Rabbit 4000 Microprocessor User's Manual

27. System/User Mode

27.1 Overview

The Rabbit 4000 provides support for two tiers of control in the processor: System Mode, which provides full access to all processor resources; and User Mode, a more restricted mode. Table 27-1 describes the essential differences between the System Mode and the User Mode. The System Mode is essentially the same as the normal operation when the System/User Mode is disabled.

Table 27-1. Differences Between System Mode and User Mode

System Mode	User Mode
All peripherals accessible.	No peripherals accessible by default.
All processor control registers available.	No processor control registers available.
All interrupt priorities available.	Interrupt Priority 3 not allowed.
IDET instruction has no effect.	IDET instruction causes Priority 3 "System mode violation" interrupt.
No write protection when 0x00 is written to WPCR (write protection in User mode only)	Write to protected segment causes Priority 3 "write protection violation" interrupt.
Easy to enter user mode (SETUSR instruction).	Difficult to enter system mode (requires interrupt, SYSCALL, or RST instruction).

The main intent of the System/User Mode is to protect critical code (for example, code that performs remote firmware updates), data, and the current processor state (memory setup, peripheral control, etc.) from inadvertent changes by the user's standard code. By removing access to the processor's I/O registers and preventing memory writes to critical regions, the user's code can run without the danger of locking up the processor to the point where it cannot be restarted remotely and/or new code uploaded.

27.1.1 Registers

Register Name	Mnemonic	I/O Address	R/W	Reset
Enable Dual-Mode Register	EDMR	0x0420	W	00000000
Real-Time Clock User Enable Register	RTUER	0x0300	W	00000000
Slave Port User Enable Register	SPUER	0x0320	W	00000000
Parallel Port A User Enable Register	PAUER	0x0330	W	00000000
Parallel Port B User Enable Register	PBUER	0x0340	W	00000000
Parallel Port C User Enable Register	PCUER	0x0350	W	00000000
Parallel Port D User Enable Register	PDUER	0x0360	W	00000000
Parallel Port E User Enable Register	PEUER	0x0370	W	00000000
Input Capture User Enable Register	ICUER	0x0358	W	00000000
I/O Bank User Enable Register	IBUER	0x0380	W	00000000
PWM User Enable Register	PWUER	0x0388	W	00000000
Quad Decode User Enable Register	QDUER	0x0390	W	00000000
External Interrupt User Enable Register	IUER	0x0398	W	00000000
Timer A User Enable Register	TAUER	0x03A0	W	00000000
Timer B User Enable Register	TBUER	0x03B0	W	00000000
Timer C User Enable Register	TCUER	0x3F8	W	00000000
Serial Port A User Enable Register	SAUER	0x03C0	W	00000000
Serial Port B User Enable Register	SBUER	0x3D0	W	00000000
Serial Port C User Enable Register	SCUER	0x3E0	W	00000000
Serial Port D User Enable Register	SDUER	0x3F0	W	00000000
Serial Port E User Enable Register	SEUER	0x03C8	W	00000000
Serial Port F User Enable Register	SFUER	0x3D8	W	00000000
Enable Dual-Mode Register	EDMR	0x0420	R/W	00000000

27.2 Dependencies

27.2.1 I/O Pins

There are no pin dependencies for the System/User Mode.

27.2.2 Clocks

There are no clock dependencies for the System/User Mode.

27.2.3 Other Registers

Any writes to the internal I/O registers listed in Table 27-2 are ignored when the System/User Mode is enabled and the processor is in the User Mode.

Table 27-2. I/O Addresses Inaccessible in User Mode 

Register Name	Mnemonic	I/O Address
Global Control/Status Register	GCSR	0x0000
Watchdog Timer Control Register	WDTCR	0x0008
Watchdog Timer Test Register	WDTTR	0x0009
Global Clock Modulator 0 Register	GCM0R	0x000A
Global Clock Modulator 1 Register	GCM1R	0x000B
Secondary Watchdog Timer Register	SWDTR	0x000C
Global Power Save Control Register	GPSCR	0x000D
Global Output Control Register	GOCR	0x000E
Global Clock Double Register	GCDR	0x000F
MMU Instruction/Data Register	MMIDR	0x0010
Stack Segment Register	STACKSEG	0x0011
Data Segment Register	DATASEG	0x0012
Segment Size Register	SEGSIZE	0x0013
Memory Bank 0 Control Register	MB0CR	0x0014
Memory Bank 1 Control Register	MB1CR	0x0015
Memory Bank 2 Control Register	MB2CR	0x0016
Memory Bank 3 Control Register	MB3CR	0x0017
MMU Expanded Code Register	MECR	0x0018
Memory Timing Control Register	MTCR	0x0019
Stack Segment Low Register	STKSEGL	0x001A
Stack Segment High Register	STKSEGH	0x001B
Breakpoint/Debug Control Register	BDCR	0x001C
Memory Alternate Control Register	MACR	0x001D
Data Segment Low Register	DATSEGL	0x001E
Data Segment High Register	DATSEGH	0x001F
DMA registers		0x0100 – 0x01FF
Network Port A registers		0x0200 – 0x02FF
User Enable and Breakpoint registers		0x0300 – 0x03FF
Memory Protection registers		0x0400 – 0x04FF

27.2.4 Interrupts

The System Mode Violation interrupt occurs whenever the IDET instruction is executed while the System/User mode is enabled and the processor is in the User Mode. Its purpose is to trap when system code is being executed while the processor is in the User Mode.

The System Mode Violation interrupt vector is in the IIR at offset 0x180. It always occurs at Priority 3.

Note that Priority 3 is not available while the System/User Mode is enabled and the processor is in the User Mode. If the processor is placed into Priority 3 either by an instruction or an interrupt, it will respond as if it was set to Priority 2.

When the System/User Mode is enabled, it is critical to handle the SU stack in interrupts as well as the IP stack; always perform a SURES before the IPRES at the end of the interrupt.

27.3 Operation

The System/User Mode is designed to work with the memory and stack protection features of the Rabbit 4000 processor to provide a seamless framework for protection of critical code. However, there are many levels at which the System/User Mode can be used — some examples are described here.

27.3.1 Memory Protection Only

At the beginning of the user program, all necessary peripherals are enabled, all peripheral interrupts to be used are set up for the User Mode, critical memory regions are protected, stack limits are set, and the various system/memory/stack violation interrupts are enabled. The processor then enters the User Mode and remains in the User Mode for all operations (interrupts can be handled however the user desires). Obviously the critical interrupts can be handled in the System Mode, but at that point the device is typically reset and the error is logged. Figure 27-1 shows an overview of this level of operation.

Figure 27-1. System/User Mode Setup for Memory Protection Only

27.3.2 Mixed System/User Mode Operation

This mode is similar to the previous mode, but with some portions of the program written for System Mode — for example, peripheral interrupts where latency is critical. By keeping the System Mode code sections small, potential system crashes are still minimized. Figure 27-2 shows an overview of this level of operation.

Figure 27-2. System/User Mode Setup for Mixed Operation

27.3.3 Complete Operating System

This section describes a "full" use of the System/User Mode — separating all common functions into a System Mode "operating system" while letting the application-specific code run in the User Mode. By default, the System Mode handles all peripherals and interrupts, as well as high-level interfaces such as a flash file system. However, the processor will be running the application code in the User Mode most of the time.

The application code can request direct access to a peripheral and/or interrupt from the System Mode. If allowed, the System Mode can create an interrupt vector as described in Section 27.3.7 that will execute the user code interrupt handler.

When the application code wants to perform an action that is controlled by the System Mode, it can request the particular action by loading the appropriate value into HL and executing SYSCALL. This requires generating a list of all the actions that the application code would want to do, assigning values to each action, and implementing a SYSCALL handler in the System Mode that parses the value passed to it and calls the appropriate function.

Write protection should be enabled (User Mode only) for all blocks containing system code and data as well as any critical memory regions.

If any critical interrupts occur (stack limit violation, system mode violation, write protection violation), System Mode handlers can perform any of a number of operations: restart the application code, signal another device, halt operation, and so on.

Figure 27-3 shows an overview of this level of operation.

Figure 27-3. System/User Mode Setup for Operating System

27.3.4 Enabling the System/User Mode

The following steps describe how to enable the System/User Mode.

1. If a peripheral needs to be accessed while in User Mode, write to the appropriate user enable register to allow that access.

2. Write a 1 to bit 0 of EDMR to enable System/User Mode.

3. Execute the SETUSR instruction to enter User Mode.

After the User Mode is entered, the limitations described earlier are in effect — writes to protected registers will be ignored, Priority 3 is not available, and executing an IDET will cause a System Mode Violation interrupt. Other features such as write protection may be effect for user mode as well.

27.3.5 System/User Mode Instructions

Seven instructions exist primarily to support the System/User Mode, and are listed in Table 27-3. Note that IDET shares the value of LD E,E in the opcode table, and will always perform that operation (but will have special behavior when the System/User Mode is enabled and the processor is in System Mode). In addition, if the ALTD prefix appears before the instruction, LD E',E is always executed and the special behavior does not occur.

Table 27-3. System/User Mode Instructions 

Instruction	Bytes	clk	A	I	S	Z	V	C	Operation	Priv
SETUSR	2	4		-	-	-	-	-	SU = {SU[5:0], 0x01}	Yes
PUSH SU	2	9		-	-	-	-	-	(SP-1) = SU; SP = SP - 1	Yes
POP SU	2	7		-	-	-	-	-	SU = (SP); SP = SP + 1	Yes
SURES	2	4		-	-	-	-	-	SU = {SU[1:0], SU[7:2]}	Yes
IDET	1	2		-	-	-	-	-	Performs LD E,E, but if (EDMF && SU[0]) then the System Violation interrupt flag is set; if ALTD appears before it always does LD E',E	No
RDMODE	2	4		-	-	-	-	*	CF = SU[0]	Yes
SYSCALL	2	10		-	-	-	-	-	SP = SP - 2; PC = {R,v} where v = SYSCALL offset	No
SCALL	2	15		-	-	-	-	-	(SP-1) = PCH; (SP-2) = PCL; (SP-3) = SU; SP = SP - 3; PC = {IIR, 01100000}; SU = {SU[5:0], 00}	No
SRET	2	12		-	-	-	-	-	SU = (SP); PCL = (SP+1); PCH = (SP+2); SP = SP+3	No
SETUSRP mn	4	15		-	-	-	-	-	SU = {SU[7:2], 01}, (SP-1) = m; (SP-2) = n; SP = SP-2	No
SETSYSP mn	4	12		-	-	-	-	-	SU = {SU[1:0], SU[7:2]}; tmpl = (SP); tmph = (SP+1); SP = SP+2; if {tmp ! = mn} System Violation	No

The processor keeps a one-byte stack (called the SU register) that is analogous to the IP register that keeps track of the interrupt priority. Every time SETUSR is executed (to enter the User Mode), or an interrupt occurs, or SYSCALL or RST is executed (to enter System Mode), the current mode is pushed onto the SU register. When a SURES is executed, the previous mode is popped off the SU register.

The effects of each instruction are:

• The SETUSR instruction puts the processor into the User Mode by pushing the correct value into the SU register.

• PUSH SU and POP SU push and pop the single-byte SU register on/off the SP stack.

• SURES pops the current processor mode off the SU register, returning it to the previous mode.

• IDET causes an interrupt if executed in the User Mode, and does nothing in System Mode. It is intended to be placed in system-level code and trap any execution of that code while in the User Mode.

• RDMODE returns the current mode in the carry flag (0 for System Mode, 1 for User Mode).

• SYSCALL is essentially a new RST instruction, and was added to allow User Mode access to the System Mode without using one of the existing RST instructions. It will put the processor into the System Mode and execute code in the corresponding interrupt-vector table entry.

• SCALL is another RST instruction that vectors to the same address as SYSCALL. The difference is that it also pushes the value of the SU register as well as the return address onto the stack.

• SRET is the companion instruction to SCALL; it expects both SU and the return address to be on the stack.

• SETSYSP and SETUSRP are support functions for handing user mode interrupts. pushes a 16-bit compare value onto the stack and enters user mode. SETSYSP pops a 16-bit value off the stack and compares it to the provided value; a system mode violation interrupt occurs if they do not match. These two instructions provide protection for User Mode interrupts by checking for both main stack and SU stack mismatches when the User Mode handler returns.

27.3.6 System Mode Violation Interrupt

The following steps describe how to set up the System Mode Violation interrupt.

1. Write the vector to the interrupt service routine to the internal interrupt table.

2. Enable the system/user mode by writing to EDMR.

3. The interrupt request is cleared automatically when handled.

A sample interrupt handler is shown below.

sysmode_isr::
   push af

   ; handle the system mode violation here

   pop af
   sures
   ipres
   ret

27.3.7 Handling Interrupts in the System/User Mode

Interrupts, RSTs, SYSCALL, and SCALL all enter the System Mode automatically. There will be times, however, that an interrupt should be handled in the User Mode. The solution to this is for System Mode interrupt vector to reenter the User Mode before calling the User Mode interrupt handler. An example of both system and user interrupt handling is shown in Figure 27-4.

When enabled for User Mode access, a peripheral interrupt (if it is capable of generating an interrupt) can only be requested at Priority 2 or 1.

Figure 27-4. Interrupt Handing in the System/User Mode

Some sample code for both System Mode interrupts and User Mode interrupts is shown below. The use of SETUSRP and SETSYSP provides checks against stack mismatches and incorrect System/User Modes coming out of the User Mode handler.

systemmode_isr:                ; jumped to from interrupt vector table
    ... handle interrupt ...
   sures                       ; reenter previous mode
   ipres                       ; restore previous interrupt priority
   ret

usermode_isr:                  ; jumped to from interrupt vector table
                               ;    (still in system mode at this point)
   push su                     ; preserve current SU stack
   setusrp 0x1234              ; enter user mode with stack compare value
   call user_handler           ; handle interrupt at user level
   setsysp 0x1234              ; return to system mode
   sures                       ; reenter previous mode
   ipres                       ; restore previous interrupt priority
   ret

27.4 Register Descriptions

Real-Time Clock User Enable Register (RTUER) (Address = 0x0300)
Bit(s)	Value	Description
7	0	Disable User Mode access to the RTC (I/O addresses 0x0002–0x0007).
	1	Enable User Mode access to the RTC (I/O addresses 0x0002–0x0007).
6:0		These bits are reserved and should be written with zeros.

Slave Port User Enable Register (SPUER) (Address = 0x0320)
Bit(s)	Value	Description
7	0	Disable User Mode access to the slave port (I/O addresses 0x0020–0x0027).
	1	Enable User Mode access to the slave port (I/O addresses 0x0020–0x0027).
6:0		These bits are reserved and should be written with zeros.

Parallel Port A User Enable Register (PAUER) (Address = 0x0330)
Bit(s)	Value	Description
7	0	Disable User Mode access to Parallel Port A (I/O addresses 0x0030–0x0037).
	1	Enable User Mode access to Parallel Port A (I/O addresses 0x0030–0x0037).
6:0		These bits are reserved and should be written with zeros.

Parallel Port B User Enable Register (PBUER) (Address = 0x0340)
Bit(s)	Value	Description
7	0	Disable User Mode access to Parallel Port B (I/O addresses 0x0040–0x0047).
	1	Enable User Mode access to Parallel Port B (I/O addresses 0x0040–0x0047).
6:0		These bits are reserved and should be written with zeros.

Parallel Port C User Enable Register (PCUER) (Address = 0x0350)
Bit(s)	Value	Description
7	0	Disable User Mode access to Parallel Port C (I/O addresses 0x0050–0x0055).
	1	Enable User Mode access to Parallel Port C (I/O addresses 0x0050–0x0055).
6:0		These bits are reserved and should be written with zeros.

Parallel Port D User Enable Register (PDUER) (Address = 0x0360)
Bit(s)	Value	Description
7	0	Disable User Mode access to Parallel Port D (I/O addresses 0x0060–0x006F).
	1	Enable User Mode access to Parallel Port D (I/O addresses 0x0060–0x006F).
6:0		These bits are reserved and should be written with zeros.

Parallel Port E User Enable Register (PEUER) (Address = 0x0370)
Bit(s)	Value	Description
7	0	Disable User Mode access to Parallel Port E (I/O addresses 0x0070–0x007F).
	1	Enable User Mode access to Parallel Port E (I/O addresses 0x0070–0x007F).
6:0		These bits are reserved and should be written with zeros.

Input Capture User Enable Register (ICUER) (Address = 0x0358)
Bit(s)	Value	Description
7	0	Disable User Mode access to input capture (I/O addresses 0x0056–0x005F).
	1	Enable User Mode access to input capture (I/O addresses 0x0056–0x005F).
6:0		These bits are reserved and should be written with zeros.

I/O Bank User Enable Register (IBUER) (Address = 0x0380)
Bit(s)	Value	Description
7	0	Disable User Mode access to I/O Bank 7 (and internal I/O address 0x0087).
	1	Enable User Mode access to I/O Bank 7 (and internal I/O addresses 0x0087).
6	0	Disable User Mode access to I/O Bank 6 (and internal I/O address 0x0086).
	1	Enable User Mode access to I/O Bank 6 (and internal I/O addresses 0x0086).
5	0	Disable User Mode access to I/O Bank 5 (and internal I/O address 0x0085).
	1	Enable User Mode access to I/O Bank 5 (and internal I/O addresses 0x0085).
4	0	Disable User Mode access to I/O Bank 4 (and internal I/O address 0x0084).
	1	Enable User Mode access to I/O Bank 4 (and internal I/O addresses 0x0084).
3	0	Disable User Mode access to I/O Bank 3 (and internal I/O address 0x0083).
	1	Enable User Mode access to I/O Bank 3 (and internal I/O addresses 0x0083).
2	0	Disable User Mode access to I/O Bank 2 (and internal I/O address 0x0082).
	1	Enable User Mode access to I/O Bank 2 (and internal I/O addresses 0x0082).
1	0	Disable User Mode access to I/O Bank 1 (and internal I/O address 0x0081).
	1	Enable User Mode access to I/O Bank 1 (and internal I/O addresses 0x0081).
0	0	Disable User Mode access to I/O Bank 0 (and internal I/O address 0x0080).
	1	Enable User Mode access to I/O Bank 0 (and internal I/O addresses 0x0080).

PWM User Enable Register (PWUER) (Address = 0x0388)
Bit(s)	Value	Description
7	0	Disable User Mode access to the PWM (I/O addresses 0x0088–0x008F and 0x00E8–0x00E9).
	1	Enable User Mode access to the PWM (I/O addresses 0x0088–0x008F and 0x00E8–0x00E9).
6:0		These bits are reserved and should be written with zeros.

Quad Decode User Enable Register (QDUER) (Address = 0x0390)
Bit(s)	Value	Description
7	0	Disable User Mode access to the Quadrature Decoder (I/O addresses 0x0090–0x0097).
	1	Enable User Mode access to the Quadrature Decoder (I/O addresses 0x0090–0x0097).
6:0		These bits are reserved and should be written with zeros.

External Interrupt User Enable Register (IUER) (Address = 0x0398)
Bit(s)	Value	Description
7:2		These bits are reserved and should be written with zeros.
1	0	Disable User Mode access to External Interrupt 1 (I/O address 0x0099).
	1	Enable User Mode access to External Interrupt 1 (I/O addresses 0x0099).
0	0	Disable User Mode access to External Interrupt 0 (I/O address 0x0098).
	1	Enable User Mode access to External Interrupt 0 (I/O addresses 0x0098).

Timer A User Enable Register (TAUER) (Address = 0x03A0)
Bit(s)	Value	Description
7	0	Disable User Mode access to Timer A (I/O addresses 0x00A0–0x00AF).
	1	Enable User Mode access to Timer A (I/O addresses 0x00A0–0x00AF).
6:0		These bits are reserved and should be written with zeros.

Timer B User Enable Register (TBUER) (Address = 0x03B0)
Bit(s)	Value	Description
7	0	Disable User Mode access to Timer B (I/O addresses 0x00B0–0x00BF).
	1	Enable User Mode access to Timer B (I/O addresses 0x00B0–0x00BF).
6:0		These bits are reserved and should be written with zeros.

Timer C User Enable Register (TCUER) (Address = 0x03F8)
Bit(s)	Value	Description
7	0	Disable User Mode access to Timer C (I/O addresses 0x0500–0x050F and 0x00F8–0x00F9).
	1	Enable User Mode access to Timer C (I/O addresses 0x0500–0x050F and 0x00F8–0x00F9).
6:0		These bits are reserved and should be written with zeros.

Serial Port A User Enable Register (SAUER) (Address = 0x03C0)
Bit(s)	Value	Description
7	0	Disable User Mode access to Serial Port A (I/O addresses 0x00C0–0x00C7).
	1	Enable User Mode access to Serial Port A (I/O addresses 0x00C0–0x00C7).
6:0		These bits are reserved and should be written with zeros.

Serial Port B User Enable Register (SBUER) (Address = 0x03D0)
Bit(s)	Value	Description
7	0	Disable User Mode access to Serial Port B (I/O addresses 0x00D0–0x00D7).
	1	Enable User Mode access to Serial Port B (I/O addresses 0x00D0–0x00D7).
6:0		These bits are reserved and should be written with zeros.

Serial Port C User Enable Register (SCUER) (Address = 0x03E0)
Bit(s)	Value	Description
7	0	Disable User Mode access to Serial Port C (I/O addresses 0x00E0–0x00E7).
	1	Enable User Mode access to Serial Port C (I/O addresses 0x00E0–0x00E7).
6:0		These bits are reserved and should be written with zeros.

Serial Port D User Enable Register (SDUER) (Address = 0x03F0)
Bit(s)	Value	Description
7	0	Disable User Mode access to Serial Port D (I/O addresses 0x00F0–0x00F7).
	1	Enable User Mode access to Serial Port D (I/O addresses 0x00F0–0x00F7).
6:0		These bits are reserved and should be written with zeros.

Serial Port E User Enable Register (SEUER) (Address = 0x03C8)
Bit(s)	Value	Description
7	0	Disable User Mode access to Serial Port E (I/O addresses 0x00C8–0x00CF).
	1	Enable User Mode access to Serial Port E (I/O addresses 0x00C8–0x00CF).
6:0		These bits are reserved and should be written with zeros.

Serial Port F User Enable Register (SFUER) (Address = 0x03D8)
Bit(s)	Value	Description
7	0	Disable User Mode access to Serial Port F (I/O addresses 0x00D8–0x00DF).
	1	Enable User Mode access to Serial Port F (I/O addresses 0x00D8–0x00DF).
6:0		These bits are reserved and should be written with zeros.

Enable Dual-Mode Register (EDMR) (Address = 0x0420)
Bit(s)	Value	Description
7:6	00	Default (Rabbit 2000/3000) instruction set.
	01	This bit combination is reserved and must not be used.
	10	This bit combination is reserved and must not be used.
	11	Enhanced (Rabbit 4000) instruction set.
5:1		These bits are reserved and should be written with zeros.
0	0	Normal (System Mode only) operation.
	1	Enable System/Normal operation.