It looks like "Message Accepted" shouldn't write a response. At least ESP_RFLAGS must definetely be 0.
After I fixed the bug, OBP got one step further. Now it sees the targets:
ok probe-scsi
Target 0
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command e0
scsi-disk: Unsupported command length, command e0
Target 2
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command 60
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command c0
scsi-disk: Unsupported command length, command e0
scsi-disk: Unsupported command length, command e0
ok
Next stop is inquiring targets parameters.
Sunday, August 30, 2009
Saturday, August 29, 2009
got past scsi-controller initialization
got past scsi-controller initialization. The next stop is disks probing:
ok probe-scsi
Extra scsi data. Fatal error.Extra scsi data. Fatal error.
ok
ok probe-scsi
Extra scsi data. Fatal error.Extra scsi data. Fatal error.
ok
Sunday, August 23, 2009
Sun Studio for free
Currently there are two options to get Sun Studio for free:
- Everyone can have Sun Studio 12 update 1. There are Solaris/sparc, Solaris/intel and Linux/i686 versions. There seems to be compatibility issues with ld on newer linux distributions. The error message reads "libm format not recognized". The half official solution is
rm /opt/sun/sunstudio12/prod/lib/amd64/ld
ln -s /usr/bin/ld /opt/sun/sunstudio12/prod/lib/amd64/ld
Also there are problems with headless install under Linux. But it is possible to extract all the rpms with the --extract-installation-data command line option.
- OpenSolaris developers may get the version 10 here. But only the Solaris versions, not the Linux one. I wonder why would they need to mess with the older version 10, as there is a shiny new 12u1? Are there any known compatibility issues in the 12u1?
- Everyone can have Sun Studio 12 update 1. There are Solaris/sparc, Solaris/intel and Linux/i686 versions. There seems to be compatibility issues with ld on newer linux distributions. The error message reads "libm format not recognized". The half official solution is
rm /opt/sun/sunstudio12/prod/lib/amd64/ld
ln -s /usr/bin/ld /opt/sun/sunstudio12/prod/lib/amd64/ld
Also there are problems with headless install under Linux. But it is possible to extract all the rpms with the --extract-installation-data command line option.
- OpenSolaris developers may get the version 10 here. But only the Solaris versions, not the Linux one. I wonder why would they need to mess with the older version 10, as there is a shiny new 12u1? Are there any known compatibility issues in the 12u1?
Labels:
linux,
OpenSolaris,
Solaris,
sparc,
Sun Studio
Saturday, August 22, 2009
Back and Forth. But mostly Forth.
Debugged the OBP boot comparing the cases where it crashes on RAM detection and on SX framebuffer detection. Now I have the path, which initializes almost everything not stepping into routines where it hangs. Currently two qemu hacks are needed: upper SIMM-FCode hack and timer stop & go hack. The rest is simple:
: t1
root-device ffd60d80 execute ffd61340 execute " banner-name" attribute device-end
" cpu-devices+" do-drop-in ( * ffd61450 * )
ffd61e70 execute ( * ffd61ea0 * )
ffd5edb0 execute ffd52a30 execute + +
ffd62930 execute 3drop 2drop ( * ffd62990 *)
ffd65610 execute drop ffd65970 execute ( * ffd659a0 * )
true (is) standalone? ffd65f20 execute ffd65f30 execute ! ffd65f40 execute ffd65f50 execute ! ( * ffd66370 * )
sunmon-compat? ffd60490 execute or 0= ffd66240 execute ( * ffd66a60 *)
ffd68920 execute ( * ffd68940 * )
ffd68dd0 execute ( * ffd68e40 *)
enable-interrupts ( * ffd6b210 * )
"/sbus" find-device scsi-initiator-id xdrint " scsi-initiator-id"
attribute device-end ( * ffd6b780 * )
ffd6e9a0 execute ffd6f160 execute "/sbus" find-device scsi-initiator-id xdrint " scsi-initiator-id" attribute device-end
ffd6f160 execute dup root-device " clock-frequency" integer-attribute device-end
2 / "/sbus" find-device " clock-frequency" integer-attribute device-end
ffd60a00 execute ( * nvram rc * )
;
showstack
t1
setenv fcode-debug? true
" probe-" do-drop-in f probe-slot " probe+" do-drop-in
: t1
root-device ffd60d80 execute ffd61340 execute " banner-name" attribute device-end
" cpu-devices+" do-drop-in ( * ffd61450 * )
ffd61e70 execute ( * ffd61ea0 * )
ffd5edb0 execute ffd52a30 execute + +
ffd62930 execute 3drop 2drop ( * ffd62990 *)
ffd65610 execute drop ffd65970 execute ( * ffd659a0 * )
true (is) standalone? ffd65f20 execute ffd65f30 execute ! ffd65f40 execute ffd65f50 execute ! ( * ffd66370 * )
sunmon-compat? ffd60490 execute or 0= ffd66240 execute ( * ffd66a60 *)
ffd68920 execute ( * ffd68940 * )
ffd68dd0 execute ( * ffd68e40 *)
enable-interrupts ( * ffd6b210 * )
"/sbus" find-device scsi-initiator-id xdrint " scsi-initiator-id"
attribute device-end ( * ffd6b780 * )
ffd6e9a0 execute ffd6f160 execute "/sbus" find-device scsi-initiator-id xdrint " scsi-initiator-id" attribute device-end
ffd6f160 execute dup root-device " clock-frequency" integer-attribute device-end
2 / "/sbus" find-device " clock-frequency" integer-attribute device-end
ffd60a00 execute ( * nvram rc * )
;
showstack
t1
setenv fcode-debug? true
" probe-" do-drop-in f probe-slot " probe+" do-drop-in
Friday, August 21, 2009
Found the bug in qemu's sparc CPU emulation
The page 55 of The SPARC v8 Architecture Manual describes jump/branch case explicitly: cpu should execute one instruction on the jump target and then branch.
It's not what qemu does!
Don't know how to fix it myself though. Need to persuade the qemu developers to fix it. I seriously doubt that a compiler would use this feature, so Linux&Co are not affected by this bug at all.
It's not what qemu does!
Don't know how to fix it myself though. Need to persuade the qemu developers to fix it. I seriously doubt that a compiler would use this feature, so Linux&Co are not affected by this bug at all.
Sunday, August 16, 2009
space instructions
space{c,l,d}{@,!} words currently do not work as on the real hardware.
In order to fix the emulation understanding how they are supposed to work is needed.
ok see spacel!
code spacel!
ffd53504 ld [%g7], %l2
ffd53508 add %g7, 4, %g7
ffd5350c ld [%g7], %l0
ffd53510 add %g7, 4, %g7
ffd53514 sll %g4, 2, %g4
ffd53518 call ffd5351c
ffd5351c add %g0, 14, %l1
ok ffd5351c dis
ffd5351c add %g0, 14, %l1
ffd53520 add %o7, %l1, %l1
ffd53524 jmp %l1, %g4, %g0
ffd53528 ba ffd53660
And here I'm lost. I don't see any store instruction there. Don't know where it would jump to. A hacker named "tierchen", wrote that under MIPS branch in Jump's delay slot would produce an undefined behavior.
In order to fix the emulation understanding how they are supposed to work is needed.
ok see spacel!
code spacel!
ffd53504 ld [%g7], %l2
ffd53508 add %g7, 4, %g7
ffd5350c ld [%g7], %l0
ffd53510 add %g7, 4, %g7
ffd53514 sll %g4, 2, %g4
ffd53518 call ffd5351c
ffd5351c add %g0, 14, %l1
ok ffd5351c dis
ffd5351c add %g0, 14, %l1
ffd53520 add %o7, %l1, %l1
ffd53524 jmp %l1, %g4, %g0
ffd53528 ba ffd53660
And here I'm lost. I don't see any store instruction there. Don't know where it would jump to. A hacker named "tierchen", wrote that under MIPS branch in Jump's delay slot would produce an undefined behavior.
Saturday, August 15, 2009
Fixed a bug in the IRQ processing
Ha! Fixed myself the first found bug in qemu. do_irq() was called multiple times, which just can not happen on a real hardware.
Getting the patch accepted upstream is actually harder than fixing the bug.
Update: the patch is accepted.
Getting the patch accepted upstream is actually harder than fixing the bug.
Update: the patch is accepted.
Sunday, August 9, 2009
Open Boot PROM images
Robert Reif has a collection of OBP images here.
Thanks, Robert.
Another collection of OBP images:
http://locomotion.tw/sparc/prom/
Thanks, Robert.
Another collection of OBP images:
http://locomotion.tw/sparc/prom/
Sunday, August 2, 2009
Boot PROMs
Got some Boot PROMs, thanks Pete! The most interesting is LX one. While SS-20 POST stops after the first error, LX goes on till it crashes completely. Obviously "Invalid CEXC" is not handled by qemu:
$$$$$ WARNING : No Keyboard Detected! $$$$$
MMU Context Table Reg Test
MMU Context Register Test
MMU TLB Replace Reg Test
MMU Sync Fault Stat Reg Test
MMU Sync Fault Addr Reg Test
MMU TLB/CAM NTA Pattern Test
ERROR : Address = 000000f8, exp = 07ffffdc, obs = 00000000, xor = 07ffffdc
ERROR : Address = 000000fc, exp = ffffffff, obs = 00000000, xor = ffffffff
D-Cache RAM NTA Test
ERROR : Address = 000007fc, exp = ffffffff, obs = 00000000, xor = ffffffff
D-Cache TAG NTA Test
ERROR : Address = 000007f0, exp = 07fff801, obs = 00000000, xor = 07fff801
I-Cache RAM NTA Test
ERROR : Address = 00000ffc, exp = ffffffff, obs = 00000000, xor = ffffffff
I-Cache TAG NTA Test
ERROR : Address = 00000fe0, exp = 07fff001, obs = 00000000, xor = 07fff001
FPU Register File Test
FPU Misaligned Reg Pair Test
FPU Single-precision Tests
FPU Double-precision Tests
FPU SP Invalid CEXC Test
ERROR : Unexpected Synchronous Trap Taken, Trap Type = 00000008, PSR = 414010c4, PC = 70002d8c, TBR = 00000080
STATUS : Entering scope loop .... Press key to Abort!qemu: fatal: Trap 0x03 while interrupts disabled, Error state
pc: 0000217c npc: 00002d68
General Registers:
%g0: 00000000 %g1: 00002d68 %g2: 00005555 %g3: 00000001
%g4: 00000002 %g5: 00000000 %g6: 00000000 %g7: 00000000
Current Register Window:
%o0: 00000000 %o1: 00000999 %o2: 00000000 %o3: 00000000
%o4: 00000000 %o5: 00000000 %o6: 0001fba0 %o7: 7000971c
%l0: 0002fff8 %l1: 00000000 %l2: 00000000 %l3: 00000000
%l4: 00000000 %l5: ffffffff %l6: 00000000 %l7: 00000000
%i0: 00000000 %i1: 00000000 %i2: 00000000 %i3: 00000000
%i4: 00000000 %i5: 00000000 %i6: 00000000 %i7: 00000000
Floating Point Registers:
%f00: 000000002.890625 inf -inf 000000000.000000
%f04: 000000002.890625 000000000.000000 000000002.890625 000000000.000000
%f08: 000000003.390625 000000000.000000 000000002.250000 000000000.000000
%f12: 000000002.890625 000000000.000000 000000002.312500 000000000.000000
%f16: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
%f20: 000000002.718750 000000000.000000 000000002.562500 000000000.000000
%f24: 000000002.890625 000000000.000000 000000002.968750 000000000.000000
%f28: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
psr: 0x41000000 -> ---- --- wim: 0x00000002
fsr: 0x0f884010
Aborted
$$$$$ WARNING : No Keyboard Detected! $$$$$
MMU Context Table Reg Test
MMU Context Register Test
MMU TLB Replace Reg Test
MMU Sync Fault Stat Reg Test
MMU Sync Fault Addr Reg Test
MMU TLB/CAM NTA Pattern Test
ERROR : Address = 000000f8, exp = 07ffffdc, obs = 00000000, xor = 07ffffdc
ERROR : Address = 000000fc, exp = ffffffff, obs = 00000000, xor = ffffffff
D-Cache RAM NTA Test
ERROR : Address = 000007fc, exp = ffffffff, obs = 00000000, xor = ffffffff
D-Cache TAG NTA Test
ERROR : Address = 000007f0, exp = 07fff801, obs = 00000000, xor = 07fff801
I-Cache RAM NTA Test
ERROR : Address = 00000ffc, exp = ffffffff, obs = 00000000, xor = ffffffff
I-Cache TAG NTA Test
ERROR : Address = 00000fe0, exp = 07fff001, obs = 00000000, xor = 07fff001
FPU Register File Test
FPU Misaligned Reg Pair Test
FPU Single-precision Tests
FPU Double-precision Tests
FPU SP Invalid CEXC Test
ERROR : Unexpected Synchronous Trap Taken, Trap Type = 00000008, PSR = 414010c4, PC = 70002d8c, TBR = 00000080
STATUS : Entering scope loop .... Press key to Abort!qemu: fatal: Trap 0x03 while interrupts disabled, Error state
pc: 0000217c npc: 00002d68
General Registers:
%g0: 00000000 %g1: 00002d68 %g2: 00005555 %g3: 00000001
%g4: 00000002 %g5: 00000000 %g6: 00000000 %g7: 00000000
Current Register Window:
%o0: 00000000 %o1: 00000999 %o2: 00000000 %o3: 00000000
%o4: 00000000 %o5: 00000000 %o6: 0001fba0 %o7: 7000971c
%l0: 0002fff8 %l1: 00000000 %l2: 00000000 %l3: 00000000
%l4: 00000000 %l5: ffffffff %l6: 00000000 %l7: 00000000
%i0: 00000000 %i1: 00000000 %i2: 00000000 %i3: 00000000
%i4: 00000000 %i5: 00000000 %i6: 00000000 %i7: 00000000
Floating Point Registers:
%f00: 000000002.890625 inf -inf 000000000.000000
%f04: 000000002.890625 000000000.000000 000000002.890625 000000000.000000
%f08: 000000003.390625 000000000.000000 000000002.250000 000000000.000000
%f12: 000000002.890625 000000000.000000 000000002.312500 000000000.000000
%f16: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
%f20: 000000002.718750 000000000.000000 000000002.562500 000000000.000000
%f24: 000000002.890625 000000000.000000 000000002.968750 000000000.000000
%f28: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
psr: 0x41000000 -> ---- --- wim: 0x00000002
fsr: 0x0f884010
Aborted
Subscribe to:
Posts (Atom)
