/[gxemul]/upstream/0.4.5/TODO
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /upstream/0.4.5/TODO

Parent Directory Parent Directory | Revision Log Revision Log


Revision 39 - (show annotations)
Mon Oct 8 16:22:02 2007 UTC (16 years, 5 months ago) by dpavlin
File size: 21651 byte(s)
0.4.5
1 $Id: TODO,v 1.476 2007/04/14 05:39:47 debug Exp $
2
3 Some things, in totally random order, that I'd like to fix:
4 (Some items in this list are probably out-to-date by now.)
5
6 Dyntrans:
7 x) Instruction combination collisions? How to avoid easily...
8 x) Think about how to do both SHmedia and SHcompact in a reasonable
9 way! (Or AMD64 long/protected/real, for that matter.)
10 x) 68K emulation; think about how to do variable instruction
11 lengths across page boundaries.
12 x) Dyntrans with valgrind-inspired memory checker. (In memory_rw,
13 it would be reasonably simple to add; in each individual fast
14 load/store routine = a lot more work, and it would become
15 kludgy very fast.)
16 x) Dyntrans with SMP... lots of work to be done here.
17 x) Dyntrans with cache emulation... lots of work here as well.
18 x) Remove the concept of base RAM completely; it would be more
19 generic to allow RAM devices to be used "anywhere".
20 o) dev_mp doesn't work well with dyntrans yet
21 o) In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans
22 x) Redesign/rethink the delay slot mechanism used for e.g. MIPS,
23 so that it caches a translation (that is, an instruction
24 word and the instr_call it was translated to the last
25 time), so that it doesn't need to do slow
26 to_be_translated for each end of page?
27 x) Program Counter statistics:
28 Per machine? What about SMP? All data to the same file?
29 A debugger command should be possible to use to enable/
30 disable statistics gathering.
31 Configuration file option!
32 x) Breakpoints:
33 o) Physical vs virtual addresses!
34 o) 32-bit vs 64-bit sign extension for MIPS, and others?
35 x) INVALIDATION should cause translations in _all_ cpus to be
36 invalidated, e.g. on a write to a write-protected page
37 (containing code)
38 x) 16-bit encodings? (MIPS16, ARM Thumb, 32-bit SH on SH64)
39 x) Lots of other stuff: see src/cpus/README_DYNTRANS
40 x) Native code generation backends:
41 o) think carefully about this.
42 o) simple syntax for emitting opcodes; backend implementation
43 must be optional, so I don't have to write more code
44 than necessary. after all, the non-native (C) code should
45 always work.
46 o) convert into native code only after an entire
47 block has been translated? probably best.
48 o) the "almost native" opcodes may be rearranged,
49 "peep-hole optimized", etc. and then as a separate step
50 this list of almost native opcodes is written out
51 as native code.
52 o) think about delay slots at the end of a block!
53 o) x86/amd64 code generator can be very similar... perhaps
54 o) NOTE that generation is per _ABI_, not per host arch!
55 the configure script must detect ABI!!!
56 o) branches to already translated code blocks can
57 link the blocks together
58 o) load/store are the most important to optimize
59
60 Simple Valgrind-like checks?
61 o) Mark every address with bits which tell whether or not the address
62 has been written to.
63 o) What should happen when programs are loaded? Text/data, bss (zero
64 filled). But stack space and heap is uninitialized.
65 o) Uninitialized local variables:
66 A load from a place on the stack which has not previously
67 been stored to => warning. Increasing the stack pointer using
68 any available means should reset the memory to uninitialized.
69 o) If calls to malloc() and free() can be intercepted:
70 o) Access to a memory area after free() => warning.
71 o) Memory returned by malloc() is marked as not-initialized.
72 o) Non-passive, but good to have: Change the argument
73 given to malloc, to return a slightly larger memory
74 area, i.e. margin_before + size + margin_after,
75 and return the pointer + margin_before.
76 Any access to the margin_before or _after space results
77 in warnings. (free() must be modified to free the
78 actually allocated address.)
79
80 MIPS:
81 o) Nicer MIPS status bits in register dumps.
82 o) Alignment exceptions.
83 o) Floating point exception correctness.
84 o) Fix this? Triggered by NetBSD/sgimips? Hm:
85 to_be_translated(): TODO: unimplemented instruction:
86 000000000065102c: 00200800 (d) rot_00 at,zr,0
87 o) Some more work on opcodes.
88 x) MIPS64 revision 2.
89 o) Find out which actual CPUs implement the rev2 ISA!
90 o) DROTR32 and similar MIPS64 rev 2 instructions,
91 which have a rotation bit which differs from
92 previous ISAs.
93 o) EI and DI instructions for MIPS64/32 rev 2.
94 NOTE: These are _NOT_ the same as for R5900!
95 x) _MAYBE_ TX79 and R5900 actually differ in their
96 opcodes? Check this carefully!
97 o) Dyntrans: Count register updates are probably not 100% correct yet.
98 o) Refactor code for performance and readability/maintainability.
99 o) (Re)implement 128-bit loads/stores for R5900.
100 o) R4000 and others:
101 x) watchhi/watchlo exceptions, and other exception
102 handling details
103 o) R10000 and others: (R12000, R14000 ?)
104 x) The code before the line
105 /* reg[COP0_PAGEMASK] = cpu->cd.mips.coproc[0]->tlbs[0].mask & PAGEMASK_MASK; */
106 in cpu_mips.c is not correct for R10000 according to
107 Lemote's Godson patches for GXemul. TODO: Go through all
108 register definitions according to http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_263.html#HEADING334
109 and make sure everything works with R10000.
110 Then test with OpenBSD/sgi?
111 x) Entry LO mask (as above).
112 x) memory space, exceptions, ...
113 x) use cop0 framemask for tlb lookups
114 (http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html)
115
116 SuperH:
117 x) SH4 interrupt controller:
118 x) MASKING should be possible!
119 x) SH4 DMA (0xffa00000)
120 x) SH4 UBC (0xff200000)
121 x) SH4 timers are going too fast!
122 x) Store queues can copy 32 bytes at a time, there's no need to
123 copy individual 32-bit words. (Performance improvement.)
124 x) SH4 BSC (Bus State Controller)
125 x) Instruction tracing should include symbols for branch targets,
126 and so on, to make the output more human readable.
127 x) SH3-specific devices: Pretty much everything!
128 x) NetBSD/evbsh3, mmeye, hpcsh! Linux?
129 x) Replace pc-relative loads with immediate load, if within the
130 same page. (Similar to the same optimization for ARM.)
131 x) Floating point speed!
132 x) Floating point exception correctness.
133 x) Think carefully about how to implement SH5/SH64 (for evbsh5).
134
135 Landisk SH4:
136 x) When NetBSD/landisk 4.0 and OpenBSD/landisk 4.1 have been
137 released, test to see if they work. (If so, update documentation,
138 guestos + index, and set stable=1 in machine_landisk.c.)
139
140 Dreamcast:
141 x) G2 DMA
142 x) LAN adapter (dev_mb8696x.c). NetBSD root-on-nfs.
143 x) PVR: Lots of stuff. See dev_pvr.c.
144 x) Better GDROM support
145 x) Modem
146 x) PCI bridge/bus?
147 x) Maple bus:
148 x) Correct controller input
149 x) Mouse input
150 x) Software emulation of BIOS calls:
151 x) GD-ROM emulation: Use the GDROM device.
152 x) Use the VGA font as a fake ROM font. (Better than
153 nothing.)
154 x) Make as many as possible of the KOS examples run!
155 x) More homebrew demos/games.
156 x) SPU: Sound emulation (ARM cpu).
157 x) VME processor emulation? "(Sanyo LC8670 "Potato")" according to
158 Wikipedia, LC86K87 according to Comstedt's page. See
159 http://www.maushammer.com/vmu.html for a good description of
160 the differences between LC86104C and the one used in the VME.
161
162 Alpha:
163 x) OSF1 PALcode, Virtual memory support.
164 x) PALcode replacement! PAL1E etc opcodes...?
165 x) Interrupt/exception/trap handling.
166 x) Floating point exception correctness.
167 x) More work on bootup memory and register contents.
168 x) More Alpha machine types, so it could work with
169 OpenBSD, FreeBSD, and Linux too?
170
171 SPARC (both the ISA and the machines):
172 o) Implement Adress space identifiers; load/stores etc.
173 o) Exception/trap/interrupt handling.
174 o) Save/restore register windows etc! Both v9 and pre-v9!
175 o) Finish the subcc and addcc flag computation code.
176 o) Add more registers (floating point, control regs etc)
177 o) Disassemly of some more instructions?
178 o) Are sll etc 32-bit sign-extending or zero-extending?
179 o) Floating point exception correctness.
180 o) SPARC v8, v7 etc?
181 o) More machine modes and devices.
182
183 Debugger:
184 o) How does SMP debugging work? Does it simply use "threads"?
185 What if the guest OS (running on an emulated SMP machine)
186 has a usertask running, with userland threads?
187 o) Try to make the debugger more modular and, if possible, reentrant!
188 o) Remove the emul command? (But show network info if showing
189 machines?)
190 o) Evaluate expressions within []? That would allow stuff like
191 cpu[x] where x is an expression.
192 o) Settings:
193 x) Special handlers for Write!
194 +) MIPS coproc regs
195 +) Alpha/MIPS/SPARC zero registers
196 +) x86 64/32/16-bit registers
197 x) Value formatter for resulting output.
198 o) see src/debugger.c for more
199
200 POWER/PowerPC:
201 x) Fix DECR timer speed, so it matches the host.
202 x) NetBSD/prep 3.x triggers a possible bug in the emulator:
203 <wdc_exec_command(0xd005e514,0xd60cdd30,0,8,..)>
204 <ata_get_xfer(0,0xd60cdd30,0,8,..)>
205 <0x26c550(&ata_xfer_pool,2,0,8,..)>
206 <0x35c71c(0x3f27000,0,52,8,..)>
207 <ata_exec_xfer(0xd005e4c8,0x3f27000,0,13,..)>
208 <atastart(0xd005e4c8,0x3f27000,0,13,..)>
209 <__wdccommand_start(0xd005e4c8,0x3f27000,0,13,..)>
210 <bsw1(&prep_isa_io_space_tag,0x800001f6,0,176,..)>
211 [ wdc: write to SDH: 0xb0 (sectorsize 2, lba=1, drive 1, head 0) ]
212 <wdcwait(0xd005e4c8,72,64,0xbb8,..)>
213 <0x198120(0xd005e4c8,72,64,0xbb8,..)>
214 <bsr1(&prep_isa_io_space_tag,0,0,0xbb8,..)>
215 <delay(100,0,0,0xbb8,..)>
216 Note: <bsr1(&prep_isa_io_space_tag,0,0,0xbb8,..)>
217 x) PPC optimizations; instr combs
218 x) 64-bit stuff: either Linux on G5, or perhaps some hobbyist
219 version of AIX? (if there exists such a thing)
220 x) macppc: adb controller; keyboard (for framebuffer mode)
221 x) make OpenBSD/macppc work (PCI controller stuff)
222 x) Floating point exception correctness.
223 x) Alignment exceptions.
224
225 PReP:
226 x) Clock time! ("Bad battery blah blah")
227
228 Algor:
229 o) Other models than the P5064?
230 o) PCI interrupts... needed for stuff like the tlp NIC?
231
232 BeBox:
233 o) Interrupts. There seems to be a problem with WDC interrupts
234 "after a short while", although a few interrupts get through?
235 o) Perhaps find a copy of BeOS and try it?
236
237 HPCmips:
238 x) Mouse/pad support! :)
239 x) A NIC? (As a PCMCIA device?)
240
241 AVR:
242 o) Everything.
243
244 ARM:
245 o) See netwinder_reset() in NetBSD; the current "an internal error
246 occured" message after reboot/halt is too ugly.
247 o) ARM "wait"-like instruction?
248 o) try to get netbsd/evbarm 3.x or 4.x running (iq80321)
249 o) make the xscale counter registers (ccnt) work
250 o) make the ata controller usable for FreeBSD!
251 o) Zaurus emulation:
252 x) OpenBSD/zaurus
253 x) NetBSD/zaurus? See the following URL:
254 http://mail-index.netbsd.org/port-arm/2006/11/19/0000.html
255 o) Debian/cats crashes because of unimplemented coproc stuff.
256 fix this?
257
258 Test machines:
259 o) dev_fb block fill and copy
260 o) dev_fb draw characters (from the built-in font)?
261 o) dev_fb input device? mouse pointer coordinates and buttons
262 (allow changes in these to cause interrupts as well?)
263 o) Redefine the halt() function so that it stops "sometimes
264 soon", i.e. usage in demo code should be:
265 for (;;) {
266 halt();
267 }
268
269 Better CD Image file support:
270 x) Support CD formats that contain more than 1 track, e.g.
271 CDI files (?). These can then contain a mixture of e.g. sound
272 and data tracks, and booting from an ISO filesystem path
273 would boot from [by default] the first data track.
274 (This would make sense for e.g. Dreamcast CD images, or
275 possibly other live-CD formats.)
276
277 Networking:
278 x) Redesign of the networking subsystem, at least the NAT translation
279 part. The current way of allowing raw ethernet frames to be
280 transfered to/from the emulator via UDP should probably be
281 extended to allow the frames to be transmitted other ways as
282 well.
283 x) Also adding support for connecting ttys (either to xterms, or to
284 pipes/sockets etc, or even to PPP->NAT or SLIP->NAT :-).
285 x) Documentation updates (!) are very important, making it easier to
286 use the (already existing) network emulation features.
287 x) Fix performance problems caused by only allowing a
288 single TCP packet to be unacked.
289 x) Don't hardcode offsets into packets!
290 x) Test with lower than 100 max tcp/udp connections,
291 to make sure that reuse works!
292 x) Make OpenBSD work better as a guest OS!
293 x) DHCP? Debian doesn't actually send DHCP packets, even
294 though it claims to? So it is hard to test.
295 x) Multiple networks per emulation, and let different
296 NICs in machines connect to different networks.
297 x) Support VDE (vde.sf.net)? Easiest/cleanest (before a
298 redesign of the network framework has been done) is
299 probably to connect it using the current (udp) solution.
300 x) Allow SLIP connections, possibly PPP, in addition to
301 ethernet?
302
303 Cache simulation:
304 o) Command line flags for:
305 o) CPU endianness?
306 o) Cache sizes? (multiple levels)
307 o) Separate from the CPU concept, so that multi-core CPUs sharing
308 e.g. a L2 cache can be simulated (?)
309 o) Instruction cache emulation is easiest (if separate from the
310 data cache); similar hack as the S;I; hack in cpu_dyntrans.c.
311 NOTE: if the architecture has a delay slot, then an instruction
312 slot can actually be executed as 2 instructions.
313 o) Data cache emulation = harder; each arch's load/store routines
314 must include support? running one instruction at a time and
315 having a cpu-dependant lookup function for each instruction
316 is another option (easier to implement, but very very slow).
317
318 Documentation:
319 x) Note about sandboxing/security:
320 Not all emulated instructions fail in the way they would
321 do on real hardware (e.g. a userspace program writing to
322 a system register might work in GXemul, but it would
323 fail on real hardware). Sandbox = contain from the
324 host OS. But the emulated programs will run "less
325 securely".
326 x) Try NetBSD/arc 4.x! (It seems to work with disk images!)
327 x) NetBSD/pmax 4 install instructions: xterm instead of vt100!
328 x) BETTER DEVICE EXAMPLES!
329 o) Move away from technical.html to somewhere new.
330 o) DEVICE_TICK
331 o) Implement example devices using interrupts, dyntrans
332 memory access, etc.?
333 x) Document the dyntrans core?
334 x) Rewrite the section about experimental devices, after the
335 framebuffer acceleration has been implemented, and demos
336 written. (Symbolic names instead of numbers; example
337 use cases, etc. Mention demo files that use the various
338 features?)
339 x) "a very simple linear framebuffer device (for graphics output)"
340 under "which machines does gxemul emulate" ==> better
341 description?
342 x) Better description on how to set up a cross compiler?
343 Example for MIPS64.
344 o) Automagic documentation generation?
345 x) machines, cpus, devices.
346 x) REMEMBER that several machines/devices can be in
347 the same source file!
348 o) Try to rewrite the install instructions for those machines
349 that use 3MAX into using CATS or hpcmips? (To remove the need
350 to use a raw ffs partition, using up all of the disk image.)
351
352 More generic out_of_memory error reporting, and check everywhere!
353 Causes: OpenBSD has low default limits for normal users.
354 Host is 32-bit? (32-bit hosts are limited to 4 GB or less
355 of userspace memory.)
356 You are actually low on RAM. (As trivial as this might sound,
357 Unix systems usually allow processes to allocate virtual
358 memory beyond the amount of RAM in the machine.)
359
360 The Device subsystem:
361 x) allow devices to be moved and/or changed in size (down to a
362 minimum size, etc, or up to a max size); if there is a collision,
363 return false. It is up to the caller to handle this situation!
364 x) NOTE: Translations must be invalidated, both for
365 registering new devices, and for moving existing ones.
366 cpu->invalidate translation caches, for all CPUs that
367 are connected to a specific memory.
368 x) keep track of interrupts and busses? actually, allowing any device
369 to be a bus might be a nice idea.
370 x) turn interrupt controllers into devices? :-)
371 x) refactor various clocks/nvram/cmos into one device?
372
373 PCI:
374 x) Pretty much everything related to runtime configuration, device
375 slots, interrupts, etc must be redesigned/cleaned up. The current
376 code is very hardcoded and ugly.
377 o) Allow cards to be added/removed during runtime more easily.
378 o) Allow cards to be enabled/disabled (i/o ports, etc, like
379 NetBSD needs for disk controller detection).
380 o) Allow devices to be moved in memory during runtime.
381 o) Interrupts per PCI slot, etc. (A-D).
382 o) PCI interrupt controller logic... very hard to get right,
383 because these differ a lot from one machine to the next.
384 x) last write was ffffffff ==> fix this, it should be used
385 together with a mask to get the correct bits. also, not ALL
386 bits are size bits! (lowest 4 vs lowest 2?)
387 x) add support for address fixups
388 x) generalize the interrupt routing stuff (lines etc)
389
390 Clocks and timers:
391 x) Fix the PowerPC DECR interrupt speed! (MacPPC and PReP speed, etc.)
392 x) DON'T HARDCODE 100 HZ IN cpu_mips_coproc.c!
393 x) Test the 8253? Right now it doesn't seem to be used?
394 x) NetWinder timeofday is incorrect!
395 x) Cobalt TOD is incorrect!
396 x) Go through all other machines, one by one, and fix them.
397
398 Config file parser:
399 o) Rewrite it from scratch!
400 o) Usage of any expression available through the debugger
401 o) Allow interrupt controllers to be added! and interrupts
402 to be used in more ways than before
403 o) Support for running debugger commands (like the -c
404 command line option)
405
406 Floating point layer:
407 o) make it common enough to be used by _all_ emulation modes
408 o) implement correct error/exception handling and rounding modes
409 o) implement more helper functions (i.e. add, sub, mul...)
410 o) non-IEEE modes (i.e. x86)?
411
412 Userland emulation:
413 x) Dynamic linking!
414 x) Lots of stuff; freebsd, netbsd, linux, ... syscalls.
415 x) Initial register/stack contents (environment, command line args).
416 x) Return value (from main).
417 x) mmap emulation layer
418 x) errno emulation layer
419 x) struct conversions for may syscalls
420
421 Sound:
422 x) generic sound framework
423 x) add one or more sound cards as devices; add a testmachine
424 sound card first?
425 x) Dreamcast sound? Generic PCI sound cards?
426
427 ASC SCSI controller:
428 x) NetBSD/arc 2.0 uses the ASC controller in a way which GXemul
429 cannot yet handle. (NetBSD 1.6.2 works ok.) (Possibly a problem
430 in NetBSD itself, http://mail-index.netbsd.org/source-changes/
431 2005/11/06/0024.html suggests that.)
432 NetBSD 4.x seems to work? :)
433
434 Caches / memory hierarchies: (this is mostly MIPS-specific)
435 o) src/memory*.c: Implement correct cache emulation for
436 all CPU types. (currently only R2000/R3000 is implemented)
437 (per CPU, multiple levels should be possible, associativity etc!)
438 o) R2000/R3000 isn't _100%_ correct, just almost correct :)
439 o) Move the -S (fill mem with random) functionality into the
440 memory.c subsystem, not machine.c or wherever it is now
441 o) ECC stuff, simulation of memory errors? (Machine dependent)
442 o) More than 4GB of emulated RAM, when run on a 32-bit host?
443 (using manual swap-out of blocks to disk, ugly)
444 o) A global command line option should be used to turn
445 cache emulation on or off. When off, caches should be
446 faked like they are right now. When on, caches and
447 memory latencies should be emulated as correctly as
448 possible.
449
450 File/disk/symbol handling:
451 o) Make sure that disks can be added/removed during runtime!
452 (Perhaps this needs a reasonably large re-write.)
453 o) Remove some of the complexity in file format guessing, for
454 Ultrix kernels that are actually disk images?
455 o) Better handling of tape files
456 o) Read function argument count and types from binaries? (ELF?)
457 o) Better demangling of C++ names. Note: GNU's C++ differs from e.g.
458 Microsoft's C++, so multiple schemes must be possible. See
459 URL at top of src/symbol_demangle.c for more info.
460
461 Userland ABI emulation:
462 o) see src/useremul.c
463
464 Better framebuffer and X-windows functionality:
465 o) Generalize the update_x1y1x2y2 stuff to an extend-region()
466 function...
467 o) -Yx sometimes causes crashes.
468 o) Simple device access to framebuffer_blockcopyfill() etc,
469 and text output (using the built-in fonts), for dev_fb.
470 o) CLEAN UP the ugly event code
471 o) Mouse clicks can be "missed" in the current system; this is
472 not good. They should be put on a stack of some kind.
473 o) More 2D and 3D framebuffer acceleration.
474 o) Non-resizable windows? Or choose scaledown depending
475 on size (and center the image, with a black border).
476 o) Different scaledown on different windows?
477 o) Non-integral scale-up? (E.g. 640x480 -> 1024x768)
478 o) Switch scaledown during runtime? (Ala CTRL-ALT-plus/minus)
479 o) Bug reported by Elijah Rutschman on MacOS with weird
480 keys (F5 = cursor down?).
481 o) Keyboard and mouse events:
482 x) Do this for more machines than just DECstation
483 x) more X11 cursor keycodes
484 x) Keys like CTRL, ALT, SHIFT do not get through
485 by themselves (these are necessary for example
486 to change the font of an xterm in X in the
487 emulator)
488 o) Generalize the framebuffer stuff by moving _ALL_ X11
489 specific code to src/x11.c!
490

  ViewVC Help
Powered by ViewVC 1.1.26