From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KFJJt-000467-5u
	for qemu-devel@nongnu.org; Sat, 05 Jul 2008 21:45:41 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KFJJo-00045v-Lp
	for qemu-devel@nongnu.org; Sat, 05 Jul 2008 21:45:39 -0400
Received: from [199.232.76.173] (port=58616 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KFJJo-00045s-Dq
	for qemu-devel@nongnu.org; Sat, 05 Jul 2008 21:45:36 -0400
Received: from wsip-68-15-230-7.om.om.cox.net ([68.15.230.7]:51195
	helo=hachi.dashjr.org) by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <luke@dashjr.org>) id 1KFJJm-0004X1-KY
	for qemu-devel@nongnu.org; Sat, 05 Jul 2008 21:45:36 -0400
Received: from yokochan.lan (yokochan.lan
	[IPv6:2002:440d:6de2:0:20d:60ff:fe77:7d85])
	(Authenticated sender: luke-jr)
	by hachi.dashjr.org (Postfix) with ESMTP id 6733C9601C5
	for <qemu-devel@nongnu.org>; Sun,  6 Jul 2008 01:45:23 +0000 (UTC)
From: Luke -Jr <luke@dashjr.org>
Subject: Re: [Qemu-devel] MIPS emulation
Date: Sat, 5 Jul 2008 20:45:10 -0500
References: <200806271350.40937.luke@dashjr.org>
	<20080704024417.GP7007@networkno.de>
	<200807032227.37956.luke@dashjr.org>
In-Reply-To: <200807032227.37956.luke@dashjr.org>
MIME-Version: 1.0
Content-Type: Multipart/Mixed;
  boundary="Boundary-00=_sOCcIyKZRUTEgBE"
Message-Id: <200807052045.17038.luke@dashjr.org>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

--Boundary-00=_sOCcIyKZRUTEgBE
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I've attached a log of my qemu session... it gives the same results I expected 
from manual disassembly. Does anyone have any clues as to why this works on 
real hardware?

--Boundary-00=_sOCcIyKZRUTEgBE
Content-Type: text/x-log;
  charset="iso-8859-1";
  name="qemu.log"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="qemu.log"

cpu_mips_handle_mmu_fault pc bfc00000 ad bfc00000 rw 2 mmu_idx 0 smmu 1
cpu_mips_handle_mmu_fault address=bfc00000 ret 0 physical 1fc00000 prot 3
------------------------------------------------
pc=0xbfc00000 HI=0x08428ec4 LO=0x08428ed4 ds 0010 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x00400004 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00000:  j	0xbfc00010
0xbfc00004:  nop

---------------- 2 00000010
------------------------------------------------
pc=0xbfc00010 HI=0x08428ec4 LO=0x08428ed4 ds 0010 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x00400004 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00010:  j	0xbfc00410
0xbfc00014:  nop

---------------- 2 00000010
------------------------------------------------
pc=0xbfc00410 HI=0x08428ec4 LO=0x08428ed4 ds 0010 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x00400004 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00410:  lui	t0,0x40
0xbfc00414:  mtc0	t0,$12

---------------- 3 00000010
Status 00400004 (00000000) => 00400000 (00000000) Cause 00000400
------------------------------------------------
pc=0xbfc00418 HI=0x08428ec4 LO=0x08428ed4 ds 0090 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00400000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00418:  mtc0	zero,$13

---------------- 1 00000090
------------------------------------------------
pc=0xbfc0041c HI=0x08428ec4 LO=0x08428ed4 ds 0090 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00400000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc0041c:  lui	t0,0x9fc0
0xbfc00420:  addiu	t0,t0,1076
0xbfc00424:  lui	t9,0xa000
0xbfc00428:  or	t0,t0,t9
0xbfc0042c:  jr	t0
0xbfc00430:  nop

---------------- 2 00000090
------------------------------------------------
pc=0xbfc00434 HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc00434 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 bfc00434 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00434:  jal	0xbfc008bc
0xbfc00438:  nop

---------------- 2 00000090
------------------------------------------------
pc=0xbfc008bc HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc00434 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 bfc00434 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc0043c
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc008bc:  move	s0,ra
0xbfc008c0:  lui	k1,0x9fc0
0xbfc008c4:  addiu	k1,k1,32
0xbfc008c8:  or	k1,k1,t9
0xbfc008cc:  lw	k0,0(k1)
0xbfc008d0:  beqz	k0,0xbfc0095c
0xbfc008d4:  nop

---------------- 2 00000090
------------------------------------------------
pc=0xbfc008d8 HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc00434 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 bfc00434 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 9fc00050 k1 bfc00020
GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc0043c
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc008d8:  or	k0,k0,t9
0xbfc008dc:  lhu	a0,0(k0)
0xbfc008e0:  lw	t0,8(k0)
0xbfc008e4:  lw	a1,0(t0)
0xbfc008e8:  lw	t1,20(k0)
0xbfc008ec:  lw	a2,4(k0)
0xbfc008f0:  or	t1,t1,t9
0xbfc008f4:  jalr	t1
0xbfc008f8:  nop

---------------- 2 00000090
cpu_mips_handle_mmu_fault pc bfc008d8 ad 9fc00398 rw 0 mmu_idx 0 smmu 1
cpu_mips_handle_mmu_fault address=9fc00398 ret 0 physical 1fc00398 prot 3
cpu_mips_handle_mmu_fault pc bfc008d8 ad bfc00064 rw 0 mmu_idx 0 smmu 1
cpu_mips_handle_mmu_fault address=bfc00064 ret 0 physical 1fc00064 prot 3
------------------------------------------------
pc=0xbfc0096c HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc0096c 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc0096c:  lhu	t0,0(a1)
0xbfc00970:  bne	t0,a0,0xbfc009c4
0xbfc00974:  nop

---------------- 2 00000090
cpu_mips_handle_mmu_fault pc bfc0096c ad fffe0000 rw 0 mmu_idx 0 smmu 1
cpu_mips_handle_mmu_fault address=fffe0000 ret -2 physical b7ceca12 prot 138223624
search pc 1
------------------------------------------------
pc=0xbfc0096c HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc0096c 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc0096c:  lhu	t0,0(a1)
0xbfc00970:  bne	t0,a0,0xbfc009c4
0xbfc00974:  nop

---------------- 2 00000090
do_raise_exception_err: 26 1
do_interrupt enter: PC bfc0096c EPC 00000000 TLB load exception
do_interrupt: PC bfc00200 EPC bfc0096c cause 2
    S 00400002 C 00000408 A fffe0000 D 00000000
------------------------------------------------
pc=0xbfc00200 HI=0x08428ec4 LO=0x08428ed4 ds 0098 bfc0096c 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
CP0 Status  0x00400002 Cause   0x00000408 EPC    0xbfc0096c
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00200:  lwu	zero,984(s8)
0xbfc00204:  0x1ab3f00
0xbfc00208:  lwu	zero,2412(s8)
0xbfc0020c:  lwu	zero,2512(s8)
0xbfc00210:  lwu	zero,2684(s8)
0xbfc00214:  alni.ob	$f23,$f6,$f1,1
0xbfc00218:  lwu	zero,3404(s8)
0xbfc0021c:  lwu	zero,3008(s8)
0xbfc00220:  lwu	zero,3120(s8)
0xbfc00224:  lwu	zero,4124(s8)
0xbfc00228:  nop
0xbfc0022c:  ll	zero,0(zero)
0xbfc00230:  nop
0xbfc00234:  j	0xb8180004
0xbfc00238:  lwu	zero,3496(s8)

---------------- 2 00000098
do_raise_exception_err: 20 0
do_interrupt enter: PC bfc00200 EPC bfc0096c reserved instruction exception
do_interrupt: PC bfc00380 EPC bfc0096c cause 10
    S 00400002 C 00000428 A fffe0000 D 00000000
------------------------------------------------
pc=0xbfc00380 HI=0x08428ec4 LO=0x08428ed4 ds 0098 bfc0096c 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
CP0 Status  0x00400002 Cause   0x00000428 EPC    0xbfc0096c
    Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
IN: 
0xbfc00380:  nop
0xbfc00384:  j	0xb8180004
0xbfc00388:  lwu	zero,3496(s8)

---------------- 2 00000098
do_raise_exception_err: 20 0
do_interrupt enter: PC bfc00388 EPC bfc0096c reserved instruction exception
do_interrupt: PC bfc00380 EPC bfc0096c cause 10
    S 00400002 C 00000428 A fffe0000 D 00000000
do_raise_exception_err: 20 0
do_interrupt enter: PC bfc00388 EPC bfc0096c reserved instruction exception
do_interrupt: PC bfc00380 EPC bfc0096c cause 10
    S 00400002 C 00000428 A fffe0000 D 00000000

--Boundary-00=_sOCcIyKZRUTEgBE--