| 1 |
$Id: TODO,v 1.410 2006/11/06 05:32:38 debug Exp $ |
$Id: TODO,v 1.536 2007/06/15 22:30:17 debug Exp $ |
| 2 |
|
|
| 3 |
This file is my list of things I want to work on in the future. It is in |
Some things, in no specific order, that I'd like to fix: |
| 4 |
random order, and some parts of it are probably out-to-date by now. |
(Some items in this list are perhaps already fixed.) |
| 5 |
|
|
| 6 |
|
M88K: |
| 7 |
Dyntrans: |
o) Neither NIP nor FIP valid in rte? |
| 8 |
x) Instruction combination collisions? How to avoid easily... |
o) FIP != NIP + 4, in rte! (Simulate delayed branch stuff.) |
| 9 |
x) Think about how to do both SHmedia and SHcompact in a reasonable |
o) cpu_dyntrans.c: MEMORY_USER_ACCESS implementation for M88K! |
| 10 |
way! (Or AMD64 long/protected/real, for that matter.) |
o) xmem: Set transaction registers! |
| 11 |
x) 68K emulation; think about how to do variable instruction |
o) CMMUs: |
| 12 |
lengths across page boundaries. |
o) Translation invalidations, could be optimized. |
| 13 |
x) Dyntrans with valgrind-inspired memory checker. (In memory_rw, |
o) Move initialization from dev_mvme187 to somewhere |
| 14 |
it would be reasonably simple to add; in each individual fast |
more reasonable? |
| 15 |
load/store routine = a lot more work, and it would become |
o) Instruction trace by using bits of ??IP control regs. |
| 16 |
kludgy very fast.) |
o) Interrupts (these are machine dependent, though). |
| 17 |
x) Dyntrans with SMP... lots of work to be done here. |
o) Implement devices etc. for one or more machine modes, |
| 18 |
x) Dyntrans with cache emulation... lots of work here as well. |
to get some guest OS running. OpenBSD/mvme88k on MVME187 |
| 19 |
o) dev_mp doesn't work well with dyntrans yet |
seems to be the smartest path to follow for now. |
| 20 |
o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans |
o) VME bus device |
| 21 |
x) Redesign/rethink the delay slot mechanism used for e.g. MIPS, |
o) PCC2 |
| 22 |
so that it caches a translation (that is, an instruction |
o) Cirrus Logic serial port controller |
| 23 |
word and the instr_call it was translated to the last |
o) Instruction disassembly, and implementation: |
| 24 |
time), so that it doesn't need to do slow |
o) See http://www.panggih.staff.ugm.ac.id/download/GCC/info/gcc.i5 |
| 25 |
to_be_translated for each end of page? |
for some strange cases of when "div" can fail (?) |
| 26 |
x) Program Counter statistics: |
o) Floating point stuff |
| 27 |
Per machine? What about SMP? All data to the same file? |
o) "Graphics" instructions (M88110-specific) |
|
A debugger command should be possible to use to enable/ |
|
|
disable statistics gathering. |
|
|
Configuration file option! |
|
|
x) Breakpoints: |
|
|
o) Physical vs virtual addresses! |
|
|
o) 32-bit vs 64-bit sign extension for MIPS, and others? |
|
|
x) INVALIDATION should cause translations in _all_ cpus to be |
|
|
invalidated, e.g. on a write to a write-protected page |
|
|
(containing code) |
|
|
x) 16-bit encodings? (MIPS16, ARM Thumb, 32-bit SH on SH64) |
|
|
x) Lots of other stuff: see src/cpus/README_DYNTRANS |
|
|
x) true recompilation backend? think carefully about this, |
|
|
experiment in a separate project (not in GXemul) |
|
|
o) First test would be to just implement a simple |
|
|
instruction such as MIPS' addiu or lui, on AMD64 |
|
|
hosts... |
|
|
|
|
|
Simple Valgrind-like checks? |
|
|
o) Mark every address with bits which tell whether or not the address |
|
|
has been written to. |
|
|
o) What should happen when programs are loaded? Text/data, bss (zero |
|
|
filled). But stack space and heap is uninitialized. |
|
|
o) Uninitialized local variables: |
|
|
A load from a place on the stack which has not previously |
|
|
been stored to => warning. Increasing the stack pointer using |
|
|
any available means should reset the memory to uninitialized. |
|
|
o) If calls to malloc() and free() can be intercepted: |
|
|
o) Access to a memory area after free() => warning. |
|
|
o) Memory returned by malloc() is marked as not-initialized. |
|
|
o) Non-passive, but good to have: Change the argument |
|
|
given to malloc, to return a slightly larger memory |
|
|
area, i.e. margin_before + size + margin_after, |
|
|
and return the pointer + margin_before. |
|
|
Any access to the margin_before or _after space results |
|
|
in warnings. (free() must be modified to free the |
|
|
actually allocated address.) |
|
| 28 |
|
|
| 29 |
MIPS: |
MIPS: |
| 30 |
o) Nicer MIPS status bits in register dumps. |
o) Nicer MIPS status bits in register dumps. |
|
o) Alignment exceptions. |
|
| 31 |
o) Floating point exception correctness. |
o) Floating point exception correctness. |
| 32 |
o) Fix this? Triggered by NetBSD/sgimips? Hm: |
o) Fix this? Triggered by NetBSD/sgimips? Hm: |
| 33 |
to_be_translated(): TODO: unimplemented instruction: |
to_be_translated(): TODO: unimplemented instruction: |
| 35 |
o) Some more work on opcodes. |
o) Some more work on opcodes. |
| 36 |
x) MIPS64 revision 2. |
x) MIPS64 revision 2. |
| 37 |
o) Find out which actual CPUs implement the rev2 ISA! |
o) Find out which actual CPUs implement the rev2 ISA! |
| 38 |
|
o) DINS, DINSM, DINSU etc |
| 39 |
o) DROTR32 and similar MIPS64 rev 2 instructions, |
o) DROTR32 and similar MIPS64 rev 2 instructions, |
| 40 |
which have a rotation bit which differs from |
which have a rotation bit which differs from |
| 41 |
previous ISAs. |
previous ISAs. |
|
o) EI and DI instructions for MIPS64/32 rev 2. |
|
|
NOTE: These are _NOT_ the same as for R5900! |
|
| 42 |
x) _MAYBE_ TX79 and R5900 actually differ in their |
x) _MAYBE_ TX79 and R5900 actually differ in their |
| 43 |
opcodes? Check this carefully! |
opcodes? Check this carefully! |
| 44 |
o) Dyntrans: Count register updates are probably not 100% correct yet. |
o) Dyntrans: Count register updates are probably not 100% correct yet. |
| 45 |
o) Refactor code for performance and readability/maintainability. |
o) Refactor code for performance and readability/maintainability. |
| 46 |
o) (Re)implement 128-bit loads/stores for R5900. |
o) (Re)implement 128-bit loads/stores for R5900. |
| 47 |
|
o) Coprocessor 1x (i.e. 3) should cause cp1 exceptions, not 3? |
| 48 |
|
(See http://lists.gnu.org/archive/html/qemu-devel/2007-05/msg00005.html) |
| 49 |
o) R4000 and others: |
o) R4000 and others: |
| 50 |
x) watchhi/watchlo exceptions, and other exception |
x) watchhi/watchlo exceptions, and other exception |
| 51 |
handling details |
handling details |
| 52 |
|
o) MIPS 5K* have 42 physical address bits, not 40/44? |
| 53 |
o) R10000 and others: (R12000, R14000 ?) |
o) R10000 and others: (R12000, R14000 ?) |
| 54 |
|
x) The code before the line |
| 55 |
|
/* reg[COP0_PAGEMASK] = cpu->cd.mips.coproc[0]->tlbs[0].mask & PAGEMASK_MASK; */ |
| 56 |
|
in cpu_mips.c is not correct for R10000 according to |
| 57 |
|
Lemote's Godson patches for GXemul. TODO: Go through all |
| 58 |
|
register definitions according to http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_263.html#HEADING334 |
| 59 |
|
and make sure everything works with R10000. |
| 60 |
|
Then test with OpenBSD/sgi? |
| 61 |
|
x) Entry LO mask (as above). |
| 62 |
x) memory space, exceptions, ... |
x) memory space, exceptions, ... |
| 63 |
x) use cop0 framemask for tlb lookups |
x) use cop0 framemask for tlb lookups |
| 64 |
(http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html) |
(http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html) |
| 65 |
|
|
| 66 |
SuperH: |
SuperH: |
| 67 |
x) DMA (0xffa00000) |
x) Auto-generation of loads/stores! This should get rid of at least |
| 68 |
x) Instruction tracing should include symbols for branch targets, |
the endianness check in each load/store. |
| 69 |
and so on... |
x) Experiment with whether or not correct ITLB emulation is |
| 70 |
|
actually needed. (20070522: I'm turning it off today.) |
| 71 |
x) SH4 interrupt controller: |
x) SH4 interrupt controller: |
| 72 |
x) Implement correct priorities of interrupts |
x) MASKING should be possible! |
| 73 |
|
x) SH4 DMA (0xffa00000) |
| 74 |
|
x) SH4 UBC (0xff200000) |
| 75 |
|
x) Store queues can copy 32 bytes at a time, there's no need to |
| 76 |
|
copy individual 32-bit words. (Performance improvement.) |
| 77 |
x) SH4 BSC (Bus State Controller) |
x) SH4 BSC (Bus State Controller) |
| 78 |
x) NetBSD/evbsh3, dreamcast, mmeye, hpcsh! Linux? |
x) Instruction tracing should include symbols for branch targets, |
| 79 |
x) Replace pc-relative loads with immediate load, if within the |
and so on, to make the output more human readable. |
| 80 |
same page. (Similar to the same optimization for ARM.) |
x) SH3-specific devices: Pretty much everything! |
| 81 |
x) Floating point exception correctness. |
x) NetBSD/evbsh3, hpcsh! Linux? |
| 82 |
x) Floating point speed! |
x) Floating point speed! |
| 83 |
|
x) Floating point exception correctness. |
| 84 |
|
x) NetBSD HEAD (as of April 2007) hangs during bootup, because it |
| 85 |
|
turns on/off interrupts in an unfortunately synchronized way |
| 86 |
|
with dyntrans. This needs to be fixed. |
| 87 |
|
x) Exceptions for unaligned load/stores. OpenBSD/landisk uses |
| 88 |
|
this mechanism for its reboot code (machine_reset). |
| 89 |
x) Think carefully about how to implement SH5/SH64 (for evbsh5). |
x) Think carefully about how to implement SH5/SH64 (for evbsh5). |
| 90 |
|
|
| 91 |
|
Landisk SH4: |
| 92 |
|
x) When NetBSD/landisk 4.0 has been released, make sure it works |
| 93 |
|
in the emulator. (Update documentation, etc.) |
| 94 |
|
|
| 95 |
Dreamcast: |
Dreamcast: |
| 96 |
x) CD image bootup: |
x) G2 DMA |
| 97 |
0) Find IP.BIN, and load it to 0x8c008000. |
x) LAN adapter (dev_mb8696x.c). NetBSD root-on-nfs. |
|
1) Run code at 0x8c008300 (SEGA license code). |
|
|
2) When the license code runs a "boot menu" syscall, |
|
|
load the 1ST_READ.BIN file (unscrambled?) to 0x8c010000. |
|
|
3) Run code at 0x8c00b800 (Bootstrap 1). This will in turn |
|
|
jump to 0x8c00e000 (Bootstrap 2), and then jump to |
|
|
0x8c010000, to start the program. |
|
|
(Try with e.g. Comstedt's Serial IP Slave, to make sure it |
|
|
works as expected.) |
|
|
x) LAN adapter. |
|
| 98 |
x) PVR: Lots of stuff. See dev_pvr.c. |
x) PVR: Lots of stuff. See dev_pvr.c. |
| 99 |
|
x) Better GDROM support |
| 100 |
|
x) Modem |
| 101 |
|
x) PCI bridge/bus? |
| 102 |
x) Maple bus: |
x) Maple bus: |
| 103 |
x) Correct controller input |
x) Correct controller input |
| 104 |
x) Mouse input |
x) Mouse input |
| 105 |
x) PROM/BIOS calls: |
x) Software emulation of BIOS calls: |
| 106 |
x) GD-ROM emulation |
x) GD-ROM emulation: Use the GDROM device. |
| 107 |
x) NetBSD/dreamcast: Root on nfs? |
x) Use the VGA font as a fake ROM font. (Better than |
| 108 |
x) Linux/dreamcast? (The gentoo kernel currently crashes.) |
nothing.) |
| 109 |
|
x) Make as many as possible of the KOS examples run! |
| 110 |
x) More homebrew demos/games. |
x) More homebrew demos/games. |
| 111 |
x) Sound emulation (ARM cpu). |
x) SPU: Sound emulation (ARM cpu). |
| 112 |
x) VME processor emulation? |
x) VME processor emulation? "(Sanyo LC8670 "Potato")" according to |
| 113 |
|
Wikipedia, LC86K87 according to Comstedt's page. See |
| 114 |
Transputer: |
http://www.maushammer.com/vmu.html for a good description of |
| 115 |
x) Implement support for Helios binaries. |
the differences between LC86104C and the one used in the VME. |
|
x) Stack and register contents at startup? |
|
|
x) Figure out how to boot an entire Helios distribution. |
|
|
x) Implement all instructions. :) |
|
|
|
|
|
RCA1802/RCA1805, CHIP8: |
|
|
x) CHIP8 -> RCA180x conversion |
|
|
x) Think about how to do dual-mode, variable-instr-length |
|
|
ISAs, and switch between modes. |
|
|
x) 1805 "extended" opcode -> trigger CHIP8 emulation? |
|
|
That is, all calls 0NNN could point to 0x68 opcodes, |
|
|
which, if running on a 1802 in CHIP8-emulation-mode, |
|
|
would be manually interpreted. |
|
|
x) Better solution: |
|
|
CHIP8 calls to 00xx => handle at high level, |
|
|
calls to 0xxx in general = call 180X machine code |
|
|
(0000 = reboot?) |
|
|
x) 1802 info: http://www.nyx.net/~lturner/public_html/Cosmac.html |
|
|
and: http://www.elf-emulation.com/1802.html |
|
|
x) 1805 extended opcodes: Implement at least disassembly support! |
|
|
x) Keyboard input. |
|
|
x) Sound (beep only). |
|
|
x) Slow-down to correct speed? Wikipedia: "it was usually operated |
|
|
at 3.58 MHz/2 to suit the requirements of the 1861 chip which |
|
|
gave a speed of a little over 100,000 instructions per second" |
|
|
(Note that _CHIP8_ emulation would then be even slower.) |
|
|
x) SCHIP48 (Super) emulation: |
|
|
Some more opcodes, 128x64 framebuffer, larger |
|
|
sprites and fonts. |
|
| 116 |
|
|
| 117 |
Alpha: |
Alpha: |
| 118 |
x) OSF1 PALcode, Virtual memory support. |
x) OSF1 PALcode, Virtual memory support. |
| 123 |
x) More Alpha machine types, so it could work with |
x) More Alpha machine types, so it could work with |
| 124 |
OpenBSD, FreeBSD, and Linux too? |
OpenBSD, FreeBSD, and Linux too? |
| 125 |
|
|
| 126 |
SPARC: |
SPARC (both the ISA and the machines): |
| 127 |
o) Implement Adress space identifiers; load/stores etc. |
o) Implement Adress space identifiers; load/stores etc. |
| 128 |
o) Save/restore register windows etc! |
o) Exception/trap/interrupt handling. |
| 129 |
|
o) Save/restore register windows etc! Both v9 and pre-v9! |
| 130 |
o) Finish the subcc and addcc flag computation code. |
o) Finish the subcc and addcc flag computation code. |
| 131 |
o) Add more registers (floating point, control regs etc) |
o) Add more registers (floating point, control regs etc) |
|
o) Exception/trap handling. |
|
| 132 |
o) Disassemly of some more instructions? |
o) Disassemly of some more instructions? |
| 133 |
o) Are sll etc 32-bit sign-extending or zero-extending? |
o) Are sll etc 32-bit sign-extending or zero-extending? |
| 134 |
o) Finish the GDB register stuff. |
o) Floating point exception correctness. |
|
x) Floating point exception correctness. |
|
| 135 |
o) SPARC v8, v7 etc? |
o) SPARC v8, v7 etc? |
| 136 |
|
o) More machine modes and devices. |
|
Debugger: |
|
|
o) How does SMP debugging work? Does it simply use "threads"? |
|
|
What if the guest OS (running on an emulated SMP machine) |
|
|
has a usertask running, with userland threads? |
|
|
o) Try to make the debugger more modular and, if possible, reentrant! |
|
|
o) Remove the emul command? (But show network info if showing |
|
|
machines?) |
|
|
o) Settings: |
|
|
x) Special handlers for Write! |
|
|
+) MIPS coproc regs |
|
|
+) Alpha/MIPS/SPARC zero registers |
|
|
+) x86 64/32/16-bit registers |
|
|
x) Value formatter for resulting output. |
|
|
o) see src/debugger.c for more |
|
| 137 |
|
|
| 138 |
POWER/PowerPC: |
POWER/PowerPC: |
| 139 |
x) find and fix the bug which causes NetBSD/macppc to fail after |
x) Fix DECR timer speed, so it matches the host. |
|
an install! |
|
| 140 |
x) NetBSD/prep 3.x triggers a possible bug in the emulator: |
x) NetBSD/prep 3.x triggers a possible bug in the emulator: |
| 141 |
<wdc_exec_command(0xd005e514,0xd60cdd30,0,8,..)> |
<wdc_exec_command(0xd005e514,0xd60cdd30,0,8,..)> |
| 142 |
<ata_get_xfer(0,0xd60cdd30,0,8,..)> |
<ata_get_xfer(0,0xd60cdd30,0,8,..)> |
| 160 |
x) Floating point exception correctness. |
x) Floating point exception correctness. |
| 161 |
x) Alignment exceptions. |
x) Alignment exceptions. |
| 162 |
|
|
| 163 |
|
PReP: |
| 164 |
|
x) Clock time! ("Bad battery blah blah") |
| 165 |
|
|
| 166 |
Algor: |
Algor: |
| 167 |
o) Other models than the P5064? |
o) Other models than the P5064? |
| 168 |
o) PCI interrupts... needed for stuff like the tlp NIC? |
o) PCI interrupts... needed for stuff like the tlp NIC? |
| 169 |
|
|
| 170 |
|
BeBox: |
| 171 |
|
o) Interrupts. There seems to be a problem with WDC interrupts |
| 172 |
|
"after a short while", although a few interrupts get through? |
| 173 |
|
o) Perhaps find a copy of BeOS and try it? |
| 174 |
|
|
| 175 |
HPCmips: |
HPCmips: |
| 176 |
x) Mouse/pad support! :) |
x) Mouse/pad support! :) |
| 177 |
x) A NIC? (As a PCMCIA device?) |
x) A NIC? (As a PCMCIA device?) |
| 178 |
|
|
|
AVR: |
|
|
o) Everything. |
|
|
|
|
|
AVR32: |
|
|
o) Everything. It would be good if there was NetBSD/avr32 to |
|
|
experiment with... |
|
|
|
|
| 179 |
ARM: |
ARM: |
| 180 |
o) See netwinder_reset() in NetBSD; the current "an internal error |
o) See netwinder_reset() in NetBSD; the current "an internal error |
| 181 |
occured" message after reboot/halt is too ugly. |
occured" message after reboot/halt is too ugly. |
| 182 |
o) ARM "wait"-like instruction? |
o) Generic ARM "wait"-like instruction? |
| 183 |
o) try to get netbsd/evbarm 3.x running (iq80321) |
o) try to get netbsd/evbarm 3.x or 4.x running (iq80321) |
| 184 |
o) make the xscale counter registers (ccnt) work |
o) make the xscale counter registers (ccnt) work |
| 185 |
o) make the ata controller usable for FreeBSD! |
o) make the ata controller usable for FreeBSD! |
| 186 |
o) zaurus for openbsd... |
o) Debian/cats crashes because of unimplemented coproc stuff. |
|
o) debian/cats crashes because of unimplemented coproc stuff. |
|
| 187 |
fix this? |
fix this? |
| 188 |
|
|
| 189 |
Test machines: |
Test machines: |
| 190 |
+ dev_fb block fill and copy |
o) dev_fb block fill and copy |
| 191 |
+ dev_fb draw characters (from the built-in font)? |
o) dev_fb draw characters (from the built-in font)? |
| 192 |
+ dev_fb input device? mouse pointer coordinates and buttons |
o) dev_fb input device? mouse pointer coordinates and buttons |
| 193 |
(allow changes in these to cause interrupts as well?) |
(allow changes in these to cause interrupts as well?) |
| 194 |
+ Redefine the halt() function so that it stops "sometimes |
o) Redefine the halt() function so that it stops "sometimes |
| 195 |
soon", i.e. usage in demo code should be: |
soon", i.e. usage in demo code should be: |
| 196 |
for (;;) { |
for (;;) { |
| 197 |
halt(); |
halt(); |
| 198 |
} |
} |
| 199 |
|
|
| 200 |
|
Debugger: |
| 201 |
|
o) How does SMP debugging work? Does it simply use "threads"? |
| 202 |
|
What if the guest OS (running on an emulated SMP machine) |
| 203 |
|
has a usertask running, with userland threads? |
| 204 |
|
o) Try to make the debugger more modular and, if possible, reentrant! |
| 205 |
|
o) Remove the emul command? (But show network info if showing |
| 206 |
|
machines?) |
| 207 |
|
o) Memory dumps should be able to dump both physical and |
| 208 |
|
virtual emulated memory. |
| 209 |
|
o) Evaluate expressions within []? That would allow stuff like |
| 210 |
|
cpu[x] where x is an expression. |
| 211 |
|
o) "pc = pc + 4" doesn't work! Bug. Should work. ("pc=pc+4" works.) |
| 212 |
|
o) Settings: |
| 213 |
|
x) Special handlers for Write! |
| 214 |
|
+) MIPS coproc regs |
| 215 |
|
+) Alpha/MIPS/SPARC zero registers |
| 216 |
|
+) x86 64/32/16-bit registers |
| 217 |
|
x) Value formatter for resulting output. |
| 218 |
|
o) Call stack display (back-trace) of emulated programs. |
| 219 |
|
o) Nicer looking output of register dumps, floating point registers, |
| 220 |
|
etc. Warn about weird/invalid register contents. |
| 221 |
|
o) Ctrl-C doesn't enter the debugger on some OSes (HP-UX?)... |
| 222 |
|
|
| 223 |
|
Dyntrans: |
| 224 |
|
x) For 32-bit emulation modes, that have emulated TLBs: tlbindex |
| 225 |
|
arrays of mapped pages? Things to think about: |
| 226 |
|
x) Only 32-bit mode! (64-bit => too much code) |
| 227 |
|
x) One array for global pages, and one array _PER ASID_, |
| 228 |
|
for those archs that support that. On M88K, there should |
| 229 |
|
be one array for userspace, and one for supervisor, etc. |
| 230 |
|
x) Larger-than-4K-pages must fill several bits in the array. |
| 231 |
|
x) No TLB search will be necessary. |
| 232 |
|
x) Total host space used, for 4 KB pages: 1 MB per table, |
| 233 |
|
i.e. 65 MB for 32-bit MIPS, 2 MB for M88K, if one byte |
| 234 |
|
is used as the tlb index. |
| 235 |
|
x) (The index is actually +1, so that 0 means no hit.) |
| 236 |
|
x) "Merge" the cur_physpage and cur_ic_page variables/pointers to |
| 237 |
|
one? I.e. change cur_ic_page to cur_physpage.ic_page or something. |
| 238 |
|
x) Instruction combination collisions? How to avoid easily... |
| 239 |
|
x) Think about how to do both SHmedia and SHcompact in a reasonable |
| 240 |
|
way! (Or AMD64 long/protected/real, for that matter.) |
| 241 |
|
x) 68K emulation; think about how to do variable instruction |
| 242 |
|
lengths across page boundaries. |
| 243 |
|
x) Dyntrans with valgrind-inspired memory checker. (In memory_rw, |
| 244 |
|
it would be reasonably simple to add; in each individual fast |
| 245 |
|
load/store routine = a lot more work, and it would become |
| 246 |
|
kludgy very fast.) |
| 247 |
|
x) Dyntrans with SMP... lots of work to be done here. |
| 248 |
|
x) Dyntrans with cache emulation... lots of work here as well. |
| 249 |
|
x) Remove the concept of base RAM completely; it would be more |
| 250 |
|
generic to allow RAM devices to be used "anywhere". |
| 251 |
|
o) dev_mp doesn't work well with dyntrans yet |
| 252 |
|
o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans |
| 253 |
|
x) Redesign/rethink the delay slot mechanism used for e.g. MIPS, |
| 254 |
|
so that it caches a translation (that is, an instruction |
| 255 |
|
word and the instr_call it was translated to the last |
| 256 |
|
time), so that it doesn't need to do slow |
| 257 |
|
to_be_translated for each end of page? |
| 258 |
|
x) Program Counter statistics: |
| 259 |
|
Per machine? What about SMP? All data to the same file? |
| 260 |
|
A debugger command should be possible to use to enable/ |
| 261 |
|
disable statistics gathering. |
| 262 |
|
Configuration file option! |
| 263 |
|
x) Breakpoints: |
| 264 |
|
o) Physical vs virtual addresses! |
| 265 |
|
o) 32-bit vs 64-bit sign extension for MIPS, and others? |
| 266 |
|
x) INVALIDATION should cause translations in _all_ cpus to be |
| 267 |
|
invalidated, e.g. on a write to a write-protected page |
| 268 |
|
(containing code) |
| 269 |
|
x) 16-bit encodings? (MIPS16, ARM Thumb, 32-bit SH on SH64) |
| 270 |
|
x) Lots of other stuff: see src/cpus/README_DYNTRANS |
| 271 |
|
x) Native code generation backends: |
| 272 |
|
o) calculate at runtime whether or not chunks of emulated |
| 273 |
|
(physical) memory are worth translating to native code |
| 274 |
|
(it is assumed that it has high overhead) |
| 275 |
|
o) experiment with calling the host's cc and ld externally; |
| 276 |
|
extremely high overhead, but could be interesting none- |
| 277 |
|
theless. |
| 278 |
|
o) experiment with using LLVM, or GNU Lightning? |
| 279 |
|
o) Important cases to think about: |
| 280 |
|
x) loads/stores |
| 281 |
|
x) delay branches |
| 282 |
|
x) other kinds of calls, branches |
| 283 |
|
o) branches to already translated code blocks can |
| 284 |
|
link the blocks together (block-chaining), although |
| 285 |
|
I'll probably want to wait with this until other |
| 286 |
|
things work. |
| 287 |
|
o) The first tests should be done with "testm88k", because |
| 288 |
|
that does not affect other modes. |
| 289 |
|
|
| 290 |
|
------------------------------------------------------------------------------- |
| 291 |
|
|
| 292 |
|
Performance comparison when emulating the QEMU_MIPS machine (QEMU's default |
| 293 |
|
MIPS machine mode): |
| 294 |
|
|
| 295 |
|
mips-test-0.2: |
| 296 |
|
-------------- |
| 297 |
|
|
| 298 |
|
1. while true; do ls -l > /dev/null; echo -n .; done, 80x36 dots |
| 299 |
|
2. while true; do /usr/bin/md5sum /usr/bin/* > /dev/null; echo -n .; done, 80 dots |
| 300 |
|
3. while true; do grep hej lib/libc.so.6 > /dev/null; echo -n .; done, 80 dots |
| 301 |
|
|
| 302 |
|
Test 1 Test 2 Test 3 |
| 303 |
|
------ ------ ------ |
| 304 |
|
QEMU 0.9.0: 2 min 20 sec 45 sec 4 min 41 seconds |
| 305 |
|
GXemul-20070608: 1 min 59 sec 3 min 18 sec 18 min 10 seconds [A] |
| 306 |
|
|
| 307 |
|
|
| 308 |
|
[A] = Normal portable dyntrans, no native code generation. |
| 309 |
|
|
| 310 |
|
------------------------------------------------------------------------------- |
| 311 |
|
|
| 312 |
|
|
| 313 |
|
Simple Valgrind-like checks? |
| 314 |
|
o) Mark every address with bits which tell whether or not the address |
| 315 |
|
has been written to. |
| 316 |
|
o) What should happen when programs are loaded? Text/data, bss (zero |
| 317 |
|
filled). But stack space and heap is uninitialized. |
| 318 |
|
o) Uninitialized local variables: |
| 319 |
|
A load from a place on the stack which has not previously |
| 320 |
|
been stored to => warning. Increasing the stack pointer using |
| 321 |
|
any available means should reset the memory to uninitialized. |
| 322 |
|
o) If calls to malloc() and free() can be intercepted: |
| 323 |
|
o) Access to a memory area after free() => warning. |
| 324 |
|
o) Memory returned by malloc() is marked as not-initialized. |
| 325 |
|
o) Non-passive, but good to have: Change the argument |
| 326 |
|
given to malloc, to return a slightly larger memory |
| 327 |
|
area, i.e. margin_before + size + margin_after, |
| 328 |
|
and return the pointer + margin_before. |
| 329 |
|
Any access to the margin_before or _after space results |
| 330 |
|
in warnings. (free() must be modified to free the |
| 331 |
|
actually allocated address.) |
| 332 |
|
|
| 333 |
Better CD Image file support: |
Better CD Image file support: |
| 334 |
x) Support CD formats that contain more than 1 track, e.g. |
x) Support CD formats that contain more than 1 track, e.g. |
| 335 |
CDI files (?). These can then contain a mixture of e.g. sound |
CDI files (?). These can then contain a mixture of e.g. sound |
| 339 |
possibly other live-CD formats.) |
possibly other live-CD formats.) |
| 340 |
|
|
| 341 |
Networking: |
Networking: |
| 342 |
|
x) Redesign of the networking subsystem, at least the NAT translation |
| 343 |
|
part. The current way of allowing raw ethernet frames to be |
| 344 |
|
transfered to/from the emulator via UDP should probably be |
| 345 |
|
extended to allow the frames to be transmitted other ways as |
| 346 |
|
well. |
| 347 |
|
x) Also adding support for connecting ttys (either to xterms, or to |
| 348 |
|
pipes/sockets etc, or even to PPP->NAT or SLIP->NAT :-). |
| 349 |
|
x) Documentation updates (!) are very important, making it easier to |
| 350 |
|
use the (already existing) network emulation features. |
| 351 |
x) Fix performance problems caused by only allowing a |
x) Fix performance problems caused by only allowing a |
| 352 |
single TCP packet to be unacked. |
single TCP packet to be unacked. |
| 353 |
x) Don't hardcode offsets into packets! |
x) Don't hardcode offsets into packets! |
| 380 |
is another option (easier to implement, but very very slow). |
is another option (easier to implement, but very very slow). |
| 381 |
|
|
| 382 |
Documentation: |
Documentation: |
| 383 |
|
x) Update the documentation regarding the testmachine interrupts. |
| 384 |
x) Note about sandboxing/security: |
x) Note about sandboxing/security: |
| 385 |
Not all emulated instructions fail in the way they would |
Not all emulated instructions fail in the way they would |
| 386 |
do on real hardware (e.g. a userspace program writing to |
do on real hardware (e.g. a userspace program writing to |
| 390 |
securely". |
securely". |
| 391 |
x) Try NetBSD/arc 4.x! (It seems to work with disk images!) |
x) Try NetBSD/arc 4.x! (It seems to work with disk images!) |
| 392 |
x) NetBSD/pmax 4 install instructions: xterm instead of vt100! |
x) NetBSD/pmax 4 install instructions: xterm instead of vt100! |
| 393 |
x) DEVICE_TICK in technical.html |
x) BETTER DEVICE EXAMPLES! |
| 394 |
|
o) Move away from technical.html to somewhere new. |
| 395 |
|
o) DEVICE_TICK |
| 396 |
|
o) Implement example devices using interrupts, dyntrans |
| 397 |
|
memory access, etc.? |
| 398 |
|
x) Document the dyntrans core? |
| 399 |
x) Rewrite the section about experimental devices, after the |
x) Rewrite the section about experimental devices, after the |
| 400 |
framebuffer acceleration has been implemented, and demos |
framebuffer acceleration has been implemented, and demos |
| 401 |
written. (Symbolic names instead of numbers; example |
written. (Symbolic names instead of numbers; example |
| 414 |
that use 3MAX into using CATS or hpcmips? (To remove the need |
that use 3MAX into using CATS or hpcmips? (To remove the need |
| 415 |
to use a raw ffs partition, using up all of the disk image.) |
to use a raw ffs partition, using up all of the disk image.) |
| 416 |
|
|
|
More generic out_of_memory error reporting, and check everywhere! |
|
|
Causes: OpenBSD has low default limits for normal users. |
|
|
Host is 32-bit? (32-bit hosts are limited to 4 GB or less |
|
|
of userspace memory.) |
|
|
You are actually low on RAM. (As trivial as this might sound, |
|
|
Unix systems usually allow processes to allocate virtual |
|
|
memory beyond the amount of RAM in the machine.) |
|
|
|
|
| 417 |
The Device subsystem: |
The Device subsystem: |
| 418 |
x) allow devices to be moved and/or changed in size (down to a |
x) allow devices to be moved and/or changed in size (down to a |
| 419 |
minimum size, etc, or up to a max size); if there is a collision, |
minimum size, etc, or up to a max size); if there is a collision, |
| 428 |
x) refactor various clocks/nvram/cmos into one device? |
x) refactor various clocks/nvram/cmos into one device? |
| 429 |
|
|
| 430 |
PCI: |
PCI: |
| 431 |
|
x) Pretty much everything related to runtime configuration, device |
| 432 |
|
slots, interrupts, etc must be redesigned/cleaned up. The current |
| 433 |
|
code is very hardcoded and ugly. |
| 434 |
|
o) Allow cards to be added/removed during runtime more easily. |
| 435 |
|
o) Allow cards to be enabled/disabled (i/o ports, etc, like |
| 436 |
|
NetBSD needs for disk controller detection). |
| 437 |
|
o) Allow devices to be moved in memory during runtime. |
| 438 |
|
o) Interrupts per PCI slot, etc. (A-D). |
| 439 |
|
o) PCI interrupt controller logic... very hard to get right, |
| 440 |
|
because these differ a lot from one machine to the next. |
| 441 |
x) last write was ffffffff ==> fix this, it should be used |
x) last write was ffffffff ==> fix this, it should be used |
| 442 |
together with a mask to get the correct bits. also, not ALL |
together with a mask to get the correct bits. also, not ALL |
| 443 |
bits are size bits! (lowest 4 vs lowest 2?) |
bits are size bits! (lowest 4 vs lowest 2?) |
| 445 |
x) generalize the interrupt routing stuff (lines etc) |
x) generalize the interrupt routing stuff (lines etc) |
| 446 |
|
|
| 447 |
Clocks and timers: |
Clocks and timers: |
| 448 |
|
x) Fix the PowerPC DECR interrupt speed! (MacPPC and PReP speed, etc.) |
| 449 |
x) DON'T HARDCODE 100 HZ IN cpu_mips_coproc.c! |
x) DON'T HARDCODE 100 HZ IN cpu_mips_coproc.c! |
| 450 |
x) Test the 8253? Right now it doesn't seem to be used? |
x) NetWinder timeofday is incorrect! Huh? grep -R for ta_rtc_read in |
| 451 |
x) NetWinder timeofday is incorrect! |
NetBSD sources; it doesn't seem to be initialized _AT ALL_?! |
| 452 |
x) Cobalt TOD is incorrect! |
x) Cobalt TOD is incorrect! |
| 453 |
x) Go through all other machines, one by one, and fix them. |
x) Go through all other machines, one by one, and fix them. |
| 454 |
|
|
|
Busses: |
|
|
o) Redesign the entire "mainbus" concept! |
|
|
x) Busses should be placed in a hierarchical tree (?) |
|
|
x) Specific clock/bus speeds, cpu speeds etc. |
|
|
o) Interrupt routing subsystem: |
|
|
x) IF POSSIBLE, try to make the new system work with the |
|
|
current system, but print annoying warning messages. :) |
|
|
Think carefully about this. |
|
|
x) Registry for all available interrupts. |
|
|
+) Each interrupt controller (including CPU cores |
|
|
that can handle interrupts) should register its |
|
|
interrupts, e.g. |
|
|
cpu[0].irq[3] |
|
|
cpu[0].irq[3].pcmcia_slot[1] |
|
|
cpu[0].irq.pci[3] |
|
|
+) Note: MIPS cpus have multiple irqs in the core, |
|
|
while some other CPUs only have one (irq[0] |
|
|
or just irq). |
|
|
x) Users should use interrupt _names_ instead of integers |
|
|
when attaching to an interrupt controller, but when |
|
|
asserting/deasserting irq lines, small integers must |
|
|
still be used (for obvious performance reasons). |
|
|
Figure out a way to do this nicely! |
|
|
x) Any users need to say whether they need the interrupt line |
|
|
exclusively or allow shared access. |
|
|
x) Must work with everything from native IRQs to |
|
|
TurboChannel/PCI/ISA/ADB/PCMCIA/... |
|
|
x) Must work with SMP emulation! |
|
|
x) Make it with device_add(). How does the end user find |
|
|
out the name of an interrupt controller/line in e.g. |
|
|
a configuration file? |
|
|
o) Synchronization over network? or at least in dyntrans within |
|
|
one emulated machine |
|
|
o) Convert to real busses: TurboChannel, PCMCIA, ADB |
|
|
|
|
| 455 |
Config file parser: |
Config file parser: |
| 456 |
o) Rewrite it from scratch! |
o) Rewrite it from scratch! |
| 457 |
o) Usage of any expression available through the debugger |
o) Usage of any expression available through the debugger |
| 458 |
|
o) Allow interrupt controllers to be added! and interrupts |
| 459 |
|
to be used in more ways than before |
| 460 |
o) Support for running debugger commands (like the -c |
o) Support for running debugger commands (like the -c |
| 461 |
command line option) |
command line option) |
| 462 |
|
|
| 467 |
o) non-IEEE modes (i.e. x86)? |
o) non-IEEE modes (i.e. x86)? |
| 468 |
|
|
| 469 |
Userland emulation: |
Userland emulation: |
| 470 |
x) Lots of stuff; freebsd and netbsd (and linux?) syscalls. |
x) Try to prefix "/emul/mips/" or similar to all filenames, |
| 471 |
x) Dynamic linking? Hm. |
and only if that fails, try the given filename. |
| 472 |
|
Read this setting from an environment variable, and only |
| 473 |
|
if there is none, fall back to hardcoded string. |
| 474 |
|
x) File descriptor (0,1,2) assumptions? Find and fix these? |
| 475 |
|
x) Dynamic linking! |
| 476 |
|
x) Lots of stuff; freebsd, netbsd, linux, ... syscalls. |
| 477 |
|
x) Initial register/stack contents (environment, command line args). |
| 478 |
|
x) Return value (from main). |
| 479 |
|
x) mmap emulation layer |
| 480 |
|
x) errno emulation layer |
| 481 |
|
x) struct conversions for many syscalls |
| 482 |
|
|
| 483 |
Sound: |
Sound: |
| 484 |
x) generic sound framework |
x) generic sound framework |
| 485 |
x) add one or more sound cards as devices; add a testmachine |
x) add one or more sound cards as devices; add a testmachine |
| 486 |
sound card first? |
sound card first? |
| 487 |
|
x) Dreamcast sound? Generic PCI sound cards? |
| 488 |
|
|
| 489 |
ASC SCSI controller: |
ASC SCSI controller: |
| 490 |
x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul |
x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul |
| 510 |
possible. |
possible. |
| 511 |
|
|
| 512 |
File/disk/symbol handling: |
File/disk/symbol handling: |
| 513 |
|
o) Make sure that disks can be added/removed during runtime! |
| 514 |
|
(Perhaps this needs a reasonably large re-write.) |
| 515 |
o) Remove some of the complexity in file format guessing, for |
o) Remove some of the complexity in file format guessing, for |
| 516 |
Ultrix kernels that are actually disk images? |
Ultrix kernels that are actually disk images? |
| 517 |
o) Better handling of tape files |
o) Better handling of tape files |
| 518 |
o) Read function argument count and types from binaries? (ELF?) |
o) Read function argument count and types from binaries? (ELF?) |
| 519 |
o) Better demangling of C++ names. Note: GNU's C++ differs from e.g. |
o) Better demangling of C++ names. Note: GNU's C++ differs from e.g. |
| 520 |
Microsoft's C++, so multiple schemes must be possible. See |
Microsoft's C++, so multiple schemes must be possible. See |
| 523 |
Userland ABI emulation: |
Userland ABI emulation: |
| 524 |
o) see src/useremul.c |
o) see src/useremul.c |
| 525 |
|
|
|
Terminal/console: |
|
|
o) allow emulated serial ports to be connected to the outside |
|
|
world in a more generic way, or even to other emulated |
|
|
machines(?) |
|
|
|
|
|
Save state of the whole emulated machine, to be able to load it back |
|
|
in later? (Memory, all device's states, all registers and |
|
|
so on. Like taking a snapshot. (SimOS seems to do this, |
|
|
according to its website.)) |
|
|
|
|
| 526 |
Better framebuffer and X-windows functionality: |
Better framebuffer and X-windows functionality: |
| 527 |
o) Generalize the update_x1y1x2y2 stuff to an extend-region() |
o) Generalize the update_x1y1x2y2 stuff to an extend-region() |
| 528 |
function... |
function... |
| 550 |
o) Generalize the framebuffer stuff by moving _ALL_ X11 |
o) Generalize the framebuffer stuff by moving _ALL_ X11 |
| 551 |
specific code to src/x11.c! |
specific code to src/x11.c! |
| 552 |
|
|
| 553 |
|
------------------------------------------------------------------------------- |
| 554 |
|
|
Parent Directory
| 
Revision Log
| 
Patch