1the sun2 mainbus signal handler needs to OR together like signals from 2the different buses; right now the state of a signal on the mainbus is 3just the state of the signal on the last bus that happened to call it 4out. this will cause interrupts to get lost (but because of cooperative 5threading, this probably isn't manifesting now). 6 7clean up posix-serial callouts to be like 3c400 8 9is the (brief) extension word handling correct for PC-relative 10EAs when there are multiple brief extension words? (i.e., is 11first_ea_extword_offset updated (does it need to be?)) 12 13in type 8 frames, we currently store the address as it appeared 14on the bus - i.e., only 24 bits, not the full 32. maybe this is 15incorrect? 16 17should tme_m68k_rte_start have more RESTARTING checks? 18 19are the data input buffer and data output buffers being kept in the 20right endianness in both the trap frames and in the ic buffers? 21 22watch out for (raw[0] << 4) possibly staying 8-bit and then overflowing 23in tme_m68k_insn_buffer_xfer 24 25optimization: have the fast executor only execute an instruction if 26there are TME_M68K_INSN_WORDS_MAX * sizeof(tme_uint16_t) bytes 27available. note that this does *not* eliminate the need for the 28group0 hook entirely, since while we guarantee that we won't fault on 29an instruction fetch, we still might fault on data in 30mid-instruction-fetch. this optimization would however remove a 31test and goto in the fast FETCH macros. 32 33/* version enforcement: */ 34#if !defined(TME_BUS_DEVICE_VERSION) || TME_VERSION_CURRENT_X(TME_BUS_DEVICE_VERSION) != 0 35#error "check your sources; <tme/bus-device.h> version is now 0" 36#endif 37 38/* includes: */ 39#include <tme/element.h> 40#undef TME_BUS_VERSION 41#define TME_BUS_VERSION TME_VERSION_X(0, 0, 0) 42#include <tme/generic/bus.h> 43 44sun-sc's slow cycle implementation is broken; it should use the new 45bus-device dma support 46 47if a tlb_fill function invalidates previous TLBs, make sure that it 48invalidates before it fills (since it may be filling the same 49structure it wants to invalidate.) 50 51m68k: lowering the interrupt priority mask below 7 when the external 52priority is 7 causes another NMI to be recognized. 53 54TLBs filled for DVMA space for the VME bus shouldn't refer to the 55obmem bus fault handler, right? 56 57file a PR against NetBSD/sun3 1.6.x: 58sys/arch/sun3/dev/if_ie.c:ie_readframe(), when NBPFILTER == 0, calls 59ieget() with NULL for its int *to_bpf argument. this ultimately 60causes a NULL dereference in (the inline expansion of) check_eh() - 61witness a "clrl 0" instruction in the compiler output for 62ie_readframe(). proper fix is to remove the *to_bpf = 0 in check_eh(). 63 64file a PR against NetBSD/sun3: 65XXX FIXME - this hack works around a bug in NetBSD/sun3, present 66since revision 1.49 of src/sys/arch/sun3/conf/GENERIC (when the 67sun3x port was merged into the sun3 port). in this revision, the 68declaration for cgtwo0 changed: 69 70-cgtwo0 at vmes0 addr 0xff400000 level 4 vect 0xA8 71+cgtwo0 at vme2 addr 0x400000 ipl 4 vect 0xA8 72 73because the cg2mmap() function in src/sys/arch/sun3/dev/cg2.c 74doesn't add the 0xff000000 mask to the configured physical 75address (needed because the cgtwo is an A24 device), when Xsun 76mmap()s the cgtwo it gets a mapping of physical address 0x400000 77in VME space instead of the correct 0xff400000. the sparc cgtwo 78driver gets this right. 79 80- bus: DRQ(x) and DACK(x), with an UNSPEC 81- ncr5380: bug where a SCSI callout deferred because of a higher-priority callout isn't put into later_callouts 82 83in ncr5380.c:_tme_ncr5380_bus_tlb_fill(), the structure assignment 84of *tlb from *ncr5380->tme_ncr5380_dma_tlb may copy fields partially 85and/or out-of-order, such that the subsequent relevance test succeeds 86when it should fail? we should probably test at least the important, 87invalidating fields in *ncr5380->tme_ncr5380_dma_tlb instead of the 88local *tlb? XXX actually, ncr5380.c needs to use the new TLB 89valid/invalid tests, and be made more thread-safe. 90 91in ncr5380.c:_tme_ncr5380_scsi_cycle(), we test if tme_scsi_dma_in 92points to the internal FIFO to determine if the transfer was a read; 93however, if the transfer was a write this value may be garbage (under 94NDEBUG, it isn't initialized in _tme_ncr5380_callout()) that happens 95to match the internal FIFO anyways. 96 97the SCSI DMA structure needs to be expanded to support tme_shared 98pointers and bus boundary values, and scsi-bus.c needs to use 99tme_memory_bus_read_buffer(), tme_memory_bus_write_buffer() as 100appropriate. 101 102need barriers in the m68k read/write/fetch, etc. functions 103 104remove the locks argument from the generic bus-device DMA functions, since 105elements are only supposed to have a single mutex (and provide a pointer 106to the mutex in the struct tme_bus_device, or maybe have the mutex in the 107struct tme_bus_device). 108 109sun4: log when cache and memerr become visible/invisible 110sun4: log when FPU compliance changes 111 112bus-device-auto.sh: keep bus router from device structure in a local, 113in case it gets changed during a callout 114 115ncr53c9x: the SS2 esp is really an ESP100A, not an ESP100. 116 117sparc: for long-lived idle types, print address when first detected 118 119sparc: most unimplemented instructions cause NULL dereferences from opcode table 120 121gtk-keyboard.c: some X servers actually *don't* give locking behavior 122to the Caps_Lock, Num_Lock, etc., keysyms, and this causes problems. 123see the comments in _tme_gtk_keyboard_x11_new(). 124 125sun4: FAILURE: SEVAR (60000004) Power-Up, Exp = 00000000, Obs = ffed9000 126 127add [] to all tr character classes, so they work for SysV 128 129sparc: convert tme_sparc_ls_tlb_map from a struct tme_bus_tlb to a new struct type, 130since it uses various fields that will disappear in the bus cycle transition. 131 132sparc64 recode: don't assist membar instructions 133sparc64 recode: don't redispatch return instructions; instead they 134should return a value for the TME_SPARC_IREG_PC_NEXT register, and we 135should set pc_advance and reg_guest_pc so PCs won't get updated by the 136TME_SPARC_RECODE_INSN_UPDATE_PCS code. (but what about a return in a 137branch delay slot? - just add it to 138_tme_sparc_recode_insn_branch_delay_bad()) 139 140sparc64 recode: make the %rcc flags thunk only do 64-bit flags (the 14132-bit flags shouldn't be needed) 142 143recode: we must document that tme_recode_insns_thunk() REQUIRES that 144guest read/write instructions THAT ARE READS have 145TME_RECODE_OPERAND_ZERO for tme_recode_insn_operand_src[1] (this frees 146tme_recode_insns_thunk() from having to skip _src[1] on a read). 147this should be an assert(). 148 149tme_bus_tlb_map() - check that addr_offset can be a tme_bus_addr_t, 150no matter what tme_bus_addr_t's size. 151 152sparc64 recode: TME_SPARC_RECODE_SRC_HASH_SIZE_ELEMENT assumes 153that sizeof(tme_sparc_recode_src_key_t) >= sizeof(tme_recode_thunk_off_t) 154 155sparc64 FPU: the new operations (especially FMOVcc) are always 156present, no matter what the architecture. this exposes us to guests. 157 158x86 recode: stack alignment correct for a read/write assist call on an 159x86_64 host? 160 161SUN-ULTRA-1: make the onboard esp0 revision 2, and the onboard 162ncr53c9x a variant esp200 163 164sparc64 recode: a redispatch should probably encourage thunk 165generation (otherwise, after a wrpsr we'll interpret instructions 166until the next branch), something similar to the encouragement 167at the end of the sparc-execute.c recode thunk running. 168 169sparc execute: note that the V8 execute_trap ISP description notes 170that if a trap is taken preinstruction when annul != 0, the PCs are 171just advanced past the annulled instruction when they are saved for 172the trap (i.e., in the trap case, the annulled instruction isn't 173fetched). if we put the annulled bit into tme_sparc, we wouldn't have 174to force _tme_sparc_instruction_burst_remaining to be at least one 175after an annulling branch (if the burst was zero, we'll fetch the 176annulled instruction at the beginning of the next burst) and we'll get 177better emulation (because a real CPU doesn't fetch an annulled 178instruction when the previous instruction traps - but how could this 179happen, anyways? how can you annul an instruction but take a trap 180before it's fetched? maybe that's only possible by a trap for an 181interrupt?) 182 183sparc preemptive threading: an std must execute atomically; we must 184do one store instead of two. 185 186stp103x: there may be a race on setting TICK.INT_DIS, where you 187may still get a tick interrupt afterwards? 188 189make a version of tme_misc_cycles_spin_until() that doesn't 190do too many gettimeofday() calls? 191 192sparc64 recode: do we need to address-mask PC in 193_tme_sparc_recode_recode()? 194 195sparc64 recode: we should address-mask the PC_next_nexts made 196in the assist functions. 197 198sparc32 external: remove the interrupt acknowledge cycle 199 200make tme_sjlj_sleep_yield() and tme_sjlj_cond_sleep_yield() return 201immediately if the time to sleep is zero (because otherwise, 202tme_sjlj_yield() will think the thread is blocked). 203 204sparc64 recode assist: it's only necessary to set PC_next_next if 205the instruction handler might redispatch; are there any assist 206types where we know that the handler will not redispatch? 207 208replace some gettimeofday() calls with tme_gettimeofday(), 209also with tme_thread_long() as needed. 210 211sunfb bus transition: instead of initializing the completion error, 212tme_sunfb_bus_cycle_transition() should poison it and make sure that 213the cycle handler defines it *and* the fast cycle types. 214 215sparc execute: check for an external check at the beginning of 216tme_sparc_thread():TME_SPARC_MODE_EXECUTION, and truncate the 217execution burst if true? 218 219sparc optimization: in tme_sparc${arch}_ls(), push the poisoning of an 220unusable TLB entry before the address_map call, into the address_map 221functions (and only if they trap). 222 223sparc: in tme_sparc${arch}_ls(), should a TME_SPARC_LSINFO_OP_ATOMIC 224start out as TME_BUS_CYCLE_READ? this would at least make a TLB miss 225report the access as a read. the ultrasparc manual isn't clear if 226atomics are always reported in SFSR as writes. 227 228threading: any threading implementation must call tme_thread_long() as 229needed, including in its own tme_*_yield() functions as needed. 230 231NetBSD/sparc (>=5.x only?): on some hosts and some debugging setups, 232keys will unexpectedly repeat in the guest when large updates are 233happening on the text console: 234 1. original keypress, starts key repeat callout 235 2. user process writes a lot to the console kd device 236 3. kd.c:kd_putfb() does splsoftclock() and calls prom_putstr() 237 4. while prom_putstr() is running, the key release interrupt 238 happens. since we're at splsoftclock(), the zs soft interrupt 239 for the key release is held pending. (the key repeat callout is 240 only cancelled in the soft interrupt path.) 241 5. while prom_putstr() is running, the key repeat callout expires. 242 since we're at splsoftclock(), the callout is held pending. it 243 is now too late to avoid the key repeating. 244 6. prom_putstr() finally finishes. the key repeat callout is called 245 (either before or after the zs soft interrupt, it doesn't matter) 246 and repeats the key. 247in a non-debugging setup (-DNDEBUG, -DTME_NO_LOG, etc.) the emulator 248seems fast enough that prom_putstr() finishes before the key repeat 249callout expires, which is why this problem probably won't get fixed. 250(before recode, we may have avoided the problem because the emulator 251was actually too slow - the key release interrupt could have happened 252even before we got to the prom_putstr() point.) 253