1 |
$Id: TODO,v 1.410 2006/11/06 05:32:38 debug Exp $ |
$Id: TODO,v 1.556 2007/09/11 21:46:35 debug Exp $ |
2 |
|
|
3 |
This file is my list of things I want to work on in the future. It is in |
Some things, in no specific order, that I'd like to fix: |
4 |
random order, and some parts of it are probably out-to-date by now. |
(Some items in this list are perhaps already fixed.) |
5 |
|
|
6 |
|
------------------------------------------------------------------------------- |
7 |
|
|
8 |
Dyntrans: |
A first pass of installation regression testing of NetBSD 4.0 RC1 in GXemul: |
|
x) Instruction combination collisions? How to avoid easily... |
|
|
x) Think about how to do both SHmedia and SHcompact in a reasonable |
|
|
way! (Or AMD64 long/protected/real, for that matter.) |
|
|
x) 68K emulation; think about how to do variable instruction |
|
|
lengths across page boundaries. |
|
|
x) Dyntrans with valgrind-inspired memory checker. (In memory_rw, |
|
|
it would be reasonably simple to add; in each individual fast |
|
|
load/store routine = a lot more work, and it would become |
|
|
kludgy very fast.) |
|
|
x) Dyntrans with SMP... lots of work to be done here. |
|
|
x) Dyntrans with cache emulation... lots of work here as well. |
|
|
o) dev_mp doesn't work well with dyntrans yet |
|
|
o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans |
|
|
x) Redesign/rethink the delay slot mechanism used for e.g. MIPS, |
|
|
so that it caches a translation (that is, an instruction |
|
|
word and the instr_call it was translated to the last |
|
|
time), so that it doesn't need to do slow |
|
|
to_be_translated for each end of page? |
|
|
x) Program Counter statistics: |
|
|
Per machine? What about SMP? All data to the same file? |
|
|
A debugger command should be possible to use to enable/ |
|
|
disable statistics gathering. |
|
|
Configuration file option! |
|
|
x) Breakpoints: |
|
|
o) Physical vs virtual addresses! |
|
|
o) 32-bit vs 64-bit sign extension for MIPS, and others? |
|
|
x) INVALIDATION should cause translations in _all_ cpus to be |
|
|
invalidated, e.g. on a write to a write-protected page |
|
|
(containing code) |
|
|
x) 16-bit encodings? (MIPS16, ARM Thumb, 32-bit SH on SH64) |
|
|
x) Lots of other stuff: see src/cpus/README_DYNTRANS |
|
|
x) true recompilation backend? think carefully about this, |
|
|
experiment in a separate project (not in GXemul) |
|
|
o) First test would be to just implement a simple |
|
|
instruction such as MIPS' addiu or lui, on AMD64 |
|
|
hosts... |
|
9 |
|
|
10 |
Simple Valgrind-like checks? |
X pmax (including X Windows out-of-the-box) |
11 |
o) Mark every address with bits which tell whether or not the address |
X arc (1.6.2 -> 4.0! Yay!) |
12 |
has been written to. |
hpcmips |
13 |
o) What should happen when programs are loaded? Text/data, bss (zero |
cobalt |
14 |
filled). But stack space and heap is uninitialized. |
evbmips |
15 |
o) Uninitialized local variables: |
algor |
16 |
A load from a place on the stack which has not previously |
sgimips |
17 |
been stored to => warning. Increasing the stack pointer using |
cats |
18 |
any available means should reset the memory to uninitialized. |
evbarm |
19 |
o) If calls to malloc() and free() can be intercepted: |
netwinder |
20 |
o) Access to a memory area after free() => warning. |
prep nej, 2.0 är senaste som funkar :( |
21 |
o) Memory returned by malloc() is marked as not-initialized. |
X macppc |
22 |
o) Non-passive, but good to have: Change the argument |
pmppc |
23 |
given to malloc, to return a slightly larger memory |
X dreamcast |
24 |
area, i.e. margin_before + size + margin_after, |
X landisk |
25 |
and return the pointer + margin_before. |
|
26 |
Any access to the margin_before or _after space results |
X = done and worked fine |
27 |
in warnings. (free() must be modified to free the |
|
28 |
actually allocated address.) |
------------------------------------------------------------------------------- |
29 |
|
|
30 |
|
Perform a second regression test pass, when the actual NetBSD 4.0 release |
31 |
|
has happened. |
32 |
|
|
33 |
|
o) Test all guest OSes. |
34 |
|
o) Update: |
35 |
|
URLs |
36 |
|
Versions |
37 |
|
|
38 |
|
o) Make a new GXemul release: 0.4.6.1 |
39 |
|
|
40 |
|
------------------------------------------------------------------------------- |
41 |
|
|
42 |
|
M88K: |
43 |
|
o) FIP != NIP + 4, in rte! (Simulate delayed branch stuff.) |
44 |
|
o) cpu_dyntrans.c: MEMORY_USER_ACCESS implementation for M88K! |
45 |
|
o) xmem: Set transaction registers! |
46 |
|
o) CMMUs: |
47 |
|
o) Translation invalidations, could be optimized. |
48 |
|
o) Move initialization from dev_mvme187 to somewhere |
49 |
|
more reasonable? |
50 |
|
o) Instruction trace by using bits of ??IP control regs. |
51 |
|
o) Interrupts (these are machine dependent, though). |
52 |
|
o) Implement devices etc. for one or more machine modes, |
53 |
|
to get some guest OS running. OpenBSD/mvme88k on MVME187 |
54 |
|
seems to be the smartest path to follow for now. |
55 |
|
o) VME bus device |
56 |
|
o) PCC2 |
57 |
|
o) Cirrus Logic serial port controller |
58 |
|
o) Instruction disassembly, and implementation: |
59 |
|
o) See http://www.panggih.staff.ugm.ac.id/download/GCC/info/gcc.i5 |
60 |
|
for some strange cases of when "div" can fail (?) |
61 |
|
o) Floating point stuff |
62 |
|
o) "Graphics" instructions (M88110-specific) |
63 |
|
|
64 |
MIPS: |
MIPS: |
65 |
o) Nicer MIPS status bits in register dumps. |
o) Nicer MIPS status bits in register dumps. |
|
o) Alignment exceptions. |
|
66 |
o) Floating point exception correctness. |
o) Floating point exception correctness. |
67 |
o) Fix this? Triggered by NetBSD/sgimips? Hm: |
o) Fix this? Triggered by NetBSD/sgimips? Hm: |
68 |
to_be_translated(): TODO: unimplemented instruction: |
to_be_translated(): TODO: unimplemented instruction: |
70 |
o) Some more work on opcodes. |
o) Some more work on opcodes. |
71 |
x) MIPS64 revision 2. |
x) MIPS64 revision 2. |
72 |
o) Find out which actual CPUs implement the rev2 ISA! |
o) Find out which actual CPUs implement the rev2 ISA! |
73 |
|
o) DINS, DINSM, DINSU etc |
74 |
o) DROTR32 and similar MIPS64 rev 2 instructions, |
o) DROTR32 and similar MIPS64 rev 2 instructions, |
75 |
which have a rotation bit which differs from |
which have a rotation bit which differs from |
76 |
previous ISAs. |
previous ISAs. |
|
o) EI and DI instructions for MIPS64/32 rev 2. |
|
|
NOTE: These are _NOT_ the same as for R5900! |
|
77 |
x) _MAYBE_ TX79 and R5900 actually differ in their |
x) _MAYBE_ TX79 and R5900 actually differ in their |
78 |
opcodes? Check this carefully! |
opcodes? Check this carefully! |
79 |
o) Dyntrans: Count register updates are probably not 100% correct yet. |
o) Dyntrans: Count register updates are probably not 100% correct yet. |
|
o) Refactor code for performance and readability/maintainability. |
|
80 |
o) (Re)implement 128-bit loads/stores for R5900. |
o) (Re)implement 128-bit loads/stores for R5900. |
81 |
|
o) Coprocessor 1x (i.e. 3) should cause cp1 exceptions, not 3? |
82 |
|
(See http://lists.gnu.org/archive/html/qemu-devel/2007-05/msg00005.html) |
83 |
o) R4000 and others: |
o) R4000 and others: |
84 |
x) watchhi/watchlo exceptions, and other exception |
x) watchhi/watchlo exceptions, and other exception |
85 |
handling details |
handling details |
86 |
|
o) MIPS 5K* have 42 physical address bits, not 40/44? |
87 |
o) R10000 and others: (R12000, R14000 ?) |
o) R10000 and others: (R12000, R14000 ?) |
88 |
|
x) The code before the line |
89 |
|
/* reg[COP0_PAGEMASK] = cpu->cd.mips.coproc[0]->tlbs[0].mask & PAGEMASK_MASK; */ |
90 |
|
in cpu_mips.c is not correct for R10000 according to |
91 |
|
Lemote's Godson patches for GXemul. TODO: Go through all |
92 |
|
register definitions according to http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_263.html#HEADING334 |
93 |
|
and make sure everything works with R10000. |
94 |
|
Then test with OpenBSD/sgi? |
95 |
|
x) Entry LO mask (as above). |
96 |
x) memory space, exceptions, ... |
x) memory space, exceptions, ... |
97 |
x) use cop0 framemask for tlb lookups |
x) use cop0 framemask for tlb lookups |
98 |
(http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html) |
(http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html) |
99 |
|
|
100 |
SuperH: |
SuperH: |
101 |
x) DMA (0xffa00000) |
x) Auto-generation of loads/stores! This should get rid of at least |
102 |
x) Instruction tracing should include symbols for branch targets, |
the endianness check in each load/store. |
103 |
and so on... |
x) Experiment with whether or not correct ITLB emulation is |
104 |
|
actually needed. (20070522: I'm turning it off today.) |
105 |
x) SH4 interrupt controller: |
x) SH4 interrupt controller: |
106 |
x) Implement correct priorities of interrupts |
x) MASKING should be possible! |
107 |
|
x) SH4 DMA (0xffa00000) |
108 |
|
x) SH4 UBC (0xff200000) |
109 |
|
x) Store queues can copy 32 bytes at a time, there's no need to |
110 |
|
copy individual 32-bit words. (Performance improvement.) |
111 |
x) SH4 BSC (Bus State Controller) |
x) SH4 BSC (Bus State Controller) |
112 |
x) NetBSD/evbsh3, dreamcast, mmeye, hpcsh! Linux? |
x) Instruction tracing should include symbols for branch targets, |
113 |
x) Replace pc-relative loads with immediate load, if within the |
and so on, to make the output more human readable. |
114 |
same page. (Similar to the same optimization for ARM.) |
x) SH3-specific devices: Pretty much everything! |
115 |
x) Floating point exception correctness. |
x) NetBSD/evbsh3, hpcsh! Linux? |
116 |
x) Floating point speed! |
x) Floating point speed! |
117 |
x) Think carefully about how to implement SH5/SH64 (for evbsh5). |
x) Floating point exception correctness. |
118 |
|
x) Exceptions for unaligned load/stores. OpenBSD/landisk uses |
119 |
|
this mechanism for its reboot code (machine_reset). |
120 |
|
|
121 |
|
Landisk SH4: |
122 |
|
x) When NetBSD/landisk 4.0 has been released, make sure it works |
123 |
|
in the emulator. (Update documentation, etc.) |
124 |
|
NetBSD HEAD (as of April 2007) hangs during bootup, because it |
125 |
|
turns on/off interrupts in an unfortunately synchronized way |
126 |
|
with dyntrans. This needs to be fixed. |
127 |
|
|
128 |
Dreamcast: |
Dreamcast: |
129 |
x) CD image bootup: |
x) G2 DMA |
130 |
0) Find IP.BIN, and load it to 0x8c008000. |
x) LAN adapter (dev_mb8696x.c). NetBSD root-on-nfs. |
|
1) Run code at 0x8c008300 (SEGA license code). |
|
|
2) When the license code runs a "boot menu" syscall, |
|
|
load the 1ST_READ.BIN file (unscrambled?) to 0x8c010000. |
|
|
3) Run code at 0x8c00b800 (Bootstrap 1). This will in turn |
|
|
jump to 0x8c00e000 (Bootstrap 2), and then jump to |
|
|
0x8c010000, to start the program. |
|
|
(Try with e.g. Comstedt's Serial IP Slave, to make sure it |
|
|
works as expected.) |
|
|
x) LAN adapter. |
|
131 |
x) PVR: Lots of stuff. See dev_pvr.c. |
x) PVR: Lots of stuff. See dev_pvr.c. |
132 |
|
x) Better GDROM support |
133 |
|
x) Modem |
134 |
|
x) PCI bridge/bus? |
135 |
x) Maple bus: |
x) Maple bus: |
136 |
x) Correct controller input |
x) Correct controller input |
137 |
x) Mouse input |
x) Mouse input |
138 |
x) PROM/BIOS calls: |
x) Software emulation of BIOS calls: |
139 |
x) GD-ROM emulation |
x) GD-ROM emulation: Use the GDROM device. |
140 |
x) NetBSD/dreamcast: Root on nfs? |
x) Use the VGA font as a fake ROM font. (Better than |
141 |
x) Linux/dreamcast? (The gentoo kernel currently crashes.) |
nothing.) |
142 |
|
x) Make as many as possible of the KOS examples run! |
143 |
x) More homebrew demos/games. |
x) More homebrew demos/games. |
144 |
x) Sound emulation (ARM cpu). |
x) SPU: Sound emulation (ARM cpu). |
145 |
x) VME processor emulation? |
x) VME processor emulation? "(Sanyo LC8670 "Potato")" according to |
146 |
|
Wikipedia, LC86K87 according to Comstedt's page. See |
147 |
Transputer: |
http://www.maushammer.com/vmu.html for a good description of |
148 |
x) Implement support for Helios binaries. |
the differences between LC86104C and the one used in the VME. |
|
x) Stack and register contents at startup? |
|
|
x) Figure out how to boot an entire Helios distribution. |
|
|
x) Implement all instructions. :) |
|
|
|
|
|
RCA1802/RCA1805, CHIP8: |
|
|
x) CHIP8 -> RCA180x conversion |
|
|
x) Think about how to do dual-mode, variable-instr-length |
|
|
ISAs, and switch between modes. |
|
|
x) 1805 "extended" opcode -> trigger CHIP8 emulation? |
|
|
That is, all calls 0NNN could point to 0x68 opcodes, |
|
|
which, if running on a 1802 in CHIP8-emulation-mode, |
|
|
would be manually interpreted. |
|
|
x) Better solution: |
|
|
CHIP8 calls to 00xx => handle at high level, |
|
|
calls to 0xxx in general = call 180X machine code |
|
|
(0000 = reboot?) |
|
|
x) 1802 info: http://www.nyx.net/~lturner/public_html/Cosmac.html |
|
|
and: http://www.elf-emulation.com/1802.html |
|
|
x) 1805 extended opcodes: Implement at least disassembly support! |
|
|
x) Keyboard input. |
|
|
x) Sound (beep only). |
|
|
x) Slow-down to correct speed? Wikipedia: "it was usually operated |
|
|
at 3.58 MHz/2 to suit the requirements of the 1861 chip which |
|
|
gave a speed of a little over 100,000 instructions per second" |
|
|
(Note that _CHIP8_ emulation would then be even slower.) |
|
|
x) SCHIP48 (Super) emulation: |
|
|
Some more opcodes, 128x64 framebuffer, larger |
|
|
sprites and fonts. |
|
149 |
|
|
150 |
Alpha: |
Alpha: |
151 |
x) OSF1 PALcode, Virtual memory support. |
x) OSF1 PALcode, Virtual memory support. |
156 |
x) More Alpha machine types, so it could work with |
x) More Alpha machine types, so it could work with |
157 |
OpenBSD, FreeBSD, and Linux too? |
OpenBSD, FreeBSD, and Linux too? |
158 |
|
|
159 |
SPARC: |
SPARC (both the ISA and the machines): |
160 |
o) Implement Adress space identifiers; load/stores etc. |
o) Implement Adress space identifiers; load/stores etc. |
161 |
o) Save/restore register windows etc! |
o) Exception/trap/interrupt handling. |
162 |
|
o) Save/restore register windows etc! Both v9 and pre-v9! |
163 |
o) Finish the subcc and addcc flag computation code. |
o) Finish the subcc and addcc flag computation code. |
164 |
o) Add more registers (floating point, control regs etc) |
o) Add more registers (floating point, control regs etc) |
|
o) Exception/trap handling. |
|
165 |
o) Disassemly of some more instructions? |
o) Disassemly of some more instructions? |
166 |
o) Are sll etc 32-bit sign-extending or zero-extending? |
o) Are sll etc 32-bit sign-extending or zero-extending? |
167 |
o) Finish the GDB register stuff. |
o) Floating point exception correctness. |
|
x) Floating point exception correctness. |
|
168 |
o) SPARC v8, v7 etc? |
o) SPARC v8, v7 etc? |
169 |
|
o) More machine modes and devices. |
|
Debugger: |
|
|
o) How does SMP debugging work? Does it simply use "threads"? |
|
|
What if the guest OS (running on an emulated SMP machine) |
|
|
has a usertask running, with userland threads? |
|
|
o) Try to make the debugger more modular and, if possible, reentrant! |
|
|
o) Remove the emul command? (But show network info if showing |
|
|
machines?) |
|
|
o) Settings: |
|
|
x) Special handlers for Write! |
|
|
+) MIPS coproc regs |
|
|
+) Alpha/MIPS/SPARC zero registers |
|
|
+) x86 64/32/16-bit registers |
|
|
x) Value formatter for resulting output. |
|
|
o) see src/debugger.c for more |
|
170 |
|
|
171 |
POWER/PowerPC: |
POWER/PowerPC: |
172 |
x) find and fix the bug which causes NetBSD/macppc to fail after |
x) Fix DECR timer speed, so it matches the host. |
|
an install! |
|
173 |
x) NetBSD/prep 3.x triggers a possible bug in the emulator: |
x) NetBSD/prep 3.x triggers a possible bug in the emulator: |
174 |
<wdc_exec_command(0xd005e514,0xd60cdd30,0,8,..)> |
<wdc_exec_command(0xd005e514,0xd60cdd30,0,8,..)> |
175 |
<ata_get_xfer(0,0xd60cdd30,0,8,..)> |
<ata_get_xfer(0,0xd60cdd30,0,8,..)> |
193 |
x) Floating point exception correctness. |
x) Floating point exception correctness. |
194 |
x) Alignment exceptions. |
x) Alignment exceptions. |
195 |
|
|
196 |
|
PReP: |
197 |
|
x) Clock time! ("Bad battery blah blah") |
198 |
|
|
199 |
Algor: |
Algor: |
200 |
o) Other models than the P5064? |
o) Other models than the P5064? |
201 |
o) PCI interrupts... needed for stuff like the tlp NIC? |
o) PCI interrupts... needed for stuff like the tlp NIC? |
202 |
|
|
203 |
|
BeBox: |
204 |
|
o) Interrupts. There seems to be a problem with WDC interrupts |
205 |
|
"after a short while", although a few interrupts get through? |
206 |
|
o) Perhaps find a copy of BeOS and try it? |
207 |
|
|
208 |
|
Malta: |
209 |
|
o) The Linux/Malta kernel at people.debian.org/~ths/qemu/malta/ |
210 |
|
almost works: |
211 |
|
./gxemul -x -o 'rd_start=0x80800000 rd_size=10000000 init=/bin/sh' -C 4KEc |
212 |
|
-e malta 0x80800000:people.debian.org/~ths/qemu/malta/initrd.gz |
213 |
|
people.debian.org/~ths/qemu/malta/vmlinux |
214 |
|
(Remove "init=/bin/sh" to boot into the Debian installer.) |
215 |
|
There are at least two things that need to be fixed: |
216 |
|
1. PCI IDE; make Linux oops. |
217 |
|
2. Implement the NIC. |
218 |
|
|
219 |
HPCmips: |
HPCmips: |
220 |
x) Mouse/pad support! :) |
x) Mouse/pad support! :) |
221 |
x) A NIC? (As a PCMCIA device?) |
x) A NIC? (As a PCMCIA device?) |
222 |
|
|
|
AVR: |
|
|
o) Everything. |
|
|
|
|
|
AVR32: |
|
|
o) Everything. It would be good if there was NetBSD/avr32 to |
|
|
experiment with... |
|
|
|
|
223 |
ARM: |
ARM: |
224 |
o) See netwinder_reset() in NetBSD; the current "an internal error |
o) See netwinder_reset() in NetBSD; the current "an internal error |
225 |
occured" message after reboot/halt is too ugly. |
occured" message after reboot/halt is too ugly. |
226 |
o) ARM "wait"-like instruction? |
o) Generic ARM "wait"-like instruction? |
227 |
o) try to get netbsd/evbarm 3.x running (iq80321) |
o) try to get netbsd/evbarm 3.x or 4.x running (iq80321) |
228 |
o) make the xscale counter registers (ccnt) work |
o) make the xscale counter registers (ccnt) work |
229 |
o) make the ata controller usable for FreeBSD! |
o) make the ata controller usable for FreeBSD! |
230 |
o) zaurus for openbsd... |
o) Debian/cats crashes because of unimplemented coproc stuff. |
|
o) debian/cats crashes because of unimplemented coproc stuff. |
|
231 |
fix this? |
fix this? |
232 |
|
|
233 |
Test machines: |
Test machines: |
234 |
+ dev_fb block fill and copy |
o) dev_fb block fill and copy |
235 |
+ dev_fb draw characters (from the built-in font)? |
o) dev_fb draw characters (from the built-in font)? |
236 |
+ dev_fb input device? mouse pointer coordinates and buttons |
o) dev_fb input device? mouse pointer coordinates and buttons |
237 |
(allow changes in these to cause interrupts as well?) |
(allow changes in these to cause interrupts as well?) |
238 |
+ Redefine the halt() function so that it stops "sometimes |
o) Redefine the halt() function so that it stops "sometimes |
239 |
soon", i.e. usage in demo code should be: |
soon", i.e. usage in demo code should be: |
240 |
for (;;) { |
for (;;) { |
241 |
halt(); |
halt(); |
242 |
} |
} |
243 |
|
|
244 |
|
Debugger: |
245 |
|
o) How does SMP debugging work? Does it simply use "threads"? |
246 |
|
What if the guest OS (running on an emulated SMP machine) |
247 |
|
has a usertask running, with userland threads? |
248 |
|
o) Try to make the debugger more modular and, if possible, reentrant! |
249 |
|
o) Memory dumps should be able to dump both physical and |
250 |
|
virtual emulated memory. |
251 |
|
o) Evaluate expressions within []? That would allow stuff like |
252 |
|
cpu[x] where x is an expression. |
253 |
|
o) "pc = pc + 4" doesn't work! Bug. Should work. ("pc=pc+4" works.) |
254 |
|
o) Settings: |
255 |
|
x) Special handlers for Write! |
256 |
|
+) MIPS coproc regs |
257 |
|
+) Alpha/MIPS/SPARC zero registers |
258 |
|
+) x86 64/32/16-bit registers |
259 |
|
x) Value formatter for resulting output. |
260 |
|
o) Call stack display (back-trace) of emulated programs. |
261 |
|
o) Nicer looking output of register dumps, floating point registers, |
262 |
|
etc. Warn about weird/invalid register contents. |
263 |
|
o) Ctrl-C doesn't enter the debugger on some OSes (HP-UX?)... |
264 |
|
|
265 |
|
Dyntrans: |
266 |
|
x) NOTE: ARM etc. that load pc-relative constants, on writes to |
267 |
|
pages that contain translations, the ENTIRE page must be |
268 |
|
invalidated, not just the 1/32th that was code. |
269 |
|
x) For 32-bit emulation modes, that have emulated TLBs: tlbindex |
270 |
|
arrays of mapped pages? Things to think about: |
271 |
|
x) Only 32-bit mode! (64-bit => too much code) |
272 |
|
x) One array for global pages, and one array _PER ASID_, |
273 |
|
for those archs that support that. On M88K, there should |
274 |
|
be one array for userspace, and one for supervisor, etc. |
275 |
|
x) Larger-than-4K-pages must fill several bits in the array. |
276 |
|
x) No TLB search will be necessary. |
277 |
|
x) Total host space used, for 4 KB pages: 1 MB per table, |
278 |
|
i.e. 65 MB for 32-bit MIPS, 2 MB for M88K, if one byte |
279 |
|
is used as the tlb index. |
280 |
|
x) (The index is actually +1, so that 0 means no hit.) |
281 |
|
x) "Merge" the cur_physpage and cur_ic_page variables/pointers to |
282 |
|
one? I.e. change cur_ic_page to cur_physpage.ic_page or something. |
283 |
|
x) Instruction combination collisions? How to avoid easily... |
284 |
|
x) superh -- no hostpage for e.g. 0x8c000000. devices as ram! |
285 |
|
x) Think about how to do both SHmedia and SHcompact in a reasonable |
286 |
|
way! (Or AMD64 long/protected/real, for that matter.) |
287 |
|
x) 68K emulation; think about how to do variable instruction |
288 |
|
lengths across page boundaries. |
289 |
|
x) Dyntrans with valgrind-inspired memory checker. (In memory_rw, |
290 |
|
it would be reasonably simple to add; in each individual fast |
291 |
|
load/store routine = a lot more work, and it would become |
292 |
|
kludgy very fast.) |
293 |
|
x) Dyntrans with SMP... lots of work to be done here. |
294 |
|
x) Dyntrans with cache emulation... lots of work here as well. |
295 |
|
x) Remove the concept of base RAM completely; it would be more |
296 |
|
generic to allow RAM devices to be used "anywhere". |
297 |
|
o) dev_mp doesn't work well with dyntrans yet |
298 |
|
o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans |
299 |
|
x) Redesign/rethink the delay slot mechanism used for e.g. MIPS, |
300 |
|
so that it caches a translation (that is, an instruction |
301 |
|
word and the instr_call it was translated to the last |
302 |
|
time), so that it doesn't need to do slow |
303 |
|
to_be_translated for each end of page? |
304 |
|
x) Program Counter statistics: |
305 |
|
Per machine? What about SMP? All data to the same file? |
306 |
|
A debugger command should be possible to use to enable/ |
307 |
|
disable statistics gathering. |
308 |
|
Configuration file option! |
309 |
|
x) Breakpoints: |
310 |
|
o) Physical vs virtual addresses! |
311 |
|
o) 32-bit vs 64-bit sign extension for MIPS, and others? |
312 |
|
x) INVALIDATION should cause translations in _all_ cpus to be |
313 |
|
invalidated, e.g. on a write to a write-protected page |
314 |
|
(containing code) |
315 |
|
x) 16-bit encodings? (MIPS16, ARM Thumb, etc) |
316 |
|
x) Lots of other stuff: see src/cpus/README_DYNTRANS |
317 |
|
x) Native code generation backends... think carefully about this. |
318 |
|
|
319 |
|
Simple Valgrind-like checks? |
320 |
|
o) Mark every address with bits which tell whether or not the address |
321 |
|
has been written to. |
322 |
|
o) What should happen when programs are loaded? Text/data, bss (zero |
323 |
|
filled). But stack space and heap is uninitialized. |
324 |
|
o) Uninitialized local variables: |
325 |
|
A load from a place on the stack which has not previously |
326 |
|
been stored to => warning. Increasing the stack pointer using |
327 |
|
any available means should reset the memory to uninitialized. |
328 |
|
o) If calls to malloc() and free() can be intercepted: |
329 |
|
o) Access to a memory area after free() => warning. |
330 |
|
o) Memory returned by malloc() is marked as not-initialized. |
331 |
|
o) Non-passive, but good to have: Change the argument |
332 |
|
given to malloc, to return a slightly larger memory |
333 |
|
area, i.e. margin_before + size + margin_after, |
334 |
|
and return the pointer + margin_before. |
335 |
|
Any access to the margin_before or _after space results |
336 |
|
in warnings. (free() must be modified to free the |
337 |
|
actually allocated address.) |
338 |
|
|
339 |
Better CD Image file support: |
Better CD Image file support: |
340 |
x) Support CD formats that contain more than 1 track, e.g. |
x) Support CD formats that contain more than 1 track, e.g. |
341 |
CDI files (?). These can then contain a mixture of e.g. sound |
CDI files (?). These can then contain a mixture of e.g. sound |
345 |
possibly other live-CD formats.) |
possibly other live-CD formats.) |
346 |
|
|
347 |
Networking: |
Networking: |
348 |
|
x) Redesign of the networking subsystem, at least the NAT translation |
349 |
|
part. The current way of allowing raw ethernet frames to be |
350 |
|
transfered to/from the emulator via UDP should probably be |
351 |
|
extended to allow the frames to be transmitted other ways as |
352 |
|
well. |
353 |
|
x) Also adding support for connecting ttys (either to xterms, or to |
354 |
|
pipes/sockets etc, or even to PPP->NAT or SLIP->NAT :-). |
355 |
|
x) Documentation updates (!) are very important, making it easier to |
356 |
|
use the (already existing) network emulation features. |
357 |
x) Fix performance problems caused by only allowing a |
x) Fix performance problems caused by only allowing a |
358 |
single TCP packet to be unacked. |
single TCP packet to be unacked. |
359 |
x) Don't hardcode offsets into packets! |
x) Don't hardcode offsets into packets! |
386 |
is another option (easier to implement, but very very slow). |
is another option (easier to implement, but very very slow). |
387 |
|
|
388 |
Documentation: |
Documentation: |
389 |
|
x) Update the documentation regarding the testmachine interrupts. |
390 |
x) Note about sandboxing/security: |
x) Note about sandboxing/security: |
391 |
Not all emulated instructions fail in the way they would |
Not all emulated instructions fail in the way they would |
392 |
do on real hardware (e.g. a userspace program writing to |
do on real hardware (e.g. a userspace program writing to |
396 |
securely". |
securely". |
397 |
x) Try NetBSD/arc 4.x! (It seems to work with disk images!) |
x) Try NetBSD/arc 4.x! (It seems to work with disk images!) |
398 |
x) NetBSD/pmax 4 install instructions: xterm instead of vt100! |
x) NetBSD/pmax 4 install instructions: xterm instead of vt100! |
|
x) DEVICE_TICK in technical.html |
|
399 |
x) Rewrite the section about experimental devices, after the |
x) Rewrite the section about experimental devices, after the |
400 |
framebuffer acceleration has been implemented, and demos |
framebuffer acceleration has been implemented, and demos |
401 |
written. (Symbolic names instead of numbers; example |
written. (Symbolic names instead of numbers; example |
404 |
x) "a very simple linear framebuffer device (for graphics output)" |
x) "a very simple linear framebuffer device (for graphics output)" |
405 |
under "which machines does gxemul emulate" ==> better |
under "which machines does gxemul emulate" ==> better |
406 |
description? |
description? |
|
x) Better description on how to set up a cross compiler? |
|
|
Example for MIPS64. |
|
|
o) Automagic documentation generation? |
|
|
x) machines, cpus, devices. |
|
|
x) REMEMBER that several machines/devices can be in |
|
|
the same source file! |
|
|
o) Try to rewrite the install instructions for those machines |
|
|
that use 3MAX into using CATS or hpcmips? (To remove the need |
|
|
to use a raw ffs partition, using up all of the disk image.) |
|
|
|
|
|
More generic out_of_memory error reporting, and check everywhere! |
|
|
Causes: OpenBSD has low default limits for normal users. |
|
|
Host is 32-bit? (32-bit hosts are limited to 4 GB or less |
|
|
of userspace memory.) |
|
|
You are actually low on RAM. (As trivial as this might sound, |
|
|
Unix systems usually allow processes to allocate virtual |
|
|
memory beyond the amount of RAM in the machine.) |
|
407 |
|
|
408 |
The Device subsystem: |
The Device subsystem: |
409 |
x) allow devices to be moved and/or changed in size (down to a |
x) allow devices to be moved and/or changed in size (down to a |
413 |
registering new devices, and for moving existing ones. |
registering new devices, and for moving existing ones. |
414 |
cpu->invalidate translation caches, for all CPUs that |
cpu->invalidate translation caches, for all CPUs that |
415 |
are connected to a specific memory. |
are connected to a specific memory. |
|
x) keep track of interrupts and busses? actually, allowing any device |
|
|
to be a bus might be a nice idea. |
|
|
x) turn interrupt controllers into devices? :-) |
|
|
x) refactor various clocks/nvram/cmos into one device? |
|
416 |
|
|
417 |
PCI: |
PCI: |
418 |
|
x) Pretty much everything related to runtime configuration, device |
419 |
|
slots, interrupts, etc must be redesigned/cleaned up. The current |
420 |
|
code is very hardcoded and ugly. |
421 |
|
o) Allow cards to be added/removed during runtime more easily. |
422 |
|
o) Allow cards to be enabled/disabled (i/o ports, etc, like |
423 |
|
NetBSD needs for disk controller detection). |
424 |
|
o) Allow devices to be moved in memory during runtime. |
425 |
|
o) Interrupts per PCI slot, etc. (A-D). |
426 |
|
o) PCI interrupt controller logic... very hard to get right, |
427 |
|
because these differ a lot from one machine to the next. |
428 |
x) last write was ffffffff ==> fix this, it should be used |
x) last write was ffffffff ==> fix this, it should be used |
429 |
together with a mask to get the correct bits. also, not ALL |
together with a mask to get the correct bits. also, not ALL |
430 |
bits are size bits! (lowest 4 vs lowest 2?) |
bits are size bits! (lowest 4 vs lowest 2?) |
432 |
x) generalize the interrupt routing stuff (lines etc) |
x) generalize the interrupt routing stuff (lines etc) |
433 |
|
|
434 |
Clocks and timers: |
Clocks and timers: |
435 |
|
x) Fix the PowerPC DECR interrupt speed! (MacPPC and PReP speed, etc.) |
436 |
x) DON'T HARDCODE 100 HZ IN cpu_mips_coproc.c! |
x) DON'T HARDCODE 100 HZ IN cpu_mips_coproc.c! |
437 |
x) Test the 8253? Right now it doesn't seem to be used? |
x) NetWinder timeofday is incorrect! Huh? grep -R for ta_rtc_read in |
438 |
x) NetWinder timeofday is incorrect! |
NetBSD sources; it doesn't seem to be initialized _AT ALL_?! |
439 |
x) Cobalt TOD is incorrect! |
x) Cobalt TOD is incorrect! |
440 |
x) Go through all other machines, one by one, and fix them. |
x) Go through all other machines, one by one, and fix them. |
441 |
|
|
|
Busses: |
|
|
o) Redesign the entire "mainbus" concept! |
|
|
x) Busses should be placed in a hierarchical tree (?) |
|
|
x) Specific clock/bus speeds, cpu speeds etc. |
|
|
o) Interrupt routing subsystem: |
|
|
x) IF POSSIBLE, try to make the new system work with the |
|
|
current system, but print annoying warning messages. :) |
|
|
Think carefully about this. |
|
|
x) Registry for all available interrupts. |
|
|
+) Each interrupt controller (including CPU cores |
|
|
that can handle interrupts) should register its |
|
|
interrupts, e.g. |
|
|
cpu[0].irq[3] |
|
|
cpu[0].irq[3].pcmcia_slot[1] |
|
|
cpu[0].irq.pci[3] |
|
|
+) Note: MIPS cpus have multiple irqs in the core, |
|
|
while some other CPUs only have one (irq[0] |
|
|
or just irq). |
|
|
x) Users should use interrupt _names_ instead of integers |
|
|
when attaching to an interrupt controller, but when |
|
|
asserting/deasserting irq lines, small integers must |
|
|
still be used (for obvious performance reasons). |
|
|
Figure out a way to do this nicely! |
|
|
x) Any users need to say whether they need the interrupt line |
|
|
exclusively or allow shared access. |
|
|
x) Must work with everything from native IRQs to |
|
|
TurboChannel/PCI/ISA/ADB/PCMCIA/... |
|
|
x) Must work with SMP emulation! |
|
|
x) Make it with device_add(). How does the end user find |
|
|
out the name of an interrupt controller/line in e.g. |
|
|
a configuration file? |
|
|
o) Synchronization over network? or at least in dyntrans within |
|
|
one emulated machine |
|
|
o) Convert to real busses: TurboChannel, PCMCIA, ADB |
|
|
|
|
442 |
Config file parser: |
Config file parser: |
443 |
o) Rewrite it from scratch! |
o) Rewrite it from scratch! |
444 |
o) Usage of any expression available through the debugger |
o) Usage of any expression available through the debugger |
445 |
|
o) Allow interrupt controllers to be added! and interrupts |
446 |
|
to be used in more ways than before |
447 |
o) Support for running debugger commands (like the -c |
o) Support for running debugger commands (like the -c |
448 |
command line option) |
command line option) |
449 |
|
|
454 |
o) non-IEEE modes (i.e. x86)? |
o) non-IEEE modes (i.e. x86)? |
455 |
|
|
456 |
Userland emulation: |
Userland emulation: |
457 |
x) Lots of stuff; freebsd and netbsd (and linux?) syscalls. |
x) Try to prefix "/emul/mips/" or similar to all filenames, |
458 |
x) Dynamic linking? Hm. |
and only if that fails, try the given filename. |
459 |
|
Read this setting from an environment variable, and only |
460 |
|
if there is none, fall back to hardcoded string. |
461 |
|
x) File descriptor (0,1,2) assumptions? Find and fix these? |
462 |
|
x) Dynamic linking! |
463 |
|
x) Lots of stuff; freebsd, netbsd, linux, ... syscalls. |
464 |
|
x) Initial register/stack contents (environment, command line args). |
465 |
|
x) Return value (from main). |
466 |
|
x) mmap emulation layer |
467 |
|
x) errno emulation layer |
468 |
|
x) ioctl emulation layer for all devices :-[ |
469 |
|
x) struct conversions for many syscalls |
470 |
|
|
471 |
Sound: |
Sound: |
472 |
x) generic sound framework |
x) generic sound framework |
473 |
x) add one or more sound cards as devices; add a testmachine |
x) add one or more sound cards as devices; add a testmachine |
474 |
sound card first? |
sound card first? |
475 |
|
x) Dreamcast sound? Generic PCI sound cards? |
476 |
|
|
477 |
ASC SCSI controller: |
ASC SCSI controller: |
478 |
x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul |
x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul |
498 |
possible. |
possible. |
499 |
|
|
500 |
File/disk/symbol handling: |
File/disk/symbol handling: |
501 |
|
o) Make sure that disks can be added/removed during runtime! |
502 |
|
(Perhaps this needs a reasonably large re-write.) |
503 |
o) Remove some of the complexity in file format guessing, for |
o) Remove some of the complexity in file format guessing, for |
504 |
Ultrix kernels that are actually disk images? |
Ultrix kernels that are actually disk images? |
505 |
o) Better handling of tape files |
o) Remove temporary files (/tmp/gxemul.blahblah) if loading fails |
506 |
|
for some reason (unrecognized file, etc). |
507 |
|
o) Better handling of tape files |
508 |
o) Read function argument count and types from binaries? (ELF?) |
o) Read function argument count and types from binaries? (ELF?) |
509 |
o) Better demangling of C++ names. Note: GNU's C++ differs from e.g. |
o) Better demangling of C++ names. Note: GNU's C++ differs from e.g. |
510 |
Microsoft's C++, so multiple schemes must be possible. See |
Microsoft's C++, so multiple schemes must be possible. See |
513 |
Userland ABI emulation: |
Userland ABI emulation: |
514 |
o) see src/useremul.c |
o) see src/useremul.c |
515 |
|
|
|
Terminal/console: |
|
|
o) allow emulated serial ports to be connected to the outside |
|
|
world in a more generic way, or even to other emulated |
|
|
machines(?) |
|
|
|
|
|
Save state of the whole emulated machine, to be able to load it back |
|
|
in later? (Memory, all device's states, all registers and |
|
|
so on. Like taking a snapshot. (SimOS seems to do this, |
|
|
according to its website.)) |
|
|
|
|
516 |
Better framebuffer and X-windows functionality: |
Better framebuffer and X-windows functionality: |
517 |
|
o) Do a complete rewrite of the framebuffer/console stuff, so that: |
518 |
|
1) It does not rely on X11 specifically. |
519 |
|
2) It is possible to interact with emulated framebuffers |
520 |
|
and consoles "remotely", e.g. via a web page which |
521 |
|
controls multiple virtualized machines. |
522 |
|
3) It is possible to run on (hypothetical) non-X11 |
523 |
|
graphics systems. |
524 |
o) Generalize the update_x1y1x2y2 stuff to an extend-region() |
o) Generalize the update_x1y1x2y2 stuff to an extend-region() |
525 |
function... |
function... |
526 |
o) -Yx sometimes causes crashes. |
o) -Yx sometimes causes crashes. |
545 |
to change the font of an xterm in X in the |
to change the font of an xterm in X in the |
546 |
emulator) |
emulator) |
547 |
o) Generalize the framebuffer stuff by moving _ALL_ X11 |
o) Generalize the framebuffer stuff by moving _ALL_ X11 |
548 |
specific code to src/x11.c! |
specific code to a separate module. |
549 |
|
|
550 |
|
------------------------------------------------------------------------------- |
551 |
|
|