| 1 |
$Id: TODO,v 1.343 2006/08/14 18:46:30 debug Exp $ |
$Id: TODO,v 1.556 2007/09/11 21:46:35 debug Exp $ |
| 2 |
|
|
| 3 |
Hm. This file is in random order, and not all parts of it are up-to-date. |
Some things, in no specific order, that I'd like to fix: |
| 4 |
|
(Some items in this list are perhaps already fixed.) |
| 5 |
|
|
| 6 |
|
------------------------------------------------------------------------------- |
| 7 |
|
|
| 8 |
Implementation: |
A first pass of installation regression testing of NetBSD 4.0 RC1 in GXemul: |
|
x) ARM "wait"-like instruction. |
|
|
x) CLOCK FRAMEWORK! |
|
|
x) Mouse support for NetBSD/pmax 4.x! |
|
|
x) See netwinder_reset() in NetBSD; the current "an internal error |
|
|
occured" message after reboot/halt is too ugly. |
|
|
x) 64-bit ranges in src/cpus/memory_mips_v2p.c |
|
|
x) Revert the dyntrans page template experiment? Hm. |
|
|
x) Refactor the cpu type detection/initialization/listing. |
|
|
Macro, which can be used as long as the cpu definitions |
|
|
contain a 'name'? |
|
|
x) Testmachine includes: |
|
|
+ dev_fb block fill and copy |
|
|
+ dev_fb draw characters (from the built-in font)? |
|
|
+ dev_fb input device? mouse pointer coordinates and buttons |
|
|
(allow changes in these to cause interrupts as well?) |
|
|
+ Redefine the halt() function so that it stops "sometimes |
|
|
soon", i.e. usage in demo code should be: |
|
|
for (;;) { |
|
|
halt(); |
|
|
} |
|
|
x) Continue on SPARC emulation |
|
|
+ Enable it in the configure script as soon as it can |
|
|
run all the demo programs. |
|
|
x) Continue on Alpha emulation (virtual memory, etc). Cleanup. |
|
|
x) Nicer MIPS status bits in register dumps. |
|
|
x) Alignment exceptions (MIPS, PPC, ARM?, ...) |
|
|
x) Rewrite the networking stack; make OpenBSD work better as a guest |
|
|
OS, fix the performance problems, make Linux work with DHCP, etc. |
|
|
Support VDE (vde.sf.net)? Allow SLIP connections, possibly PPP, |
|
|
in addition to ethernet? |
|
|
x) Implement more ethernet NICs. |
|
|
x) IOP (I2O) device? |
|
| 9 |
|
|
| 10 |
Documentation: |
X pmax (including X Windows out-of-the-box) |
| 11 |
x) "Install netbsd/pmax first" => only use the install kernel? |
X arc (1.6.2 -> 4.0! Yay!) |
| 12 |
x) Rewrite the section about experimental devices, after the |
hpcmips |
| 13 |
framebuffer acceleration has been implemented, and demos |
cobalt |
| 14 |
written. (Symbolic names instead of numbers; example |
evbmips |
| 15 |
use cases, etc. Mention demo files that use the various |
algor |
| 16 |
features?) |
sgimips |
| 17 |
x) "a very simple linear framebuffer device (for graphics output)" |
cats |
| 18 |
under "which machines does gxemul emulate" ==> better |
evbarm |
| 19 |
description? |
netwinder |
| 20 |
x) Better description on how to set up a cross compiler? |
prep nej, 2.0 är senaste som funkar :( |
| 21 |
Example for MIPS64. |
X macppc |
| 22 |
|
pmppc |
| 23 |
|
X dreamcast |
| 24 |
|
X landisk |
| 25 |
|
|
| 26 |
Long-term design: |
X = done and worked fine |
|
x) Instruction combination collisions? How to avoid easily... |
|
|
x) Think about how to do both SHmedia and SHcompact in a reasonable |
|
|
way! |
|
|
o) Actually use the settings object, better debugger stuff, etc! |
|
|
o) Debugger command for enabling/disabling instruction statistics |
|
|
during runtime. machine.statistics = on|off |
|
|
x) MAINBUS REDESIGN! |
|
|
x) PCI redesign... I need to read up on how PCI actually works :) |
|
|
x) Clock framework! Go through all clock devices, make sure they |
|
|
return correct data, and run at correct speeds! |
|
|
x) Dyntrans with valgrind-inspired memory checker. (In memory_rw, |
|
|
it would be reasonably simple to add; in each individual fast |
|
|
load/store routine = a lot more work, and it would become |
|
|
kludgy very fast.) |
|
|
x) Dyntrans with SMP... lots of work to be done here. |
|
|
x) Dyntrans with cache emulation... lots of work here as well. |
|
|
x) Reimplement the config file parser from scratch. |
|
| 27 |
|
|
| 28 |
------------------------------------------------------------------------------- |
------------------------------------------------------------------------------- |
| 29 |
|
|
| 30 |
Simple Valgrind-like checks? |
Perform a second regression test pass, when the actual NetBSD 4.0 release |
| 31 |
o) Mark every address with bits which tell whether or not the address |
has happened. |
|
has been written to. |
|
|
o) What should happen when programs are loaded? Text/data, bss (zero |
|
|
filled). But stack space and heap is uninitialized. |
|
|
o) Uninitialized local variables: |
|
|
A load from a place on the stack which has not previously |
|
|
been stored to => warning. Increasing the stack pointer using |
|
|
any available means should reset the memory to uninitialized. |
|
|
o) If calls to malloc() and free() can be intercepted: |
|
|
o) Access to a memory area after free() => warning. |
|
|
o) Memory returned by malloc() is marked as not-initialized. |
|
|
o) Non-passive, but good to have: Change the argument |
|
|
given to malloc, to return a slightly larger memory |
|
|
area, i.e. margin_before + size + margin_after, |
|
|
and return the pointer + margin_before. |
|
|
Any access to the margin_before or _after space results |
|
|
in warnings. (free() must be modified to free the |
|
|
actually allocated address.) |
|
| 32 |
|
|
| 33 |
SMP: |
o) Test all guest OSes. |
| 34 |
o) dev_mp doesn't work well with dyntrans yet |
o) Update: |
| 35 |
o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans |
URLs |
| 36 |
|
Versions |
| 37 |
|
|
| 38 |
|
o) Make a new GXemul release: 0.4.6.1 |
| 39 |
|
|
| 40 |
|
------------------------------------------------------------------------------- |
| 41 |
|
|
| 42 |
|
M88K: |
| 43 |
|
o) FIP != NIP + 4, in rte! (Simulate delayed branch stuff.) |
| 44 |
|
o) cpu_dyntrans.c: MEMORY_USER_ACCESS implementation for M88K! |
| 45 |
|
o) xmem: Set transaction registers! |
| 46 |
|
o) CMMUs: |
| 47 |
|
o) Translation invalidations, could be optimized. |
| 48 |
|
o) Move initialization from dev_mvme187 to somewhere |
| 49 |
|
more reasonable? |
| 50 |
|
o) Instruction trace by using bits of ??IP control regs. |
| 51 |
|
o) Interrupts (these are machine dependent, though). |
| 52 |
|
o) Implement devices etc. for one or more machine modes, |
| 53 |
|
to get some guest OS running. OpenBSD/mvme88k on MVME187 |
| 54 |
|
seems to be the smartest path to follow for now. |
| 55 |
|
o) VME bus device |
| 56 |
|
o) PCC2 |
| 57 |
|
o) Cirrus Logic serial port controller |
| 58 |
|
o) Instruction disassembly, and implementation: |
| 59 |
|
o) See http://www.panggih.staff.ugm.ac.id/download/GCC/info/gcc.i5 |
| 60 |
|
for some strange cases of when "div" can fail (?) |
| 61 |
|
o) Floating point stuff |
| 62 |
|
o) "Graphics" instructions (M88110-specific) |
| 63 |
|
|
| 64 |
MIPS: |
MIPS: |
| 65 |
+) Some more work on opcodes. |
o) Nicer MIPS status bits in register dumps. |
| 66 |
x) The "wait" instruction. How to implement this functionality? |
o) Floating point exception correctness. |
| 67 |
(SMP, non-MIPS, interrupt correctness, host idling, ...) |
o) Fix this? Triggered by NetBSD/sgimips? Hm: |
| 68 |
|
to_be_translated(): TODO: unimplemented instruction: |
| 69 |
|
000000000065102c: 00200800 (d) rot_00 at,zr,0 |
| 70 |
|
o) Some more work on opcodes. |
| 71 |
x) MIPS64 revision 2. |
x) MIPS64 revision 2. |
| 72 |
o) Find out which actual CPUs implement the rev2 ISA! |
o) Find out which actual CPUs implement the rev2 ISA! |
| 73 |
|
o) DINS, DINSM, DINSU etc |
| 74 |
|
o) DROTR32 and similar MIPS64 rev 2 instructions, |
| 75 |
|
which have a rotation bit which differs from |
| 76 |
|
previous ISAs. |
| 77 |
x) _MAYBE_ TX79 and R5900 actually differ in their |
x) _MAYBE_ TX79 and R5900 actually differ in their |
| 78 |
opcodes? Check this carefully! |
opcodes? Check this carefully! |
| 79 |
o) Dyntrans: Count register updates are probably not 100% correct yet. |
o) Dyntrans: Count register updates are probably not 100% correct yet. |
|
o) Refactor code for performance and readability/maintainability. |
|
|
o) DROTR32 and similar MIPS64 rev 2 instructions, which have |
|
|
a rotation bit which differs from previous ISAs. |
|
|
o) EI and DI instructions for MIPS64/32 rev 2. NOTE: These are |
|
|
_NOT_ the same as for R5900! |
|
| 80 |
o) (Re)implement 128-bit loads/stores for R5900. |
o) (Re)implement 128-bit loads/stores for R5900. |
| 81 |
|
o) Coprocessor 1x (i.e. 3) should cause cp1 exceptions, not 3? |
| 82 |
|
(See http://lists.gnu.org/archive/html/qemu-devel/2007-05/msg00005.html) |
| 83 |
o) R4000 and others: |
o) R4000 and others: |
| 84 |
x) watchhi/watchlo exceptions, and other exception |
x) watchhi/watchlo exceptions, and other exception |
| 85 |
handling details |
handling details |
| 86 |
|
o) MIPS 5K* have 42 physical address bits, not 40/44? |
| 87 |
o) R10000 and others: (R12000, R14000 ?) |
o) R10000 and others: (R12000, R14000 ?) |
| 88 |
|
x) The code before the line |
| 89 |
|
/* reg[COP0_PAGEMASK] = cpu->cd.mips.coproc[0]->tlbs[0].mask & PAGEMASK_MASK; */ |
| 90 |
|
in cpu_mips.c is not correct for R10000 according to |
| 91 |
|
Lemote's Godson patches for GXemul. TODO: Go through all |
| 92 |
|
register definitions according to http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_263.html#HEADING334 |
| 93 |
|
and make sure everything works with R10000. |
| 94 |
|
Then test with OpenBSD/sgi? |
| 95 |
|
x) Entry LO mask (as above). |
| 96 |
x) memory space, exceptions, ... |
x) memory space, exceptions, ... |
| 97 |
x) use cop0 framemask for tlb lookups |
x) use cop0 framemask for tlb lookups |
| 98 |
(http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html) |
(http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html) |
| 99 |
|
|
| 100 |
Dyntrans: |
SuperH: |
| 101 |
x) Redesign/rethink the delay slot mechanism used for e.g. MIPS, |
x) Auto-generation of loads/stores! This should get rid of at least |
| 102 |
so that it caches a translation (that is, an instruction |
the endianness check in each load/store. |
| 103 |
word and the instr_call it was translated to the last |
x) Experiment with whether or not correct ITLB emulation is |
| 104 |
time), so that it doesn't need to do slow |
actually needed. (20070522: I'm turning it off today.) |
| 105 |
to_be_translated for each end of page? |
x) SH4 interrupt controller: |
| 106 |
x) Program Counter statistics: |
x) MASKING should be possible! |
| 107 |
Per machine? What about SMP? All data to the same file? |
x) SH4 DMA (0xffa00000) |
| 108 |
A debugger command should be possible to use to enable/ |
x) SH4 UBC (0xff200000) |
| 109 |
disable statistics gathering. |
x) Store queues can copy 32 bytes at a time, there's no need to |
| 110 |
Configuration file option! |
copy individual 32-bit words. (Performance improvement.) |
| 111 |
x) Common fatal_abort() function, which drops into the debugger |
x) SH4 BSC (Bus State Controller) |
| 112 |
without continuing. |
x) Instruction tracing should include symbols for branch targets, |
| 113 |
x) INVALIDATION should cause translations in _all_ cpus to be |
and so on, to make the output more human readable. |
| 114 |
invalidated, e.g. on a write to a write-protected page |
x) SH3-specific devices: Pretty much everything! |
| 115 |
(containing code) |
x) NetBSD/evbsh3, hpcsh! Linux? |
| 116 |
x) 16-bit encodings? (MIPS16, ARM Thumb, SH3, ...) |
x) Floating point speed! |
| 117 |
x) Lots of other stuff: see src/cpus/README_DYNTRANS |
x) Floating point exception correctness. |
| 118 |
x) true recompilation backend? think carefully about this, |
x) Exceptions for unaligned load/stores. OpenBSD/landisk uses |
| 119 |
experiment in a separate project (not in GXemul) |
this mechanism for its reboot code (machine_reset). |
| 120 |
o) First test would be to just implement a simple |
|
| 121 |
instruction such as MIPS' addiu or lui, on AMD64 |
Landisk SH4: |
| 122 |
hosts... |
x) When NetBSD/landisk 4.0 has been released, make sure it works |
| 123 |
x) Idle loop detection? (Depends on target.) Could be turned |
in the emulator. (Update documentation, etc.) |
| 124 |
into usleep(1) or similar on the host... except when doing |
NetBSD HEAD (as of April 2007) hangs during bootup, because it |
| 125 |
e.g. SMP emulation. Then it becomes trickier. |
turns on/off interrupts in an unfortunately synchronized way |
| 126 |
|
with dyntrans. This needs to be fixed. |
| 127 |
Transputer: |
|
| 128 |
x) Implement support for Helios binaries. |
Dreamcast: |
| 129 |
x) Stack and register contents at startup? |
x) G2 DMA |
| 130 |
x) Figure out how to boot an entire Helios distribution. |
x) LAN adapter (dev_mb8696x.c). NetBSD root-on-nfs. |
| 131 |
x) Implement all instructions. :) |
x) PVR: Lots of stuff. See dev_pvr.c. |
| 132 |
|
x) Better GDROM support |
| 133 |
|
x) Modem |
| 134 |
|
x) PCI bridge/bus? |
| 135 |
|
x) Maple bus: |
| 136 |
|
x) Correct controller input |
| 137 |
|
x) Mouse input |
| 138 |
|
x) Software emulation of BIOS calls: |
| 139 |
|
x) GD-ROM emulation: Use the GDROM device. |
| 140 |
|
x) Use the VGA font as a fake ROM font. (Better than |
| 141 |
|
nothing.) |
| 142 |
|
x) Make as many as possible of the KOS examples run! |
| 143 |
|
x) More homebrew demos/games. |
| 144 |
|
x) SPU: Sound emulation (ARM cpu). |
| 145 |
|
x) VME processor emulation? "(Sanyo LC8670 "Potato")" according to |
| 146 |
|
Wikipedia, LC86K87 according to Comstedt's page. See |
| 147 |
|
http://www.maushammer.com/vmu.html for a good description of |
| 148 |
|
the differences between LC86104C and the one used in the VME. |
| 149 |
|
|
| 150 |
Alpha: |
Alpha: |
| 151 |
o) Virtual memory (tlbs etc) |
x) OSF1 PALcode, Virtual memory support. |
| 152 |
o) Get {NetBSD,OpenBSD,Linux}/alpha booting. :) |
x) PALcode replacement! PAL1E etc opcodes...? |
| 153 |
|
x) Interrupt/exception/trap handling. |
| 154 |
SPARC: |
x) Floating point exception correctness. |
| 155 |
o) Load/stores to alternate address spaces! |
x) More work on bootup memory and register contents. |
| 156 |
o) Save/restore register windows etc! |
x) More Alpha machine types, so it could work with |
| 157 |
|
OpenBSD, FreeBSD, and Linux too? |
| 158 |
|
|
| 159 |
|
SPARC (both the ISA and the machines): |
| 160 |
|
o) Implement Adress space identifiers; load/stores etc. |
| 161 |
|
o) Exception/trap/interrupt handling. |
| 162 |
|
o) Save/restore register windows etc! Both v9 and pre-v9! |
| 163 |
o) Finish the subcc and addcc flag computation code. |
o) Finish the subcc and addcc flag computation code. |
| 164 |
o) Add more registers (floating point, control regs etc) |
o) Add more registers (floating point, control regs etc) |
| 165 |
o) Disassemly of some more instructions? |
o) Disassemly of some more instructions? |
| 166 |
o) Are sll etc 32-bit sign-extending or zero-extending? |
o) Are sll etc 32-bit sign-extending or zero-extending? |
| 167 |
o) Finish the GDB register stuff. |
o) Floating point exception correctness. |
| 168 |
o) SPARC v8, v7 etc? |
o) SPARC v8, v7 etc? |
| 169 |
|
o) More machine modes and devices. |
|
Debugger: |
|
|
o) How does SMP debugging work? Does it simply use "threads"? |
|
|
What if the guest OS (running on an emulated SMP machine) |
|
|
has a usertask running, with userland threads? |
|
|
o) Try to make the debugger more modular and, if possible, reentrant! |
|
|
o) Remove the emul command? (But show network info if showing |
|
|
machines?) |
|
|
o) Generalize the expression evaluator. (debugger_expr.c?) |
|
|
settable variables ("show nr of instructions on average") |
|
|
emul[x] defaults to current emul |
|
|
machine[x] defaults to current machine |
|
|
cpu[x] defaults to currently focused cpu |
|
|
registers cpu arch dependent (#-prefix) |
|
|
symbols @-prefix |
|
|
numeric constants decimal, hex, and octal ($-prefix) |
|
|
boolean yes,no, true,false |
|
|
operators (+ - * / % & | ^ !) |
|
|
parentheses for grouping subexpressions |
|
|
NOTE: the change from % to # for register prefix! |
|
|
examples: |
|
|
emul[0].machine[2].cpu[0].pc |
|
|
machine[test2].cpu[1].ra = main |
|
|
settings.show_trace_tree = yes |
|
|
|
|
|
Settings: |
|
|
o) Remove a setting. |
|
|
o) Read/write a setting given a name. (Read as |
|
|
string and/or int64_t simultaneously?) |
|
|
o) Warnings when exiting the emulator, if the |
|
|
settings have not been removed exactly in |
|
|
the same way as they were added? This would |
|
|
improve code cleanliness in the long term. |
|
|
(I.e. require a corresponding _destroy() |
|
|
function for all _new functions... machine_ |
|
|
cpu_ etc.) |
|
|
|
|
|
Help command should have subsections! One for "expressions", |
|
|
mirrored in the documentation, but the internal help should |
|
|
be the one that should be considered correct. |
|
|
o) see src/debugger.c for more |
|
| 170 |
|
|
| 171 |
POWER/PowerPC: |
POWER/PowerPC: |
| 172 |
|
x) Fix DECR timer speed, so it matches the host. |
| 173 |
|
x) NetBSD/prep 3.x triggers a possible bug in the emulator: |
| 174 |
|
<wdc_exec_command(0xd005e514,0xd60cdd30,0,8,..)> |
| 175 |
|
<ata_get_xfer(0,0xd60cdd30,0,8,..)> |
| 176 |
|
<0x26c550(&ata_xfer_pool,2,0,8,..)> |
| 177 |
|
<0x35c71c(0x3f27000,0,52,8,..)> |
| 178 |
|
<ata_exec_xfer(0xd005e4c8,0x3f27000,0,13,..)> |
| 179 |
|
<atastart(0xd005e4c8,0x3f27000,0,13,..)> |
| 180 |
|
<__wdccommand_start(0xd005e4c8,0x3f27000,0,13,..)> |
| 181 |
|
<bsw1(&prep_isa_io_space_tag,0x800001f6,0,176,..)> |
| 182 |
|
[ wdc: write to SDH: 0xb0 (sectorsize 2, lba=1, drive 1, head 0) ] |
| 183 |
|
<wdcwait(0xd005e4c8,72,64,0xbb8,..)> |
| 184 |
|
<0x198120(0xd005e4c8,72,64,0xbb8,..)> |
| 185 |
|
<bsr1(&prep_isa_io_space_tag,0,0,0xbb8,..)> |
| 186 |
|
<delay(100,0,0,0xbb8,..)> |
| 187 |
|
Note: <bsr1(&prep_isa_io_space_tag,0,0,0xbb8,..)> |
| 188 |
x) PPC optimizations; instr combs |
x) PPC optimizations; instr combs |
| 189 |
x) 64-bit stuff: either Linux on G5, or perhaps some hobbyist |
x) 64-bit stuff: either Linux on G5, or perhaps some hobbyist |
| 190 |
version of AIX? (if there exists such a thing) |
version of AIX? (if there exists such a thing) |
|
x) find and fix the bug which causes NetBSD/macppc to fail after |
|
|
an install! |
|
| 191 |
x) macppc: adb controller; keyboard (for framebuffer mode) |
x) macppc: adb controller; keyboard (for framebuffer mode) |
| 192 |
x) make OpenBSD/macppc work (PCI controller stuff) |
x) make OpenBSD/macppc work (PCI controller stuff) |
| 193 |
|
x) Floating point exception correctness. |
| 194 |
|
x) Alignment exceptions. |
| 195 |
|
|
| 196 |
|
PReP: |
| 197 |
|
x) Clock time! ("Bad battery blah blah") |
| 198 |
|
|
| 199 |
Algor: |
Algor: |
| 200 |
PCI interrupts... needed or stuff like the tlp NIC? |
o) Other models than the P5064? |
| 201 |
|
o) PCI interrupts... needed for stuff like the tlp NIC? |
| 202 |
|
|
| 203 |
|
BeBox: |
| 204 |
|
o) Interrupts. There seems to be a problem with WDC interrupts |
| 205 |
|
"after a short while", although a few interrupts get through? |
| 206 |
|
o) Perhaps find a copy of BeOS and try it? |
| 207 |
|
|
| 208 |
|
Malta: |
| 209 |
|
o) The Linux/Malta kernel at people.debian.org/~ths/qemu/malta/ |
| 210 |
|
almost works: |
| 211 |
|
./gxemul -x -o 'rd_start=0x80800000 rd_size=10000000 init=/bin/sh' -C 4KEc |
| 212 |
|
-e malta 0x80800000:people.debian.org/~ths/qemu/malta/initrd.gz |
| 213 |
|
people.debian.org/~ths/qemu/malta/vmlinux |
| 214 |
|
(Remove "init=/bin/sh" to boot into the Debian installer.) |
| 215 |
|
There are at least two things that need to be fixed: |
| 216 |
|
1. PCI IDE; make Linux oops. |
| 217 |
|
2. Implement the NIC. |
| 218 |
|
|
| 219 |
|
HPCmips: |
| 220 |
|
x) Mouse/pad support! :) |
| 221 |
|
x) A NIC? (As a PCMCIA device?) |
| 222 |
|
|
| 223 |
ARM: |
ARM: |
| 224 |
o) try to get netbsd/evbarm 3.x running (iq80321) |
o) See netwinder_reset() in NetBSD; the current "an internal error |
| 225 |
|
occured" message after reboot/halt is too ugly. |
| 226 |
|
o) Generic ARM "wait"-like instruction? |
| 227 |
|
o) try to get netbsd/evbarm 3.x or 4.x running (iq80321) |
| 228 |
o) make the xscale counter registers (ccnt) work |
o) make the xscale counter registers (ccnt) work |
| 229 |
o) make the ata controller usable for FreeBSD! |
o) make the ata controller usable for FreeBSD! |
| 230 |
o) zaurus for openbsd... |
o) Debian/cats crashes because of unimplemented coproc stuff. |
|
o) debian/cats crashes because of unimplemented coproc stuff. |
|
| 231 |
fix this? |
fix this? |
| 232 |
|
|
| 233 |
|
Test machines: |
| 234 |
|
o) dev_fb block fill and copy |
| 235 |
|
o) dev_fb draw characters (from the built-in font)? |
| 236 |
|
o) dev_fb input device? mouse pointer coordinates and buttons |
| 237 |
|
(allow changes in these to cause interrupts as well?) |
| 238 |
|
o) Redefine the halt() function so that it stops "sometimes |
| 239 |
|
soon", i.e. usage in demo code should be: |
| 240 |
|
for (;;) { |
| 241 |
|
halt(); |
| 242 |
|
} |
| 243 |
|
|
| 244 |
|
Debugger: |
| 245 |
|
o) How does SMP debugging work? Does it simply use "threads"? |
| 246 |
|
What if the guest OS (running on an emulated SMP machine) |
| 247 |
|
has a usertask running, with userland threads? |
| 248 |
|
o) Try to make the debugger more modular and, if possible, reentrant! |
| 249 |
|
o) Memory dumps should be able to dump both physical and |
| 250 |
|
virtual emulated memory. |
| 251 |
|
o) Evaluate expressions within []? That would allow stuff like |
| 252 |
|
cpu[x] where x is an expression. |
| 253 |
|
o) "pc = pc + 4" doesn't work! Bug. Should work. ("pc=pc+4" works.) |
| 254 |
|
o) Settings: |
| 255 |
|
x) Special handlers for Write! |
| 256 |
|
+) MIPS coproc regs |
| 257 |
|
+) Alpha/MIPS/SPARC zero registers |
| 258 |
|
+) x86 64/32/16-bit registers |
| 259 |
|
x) Value formatter for resulting output. |
| 260 |
|
o) Call stack display (back-trace) of emulated programs. |
| 261 |
|
o) Nicer looking output of register dumps, floating point registers, |
| 262 |
|
etc. Warn about weird/invalid register contents. |
| 263 |
|
o) Ctrl-C doesn't enter the debugger on some OSes (HP-UX?)... |
| 264 |
|
|
| 265 |
|
Dyntrans: |
| 266 |
|
x) NOTE: ARM etc. that load pc-relative constants, on writes to |
| 267 |
|
pages that contain translations, the ENTIRE page must be |
| 268 |
|
invalidated, not just the 1/32th that was code. |
| 269 |
|
x) For 32-bit emulation modes, that have emulated TLBs: tlbindex |
| 270 |
|
arrays of mapped pages? Things to think about: |
| 271 |
|
x) Only 32-bit mode! (64-bit => too much code) |
| 272 |
|
x) One array for global pages, and one array _PER ASID_, |
| 273 |
|
for those archs that support that. On M88K, there should |
| 274 |
|
be one array for userspace, and one for supervisor, etc. |
| 275 |
|
x) Larger-than-4K-pages must fill several bits in the array. |
| 276 |
|
x) No TLB search will be necessary. |
| 277 |
|
x) Total host space used, for 4 KB pages: 1 MB per table, |
| 278 |
|
i.e. 65 MB for 32-bit MIPS, 2 MB for M88K, if one byte |
| 279 |
|
is used as the tlb index. |
| 280 |
|
x) (The index is actually +1, so that 0 means no hit.) |
| 281 |
|
x) "Merge" the cur_physpage and cur_ic_page variables/pointers to |
| 282 |
|
one? I.e. change cur_ic_page to cur_physpage.ic_page or something. |
| 283 |
|
x) Instruction combination collisions? How to avoid easily... |
| 284 |
|
x) superh -- no hostpage for e.g. 0x8c000000. devices as ram! |
| 285 |
|
x) Think about how to do both SHmedia and SHcompact in a reasonable |
| 286 |
|
way! (Or AMD64 long/protected/real, for that matter.) |
| 287 |
|
x) 68K emulation; think about how to do variable instruction |
| 288 |
|
lengths across page boundaries. |
| 289 |
|
x) Dyntrans with valgrind-inspired memory checker. (In memory_rw, |
| 290 |
|
it would be reasonably simple to add; in each individual fast |
| 291 |
|
load/store routine = a lot more work, and it would become |
| 292 |
|
kludgy very fast.) |
| 293 |
|
x) Dyntrans with SMP... lots of work to be done here. |
| 294 |
|
x) Dyntrans with cache emulation... lots of work here as well. |
| 295 |
|
x) Remove the concept of base RAM completely; it would be more |
| 296 |
|
generic to allow RAM devices to be used "anywhere". |
| 297 |
|
o) dev_mp doesn't work well with dyntrans yet |
| 298 |
|
o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans |
| 299 |
|
x) Redesign/rethink the delay slot mechanism used for e.g. MIPS, |
| 300 |
|
so that it caches a translation (that is, an instruction |
| 301 |
|
word and the instr_call it was translated to the last |
| 302 |
|
time), so that it doesn't need to do slow |
| 303 |
|
to_be_translated for each end of page? |
| 304 |
|
x) Program Counter statistics: |
| 305 |
|
Per machine? What about SMP? All data to the same file? |
| 306 |
|
A debugger command should be possible to use to enable/ |
| 307 |
|
disable statistics gathering. |
| 308 |
|
Configuration file option! |
| 309 |
|
x) Breakpoints: |
| 310 |
|
o) Physical vs virtual addresses! |
| 311 |
|
o) 32-bit vs 64-bit sign extension for MIPS, and others? |
| 312 |
|
x) INVALIDATION should cause translations in _all_ cpus to be |
| 313 |
|
invalidated, e.g. on a write to a write-protected page |
| 314 |
|
(containing code) |
| 315 |
|
x) 16-bit encodings? (MIPS16, ARM Thumb, etc) |
| 316 |
|
x) Lots of other stuff: see src/cpus/README_DYNTRANS |
| 317 |
|
x) Native code generation backends... think carefully about this. |
| 318 |
|
|
| 319 |
|
Simple Valgrind-like checks? |
| 320 |
|
o) Mark every address with bits which tell whether or not the address |
| 321 |
|
has been written to. |
| 322 |
|
o) What should happen when programs are loaded? Text/data, bss (zero |
| 323 |
|
filled). But stack space and heap is uninitialized. |
| 324 |
|
o) Uninitialized local variables: |
| 325 |
|
A load from a place on the stack which has not previously |
| 326 |
|
been stored to => warning. Increasing the stack pointer using |
| 327 |
|
any available means should reset the memory to uninitialized. |
| 328 |
|
o) If calls to malloc() and free() can be intercepted: |
| 329 |
|
o) Access to a memory area after free() => warning. |
| 330 |
|
o) Memory returned by malloc() is marked as not-initialized. |
| 331 |
|
o) Non-passive, but good to have: Change the argument |
| 332 |
|
given to malloc, to return a slightly larger memory |
| 333 |
|
area, i.e. margin_before + size + margin_after, |
| 334 |
|
and return the pointer + margin_before. |
| 335 |
|
Any access to the margin_before or _after space results |
| 336 |
|
in warnings. (free() must be modified to free the |
| 337 |
|
actually allocated address.) |
| 338 |
|
|
| 339 |
|
Better CD Image file support: |
| 340 |
|
x) Support CD formats that contain more than 1 track, e.g. |
| 341 |
|
CDI files (?). These can then contain a mixture of e.g. sound |
| 342 |
|
and data tracks, and booting from an ISO filesystem path |
| 343 |
|
would boot from [by default] the first data track. |
| 344 |
|
(This would make sense for e.g. Dreamcast CD images, or |
| 345 |
|
possibly other live-CD formats.) |
| 346 |
|
|
| 347 |
|
Networking: |
| 348 |
|
x) Redesign of the networking subsystem, at least the NAT translation |
| 349 |
|
part. The current way of allowing raw ethernet frames to be |
| 350 |
|
transfered to/from the emulator via UDP should probably be |
| 351 |
|
extended to allow the frames to be transmitted other ways as |
| 352 |
|
well. |
| 353 |
|
x) Also adding support for connecting ttys (either to xterms, or to |
| 354 |
|
pipes/sockets etc, or even to PPP->NAT or SLIP->NAT :-). |
| 355 |
|
x) Documentation updates (!) are very important, making it easier to |
| 356 |
|
use the (already existing) network emulation features. |
| 357 |
|
x) Fix performance problems caused by only allowing a |
| 358 |
|
single TCP packet to be unacked. |
| 359 |
|
x) Don't hardcode offsets into packets! |
| 360 |
|
x) Test with lower than 100 max tcp/udp connections, |
| 361 |
|
to make sure that reuse works! |
| 362 |
|
x) Make OpenBSD work better as a guest OS! |
| 363 |
|
x) DHCP? Debian doesn't actually send DHCP packets, even |
| 364 |
|
though it claims to? So it is hard to test. |
| 365 |
|
x) Multiple networks per emulation, and let different |
| 366 |
|
NICs in machines connect to different networks. |
| 367 |
|
x) Support VDE (vde.sf.net)? Easiest/cleanest (before a |
| 368 |
|
redesign of the network framework has been done) is |
| 369 |
|
probably to connect it using the current (udp) solution. |
| 370 |
|
x) Allow SLIP connections, possibly PPP, in addition to |
| 371 |
|
ethernet? |
| 372 |
|
|
| 373 |
Cache simulation: |
Cache simulation: |
| 374 |
o) Command line flags for: |
o) Command line flags for: |
| 375 |
o) CPU endianness? |
o) CPU endianness? |
| 386 |
is another option (easier to implement, but very very slow). |
is another option (easier to implement, but very very slow). |
| 387 |
|
|
| 388 |
Documentation: |
Documentation: |
| 389 |
o) machines, cpus, devices. |
x) Update the documentation regarding the testmachine interrupts. |
| 390 |
o) Automagic documentation generation: |
x) Note about sandboxing/security: |
| 391 |
x) REMEMBER that several machines/devices can be in |
Not all emulated instructions fail in the way they would |
| 392 |
the same source file! |
do on real hardware (e.g. a userspace program writing to |
| 393 |
o) Try to rewrite the install instructions for those machines |
a system register might work in GXemul, but it would |
| 394 |
that use 3MAX into using CATS? (To remove the need to a raw |
fail on real hardware). Sandbox = contain from the |
| 395 |
ffs partition using up all of the disk image.) |
host OS. But the emulated programs will run "less |
| 396 |
|
securely". |
| 397 |
More generic out_of_memory error reporting, and check everywhere! |
x) Try NetBSD/arc 4.x! (It seems to work with disk images!) |
| 398 |
Causes: OpenBSD has low default limits for normal users. |
x) NetBSD/pmax 4 install instructions: xterm instead of vt100! |
| 399 |
Host is 32-bit? (32-bit hosts are limited to 4 GB or less |
x) Rewrite the section about experimental devices, after the |
| 400 |
of userspace memory.) |
framebuffer acceleration has been implemented, and demos |
| 401 |
You are actually low on RAM. (As trivial as this might sound, |
written. (Symbolic names instead of numbers; example |
| 402 |
Unix systems usually allow processes to allocate virtual |
use cases, etc. Mention demo files that use the various |
| 403 |
memory beyond the amount of RAM in the machine.) |
features?) |
| 404 |
|
x) "a very simple linear framebuffer device (for graphics output)" |
| 405 |
Breakpoints: 32-bit vs 64-bit sign extension for MIPS, warnings, etc. |
under "which machines does gxemul emulate" ==> better |
| 406 |
Use the debugger's symbolic name stuff. (which will have to be |
description? |
|
extended soon to support stuff like "2*x + symbol + y" etc. cool |
|
|
stuff) |
|
| 407 |
|
|
| 408 |
The Device subsystem: |
The Device subsystem: |
| 409 |
x) allow devices to be moved and/or changed in size (down to a |
x) allow devices to be moved and/or changed in size (down to a |
| 410 |
minimum size, etc, or up to a max size) |
minimum size, etc, or up to a max size); if there is a collision, |
| 411 |
x) keep track of interrupts and busses? actually, allowing any device |
return false. It is up to the caller to handle this situation! |
| 412 |
to be a bus might be a nice idea. |
x) NOTE: Translations must be invalidated, both for |
| 413 |
x) turn interrupt controllers into devices? :-) |
registering new devices, and for moving existing ones. |
| 414 |
x) refactor various clocks/nvram/cmos into one device? |
cpu->invalidate translation caches, for all CPUs that |
| 415 |
|
are connected to a specific memory. |
|
Clocks: |
|
|
x) General framework for automagic clock adjustment for _all_ |
|
|
kinds of clocks and timers. (Which should be possible to turn |
|
|
off, of course, like the way DECstation emulation works now.) |
|
| 416 |
|
|
| 417 |
PCI: |
PCI: |
| 418 |
|
x) Pretty much everything related to runtime configuration, device |
| 419 |
|
slots, interrupts, etc must be redesigned/cleaned up. The current |
| 420 |
|
code is very hardcoded and ugly. |
| 421 |
|
o) Allow cards to be added/removed during runtime more easily. |
| 422 |
|
o) Allow cards to be enabled/disabled (i/o ports, etc, like |
| 423 |
|
NetBSD needs for disk controller detection). |
| 424 |
|
o) Allow devices to be moved in memory during runtime. |
| 425 |
|
o) Interrupts per PCI slot, etc. (A-D). |
| 426 |
|
o) PCI interrupt controller logic... very hard to get right, |
| 427 |
|
because these differ a lot from one machine to the next. |
| 428 |
x) last write was ffffffff ==> fix this, it should be used |
x) last write was ffffffff ==> fix this, it should be used |
| 429 |
together with a mask to get the correct bits. also, not ALL |
together with a mask to get the correct bits. also, not ALL |
| 430 |
bits are size bits! (lowest 4 vs lowest 2?) |
bits are size bits! (lowest 4 vs lowest 2?) |
| 431 |
x) add support for address fixups |
x) add support for address fixups |
| 432 |
x) generalize the interrupt routing stuff (lines etc). this should |
x) generalize the interrupt routing stuff (lines etc) |
|
be per machine? or per bus, that's better |
|
|
x) add a "pcn" NIC (AMD PCnet32 Lance 79c970 (PCI 1022:2000)), |
|
|
could be useful for several machine modes (Malta, Algor, evbarm, |
|
|
hp700?, macppc, etc.) |
|
|
|
|
|
Network layer: |
|
|
o) DHCP (for Debian and BSD installers :-) |
|
|
o) increase performance |
|
|
o) don't rely on NetBSD-ish usage |
|
|
o) Multiple networks per emulation, and let different |
|
|
NICs in machines connect to different networks. |
|
|
o) many other issues: see src/net.c |
|
| 433 |
|
|
| 434 |
Busses: |
Clocks and timers: |
| 435 |
o) Redesign the entire "mainbus" concept! |
x) Fix the PowerPC DECR interrupt speed! (MacPPC and PReP speed, etc.) |
| 436 |
o) Busses should be placed in a hierarchical tree! |
x) DON'T HARDCODE 100 HZ IN cpu_mips_coproc.c! |
| 437 |
o) Easily configurable interrupt routing in SMP systems. |
x) NetWinder timeofday is incorrect! Huh? grep -R for ta_rtc_read in |
| 438 |
o) Specific clock/bus speeds, cpu speeds etc. |
NetBSD sources; it doesn't seem to be initialized _AT ALL_?! |
| 439 |
o) Synchronization over network? or at least in dyntrans within |
x) Cobalt TOD is incorrect! |
| 440 |
one emulated machine |
x) Go through all other machines, one by one, and fix them. |
|
o) dev->bus: TurboChannel, PCMCIA, ADB? |
|
| 441 |
|
|
| 442 |
Config file parser: |
Config file parser: |
| 443 |
o) Rewrite it from scratch! |
o) Rewrite it from scratch! |
| 444 |
o) Usage of any expression available through the debugger |
o) Usage of any expression available through the debugger |
| 445 |
|
o) Allow interrupt controllers to be added! and interrupts |
| 446 |
|
to be used in more ways than before |
| 447 |
o) Support for running debugger commands (like the -c |
o) Support for running debugger commands (like the -c |
| 448 |
command line option) |
command line option) |
| 449 |
|
|
| 450 |
Floating point layer: |
Floating point layer: |
| 451 |
o) make it common enough to be used by _all_ emulation modes |
o) make it common enough to be used by _all_ emulation modes |
| 452 |
o) implement more stuff |
o) implement correct error/exception handling and rounding modes |
| 453 |
|
o) implement more helper functions (i.e. add, sub, mul...) |
| 454 |
o) non-IEEE modes (i.e. x86)? |
o) non-IEEE modes (i.e. x86)? |
| 455 |
|
|
| 456 |
Userland emulation: |
Userland emulation: |
| 457 |
x) Lots of stuff; freebsd and netbsd (and linux?) syscalls. |
x) Try to prefix "/emul/mips/" or similar to all filenames, |
| 458 |
x) Dynamic linking? Hm. |
and only if that fails, try the given filename. |
| 459 |
|
Read this setting from an environment variable, and only |
| 460 |
|
if there is none, fall back to hardcoded string. |
| 461 |
|
x) File descriptor (0,1,2) assumptions? Find and fix these? |
| 462 |
|
x) Dynamic linking! |
| 463 |
|
x) Lots of stuff; freebsd, netbsd, linux, ... syscalls. |
| 464 |
|
x) Initial register/stack contents (environment, command line args). |
| 465 |
|
x) Return value (from main). |
| 466 |
|
x) mmap emulation layer |
| 467 |
|
x) errno emulation layer |
| 468 |
|
x) ioctl emulation layer for all devices :-[ |
| 469 |
|
x) struct conversions for many syscalls |
| 470 |
|
|
| 471 |
Sound: |
Sound: |
| 472 |
x) generic sound framework |
x) generic sound framework |
| 473 |
x) add one or more sound cards as devices |
x) add one or more sound cards as devices; add a testmachine |
| 474 |
|
sound card first? |
| 475 |
|
x) Dreamcast sound? Generic PCI sound cards? |
| 476 |
|
|
| 477 |
ASC SCSI controller: |
ASC SCSI controller: |
| 478 |
x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul |
x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul |
| 479 |
cannot yet handle. (NetBSD 1.6.2 works ok.) (Possibly a problem |
cannot yet handle. (NetBSD 1.6.2 works ok.) (Possibly a problem |
| 480 |
in NetBSD itself, http://mail-index.netbsd.org/source-changes/ |
in NetBSD itself, http://mail-index.netbsd.org/source-changes/ |
| 481 |
2005/11/06/0024.html suggests that.) |
2005/11/06/0024.html suggests that.) |
| 482 |
|
NetBSD 4.x seems to work? :) |
| 483 |
|
|
| 484 |
Caches / memory hierarchies: (this is mostly MIPS-specific) |
Caches / memory hierarchies: (this is mostly MIPS-specific) |
| 485 |
o) src/memory*.c: Implement correct cache emulation for |
o) src/memory*.c: Implement correct cache emulation for |
| 498 |
possible. |
possible. |
| 499 |
|
|
| 500 |
File/disk/symbol handling: |
File/disk/symbol handling: |
| 501 |
|
o) Make sure that disks can be added/removed during runtime! |
| 502 |
|
(Perhaps this needs a reasonably large re-write.) |
| 503 |
o) Remove some of the complexity in file format guessing, for |
o) Remove some of the complexity in file format guessing, for |
| 504 |
Ultrix kernels that are actually disk images? |
Ultrix kernels that are actually disk images? |
| 505 |
o) Better handling of tape files |
o) Remove temporary files (/tmp/gxemul.blahblah) if loading fails |
| 506 |
|
for some reason (unrecognized file, etc). |
| 507 |
|
o) Better handling of tape files |
| 508 |
o) Read function argument count and types from binaries? (ELF?) |
o) Read function argument count and types from binaries? (ELF?) |
| 509 |
o) Better demangling of C++ names. Note: GNU's C++ differs from e.g. |
o) Better demangling of C++ names. Note: GNU's C++ differs from e.g. |
| 510 |
Microsoft's C++, so multiple schemes must be possible. See |
Microsoft's C++, so multiple schemes must be possible. See |
| 513 |
Userland ABI emulation: |
Userland ABI emulation: |
| 514 |
o) see src/useremul.c |
o) see src/useremul.c |
| 515 |
|
|
|
Terminal/console: |
|
|
o) allow emulated serial ports to be connected to the outside |
|
|
world in a more generic way, or even to other emulated |
|
|
machines(?) |
|
|
|
|
|
Save state of the whole emulated machine, to be able to load it back |
|
|
in later? (Memory, all device's states, all registers and |
|
|
so on. Like taking a snapshot. (SimOS seems to do this, |
|
|
according to its website.)) |
|
|
|
|
| 516 |
Better framebuffer and X-windows functionality: |
Better framebuffer and X-windows functionality: |
| 517 |
|
o) Do a complete rewrite of the framebuffer/console stuff, so that: |
| 518 |
|
1) It does not rely on X11 specifically. |
| 519 |
|
2) It is possible to interact with emulated framebuffers |
| 520 |
|
and consoles "remotely", e.g. via a web page which |
| 521 |
|
controls multiple virtualized machines. |
| 522 |
|
3) It is possible to run on (hypothetical) non-X11 |
| 523 |
|
graphics systems. |
| 524 |
|
o) Generalize the update_x1y1x2y2 stuff to an extend-region() |
| 525 |
|
function... |
| 526 |
o) -Yx sometimes causes crashes. |
o) -Yx sometimes causes crashes. |
| 527 |
o) Simple device access to framebuffer_blockcopyfill() etc, |
o) Simple device access to framebuffer_blockcopyfill() etc, |
| 528 |
and text output (using the built-in fonts), for dev_fb. |
and text output (using the built-in fonts), for dev_fb. |
| 533 |
o) Non-resizable windows? Or choose scaledown depending |
o) Non-resizable windows? Or choose scaledown depending |
| 534 |
on size (and center the image, with a black border). |
on size (and center the image, with a black border). |
| 535 |
o) Different scaledown on different windows? |
o) Different scaledown on different windows? |
| 536 |
|
o) Non-integral scale-up? (E.g. 640x480 -> 1024x768) |
| 537 |
o) Switch scaledown during runtime? (Ala CTRL-ALT-plus/minus) |
o) Switch scaledown during runtime? (Ala CTRL-ALT-plus/minus) |
| 538 |
o) Bug reported by Elijah Rutschman on MacOS with weird |
o) Bug reported by Elijah Rutschman on MacOS with weird |
| 539 |
keys (F5 = cursor down?). |
keys (F5 = cursor down?). |
| 545 |
to change the font of an xterm in X in the |
to change the font of an xterm in X in the |
| 546 |
emulator) |
emulator) |
| 547 |
o) Generalize the framebuffer stuff by moving _ALL_ X11 |
o) Generalize the framebuffer stuff by moving _ALL_ X11 |
| 548 |
specific code to src/x11.c! |
specific code to a separate module. |
| 549 |
|
|
| 550 |
Statistics: (this could be interesting) |
------------------------------------------------------------------------------- |
|
o) Save to file and show graphics. It should be possible to |
|
|
run gxemul after a simulation to just show the graphics, |
|
|
or convert to a .ppm or .tga or similar. |
|
|
o) memory accesses (to measure cache efficiency and |
|
|
page coloring efficiency) |
|
|
o) nr of simultaneous ASIDs in use in the TLB, for MIPS |
|
|
o) percentage of time spent in different "states", such as |
|
|
running userland code, kernel code, or idling (for CPUs |
|
|
that have such an instruction, or whenever the PC is |
|
|
inside a specific idle-function (address range)). |
|
|
Possible additional state (for example on R3000): caches |
|
|
disabled. |
|
|
o) position of read/write on (SCSI) disks |
|
| 551 |
|
|
Parent Directory
| 
Revision Log
| 
Patch