x86emu emulation problem

jf simon <jfaslist@xxxxxxxx> · Thu, 05 Oct 2006 11:37:36 +0200

Hi,
I am trying to use the x86emu code to emulate a PCI ATI Radeon 
VGA bios on a powerpc platform (IBM 970 Maple).
The emulation starts OK, but after some time I can see that it is 
making a call to a location that is outside of the VGA bios. 
Which causes x86emu to emulate whatever rabbish it finds here.

At first I thought that maybe x86emu was emulating the wrong code 
(maybe got misaligned in the opcodes). But using the "ndisasm" 
x86 disassembler on the original VGA bios showed that x86emu was 
emulating the code correctly.

I  have also compared PCI traces (collected with a H/W analyser) 
ran on  the powerpc system and on a AMD64 system (which runs the 
VGA BIOS OK) and I can see that x86emu on the powerpc is making 
the right PCI accesses to the ATI before it crashes. Which makes 
me thing the x86emu is working OK, at least at the beginning.

The problem is on the "call 0xe903" instruction. There is no code 
there (code is from c0000:0000 to c0000:0d000 ). Plus there are 
those strange  opcodes "ENTER 8000,15", which are causing the SP 
to go from SP=DFD0, to SP=5fa4 (righ in the code!). I have read 
that the ENTER opcode was designed to make for high level 
language procedures, and their required stack frame needs. But 
0x8000 seems like a lot!

I am really at a loss so as what to do next...

Thaks for any help,
-jf simon

1- the x86emu trace just before the problem:
cat trace.cpu

c000:68dd a00080              MOV       AL,[8000]
        AX=0000  BX=01e3  CX=4100  DX=f004  SP=dfd0  BP=0197 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68e2   NV UP DI 
PL ZR NA PE NC
c000:68e0 04f5                ADD       AL,f5
[BP+SI]AL       AX=00f5  BX=01e3  CX=4100  DX=f004  SP=dfd0 
BP=0197  SI=0000  D
I=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68e4   NV UP DI 
NG NZ NA PE NC
c000:68e2 0002                ADD       ,
        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=dfd0  BP=0197 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68e8   NV UP DI 
NG NZ AC PO CY
c000:68e4 c8008015            ENTER 8000
,15
        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5fa4  BP=dfce 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68e9   NV UP DI 
NG NZ AC PO CY
c000:68e8 0e                  PUSH      CS
[00c8]AX        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5fa2 
BP=dfce  SI=0000  D
I=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68ed   NV UP DI 
NG NZ AC PO CY
c000:68e9 0106c800            ADD       ,
[BX+SI] AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5fa2  BP=dfce 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68f0   NV UP DI 
PL NZ NA PE NC
c000:68ed 80100e              ADC       BYTE PTR ,e
[DI]AX  AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5fa2  BP=dfce 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68f2   NV UP DI 
PL NZ NA PO NC
c000:68f0 0105                ADD       ,
        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5fa2  BP=dfce 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68f6   NV UP DI 
PL NZ NA PE NC
c000:68f2 c800800b            ENTER 8000
,b
        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=df8a  BP=5fa0 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68f7   NV UP DI 
PL NZ NA PE NC
c000:68f6 0e                  PUSH      CS
[SI]AX  AX=00f5  BX=01e3  CX=4100  DX=f004  SP=df88  BP=5fa0 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68f9   NV UP DI 
PL NZ NA PE NC
c000:68f7 0104                ADD       ,
        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=df88  BP=5fa0 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68fd   NV UP DI 
PL NZ NA PO NC
c000:68f9 c8008006            ENTER 8000

        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5f7a  BP=df86 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=68fe   NV UP DI 
PL NZ NA PO NC
c000:68fd 0e                  PUSH      CS
[BP+SI]AX       AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5f78 
BP=df86  SI=0000  D
I=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=6900   NV UP DI 
PL NZ NA PO NC
c000:68fe 0102                ADD       ,
        AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5f78  BP=df86 
SI=0000  DI=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=6903   NV UP DI 
PL NZ NA PE NC

c000:6900 e80080              CALL      e903   !!PROBLEM HERE!!

[BX+SI]AL       AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5f76 
BP=df86  SI=0000  D
I=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=e905   NV UP DI 
PL NZ NA PE NC
c000:e903 0000                ADD       ,
[BX+SI]AL

(x86emu starts emulating bad codes (all zeroes)

 AX=00f5  BX=01e3  CX=4100  DX=f004  SP=5f76  BP=df86  SI=0000  D
I=0000
        DS=0000  ES=c000  SS=c000  CS=c000  IP=e907   NV UP DI 
PL NZ AC PE CY
c000:e905 0000                ADD       ,

2- The same code as seen from ndisasm:

000068DA  A00080            mov al,[0x8000]
000068DD  04F5              add al,0xf5
000068DF  0002              add [bp+si],al
000068E1  C8008015          enter 0x8000,0x15
000068E5  0E                push cs
000068E6  0106C800          add [0xc8],ax
000068EA  80100E            adc byte [bx+si],0xe
000068ED  0105              add [di],ax
000068EF  C800800B          enter 0x8000,0xb
000068F3  0E                push cs
000068F4  0104              add [si],ax
000068F6  C8008006          enter 0x8000,0x6
000068FA  0E                push cs
000068FB  0102              add [bp+si],ax
000068FD  E80080            call 0xe900       <<<<<!!!HERE AGAIN

___________________________________________________________________________ 
Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. 
http://fr.answers.yahoo.com 

_______________________________________________
Devel mailing list
Devel@xxxxxxxxxxx
http://XFree86.Org/mailman/listinfo/devel