Am Sat, 8 Sep 2012 17:06:08 +0200
schrieb Andreas Grabher <
andreas.grabher@xxxxxxxxxxxx>:
Thanks for adding the code. At the moment i am working to further
improve the table search function. I'd like to test Hatari with the
integrated MMU and read the debugging messages. How can i get the
code (i see your repository has no function to download a zip of the
sources)?
Right, unfortunately that option is disabled at tuxfamily :-(
To download the source code, you need to install mercurial and type
something like:
hg clone
http://hg.tuxfamily.org/mercurialroot/hatari/hatari Maybe fastest would be if someone could just send me a zip
via mail. I'll be quite short with time during the next days and
maybe weeks. But i hope i can do something tomorrow. What TOS file do
i have to use to do the tests?
Please use TOS 4.04 and configure Hatari to run in Falcon mode, e.g.:
./hatari --machine falcon --tos tos404.rom --memsize 4 --mmu 1
You can add "--trace cpu_disasm" to see a runtime disassembly of the
boot process.
I've now compared that trace with a working boot process with MMU
disabled, and it seems to crash at the rts instruction at address
0xe01506. I think this is the first rts after the MMU has been enabled
(to do 32-bit to 24-bit address translation I assume) by TOS.
The interesting parts of the boot process are:
1)
00E00030 46fc 2700
MV2SR.W #$2700
00E00034 3038 8006
MOVE.W $ffff8006,D0
00E00038 4e70
RESET.L
00E0003A 3038 8006
MOVE.W $ffff8006,D0
00E0003E 31fc 0007 8940
MOVE.W #$0007,$ffff8940
00E00044 0cb9 fa52 235f 00fa 0000 CMP.L #$fa52235f,$00fa0000
00E0004E 660a
BNE.B #$0000000a == $00E0005A (T)
00E0005A 203c 0000 0808
MOVE.L #$00000808,D0
00E00060 4e7b 0002
MOVEC.L D0,CACR
00E00064 7000
MOVE.L #$00000000,D0
00E00066 4e7b 0801
MOVEC.L D0,VBR
00E0006A f039 4000 00e4 9430
MMUOP030.L $400000e4,#$9430
MMU disabled
PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 00000000,TC PC=00E0006A
00E00072 f039 0800 00e4 9430 MMUOP030.L $080000e4,#$9430
TRANSPARENT TRANSLATION: 00000000
TT: transparent translation disabled
TT: caching enabled
TT: read-modify-write disabled (write only)
TT: function code mask: 0
TT: function code base: 0
TT: address mask: 00000000
TT: address base: 00000000
TT: translate via MMU if address&FF000000 or fc&FFFFFFFF
PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 00000000,TT0 PC=00E00072
00E0007A f039 0c00 00e4 9430 MMUOP030.L $0c0000e4,#$9430
TRANSPARENT TRANSLATION: 00000000
TT: transparent translation disabled
TT: caching enabled
TT: read-modify-write disabled (write only)
TT: function code mask: 0
TT: function code base: 0
TT: address mask: 00000000
TT: address base: 00000000
TT: translate via MMU if address&FF000000 or fc&FFFFFFFF
PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 00000000,TT1 PC=00E0007A
2)
After some loops that seem to clear the memory, TOS is doing the
following:
00E014E2 51c8 fffc
DBF .W D0,#$fffc == $00E014E0 (F)
00E014E6 f039 4c00 00e4 995a
MMUOP030.L $4c0000e4,#$995a
ROOT POINTER: 8000000200000700
RP: descriptor type = 2 (valid 4 byte descriptor)
RP: lower limit = 0
RP: first table address = 00000700
PMOVE: Flush ATC
ATC: Flushing all entries
PMOVE 8000000200000700,CRP PC=00E014E6
00E014EE f039 4000 00e4 9962 MMUOP030.L $400000e4,#$9962
MMU enabled
TRANSLATION CONTROL: 80F04445
TC: translation enabled
TC: supervisor root pointer disabled
TC: function code lookup disabled
TC: Initial Shift: 0
TC: Page Size: 32768 byte
TC: Table A: mask = F0000000, shift = 28
TC: Table B: mask = 0F000000, shift = 24
TC: Table C: mask = 00F00000, shift = 20
TC: Table D: mask = 000F8000, shift = 15
TC: Page: mask = 00007FFF
TC: Last Table: D
PMOVE: Flush ATC
ATC: Flushing all entries
mmu030_create_atc_entry
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 00000742
Table B at 00000740: index = 0, Next descriptor: 000007C2
Table C at 000007C0: index = 14, Next descriptor: 00E00001
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(0): logical = 00E49900, physical = 00E00000, FC = 5
ATC create entry(0): B = 0, CI = 0, WP = 0, M = 0
ATC match(0): page addr = 00E00000, index = 00001962 (lget 00FF23F8)
PMOVE 00FF23F8,TC PC=00E014EE
00E014F6 f039 0800 00e4 9966 MMUOP030.L $080000e4,#$9966
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(1): logical = 00E01400, physical = 00E00000, FC = 6
ATC create entry(1): B = 0, CI = 0, WP = 0, M = 0
ATC match(1): page addr = 00E00000, index = 000014F6 (wget F039)
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(2): logical = 00E01400, physical = 00E00000, FC = 5
ATC create entry(2): B = 0, CI = 0, WP = 0, M = 0
ATC match(2): page addr = 00E00000, index = 000014F8 (wget 0800)
ATC match(1): page addr = 00E00000, index = 000014FA (lget 00E49966)
ATC match(0): page addr = 00E00000, index = 00001966 (lget 04BA0000)
TRANSPARENT TRANSLATION: 04BA0000
TT: transparent translation disabled
TT: caching enabled
TT: read-modify-write disabled (write only)
TT: function code mask: 0
TT: function code base: 0
TT: address mask: BA000000
TT: address base: 04000000
TT: translate via MMU if address&41000000 or fc&FFFFFFFF
PMOVE: Flush ATC
ATC: Flushing all entries
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(0): logical = 00E49900, physical = 00E00000, FC = 5
ATC create entry(0): B = 0, CI = 0, WP = 0, M = 0
ATC match(0): page addr = 00E00000, index = 00001966 (lget 04BA0000)
PMOVE 04BA0000,TT0 PC=00E014F6
00E014FE f039 0c00 00e4 996a MMUOP030.L $0c0000e4,#$996a
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(1): logical = 00E01400, physical = 00E00000, FC = 6
ATC create entry(1): B = 0, CI = 0, WP = 0, M = 0
ATC match(1): page addr = 00E00000, index = 000014FE (wget F039)
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(2): logical = 00E01500, physical = 00E00000, FC = 5
ATC create entry(2): B = 0, CI = 0, WP = 0, M = 0
ATC match(2): page addr = 00E00000, index = 00001500 (wget 0C00)
ATC match(1): page addr = 00E00000, index = 00001502 (lget 00E4996A)
ATC match(0): page addr = 00E00000, index = 0000196A (lget 0B5A54B9)
TRANSPARENT TRANSLATION: 0B5A54B9
TT: transparent translation disabled
TT: caching inhibited
TT: read-modify-write disabled (write only)
TT: function code mask: 1
TT: function code base: 3
TT: address mask: 5A000000
TT: address base: 0B000000
TT: translate via MMU if address&A4000000 or fc&FFFFFFFC
PMOVE: Flush ATC
ATC: Flushing all entries
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(0): logical = 00E49900, physical = 00E00000, FC = 5
ATC create entry(0): B = 0, CI = 0, WP = 0, M = 0
ATC match(0): page addr = 00E00000, index = 0000196A (lget 0B5A54B9)
PMOVE 0B5A54B9,TT1 PC=00E014FE
cpu video_cyc= 68014 450@133 : 00E01506 4e75 RTS.L
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 14, Next descriptor: 00E00009
Descriptor for Table D: Early termination
Page at 00E00000
ATC create entry(1): logical = 00E01500, physical = 00E00000, FC = 6
ATC create entry(1): B = 0, CI = 0, WP = 0, M = 0
ATC match(1): page addr = 00E00000, index = 00001506 (wget 4E75)
----------------------------------------------------------------------
When it reaches PC = 0xe01506, the CPU state looks like this:
CPU=$e01506, VBL=6, FrameCycles=68014, HBL=133, LineCycles=450, DSP=$0
r
D0 0000FFFF D1 00000081 D2 00000000 D3 00000000
D4 0000FFFF D5 00400000 D6 00000000 D7 00000000
A0 00000800 A1 00E4995A A2 00000000 A3 00E00D52
A4 00E00C04 A5 00000200 A6 00000000 A7 0000886C
USP 00000000 ISP 0000886C SFC 00000000 DFC 00000000
CACR 00000008 VBR 00000000 CAAR 00000000 MSP 00000000
T=00 S=1 M=0 X=0 N=0 Z=0 V=0 C=0 IMASK=7 STP=0
00E01506 4e75 RTS.L
Next PC: 00e01508
d
$e01506 : 4e75 rts
...
m 0x700
000700: 00 00 07 4a 10 00 00 01 20 00 00 01 30 00 00 01 ...J.... ...0...
000710: 40 00 00 01 50 00 00 01 60 00 00 01 70 00 00 01 @...P...`...p...
000720: 80 00 00 41 90 00 00 41 a0 00 00 41 b0 00 00 41 ...A...A...A...A
000730: c0 00 00 41 d0 00 00 41 e0 00 00 41 00 00 07 82 ...A...A...A....
000740: 00 00 07 ca 01 00 00 01 02 00 00 01 03 00 00 01 ................
000750: 04 00 00 01 05 00 00 01 06 00 00 01 07 00 00 01 ................
000760: 08 00 00 01 09 00 00 01 0a 00 00 01 0b 00 00 01 ................
000770: 0c 00 00 01 0d 00 00 01 0e 00 00 01 0f 00 00 01 ................
000780: f0 00 00 41 f1 00 00 41 f2 00 00 41 f3 00 00 41 ...A...A...A...A
000790: f4 00 00 41 f5 00 00 41 f6 00 00 41 f7 00 00 41 ...A...A...A...A
0007A0: f8 00 00 41 f9 00 00 41 fa 00 00 41 fb 00 00 41 ...A...A...A...A
0007B0: fc 00 00 41 fd 00 00 41 fe 00 00 41 00 00 07 c2 ...A...A...A....
0007C0: 00 00 00 01 00 10 00 01 00 20 00 01 00 30 00 01 ......... ...0..
0007D0: 00 40 00 01 00 50 00 01 00 60 00 01 00 70 00 01 .@...P...`...p..
0007E0: 00 80 00 01 00 90 00 01 00 a0 00 01 00 b0 00 01 ................
0007F0: 00 c0 00 01 00 d0 00 01 00 e0 00 09 00 f0 00 41 ...............A
m 0x8860
008860: 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 02 c0 ................
...
The SP is pointing to 0x886C, so the rts should load the value 0xe002c0,
however when I continue, the rts jumps to the wrong address:
c 1
Returning to emulation for 1 CPU instructions...
CPU Root Pointer: 8000000200000700
Table A at 00000700: index = 0, Next descriptor: 0000074A
Table B at 00000740: index = 0, Next descriptor: 000007CA
Table C at 000007C0: index = 0, Next descriptor: 00000001
Descriptor for Table D: Early termination
Page at 00000000
ATC create entry(2): logical = 00008800, physical = 00000000, FC = 5
ATC create entry(2): B = 0, CI = 0, WP = 0, M = 0
ATC match(2): page addr = 00000000, index = 0000086C (lget 00000000)
CPU=$0, VBL=6, FrameCycles=68016, HBL=133, LineCycles=452, DSP=$0
r
D0 0000FFFF D1 00000081 D2 00000000 D3 00000000
D4 0000FFFF D5 00400000 D6 00000000 D7 00000000
A0 00000800 A1 00E4995A A2 00000000 A3 00E00D52
A4 00E00C04 A5 00000200 A6 00000000 A7 00008870
USP 00000000 ISP 00008870 SFC 00000000 DFC 00000000
CACR 00000008 VBR 00000000 CAAR 00000000 MSP 00000000
T=00 S=1 M=0 X=0 N=0 Z=0 V=0 C=0 IMASK=7 STP=0
00000000 602e BT .B #$0000002e == $00000030 (T)
Next PC: 00000002
Seems like something went wrong with that translation ... do you have a
clue what could be wrong here?
Thomas