In the previous article, we learned the working principle of IAP and the three important functions of IAP: data interaction, data storage and program jump .
These three important functions are called " IAP's three axes ". Next, let's see what details these three axes accomplish and how to implement them.
1. Data interaction
The function of data interaction is one of the core functions of IAP. The function of this function is to enable the device to complete data interaction with the outside. The main purpose of data interaction is to obtain the new version of program firmware .
There are usually two ways of IAP data interaction: the way of reading files and the way of sending and receiving data .
The method of reading files means that the device reads the storage medium through the interface, and obtains the program firmware to update . In this way, the device can use the USB interface to read the U disk, and use the card reader interface to read the SD card.
The method of reading files requires the device to have a file system function (such as the FatFs file system). In this method, the new version of the program firmware is stored in the storage medium with a specific name , and the storage medium is inserted into the storage interface of the device. file, only when a file with a specific name is detected, the device will update the program firmware according to the content in the file with a specific name. This method only needs one memory (no need to connect other devices), which is very suitable for updating firmware offline in small batches.
The method of sending and receiving data means that the device communicates with the outside through the communication interface to obtain the program firmware to update . In this way, the device can use the 485 interface or Ethernet port to send and receive data with the outside.
For example, the device uses the network port to receive data from the cloud server. The server divides the new version of the firmware program file into n small data packets and sends them to the device. After receiving the data, the device saves the data one by one to obtain the complete program firmware. Then perform the update operation. This method is suitable for unmanned upgrades, and is also very suitable for mass online firmware updates. 
It is more common to send and receive data for IAP data interaction, and this method will be explained in detail next . The essence of data transmission is communication, and the communication function is realized by the underlying hardware and communication protocol. The underlying hardware can be 485 interface, Ethernet port, Bluetooth interface, etc. The data in the communication must be packaged and sent and analyzed according to a certain format , so it is necessary to formulate a communication protocol. The key point of sending and receiving data is to formulate a communication protocol and realize the function of the communication protocol.
There are two ways to implement the communication protocol: using a common protocol and using a custom protocol .
The general communication protocols suitable for IAP include XModem, YModem and other protocols. These protocols are relatively simple and are very suitable for transferring small files. The biggest advantage of using a common protocol is that you don’t need to design specific host computer software , and you can directly use ready-made software tools to transfer files. For example, the software tool SecureCRTPortable can support XModem, YModem and other protocols.
Custom communication protocol means that the company customizes a set of dedicated communication protocols according to the needs . The protocol customized in this way is very suitable for the device, and it is more friendly to the development of the firmware program software of the device, but this method requires the upper computer engineer to realize the file sending function of the upper computer.
Regardless of whether a common communication protocol or a custom communication protocol is used, the communication protocols must at least include the following communication instructions:
1. An upgrade request instruction. Before the upgrade, send the upgrade request to make the devices of both parties enter the ready state.
2. Data packet request instruction. It refers to sending and receiving firmware data one by one during the upgrade process.
3. End request command. It means that after the firmware data is sent, the device will be notified that the data has been sent, and the device will update the firmware by itself after receiving the notification.
2. Data storage
Data storage is one of the core functions of IAP. The main function of this function is to access (read/write) the internal memory of the device. The main purpose of data storage is to write the new version of the app program firmware into the designated location of the internal memory of the device in the form of data. .
The basic operation of data storage is to read/write memory. At present, the internal memory of embedded devices is usually NOR-FLASH (on-chip FLASH), and the firmware running on the device is stored in NOR-FLASH. Embedded devices can directly run NOR-FLASH instruction (XIP) . The on-chip FLAHS can store not only firmware but also other data. Therefore, the basic operation of data storage is FLASH read and write operations. FLASH read and write has the following characteristics:
1. The minimum erasing unit is a sector.
2. One sector must be erased before data can be written. Data becomes all 1s after sector erase.
3. Data write operation can only write data from 1 to 0, but not from 0 to 1. If the sector data has already been written, it needs to be erased and then written.
The figure below is the internal FLASH data table of the STM32 series MCU: 
Planning the FLASH interval is an important part of data storage. Usually, the FLASH is divided into the following intervals :
1. The bootloader interval stores the bootloader program firmware.
2. The app section stores the firmware that needs to run the app program.
3. The app backup section stores the latest version of the app program firmware received.
4. The update flag bit interval stores the update flag bit. 
Among them, the bootloader interval, the app interval and the update flag interval are necessary, and the app backup interval can be selected according to the actual situation.
The important function of data storage is to write the latest app program firmware into the app area in the form of data. There are two ways to write data to the app area :
1. Single packet writing. After the device receives a data packet, it writes a packet of data into the app area memory, that is, writes a packet of data to the app area every time a packet of data is received. Usually, the data length of each packet is fixed (the last packet can be filled with 0XFF), at this time, it is necessary to calculate how many packets a sector contains to ensure that the sector has been erased before writing data.
2. Write the whole package. After the device can receive a data packet, it first writes a packet of data into the app backup area memory, and after receiving all the packets, writes the app backup area data into the app interval in units of sectors.
After the app data is written, a flag needs to be written in the FLASH update flag area . The bootloader can read the flag to determine whether to update the app data. Therefore, it is necessary to complete the upgrade completion flag and check the upgrade flag. In order to improve the stability, the flag uses a string of magic numbers as the flag. For example, the first 5 data of the flag bit interval are 0x13, 0x14, 0x17, 0x55, 0x20 when updating is required, and the first 5 data of the flag bit interval are not required to be updated. The data is 0xFF, 0xFF, 0xFF, 0xFF, 0xFF.
3. Jump
The IAP function usually requires two project codes: the first project code does not perform the product function operation part of the code called bootloader, and the second project code performs the real product function, and this part of the code is called app. Both the bootloader and app codes are burned into the Flash at the same time. When the chip is powered on, the bootloader code starts to run first, and then jumps and executes the app code.
Program jump is the core function of IAP. The main purpose of program jump is to jump from the bootloader program to the APP program and let the APP program run . Program jump is also the most difficult part to understand in IAP, and it needs to be unveiled step by step.
3.1 Project start
After each reset, the MCU can restart the written firmware (written into the MCU internal FLASH). There are two main reasons for the underlying operating logic to realize this phenomenon:
1. After the MCU is reset, the PC register is forced to an initial value (usually 0X00000000), so the MCU obtains the first instruction from the address 0X00000000.
2. When compiling the project, usually the starting position of the project configuration code download (usually 0X00000000), the compiled firmware will carry the starting position information. When using the FLASH programming tool to download the firmware, the programming software will start programming the firmware from the specified starting location to the FLASH according to the starting location information.
Since the starting position of the code downloaded to the MCU's internal FLASH is 0X00000000, and the PC value is also 0X00000000 after the MCU is reset, it can start to write the MCU's internal FLASH firmware from the beginning after each reset . The start-up process after MCU reset is as follows:
Taking STM32 series MCU as an example, after reset, first take out the value from address 0x00000000 and force write it into MSP (MSP initialization), then take out the value from address 0x00000004 and force it into PC, and then from address 0x00000004 The address corresponding to the data is fetched and run.
The main flash memory of STM32 series MCU is the built-in Flash (chip Flash) of STM32. The normal working mode is to map the main built-in Flash address 0x08000000 to 0x00000000 , so that after the code starts, it is equivalent to starting from 0x08000000. The figure below is a HEX file compiled by the STM32 series project. It can be seen from the figure that the HEX file will be programmed from the FLASH address 0x08000000 (the starting position of the program).
3.2 Jump principle
After reset, the PC value is assigned to 0X00000000, and the starting position of the firmware in FLASH is 0X00000000, so that it can ensure that the firmware can be restarted after each reset. Then we download the firmware code B to 0X0000Y000, and then set the PC value to 0X0000Y000, will it jump to the firmware code B ?
This idea is completely correct. In fact, this is the working principle of IAP jump: the bootloader firmware code is downloaded to 0X00000000, and the app firmware code is downloaded to 0X0000Y000. After reset, the bootloader runs first, and then the bootloader code executes the PC to set to 0X0000Y000, jump to app firmware code.
There are two key points in the working principle of IAP jump:
1. Modify the download start position of the project code.
2. Simulate the reset process, and force the PC value to be modified to complete the jump action.
Modify the starting position of the project code
Normally, we can modify the downloading start position of the project code by configuring the project parameters. Take the STM32 series MCU and use the KEIL development environment as an example. Click on the project settings and change the initial value of IROM1 to 0x8020000. At this time, the project will modify the initial position of the code download to 0x8020000 ( the MCU will map 0x08020000 to 0x00020000 ).
After configuring the initial value of IROM1 of the project, compile the project, open the HEX file, and you can find that the initial location of the download is 0x0802000.
Modify the PC value to complete the jump
So how to simulate the reset process to complete the jump action? After the STM32 series MCU is reset, first take out the value from address 0x00000000 and force it into MSP (MSP initialization), then take out the value from address 0x00000004 and force it into PC, and then fetch and run from the address corresponding to the data in address 0x00000004.
Therefore, the simulated reset process first completes the MSP initialization, and then force writes the PC value. The jump code of the simulated reset process is as follows:
From the code, the program first converts the value in the address 0x00020004 into a function jump_to_application, and then in the address 0x00020000 The value is assigned to MSP, and finally the jump_to_application function is executed. Executing the jump_to_application function is equivalent to jumping to the code corresponding to the value in address 0x00020004.
Disassemble the project, analyze the execution flow of the running instructions, and the code is disassembled as shown in the figure below :
the analysis of the core assembly code is as follows:
MOV r0,#0x20000 ; 将立即数0x20000存入r0
LDM r0,{
r0,r4} ; 将地址0x20000中的数据存入r0,地址0x20004中的数据存入r4
BLX r4 ; 跳转至r4指向的地址,即地址0x20004中的数据指向的地址
Jump instructions (branch instructions) in assembly can be used to change the execution flow of a program or call a subroutine. In the ARM architecture, there are two ways to realize the program flow jump:
1. Use branch instructions
2. Write the target address value to the program counter PC.
Any jump in the address space of 4G (32-bit system) can be realized by writing the jump address to the program counter PC, and the jump space is limited by using the branch instruction. The jump instructions in the ARM architecture are as follows:
3.3 Build an instance
Combining the two knowledge points of modifying the download start position of the code and the simulation reset process to modify the PC value to complete the jump, take the STM32 series MCU as an example to build an IAP project. This project includes two projects: bootloader project and app project .
The download starting position of the project code is set: the bootloader project uses the default configuration of 0x08000000, and the app project configuration is 0x08020000. The configuration of the two projects is as follows:
After completing the necessary functions in the bootloader project, call the iap_jump_to_app function to jump to the location pointed to by the value in the address 0x08020000 to execute the code. The iap_jump_to_app function is as follows:
After completing the bootloader project and app project, compile the two projects and download the two projects to the MCU, we will find that the MCU runs the bootloader firmware first, and then runs the app firmware, thus completing the IAP project construction. When downloading firmware, be sure to remove the Erase Full Chip option, otherwise the entire FLASH will be erased when downloading the second firmware, so the first downloaded firmware (the previous firmware) will be erased !
3.4 Precautions
In the previous section, a simple IAP project was built, MSP and PC were set in the bootloader, and the MCU jumped to the app firmware. This jump process actually simulated a reset process . Make the MCU start to execute the app firmware. Before the app firmware, a piece of startup code is usually executed, and the startup code will initialize peripherals such as RAM.
But the real reset is initiated by the hardware, and the hardware will set all peripherals to default settings. Usually, all peripherals are turned off by default and GPIO is set to the input state. Although the app firmware executes the boot code, all peripheral devices save the state set in the bootloader firmware . If these peripherals (such as USART, ADC, TIMER, etc.) are configured and enabled in the bootloader, they will affect the app. The operation has abnormal effects, so before the bootloader executes the jump, all peripherals used in the bootloader need to be turned off.
In addition to turning off the peripherals before the bootloader executes the jump, it is also necessary to remap the interrupt vector of the MCU . What is the interrupt vector?
The interrupt vector refers to the interrupt entry address generated by the hardware in the computer system. Interruption means that when a special request occurs during the execution of the computer program, the computer stops the currently running program, jumps to the processing program for these special requests, and returns to the interrupted part of the program to continue execution after the processing is completed. 
In the ARM architecture processor, the size of the interrupt vector is 4 bytes, and what is stored in it is not the entry address of the interrupt routine service program, but a jump instruction. When an interrupt occurs, the hardware automatically executes the jump code at the corresponding interrupt vector, and jumps to the entry address of the corresponding interrupt service program.
The interrupt vector specifies the entry address of the interrupt service. This entry address is determined by the hardware. The bootloader project uses the default configuration, and the interrupt vector matches the bootloader project code. After jumping to the app project, the interrupt vector has not changed, so if an interrupt occurs in the app project, the program will jump to the bootloader project code at this time ! Therefore, we need to reset the interrupt vector after the app project starts, otherwise the program will run abnormally!
What happens if the peripherals and interrupt vectors are not operated accordingly? Next use a counterexample to see how it turns out.
The core code of the bootloader project is as follows :
It can be seen from the bootloader code that the system starts the tick timer, and the print information is output in the tick timer interrupt function. After the configuration is completed, the jump function is executed to jump to the app firmware.
The core code of the app project is as follows :
It can be seen from the app code that the tick timer is enabled by the system, and the print information is output in the tick timer interrupt function. After the configuration is completed, it enters the whlie(1) process to output the print information regularly.
The result of running the project is as follows :
According to the serial port information, when the app code is running, the tick timer generates an interrupt and jumps to the bootloader code, and executes the tick timer interrupt function in the bootloader code !
4. Summary
This article explains the three important functions of IAP: data interaction, data storage and program jump. And build a simple IAP project, and explain the precautions in designing the IAP project. The next article will introduce in detail how to complete the IAP function code and build a completed IAP project.
Creation is not easy, I hope friends will like, forward, comment, and follow!
Your likes, forwards, comments, and attention will be the driving force for my continuous updates!
CSDN: https://blog.csdn.net/li_man_man_man
Today's headlines: https: //www.toutiao.com/article/7149576260891443724