[Qemu-devel] Darwin/Mac OS X Port

[Qemu-devel] Darwin/Mac OS X Port

[Pierre d'Herbemont]

[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

Hi all!

I finally made the dyngen tool mach-o compatible. But it is still not  
working, when I do:
i386-softmmu/qemu /path/to/linux.img -d
I get two block of instructions translated, but it ends in a SIGBUS  
with the following backtrace:

#0  0x00013ba4 in cpu_x86_exec (env1=0x1d) at  
/Users/steg/Documents/Programmation/System/Wine/Related/qemu/exec- 
all.h:275
#1  0x00006050 in main_loop (opaque=0x1d) at  
/Users/steg/Documents/Programmation/System/Wine/Related/qemu/vl.c:3161
#2  0x00006050 in main_loop (opaque=0x1d) at  
/Users/steg/Documents/Programmation/System/Wine/Related/qemu/vl.c:3161
#3  0x00006f98 in main (argc=983040, argv=0x206140) at  
/Users/steg/Documents/Programmation/System/Wine/Related/qemu/vl.c:3760
(To this email is attached the log output)

[-- Attachment #2: qemu.log --]
[-- Type: application/octet-stream, Size: 2871 bytes --]

EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------]    CPL=0 II=0
ES =0000 00000000 0000ffff 00000000
CS =f000 000f0000 0000ffff 00000000
SS =0000 00000000 0000ffff 00000000
DS =0000 00000000 0000ffff 00000000
FS =0000 00000000 0000ffff 00000000
GS =0000 00000000 0000ffff 00000000
LDT=0000 00000000 0000ffff 00008000
TR =0000 00000000 0000ffff 00008000
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
CCS=00000000 CCD=00000000 CCO=EFLAGS  
----------------
IN: 
0x000ffff0:  ljmp   0xf000,0xe05b

AFTER FLAGS OPT:
0x0000: movl_T0_im 0xf000
0x0001: movl_T1_im 0xe05b
0x0002: movl_seg_T0_vm 0xb0
0x0003: movl_T0_T1
0x0004: jmp_T0
0x0005: movl_T0_0
0x0006: exit_tb
0x0007: end

Trace 0x00206100 [0x000ffff0] 
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=00000000 EFL=00000002 [-------]    CPL=0 II=0
ES =0000 00000000 0000ffff 00000000
CS =f000 000f0000 0000ffff 00000000
SS =0000 00000000 0000ffff 00000000
DS =0000 00000000 0000ffff 00000000
FS =0000 00000000 0000ffff 00000000
GS =0000 00000000 0000ffff 00000000
LDT=0000 00000000 0000ffff 00008000
TR =0000 00000000 0000ffff 00008000
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
CCS=00000000 CCD=00000000 CCO=EFLAGS  
----------------
IN: 
0x000f0000:  pushw  %bp
0x000f0001:  movw   %sp,%bp
0x000f0003:  pushw  %ax
0x000f0004:  pushw  %cx
0x000f0005:  pushw  %es
0x000f0006:  pushw  %di
0x000f0007:  movw   0xa(bp),%cx
0x000f000a:  cmpw   $0x0,%cx
0x000f000d:  je     0xf001f

AFTER FLAGS OPT:
0x0000: movl_T0_EBP
0x0001: movl_A0_ESP
0x0002: subl_A0_2
0x0003: andl_A0_ffff
0x0004: movl_T1_A0
0x0005: addl_A0_SS
0x0006: stw_kernel_T0_A0
0x0007: movw_ESP_T1
0x0008: movl_T0_ESP
0x0009: movw_EBP_T0
0x000a: movl_T0_EAX
0x000b: movl_A0_ESP
0x000c: subl_A0_2
0x000d: andl_A0_ffff
0x000e: movl_T1_A0
0x000f: addl_A0_SS
0x0010: stw_kernel_T0_A0
0x0011: movw_ESP_T1
0x0012: movl_T0_ECX
0x0013: movl_A0_ESP
0x0014: subl_A0_2
0x0015: andl_A0_ffff
0x0016: movl_T1_A0
0x0017: addl_A0_SS
0x0018: stw_kernel_T0_A0
0x0019: movw_ESP_T1
0x001a: movl_T0_seg 0x0
0x001b: movl_A0_ESP
0x001c: subl_A0_2
0x001d: andl_A0_ffff
0x001e: movl_T1_A0
0x001f: addl_A0_SS
0x0020: stw_kernel_T0_A0
0x0021: movw_ESP_T1
0x0022: movl_T0_EDI
0x0023: movl_A0_ESP
0x0024: subl_A0_2
0x0025: andl_A0_ffff
0x0026: movl_T1_A0
0x0027: addl_A0_SS
0x0028: stw_kernel_T0_A0
0x0029: movw_ESP_T1
0x002a: movl_A0_EBP
0x002b: addl_A0_im 0xa
0x002c: andl_A0_ffff
0x002d: addl_A0_seg 0xc4
0x002e: lduw_kernel_T0_A0
0x002f: movw_ECX_T0
0x0030: movl_T1_im 0x0
0x0031: movl_T0_ECX
0x0032: cmpl_T0_T1_cc
0x0033: set_cc_op 0xc
0x0034: jz_subw 0x848184 0x1f 0xf
0x0035: end

Trace 0x00206140 [0x000f0000] 

[-- Attachment #3: Type: text/plain, Size: 454 bytes --]



I was wondering if the usage of qemu was correct. Can someone point me 
to the right direction on how to debug qemu and/or give me some help on 
this issue.

Here is a patch to make qemu build on Darwin. It is not cleaned enough 
to be integrated in CVS as is, but it will be soon. Also configure 
doesn't work properly so you'll have to edit configure output by hands 
on Darwin.
http://www.opendarwin.org/~pidherbemont/qemu.diff.txt

Thanks,

Pierre

Re: [Qemu-devel] Darwin/Mac OS X Port

[Karel Gardas]

On Thu, 19 Feb 2004, Pierre d'Herbemont wrote:

> Hi all!
>
> I finally made the dyngen tool mach-o compatible. But it is still not
> working, when I do:
> i386-softmmu/qemu /path/to/linux.img -d
> I get two block of instructions translated, but it ends in a SIGBUS
> with the following backtrace:
>

Sorry, I'm completely begginer in using Qemu, but it looks like you have
not (qemu have not) translated x86 instructions into the ppc instructions.
At least when I do the oposite and use ppc linux binary and translate to
x86 linux calls the debug will looks like the output below, so in this
comparison your output is missing ``OUT:'' section...

If I'm wrong, please correct me, I would also like to know how to debug
Qemu better.

Cheers,

Karel
--
Karel Gardas                  kgardas@objectsecurity.com
ObjectSecurity Ltd.           http://www.objectsecurity.com


start    end      size     prot
10000000-1006d000 0006d000 r-x
1007c000-1007f000 00003000 rwx
4015b000-401db000 00080000 rw-
401db000-401dc000 00001000 ---
start_brk   0x1007e8c4
end_code    0x1007dcd0
start_code  0x10000000
end_data    0x1007dcd0
start_stack 0x401da5c0
brk         0x1007e8c4
entry       0x100000e0
----------------
nip=0x100000e0 super=0 ir=0
translate opcode 7c290b78 (1f 1c 0d)
----------------
nip=0x100000e4 super=0 ir=0
translate opcode 54210036 (15 1b 00)
----------------
nip=0x100000e8 super=0 ir=0
translate opcode 38000000 (0e 00 00)
----------------
nip=0x100000ec super=0 ir=0
translate opcode 9421fff0 (25 18 1f)
----------------
nip=0x100000f0 super=0 ir=0
translate opcode 7c0803a6 (1f 13 0e)
----------------
nip=0x100000f4 super=0 ir=0
translate opcode 90010000 (24 00 00)
----------------
nip=0x100000f8 super=0 ir=0
translate opcode 3d001006 (0f 03 00)
----------------
nip=0x100000fc super=0 ir=0
translate opcode 85a893e8 (21 14 0f)
----------------
nip=0x10000100 super=0 ir=0
translate opcode 480001b8 (12 1c 06)
---------------- excp: 0108
nip=0x100000e0 LR=0x00000000 CTR=0x00000000 XER=0x00000000 MSR=0x00004000
GPR00: 00000000 401da5c0 00000000 00000001 401da5c4 401da5cc 00000000 00000000
GPR08: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
GPR24: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
CR: 0x00000000  [ -  -  -  -  -  -  -  -  ] TB: 0x00000000 00000000
FPR00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
SRR0 0x00000000 SRR1 0x00000000
reservation 0x00000000
IN: _start
0x100000e0:  mr	r9,r1
0x100000e4:  rlwinm	r1,r1,0,0,27
0x100000e8:  li	r0,0
0x100000ec:  stwu	r1,-16(r1)
0x100000f0:  mtlr	r0
0x100000f4:  stw	r0,0(r1)
0x100000f8:  lis	r8,4102
0x100000fc:  lwzu	r13,-27672(r8)
0x10000100:  b	100002B8

OP:
0x0000: load_gpr_T0_gpr1
0x0001: store_T0_gpr_gpr9
0x0002: load_gpr_T0_gpr1
0x0003: andi_ 0xfffffff0
0x0004: store_T0_gpr_gpr1
0x0005: set_T0 0x0
0x0006: store_T0_gpr_gpr0
0x0007: load_gpr_T0_gpr1
0x0008: addi 0xfffffff0
0x0009: load_gpr_T1_gpr1
0x000a: stw_raw
0x000b: store_T0_gpr_gpr1
0x000c: load_gpr_T0_gpr0
0x000d: andi_ 0xfffffffc
0x000e: store_lr
0x000f: load_gpr_T0_gpr1
0x0010: load_gpr_T1_gpr0
0x0011: stw_raw
0x0012: set_T0 0x10060000
0x0013: store_T0_gpr_gpr8
0x0014: load_gpr_T0_gpr8
0x0015: addi 0xffff93e8
0x0016: lwz_raw
0x0017: store_T1_gpr_gpr13
0x0018: store_T0_gpr_gpr8
0x0019: update_tb 0x9
0x001a: update_decr 0x9
0x001b: process_exceptions 0x10000100
0x001c: b 0x100002b8
0x001d: set_T0 0x0
0x001e: exit_tb
0x001f: end

OUT: [size=312]
0x80952500:  movl   0x4(%ebp),%ebx
0x80952503:  movl   %ebx,0x24(%ebp)
0x80952506:  movl   0x4(%ebp),%ebx
0x80952509:  andl   $0xfffffff0,%ebx
0x8095250f:  movl   %ebx,0x4(%ebp)
0x80952512:  movl   $0x0,%ebx
0x80952517:  movl   %ebx,0x0(%ebp)
0x8095251a:  movl   0x4(%ebp),%ebx
0x8095251d:  addl   $0xfffffff0,%ebx
0x80952523:  movl   0x4(%ebp),%esi
0x80952526:  movl   %esi,%eax
0x80952528:  movl   %esi,%edx
0x8095252a:  sarl   $0x18,%eax
0x8095252d:  movb   %al,(%ebx)
0x8095252f:  movl   %esi,%eax
0x80952531:  sarl   $0x10,%eax
0x80952534:  movb   %al,0x1(%ebx)
0x80952537:  movl   %esi,%eax
0x80952539:  sarl   $0x8,%eax
0x8095253c:  movb   %al,0x2(%ebx)
0x8095253f:  movb   %dl,0x3(%ebx)
0x80952542:  movl   %ebx,0x4(%ebp)
0x80952545:  movl   0x0(%ebp),%ebx
0x80952548:  andl   $0xfffffffc,%ebx
0x8095254e:  movl   %ebx,0x200(%ebp)
0x80952554:  movl   0x4(%ebp),%ebx
0x80952557:  movl   0x0(%ebp),%esi
0x8095255a:  movl   %esi,%eax
0x8095255c:  movl   %esi,%edx
0x8095255e:  sarl   $0x18,%eax
0x80952561:  movb   %al,(%ebx)
0x80952563:  movl   %esi,%eax
0x80952565:  sarl   $0x10,%eax
0x80952568:  movb   %al,0x1(%ebx)
0x8095256b:  movl   %esi,%eax
0x8095256d:  sarl   $0x8,%eax
0x80952570:  movb   %al,0x2(%ebx)
0x80952573:  movb   %dl,0x3(%ebx)
0x80952576:  movl   $0x10060000,%ebx
0x8095257b:  movl   %ebx,0x20(%ebp)
0x8095257e:  movl   0x20(%ebp),%ebx
0x80952581:  addl   $0xffff93e8,%ebx
0x80952587:  movzbl (%ebx),%edx
0x8095258a:  movzbl 0x1(%ebx),%eax
0x8095258e:  shll   $0x18,%edx
0x80952591:  shll   $0x10,%eax
0x80952594:  orl    %eax,%edx
0x80952596:  movzbl 0x2(%ebx),%eax
0x8095259a:  shll   $0x8,%eax
0x8095259d:  orl    %eax,%edx
0x8095259f:  movzbl 0x3(%ebx),%eax
0x809525a3:  movl   %edx,%esi
0x809525a5:  orl    %eax,%esi
0x809525a7:  movl   %esi,0x34(%ebp)
0x809525aa:  movl   %ebx,0x20(%ebp)
0x809525ad:  movl   0x208(%ebp),%ebx
0x809525b3:  movl   %ebx,%esi
0x809525b5:  leal   0x9(%ebx),%eax
0x809525bb:  cmpl   %esi,%eax
0x809525bd:  movl   %eax,%ebx
0x809525bf:  jae    0xffffffff809525d0
0x809525c1:  movl   0x20c(%ebp),%eax
0x809525c7:  incl   %eax
0x809525c8:  movl   %eax,%esi
0x809525ca:  movl   %eax,0x20c(%ebp)
0x809525d0:  movl   %ebx,0x208(%ebp)
0x809525d6:  subl   $0x4,%esp
0x809525d9:  movl   0x210(%ebp),%ebx
0x809525df:  movl   %ebx,%esi
0x809525e1:  movl   %ebx,%eax
0x809525e3:  subl   $0x9,%eax
0x809525e8:  cmpl   $0x9,%esi
0x809525ee:  movl   %eax,0x210(%ebp)
0x809525f4:  movl   %eax,%ebx
0x809525f6:  jae    0xffffffff80952606
0x809525f8:  movl   $0x9,(%esp,1)
0x809525ff:  call   0xffffffff8003eca0
0x80952604:  movl   %esi,%esi
0x80952606:  popl   %eax
0x80952607:  movl   0x1358(%ebp),%eax
0x8095260d:  testl  %eax,%eax
0x8095260f:  je     0xffffffff80952627
0x80952611:  movl   $0x10000100,%ecx
0x80952616:  movl   %ecx,0x1fc(%ebp)
0x8095261c:  call   0xffffffff8003ecc0
0x80952621:  leal   0x0(%esi),%esi
0x80952627:  movl   $0x100002b8,%eax
0x8095262c:  movl   %eax,0x1fc(%ebp)
0x80952632:  movl   $0x0,%ebx
0x80952637:  ret

----------------
nip=0x100002b8 super=0 ir=0
translate opcode 9421ffd0 (25 08 1f)
----------------
nip=0x100002bc super=0 ir=0
translate opcode 7c0802a6 (1f 13 0a)
----------------
nip=0x100002c0 super=0 ir=0
translate opcode 93210014 (24 0a 00)
----------------
nip=0x100002c4 super=0 ir=0
translate opcode 93410018 (24 0c 00)
----------------
nip=0x100002c8 super=0 ir=0
translate opcode 9361001c (24 0e 00)
----------------
nip=0x100002cc super=0 ir=0
translate opcode 93810020 (24 10 00)
----------------
nip=0x100002d0 super=0 ir=0
translate opcode 93a10024 (24 12 00)
----------------
nip=0x100002d4 super=0 ir=0
translate opcode 93c10028 (24 14 00)
----------------
nip=0x100002d8 super=0 ir=0
translate opcode 93e1002c (24 16 00)
----------------
nip=0x100002dc super=0 ir=0
translate opcode 90010034 (24 1a 00)
----------------
nip=0x100002e0 super=0 ir=0
translate opcode 7c791b78 (1f 1c 0d)
----------------
nip=0x100002e4 super=0 ir=0
translate opcode 7c9b2378 (1f 1c 0d)
----------------
nip=0x100002e8 super=0 ir=0
translate opcode 7cbf2b78 (1f 1c 0d)
----------------
nip=0x100002ec super=0 ir=0
translate opcode 7cdc3378 (1f 1c 0d)
----------------
nip=0x100002f0 super=0 ir=0
translate opcode 7cfd3b78 (1f 1c 0d)
----------------
nip=0x100002f4 super=0 ir=0
translate opcode 7d1a4378 (1f 1c 0d)
----------------
nip=0x100002f8 super=0 ir=0
translate opcode 7d3e4b78 (1f 1c 0d)
----------------
nip=0x100002fc super=0 ir=0
translate opcode 3d201008 (0f 04 00)
----------------
nip=0x10000300 super=0 ir=0
translate opcode 3809dc7c (0e 1e 11)
----------------
nip=0x10000304 super=0 ir=0
translate opcode 39600000 (0e 00 00)
----------------
nip=0x10000308 super=0 ir=0
translate opcode 2c000000 (0b 00 00)
----------------
nip=0x1000030c super=0 ir=0
translate opcode 41820014 (10 0a 00)
---------------- excp: 0108
nip=0x100002b8 LR=0x00000000 CTR=0x00000000 XER=0x00000000 MSR=0x00004000
GPR00: 00000000 401da5b0 00000000 00000001 401da5c4 401da5cc 00000000 00000000
GPR08: 100593e8 401da5c0 00000000 00000000 00000000 10085c48 00000000 00000000
GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
GPR24: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
CR: 0x00000000  [ -  -  -  -  -  -  -  -  ] TB: 0x00000000 00000009
FPR00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
SRR0 0x00000000 SRR1 0x00000000
reservation 0x00000000
IN: __libc_start_main
0x100002b8:  stwu	r1,-48(r1)
0x100002bc:  mflr	r0
0x100002c0:  stw	r25,20(r1)
0x100002c4:  stw	r26,24(r1)
0x100002c8:  stw	r27,28(r1)
0x100002cc:  stw	r28,32(r1)
0x100002d0:  stw	r29,36(r1)
0x100002d4:  stw	r30,40(r1)
0x100002d8:  stw	r31,44(r1)
0x100002dc:  stw	r0,52(r1)
0x100002e0:  mr	r25,r3
0x100002e4:  mr	r27,r4
0x100002e8:  mr	r31,r5
0x100002ec:  mr	r28,r6
0x100002f0:  mr	r29,r7
0x100002f4:  mr	r26,r8
0x100002f8:  mr	r30,r9
0x100002fc:  lis	r9,4104
0x10000300:  addi	r0,r9,-9092
0x10000304:  li	r11,0
0x10000308:  cmpwi	r0,0
0x1000030c:  beq	10000320

OP:
0x0000: load_gpr_T0_gpr1
0x0001: addi 0xffffffd0
0x0002: load_gpr_T1_gpr1
0x0003: stw_raw
0x0004: store_T0_gpr_gpr1
0x0005: load_lr
0x0006: store_T0_gpr_gpr0
0x0007: load_gpr_T0_gpr1
0x0008: addi 0x14
0x0009: load_gpr_T1_gpr25
0x000a: stw_raw
0x000b: load_gpr_T0_gpr1
0x000c: addi 0x18
0x000d: load_gpr_T1_gpr26
0x000e: stw_raw
0x000f: load_gpr_T0_gpr1
0x0010: addi 0x1c
0x0011: load_gpr_T1_gpr27
0x0012: stw_raw
0x0013: load_gpr_T0_gpr1
0x0014: addi 0x20
0x0015: load_gpr_T1_gpr28
0x0016: stw_raw
0x0017: load_gpr_T0_gpr1
0x0018: addi 0x24
0x0019: load_gpr_T1_gpr29
0x001a: stw_raw
0x001b: load_gpr_T0_gpr1
0x001c: addi 0x28
0x001d: load_gpr_T1_gpr30
0x001e: stw_raw
0x001f: load_gpr_T0_gpr1
0x0020: addi 0x2c
0x0021: load_gpr_T1_gpr31
0x0022: stw_raw
0x0023: load_gpr_T0_gpr1
0x0024: addi 0x34
0x0025: load_gpr_T1_gpr0
0x0026: stw_raw
0x0027: load_gpr_T0_gpr3
0x0028: store_T0_gpr_gpr25
0x0029: load_gpr_T0_gpr4
0x002a: store_T0_gpr_gpr27
0x002b: load_gpr_T0_gpr5
0x002c: store_T0_gpr_gpr31
0x002d: load_gpr_T0_gpr6
0x002e: store_T0_gpr_gpr28
0x002f: load_gpr_T0_gpr7
0x0030: store_T0_gpr_gpr29
0x0031: load_gpr_T0_gpr8
0x0032: store_T0_gpr_gpr26
0x0033: load_gpr_T0_gpr9
0x0034: store_T0_gpr_gpr30
0x0035: set_T0 0x10080000
0x0036: store_T0_gpr_gpr9
0x0037: load_gpr_T0_gpr9
0x0038: addi 0xffffdc7c
0x0039: store_T0_gpr_gpr0
0x003a: set_T0 0x0
0x003b: store_T0_gpr_gpr11
0x003c: load_gpr_T0_gpr0
0x003d: cmpi 0x0
0x003e: store_T0_crf_crf0
0x003f: update_tb 0x16
0x0040: update_decr 0x16
0x0041: process_exceptions 0x1000030c
0x0042: load_crf_T0_crf0
0x0043: b_true 0x10000310 0x10000320 0x2
0x0044: set_T0 0x0
0x0045: exit_tb
0x0046: end

OUT: [size=644]
0x80952640:  movl   0x4(%ebp),%ebx
0x80952643:  addl   $0xffffffd0,%ebx
0x80952649:  movl   0x4(%ebp),%esi
0x8095264c:  movl   %esi,%eax
0x8095264e:  movl   %esi,%edx
0x80952650:  sarl   $0x18,%eax
0x80952653:  movb   %al,(%ebx)
0x80952655:  movl   %esi,%eax
0x80952657:  sarl   $0x10,%eax
0x8095265a:  movb   %al,0x1(%ebx)
0x8095265d:  movl   %esi,%eax
0x8095265f:  sarl   $0x8,%eax
0x80952662:  movb   %al,0x2(%ebx)
0x80952665:  movb   %dl,0x3(%ebx)
0x80952668:  movl   %ebx,0x4(%ebp)
0x8095266b:  movl   0x200(%ebp),%ebx
0x80952671:  movl   %ebx,0x0(%ebp)
0x80952674:  movl   0x4(%ebp),%ebx
0x80952677:  addl   $0x14,%ebx
0x8095267d:  movl   0x64(%ebp),%esi
0x80952680:  movl   %esi,%eax
0x80952682:  movl   %esi,%edx
0x80952684:  sarl   $0x18,%eax
0x80952687:  movb   %al,(%ebx)
0x80952689:  movl   %esi,%eax
0x8095268b:  sarl   $0x10,%eax
0x8095268e:  movb   %al,0x1(%ebx)
0x80952691:  movl   %esi,%eax
0x80952693:  sarl   $0x8,%eax
0x80952696:  movb   %al,0x2(%ebx)
0x80952699:  movb   %dl,0x3(%ebx)
0x8095269c:  movl   0x4(%ebp),%ebx
0x8095269f:  addl   $0x18,%ebx
0x809526a5:  movl   0x68(%ebp),%esi
0x809526a8:  movl   %esi,%eax
0x809526aa:  movl   %esi,%edx
0x809526ac:  sarl   $0x18,%eax
0x809526af:  movb   %al,(%ebx)
0x809526b1:  movl   %esi,%eax
0x809526b3:  sarl   $0x10,%eax
0x809526b6:  movb   %al,0x1(%ebx)
0x809526b9:  movl   %esi,%eax
0x809526bb:  sarl   $0x8,%eax
0x809526be:  movb   %al,0x2(%ebx)
0x809526c1:  movb   %dl,0x3(%ebx)
0x809526c4:  movl   0x4(%ebp),%ebx
0x809526c7:  addl   $0x1c,%ebx
0x809526cd:  movl   0x6c(%ebp),%esi
0x809526d0:  movl   %esi,%eax
0x809526d2:  movl   %esi,%edx
0x809526d4:  sarl   $0x18,%eax
0x809526d7:  movb   %al,(%ebx)
0x809526d9:  movl   %esi,%eax
0x809526db:  sarl   $0x10,%eax
0x809526de:  movb   %al,0x1(%ebx)
0x809526e1:  movl   %esi,%eax
0x809526e3:  sarl   $0x8,%eax
0x809526e6:  movb   %al,0x2(%ebx)
0x809526e9:  movb   %dl,0x3(%ebx)
0x809526ec:  movl   0x4(%ebp),%ebx
0x809526ef:  addl   $0x20,%ebx
0x809526f5:  movl   0x70(%ebp),%esi
0x809526f8:  movl   %esi,%eax
0x809526fa:  movl   %esi,%edx
0x809526fc:  sarl   $0x18,%eax
0x809526ff:  movb   %al,(%ebx)
0x80952701:  movl   %esi,%eax
0x80952703:  sarl   $0x10,%eax
0x80952706:  movb   %al,0x1(%ebx)
0x80952709:  movl   %esi,%eax
0x8095270b:  sarl   $0x8,%eax
0x8095270e:  movb   %al,0x2(%ebx)
0x80952711:  movb   %dl,0x3(%ebx)
0x80952714:  movl   0x4(%ebp),%ebx
0x80952717:  addl   $0x24,%ebx
0x8095271d:  movl   0x74(%ebp),%esi
0x80952720:  movl   %esi,%eax
0x80952722:  movl   %esi,%edx
0x80952724:  sarl   $0x18,%eax
0x80952727:  movb   %al,(%ebx)
0x80952729:  movl   %esi,%eax
0x8095272b:  sarl   $0x10,%eax
0x8095272e:  movb   %al,0x1(%ebx)
0x80952731:  movl   %esi,%eax
0x80952733:  sarl   $0x8,%eax
0x80952736:  movb   %al,0x2(%ebx)
0x80952739:  movb   %dl,0x3(%ebx)
0x8095273c:  movl   0x4(%ebp),%ebx
0x8095273f:  addl   $0x28,%ebx
0x80952745:  movl   0x78(%ebp),%esi
0x80952748:  movl   %esi,%eax
0x8095274a:  movl   %esi,%edx
0x8095274c:  sarl   $0x18,%eax
0x8095274f:  movb   %al,(%ebx)
0x80952751:  movl   %esi,%eax
0x80952753:  sarl   $0x10,%eax
0x80952756:  movb   %al,0x1(%ebx)
0x80952759:  movl   %esi,%eax
0x8095275b:  sarl   $0x8,%eax
0x8095275e:  movb   %al,0x2(%ebx)
0x80952761:  movb   %dl,0x3(%ebx)
0x80952764:  movl   0x4(%ebp),%ebx
0x80952767:  addl   $0x2c,%ebx
0x8095276d:  movl   0x7c(%ebp),%esi
0x80952770:  movl   %esi,%eax
0x80952772:  movl   %esi,%edx
0x80952774:  sarl   $0x18,%eax
0x80952777:  movb   %al,(%ebx)
0x80952779:  movl   %esi,%eax
0x8095277b:  sarl   $0x10,%eax
0x8095277e:  movb   %al,0x1(%ebx)
0x80952781:  movl   %esi,%eax
0x80952783:  sarl   $0x8,%eax
0x80952786:  movb   %al,0x2(%ebx)
0x80952789:  movb   %dl,0x3(%ebx)
0x8095278c:  movl   0x4(%ebp),%ebx
0x8095278f:  addl   $0x34,%ebx
0x80952795:  movl   0x0(%ebp),%esi
0x80952798:  movl   %esi,%eax
0x8095279a:  movl   %esi,%edx
0x8095279c:  sarl   $0x18,%eax
0x8095279f:  movb   %al,(%ebx)
0x809527a1:  movl   %esi,%eax
0x809527a3:  sarl   $0x10,%eax
0x809527a6:  movb   %al,0x1(%ebx)
0x809527a9:  movl   %esi,%eax
0x809527ab:  sarl   $0x8,%eax
0x809527ae:  movb   %al,0x2(%ebx)
0x809527b1:  movb   %dl,0x3(%ebx)
0x809527b4:  movl   0xc(%ebp),%ebx
0x809527b7:  movl   %ebx,0x64(%ebp)
0x809527ba:  movl   0x10(%ebp),%ebx
0x809527bd:  movl   %ebx,0x6c(%ebp)
0x809527c0:  movl   0x14(%ebp),%ebx
0x809527c3:  movl   %ebx,0x7c(%ebp)
0x809527c6:  movl   0x18(%ebp),%ebx
0x809527c9:  movl   %ebx,0x70(%ebp)
0x809527cc:  movl   0x1c(%ebp),%ebx
0x809527cf:  movl   %ebx,0x74(%ebp)
0x809527d2:  movl   0x20(%ebp),%ebx
0x809527d5:  movl   %ebx,0x68(%ebp)
0x809527d8:  movl   0x24(%ebp),%ebx
0x809527db:  movl   %ebx,0x78(%ebp)
0x809527de:  movl   $0x10080000,%ebx
0x809527e3:  movl   %ebx,0x24(%ebp)
0x809527e6:  movl   0x24(%ebp),%ebx
0x809527e9:  addl   $0xffffdc7c,%ebx
0x809527ef:  movl   %ebx,0x0(%ebp)
0x809527f2:  movl   $0x0,%ebx
0x809527f7:  movl   %ebx,0x2c(%ebp)
0x809527fa:  movl   0x0(%ebp),%ebx
0x809527fd:  cmpl   $0x0,%ebx
0x80952803:  jnl    0xffffffff8095280d
0x80952805:  movl   $0x8,%ebx
0x8095280a:  jmp    0xffffffff8095281c
0x8095280c:  nop
0x8095280d:  xorl   %eax,%eax
0x8095280f:  cmpl   $0x0,%ebx
0x80952815:  setg   %al
0x80952818:  leal   0x2(%eax,%eax,1),%ebx
0x8095281c:  movb   %bl,0x1ec(%ebp)
0x80952822:  movl   0x208(%ebp),%ebx
0x80952828:  movl   %ebx,%esi
0x8095282a:  leal   0x16(%ebx),%eax
0x80952830:  cmpl   %esi,%eax
0x80952832:  movl   %eax,%ebx
0x80952834:  jae    0xffffffff80952845
0x80952836:  movl   0x20c(%ebp),%eax
0x8095283c:  incl   %eax
0x8095283d:  movl   %eax,%esi
0x8095283f:  movl   %eax,0x20c(%ebp)
0x80952845:  movl   %ebx,0x208(%ebp)
0x8095284b:  subl   $0x4,%esp
0x8095284e:  movl   0x210(%ebp),%ebx
0x80952854:  movl   %ebx,%esi
0x80952856:  movl   %ebx,%eax
0x80952858:  subl   $0x16,%eax
0x8095285d:  cmpl   $0x16,%esi
0x80952863:  movl   %eax,0x210(%ebp)
0x80952869:  movl   %eax,%ebx
0x8095286b:  jae    0xffffffff8095287b
0x8095286d:  movl   $0x9,(%esp,1)
0x80952874:  call   0xffffffff8003eca0
0x80952879:  movl   %esi,%esi
0x8095287b:  popl   %eax
0x8095287c:  movl   0x1358(%ebp),%eax
0x80952882:  testl  %eax,%eax
0x80952884:  je     0xffffffff8095289c
0x80952886:  movl   $0x1000030c,%ecx
0x8095288b:  movl   %ecx,0x1fc(%ebp)
0x80952891:  call   0xffffffff8003ecc0
0x80952896:  leal   0x0(%esi),%esi
0x8095289c:  movzbl 0x1ec(%ebp),%ebx
0x809528a3:  testl  $0x2,%ebx
0x809528a9:  je     0xffffffff809528b3
0x809528ab:  movl   $0x10000320,%eax
0x809528b0:  jmp    0xffffffff809528b8
0x809528b2:  nop
0x809528b3:  movl   $0x10000310,%eax
0x809528b8:  movl   %eax,0x1fc(%ebp)
0x809528be:  movl   $0x0,%ebx
0x809528c3:  ret

[...snipped...]

Re: [Qemu-devel] Darwin/Mac OS X Port

[Pierre d'Herbemont]

On 19 févr. 04, at 13:06, Karel Gardas wrote:

> On Thu, 19 Feb 2004, Pierre d'Herbemont wrote:
>
>> Hi all!
>>
>> I finally made the dyngen tool mach-o compatible. But it is still not
>> working, when I do:
>> i386-softmmu/qemu /path/to/linux.img -d
>> I get two block of instructions translated, but it ends in a SIGBUS
>> with the following backtrace:
>>
>
> Sorry, I'm completely begginer in using Qemu, but it looks like you 
> have
> not (qemu have not) translated x86 instructions into the ppc 
> instructions.
> At least when I do the oposite and use ppc linux binary and translate 
> to
> x86 linux calls the debug will looks like the output below, so in this
> comparison your output is missing ``OUT:'' section...

weird... I did a step by step debug and I saw the ppc instructions, so 
there is something in the ouput but it seems to be not printed in the 
debug log. Is it normal? Maybe some specific debug flags I missed?

Thanks,

Pierre

Re: [Qemu-devel] Darwin/Mac OS X Port

[Karel Gardas]

On Thu, 19 Feb 2004, Pierre d'Herbemont wrote:

> > x86 linux calls the debug will looks like the output below, so in this
> > comparison your output is missing ``OUT:'' section...
>
> weird... I did a step by step debug and I saw the ppc instructions, so
> there is something in the ouput but it seems to be not printed in the
> debug log. Is it normal? Maybe some specific debug flags I missed?

I don't know but I used simple ``ppc-qemu -L <path> -d <app>'' -- so the
same flags as you have used...

Cheers,

Karel
--
Karel Gardas                  kgardas@objectsecurity.com
ObjectSecurity Ltd.           http://www.objectsecurity.com

Re: [Qemu-devel] Darwin/Mac OS X Port

[Johan Rydberg]

Karel Gardas <kgardas@objectsecurity.com> wrote:

::: Hi all!
::: I finally made the dyngen tool mach-o compatible. But it is still not  
::: working, when I do:
::: i386-softmmu/qemu /path/to/linux.img -d
 
: I don't know but I used simple ``ppc-qemu -L <path> -d <app>'' -- so the
: same flags as you have used...

I guess that arguments passed to QEMU itself must be put before the
application name, since otherwise they will be passed to the application
instead of to QEMU.

-- 
Johan Rydberg, Free Software Developer, Sweden
http://rtmk.sf.net | http://www.nongnu.org/guss/

Playing air - universal traveller

Re: [Qemu-devel] Darwin/Mac OS X Port

[Daniel J. Guinan]

I have been looking and tinkering with your OS X port and was not able  
to get any translation working until I fudged with a couple of things.   
The most important of those is in vl.c -> search for valloc() -> you  
will see an attempt to allocate *page_size x all memory* change it to  
*all memory* and you will be on your way.  Here is a log from my  
changes:

COMMAND LINE:  qemu -d -L ../pc-bios -nographic --kernel bzImage  
--append "console=ttyS0 root=/dev/hda sb=0x220,5,1,5 ide2=noprobe  
ide3=noprobe ide4=noprobe ide5=noprobe" linux.img

Load kernel at 0x2908000 (0x00100000)
Setup sectors=6
Reading : 512
Reading : 512
Reading : 512
Reading : 512
Reading : 512
Reading : 512
Opened kernel, size=747983
calling gen_func 0x2071f0
[0x3c4000b8]
[0x83029240]
[0x3c4000b8]
entering gen_func 0x2071f0
returning gen_func 0x2071f0
pic_set_irq: irq=0 level=1
pic0: imr=0 irr=1 padd=0
pic1: imr=0 irr=0 padd=0
pic: cpu_interrupt req=0
pic_set_irq: irq=0 level=0
pic0: imr=0 irr=1 padd=0
pic1: imr=0 irr=0 padd=0
pic: cpu_interrupt req=0
calling gen_func 0x207230
[0x7e589378]
[0x7e3a8b78]
[0x3b5afffe]
entering gen_func 0x207230
Illegal instruction

LOG FILE:

EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------]    CPL=0 II=0
ES =0000 00000000 0000ffff 00000000
CS =f000 000f0000 0000ffff 00000000
SS =0000 00000000 0000ffff 00000000
DS =0000 00000000 0000ffff 00000000
FS =0000 00000000 0000ffff 00000000
GS =0000 00000000 0000ffff 00000000
LDT=0000 00000000 0000ffff 00008000
TR =0000 00000000 0000ffff 00008000
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
CCS=00000000 CCD=00000000 CCO=EFLAGS
----------------
IN:
0x000ffff0:  ljmp   0xf000,0xe05b

AFTER FLAGS OPT:
0x0000: movl_T0_im 0xf000
0x0001: movl_T1_im 0xe05b
0x0002: movl_seg_T0_vm 0xb0
0x0003: movl_T0_T1
0x0004: jmp_T0
0x0005: movl_T0_0
0x0006: exit_tb
0x0007: end

OUT: [size=60]
0x002071f0:  lis        r2,184
0x002071f4:  lwz        r24,-28096(r2)
0x002071f8:  lis        r2,184
0x002071fc:  lwz        r25,-28096(r2)
0x00207200:  lis        r2,184
0x00207204:  clrlwi     r0,r24,16
0x00207208:  lwz        r2,-28096(r2)
0x0020720c:  mr r9,r27
0x00207210:  stwux      r0,r9,r2
0x00207214:  rlwinm     r0,r0,4,0,27
0x00207218:  stw        r0,4(r9)
0x0020721c:  mr r24,r25
0x00207220:  stw        r24,32(r27)
0x00207224:  li r24,0
0x00207228:  blr

Trace 0x002071f0 [0x000ffff0]
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=00000000 EFL=00000002 [-------]    CPL=0 II=0
ES =0000 00000000 0000ffff 00000000
CS =f000 000f0000 0000ffff 00000000
SS =0000 00000000 0000ffff 00000000
DS =0000 00000000 0000ffff 00000000
FS =0000 00000000 0000ffff 00000000
GS =0000 00000000 0000ffff 00000000
LDT=0000 00000000 0000ffff 00008000
TR =0000 00000000 0000ffff 00008000
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
CCS=00000000 CCD=00000000 CCO=EFLAGS
----------------
IN:
0x000f0000:  pushw  %bp
0x000f0001:  movw   %sp,%bp
0x000f0003:  pushw  %ax
0x000f0004:  pushw  %cx
0x000f0005:  pushw  %es
0x000f0006:  pushw  %di
0x000f0007:  movw   0xa(bp),%cx
0x000f000a:  cmpw   $0x0,%cx
0x000f000d:  je     0xf001f

AFTER FLAGS OPT:
0x0000: movl_T0_EBP
0x0001: movl_A0_ESP
0x0002: subl_A0_2
0x0003: andl_A0_ffff
0x0004: movl_T1_A0
0x0005: addl_A0_SS
0x0006: stw_kernel_T0_A0
0x0007: movw_ESP_T1
0x0008: movl_T0_ESP
0x0009: movw_EBP_T0
0x000a: movl_T0_EAX
0x000b: movl_A0_ESP
0x000c: subl_A0_2
0x000d: andl_A0_ffff
0x000e: movl_T1_A0
0x000f: addl_A0_SS
0x0010: stw_kernel_T0_A0
0x0011: movw_ESP_T1
0x0012: movl_T0_ECX
0x0013: movl_A0_ESP
0x0014: subl_A0_2
0x0015: andl_A0_ffff
0x0016: movl_T1_A0
0x0017: addl_A0_SS
0x0018: stw_kernel_T0_A0
0x0019: movw_ESP_T1
0x001a: movl_T0_seg 0x0
0x001b: movl_A0_ESP
0x001c: subl_A0_2
0x001d: andl_A0_ffff
0x001e: movl_T1_A0
0x001f: addl_A0_SS
0x0020: stw_kernel_T0_A0
0x0021: movw_ESP_T1
0x0022: movl_T0_EDI
0x0023: movl_A0_ESP
0x0024: subl_A0_2
0x0025: andl_A0_ffff
0x0026: movl_T1_A0
0x0027: addl_A0_SS
0x0028: stw_kernel_T0_A0
0x0029: movw_ESP_T1
0x002a: movl_A0_EBP
0x002b: addl_A0_im 0xa
0x002c: andl_A0_ffff
0x002d: addl_A0_seg 0xc4
0x002e: lduw_kernel_T0_A0
0x002f: movw_ECX_T0
0x0030: movl_T1_im 0x0
0x0031: movl_T0_ECX
0x0032: cmpl_T0_T1_cc
0x0033: set_cc_op 0xc
0x0034: jz_subw 0x849274 0x1f 0xf
0x0035: end

OUT: [size=840]
0x00207230:  mr r24,r18
0x00207234:  mr r26,r17
0x00207238:  addi       r26,r26,-2
0x0020723c:  clrlwi     r26,r26,16
0x00207240:  mr r25,r26
0x00207244:  lwz        r0,196(r27)
0x00207248:  add        r26,r26,r0
0x0020724c:  mflr       r0
0x00207250:  mr r3,r26
0x00207254:  stw        r0,8(r1)
0x00207258:  rlwinm     r0,r26,23,21,28
0x0020725c:  add        r9,r0,r27
0x00207260:  stwu       r1,-64(r1)
0x00207264:  lwz        r2,5288(r9)
0x00207268:  rlwinm     r0,r26,0,31,19
0x0020726c:  cmpw       cr7,r2,r0
0x00207270:  beq        cr7,00207284
0x00207274:  clrlwi     r4,r24,16
0x00207278:  li r5,0
0x0020727c:  bl 00045388
0x00207280:  b  00207290
0x00207284:  lwz        r2,5292(r9)
0x00207288:  add        r0,r26,r2
0x0020728c:  sthbrx     r24,r0,r0
0x00207290:  lwz        r0,72(r1)
0x00207294:  addi       r1,r1,64
0x00207298:  mtlr       r0
0x0020729c:  clrlwi     r0,r25,16
0x002072a0:  rlwimi     r17,r0,0,16,31
0x002072a4:  mr r24,r17
0x002072a8:  clrlwi     r0,r24,16
0x002072ac:  rlwimi     r18,r0,0,16,31
0x002072b0:  mr r24,r16
0x002072b4:  mr r26,r17
0x002072b8:  addi       r26,r26,-2
0x002072bc:  clrlwi     r26,r26,16
0x002072c0:  mr r25,r26
0x002072c4:  lwz        r0,196(r27)
0x002072c8:  add        r26,r26,r0
0x002072cc:  mflr       r0
0x002072d0:  mr r3,r26
0x002072d4:  stw        r0,8(r1)
0x002072d8:  rlwinm     r0,r26,23,21,28
0x002072dc:  add        r9,r0,r27
0x002072e0:  stwu       r1,-64(r1)
0x002072e4:  lwz        r2,5288(r9)
0x002072e8:  rlwinm     r0,r26,0,31,19
0x002072ec:  cmpw       cr7,r2,r0
0x002072f0:  beq        cr7,00207304
0x002072f4:  clrlwi     r4,r24,16
0x002072f8:  li r5,0
0x002072fc:  bl 00045388
0x00207300:  b  00207310
0x00207304:  lwz        r2,5292(r9)
0x00207308:  add        r0,r26,r2
0x0020730c:  sthbrx     r24,r0,r0
0x00207310:  lwz        r0,72(r1)
0x00207314:  addi       r1,r1,64
0x00207318:  mtlr       r0
0x0020731c:  clrlwi     r0,r25,16
0x00207320:  rlwimi     r17,r0,0,16,31
0x00207324:  mr r24,r19
0x00207328:  mr r26,r17
0x0020732c:  addi       r26,r26,-2
0x00207330:  clrlwi     r26,r26,16
0x00207334:  mr r25,r26
0x00207338:  lwz        r0,196(r27)
0x0020733c:  add        r26,r26,r0
0x00207340:  mflr       r0
0x00207344:  mr r3,r26
0x00207348:  stw        r0,8(r1)
0x0020734c:  rlwinm     r0,r26,23,21,28
0x00207350:  add        r9,r0,r27
0x00207354:  stwu       r1,-64(r1)
0x00207358:  lwz        r2,5288(r9)
0x0020735c:  rlwinm     r0,r26,0,31,19
0x00207360:  cmpw       cr7,r2,r0
0x00207364:  beq        cr7,00207378
0x00207368:  clrlwi     r4,r24,16
0x0020736c:  li r5,0
0x00207370:  bl 00045388
0x00207374:  b  00207384
0x00207378:  lwz        r2,5292(r9)
0x0020737c:  add        r0,r26,r2
0x00207380:  sthbrx     r24,r0,r0
0x00207384:  lwz        r0,72(r1)
0x00207388:  addi       r1,r1,64
0x0020738c:  mtlr       r0
0x00207390:  clrlwi     r0,r25,16
0x00207394:  rlwimi     r17,r0,0,16,31
0x00207398:  lis        r2,184
0x0020739c:  lwz        r2,-28096(r2)
0x002073a0:  rlwinm     r2,r2,4,0,27
0x002073a4:  add        r2,r2,r27
0x002073a8:  lwz        r24,160(r2)
0x002073ac:  mr r26,r17
0x002073b0:  addi       r26,r26,-2
0x002073b4:  clrlwi     r26,r26,16
0x002073b8:  mr r25,r26
0x002073bc:  lwz        r0,196(r27)
0x002073c0:  add        r26,r26,r0
0x002073c4:  mflr       r0
0x002073c8:  mr r3,r26
0x002073cc:  stw        r0,8(r1)
0x002073d0:  rlwinm     r0,r26,23,21,28
0x002073d4:  add        r9,r0,r27
0x002073d8:  stwu       r1,-64(r1)
0x002073dc:  lwz        r2,5288(r9)
0x002073e0:  rlwinm     r0,r26,0,31,19
0x002073e4:  cmpw       cr7,r2,r0
0x002073e8:  beq        cr7,002073FC
0x002073ec:  clrlwi     r4,r24,16
0x002073f0:  li r5,0
0x002073f4:  bl 00045388
0x002073f8:  b  00207408
0x002073fc:  lwz        r2,5292(r9)
0x00207400:  add        r0,r26,r2
0x00207404:  sthbrx     r24,r0,r0
0x00207408:  lwz        r0,72(r1)
0x0020740c:  addi       r1,r1,64
0x00207410:  mtlr       r0
0x00207414:  clrlwi     r0,r25,16
0x00207418:  rlwimi     r17,r0,0,16,31
0x0020741c:  mr r24,r23
0x00207420:  mr r26,r17
0x00207424:  addi       r26,r26,-2
0x00207428:  clrlwi     r26,r26,16
0x0020742c:  mr r25,r26
0x00207430:  lwz        r0,196(r27)
0x00207434:  add        r26,r26,r0
0x00207438:  mflr       r0
0x0020743c:  mr r3,r26
0x00207440:  stw        r0,8(r1)
0x00207444:  rlwinm     r0,r26,23,21,28
0x00207448:  add        r9,r0,r27
0x0020744c:  stwu       r1,-64(r1)
0x00207450:  lwz        r2,5288(r9)
0x00207454:  rlwinm     r0,r26,0,31,19
0x00207458:  cmpw       cr7,r2,r0
0x0020745c:  beq        cr7,00207470
0x00207460:  clrlwi     r4,r24,16
0x00207464:  li r5,0
0x00207468:  bl 00045388
0x0020746c:  b  0020747C
0x00207470:  lwz        r2,5292(r9)
0x00207474:  add        r0,r26,r2
0x00207478:  sthbrx     r24,r0,r0
0x0020747c:  lwz        r0,72(r1)
0x00207480:  addi       r1,r1,64
0x00207484:  mtlr       r0
0x00207488:  clrlwi     r0,r25,16
0x0020748c:  rlwimi     r17,r0,0,16,31
0x00207490:  mr r26,r18
0x00207494:  lis        r2,184
0x00207498:  lwz        r2,-28096(r2)
0x0020749c:  add        r26,r26,r2
0x002074a0:  clrlwi     r26,r26,16
0x002074a4:  lis        r2,184
0x002074a8:  lwz        r2,-28096(r2)
0x002074ac:  lwzx       r0,r27,r2
0x002074b0:  add        r26,r26,r0
0x002074b4:  mflr       r0
0x002074b8:  mr r3,r26
0x002074bc:  stw        r0,8(r1)
0x002074c0:  rlwinm     r0,r26,23,21,28
0x002074c4:  add        r9,r0,r27
0x002074c8:  stwu       r1,-64(r1)
0x002074cc:  lwz        r2,1192(r9)
0x002074d0:  rlwinm     r0,r26,0,31,19
0x002074d4:  cmpw       cr7,r2,r0
0x002074d8:  beq        cr7,002074E8
0x002074dc:  li r4,0
0x002074e0:  bl 0004517C
0x002074e4:  b  002074F4
0x002074e8:  lwz        r0,1196(r9)
0x002074ec:  add        r0,r26,r0
0x002074f0:  lhbrx      r3,r0,r0
0x002074f4:  lwz        r0,72(r1)
0x002074f8:  mr r24,r3
0x002074fc:  addi       r1,r1,64
0x00207500:  mtlr       r0
0x00207504:  clrlwi     r0,r24,16
0x00207508:  rlwimi     r19,r0,0,16,31
0x0020750c:  lis        r2,184
0x00207510:  lwz        r25,-28096(r2)
0x00207514:  mr r24,r19
0x00207518:  subf       r0,r25,r24
0x0020751c:  stw        r25,40(r27)
0x00207520:  stw        r0,44(r27)
0x00207524:  lis        r2,184
0x00207528:  lwz        r2,-28096(r2)
0x0020752c:  stw        r2,48(r27)
0x00207530:  lhz        r0,46(r27)
0x00207534:  cmpwi      cr7,r0,0
0x00207538:  bne        cr7,00207558
0x0020753c:  b  00D49B10
0x00207540:  lis        r2,184
0x00207544:  lwz        r2,-28092(r2)
0x00207548:  lis        r9,184
0x0020754c:  lwz        r24,-28096(r9)
0x00207550:  stw        r2,32(r27)
0x00207554:  b  00207574
0x00207558:  b  00D49B14
0x0020755c:  lis        r2,184
0x00207560:  lis        r9,184
0x00207564:  lwz        r2,-28096(r2)
0x00207568:  lwz        r9,-28088(r9)
0x0020756c:  addi       r24,r2,1
0x00207570:  stw        r9,32(r27)
0x00207574:  blr

Trace 0x00207230 [0x000f0000]

---

I am still fiddling around with it and trying to wrap my head around  
what Fabrice has done, but will post a diff if anyone wants it.

-Daniel


On Feb 19, 2004, at 5:46 AM, Pierre d'Herbemont wrote:

> Hi all!
>
> I finally made the dyngen tool mach-o compatible. But it is still not  
> working, when I do:
> i386-softmmu/qemu /path/to/linux.img -d
> I get two block of instructions translated, but it ends in a SIGBUS  
> with the following backtrace:
>
> #0  0x00013ba4 in cpu_x86_exec (env1=0x1d) at  
> /Users/steg/Documents/Programmation/System/Wine/Related/qemu/exec- 
> all.h:275
> #1  0x00006050 in main_loop (opaque=0x1d) at  
> /Users/steg/Documents/Programmation/System/Wine/Related/qemu/vl.c:3161
> #2  0x00006050 in main_loop (opaque=0x1d) at  
> /Users/steg/Documents/Programmation/System/Wine/Related/qemu/vl.c:3161
> #3  0x00006f98 in main (argc=983040, argv=0x206140) at  
> /Users/steg/Documents/Programmation/System/Wine/Related/qemu/vl.c:3760
> (To this email is attached the log output)
> <qemu.log>
>
> I was wondering if the usage of qemu was correct. Can someone point me  
> to the right direction on how to debug qemu and/or give me some help  
> on this issue.
>
> Here is a patch to make qemu build on Darwin. It is not cleaned enough  
> to be integrated in CVS as is, but it will be soon. Also configure  
> doesn't work properly so you'll have to edit configure output by hands  
> on Darwin.
> http://www.opendarwin.org/~pidherbemont/qemu.diff.txt
>
> Thanks,
>
> Pierre
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://mail.nongnu.org/mailman/listinfo/qemu-devel

Re: [Qemu-devel] Darwin/Mac OS X Port

[Pierre d'Herbemont]

Hi!

On 19 févr. 04, at 21:45, Daniel J. Guinan wrote:

> I have been looking and tinkering with your OS X port and was not able 
> to get any translation working until I fudged with a couple of things. 
>  The most important of those is in vl.c -> search for valloc() -> you 
> will see an attempt to allocate *page_size x all memory* change it to 
> *all memory* and you will be on your way.  Here is a log from my 
> changes:

thanks ;) This one would be helpful.

> COMMAND LINE:  qemu -d -L ../pc-bios -nographic --kernel bzImage 
> --append "console=ttyS0 root=/dev/hda sb=0x220,5,1,5 ide2=noprobe 
> ide3=noprobe ide4=noprobe ide5=noprobe" linux.img

thanks for this one also ;)

Also after reading the output code again, and without knowing x86 
assembly, I have been wondering myself about why does the ljmp change 
the EIP to 0x0 and fetch code from 0xf000. So there might be an issue 
here.

See:
[snip]
> IN:
> 0x000ffff0:  ljmp   0xf000,0xe05b
>
> AFTER FLAGS OPT:
> 0x0000: movl_T0_im 0xf000
> 0x0001: movl_T1_im 0xe05b
> 0x0002: movl_seg_T0_vm 0xb0
> 0x0003: movl_T0_T1
> 0x0004: jmp_T0
> 0x0005: movl_T0_0
> 0x0006: exit_tb
> 0x0007: end
>
> OUT: [size=60]
> 0x002071f0:  lis        r2,184
> 0x002071f4:  lwz        r24,-28096(r2)
> 0x002071f8:  lis        r2,184
> 0x002071fc:  lwz        r25,-28096(r2)
> 0x00207200:  lis        r2,184
> 0x00207204:  clrlwi     r0,r24,16
> 0x00207208:  lwz        r2,-28096(r2)
> 0x0020720c:  mr r9,r27
> 0x00207210:  stwux      r0,r9,r2
> 0x00207214:  rlwinm     r0,r0,4,0,27
> 0x00207218:  stw        r0,4(r9)
> 0x0020721c:  mr r24,r25
> 0x00207220:  stw        r24,32(r27)
> 0x00207224:  li r24,0
> 0x00207228:  blr
>
> Trace 0x002071f0 [0x000ffff0]
> EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
> EIP=00000000 EFL=00000002 [-------]    CPL=0 II=0
> ES =0000 00000000 0000ffff 00000000
> CS =f000 000f0000 0000ffff 00000000
> SS =0000 00000000 0000ffff 00000000
> DS =0000 00000000 0000ffff 00000000
> FS =0000 00000000 0000ffff 00000000
> GS =0000 00000000 0000ffff 00000000
> LDT=0000 00000000 0000ffff 00008000
> TR =0000 00000000 0000ffff 00008000
> GDT=     00000000 0000ffff
> IDT=     00000000 0000ffff
> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
> CCS=00000000 CCD=00000000 CCO=EFLAGS
> ----------------

here should be 0x000fe05b or something like that...

> IN:
> 0x000f0000:  pushw  %bp
> 0x000f0001:  movw   %sp,%bp
> 0x000f0003:  pushw  %ax
> 0x000f0004:  pushw  %cx
> 0x000f0005:  pushw  %es
> 0x000f0006:  pushw  %di
> 0x000f0007:  movw   0xa(bp),%cx
> 0x000f000a:  cmpw   $0x0,%cx
> 0x000f000d:  je     0xf001f
>
> AFTER FLAGS OPT:
> 0x0000: movl_T0_EBP
> 0x0001: movl_A0_ESP
> [snip]
>
> I am still fiddling around with it and trying to wrap my head around 
> what Fabrice has done, but will post a diff if anyone wants it.

I am interested about your patch.

Thanks again,

Pierre

Re: [Qemu-devel] Darwin/Mac OS X Port

[dguinan]

I am sending you a tar file in email (faster) - because I Have merged 
with the recent CVS branch and the diffs might therefore be confusing.  
We should probably make a temporary CVS location to use until we merge 
with the main branch.

-Daniel

On Feb 19, 2004, at 2:17 PM, Pierre d'Herbemont wrote:

> Hi!
>
> On 19 févr. 04, at 21:45, Daniel J. Guinan wrote:
>
>> I have been looking and tinkering with your OS X port and was not 
>> able to get any translation working until I fudged with a couple of 
>> things.  The most important of those is in vl.c -> search for 
>> valloc() -> you will see an attempt to allocate *page_size x all 
>> memory* change it to *all memory* and you will be on your way.  Here 
>> is a log from my changes:
>
> thanks ;) This one would be helpful.
>
>> COMMAND LINE:  qemu -d -L ../pc-bios -nographic --kernel bzImage 
>> --append "console=ttyS0 root=/dev/hda sb=0x220,5,1,5 ide2=noprobe 
>> ide3=noprobe ide4=noprobe ide5=noprobe" linux.img
>
> thanks for this one also ;)
>
> Also after reading the output code again, and without knowing x86 
> assembly, I have been wondering myself about why does the ljmp change 
> the EIP to 0x0 and fetch code from 0xf000. So there might be an issue 
> here.
>
> See:
> [snip]
>> IN:
>> 0x000ffff0:  ljmp   0xf000,0xe05b
>>
>> AFTER FLAGS OPT:
>> 0x0000: movl_T0_im 0xf000
>> 0x0001: movl_T1_im 0xe05b
>> 0x0002: movl_seg_T0_vm 0xb0
>> 0x0003: movl_T0_T1
>> 0x0004: jmp_T0
>> 0x0005: movl_T0_0
>> 0x0006: exit_tb
>> 0x0007: end
>>
>> OUT: [size=60]
>> 0x002071f0:  lis        r2,184
>> 0x002071f4:  lwz        r24,-28096(r2)
>> 0x002071f8:  lis        r2,184
>> 0x002071fc:  lwz        r25,-28096(r2)
>> 0x00207200:  lis        r2,184
>> 0x00207204:  clrlwi     r0,r24,16
>> 0x00207208:  lwz        r2,-28096(r2)
>> 0x0020720c:  mr r9,r27
>> 0x00207210:  stwux      r0,r9,r2
>> 0x00207214:  rlwinm     r0,r0,4,0,27
>> 0x00207218:  stw        r0,4(r9)
>> 0x0020721c:  mr r24,r25
>> 0x00207220:  stw        r24,32(r27)
>> 0x00207224:  li r24,0
>> 0x00207228:  blr
>>
>> Trace 0x002071f0 [0x000ffff0]
>> EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
>> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
>> EIP=00000000 EFL=00000002 [-------]    CPL=0 II=0
>> ES =0000 00000000 0000ffff 00000000
>> CS =f000 000f0000 0000ffff 00000000
>> SS =0000 00000000 0000ffff 00000000
>> DS =0000 00000000 0000ffff 00000000
>> FS =0000 00000000 0000ffff 00000000
>> GS =0000 00000000 0000ffff 00000000
>> LDT=0000 00000000 0000ffff 00008000
>> TR =0000 00000000 0000ffff 00008000
>> GDT=     00000000 0000ffff
>> IDT=     00000000 0000ffff
>> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
>> CCS=00000000 CCD=00000000 CCO=EFLAGS
>> ----------------
>
> here should be 0x000fe05b or something like that...
>
>> IN:
>> 0x000f0000:  pushw  %bp
>> 0x000f0001:  movw   %sp,%bp
>> 0x000f0003:  pushw  %ax
>> 0x000f0004:  pushw  %cx
>> 0x000f0005:  pushw  %es
>> 0x000f0006:  pushw  %di
>> 0x000f0007:  movw   0xa(bp),%cx
>> 0x000f000a:  cmpw   $0x0,%cx
>> 0x000f000d:  je     0xf001f
>>
>> AFTER FLAGS OPT:
>> 0x0000: movl_T0_EBP
>> 0x0001: movl_A0_ESP
>> [snip]
>>
>> I am still fiddling around with it and trying to wrap my head around 
>> what Fabrice has done, but will post a diff if anyone wants it.
>
> I am interested about your patch.
>
> Thanks again,
>
> Pierre
>
>
>
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://mail.nongnu.org/mailman/listinfo/qemu-devel
>

Re: [Qemu-devel] Darwin/Mac OS X Port

[Pierre d'Herbemont]

I have made a temporary CVS directory at OpenDarwin (in the darwine 
project). You should probably get a user name at OpenDarwin, but I can 
handle patches if you want.
http://www.opendarwin.org/
http://cvs.opendarwin.org/index.cgi/projects/darwine/related/qemu/

Pierre

On 20 févr. 04, at 02:27, dguinan@mac.com wrote:

> I am sending you a tar file in email (faster) - because I Have merged 
> with the recent CVS branch and the diffs might therefore be confusing. 
>  We should probably make a temporary CVS location to use until we 
> merge with the main branch.
>
> -Daniel
>
> On Feb 19, 2004, at 2:17 PM, Pierre d'Herbemont wrote:
>
>> Hi!
>>
>> On 19 févr. 04, at 21:45, Daniel J. Guinan wrote:
>>
>>> I have been looking and tinkering with your OS X port and was not 
>>> able to get any translation working until I fudged with a couple of 
>>> things.  The most important of those is in vl.c -> search for 
>>> valloc() -> you will see an attempt to allocate *page_size x all 
>>> memory* change it to *all memory* and you will be on your way.  Here 
>>> is a log from my changes:
>>
>> thanks ;) This one would be helpful.
>>
>>> COMMAND LINE:  qemu -d -L ../pc-bios -nographic --kernel bzImage 
>>> --append "console=ttyS0 root=/dev/hda sb=0x220,5,1,5 ide2=noprobe 
>>> ide3=noprobe ide4=noprobe ide5=noprobe" linux.img
>>
>> thanks for this one also ;)
>>
>> Also after reading the output code again, and without knowing x86 
>> assembly, I have been wondering myself about why does the ljmp change 
>> the EIP to 0x0 and fetch code from 0xf000. So there might be an issue 
>> here.
>>
>> See:
>> [snip]
>>> IN:
>>> 0x000ffff0:  ljmp   0xf000,0xe05b
>>>
>>> AFTER FLAGS OPT:
>>> 0x0000: movl_T0_im 0xf000
>>> 0x0001: movl_T1_im 0xe05b
>>> 0x0002: movl_seg_T0_vm 0xb0
>>> 0x0003: movl_T0_T1
>>> 0x0004: jmp_T0
>>> 0x0005: movl_T0_0
>>> 0x0006: exit_tb
>>> 0x0007: end
>>>
>>> OUT: [size=60]
>>> 0x002071f0:  lis        r2,184
>>> 0x002071f4:  lwz        r24,-28096(r2)
>>> 0x002071f8:  lis        r2,184
>>> 0x002071fc:  lwz        r25,-28096(r2)
>>> 0x00207200:  lis        r2,184
>>> 0x00207204:  clrlwi     r0,r24,16
>>> 0x00207208:  lwz        r2,-28096(r2)
>>> 0x0020720c:  mr r9,r27
>>> 0x00207210:  stwux      r0,r9,r2
>>> 0x00207214:  rlwinm     r0,r0,4,0,27
>>> 0x00207218:  stw        r0,4(r9)
>>> 0x0020721c:  mr r24,r25
>>> 0x00207220:  stw        r24,32(r27)
>>> 0x00207224:  li r24,0
>>> 0x00207228:  blr
>>>
>>> Trace 0x002071f0 [0x000ffff0]
>>> EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000600
>>> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
>>> EIP=00000000 EFL=00000002 [-------]    CPL=0 II=0
>>> ES =0000 00000000 0000ffff 00000000
>>> CS =f000 000f0000 0000ffff 00000000
>>> SS =0000 00000000 0000ffff 00000000
>>> DS =0000 00000000 0000ffff 00000000
>>> FS =0000 00000000 0000ffff 00000000
>>> GS =0000 00000000 0000ffff 00000000
>>> LDT=0000 00000000 0000ffff 00008000
>>> TR =0000 00000000 0000ffff 00008000
>>> GDT=     00000000 0000ffff
>>> IDT=     00000000 0000ffff
>>> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
>>> CCS=00000000 CCD=00000000 CCO=EFLAGS
>>> ----------------
>>
>> here should be 0x000fe05b or something like that...
>>
>>> IN:
>>> 0x000f0000:  pushw  %bp
>>> 0x000f0001:  movw   %sp,%bp
>>> 0x000f0003:  pushw  %ax
>>> 0x000f0004:  pushw  %cx
>>> 0x000f0005:  pushw  %es
>>> 0x000f0006:  pushw  %di
>>> 0x000f0007:  movw   0xa(bp),%cx
>>> 0x000f000a:  cmpw   $0x0,%cx
>>> 0x000f000d:  je     0xf001f
>>>
>>> AFTER FLAGS OPT:
>>> 0x0000: movl_T0_EBP
>>> 0x0001: movl_A0_ESP
>>> [snip]
>>>
>>> I am still fiddling around with it and trying to wrap my head around 
>>> what Fabrice has done, but will post a diff if anyone wants it.
>>
>> I am interested about your patch.
>>
>> Thanks again,
>>
>> Pierre
>>
>>
>>
>> _______________________________________________
>> Qemu-devel mailing list
>> Qemu-devel@nongnu.org
>> http://mail.nongnu.org/mailman/listinfo/qemu-devel
>>
>
>
>
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://mail.nongnu.org/mailman/listinfo/qemu-devel
>

Re: [Qemu-devel] Darwin/Mac OS X Port

[Fabrice Bellard]

Pierre d'Herbemont wrote:
> Hi all!
> 
> I finally made the dyngen tool mach-o compatible.
 > [...]

Thank you for the work ! I looked briefly at the patch and here are a 
few remarks:

- Some parts of dyngen need to be merged between the elf and macho 
target, in particular all the C code generation stuff. As there will be 
a Windows target too, it would be good to avoid duplicating too much code.

- Do not try to make the linux emulator work (no need to patch 
syscall.c) as it is not very useful on MacOS and complicated.

- Do not try to make the signal handler stuff work as it is not needed 
for the soft mmu system emulator (but it will be needed if you want a 
user mode emulator for the darwine project).

Fabrice.

Re: [Qemu-devel] Darwin/Mac OS X Port

[Satadru Pramanik]

[-- Attachment #1: Type: text/plain, Size: 1473 bytes --]

As a non-developer,  I have no rights to argue what is and is not 
useful, and I do love the direction that qemu is headed.

However, in perhaps a small part a rebuttal of these previous comments, 
I WOULD like to see qemu on darwin have the ability to run linux/ppc 
programs.  (in user mode as well).

I think for one it would greatly increase the usability of linuxppc 
programs for mac users, if linuxppc programs could be distributed with 
a small qemu wrapper for use on OS X systems.

Satadru

On Feb 25, 2004, at 7:12 PM, Fabrice Bellard wrote:

> Pierre d'Herbemont wrote:
>> Hi all!
>> I finally made the dyngen tool mach-o compatible.
> > [...]
>
> Thank you for the work ! I looked briefly at the patch and here are a 
> few remarks:
>
> - Some parts of dyngen need to be merged between the elf and macho 
> target, in particular all the C code generation stuff. As there will 
> be a Windows target too, it would be good to avoid duplicating too 
> much code.
>
> - Do not try to make the linux emulator work (no need to patch 
> syscall.c) as it is not very useful on MacOS and complicated.
>
> - Do not try to make the signal handler stuff work as it is not needed 
> for the soft mmu system emulator (but it will be needed if you want a 
> user mode emulator for the darwine project).
>
> Fabrice.
>
>
>
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://mail.nongnu.org/mailman/listinfo/qemu-devel

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 186 bytes --]

Re: [Qemu-devel] Darwin/Mac OS X Port

[J. Mayer]

On Thu, 2004-02-26 at 05:14, Satadru Pramanik wrote:
> As a non-developer,  I have no rights to argue what is and is not 
> useful, and I do love the direction that qemu is headed.
> 
> However, in perhaps a small part a rebuttal of these previous comments, 
> I WOULD like to see qemu on darwin have the ability to run linux/ppc 
> programs.  (in user mode as well).
>
> I think for one it would greatly increase the usability of linuxppc 
> programs for mac users, if linuxppc programs could be distributed with 
> a small qemu wrapper for use on OS X systems.

The problem is not it's not useful. I'd like to run Linux programs on
MacOS and MacOS X programs on LinuxPPC. What is missing is a complete
Linux syscall emulation on MacOS. But, as there is a Linux syscall API
in FreeBSD, the thing to do, I think, is to make it work as a Darwin
kernel extension, then run LinuxPPC qemu natively.
This may not be trivial: Apple anounced they'll do it for Panther and
they seem to have renounced.

-- 
J. Mayer <l_indien@magic.fr>
Never organized

Re: [Qemu-devel] Darwin/Mac OS X Port

[Pierre d'Herbemont]

On 26 févr. 04, at 01:12, Fabrice Bellard wrote:

> Pierre d'Herbemont wrote:
>> Hi all!
>> I finally made the dyngen tool mach-o compatible.
> > [...]
>
> Thank you for the work ! I looked briefly at the patch and here are a 
> few remarks:

:)

> - Some parts of dyngen need to be merged between the elf and macho 
> target, in particular all the C code generation stuff. As there will 
> be a Windows target too, it would be good to avoid duplicating too 
> much code.

I'll try to fix this soon.

> - Do not try to make the linux emulator work (no need to patch 
> syscall.c) as it is not very useful on MacOS and complicated.

ok.

> - Do not try to make the signal handler stuff work as it is not needed 
> for the soft mmu system emulator (but it will be needed if you want a 
> user mode emulator for the darwine project).

So I'll probably try to work on it soon ;)

Thanks, Fabrice, for your help and for qemu,

Pierre