Re: x86emu emulation problem
On Fri, 6 Oct 2006, jf simon wrote: 2- The same code as seen from ndisasm: 68DA A00080mov al,[0x8000] 68DD 04F5 add al,0xf5 68DF 0002 add [bp+si],al 68E1 C8008015 enter 0x8000,0x15 68E5 0Epush cs 68E6 0106C800 add [0xc8],ax 68EA 80100Eadc byte [bx+si],0xe 68ED 0105 add [di],ax 68EF C800800B enter 0x8000,0xb 68F3 0Epush cs 68F4 0104 add [si],ax 68F6 C8008006 enter 0x8000,0x6 68FA 0Epush cs 68FB 0102 add [bp+si],ax 68FD E80080call 0xe900 !!!HERE AGAIN This is probably data -- either font data or VGA register tables. Can you trace backwards any more and figure out how you got to 68DA? You are right. I have found that the problem was on a JMP SHORT which was incorrectly landing in that part of the VGA BIOS. The relative displacement was negative (was 0xBA), but the JMP was considering it to be a jump to [PC]+0xBA rather than applying the signed arithmetic. Setting GCC -fsigned-char switch made the signed displacemnt correctly appliedand solved the problem. I didn't know that the char type was unsigned by default. I've just committed a change to insulate x86emu against this. Lastly, I have found that the VGA bios i use is doing CF8/CFC PCI configuration style accesses. Which doesn't work on my PowerPC plaftorm. (I think it is only to be seen in the x86 world, but not sure). So they need to be translated to whatever the platform is going to use as PCI configuration access. I just mention this for the record in case others are not aware of this. The generic int10 modules already intercepts such accesses and emulates them using PCI accesses appropriate for the platform. Marc. +--+--+ | Marc Aurele La France | work: 1-780-492-9310 | | Academic Information and| fax:1-780-492-1729 | |Communications Technologies | email: [EMAIL PROTECTED] | | 352 General Services Building +--+ | University of Alberta | | | Edmonton, Alberta |Standard disclaimers apply| | T6G 2H1 | | | CANADA | | +--+--+ XFree86 developer and VP. ATI driver and X server internals. ___ Devel mailing list Devel@XFree86.Org http://XFree86.Org/mailman/listinfo/devel
Re: x86emu emulation problem
Hi,
2- The same code as seen from ndisasm:
68DA A00080mov al,[0x8000]
68DD 04F5 add al,0xf5
68DF 0002 add [bp+si],al
68E1 C8008015 enter 0x8000,0x15
68E5 0Epush cs
68E6 0106C800 add [0xc8],ax
68EA 80100Eadc byte [bx+si],0xe
68ED 0105 add [di],ax
68EF C800800B enter 0x8000,0xb
68F3 0Epush cs
68F4 0104 add [si],ax
68F6 C8008006 enter 0x8000,0x6
68FA 0Epush cs
68FB 0102 add [bp+si],ax
68FD E80080call 0xe900 !!!HERE AGAIN
This is probably data -- either font data or VGA register tables. Can
you trace backwards any more and figure out how you got to 68DA?
You are right. I have found that the problem was on a JMP SHORT which
was incorrectly landing in that part of the VGA BIOS. The relative
displacement was negative (was 0xBA), but the JMP was considering it to
be a jump to [PC]+0xBA rather than applying the signed arithmetic.
Setting GCC -fsigned-char switch made the signed displacemnt
correctly appliedand solved the problem. I didn't know that the
char type was unsigned by default.
On a different issue, I think that the emulator may be wrong as it
sometimes fetches values from the DATA segment, even if the CS was
previously selected as the source segment. For exemple, in
x86emu/ops.c, see [*]:
if (M.x86.mode SYSMODE_PREFIX_DATA) {
u32 destval,srcval;
DECODE_PRINTF(TEST\tDWORD PTR );
destoffset = decode_rm00_address(rl);
DECODE_PRINTF(,);
srcval = fetch_long_imm();
DECODE_PRINTF2(%x\n, srcval);
destval = fetch_data_long(destoffset);
TRACE_AND_STEP();
test_long(destval, srcval);
} else {
u16 destval,srcval;
DECODE_PRINTF(TEST\tWORD PTR );
destoffset = decode_rm00_address(rl);
DECODE_PRINTF(,);
srcval = fetch_word_imm();
DECODE_PRINTF2(%x\n, srcval);
destval = fetch_data_word(destoffset); [*]
TRACE_AND_STEP();
test_word(destval, srcval);
}
[*] : shouldn't that be a fetch from the CS segt, since the mode (in
M.x86.mode) is not of the DATA type?
Lastly, I have found that the VGA bios i use is doing CF8/CFC PCI
configuration style accesses. Which doesn't work on my PowerPC plaftorm.
(I think it is only to be seen in the x86 world, but not sure). So they
need to be translated to whatever the platform is going to use as PCI
configuration access. I just mention this for the record in case others
are not aware of this.
Thanks,
-jf simon
___
Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet !
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences.
http://fr.answers.yahoo.com
___
Devel mailing list
Devel@XFree86.Org
http://XFree86.Org/mailman/listinfo/devel
Re: x86emu emulation problem
jf simon wrote:
Hi,
2- The same code as seen from ndisasm:
68DA A00080mov al,[0x8000]
68DD 04F5 add al,0xf5
68DF 0002 add [bp+si],al
68E1 C8008015 enter 0x8000,0x15
68E5 0Epush cs
68E6 0106C800 add [0xc8],ax
68EA 80100Eadc byte [bx+si],0xe
68ED 0105 add [di],ax
68EF C800800B enter 0x8000,0xb
68F3 0Epush cs
68F4 0104 add [si],ax
68F6 C8008006 enter 0x8000,0x6
68FA 0Epush cs
68FB 0102 add [bp+si],ax
68FD E80080call 0xe900 !!!HERE AGAIN
This is probably data -- either font data or VGA register tables. Can
you trace backwards any more and figure out how you got to 68DA?
You are right. I have found that the problem was on a JMP SHORT which
was incorrectly landing in that part of the VGA BIOS. The relative
displacement was negative (was 0xBA), but the JMP was considering it
to be a jump to [PC]+0xBA rather than applying the signed arithmetic.
Setting GCC -fsigned-char switch made the signed displacemnt
correctly appliedand solved the problem. I didn't know that the
char type was unsigned by default.
On a different issue, I think that the emulator may be wrong as it
sometimes fetches values from the DATA segment, even if the CS was
previously selected as the source segment. For exemple, in
x86emu/ops.c, see [*]:
if (M.x86.mode SYSMODE_PREFIX_DATA) {
u32 destval,srcval;
DECODE_PRINTF(TEST\tDWORD PTR );
destoffset = decode_rm00_address(rl);
DECODE_PRINTF(,);
srcval = fetch_long_imm();
DECODE_PRINTF2(%x\n, srcval);
destval = fetch_data_long(destoffset);
TRACE_AND_STEP();
test_long(destval, srcval);
} else {
u16 destval,srcval;
DECODE_PRINTF(TEST\tWORD PTR );
destoffset = decode_rm00_address(rl);
DECODE_PRINTF(,);
srcval = fetch_word_imm();
DECODE_PRINTF2(%x\n, srcval);
destval = fetch_data_word(destoffset); [*]
TRACE_AND_STEP();
test_word(destval, srcval);
}
[*] : shouldn't that be a fetch from the CS segt, since the mode (in
M.x86.mode) is not of the DATA type?
No. When they say SYSMODE_PREFIX_DATA, they are talking about the 0x66
prefix, which Intel calls the operand size override. That determines
whether the instruction uses 16-bit units or 32-bit units. Compare with
SYSMODE_PREFIX_ADDR, the 0x67 prefix, which Intel calls address size
override, which determines whether the addresses are 16-bit or 32-bits
wide.
The fetch_data_long and fetch_data_word functions will use the segment
overrides to decide which segment register to use.
--
Tim Roberts, [EMAIL PROTECTED]
Providenza Boekelheide, Inc.
___
Devel mailing list
Devel@XFree86.Org
http://XFree86.Org/mailman/listinfo/devel
Re: x86emu emulation problem
On Fri, Oct 06, 2006 at 10:43:57AM +0200, jf simon wrote: ... I didn't know that the char type was unsigned by default. It's allowed to be either (implementation dependent). --Paul Vojta, [EMAIL PROTECTED] ___ Devel mailing list Devel@XFree86.Org http://XFree86.Org/mailman/listinfo/devel
x86emu emulation problem
Hi, I am trying to use the x86emu code to emulate a PCI ATI Radeon VGA bios on a powerpc platform (IBM 970 Maple). The emulation starts OK, but after some time I can see that it is making a call to a location that is outside of the VGA bios. Which causes x86emu to emulate whatever rabbish it finds here. At first I thought that maybe x86emu was emulating the wrong code (maybe got misaligned in the opcodes). But using the ndisasm x86 disassembler on the original VGA bios showed that x86emu was emulating the code correctly. I have also compared PCI traces (collected with a H/W analyser) ran on the powerpc system and on a AMD64 system (which runs the VGA BIOS OK) and I can see that x86emu on the powerpc is making the right PCI accesses to the ATI before it crashes. Which makes me thing the x86emu is working OK, at least at the beginning. The problem is on the call 0xe903 instruction. There is no code there (code is from c: to c:0d000 ). Plus there are those strange opcodes ENTER 8000,15, which are causing the SP to go from SP=DFD0, to SP=5fa4 (righ in the code!). I have read that the ENTER opcode was designed to make for high level language procedures, and their required stack frame needs. But 0x8000 seems like a lot! I am really at a loss so as what to do next... Thaks for any help, -jf simon 1- the x86emu trace just before the problem: cat trace.cpu c000:68dd a00080 MOV AL,[8000] AX= BX=01e3 CX=4100 DX=f004 SP=dfd0 BP=0197 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68e2 NV UP DI PL ZR NA PE NC c000:68e0 04f5ADD AL,f5 [BP+SI]AL AX=00f5 BX=01e3 CX=4100 DX=f004 SP=dfd0 BP=0197 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=68e4 NV UP DI NG NZ NA PE NC c000:68e2 0002ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=dfd0 BP=0197 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68e8 NV UP DI NG NZ AC PO CY c000:68e4 c8008015ENTER 8000 ,15 AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa4 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68e9 NV UP DI NG NZ AC PO CY c000:68e8 0e PUSH CS [00c8]AXAX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=68ed NV UP DI NG NZ AC PO CY c000:68e9 0106c800ADD , [BX+SI] AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f0 NV UP DI PL NZ NA PE NC c000:68ed 80100e ADC BYTE PTR ,e [DI]AX AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f2 NV UP DI PL NZ NA PO NC c000:68f0 0105ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f6 NV UP DI PL NZ NA PE NC c000:68f2 c800800bENTER 8000 ,b AX=00f5 BX=01e3 CX=4100 DX=f004 SP=df8a BP=5fa0 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f7 NV UP DI PL NZ NA PE NC c000:68f6 0e PUSH CS [SI]AX AX=00f5 BX=01e3 CX=4100 DX=f004 SP=df88 BP=5fa0 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f9 NV UP DI PL NZ NA PE NC c000:68f7 0104ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=df88 BP=5fa0 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68fd NV UP DI PL NZ NA PO NC c000:68f9 c8008006ENTER 8000 AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f7a BP=df86 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68fe NV UP DI PL NZ NA PO NC c000:68fd 0e PUSH CS [BP+SI]AX AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f78 BP=df86 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=6900 NV UP DI PL NZ NA PO NC c000:68fe 0102ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f78 BP=df86 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=6903 NV UP DI PL NZ NA PE NC c000:6900 e80080 CALL e903 !!PROBLEM HERE!! [BX+SI]AL AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f76 BP=df86 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=e905 NV UP DI PL NZ NA PE NC c000:e903 ADD , [BX+SI]AL (x86emu starts emulating bad codes (all zeroes) AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f76 BP=df86 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=e907 NV UP DI PL NZ AC PE CY c000:e905 ADD , 2- The same code as seen from ndisasm: 68DA A00080mov al,[0x8000] 68DD 04F5 add al,0xf5 68DF 0002 add [bp+si],al
Re: x86emu emulation problem
On 10/5/06, jf simon [EMAIL PROTECTED] wrote: Hi, I am trying to use the x86emu code to emulate a PCI ATI Radeon VGA bios on a powerpc platform (IBM 970 Maple). The emulation starts OK, but after some time I can see that it is making a call to a location that is outside of the VGA bios. Which causes x86emu to emulate whatever rabbish it finds here. At first I thought that maybe x86emu was emulating the wrong code (maybe got misaligned in the opcodes). But using the ndisasm x86 disassembler on the original VGA bios showed that x86emu was emulating the code correctly. I have also compared PCI traces (collected with a H/W analyser) ran on the powerpc system and on a AMD64 system (which runs the VGA BIOS OK) and I can see that x86emu on the powerpc is making the right PCI accesses to the ATI before it crashes. Which makes me thing the x86emu is working OK, at least at the beginning. The problem is on the call 0xe903 instruction. There is no code there (code is from c: to c:0d000 ). Plus there are those strange opcodes ENTER 8000,15, which are causing the SP to go from SP=DFD0, to SP=5fa4 (righ in the code!). I have read that the ENTER opcode was designed to make for high level language procedures, and their required stack frame needs. But 0x8000 seems like a lot! I am really at a loss so as what to do next... FWIW, many video card bioses mess with PCI registers and the like. Alex Thaks for any help, -jf simon 1- the x86emu trace just before the problem: cat trace.cpu c000:68dd a00080 MOV AL,[8000] AX= BX=01e3 CX=4100 DX=f004 SP=dfd0 BP=0197 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68e2 NV UP DI PL ZR NA PE NC c000:68e0 04f5ADD AL,f5 [BP+SI]AL AX=00f5 BX=01e3 CX=4100 DX=f004 SP=dfd0 BP=0197 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=68e4 NV UP DI NG NZ NA PE NC c000:68e2 0002ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=dfd0 BP=0197 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68e8 NV UP DI NG NZ AC PO CY c000:68e4 c8008015ENTER 8000 ,15 AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa4 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68e9 NV UP DI NG NZ AC PO CY c000:68e8 0e PUSH CS [00c8]AXAX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=68ed NV UP DI NG NZ AC PO CY c000:68e9 0106c800ADD , [BX+SI] AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f0 NV UP DI PL NZ NA PE NC c000:68ed 80100e ADC BYTE PTR ,e [DI]AX AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f2 NV UP DI PL NZ NA PO NC c000:68f0 0105ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5fa2 BP=dfce SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f6 NV UP DI PL NZ NA PE NC c000:68f2 c800800bENTER 8000 ,b AX=00f5 BX=01e3 CX=4100 DX=f004 SP=df8a BP=5fa0 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f7 NV UP DI PL NZ NA PE NC c000:68f6 0e PUSH CS [SI]AX AX=00f5 BX=01e3 CX=4100 DX=f004 SP=df88 BP=5fa0 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68f9 NV UP DI PL NZ NA PE NC c000:68f7 0104ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=df88 BP=5fa0 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68fd NV UP DI PL NZ NA PO NC c000:68f9 c8008006ENTER 8000 AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f7a BP=df86 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=68fe NV UP DI PL NZ NA PO NC c000:68fd 0e PUSH CS [BP+SI]AX AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f78 BP=df86 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=6900 NV UP DI PL NZ NA PO NC c000:68fe 0102ADD , AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f78 BP=df86 SI= DI= DS= ES=c000 SS=c000 CS=c000 IP=6903 NV UP DI PL NZ NA PE NC c000:6900 e80080 CALL e903 !!PROBLEM HERE!! [BX+SI]AL AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f76 BP=df86 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=e905 NV UP DI PL NZ NA PE NC c000:e903 ADD , [BX+SI]AL (x86emu starts emulating bad codes (all zeroes) AX=00f5 BX=01e3 CX=4100 DX=f004 SP=5f76 BP=df86 SI= D I= DS= ES=c000 SS=c000 CS=c000 IP=e907 NV UP DI PL NZ AC PE CY c000:e905 ADD , 2- The same code as seen from ndisasm: 68DA A00080mov al,[0x8000] 68DD
Re: x86emu emulation problem
jf simon wrote: 2- The same code as seen from ndisasm: 68DA A00080mov al,[0x8000] 68DD 04F5 add al,0xf5 68DF 0002 add [bp+si],al 68E1 C8008015 enter 0x8000,0x15 68E5 0Epush cs 68E6 0106C800 add [0xc8],ax 68EA 80100Eadc byte [bx+si],0xe 68ED 0105 add [di],ax 68EF C800800B enter 0x8000,0xb 68F3 0Epush cs 68F4 0104 add [si],ax 68F6 C8008006 enter 0x8000,0x6 68FA 0Epush cs 68FB 0102 add [bp+si],ax 68FD E80080call 0xe900 !!!HERE AGAIN This is probably data -- either font data or VGA register tables. Can you trace backwards any more and figure out how you got to 68DA? -- Tim Roberts, [EMAIL PROTECTED] Providenza Boekelheide, Inc. ___ Devel mailing list Devel@XFree86.Org http://XFree86.Org/mailman/listinfo/devel
