Re: [hatari-devel] 68030 MMU work

[ Thread Index | Date Index | More lists.tuxfamily.org/hatari-devel Archives ]


Am Sat, 8 Sep 2012 17:06:08 +0200
schrieb Andreas Grabher <andreas.grabher@xxxxxxxxxxxx>:

> Thanks for adding the code. At the moment i am working to further
> improve the table search function. I'd like to test Hatari with the
> integrated MMU and read the debugging messages. How can i get the
> code (i see your repository has no function to download a zip of the
> sources)?

Right, unfortunately that option is disabled at tuxfamily :-(
To download the source code, you need to install mercurial and type
something like:

 hg clone http://hg.tuxfamily.org/mercurialroot/hatari/hatari 

> Maybe fastest would be if someone could just send me a zip
> via mail. I'll be quite short with time during the next days and
> maybe weeks. But i hope i can do something tomorrow. What TOS file do
> i have to use to do the tests?

Please use TOS 4.04 and configure Hatari to run in Falcon mode, e.g.:

../hatari --machine falcon --tos tos404.rom --memsize 4 --mmu 1

You can add "--trace cpu_disasm" to see a runtime disassembly of the
boot process.

I've now compared that trace with a working boot process with MMU
disabled, and it seems to crash at the rts instruction at address
0xe01506. I think this is the first rts after the MMU has been enabled
(to do 32-bit to 24-bit address translation I assume) by TOS.

The interesting parts of the boot process are:

1)

 00E00030 46fc 2700		   MV2SR.W #$2700
 00E00034 3038 8006		   MOVE.W $ffff8006,D0
 00E00038 4e70  		   RESET.L 
 00E0003A 3038 8006		   MOVE.W $ffff8006,D0
 00E0003E 31fc 0007 8940	   MOVE.W #$0007,$ffff8940
 00E00044 0cb9 fa52 235f 00fa 0000 CMP.L #$fa52235f,$00fa0000
 00E0004E 660a  		   BNE.B #$0000000a == $00E0005A (T)
 00E0005A 203c 0000 0808	   MOVE.L #$00000808,D0
 00E00060 4e7b 0002		   MOVEC.L D0,CACR
 00E00064 7000  		   MOVE.L #$00000000,D0
 00E00066 4e7b 0801		   MOVEC.L D0,VBR
 00E0006A f039 4000 00e4 9430	   MMUOP030.L $400000e4,#$9430
MMU disabled
PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 00000000,TC PC=00E0006A


 00E00072 f039 0800 00e4 9430      MMUOP030.L $080000e4,#$9430

TRANSPARENT TRANSLATION: 00000000

TT: transparent translation disabled
TT: caching enabled
TT: read-modify-write disabled (write only)

TT: function code mask: 0
TT: function code base: 0

TT: address mask: 00000000
TT: address base: 00000000

TT: translate via MMU if address&FF000000 or fc&FFFFFFFF

PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 00000000,TT0 PC=00E00072
 00E0007A f039 0c00 00e4 9430      MMUOP030.L $0c0000e4,#$9430

TRANSPARENT TRANSLATION: 00000000

TT: transparent translation disabled
TT: caching enabled
TT: read-modify-write disabled (write only)

TT: function code mask: 0
TT: function code base: 0

TT: address mask: 00000000
TT: address base: 00000000

TT: translate via MMU if address&FF000000 or fc&FFFFFFFF

PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 00000000,TT1 PC=00E0007A



2)

After some loops that seem to clear the memory, TOS is doing the
following:

 00E014E2 51c8 fffc		   DBF .W D0,#$fffc == $00E014E0 (F)
 00E014E6 f039 4c00 00e4 995a	   MMUOP030.L $4c0000e4,#$995a

ROOT POINTER: 8000000200000700

RP: descriptor type = 2 (valid 4 byte descriptor)
RP: lower limit = 0
RP: first table address = 00000700

PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 8000000200000700,CRP PC=00E014E6
 00E014EE f039 4000 00e4 9962      MMUOP030.L $400000e4,#$9962
MMU enabled

TRANSLATION CONTROL: 80F04445

TC: translation enabled
TC: supervisor root pointer disabled
TC: function code lookup disabled

TC: Initial Shift: 0
TC: Page Size: 32768 byte

TC: Table A: mask = F0000000, shift = 28
TC: Table B: mask = 0F000000, shift = 24
TC: Table C: mask = 00F00000, shift = 20
TC: Table D: mask = 000F8000, shift = 15
TC: Page:    mask = 00007FFF

TC: Last Table: D

PMOVE: Flush ATC
ATC: Flushing all entries
mmu030_create_atc_entry
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 00000742
Table B at 00000740: index = 0, Next descriptor: 000007C2
Table C at 000007C0: index = 14, Next descriptor: 00E00001
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(0): logical = 00E49900, physical = 00E00000, FC = 5
ATC create entry(0): B = 0, CI = 0, WP = 0, M = 0
ATC match(0): page addr = 00E00000, index = 00001962 (lget 00FF23F8)
PMOVE 00FF23F8,TC PC=00E014EE


 00E014F6 f039 0800 00e4 9966      MMUOP030.L $080000e4,#$9966
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(1): logical = 00E01400, physical = 00E00000, FC = 6
ATC create entry(1): B = 0, CI = 0, WP = 0, M = 0
ATC match(1): page addr = 00E00000, index = 000014F6 (wget F039)
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(2): logical = 00E01400, physical = 00E00000, FC = 5
ATC create entry(2): B = 0, CI = 0, WP = 0, M = 0
ATC match(2): page addr = 00E00000, index = 000014F8 (wget 0800)
ATC match(1): page addr = 00E00000, index = 000014FA (lget 00E49966)
ATC match(0): page addr = 00E00000, index = 00001966 (lget 04BA0000)

TRANSPARENT TRANSLATION: 04BA0000

TT: transparent translation disabled
TT: caching enabled
TT: read-modify-write disabled (write only)

TT: function code mask: 0
TT: function code base: 0

TT: address mask: BA000000
TT: address base: 04000000

TT: translate via MMU if address&41000000 or fc&FFFFFFFF

PMOVE: Flush ATC
ATC: Flushing all entries
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(0): logical = 00E49900, physical = 00E00000, FC = 5
ATC create entry(0): B = 0, CI = 0, WP = 0, M = 0
ATC match(0): page addr = 00E00000, index = 00001966 (lget 04BA0000)
PMOVE 04BA0000,TT0 PC=00E014F6


 00E014FE f039 0c00 00e4 996a      MMUOP030.L $0c0000e4,#$996a
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(1): logical = 00E01400, physical = 00E00000, FC = 6
ATC create entry(1): B = 0, CI = 0, WP = 0, M = 0
ATC match(1): page addr = 00E00000, index = 000014FE (wget F039)
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(2): logical = 00E01500, physical = 00E00000, FC = 5
ATC create entry(2): B = 0, CI = 0, WP = 0, M = 0
ATC match(2): page addr = 00E00000, index = 00001500 (wget 0C00)
ATC match(1): page addr = 00E00000, index = 00001502 (lget 00E4996A)
ATC match(0): page addr = 00E00000, index = 0000196A (lget 0B5A54B9)

TRANSPARENT TRANSLATION: 0B5A54B9

TT: transparent translation disabled
TT: caching inhibited
TT: read-modify-write disabled (write only)

TT: function code mask: 1
TT: function code base: 3

TT: address mask: 5A000000
TT: address base: 0B000000

TT: translate via MMU if address&A4000000 or fc&FFFFFFFC

PMOVE: Flush ATC
ATC: Flushing all entries
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(0): logical = 00E49900, physical = 00E00000, FC = 5
ATC create entry(0): B = 0, CI = 0, WP = 0, M = 0
ATC match(0): page addr = 00E00000, index = 0000196A (lget 0B5A54B9)
PMOVE 0B5A54B9,TT1 PC=00E014FE
cpu video_cyc= 68014 450@133 : 00E01506 4e75                     RTS.L 
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(1): logical = 00E01500, physical = 00E00000, FC = 6
ATC create entry(1): B = 0, CI = 0, WP = 0, M = 0
ATC match(1): page addr = 00E00000, index = 00001506 (wget 4E75)

----------------------------------------------------------------------

When it reaches PC = 0xe01506, the CPU state looks like this:

CPU=$e01506, VBL=6, FrameCycles=68014, HBL=133, LineCycles=450, DSP=$0
> r
  D0 0000FFFF   D1 00000081   D2 00000000   D3 00000000 
  D4 0000FFFF   D5 00400000   D6 00000000   D7 00000000 
  A0 00000800   A1 00E4995A   A2 00000000   A3 00E00D52 
  A4 00E00C04   A5 00000200   A6 00000000   A7 0000886C 
USP  00000000 ISP  0000886C SFC  00000000 DFC  00000000 
CACR 00000008 VBR  00000000 CAAR 00000000 MSP  00000000 
T=00 S=1 M=0 X=0 N=0 Z=0 V=0 C=0 IMASK=7 STP=0
00E01506 4e75                     RTS.L 
Next PC: 00e01508
> d
$e01506 : 4e75                                 rts       
....
> m 0x700
000700: 00 00 07 4a 10 00 00 01 20 00 00 01 30 00 00 01   ...J.... ...0...
000710: 40 00 00 01 50 00 00 01 60 00 00 01 70 00 00 01   @...P...`...p...
000720: 80 00 00 41 90 00 00 41 a0 00 00 41 b0 00 00 41   ...A...A...A...A
000730: c0 00 00 41 d0 00 00 41 e0 00 00 41 00 00 07 82   ...A...A...A....
000740: 00 00 07 ca 01 00 00 01 02 00 00 01 03 00 00 01   ................
000750: 04 00 00 01 05 00 00 01 06 00 00 01 07 00 00 01   ................
000760: 08 00 00 01 09 00 00 01 0a 00 00 01 0b 00 00 01   ................
000770: 0c 00 00 01 0d 00 00 01 0e 00 00 01 0f 00 00 01   ................
> 
000780: f0 00 00 41 f1 00 00 41 f2 00 00 41 f3 00 00 41   ...A...A...A...A
000790: f4 00 00 41 f5 00 00 41 f6 00 00 41 f7 00 00 41   ...A...A...A...A
0007A0: f8 00 00 41 f9 00 00 41 fa 00 00 41 fb 00 00 41   ...A...A...A...A
0007B0: fc 00 00 41 fd 00 00 41 fe 00 00 41 00 00 07 c2   ...A...A...A....
0007C0: 00 00 00 01 00 10 00 01 00 20 00 01 00 30 00 01   ......... ...0..
0007D0: 00 40 00 01 00 50 00 01 00 60 00 01 00 70 00 01   .@...P...`...p..
0007E0: 00 80 00 01 00 90 00 01 00 a0 00 01 00 b0 00 01   ................
0007F0: 00 c0 00 01 00 d0 00 01 00 e0 00 09 00 f0 00 41   ...............A
> m 0x8860
008860: 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 02 c0   ................
....

The SP is pointing to 0x886C, so the rts should load the value 0xe002c0,
however when I continue, the rts jumps to the wrong address:

> c 1
Returning to emulation for 1 CPU instructions...
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 0, Next descriptor: 00000001
Descriptor for Table D: Early termination
Page at 00000000
ATC create entry(2): logical = 00008800, physical = 00000000, FC = 5
ATC create entry(2): B = 0, CI = 0, WP = 0, M = 0
ATC match(2): page addr = 00000000, index = 0000086C (lget 00000000)

CPU=$0, VBL=6, FrameCycles=68016, HBL=133, LineCycles=452, DSP=$0
> r
  D0 0000FFFF   D1 00000081   D2 00000000   D3 00000000 
  D4 0000FFFF   D5 00400000   D6 00000000   D7 00000000 
  A0 00000800   A1 00E4995A   A2 00000000   A3 00E00D52 
  A4 00E00C04   A5 00000200   A6 00000000   A7 00008870 
USP  00000000 ISP  00008870 SFC  00000000 DFC  00000000 
CACR 00000008 VBR  00000000 CAAR 00000000 MSP  00000000 
T=00 S=1 M=0 X=0 N=0 Z=0 V=0 C=0 IMASK=7 STP=0
00000000 602e                     BT .B #$0000002e == $00000030 (T)
Next PC: 00000002

Seems like something went wrong with that translation ... do you have a
clue what could be wrong here?

 Thomas



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/