprising compiling the software application and using the correspondence between supervisor call numbers and radio communication functions in said compiling.
5. The method of claim 1, further comprising using the predetermined software-application memory address when compiling and/or loading the software application.
6. The method of claim 1, wherein the software application is arranged to issue a supervisor call instruction by executing a dedicated SVC processor instruction.
7. The method of claim 1, wherein the firmware module and the software application each has a respective interrupt vector table, wherein the device is configured to use the vector table of the firmware module when processing an interrupt, and wherein the firmware module is configured so that all interrupts that the firmware module is not programmed to handle itself are passed on to the software application.
8. The method of claim 7, wherein the interrupt vector table of the firmware module has interrupt-vector-address offsets that are identical to interrupt-vector-address offsets in the interrupt vector table of the software application.
9. The method of claim 1, wherein the device comprises memory protection logic arranged to intercept memory access instructions and being configured to prevent the software application from reading or overwriting the firmware module.
10. A method of configuring an integrated-circuit radio communication device, wherein the device comprises a processor, memory, and radio communication logic, the method comprising:
loading a software application into the memory of the device, such that the application is stored at a predetermined application memory address; and
loading a firmware module into the memory of the device, such that the firmware module is stored at a predetermined firmware memory address, the firmware module comprising instructions for controlling the radio communication logic according to a predetermined radio protocol,
wherein:
the processor is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module, and (ii) making the supervisor call number available to the call handler; and
the software application is arranged to invoke a radio communication function from the firmware module by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.
11. The method of claim 10, wherein the firmware module and the software application each has a respective interrupt vector table, wherein the device is configured to use the vector table of the firmware module when processing an interrupt, and wherein the firmware module is configured so that all interrupts that the firmware module is not programmed to handle itself are passed on to the software application.
12. The method of claim 11, wherein the interrupt vector table of the firmware module has interrupt-vector-address offsets that are identical to interrupt-vector-address offsets in the interrupt vector table of the software application.
13. An integrated-circuit radio communication device, wherein:
the device comprises a processor, memory, and radio communication logic;
the memory has a firmware module stored at a firmware memory address, the firmware module comprising instructions for controlling the radio communication logic according to a predetermined radio protocol; and
the processor is configured to receive supervisor call instructions, each having an associated supervisor call number, and to respond to a supervisor call instruction by (i) invoking a supervisor call handler in the firmware module, and (ii) making the supervisor call number available to the call handler;
the memory has a software application stored at a predetermined application memory address, the software application being arranged to invoke a radio communication function from the firmware module by issuing a supervisor call instruction having an associated predetermined supervisor call number corresponding to the function to be invoked.
14. The device of claim 13, wherein the firmware module is arranged so that all radio communication functions provided by the firmware module are invoked by supervisor call instructions having respective supervisor call numbers, according to a predetermined correspondence between numbers and functions.
15. The device of claim 13, wherein the firmware module is arranged so that all functions provided by the firmware module are invoked by the issuing of supervisor call instructions.
16. The device of claim 13, configured so that no run-time linking is required when executing the software application on the device.
17. The device of claim 13, wherein the software application is arranged to issue a supervisor call instruction by executing a dedicated SVC processor instruction.
18. The device of claim 13, wherein the processor and/or software application are configured to make the values of one or more arguments available to the supervisor call handler.
19. The device of claim 13, wherein the processor is configured to handle a supervisor call instruction from the software application as an exception, wherein the processor supports a plurality of interrupt priorities, and wherein some functions in the firmware module are assigned a relatively high priority, with other functions in the firmware module having a relatively low priority.
20. The device of claim 19, wherein the software application is arranged to handle interrupts, assigning a relatively high priority to some event-driven functions, and a relatively low priority to other event-driven functions.
21. The device of claim 20, wherein the highest firmware priority level is higher than the highest software application priority level.
22. The device of claim 13, wherein the firmware module is configured to invoke a function in the software application in response to the firmware module receiving an interrupt.
23. The device of claim 13, wherein the firmware module and the software application each has a respective interrupt vector table, wherein the device is configured to use the vector table of the firmware module when processing an interrupt, and wherein the firmware module is configured so that all interrupts that the firmware module is not programmed to handle itself are passed on to the software application.
24. The device of claim 23, wherein the interrupt vector table of the firmware module has interrupt-vector-address offsets that are identical to interrupt-vector-address offsets in the interrupt vector table of the software application.
25. The device of claim 13, wherein the processor supports seamless transitions from one interrupt priority level to another.
26. The device of claim 13, comprising memory protection logic arranged to intercept memory access instructions and being configured to prevent the software application from reading or overwriting the firmware module and/or from reading or writing to RAM associated with the firmware module.
27. A non-transient, tangible medium containing a firmware module for loading on an integrated-circuit radio communication device comprising a processor, memory, and radio communication logic, at a firmware memory address, wherein the firmware module comprises:
instructions for controlling the radio communication logic according to a predetermined radio protocol; and
a supervisor call handler arranged to respond to a supervisor call instruction being issued by a software application by performing a radio communication function corresponding to a supervisor call number associated with the supervisor call instruction.
28. The non-transient, tangible medium of claim 27, wherein the firmware module is a linked binary module.
29. A non-transient, tangible medium containing a software application for loading on an integrated-circuit radio communication device comprising a processor, memory, and radio communication logic, at a predetermined software application memory address, wherein the software application is arranged to invoke a radio communication function by issuing a supervisor call instruction having an associated, predetermined supervisor call number corresponding to the function to be invoked.
US15/068,046 2012-06-27 2016-03-11 Integrated-circuit radio Abandoned US20160196170A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/068,046 US20160196170A1 (en) 2012-06-27 2016-03-11 Integrated-circuit radio

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB1211423.7 2012-06-27
GB201211423A GB2503471B (en) 2012-06-27 2012-06-27 Integrated-circuit radio
US13/924,160 US9317348B2 (en) 2012-06-27 2013-06-21 Integrated-circuit radio
US15/068,046 US20160196170A1 (en) 2012-06-27 2016-03-11 Integrated-circuit radio

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/924,160 Continuation US9317348B2 (en) 2012-06-27 2013-06-21 Integrated-circuit radio

Publications (1)

Publication Number Publication Date
US20160196170A1 true US20160196170A1 (en) 2016-07-07

Family

ID=46704313

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/924,160 Active 2034-03-21 US9317348B2 (en) 2012-06-27 2013-06-21 Integrated-circuit radio
US15/068,046 Abandoned US20160196170A1 (en) 2012-06-27 2016-03-11 Integrated-circuit radio

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/924,160 Active 2034-03-21 US9317348B2 (en) 2012-06-27 2013-06-21 Integrated-circuit radio

Country Status (8)

Country Link
US (2) US9317348B2 (en)
EP (1) EP2867768A1 (en)
JP (1) JP6326047B2 (en)
KR (1) KR102088690B1 (en)
CN (1) CN104412230B (en)
GB (1) GB2503471B (en)
TW (1) TWI603265B (en)
WO (1) WO2014001801A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160267030A1 (en) * 2013-12-23 2016-09-15 Nordic Semiconductor Asa Integrated-circuit radio
WO2020240235A1 (en) * 2019-05-31 2020-12-03 Micron Technology, Inc Controller for a memory component

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2515364B (en) * 2013-12-20 2015-06-17 Nordic Semiconductor Asa Updatable integrated-circuit radio
CN112203319B (en) * 2020-10-23 2022-07-15 四川长虹网络科技有限责任公司 Test method and device of ZigBee device, computer device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5161228A (en) * 1988-03-02 1992-11-03 Ricoh Company, Ltd. System with selectively exclusionary enablement for plural indirect address type interrupt control circuit
US20050262571A1 (en) * 2004-02-25 2005-11-24 Zimmer Vincent J System and method to support platform firmware as a trusted process
US20130338848A1 (en) * 2012-06-19 2013-12-19 Scott Park Method and Apparatus for Leveling Recreational Vehicles
US20140129808A1 (en) * 2012-04-27 2014-05-08 Alon Naveh Migrating tasks between asymmetric computing elements of a multi-core processor

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3632139A1 (en) 1986-09-22 1988-04-07 Bbc Brown Boveri & Cie Method of executing two programs which are written in different programming languages
JPS63296140A (en) * 1987-05-28 1988-12-02 Canon Inc Interruption control system
JPH07105124A (en) * 1993-10-06 1995-04-21 Toshiba Corp Interruption controller
CA2143488C (en) * 1995-02-27 2000-01-11 Robert Paul Duncan Dynamic link libraries without linker or loader support
US6223275B1 (en) * 1997-06-20 2001-04-24 Sony Corporation Microprocessor with reduced instruction set limiting the address space to upper 2 Mbytes and executing a long type register branch instruction in three intermediate instructions
US20020073398A1 (en) * 1998-12-14 2002-06-13 Jeffrey L. Tinker Method and system for modifying executable code to add additional functionality
JP2002108625A (en) * 2000-09-26 2002-04-12 Toshiba Corp Language processor and recording medium in which language processing program is stored
US7237121B2 (en) 2001-09-17 2007-06-26 Texas Instruments Incorporated Secure bootloader for securing digital devices
US6874069B2 (en) 2002-07-26 2005-03-29 Silicon Storage Technology, Inc. Microcontroller having an embedded non-volatile memory array with read protection for the array or portions thereof
US7120794B2 (en) * 2003-10-29 2006-10-10 Qualcomm Inc. System for invoking a privileged function in a device
US7206884B2 (en) * 2004-02-11 2007-04-17 Arm Limited Interrupt priority control within a nested interrupt system
JP2005242806A (en) * 2004-02-27 2005-09-08 Renesas Technology Corp Data processor
US7647589B1 (en) * 2005-02-07 2010-01-12 Parallels Software International, Inc. Methods and systems for safe execution of guest code in virtual machine context
US20070112680A1 (en) * 2005-11-11 2007-05-17 Infineon Technologies Ag System and method for processing digital media content in a mobile device
EP1980032B1 (en) * 2005-12-07 2016-03-09 Freescale Semiconductor, Inc. Wireless subscriber communication unit and method of power control with back-off therefor
FR2905819B1 (en) * 2006-09-12 2013-01-18 Wavecom METHOD FOR MANAGING THE SOFTWARE ARCHITECTURE OF A RADIO COMMUNICATION CIRCUIT, APPLICATION, CORRESPONDING COMPUTER PROGRAM PRODUCT AND CIRCUIT.
US20090096586A1 (en) * 2007-10-12 2009-04-16 Icontrol, Inc. Radiofrequency Tracking and Communication Device and Method for Operating the Same
US20090253384A1 (en) * 2008-04-04 2009-10-08 Stmicroelectronics, Ltd. Dual Mode Radio Frequency Front End Circuit
US8291202B2 (en) * 2008-08-08 2012-10-16 Qualcomm Incorporated Apparatus and methods for speculative interrupt vector prefetching
US8143699B2 (en) * 2009-02-25 2012-03-27 Taiwan Semiconductor Manufacturing Co., Ltd. Dual-dielectric MIM capacitors for system-on-chip applications
US20110117956A1 (en) * 2009-11-17 2011-05-19 Yosi Levi Industrial radio device with unified programming interface and methods
US8862178B2 (en) * 2010-02-24 2014-10-14 Qualcomm Incorporated Methods and systems for managing participation in multiple wireless networks
US20120255031A1 (en) * 2011-03-28 2012-10-04 Mcafee, Inc. System and method for securing memory using below-operating system trapping
US9063847B2 (en) * 2011-04-19 2015-06-23 Dell Products, Lp System and method for managing space allocation within a file system
US9563410B2 (en) * 2011-05-25 2017-02-07 Amx Llc Data-driven menuing system for providing a flexible user interface on an electronic device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5161228A (en) * 1988-03-02 1992-11-03 Ricoh Company, Ltd. System with selectively exclusionary enablement for plural indirect address type interrupt control circuit
US20050262571A1 (en) * 2004-02-25 2005-11-24 Zimmer Vincent J System and method to support platform firmware as a trusted process
US20140129808A1 (en) * 2012-04-27 2014-05-08 Alon Naveh Migrating tasks between asymmetric computing elements of a multi-core processor
US20130338848A1 (en) * 2012-06-19 2013-12-19 Scott Park Method and Apparatus for Leveling Recreational Vehicles

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160267030A1 (en) * 2013-12-23 2016-09-15 Nordic Semiconductor Asa Integrated-circuit radio
US10055367B2 (en) * 2013-12-23 2018-08-21 Nordic Semiconductor Asa Integrated-circuit radio
WO2020240235A1 (en) * 2019-05-31 2020-12-03 Micron Technology, Inc Controller for a memory component
US11755350B2 (en) 2019-05-31 2023-09-12 Micron Technology, Inc. Controller for a memory component

Also Published As

Publication number Publication date
JP6326047B2 (en) 2018-05-16
TWI603265B (en) 2017-10-21
EP2867768A1 (en) 2015-05-06
GB2503471A (en) 2014-01-01
TW201401169A (en) 2014-01-01
GB201211423D0 (en) 2012-08-08
US9317348B2 (en) 2016-04-19
JP2015524964A (en) 2015-08-27
KR20150024927A (en) 2015-03-09
US20140007141A1 (en) 2014-01-02
KR102088690B1 (en) 2020-03-16
GB2503471B (en) 2015-05-06
CN104412230A (en) 2015-03-11
CN104412230B (en) 2018-06-22
WO2014001801A1 (en) 2014-01-03

Similar Documents

Publication Publication Date Title
EP3702923B1 (en) Memory protection
US20160196170A1 (en) Integrated-circuit radio
US9891908B2 (en) Updatable integrated-circuit radio
US10055367B2 (en) Integrated-circuit radio
CN106922189B (en) Equipment agent device and control method thereof
US20160139846A1 (en) Method and an integrated circuit for executing a trusted application within a trusted runtime environment
Rivera Hardware-based data protection/isolation at runtime in Ada code for microcontrollers

Legal Events

Date Code Title Description
AS Assignment

Owner name: NORDIC SEMICONDUCTOR ASA, NORWAY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:STAPLETON, JOEL DAVID;REEL/FRAME:037959/0201

Effective date: 20130730

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION