Sunday, August 30, 2009

second (and third) bugs in SCSI (esp) emulation

It looks like "Message Accepted" shouldn't write a response. At least ESP_RFLAGS must definetely be 0.

After I fixed the bug, OBP got one step further. Now it sees the targets:

ok probe-scsi
Target 0
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command e0
scsi-disk: Unsupported command length, command e0
Target 2
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command e0
scsi-disk: Unsupported command length, command e0
ok

Next stop is inquiring targets parameters.

Saturday, August 29, 2009

got past scsi-controller initialization

got past scsi-controller initialization. The next stop is disks probing:

ok probe-scsi
Extra scsi data. Fatal error.Extra scsi data. Fatal error.
ok

Sunday, August 23, 2009

Sun Studio for free

Currently there are two options to get Sun Studio for free:

- Everyone can have Sun Studio 12 update 1. There are Solaris/sparc, Solaris/intel and Linux/i686 versions. There seems to be compatibility issues with ld on newer linux distributions. The error message reads "libm format not recognized". The half official solution is

rm /opt/sun/sunstudio12/prod/lib/amd64/ld
ln -s /usr/bin/ld /opt/sun/sunstudio12/prod/lib/amd64/ld

Also there are problems with headless install under Linux. But it is possible to extract all the rpms with the --extract-installation-data command line option.

- OpenSolaris developers may get the version 10 here. But only the Solaris versions, not the Linux one. I wonder why would they need to mess with the older version 10, as there is a shiny new 12u1? Are there any known compatibility issues in the 12u1?

Saturday, August 22, 2009

Back and Forth. But mostly Forth.

Debugged the OBP boot comparing the cases where it crashes on RAM detection and on SX framebuffer detection. Now I have the path, which initializes almost everything not stepping into routines where it hangs. Currently two qemu hacks are needed: upper SIMM-FCode hack and timer stop & go hack. The rest is simple:

: t1
root-device ffd60d80 execute ffd61340 execute " banner-name" attribute device-end
" cpu-devices+" do-drop-in ( * ffd61450 * )
ffd61e70 execute ( * ffd61ea0 * )
ffd5edb0 execute ffd52a30 execute + +
ffd62930 execute 3drop 2drop ( * ffd62990 *)
ffd65610 execute drop ffd65970 execute ( * ffd659a0 * )
true (is) standalone? ffd65f20 execute ffd65f30 execute ! ffd65f40 execute ffd65f50 execute ! ( * ffd66370 * )
sunmon-compat? ffd60490 execute or 0= ffd66240 execute ( * ffd66a60 *)
ffd68920 execute ( * ffd68940 * )
ffd68dd0 execute ( * ffd68e40 *)
enable-interrupts ( * ffd6b210 * )
"/sbus" find-device scsi-initiator-id xdrint " scsi-initiator-id"
attribute device-end ( * ffd6b780 * )
ffd6e9a0 execute ffd6f160 execute "/sbus" find-device scsi-initiator-id xdrint " scsi-initiator-id" attribute device-end
ffd6f160 execute dup root-device " clock-frequency" integer-attribute device-end
2 / "/sbus" find-device " clock-frequency" integer-attribute device-end
ffd60a00 execute ( * nvram rc * )
;
showstack
t1
setenv fcode-debug? true
" probe-" do-drop-in f probe-slot " probe+" do-drop-in

Friday, August 21, 2009

Found the bug in qemu's sparc CPU emulation

The page 55 of The SPARC v8 Architecture Manual describes jump/branch case explicitly: cpu should execute one instruction on the jump target and then branch.

It's not what qemu does!

Don't know how to fix it myself though. Need to persuade the qemu developers to fix it. I seriously doubt that a compiler would use this feature, so Linux&Co are not affected by this bug at all.

Sunday, August 16, 2009

space instructions

space{c,l,d}{@,!} words currently do not work as on the real hardware.
In order to fix the emulation understanding how they are supposed to work is needed.


ok see spacel!
code spacel!
ffd53504 ld [%g7], %l2
ffd53508 add %g7, 4, %g7
ffd5350c ld [%g7], %l0
ffd53510 add %g7, 4, %g7
ffd53514 sll %g4, 2, %g4
ffd53518 call ffd5351c
ffd5351c add %g0, 14, %l1

ok ffd5351c dis
ffd5351c add %g0, 14, %l1
ffd53520 add %o7, %l1, %l1
ffd53524 jmp %l1, %g4, %g0
ffd53528 ba ffd53660

And here I'm lost. I don't see any store instruction there. Don't know where it would jump to. A hacker named "tierchen", wrote that under MIPS branch in Jump's delay slot would produce an undefined behavior.

Saturday, August 15, 2009

Fixed a bug in the IRQ processing

Ha! Fixed myself the first found bug in qemu. do_irq() was called multiple times, which just can not happen on a real hardware.

Getting the patch accepted upstream is actually harder than fixing the bug.

Update: the patch is accepted.

Sunday, August 9, 2009

Open Boot PROM images

Robert Reif has a collection of OBP images here.

Thanks, Robert.

Another collection of OBP images:
http://locomotion.tw/sparc/prom/

Sunday, August 2, 2009

Boot PROMs

Got some Boot PROMs, thanks Pete! The most interesting is LX one. While SS-20 POST stops after the first error, LX goes on till it crashes completely. Obviously "Invalid CEXC" is not handled by qemu:

$$$$$ WARNING : No Keyboard Detected! $$$$$
MMU Context Table Reg Test
MMU Context Register Test
MMU TLB Replace Reg Test
MMU Sync Fault Stat Reg Test
MMU Sync Fault Addr Reg Test
MMU TLB/CAM NTA Pattern Test
ERROR : Address = 000000f8, exp = 07ffffdc, obs = 00000000, xor = 07ffffdc
ERROR : Address = 000000fc, exp = ffffffff, obs = 00000000, xor = ffffffff
D-Cache RAM NTA Test
ERROR : Address = 000007fc, exp = ffffffff, obs = 00000000, xor = ffffffff
D-Cache TAG NTA Test
ERROR : Address = 000007f0, exp = 07fff801, obs = 00000000, xor = 07fff801
I-Cache RAM NTA Test
ERROR : Address = 00000ffc, exp = ffffffff, obs = 00000000, xor = ffffffff
I-Cache TAG NTA Test
ERROR : Address = 00000fe0, exp = 07fff001, obs = 00000000, xor = 07fff001
FPU Register File Test
FPU Misaligned Reg Pair Test
FPU Single-precision Tests
FPU Double-precision Tests
FPU SP Invalid CEXC Test
ERROR : Unexpected Synchronous Trap Taken, Trap Type = 00000008, PSR = 414010c4, PC = 70002d8c, TBR = 00000080
STATUS : Entering scope loop .... Press key to Abort!qemu: fatal: Trap 0x03 while interrupts disabled, Error state
pc: 0000217c npc: 00002d68
General Registers:
%g0: 00000000 %g1: 00002d68 %g2: 00005555 %g3: 00000001
%g4: 00000002 %g5: 00000000 %g6: 00000000 %g7: 00000000
Current Register Window:
%o0: 00000000 %o1: 00000999 %o2: 00000000 %o3: 00000000
%o4: 00000000 %o5: 00000000 %o6: 0001fba0 %o7: 7000971c
%l0: 0002fff8 %l1: 00000000 %l2: 00000000 %l3: 00000000
%l4: 00000000 %l5: ffffffff %l6: 00000000 %l7: 00000000
%i0: 00000000 %i1: 00000000 %i2: 00000000 %i3: 00000000
%i4: 00000000 %i5: 00000000 %i6: 00000000 %i7: 00000000

Floating Point Registers:
%f00: 000000002.890625 inf -inf 000000000.000000
%f04: 000000002.890625 000000000.000000 000000002.890625 000000000.000000
%f08: 000000003.390625 000000000.000000 000000002.250000 000000000.000000
%f12: 000000002.890625 000000000.000000 000000002.312500 000000000.000000
%f16: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
%f20: 000000002.718750 000000000.000000 000000002.562500 000000000.000000
%f24: 000000002.890625 000000000.000000 000000002.968750 000000000.000000
%f28: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
psr: 0x41000000 -> ---- --- wim: 0x00000002
fsr: 0x0f884010
Aborted