* [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
@ 2011-04-03 3:09 Kenneth Salerno
2011-04-03 4:13 ` malc
2011-04-04 12:59 ` Brian Wheeler
0 siblings, 2 replies; 8+ messages in thread
From: Kenneth Salerno @ 2011-04-03 3:09 UTC (permalink / raw)
To: qemu-devel
Hi,
I have been using QEMU for a few years and periodically tested AIX V6.1 with qemu-system-ppc and read the various threads in the mailing list knowing not to expect it to work just yet. However, with OpenBIOS v1.0 I was surprised to find how far it gets now. Please see below and I would appreciate any advice on how to debug further:
>> =============================================================
>> OpenBIOS 1.0 [Jan 30 2011 08:46]
>> Configuration device id QEMU version 1 machine id 2
>> CPUs: 1
>> Memory: 2047M
>> UUID: 17202d0a-45f8-4159-a8e1-78b866f50aa7
>> CPU type PowerPC,750
Welcome to OpenBIOS v1.0 built on Jan 30 2011 08:46
Trying cd:,\\:tbxi...
Trying cd:,\ppc\bootinfo.txt...
-------------------------------------------------------------------------------
Welcome to AIX.
boot image timestamp: 00:39 35/2D
The current time and date: 23:00:50 04/02/2011
processor count: 1; memory size: 2047MB; kernel size: 2293829
boot device: cd:\ppc\chrp\bootfile.exe
qemu>
info cpus
* CPU #0: nip=0xfff0fcdc thread_id=2527
info registers
NIP fff0fcec LR fff0fcc4 CTR fff11558 XER 20000000
MSR 00003032 HID0 00000000 HF 00002000 idx 1
TB 00000000 1542797983 DECR 2752169338
GPR00 000000007fb9f0d0 000000007fcf7790 0000000000000000 000000007fba29e4
GPR04 00000000fffb403c 0000000000044200 00000000fff02464 0000000000044200
GPR08 0000000000000000 000000007fba29e4 000000000000000c 0000000000000820
GPR12 00000000000088ac 0000000000000000 00000000fff305f5 00000000fff30dac
GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4 00000000fffb3ec4
GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38 00000000fff2eeb8
GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204 00000000fffffff8
GPR28 0000000000000036 00000000fffb0000 00000000fffb0000 000000007fb9f0d8
CR 48000084 [ G L - - - - L G ] RES ffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 00000000
SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
x/20i $pc-10
0xfff0fcd2: fnmadd. f31,f24,f4,f18
0xfff0fcd6: .long 0xfff84800
0xfff0fcda: .long 0x87d23
0xfff0fcde: bla 0xff788120
0xfff0fce2: .long 0x2f89
0xfff0fce6: .long 0x419e
0xfff0fcea: .long 0x148149
0xfff0fcee: .long 0x4817f
0xfff0fcf2: .long 0xfffc7f8a
0xfff0fcf6: rlmi r0,r2,r8,6,14
0xfff0fcfa: fnmadd. f31,f4,f4,f18
0xfff0fcfe: .long 0xfff89003
0xfff0fd02: .long 0x3961
0xfff0fd06: .long 0x104801
0xfff0fd0a: ori r24,r11,37921
0xfff0fd0e: .long 0xffe07c08
0xfff0fd12: .long 0x2a6bfa1
0xfff0fd16: .long 0x147c7e
0xfff0fd1a: .long 0x1b799001
0xfff0fd1e: .long 0x247c9d
last entry from out_asm:
OUT: [size=256]
0x4157ae90: mov 0x100(%r14),%ebp
0x4157ae97: mov 0x4(%r14),%ebx
0x4157ae9b: lea -0x10(%rbx),%r12d
0x4157ae9f: mov %ebp,(%r14)
0x4157aea2: mov $0x20,%ebp
0x4157aea7: mov %ebp,0x260(%r14)
0x4157aeae: mov %r12d,%esi
0x4157aeb1: mov %r12d,%edi
0x4157aeb4: shr $0x7,%esi
0x4157aeb7: and $0xfffff003,%edi
0x4157aebd: and $0x1fe0,%esi
0x4157aec3: lea 0x228c(%r14,%rsi,1),%rsi
0x4157aecb: cmp (%rsi),%edi
0x4157aecd: mov %r12d,%edi
0x4157aed0: jne 0x4157aede
0x4157aed2: add 0xc(%rsi),%rdi
0x4157aed6: mov %ebx,%esi
0x4157aed8: bswap %esi
0x4157aeda: mov %esi,(%rdi)
0x4157aedc: jmp 0x4157aeea
0x4157aede: mov %ebx,%esi
0x4157aee0: mov $0x1,%edx
0x4157aee5: callq 0x57f0f5
0x4157aeea: lea 0x14(%r12),%ebp
0x4157aeef: mov (%r14),%ebx
0x4157aef2: mov %r12d,0x4(%r14)
0x4157aef6: mov %ebp,%esi
0x4157aef8: mov %ebp,%edi
0x4157aefa: shr $0x7,%esi
0x4157aefd: and $0xfffff003,%edi
0x4157af03: and $0x1fe0,%esi
0x4157af09: lea 0x228c(%r14,%rsi,1),%rsi
0x4157af11: cmp (%rsi),%edi
0x4157af13: mov %ebp,%edi
0x4157af15: jne 0x4157af23
0x4157af17: add 0xc(%rsi),%rdi
0x4157af1b: mov %ebx,%esi
0x4157af1d: bswap %esi
0x4157af1f: mov %esi,(%rdi)
0x4157af21: jmp 0x4157af2f
0x4157af23: mov %ebx,%esi
0x4157af25: mov $0x1,%edx
0x4157af2a: callq 0x57f0f5
0x4157af2f: mov 0xc(%r14),%ebp
0x4157af33: lea 0x18(%rbp),%ebx
0x4157af36: mov %ebx,%esi
0x4157af38: mov %ebx,%edi
0x4157af3a: shr $0x7,%esi
0x4157af3d: and $0xfffff003,%edi
0x4157af43: and $0x1fe0,%esi
0x4157af49: lea 0x2288(%r14,%rsi,1),%rsi
0x4157af51: cmp (%rsi),%edi
0x4157af53: mov %ebx,%edi
0x4157af55: jne 0x4157af61
0x4157af57: add 0x10(%rsi),%rdi
0x4157af5b: mov (%rdi),%ebp
0x4157af5d: bswap %ebp
0x4157af5f: jmp 0x4157af6d
0x4157af61: mov $0x1,%esi
0x4157af66: callq 0x57ecde
0x4157af6b: mov %eax,%ebp
0x4157af6d: mov %ebp,0xc(%r14)
0x4157af71: mov $0xfff084ac,%ebp
0x4157af76: mov %ebp,0x25c(%r14)
0x4157af7d: mov $0xfff1156c,%ebp
0x4157af82: mov %ebp,0x100(%r14)
0x4157af89: xor %eax,%eax
0x4157af8b: jmpq 0x11babee
Thank you,
Ken
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
2011-04-03 3:09 [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now) Kenneth Salerno
@ 2011-04-03 4:13 ` malc
2011-04-03 15:29 ` Kenneth Salerno
2011-04-04 12:59 ` Brian Wheeler
1 sibling, 1 reply; 8+ messages in thread
From: malc @ 2011-04-03 4:13 UTC (permalink / raw)
To: Kenneth Salerno; +Cc: qemu-devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 5999 bytes --]
On Sat, 2 Apr 2011, Kenneth Salerno wrote:
> Hi,
>
> I have been using QEMU for a few years and periodically tested AIX V6.1 with qemu-system-ppc and read the various threads in the mailing list knowing not to expect it to work just yet. However, with OpenBIOS v1.0 I was surprised to find how far it gets now. Please see below and I would appreciate any advice on how to debug further:
>
> >> =============================================================
> >> OpenBIOS 1.0 [Jan 30 2011 08:46]
> >> Configuration device id QEMU version 1 machine id 2
> >> CPUs: 1
> >> Memory: 2047M
> >> UUID: 17202d0a-45f8-4159-a8e1-78b866f50aa7
> >> CPU type PowerPC,750
> Welcome to OpenBIOS v1.0 built on Jan 30 2011 08:46
> Trying cd:,\\:tbxi...
> Trying cd:,\ppc\bootinfo.txt...
>
>
>
> -------------------------------------------------------------------------------
> Welcome to AIX.
> boot image timestamp: 00:39 35/2D
> The current time and date: 23:00:50 04/02/2011
> processor count: 1; memory size: 2047MB; kernel size: 2293829
> boot device: cd:\ppc\chrp\bootfile.exe
>
> qemu>
> info cpus
> * CPU #0: nip=0xfff0fcdc thread_id=2527
>
> info registers
> NIP fff0fcec LR fff0fcc4 CTR fff11558 XER 20000000
> MSR 00003032 HID0 00000000 HF 00002000 idx 1
> TB 00000000 1542797983 DECR 2752169338
> GPR00 000000007fb9f0d0 000000007fcf7790 0000000000000000 000000007fba29e4
> GPR04 00000000fffb403c 0000000000044200 00000000fff02464 0000000000044200
> GPR08 0000000000000000 000000007fba29e4 000000000000000c 0000000000000820
> GPR12 00000000000088ac 0000000000000000 00000000fff305f5 00000000fff30dac
> GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4 00000000fffb3ec4
> GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38 00000000fff2eeb8
> GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204 00000000fffffff8
> GPR28 0000000000000036 00000000fffb0000 00000000fffb0000 000000007fb9f0d8
> CR 48000084 [ G L - - - - L G ] RES ffffffff
> FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPSCR 00000000
> SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
>
> x/20i $pc-10
Unless i'm missing something, what follows does not make any
sense (and for a good reason: 10 is not multiple of 4 (opcode size on
ppc))
> 0xfff0fcd2: fnmadd. f31,f24,f4,f18
> 0xfff0fcd6: .long 0xfff84800
> 0xfff0fcda: .long 0x87d23
> 0xfff0fcde: bla 0xff788120
> 0xfff0fce2: .long 0x2f89
> 0xfff0fce6: .long 0x419e
> 0xfff0fcea: .long 0x148149
> 0xfff0fcee: .long 0x4817f
> 0xfff0fcf2: .long 0xfffc7f8a
> 0xfff0fcf6: rlmi r0,r2,r8,6,14
> 0xfff0fcfa: fnmadd. f31,f4,f4,f18
> 0xfff0fcfe: .long 0xfff89003
> 0xfff0fd02: .long 0x3961
> 0xfff0fd06: .long 0x104801
> 0xfff0fd0a: ori r24,r11,37921
> 0xfff0fd0e: .long 0xffe07c08
> 0xfff0fd12: .long 0x2a6bfa1
> 0xfff0fd16: .long 0x147c7e
> 0xfff0fd1a: .long 0x1b799001
> 0xfff0fd1e: .long 0x247c9d
>
> last entry from out_asm:
> OUT: [size=256]
> 0x4157ae90: mov 0x100(%r14),%ebp
> 0x4157ae97: mov 0x4(%r14),%ebx
> 0x4157ae9b: lea -0x10(%rbx),%r12d
> 0x4157ae9f: mov %ebp,(%r14)
> 0x4157aea2: mov $0x20,%ebp
> 0x4157aea7: mov %ebp,0x260(%r14)
> 0x4157aeae: mov %r12d,%esi
> 0x4157aeb1: mov %r12d,%edi
> 0x4157aeb4: shr $0x7,%esi
> 0x4157aeb7: and $0xfffff003,%edi
> 0x4157aebd: and $0x1fe0,%esi
> 0x4157aec3: lea 0x228c(%r14,%rsi,1),%rsi
> 0x4157aecb: cmp (%rsi),%edi
> 0x4157aecd: mov %r12d,%edi
> 0x4157aed0: jne 0x4157aede
> 0x4157aed2: add 0xc(%rsi),%rdi
> 0x4157aed6: mov %ebx,%esi
> 0x4157aed8: bswap %esi
> 0x4157aeda: mov %esi,(%rdi)
> 0x4157aedc: jmp 0x4157aeea
> 0x4157aede: mov %ebx,%esi
> 0x4157aee0: mov $0x1,%edx
> 0x4157aee5: callq 0x57f0f5
> 0x4157aeea: lea 0x14(%r12),%ebp
> 0x4157aeef: mov (%r14),%ebx
> 0x4157aef2: mov %r12d,0x4(%r14)
> 0x4157aef6: mov %ebp,%esi
> 0x4157aef8: mov %ebp,%edi
> 0x4157aefa: shr $0x7,%esi
> 0x4157aefd: and $0xfffff003,%edi
> 0x4157af03: and $0x1fe0,%esi
> 0x4157af09: lea 0x228c(%r14,%rsi,1),%rsi
> 0x4157af11: cmp (%rsi),%edi
> 0x4157af13: mov %ebp,%edi
> 0x4157af15: jne 0x4157af23
> 0x4157af17: add 0xc(%rsi),%rdi
> 0x4157af1b: mov %ebx,%esi
> 0x4157af1d: bswap %esi
> 0x4157af1f: mov %esi,(%rdi)
> 0x4157af21: jmp 0x4157af2f
> 0x4157af23: mov %ebx,%esi
> 0x4157af25: mov $0x1,%edx
> 0x4157af2a: callq 0x57f0f5
> 0x4157af2f: mov 0xc(%r14),%ebp
> 0x4157af33: lea 0x18(%rbp),%ebx
> 0x4157af36: mov %ebx,%esi
> 0x4157af38: mov %ebx,%edi
> 0x4157af3a: shr $0x7,%esi
> 0x4157af3d: and $0xfffff003,%edi
> 0x4157af43: and $0x1fe0,%esi
> 0x4157af49: lea 0x2288(%r14,%rsi,1),%rsi
> 0x4157af51: cmp (%rsi),%edi
> 0x4157af53: mov %ebx,%edi
> 0x4157af55: jne 0x4157af61
> 0x4157af57: add 0x10(%rsi),%rdi
> 0x4157af5b: mov (%rdi),%ebp
> 0x4157af5d: bswap %ebp
> 0x4157af5f: jmp 0x4157af6d
> 0x4157af61: mov $0x1,%esi
> 0x4157af66: callq 0x57ecde
> 0x4157af6b: mov %eax,%ebp
> 0x4157af6d: mov %ebp,0xc(%r14)
> 0x4157af71: mov $0xfff084ac,%ebp
> 0x4157af76: mov %ebp,0x25c(%r14)
> 0x4157af7d: mov $0xfff1156c,%ebp
> 0x4157af82: mov %ebp,0x100(%r14)
> 0x4157af89: xor %eax,%eax
> 0x4157af8b: jmpq 0x11babee
>
> Thank you,
> Ken
>
--
mailto:av1474@comtv.ru
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
2011-04-03 4:13 ` malc
@ 2011-04-03 15:29 ` Kenneth Salerno
0 siblings, 0 replies; 8+ messages in thread
From: Kenneth Salerno @ 2011-04-03 15:29 UTC (permalink / raw)
To: malc; +Cc: qemu-devel
--- On Sun, 4/3/11, malc <av1474@comtv.ru> wrote:
> From: malc <av1474@comtv.ru>
> Subject: Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
> To: "Kenneth Salerno" <kennethsalerno@yahoo.com>
> Cc: qemu-devel@nongnu.org
> Date: Sunday, April 3, 2011, 12:13 AM
> On Sat, 2 Apr 2011, Kenneth Salerno
> wrote:
>
> > Hi,
> >
> > I have been using QEMU for a few years and
> periodically tested AIX V6.1 with qemu-system-ppc and read
> the various threads in the mailing list knowing not to
> expect it to work just yet. However, with OpenBIOS v1.0 I
> was surprised to find how far it gets now. Please see below
> and I would appreciate any advice on how to debug further:
> >
> > >>
> =============================================================
> > >> OpenBIOS 1.0 [Jan 30 2011 08:46]
> > >> Configuration device id QEMU version 1
> machine id 2
> > >> CPUs: 1
> > >> Memory: 2047M
> > >> UUID: 17202d0a-45f8-4159-a8e1-78b866f50aa7
> > >> CPU type PowerPC,750
> > Welcome to OpenBIOS v1.0 built on Jan 30 2011 08:46
> > Trying cd:,\\:tbxi...
> > Trying cd:,\ppc\bootinfo.txt...
> >
> >
> >
> >
> -------------------------------------------------------------------------------
> >
> Welcome to AIX.
> > boot image
> timestamp: 00:39 35/2D
> > The current time and date:
> 23:00:50 04/02/2011
> > processor count: 1; memory size:
> 2047MB; kernel size: 2293829
> > boot device:
> cd:\ppc\chrp\bootfile.exe
> >
> > qemu>
> > info cpus
> > * CPU #0: nip=0xfff0fcdc thread_id=2527
> >
> > info registers
> > NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> 20000000
> > MSR 00003032 HID0 00000000 HF 00002000 idx 1
> > TB 00000000 1542797983 DECR 2752169338
> > GPR00 000000007fb9f0d0 000000007fcf7790
> 0000000000000000 000000007fba29e4
> > GPR04 00000000fffb403c 0000000000044200
> 00000000fff02464 0000000000044200
> > GPR08 0000000000000000 000000007fba29e4
> 000000000000000c 0000000000000820
> > GPR12 00000000000088ac 0000000000000000
> 00000000fff305f5 00000000fff30dac
> > GPR16 00000000fff2f14e 0000000004000000
> 00000000fffb36c4 00000000fffb3ec4
> > GPR20 00000000000030ec 00000000fff2ef4a
> 00000000fff2ef38 00000000fff2eeb8
> > GPR24 00000000fff2ef40 00000000fffb3628
> 0000000000044204 00000000fffffff8
> > GPR28 0000000000000036 00000000fffb0000
> 00000000fffb0000 000000007fb9f0d8
> > CR 48000084 [ G L - - - - L G ]
> RES ffffffff
> > FPR00 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR04 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR08 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR12 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR16 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR20 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR24 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPR28 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000
> > FPSCR 00000000
> > SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
> >
> > x/20i $pc-10
>
> Unless i'm missing something, what follows does not make
> any
> sense (and for a good reason: 10 is not multiple of 4
> (opcode size on
> ppc))
(qemu) x/20i $pc-4
x/20i $pc-4
0xfff0fcd8: b 0xfff0fce0
0xfff0fcdc: mr r3,r9
0xfff0fce0: lwz r9,0(r3)
0xfff0fce4: cmpwi cr7,r9,0
0xfff0fce8: beq- cr7,0xfff0fcfc
0xfff0fcec: lwz r10,4(r9)
0xfff0fcf0: lwz r11,-4(r31)
0xfff0fcf4: cmplw cr7,r10,r11
0xfff0fcf8: blt+ cr7,0xfff0fcdc
0xfff0fcfc: stw r9,-8(r31)
0xfff0fd00: stw r0,0(r3)
0xfff0fd04: addi r11,r1,16
0xfff0fd08: b 0xfff25e80
0xfff0fd0c: stwu r1,-32(r1)
0xfff0fd10: mflr r0
0xfff0fd14: stmw r29,20(r1)
0xfff0fd18: mr. r30,r3
0xfff0fd1c: stw r0,36(r1)
0xfff0fd20: mr r29,r4
0xfff0fd24: bne+ 0xfff0fd38
(qemu) info registers
info registers
NIP fff0fcec LR fff0fcc4 CTR fff11558 XER 20000000
MSR 00003032 HID0 00000000 HF 00002000 idx 1
TB 00000000 2208586352 DECR 2086380980
GPR00 000000007fb9f0a0 000000007fcf7790 0000000000000000 000000007fba29b4
GPR04 00000000fffb403c 0000000000044200 00000000fff02464 0000000000044200
GPR08 0000000000000000 000000007fba29b4 000000000000000c 0000000000000820
GPR12 00000000000088ac 0000000000000000 00000000fff305f5 00000000fff30dac
GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4 00000000fffb3ec4
GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38 00000000fff2eeb8
GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204 00000000fffffff8
GPR28 0000000000000036 00000000fffb0000 00000000fffb0000 000000007fb9f0a8
CR 48000084 [ G L - - - - L G ] RES ffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 00000000
SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
OUT: [size=256]
0x40576b60: mov 0x100(%r14),%ebp
0x40576b67: mov 0x4(%r14),%ebx
0x40576b6b: lea -0x10(%rbx),%r12d
0x40576b6f: mov %ebp,(%r14)
0x40576b72: mov $0x20,%ebp
0x40576b77: mov %ebp,0x260(%r14)
0x40576b7e: mov %r12d,%esi
0x40576b81: mov %r12d,%edi
0x40576b84: shr $0x7,%esi
0x40576b87: and $0xfffff003,%edi
0x40576b8d: and $0x1fe0,%esi
0x40576b93: lea 0x228c(%r14,%rsi,1),%rsi
0x40576b9b: cmp (%rsi),%edi
0x40576b9d: mov %r12d,%edi
0x40576ba0: jne 0x40576bae
0x40576ba2: add 0xc(%rsi),%rdi
0x40576ba6: mov %ebx,%esi
0x40576ba8: bswap %esi
0x40576baa: mov %esi,(%rdi)
0x40576bac: jmp 0x40576bba
0x40576bae: mov %ebx,%esi
0x40576bb0: mov $0x1,%edx
0x40576bb5: callq 0x57f0f5
0x40576bba: lea 0x14(%r12),%ebp
0x40576bbf: mov (%r14),%ebx
0x40576bc2: mov %r12d,0x4(%r14)
0x40576bc6: mov %ebp,%esi
0x40576bc8: mov %ebp,%edi
0x40576bca: shr $0x7,%esi
0x40576bcd: and $0xfffff003,%edi
0x40576bd3: and $0x1fe0,%esi
0x40576bd9: lea 0x228c(%r14,%rsi,1),%rsi
0x40576be1: cmp (%rsi),%edi
0x40576be3: mov %ebp,%edi
0x40576be5: jne 0x40576bf3
0x40576be7: add 0xc(%rsi),%rdi
0x40576beb: mov %ebx,%esi
0x40576bed: bswap %esi
0x40576bef: mov %esi,(%rdi)
0x40576bf1: jmp 0x40576bff
0x40576bf3: mov %ebx,%esi
0x40576bf5: mov $0x1,%edx
0x40576bfa: callq 0x57f0f5
0x40576bff: mov 0xc(%r14),%ebp
0x40576c03: lea 0x18(%rbp),%ebx
0x40576c06: mov %ebx,%esi
0x40576c08: mov %ebx,%edi
0x40576c0a: shr $0x7,%esi
0x40576c0d: and $0xfffff003,%edi
0x40576c13: and $0x1fe0,%esi
0x40576c19: lea 0x2288(%r14,%rsi,1),%rsi
0x40576c21: cmp (%rsi),%edi
0x40576c23: mov %ebx,%edi
0x40576c25: jne 0x40576c31
0x40576c27: add 0x10(%rsi),%rdi
0x40576c2b: mov (%rdi),%ebp
0x40576c2d: bswap %ebp
0x40576c2f: jmp 0x40576c3d
0x40576c31: mov $0x1,%esi
0x40576c36: callq 0x57ecde
0x40576c3b: mov %eax,%ebp
0x40576c3d: mov %ebp,0xc(%r14)
0x40576c41: mov $0xfff084ac,%ebp
0x40576c46: mov %ebp,0x25c(%r14)
0x40576c4d: mov $0xfff1156c,%ebp
0x40576c52: mov %ebp,0x100(%r14)
0x40576c59: xor %eax,%eax
0x40576c5b: jmpq 0x11c0a4e
>
> > 0xfff0fcd2: fnmadd. f31,f24,f4,f18
> > 0xfff0fcd6: .long 0xfff84800
> > 0xfff0fcda: .long 0x87d23
> > 0xfff0fcde: bla 0xff788120
> > 0xfff0fce2: .long 0x2f89
> > 0xfff0fce6: .long 0x419e
> > 0xfff0fcea: .long 0x148149
> > 0xfff0fcee: .long 0x4817f
> > 0xfff0fcf2: .long 0xfffc7f8a
> > 0xfff0fcf6: rlmi r0,r2,r8,6,14
> > 0xfff0fcfa: fnmadd. f31,f4,f4,f18
> > 0xfff0fcfe: .long 0xfff89003
> > 0xfff0fd02: .long 0x3961
> > 0xfff0fd06: .long 0x104801
> > 0xfff0fd0a: ori r24,r11,37921
> > 0xfff0fd0e: .long 0xffe07c08
> > 0xfff0fd12: .long 0x2a6bfa1
> > 0xfff0fd16: .long 0x147c7e
> > 0xfff0fd1a: .long 0x1b799001
> > 0xfff0fd1e: .long 0x247c9d
> >
> > last entry from out_asm:
> > OUT: [size=256]
> > 0x4157ae90: mov 0x100(%r14),%ebp
> > 0x4157ae97: mov 0x4(%r14),%ebx
> > 0x4157ae9b: lea -0x10(%rbx),%r12d
> > 0x4157ae9f: mov %ebp,(%r14)
> > 0x4157aea2: mov $0x20,%ebp
> > 0x4157aea7: mov %ebp,0x260(%r14)
> > 0x4157aeae: mov %r12d,%esi
> > 0x4157aeb1: mov %r12d,%edi
> > 0x4157aeb4: shr $0x7,%esi
> > 0x4157aeb7: and $0xfffff003,%edi
> > 0x4157aebd: and $0x1fe0,%esi
> > 0x4157aec3: lea
> 0x228c(%r14,%rsi,1),%rsi
> > 0x4157aecb: cmp (%rsi),%edi
> > 0x4157aecd: mov %r12d,%edi
> > 0x4157aed0: jne 0x4157aede
> > 0x4157aed2: add 0xc(%rsi),%rdi
> > 0x4157aed6: mov %ebx,%esi
> > 0x4157aed8: bswap %esi
> > 0x4157aeda: mov %esi,(%rdi)
> > 0x4157aedc: jmp 0x4157aeea
> > 0x4157aede: mov %ebx,%esi
> > 0x4157aee0: mov $0x1,%edx
> > 0x4157aee5: callq 0x57f0f5
> > 0x4157aeea: lea 0x14(%r12),%ebp
> > 0x4157aeef: mov (%r14),%ebx
> > 0x4157aef2: mov %r12d,0x4(%r14)
> > 0x4157aef6: mov %ebp,%esi
> > 0x4157aef8: mov %ebp,%edi
> > 0x4157aefa: shr $0x7,%esi
> > 0x4157aefd: and $0xfffff003,%edi
> > 0x4157af03: and $0x1fe0,%esi
> > 0x4157af09: lea
> 0x228c(%r14,%rsi,1),%rsi
> > 0x4157af11: cmp (%rsi),%edi
> > 0x4157af13: mov %ebp,%edi
> > 0x4157af15: jne 0x4157af23
> > 0x4157af17: add 0xc(%rsi),%rdi
> > 0x4157af1b: mov %ebx,%esi
> > 0x4157af1d: bswap %esi
> > 0x4157af1f: mov %esi,(%rdi)
> > 0x4157af21: jmp 0x4157af2f
> > 0x4157af23: mov %ebx,%esi
> > 0x4157af25: mov $0x1,%edx
> > 0x4157af2a: callq 0x57f0f5
> > 0x4157af2f: mov 0xc(%r14),%ebp
> > 0x4157af33: lea 0x18(%rbp),%ebx
> > 0x4157af36: mov %ebx,%esi
> > 0x4157af38: mov %ebx,%edi
> > 0x4157af3a: shr $0x7,%esi
> > 0x4157af3d: and $0xfffff003,%edi
> > 0x4157af43: and $0x1fe0,%esi
> > 0x4157af49: lea
> 0x2288(%r14,%rsi,1),%rsi
> > 0x4157af51: cmp (%rsi),%edi
> > 0x4157af53: mov %ebx,%edi
> > 0x4157af55: jne 0x4157af61
> > 0x4157af57: add 0x10(%rsi),%rdi
> > 0x4157af5b: mov (%rdi),%ebp
> > 0x4157af5d: bswap %ebp
> > 0x4157af5f: jmp 0x4157af6d
> > 0x4157af61: mov $0x1,%esi
> > 0x4157af66: callq 0x57ecde
> > 0x4157af6b: mov %eax,%ebp
> > 0x4157af6d: mov %ebp,0xc(%r14)
> > 0x4157af71: mov $0xfff084ac,%ebp
> > 0x4157af76: mov %ebp,0x25c(%r14)
> > 0x4157af7d: mov $0xfff1156c,%ebp
> > 0x4157af82: mov %ebp,0x100(%r14)
> > 0x4157af89: xor %eax,%eax
> > 0x4157af8b: jmpq 0x11babee
> >
> > Thank you,
> > Ken
> >
>
> --
> mailto:av1474@comtv.ru
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
@ 2011-04-03 22:52 Kenneth Salerno
0 siblings, 0 replies; 8+ messages in thread
From: Kenneth Salerno @ 2011-04-03 22:52 UTC (permalink / raw)
To: malc; +Cc: qemu-devel
--- On Sun, 4/3/11, Kenneth Salerno <kennethsalerno@yahoo.com> wrote:
> From: Kenneth Salerno <kennethsalerno@yahoo.com>
> Subject: Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
> To: "malc" <av1474@comtv.ru>
> Cc: qemu-devel@nongnu.org
> Date: Sunday, April 3, 2011, 11:29 AM
> --- On Sun, 4/3/11, malc <av1474@comtv.ru>
> wrote:
>
> > From: malc <av1474@comtv.ru>
> > Subject: Re: [Qemu-devel] Help Debugging AIX boot on
> qemu-system-ppc (it reads bootfile.exe now)
> > To: "Kenneth Salerno" <kennethsalerno@yahoo.com>
> > Cc: qemu-devel@nongnu.org
> > Date: Sunday, April 3, 2011, 12:13 AM
> > On Sat, 2 Apr 2011, Kenneth Salerno
> > wrote:
> >
> > > Hi,
> > >
> > > I have been using QEMU for a few years and
> > periodically tested AIX V6.1 with qemu-system-ppc and
> read
> > the various threads in the mailing list knowing not
> to
> > expect it to work just yet. However, with OpenBIOS
> v1.0 I
> > was surprised to find how far it gets now. Please see
> below
> > and I would appreciate any advice on how to debug
> further:
> > >
> > > >>
> >
> =============================================================
> > > >> OpenBIOS 1.0 [Jan 30 2011 08:46]
> > > >> Configuration device id QEMU version 1
> > machine id 2
> > > >> CPUs: 1
> > > >> Memory: 2047M
> > > >> UUID:
> 17202d0a-45f8-4159-a8e1-78b866f50aa7
> > > >> CPU type PowerPC,750
> > > Welcome to OpenBIOS v1.0 built on Jan 30 2011
> 08:46
> > > Trying cd:,\\:tbxi...
> > > Trying cd:,\ppc\bootinfo.txt...
> > >
> > >
> > >
> > >
> >
> -------------------------------------------------------------------------------
> > >
> > Welcome to AIX.
> > > boot image
> > timestamp: 00:39 35/2D
> > > The current time and
> date:
> > 23:00:50 04/02/2011
> > > processor count: 1; memory size:
> > 2047MB; kernel size: 2293829
> > > boot device:
> > cd:\ppc\chrp\bootfile.exe
> > >
> > > qemu>
> > > info cpus
> > > * CPU #0: nip=0xfff0fcdc thread_id=2527
> > >
> > > info registers
> > > NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> > 20000000
> > > MSR 00003032 HID0 00000000 HF 00002000 idx 1
> > > TB 00000000 1542797983 DECR 2752169338
> > > GPR00 000000007fb9f0d0 000000007fcf7790
> > 0000000000000000 000000007fba29e4
> > > GPR04 00000000fffb403c 0000000000044200
> > 00000000fff02464 0000000000044200
> > > GPR08 0000000000000000 000000007fba29e4
> > 000000000000000c 0000000000000820
> > > GPR12 00000000000088ac 0000000000000000
> > 00000000fff305f5 00000000fff30dac
> > > GPR16 00000000fff2f14e 0000000004000000
> > 00000000fffb36c4 00000000fffb3ec4
> > > GPR20 00000000000030ec 00000000fff2ef4a
> > 00000000fff2ef38 00000000fff2eeb8
> > > GPR24 00000000fff2ef40 00000000fffb3628
> > 0000000000044204 00000000fffffff8
> > > GPR28 0000000000000036 00000000fffb0000
> > 00000000fffb0000 000000007fb9f0d8
> > > CR 48000084 [ G L - - - - L G
> ]
> > RES ffffffff
> > > FPR00 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR04 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR08 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR12 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR16 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR20 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR24 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPR28 0000000000000000 0000000000000000
> > 0000000000000000 0000000000000000
> > > FPSCR 00000000
> > > SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
> > >
> > > x/20i $pc-10
> >
> > Unless i'm missing something, what follows does not
> make
> > any
> > sense (and for a good reason: 10 is not multiple of 4
> > (opcode size on
> > ppc))
>
> (qemu) x/20i $pc-4
> x/20i $pc-4
> 0xfff0fcd8: b
> 0xfff0fce0
> 0xfff0fcdc: mr r3,r9
> 0xfff0fce0: lwz r9,0(r3)
> 0xfff0fce4: cmpwi cr7,r9,0
> 0xfff0fce8: beq- cr7,0xfff0fcfc
> 0xfff0fcec: lwz r10,4(r9)
> 0xfff0fcf0: lwz r11,-4(r31)
> 0xfff0fcf4: cmplw cr7,r10,r11
> 0xfff0fcf8: blt+ cr7,0xfff0fcdc
> 0xfff0fcfc: stw r9,-8(r31)
> 0xfff0fd00: stw r0,0(r3)
> 0xfff0fd04: addi r11,r1,16
> 0xfff0fd08: b
> 0xfff25e80
> 0xfff0fd0c: stwu r1,-32(r1)
> 0xfff0fd10: mflr r0
> 0xfff0fd14: stmw r29,20(r1)
> 0xfff0fd18: mr. r30,r3
> 0xfff0fd1c: stw r0,36(r1)
> 0xfff0fd20: mr r29,r4
> 0xfff0fd24: bne+ 0xfff0fd38
>
> (qemu) info registers
> info registers
> NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> 20000000
> MSR 00003032 HID0 00000000 HF 00002000 idx 1
> TB 00000000 2208586352 DECR 2086380980
> GPR00 000000007fb9f0a0 000000007fcf7790 0000000000000000
> 000000007fba29b4
> GPR04 00000000fffb403c 0000000000044200 00000000fff02464
> 0000000000044200
> GPR08 0000000000000000 000000007fba29b4 000000000000000c
> 0000000000000820
> GPR12 00000000000088ac 0000000000000000 00000000fff305f5
> 00000000fff30dac
> GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4
> 00000000fffb3ec4
> GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38
> 00000000fff2eeb8
> GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204
> 00000000fffffff8
> GPR28 0000000000000036 00000000fffb0000 00000000fffb0000
> 000000007fb9f0a8
> CR 48000084 [ G L - - -
> - L G ]
> RES ffffffff
> FPR00 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR04 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR08 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR12 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR16 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR20 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR24 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR28 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPSCR 00000000
> SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
>
> OUT: [size=256]
> 0x40576b60: mov 0x100(%r14),%ebp
> 0x40576b67: mov 0x4(%r14),%ebx
> 0x40576b6b: lea -0x10(%rbx),%r12d
> 0x40576b6f: mov %ebp,(%r14)
> 0x40576b72: mov $0x20,%ebp
> 0x40576b77: mov %ebp,0x260(%r14)
> 0x40576b7e: mov %r12d,%esi
> 0x40576b81: mov %r12d,%edi
> 0x40576b84: shr $0x7,%esi
> 0x40576b87: and $0xfffff003,%edi
> 0x40576b8d: and $0x1fe0,%esi
> 0x40576b93: lea
> 0x228c(%r14,%rsi,1),%rsi
> 0x40576b9b: cmp (%rsi),%edi
> 0x40576b9d: mov %r12d,%edi
> 0x40576ba0: jne 0x40576bae
> 0x40576ba2: add 0xc(%rsi),%rdi
> 0x40576ba6: mov %ebx,%esi
> 0x40576ba8: bswap %esi
> 0x40576baa: mov %esi,(%rdi)
> 0x40576bac: jmp 0x40576bba
> 0x40576bae: mov %ebx,%esi
> 0x40576bb0: mov $0x1,%edx
> 0x40576bb5: callq 0x57f0f5
> 0x40576bba: lea 0x14(%r12),%ebp
> 0x40576bbf: mov (%r14),%ebx
> 0x40576bc2: mov %r12d,0x4(%r14)
> 0x40576bc6: mov %ebp,%esi
> 0x40576bc8: mov %ebp,%edi
> 0x40576bca: shr $0x7,%esi
> 0x40576bcd: and $0xfffff003,%edi
> 0x40576bd3: and $0x1fe0,%esi
> 0x40576bd9: lea
> 0x228c(%r14,%rsi,1),%rsi
> 0x40576be1: cmp (%rsi),%edi
> 0x40576be3: mov %ebp,%edi
> 0x40576be5: jne 0x40576bf3
> 0x40576be7: add 0xc(%rsi),%rdi
> 0x40576beb: mov %ebx,%esi
> 0x40576bed: bswap %esi
> 0x40576bef: mov %esi,(%rdi)
> 0x40576bf1: jmp 0x40576bff
> 0x40576bf3: mov %ebx,%esi
> 0x40576bf5: mov $0x1,%edx
> 0x40576bfa: callq 0x57f0f5
> 0x40576bff: mov 0xc(%r14),%ebp
> 0x40576c03: lea 0x18(%rbp),%ebx
> 0x40576c06: mov %ebx,%esi
> 0x40576c08: mov %ebx,%edi
> 0x40576c0a: shr $0x7,%esi
> 0x40576c0d: and $0xfffff003,%edi
> 0x40576c13: and $0x1fe0,%esi
> 0x40576c19: lea
> 0x2288(%r14,%rsi,1),%rsi
> 0x40576c21: cmp (%rsi),%edi
> 0x40576c23: mov %ebx,%edi
> 0x40576c25: jne 0x40576c31
> 0x40576c27: add 0x10(%rsi),%rdi
> 0x40576c2b: mov (%rdi),%ebp
> 0x40576c2d: bswap %ebp
> 0x40576c2f: jmp 0x40576c3d
> 0x40576c31: mov $0x1,%esi
> 0x40576c36: callq 0x57ecde
> 0x40576c3b: mov %eax,%ebp
> 0x40576c3d: mov %ebp,0xc(%r14)
> 0x40576c41: mov $0xfff084ac,%ebp
> 0x40576c46: mov %ebp,0x25c(%r14)
> 0x40576c4d: mov $0xfff1156c,%ebp
> 0x40576c52: mov %ebp,0x100(%r14)
> 0x40576c59: xor %eax,%eax
> 0x40576c5b: jmpq 0x11c0a4e
>
> >
> > > 0xfff0fcd2: fnmadd. f31,f24,f4,f18
> > > 0xfff0fcd6: .long 0xfff84800
> > > 0xfff0fcda: .long 0x87d23
> > > 0xfff0fcde: bla 0xff788120
> > > 0xfff0fce2: .long 0x2f89
> > > 0xfff0fce6: .long 0x419e
> > > 0xfff0fcea: .long 0x148149
> > > 0xfff0fcee: .long 0x4817f
> > > 0xfff0fcf2: .long 0xfffc7f8a
> > > 0xfff0fcf6: rlmi r0,r2,r8,6,14
> > > 0xfff0fcfa: fnmadd. f31,f4,f4,f18
> > > 0xfff0fcfe: .long 0xfff89003
> > > 0xfff0fd02: .long 0x3961
> > > 0xfff0fd06: .long 0x104801
> > > 0xfff0fd0a: ori r24,r11,37921
> > > 0xfff0fd0e: .long 0xffe07c08
> > > 0xfff0fd12: .long 0x2a6bfa1
> > > 0xfff0fd16: .long 0x147c7e
> > > 0xfff0fd1a: .long 0x1b799001
> > > 0xfff0fd1e: .long 0x247c9d
> > >
> > > last entry from out_asm:
> > > OUT: [size=256]
> > > 0x4157ae90: mov 0x100(%r14),%ebp
> > > 0x4157ae97: mov 0x4(%r14),%ebx
> > > 0x4157ae9b: lea -0x10(%rbx),%r12d
> > > 0x4157ae9f: mov %ebp,(%r14)
> > > 0x4157aea2: mov $0x20,%ebp
> > > 0x4157aea7: mov %ebp,0x260(%r14)
> > > 0x4157aeae: mov %r12d,%esi
> > > 0x4157aeb1: mov %r12d,%edi
> > > 0x4157aeb4: shr $0x7,%esi
> > > 0x4157aeb7: and $0xfffff003,%edi
> > > 0x4157aebd: and $0x1fe0,%esi
> > > 0x4157aec3: lea
> > 0x228c(%r14,%rsi,1),%rsi
> > > 0x4157aecb: cmp (%rsi),%edi
> > > 0x4157aecd: mov %r12d,%edi
> > > 0x4157aed0: jne 0x4157aede
> > > 0x4157aed2: add 0xc(%rsi),%rdi
> > > 0x4157aed6: mov %ebx,%esi
> > > 0x4157aed8: bswap %esi
> > > 0x4157aeda: mov %esi,(%rdi)
> > > 0x4157aedc: jmp 0x4157aeea
> > > 0x4157aede: mov %ebx,%esi
> > > 0x4157aee0: mov $0x1,%edx
> > > 0x4157aee5: callq 0x57f0f5
> > > 0x4157aeea: lea 0x14(%r12),%ebp
> > > 0x4157aeef: mov (%r14),%ebx
> > > 0x4157aef2: mov %r12d,0x4(%r14)
> > > 0x4157aef6: mov %ebp,%esi
> > > 0x4157aef8: mov %ebp,%edi
> > > 0x4157aefa: shr $0x7,%esi
> > > 0x4157aefd: and $0xfffff003,%edi
> > > 0x4157af03: and $0x1fe0,%esi
> > > 0x4157af09: lea
> > 0x228c(%r14,%rsi,1),%rsi
> > > 0x4157af11: cmp (%rsi),%edi
> > > 0x4157af13: mov %ebp,%edi
> > > 0x4157af15: jne 0x4157af23
> > > 0x4157af17: add 0xc(%rsi),%rdi
> > > 0x4157af1b: mov %ebx,%esi
> > > 0x4157af1d: bswap %esi
> > > 0x4157af1f: mov %esi,(%rdi)
> > > 0x4157af21: jmp 0x4157af2f
> > > 0x4157af23: mov %ebx,%esi
> > > 0x4157af25: mov $0x1,%edx
> > > 0x4157af2a: callq 0x57f0f5
> > > 0x4157af2f: mov 0xc(%r14),%ebp
> > > 0x4157af33: lea 0x18(%rbp),%ebx
> > > 0x4157af36: mov %ebx,%esi
> > > 0x4157af38: mov %ebx,%edi
> > > 0x4157af3a: shr $0x7,%esi
> > > 0x4157af3d: and $0xfffff003,%edi
> > > 0x4157af43: and $0x1fe0,%esi
> > > 0x4157af49: lea
> > 0x2288(%r14,%rsi,1),%rsi
> > > 0x4157af51: cmp (%rsi),%edi
> > > 0x4157af53: mov %ebx,%edi
> > > 0x4157af55: jne 0x4157af61
> > > 0x4157af57: add 0x10(%rsi),%rdi
> > > 0x4157af5b: mov (%rdi),%ebp
> > > 0x4157af5d: bswap %ebp
> > > 0x4157af5f: jmp 0x4157af6d
> > > 0x4157af61: mov $0x1,%esi
> > > 0x4157af66: callq 0x57ecde
> > > 0x4157af6b: mov %eax,%ebp
> > > 0x4157af6d: mov %ebp,0xc(%r14)
> > > 0x4157af71: mov $0xfff084ac,%ebp
> > > 0x4157af76: mov %ebp,0x25c(%r14)
> > > 0x4157af7d: mov $0xfff1156c,%ebp
> > > 0x4157af82: mov %ebp,0x100(%r14)
> > > 0x4157af89: xor %eax,%eax
> > > 0x4157af8b: jmpq 0x11babee
> > >
> > > Thank you,
> > > Ken
> > >
> >
> > --
> > mailto:av1474@comtv.ru
>
I am posting new debug info here to give the complete picture:
===========================================
gdb
===========================================
cpu_ppc_exec (env1=0x11e4a10) at /home/kens/iso/aix/qemu/cpu-exec.c:446
446 if (env->pending_interrupts == 0)
448 next_tb = 0;
557 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
564 if (unlikely(env->exit_request)) {
565 env->exit_request = 0;
566 env->exception_index = EXCP_INTERRUPT;
567 cpu_loop_exit();
cpu_loop_exit () at /home/kens/iso/aix/qemu/cpu-exec.c:59
59 {
60 env->current_tb = NULL;
61 longjmp(env->jmp_env, 1);
longjmp (env=0x11f3ce8, val=1) at ../nptl/sysdeps/pthread/pt-longjmp.c:26
26 {
27 __libc_longjmp (env, val);
__libc_siglongjmp (env=0x11f3ce8, val=1) at longjmp.c:30
30 {
32 _longjmp_unwind (env, val);
_longjmp_unwind (env=0x11f3ce8, val=1)
at ../nptl/sysdeps/unix/sysv/linux/jmp-unwind.c:32
32 if (__libc_pthread_functions_init)
33 PTHFCT_CALL (ptr___pthread_cleanup_upto, (env->__jmpbuf,
__pthread_cleanup_upto (target=0x11f3ce8,
targetframe=0x7fffffffda68 "\030_o\366\377\177") at pt-cleanup.c:27
27 {
28 struct pthread *self = THREAD_SELF;
27 {
34 uintptr_t adj = (uintptr_t) self->stackblock + self->stackblock_size;
37 for (cbuf = THREAD_GETMEM (self, cleanup);
61 THREAD_SETMEM (self, cleanup, cbuf);
62 }
__libc_siglongjmp (env=0x11f3ce8, val=1) at longjmp.c:34
34 if (env[0].__mask_was_saved)
40 __longjmp (env[0].__jmpbuf, val ?: 1);
__longjmp () at ../sysdeps/x86_64/__longjmp.S:29
29 movq (JB_RSP*8)(%rdi),%r8
30 movq (JB_RBP*8)(%rdi),%r9
31 movq (JB_PC*8)(%rdi),%rdx
33 PTR_DEMANGLE (%r8)
34 PTR_DEMANGLE (%r9)
35 PTR_DEMANGLE (%rdx)
__longjmp () at ../sysdeps/x86_64/__longjmp.S:47
47 movq (JB_RBX*8)(%rdi),%rbx
48 movq (JB_R12*8)(%rdi),%r12
49 movq (JB_R13*8)(%rdi),%r13
50 movq (JB_R14*8)(%rdi),%r14
51 movq (JB_R15*8)(%rdi),%r15
53 mov %esi, %eax
54 movq %r8,%rsp
55 movq %r9,%rbp
56 jmpq *%rdx
cpu_ppc_exec (env1=0x11e4a10) at /home/kens/iso/aix/qemu/cpu-exec.c:659
659 } /* for(;;) */
285 if (setjmp(env->jmp_env) == 0) {
===========================================
(qemu) info cpus
===========================================
info cpus
* CPU #0: nip=0xfff0fcec thread_id=3237
===========================================
(qemu) info registers
===========================================
info registers
NIP fff0fcec LR fff0fcc4 CTR fff11558 XER 20000000
MSR 00003032 HID0 00000000 HF 00002000 idx 1
TB 00000000 2180099446 DECR 2114867875
GPR00 000000007fb9f0a0 000000007fcf7790 0000000000000000 000000007fba29b4
GPR04 00000000fffb403c 0000000000044200 00000000fff02464 0000000000044200
GPR08 0000000000000000 000000007fba29b4 000000000000000c 0000000000000820
GPR12 00000000000088ac 0000000000000000 00000000fff305f5 00000000fff30dac
GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4 00000000fffb3ec4
GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38 00000000fff2eeb8
GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204 00000000fffffff8
GPR28 0000000000000036 00000000fffb0000 00000000fffb0000 000000007fb9f0a8
CR 48000084 [ G L - - - - L G ] RES ffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 00000000
SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
===========================================
(qemu) x/20i $pc-4
===========================================
x/20i $pc-4
0xfff0fce8: beq- cr7,0xfff0fcfc
0xfff0fcec: lwz r10,4(r9)
0xfff0fcf0: lwz r11,-4(r31)
0xfff0fcf4: cmplw cr7,r10,r11
0xfff0fcf8: blt+ cr7,0xfff0fcdc
0xfff0fcfc: stw r9,-8(r31)
0xfff0fd00: stw r0,0(r3)
0xfff0fd04: addi r11,r1,16
0xfff0fd08: b 0xfff25e80
0xfff0fd0c: stwu r1,-32(r1)
0xfff0fd10: mflr r0
0xfff0fd14: stmw r29,20(r1)
0xfff0fd18: mr. r30,r3
0xfff0fd1c: stw r0,36(r1)
0xfff0fd20: mr r29,r4
0xfff0fd24: bne+ 0xfff0fd38
0xfff0fd28: mr r3,r4
0xfff0fd2c: bl 0xfff0848c
0xfff0fd30: mr r31,r3
0xfff0fd34: b 0xfff0fd84
===========================================
last entries from in_asm,op,op_opt,out_asm:
===========================================
IN:
0xfff11558: mflr r0
0xfff1155c: stwu r1,-16(r1)
0xfff11560: stw r0,20(r1)
0xfff11564: lwz r3,24(r3)
0xfff11568: bl 0xfff084ac
OP:
---- 0xfff11558
mov_i32 r0,lr
---- 0xfff1155c
movi_i32 access_type,$0x20
movi_i32 tmp1,$0xfffffff0
add_i32 tmp0,r1,tmp1
qemu_st32 r1,tmp0,$0x1
mov_i32 r1,tmp0
---- 0xfff11560
movi_i32 tmp1,$0x14
add_i32 tmp0,r1,tmp1
qemu_st32 r0,tmp0,$0x1
---- 0xfff11564
movi_i32 tmp1,$0x18
add_i32 tmp0,r3,tmp1
qemu_ld32 r3,tmp0,$0x1
---- 0xfff11568
movi_i32 lr,$0xfff1156c
movi_i32 nip,$0xfff084ac
exit_tb $0x0
OP after liveness analysis:
---- 0xfff11558
mov_i32 r0,lr
---- 0xfff1155c
movi_i32 access_type,$0x20
movi_i32 tmp1,$0xfffffff0
add_i32 tmp0,r1,tmp1
qemu_st32 r1,tmp0,$0x1
mov_i32 r1,tmp0
---- 0xfff11560
movi_i32 tmp1,$0x14
add_i32 tmp0,r1,tmp1
qemu_st32 r0,tmp0,$0x1
---- 0xfff11564
movi_i32 tmp1,$0x18
add_i32 tmp0,r3,tmp1
qemu_ld32 r3,tmp0,$0x1
---- 0xfff11568
movi_i32 lr,$0xfff1156c
movi_i32 nip,$0xfff084ac
exit_tb $0x0
end
OUT: [size=256]
0x400e7b60: mov 0x100(%r14),%ebp
0x400e7b67: mov 0x4(%r14),%ebx
0x400e7b6b: lea -0x10(%rbx),%r12d
0x400e7b6f: mov %ebp,(%r14)
0x400e7b72: mov $0x20,%ebp
0x400e7b77: mov %ebp,0x260(%r14)
0x400e7b7e: mov %r12d,%esi
0x400e7b81: mov %r12d,%edi
0x400e7b84: shr $0x7,%esi
0x400e7b87: and $0xfffff003,%edi
0x400e7b8d: and $0x1fe0,%esi
0x400e7b93: lea 0x228c(%r14,%rsi,1),%rsi
0x400e7b9b: cmp (%rsi),%edi
0x400e7b9d: mov %r12d,%edi
0x400e7ba0: jne 0x400e7bae
0x400e7ba2: add 0xc(%rsi),%rdi
0x400e7ba6: mov %ebx,%esi
0x400e7ba8: bswap %esi
0x400e7baa: mov %esi,(%rdi)
0x400e7bac: jmp 0x400e7bba
0x400e7bae: mov %ebx,%esi
0x400e7bb0: mov $0x1,%edx
0x400e7bb5: callq 0x57f0f5
0x400e7bba: lea 0x14(%r12),%ebp
0x400e7bbf: mov (%r14),%ebx
0x400e7bc2: mov %r12d,0x4(%r14)
0x400e7bc6: mov %ebp,%esi
0x400e7bc8: mov %ebp,%edi
0x400e7bca: shr $0x7,%esi
0x400e7bcd: and $0xfffff003,%edi
0x400e7bd3: and $0x1fe0,%esi
0x400e7bd9: lea 0x228c(%r14,%rsi,1),%rsi
0x400e7be1: cmp (%rsi),%edi
0x400e7be3: mov %ebp,%edi
0x400e7be5: jne 0x400e7bf3
0x400e7be7: add 0xc(%rsi),%rdi
0x400e7beb: mov %ebx,%esi
0x400e7bed: bswap %esi
0x400e7bef: mov %esi,(%rdi)
0x400e7bf1: jmp 0x400e7bff
0x400e7bf3: mov %ebx,%esi
0x400e7bf5: mov $0x1,%edx
0x400e7bfa: callq 0x57f0f5
0x400e7bff: mov 0xc(%r14),%ebp
0x400e7c03: lea 0x18(%rbp),%ebx
0x400e7c06: mov %ebx,%esi
0x400e7c08: mov %ebx,%edi
0x400e7c0a: shr $0x7,%esi
0x400e7c0d: and $0xfffff003,%edi
0x400e7c13: and $0x1fe0,%esi
0x400e7c19: lea 0x2288(%r14,%rsi,1),%rsi
0x400e7c21: cmp (%rsi),%edi
0x400e7c23: mov %ebx,%edi
0x400e7c25: jne 0x400e7c31
0x400e7c27: add 0x10(%rsi),%rdi
0x400e7c2b: mov (%rdi),%ebp
0x400e7c2d: bswap %ebp
0x400e7c2f: jmp 0x400e7c3d
0x400e7c31: mov $0x1,%esi
0x400e7c36: callq 0x57ecde
0x400e7c3b: mov %eax,%ebp
0x400e7c3d: mov %ebp,0xc(%r14)
0x400e7c41: mov $0xfff084ac,%ebp
0x400e7c46: mov %ebp,0x25c(%r14)
0x400e7c4d: mov $0xfff1156c,%ebp
0x400e7c52: mov %ebp,0x100(%r14)
0x400e7c59: xor %eax,%eax
0x400e7c5b: jmpq 0x11c0a4e
Again, if there are any suggestions how I can continue to debug this situatation where execution stops after starting to read bootfile.exe, I would appreciate it. I am willing to run any test or generate any output anyone suggests to get a better idea of where and why it is hung up.
Thank you,
Ken
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
2011-04-03 3:09 [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now) Kenneth Salerno
2011-04-03 4:13 ` malc
@ 2011-04-04 12:59 ` Brian Wheeler
1 sibling, 0 replies; 8+ messages in thread
From: Brian Wheeler @ 2011-04-04 12:59 UTC (permalink / raw)
To: qemu-devel
Out of curiosity, what command line did you use for this?
On Sat, 2011-04-02 at 20:09 -0700, Kenneth Salerno wrote:
> Hi,
>
> I have been using QEMU for a few years and periodically tested AIX V6.1 with qemu-system-ppc and read the various threads in the mailing list knowing not to expect it to work just yet. However, with OpenBIOS v1.0 I was surprised to find how far it gets now. Please see below and I would appreciate any advice on how to debug further:
>
> >> =============================================================
> >> OpenBIOS 1.0 [Jan 30 2011 08:46]
> >> Configuration device id QEMU version 1 machine id 2
> >> CPUs: 1
> >> Memory: 2047M
> >> UUID: 17202d0a-45f8-4159-a8e1-78b866f50aa7
> >> CPU type PowerPC,750
> Welcome to OpenBIOS v1.0 built on Jan 30 2011 08:46
> Trying cd:,\\:tbxi...
> Trying cd:,\ppc\bootinfo.txt...
>
>
>
> -------------------------------------------------------------------------------
> Welcome to AIX.
> boot image timestamp: 00:39 35/2D
> The current time and date: 23:00:50 04/02/2011
> processor count: 1; memory size: 2047MB; kernel size: 2293829
> boot device: cd:\ppc\chrp\bootfile.exe
>
> qemu>
> info cpus
> * CPU #0: nip=0xfff0fcdc thread_id=2527
>
> info registers
> NIP fff0fcec LR fff0fcc4 CTR fff11558 XER 20000000
> MSR 00003032 HID0 00000000 HF 00002000 idx 1
> TB 00000000 1542797983 DECR 2752169338
> GPR00 000000007fb9f0d0 000000007fcf7790 0000000000000000 000000007fba29e4
> GPR04 00000000fffb403c 0000000000044200 00000000fff02464 0000000000044200
> GPR08 0000000000000000 000000007fba29e4 000000000000000c 0000000000000820
> GPR12 00000000000088ac 0000000000000000 00000000fff305f5 00000000fff30dac
> GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4 00000000fffb3ec4
> GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38 00000000fff2eeb8
> GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204 00000000fffffff8
> GPR28 0000000000000036 00000000fffb0000 00000000fffb0000 000000007fb9f0d8
> CR 48000084 [ G L - - - - L G ] RES ffffffff
> FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> FPSCR 00000000
> SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
>
> x/20i $pc-10
> 0xfff0fcd2: fnmadd. f31,f24,f4,f18
> 0xfff0fcd6: .long 0xfff84800
> 0xfff0fcda: .long 0x87d23
> 0xfff0fcde: bla 0xff788120
> 0xfff0fce2: .long 0x2f89
> 0xfff0fce6: .long 0x419e
> 0xfff0fcea: .long 0x148149
> 0xfff0fcee: .long 0x4817f
> 0xfff0fcf2: .long 0xfffc7f8a
> 0xfff0fcf6: rlmi r0,r2,r8,6,14
> 0xfff0fcfa: fnmadd. f31,f4,f4,f18
> 0xfff0fcfe: .long 0xfff89003
> 0xfff0fd02: .long 0x3961
> 0xfff0fd06: .long 0x104801
> 0xfff0fd0a: ori r24,r11,37921
> 0xfff0fd0e: .long 0xffe07c08
> 0xfff0fd12: .long 0x2a6bfa1
> 0xfff0fd16: .long 0x147c7e
> 0xfff0fd1a: .long 0x1b799001
> 0xfff0fd1e: .long 0x247c9d
>
> last entry from out_asm:
> OUT: [size=256]
> 0x4157ae90: mov 0x100(%r14),%ebp
> 0x4157ae97: mov 0x4(%r14),%ebx
> 0x4157ae9b: lea -0x10(%rbx),%r12d
> 0x4157ae9f: mov %ebp,(%r14)
> 0x4157aea2: mov $0x20,%ebp
> 0x4157aea7: mov %ebp,0x260(%r14)
> 0x4157aeae: mov %r12d,%esi
> 0x4157aeb1: mov %r12d,%edi
> 0x4157aeb4: shr $0x7,%esi
> 0x4157aeb7: and $0xfffff003,%edi
> 0x4157aebd: and $0x1fe0,%esi
> 0x4157aec3: lea 0x228c(%r14,%rsi,1),%rsi
> 0x4157aecb: cmp (%rsi),%edi
> 0x4157aecd: mov %r12d,%edi
> 0x4157aed0: jne 0x4157aede
> 0x4157aed2: add 0xc(%rsi),%rdi
> 0x4157aed6: mov %ebx,%esi
> 0x4157aed8: bswap %esi
> 0x4157aeda: mov %esi,(%rdi)
> 0x4157aedc: jmp 0x4157aeea
> 0x4157aede: mov %ebx,%esi
> 0x4157aee0: mov $0x1,%edx
> 0x4157aee5: callq 0x57f0f5
> 0x4157aeea: lea 0x14(%r12),%ebp
> 0x4157aeef: mov (%r14),%ebx
> 0x4157aef2: mov %r12d,0x4(%r14)
> 0x4157aef6: mov %ebp,%esi
> 0x4157aef8: mov %ebp,%edi
> 0x4157aefa: shr $0x7,%esi
> 0x4157aefd: and $0xfffff003,%edi
> 0x4157af03: and $0x1fe0,%esi
> 0x4157af09: lea 0x228c(%r14,%rsi,1),%rsi
> 0x4157af11: cmp (%rsi),%edi
> 0x4157af13: mov %ebp,%edi
> 0x4157af15: jne 0x4157af23
> 0x4157af17: add 0xc(%rsi),%rdi
> 0x4157af1b: mov %ebx,%esi
> 0x4157af1d: bswap %esi
> 0x4157af1f: mov %esi,(%rdi)
> 0x4157af21: jmp 0x4157af2f
> 0x4157af23: mov %ebx,%esi
> 0x4157af25: mov $0x1,%edx
> 0x4157af2a: callq 0x57f0f5
> 0x4157af2f: mov 0xc(%r14),%ebp
> 0x4157af33: lea 0x18(%rbp),%ebx
> 0x4157af36: mov %ebx,%esi
> 0x4157af38: mov %ebx,%edi
> 0x4157af3a: shr $0x7,%esi
> 0x4157af3d: and $0xfffff003,%edi
> 0x4157af43: and $0x1fe0,%esi
> 0x4157af49: lea 0x2288(%r14,%rsi,1),%rsi
> 0x4157af51: cmp (%rsi),%edi
> 0x4157af53: mov %ebx,%edi
> 0x4157af55: jne 0x4157af61
> 0x4157af57: add 0x10(%rsi),%rdi
> 0x4157af5b: mov (%rdi),%ebp
> 0x4157af5d: bswap %ebp
> 0x4157af5f: jmp 0x4157af6d
> 0x4157af61: mov $0x1,%esi
> 0x4157af66: callq 0x57ecde
> 0x4157af6b: mov %eax,%ebp
> 0x4157af6d: mov %ebp,0xc(%r14)
> 0x4157af71: mov $0xfff084ac,%ebp
> 0x4157af76: mov %ebp,0x25c(%r14)
> 0x4157af7d: mov $0xfff1156c,%ebp
> 0x4157af82: mov %ebp,0x100(%r14)
> 0x4157af89: xor %eax,%eax
> 0x4157af8b: jmpq 0x11babee
>
> Thank you,
> Ken
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
@ 2011-04-04 20:28 Kenneth Salerno
2011-04-04 20:52 ` Brian Wheeler
0 siblings, 1 reply; 8+ messages in thread
From: Kenneth Salerno @ 2011-04-04 20:28 UTC (permalink / raw)
To: qemu-devel
--- On Sun, 4/3/11, Kenneth Salerno <kennethsalerno@yahoo.com> wrote:
> From: Kenneth Salerno <kennethsalerno@yahoo.com>
> Subject: Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
> To: "malc" <av1474@comtv.ru>
> Cc: qemu-devel@nongnu.org
> Date: Sunday, April 3, 2011, 6:52 PM
> --- On Sun, 4/3/11, Kenneth Salerno
> <kennethsalerno@yahoo.com>
> wrote:
>
> > From: Kenneth Salerno <kennethsalerno@yahoo.com>
> > Subject: Re: [Qemu-devel] Help Debugging AIX boot on
> qemu-system-ppc (it reads bootfile.exe now)
> > To: "malc" <av1474@comtv.ru>
> > Cc: qemu-devel@nongnu.org
> > Date: Sunday, April 3, 2011, 11:29 AM
> > --- On Sun, 4/3/11, malc <av1474@comtv.ru>
> > wrote:
> >
> > > From: malc <av1474@comtv.ru>
> > > Subject: Re: [Qemu-devel] Help Debugging AIX boot
> on
> > qemu-system-ppc (it reads bootfile.exe now)
> > > To: "Kenneth Salerno" <kennethsalerno@yahoo.com>
> > > Cc: qemu-devel@nongnu.org
> > > Date: Sunday, April 3, 2011, 12:13 AM
> > > On Sat, 2 Apr 2011, Kenneth Salerno
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > I have been using QEMU for a few years and
> > > periodically tested AIX V6.1 with qemu-system-ppc
> and
> > read
> > > the various threads in the mailing list knowing
> not
> > to
> > > expect it to work just yet. However, with
> OpenBIOS
> > v1.0 I
> > > was surprised to find how far it gets now. Please
> see
> > below
> > > and I would appreciate any advice on how to
> debug
> > further:
> > > >
> > > > >>
> > >
> >
> =============================================================
> > > > >> OpenBIOS 1.0 [Jan 30 2011 08:46]
> > > > >> Configuration device id QEMU
> version 1
> > > machine id 2
> > > > >> CPUs: 1
> > > > >> Memory: 2047M
> > > > >> UUID:
> > 17202d0a-45f8-4159-a8e1-78b866f50aa7
> > > > >> CPU type PowerPC,750
> > > > Welcome to OpenBIOS v1.0 built on Jan 30
> 2011
> > 08:46
> > > > Trying cd:,\\:tbxi...
> > > > Trying cd:,\ppc\bootinfo.txt...
> > > >
> > > >
> > > >
> > > >
> > >
> >
> -------------------------------------------------------------------------------
> > > >
>
> > > Welcome to AIX.
> > > > boot
> image
> > > timestamp: 00:39 35/2D
> > > > The current time
> and
> > date:
> > > 23:00:50 04/02/2011
> > > > processor count: 1; memory
> size:
> > > 2047MB; kernel size: 2293829
> > > > boot device:
> > > cd:\ppc\chrp\bootfile.exe
> > > >
> > > > qemu>
> > > > info cpus
> > > > * CPU #0: nip=0xfff0fcdc thread_id=2527
> > > >
> > > > info registers
> > > > NIP fff0fcec LR fff0fcc4 CTR fff11558
> XER
> > > 20000000
> > > > MSR 00003032 HID0 00000000 HF 00002000 idx
> 1
> > > > TB 00000000 1542797983 DECR 2752169338
> > > > GPR00 000000007fb9f0d0 000000007fcf7790
> > > 0000000000000000 000000007fba29e4
> > > > GPR04 00000000fffb403c 0000000000044200
> > > 00000000fff02464 0000000000044200
> > > > GPR08 0000000000000000 000000007fba29e4
> > > 000000000000000c 0000000000000820
> > > > GPR12 00000000000088ac 0000000000000000
> > > 00000000fff305f5 00000000fff30dac
> > > > GPR16 00000000fff2f14e 0000000004000000
> > > 00000000fffb36c4 00000000fffb3ec4
> > > > GPR20 00000000000030ec 00000000fff2ef4a
> > > 00000000fff2ef38 00000000fff2eeb8
> > > > GPR24 00000000fff2ef40 00000000fffb3628
> > > 0000000000044204 00000000fffffff8
> > > > GPR28 0000000000000036 00000000fffb0000
> > > 00000000fffb0000 000000007fb9f0d8
> > > > CR 48000084 [ G L - - - - L
> G
> > ]
> > > RES ffffffff
> > > > FPR00 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR04 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR08 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR12 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR16 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR20 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR24 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR28 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPSCR 00000000
> > > > SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
> > > >
> > > > x/20i $pc-10
> > >
> > > Unless i'm missing something, what follows does
> not
> > make
> > > any
> > > sense (and for a good reason: 10 is not multiple
> of 4
> > > (opcode size on
> > > ppc))
> >
> > (qemu) x/20i $pc-4
> > x/20i $pc-4
> > 0xfff0fcd8: b
> > 0xfff0fce0
> > 0xfff0fcdc: mr r3,r9
> > 0xfff0fce0: lwz r9,0(r3)
> > 0xfff0fce4: cmpwi cr7,r9,0
> > 0xfff0fce8: beq- cr7,0xfff0fcfc
> > 0xfff0fcec: lwz r10,4(r9)
> > 0xfff0fcf0: lwz r11,-4(r31)
> > 0xfff0fcf4: cmplw cr7,r10,r11
> > 0xfff0fcf8: blt+ cr7,0xfff0fcdc
> > 0xfff0fcfc: stw r9,-8(r31)
> > 0xfff0fd00: stw r0,0(r3)
> > 0xfff0fd04: addi r11,r1,16
> > 0xfff0fd08: b
> > 0xfff25e80
> > 0xfff0fd0c: stwu r1,-32(r1)
> > 0xfff0fd10: mflr r0
> > 0xfff0fd14: stmw r29,20(r1)
> > 0xfff0fd18: mr. r30,r3
> > 0xfff0fd1c: stw r0,36(r1)
> > 0xfff0fd20: mr r29,r4
> > 0xfff0fd24: bne+ 0xfff0fd38
> >
> > (qemu) info registers
> > info registers
> > NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> > 20000000
> > MSR 00003032 HID0 00000000 HF 00002000 idx 1
> > TB 00000000 2208586352 DECR 2086380980
> > GPR00 000000007fb9f0a0 000000007fcf7790
> 0000000000000000
> > 000000007fba29b4
> > GPR04 00000000fffb403c 0000000000044200
> 00000000fff02464
> > 0000000000044200
> > GPR08 0000000000000000 000000007fba29b4
> 000000000000000c
> > 0000000000000820
> > GPR12 00000000000088ac 0000000000000000
> 00000000fff305f5
> > 00000000fff30dac
> > GPR16 00000000fff2f14e 0000000004000000
> 00000000fffb36c4
> > 00000000fffb3ec4
> > GPR20 00000000000030ec 00000000fff2ef4a
> 00000000fff2ef38
> > 00000000fff2eeb8
> > GPR24 00000000fff2ef40 00000000fffb3628
> 0000000000044204
> > 00000000fffffff8
> > GPR28 0000000000000036 00000000fffb0000
> 00000000fffb0000
> > 000000007fb9f0a8
> > CR 48000084 [ G L - - -
> > - L G ]
> > RES ffffffff
> > FPR00 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR04 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR08 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR12 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR16 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR20 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR24 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR28 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPSCR 00000000
> > SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
> >
> > OUT: [size=256]
> > 0x40576b60: mov 0x100(%r14),%ebp
> > 0x40576b67: mov 0x4(%r14),%ebx
> > 0x40576b6b: lea -0x10(%rbx),%r12d
> > 0x40576b6f: mov %ebp,(%r14)
> > 0x40576b72: mov $0x20,%ebp
> > 0x40576b77: mov %ebp,0x260(%r14)
> > 0x40576b7e: mov %r12d,%esi
> > 0x40576b81: mov %r12d,%edi
> > 0x40576b84: shr $0x7,%esi
> > 0x40576b87: and $0xfffff003,%edi
> > 0x40576b8d: and $0x1fe0,%esi
> > 0x40576b93: lea
> > 0x228c(%r14,%rsi,1),%rsi
> > 0x40576b9b: cmp (%rsi),%edi
> > 0x40576b9d: mov %r12d,%edi
> > 0x40576ba0: jne 0x40576bae
> > 0x40576ba2: add 0xc(%rsi),%rdi
> > 0x40576ba6: mov %ebx,%esi
> > 0x40576ba8: bswap %esi
> > 0x40576baa: mov %esi,(%rdi)
> > 0x40576bac: jmp 0x40576bba
> > 0x40576bae: mov %ebx,%esi
> > 0x40576bb0: mov $0x1,%edx
> > 0x40576bb5: callq 0x57f0f5
> > 0x40576bba: lea 0x14(%r12),%ebp
> > 0x40576bbf: mov (%r14),%ebx
> > 0x40576bc2: mov %r12d,0x4(%r14)
> > 0x40576bc6: mov %ebp,%esi
> > 0x40576bc8: mov %ebp,%edi
> > 0x40576bca: shr $0x7,%esi
> > 0x40576bcd: and $0xfffff003,%edi
> > 0x40576bd3: and $0x1fe0,%esi
> > 0x40576bd9: lea
> > 0x228c(%r14,%rsi,1),%rsi
> > 0x40576be1: cmp (%rsi),%edi
> > 0x40576be3: mov %ebp,%edi
> > 0x40576be5: jne 0x40576bf3
> > 0x40576be7: add 0xc(%rsi),%rdi
> > 0x40576beb: mov %ebx,%esi
> > 0x40576bed: bswap %esi
> > 0x40576bef: mov %esi,(%rdi)
> > 0x40576bf1: jmp 0x40576bff
> > 0x40576bf3: mov %ebx,%esi
> > 0x40576bf5: mov $0x1,%edx
> > 0x40576bfa: callq 0x57f0f5
> > 0x40576bff: mov 0xc(%r14),%ebp
> > 0x40576c03: lea 0x18(%rbp),%ebx
> > 0x40576c06: mov %ebx,%esi
> > 0x40576c08: mov %ebx,%edi
> > 0x40576c0a: shr $0x7,%esi
> > 0x40576c0d: and $0xfffff003,%edi
> > 0x40576c13: and $0x1fe0,%esi
> > 0x40576c19: lea
> > 0x2288(%r14,%rsi,1),%rsi
> > 0x40576c21: cmp (%rsi),%edi
> > 0x40576c23: mov %ebx,%edi
> > 0x40576c25: jne 0x40576c31
> > 0x40576c27: add 0x10(%rsi),%rdi
> > 0x40576c2b: mov (%rdi),%ebp
> > 0x40576c2d: bswap %ebp
> > 0x40576c2f: jmp 0x40576c3d
> > 0x40576c31: mov $0x1,%esi
> > 0x40576c36: callq 0x57ecde
> > 0x40576c3b: mov %eax,%ebp
> > 0x40576c3d: mov %ebp,0xc(%r14)
> > 0x40576c41: mov $0xfff084ac,%ebp
> > 0x40576c46: mov %ebp,0x25c(%r14)
> > 0x40576c4d: mov $0xfff1156c,%ebp
> > 0x40576c52: mov %ebp,0x100(%r14)
> > 0x40576c59: xor %eax,%eax
> > 0x40576c5b: jmpq 0x11c0a4e
> >
> > >
> > > > 0xfff0fcd2: fnmadd. f31,f24,f4,f18
> > > > 0xfff0fcd6: .long 0xfff84800
> > > > 0xfff0fcda: .long 0x87d23
> > > > 0xfff0fcde: bla 0xff788120
> > > > 0xfff0fce2: .long 0x2f89
> > > > 0xfff0fce6: .long 0x419e
> > > > 0xfff0fcea: .long 0x148149
> > > > 0xfff0fcee: .long 0x4817f
> > > > 0xfff0fcf2: .long 0xfffc7f8a
> > > > 0xfff0fcf6: rlmi r0,r2,r8,6,14
> > > > 0xfff0fcfa: fnmadd. f31,f4,f4,f18
> > > > 0xfff0fcfe: .long 0xfff89003
> > > > 0xfff0fd02: .long 0x3961
> > > > 0xfff0fd06: .long 0x104801
> > > > 0xfff0fd0a: ori r24,r11,37921
> > > > 0xfff0fd0e: .long 0xffe07c08
> > > > 0xfff0fd12: .long 0x2a6bfa1
> > > > 0xfff0fd16: .long 0x147c7e
> > > > 0xfff0fd1a: .long 0x1b799001
> > > > 0xfff0fd1e: .long 0x247c9d
> > > >
> > > > last entry from out_asm:
> > > > OUT: [size=256]
> > > > 0x4157ae90: mov 0x100(%r14),%ebp
> > > > 0x4157ae97: mov 0x4(%r14),%ebx
> > > > 0x4157ae9b: lea -0x10(%rbx),%r12d
> > > > 0x4157ae9f: mov %ebp,(%r14)
> > > > 0x4157aea2: mov $0x20,%ebp
> > > > 0x4157aea7: mov %ebp,0x260(%r14)
> > > > 0x4157aeae: mov %r12d,%esi
> > > > 0x4157aeb1: mov %r12d,%edi
> > > > 0x4157aeb4: shr $0x7,%esi
> > > > 0x4157aeb7: and $0xfffff003,%edi
> > > > 0x4157aebd: and $0x1fe0,%esi
> > > > 0x4157aec3: lea
> > > 0x228c(%r14,%rsi,1),%rsi
> > > > 0x4157aecb: cmp (%rsi),%edi
> > > > 0x4157aecd: mov %r12d,%edi
> > > > 0x4157aed0: jne 0x4157aede
> > > > 0x4157aed2: add 0xc(%rsi),%rdi
> > > > 0x4157aed6: mov %ebx,%esi
> > > > 0x4157aed8: bswap %esi
> > > > 0x4157aeda: mov %esi,(%rdi)
> > > > 0x4157aedc: jmp 0x4157aeea
> > > > 0x4157aede: mov %ebx,%esi
> > > > 0x4157aee0: mov $0x1,%edx
> > > > 0x4157aee5: callq 0x57f0f5
> > > > 0x4157aeea: lea 0x14(%r12),%ebp
> > > > 0x4157aeef: mov (%r14),%ebx
> > > > 0x4157aef2: mov %r12d,0x4(%r14)
> > > > 0x4157aef6: mov %ebp,%esi
> > > > 0x4157aef8: mov %ebp,%edi
> > > > 0x4157aefa: shr $0x7,%esi
> > > > 0x4157aefd: and $0xfffff003,%edi
> > > > 0x4157af03: and $0x1fe0,%esi
> > > > 0x4157af09: lea
> > > 0x228c(%r14,%rsi,1),%rsi
> > > > 0x4157af11: cmp (%rsi),%edi
> > > > 0x4157af13: mov %ebp,%edi
> > > > 0x4157af15: jne 0x4157af23
> > > > 0x4157af17: add 0xc(%rsi),%rdi
> > > > 0x4157af1b: mov %ebx,%esi
> > > > 0x4157af1d: bswap %esi
> > > > 0x4157af1f: mov %esi,(%rdi)
> > > > 0x4157af21: jmp 0x4157af2f
> > > > 0x4157af23: mov %ebx,%esi
> > > > 0x4157af25: mov $0x1,%edx
> > > > 0x4157af2a: callq 0x57f0f5
> > > > 0x4157af2f: mov 0xc(%r14),%ebp
> > > > 0x4157af33: lea 0x18(%rbp),%ebx
> > > > 0x4157af36: mov %ebx,%esi
> > > > 0x4157af38: mov %ebx,%edi
> > > > 0x4157af3a: shr $0x7,%esi
> > > > 0x4157af3d: and $0xfffff003,%edi
> > > > 0x4157af43: and $0x1fe0,%esi
> > > > 0x4157af49: lea
> > > 0x2288(%r14,%rsi,1),%rsi
> > > > 0x4157af51: cmp (%rsi),%edi
> > > > 0x4157af53: mov %ebx,%edi
> > > > 0x4157af55: jne 0x4157af61
> > > > 0x4157af57: add 0x10(%rsi),%rdi
> > > > 0x4157af5b: mov (%rdi),%ebp
> > > > 0x4157af5d: bswap %ebp
> > > > 0x4157af5f: jmp 0x4157af6d
> > > > 0x4157af61: mov $0x1,%esi
> > > > 0x4157af66: callq 0x57ecde
> > > > 0x4157af6b: mov %eax,%ebp
> > > > 0x4157af6d: mov %ebp,0xc(%r14)
> > > > 0x4157af71: mov $0xfff084ac,%ebp
> > > > 0x4157af76: mov %ebp,0x25c(%r14)
> > > > 0x4157af7d: mov $0xfff1156c,%ebp
> > > > 0x4157af82: mov %ebp,0x100(%r14)
> > > > 0x4157af89: xor %eax,%eax
> > > > 0x4157af8b: jmpq 0x11babee
> > > >
> > > > Thank you,
> > > > Ken
> > > >
> > >
> > > --
> > > mailto:av1474@comtv.ru
> >
>
> I am posting new debug info here to give the complete
> picture:
>
> ===========================================
> gdb
> ===========================================
> cpu_ppc_exec (env1=0x11e4a10) at
> /home/kens/iso/aix/qemu/cpu-exec.c:446
> 446
> if
> (env->pending_interrupts == 0)
> 448
> next_tb
> = 0;
> 557
> if
> (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
> 564
> if (unlikely(env->exit_request))
> {
> 565
> env->exit_request
> = 0;
> 566
>
> env->exception_index = EXCP_INTERRUPT;
> 567
> cpu_loop_exit();
> cpu_loop_exit () at /home/kens/iso/aix/qemu/cpu-exec.c:59
> 59 {
> 60 env->current_tb =
> NULL;
> 61
> longjmp(env->jmp_env, 1);
> longjmp (env=0x11f3ce8, val=1) at
> ../nptl/sysdeps/pthread/pt-longjmp.c:26
> 26 {
> 27 __libc_longjmp (env, val);
> __libc_siglongjmp (env=0x11f3ce8, val=1) at longjmp.c:30
> 30 {
> 32 _longjmp_unwind (env, val);
> _longjmp_unwind (env=0x11f3ce8, val=1)
> at
> ../nptl/sysdeps/unix/sysv/linux/jmp-unwind.c:32
> 32 if
> (__libc_pthread_functions_init)
> 33 PTHFCT_CALL
> (ptr___pthread_cleanup_upto, (env->__jmpbuf,
> __pthread_cleanup_upto (target=0x11f3ce8,
> targetframe=0x7fffffffda68
> "\030_o\366\377\177") at pt-cleanup.c:27
> 27 {
> 28 struct pthread *self =
> THREAD_SELF;
> 27 {
> 34 uintptr_t adj = (uintptr_t)
> self->stackblock + self->stackblock_size;
> 37 for (cbuf = THREAD_GETMEM
> (self, cleanup);
> 61 THREAD_SETMEM (self, cleanup,
> cbuf);
> 62 }
> __libc_siglongjmp (env=0x11f3ce8, val=1) at longjmp.c:34
> 34 if (env[0].__mask_was_saved)
> 40 __longjmp (env[0].__jmpbuf,
> val ?: 1);
> __longjmp () at ../sysdeps/x86_64/__longjmp.S:29
> 29 movq
> (JB_RSP*8)(%rdi),%r8
> 30 movq
> (JB_RBP*8)(%rdi),%r9
> 31 movq
> (JB_PC*8)(%rdi),%rdx
> 33
> PTR_DEMANGLE (%r8)
> 34
> PTR_DEMANGLE (%r9)
> 35
> PTR_DEMANGLE (%rdx)
> __longjmp () at ../sysdeps/x86_64/__longjmp.S:47
> 47 movq
> (JB_RBX*8)(%rdi),%rbx
> 48 movq
> (JB_R12*8)(%rdi),%r12
> 49 movq
> (JB_R13*8)(%rdi),%r13
> 50 movq
> (JB_R14*8)(%rdi),%r14
> 51 movq
> (JB_R15*8)(%rdi),%r15
> 53 mov
> %esi, %eax
> 54 movq
> %r8,%rsp
> 55 movq
> %r9,%rbp
> 56 jmpq
> *%rdx
> cpu_ppc_exec (env1=0x11e4a10) at
> /home/kens/iso/aix/qemu/cpu-exec.c:659
> 659 } /* for(;;) */
> 285 if
> (setjmp(env->jmp_env) == 0) {
>
> ===========================================
> (qemu) info cpus
> ===========================================
> info cpus
> * CPU #0: nip=0xfff0fcec thread_id=3237
>
> ===========================================
> (qemu) info registers
> ===========================================
> info registers
> NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> 20000000
> MSR 00003032 HID0 00000000 HF 00002000 idx 1
> TB 00000000 2180099446 DECR 2114867875
> GPR00 000000007fb9f0a0 000000007fcf7790 0000000000000000
> 000000007fba29b4
> GPR04 00000000fffb403c 0000000000044200 00000000fff02464
> 0000000000044200
> GPR08 0000000000000000 000000007fba29b4 000000000000000c
> 0000000000000820
> GPR12 00000000000088ac 0000000000000000 00000000fff305f5
> 00000000fff30dac
> GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4
> 00000000fffb3ec4
> GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38
> 00000000fff2eeb8
> GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204
> 00000000fffffff8
> GPR28 0000000000000036 00000000fffb0000 00000000fffb0000
> 000000007fb9f0a8
> CR 48000084 [ G L - - -
> - L G ]
> RES ffffffff
> FPR00 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR04 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR08 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR12 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR16 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR20 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR24 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR28 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPSCR 00000000
> SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
>
> ===========================================
> (qemu) x/20i $pc-4
> ===========================================
> x/20i $pc-4
> 0xfff0fce8: beq- cr7,0xfff0fcfc
> 0xfff0fcec: lwz r10,4(r9)
> 0xfff0fcf0: lwz r11,-4(r31)
> 0xfff0fcf4: cmplw cr7,r10,r11
> 0xfff0fcf8: blt+ cr7,0xfff0fcdc
> 0xfff0fcfc: stw r9,-8(r31)
> 0xfff0fd00: stw r0,0(r3)
> 0xfff0fd04: addi r11,r1,16
> 0xfff0fd08: b
> 0xfff25e80
> 0xfff0fd0c: stwu r1,-32(r1)
> 0xfff0fd10: mflr r0
> 0xfff0fd14: stmw r29,20(r1)
> 0xfff0fd18: mr. r30,r3
> 0xfff0fd1c: stw r0,36(r1)
> 0xfff0fd20: mr r29,r4
> 0xfff0fd24: bne+ 0xfff0fd38
> 0xfff0fd28: mr r3,r4
> 0xfff0fd2c: bl 0xfff0848c
> 0xfff0fd30: mr r31,r3
> 0xfff0fd34: b
> 0xfff0fd84
>
> ===========================================
> last entries from in_asm,op,op_opt,out_asm:
> ===========================================
> IN:
> 0xfff11558: mflr r0
> 0xfff1155c: stwu r1,-16(r1)
> 0xfff11560: stw r0,20(r1)
> 0xfff11564: lwz r3,24(r3)
> 0xfff11568: bl 0xfff084ac
>
> OP:
> ---- 0xfff11558
> mov_i32 r0,lr
>
> ---- 0xfff1155c
> movi_i32 access_type,$0x20
> movi_i32 tmp1,$0xfffffff0
> add_i32 tmp0,r1,tmp1
> qemu_st32 r1,tmp0,$0x1
> mov_i32 r1,tmp0
>
> ---- 0xfff11560
> movi_i32 tmp1,$0x14
> add_i32 tmp0,r1,tmp1
> qemu_st32 r0,tmp0,$0x1
>
> ---- 0xfff11564
> movi_i32 tmp1,$0x18
> add_i32 tmp0,r3,tmp1
> qemu_ld32 r3,tmp0,$0x1
>
> ---- 0xfff11568
> movi_i32 lr,$0xfff1156c
> movi_i32 nip,$0xfff084ac
> exit_tb $0x0
>
> OP after liveness analysis:
> ---- 0xfff11558
> mov_i32 r0,lr
>
> ---- 0xfff1155c
> movi_i32 access_type,$0x20
> movi_i32 tmp1,$0xfffffff0
> add_i32 tmp0,r1,tmp1
> qemu_st32 r1,tmp0,$0x1
> mov_i32 r1,tmp0
>
> ---- 0xfff11560
> movi_i32 tmp1,$0x14
> add_i32 tmp0,r1,tmp1
> qemu_st32 r0,tmp0,$0x1
>
> ---- 0xfff11564
> movi_i32 tmp1,$0x18
> add_i32 tmp0,r3,tmp1
> qemu_ld32 r3,tmp0,$0x1
>
> ---- 0xfff11568
> movi_i32 lr,$0xfff1156c
> movi_i32 nip,$0xfff084ac
> exit_tb $0x0
> end
>
> OUT: [size=256]
> 0x400e7b60: mov 0x100(%r14),%ebp
> 0x400e7b67: mov 0x4(%r14),%ebx
> 0x400e7b6b: lea -0x10(%rbx),%r12d
> 0x400e7b6f: mov %ebp,(%r14)
> 0x400e7b72: mov $0x20,%ebp
> 0x400e7b77: mov %ebp,0x260(%r14)
> 0x400e7b7e: mov %r12d,%esi
> 0x400e7b81: mov %r12d,%edi
> 0x400e7b84: shr $0x7,%esi
> 0x400e7b87: and $0xfffff003,%edi
> 0x400e7b8d: and $0x1fe0,%esi
> 0x400e7b93: lea
> 0x228c(%r14,%rsi,1),%rsi
> 0x400e7b9b: cmp (%rsi),%edi
> 0x400e7b9d: mov %r12d,%edi
> 0x400e7ba0: jne 0x400e7bae
> 0x400e7ba2: add 0xc(%rsi),%rdi
> 0x400e7ba6: mov %ebx,%esi
> 0x400e7ba8: bswap %esi
> 0x400e7baa: mov %esi,(%rdi)
> 0x400e7bac: jmp 0x400e7bba
> 0x400e7bae: mov %ebx,%esi
> 0x400e7bb0: mov $0x1,%edx
> 0x400e7bb5: callq 0x57f0f5
> 0x400e7bba: lea 0x14(%r12),%ebp
> 0x400e7bbf: mov (%r14),%ebx
> 0x400e7bc2: mov %r12d,0x4(%r14)
> 0x400e7bc6: mov %ebp,%esi
> 0x400e7bc8: mov %ebp,%edi
> 0x400e7bca: shr $0x7,%esi
> 0x400e7bcd: and $0xfffff003,%edi
> 0x400e7bd3: and $0x1fe0,%esi
> 0x400e7bd9: lea
> 0x228c(%r14,%rsi,1),%rsi
> 0x400e7be1: cmp (%rsi),%edi
> 0x400e7be3: mov %ebp,%edi
> 0x400e7be5: jne 0x400e7bf3
> 0x400e7be7: add 0xc(%rsi),%rdi
> 0x400e7beb: mov %ebx,%esi
> 0x400e7bed: bswap %esi
> 0x400e7bef: mov %esi,(%rdi)
> 0x400e7bf1: jmp 0x400e7bff
> 0x400e7bf3: mov %ebx,%esi
> 0x400e7bf5: mov $0x1,%edx
> 0x400e7bfa: callq 0x57f0f5
> 0x400e7bff: mov 0xc(%r14),%ebp
> 0x400e7c03: lea 0x18(%rbp),%ebx
> 0x400e7c06: mov %ebx,%esi
> 0x400e7c08: mov %ebx,%edi
> 0x400e7c0a: shr $0x7,%esi
> 0x400e7c0d: and $0xfffff003,%edi
> 0x400e7c13: and $0x1fe0,%esi
> 0x400e7c19: lea
> 0x2288(%r14,%rsi,1),%rsi
> 0x400e7c21: cmp (%rsi),%edi
> 0x400e7c23: mov %ebx,%edi
> 0x400e7c25: jne 0x400e7c31
> 0x400e7c27: add 0x10(%rsi),%rdi
> 0x400e7c2b: mov (%rdi),%ebp
> 0x400e7c2d: bswap %ebp
> 0x400e7c2f: jmp 0x400e7c3d
> 0x400e7c31: mov $0x1,%esi
> 0x400e7c36: callq 0x57ecde
> 0x400e7c3b: mov %eax,%ebp
> 0x400e7c3d: mov %ebp,0xc(%r14)
> 0x400e7c41: mov $0xfff084ac,%ebp
> 0x400e7c46: mov %ebp,0x25c(%r14)
> 0x400e7c4d: mov $0xfff1156c,%ebp
> 0x400e7c52: mov %ebp,0x100(%r14)
> 0x400e7c59: xor %eax,%eax
> 0x400e7c5b: jmpq 0x11c0a4e
>
> Again, if there are any suggestions how I can continue to
> debug this situatation where execution stops after starting
> to read bootfile.exe, I would appreciate it. I am willing to
> run any test or generate any output anyone suggests to get a
> better idea of where and why it is hung up.
>
> Thank you,
> Ken
>
--- On Mon, 04 Apr 2011 08:59:37 -0400, Brian Wheeler wrote:
> Out of curiosity, what command line did you use for this?
./qemu/ppc-softmmu/qemu-system-ppc \
-net none \
-m 2047 \
-nographic \
-bios ./qemu/pc-bios/openbios-ppc \
-hda aix.img \
-cdrom ibmvios.iso \
-boot d \
-rtc base=localtime,clock=host \
-uuid xx...
-monitor tcp:127.0.0.1:9979,server,nowait \
-serial tcp:127.0.0.1:9980,server,nowait \
-d in_asm,out_asm,op,op_opt
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
2011-04-04 20:28 Kenneth Salerno
@ 2011-04-04 20:52 ` Brian Wheeler
2011-04-05 15:43 ` Mark Cave-Ayland
0 siblings, 1 reply; 8+ messages in thread
From: Brian Wheeler @ 2011-04-04 20:52 UTC (permalink / raw)
To: qemu-devel
Booting AIX 5.2 gives me
-------------------------------------------------------------------------------
Welcome to AIX.
boot image timestamp: 70:80 15/C0
The current time and date: 20:40:45 04/04/2011
number of processors: 1 size of memory: 2047Mb
boot device: cd:\ppc\chrp\bootfile.exe
Validation failed: the "/rtas" device node does not exist.
EXIT
So at least for earlier versions of AIX there are still missing firmware
bits.
Brian
On Mon, 2011-04-04 at 13:28 -0700, Kenneth Salerno wrote:
> --- On Mon, 04 Apr 2011 08:59:37 -0400, Brian Wheeler wrote:
>
> > Out of curiosity, what command line did you use for this?
>
> ./qemu/ppc-softmmu/qemu-system-ppc \
> -net none \
> -m 2047 \
> -nographic \
> -bios ./qemu/pc-bios/openbios-ppc \
> -hda aix.img \
> -cdrom ibmvios.iso \
> -boot d \
> -rtc base=localtime,clock=host \
> -uuid xx...
> -monitor tcp:127.0.0.1:9979,server,nowait \
> -serial tcp:127.0.0.1:9980,server,nowait \
> -d in_asm,out_asm,op,op_opt
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now)
2011-04-04 20:52 ` Brian Wheeler
@ 2011-04-05 15:43 ` Mark Cave-Ayland
0 siblings, 0 replies; 8+ messages in thread
From: Mark Cave-Ayland @ 2011-04-05 15:43 UTC (permalink / raw)
To: qemu-devel
On 04/04/11 21:52, Brian Wheeler wrote:
> Booting AIX 5.2 gives me
>
> -------------------------------------------------------------------------------
> Welcome to AIX.
> boot image timestamp: 70:80 15/C0
> The current time and date: 20:40:45 04/04/2011
> number of processors: 1 size of memory: 2047Mb
> boot device: cd:\ppc\chrp\bootfile.exe
> Validation failed: the "/rtas" device node does not exist.
> EXIT
>
>
> So at least for earlier versions of AIX there are still missing firmware
> bits.
>
> Brian
Ah yes - I know Andreas was working to try and add PPC64 support to
OpenBIOS a few months back, and he got stuck trying to interface to
RTAS. I'm not sure whether he got anywhere with PPC32 though.
At the moment Andreas is away, but if you are able to offer some
development resource to help with this then please come and join us over
on the OpenBIOS list and get the discussion started there.
ATB,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-04-05 15:43 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-03 3:09 [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now) Kenneth Salerno
2011-04-03 4:13 ` malc
2011-04-03 15:29 ` Kenneth Salerno
2011-04-04 12:59 ` Brian Wheeler
-- strict thread matches above, loose matches on Subject: below --
2011-04-03 22:52 Kenneth Salerno
2011-04-04 20:28 Kenneth Salerno
2011-04-04 20:52 ` Brian Wheeler
2011-04-05 15:43 ` Mark Cave-Ayland
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).