2 Replies Latest reply: Oct 8, 2009 6:29 AM by 807557 RSS

    sun4m OBP/assembler help needed


      testing a sun4m emulator (qemu-system-sparc), I found that space{c,l,d}{@,!} words currently do not work as on the real hardware.
      In order to fix the emulation understanding how they are supposed to work is needed.
      ok see spacel!
      code spacel!
      ffd53504     ld      [%g7], %l2
      ffd53508     add     %g7, 4, %g7
      ffd5350c     ld      [%g7], %l0
      ffd53510     add     %g7, 4, %g7
      ffd53514     sll     %g4, 2, %g4
      ffd53518     call    ffd5351c
      ffd5351c     add     %g0, 14, %l1
      ok ffd5351c dis
      ffd5351c     add     %g0, 14, %l1
      ffd53520     add     %o7, %l1, %l1
      ffd53524     jmp     %l1, %g4, %g0
      ffd53528     ba      ffd53660
      I don't see any store instruction there. Can anyone explain, where the actual store is happening? Or how to find out where the
      jmp     %l1, %g4, %g0
      would jump to? Neither %g4 nor %g0 is explicitly set.

      The other strange thing is that spacel! and spaceb! look exactly the same, up to a single byte:
      ok ' spacel! 30 dump
                \/  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  v123456789abcdef
      ffd53500  00 01 00 00 e4 01 e0 00  8e 01 e0 04 e0 01 e0 00  ....d.`...`.`.`.
      ffd53510  8e 01 e0 04 89 29 20 02  40 00 00 01 a2 00 20 14  ..`..) .@..... .
      ffd53520  a2 03 c0 11 81 c4 40 04  10 80 00 4e e0 a4 80 00  ..@..D@....N`$..
      ok ' spacec! 30 dump
                \/  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  v123456789abcdef
      ffd53200  00 01 00 00 e4 01 e0 00  8e 01 e0 04 e0 01 e0 00  ....d.`...`.`.`.
      ffd53210  8e 01 e0 04 89 29 20 02  40 00 00 01 a2 00 20 14  ..`..) .@..... .
      ffd53220  a2 03 c0 11 81 c4 40 04  10 80 00 4e e0 ac 80 00  ..@..D@....N`,..
      Is it just the OBP which shows wrong bytes, or does the actual work happen after the jump? Is there a way to find out?
      A breakpoint set on the jump address was just ignored on a real SS-5. Does it mean breakpoints on OBP code are not supported?

      Please shed the light,

        • 1. Re: sun4m OBP/assembler help needed
          The source code is given below. The instruction set has no way to specify the ASI in a register, so the code has to jump into a table of instructions, each with a different ASI, and then jump out, using the delay slot. IIRC, an earlier version of the code generated the instruction on the fly and executed it, but that started to cause problems as caches became more complex.

          The other variants like spacec@ are similar, except for the instructions in the table - lduba instead of lda, for example.

          On an amusing side note, one of the key software people on the SPARCstation-1 project was Dave Labuda, whose name is almost an anagram of lduba. We tended to call him "Laduba" in those late-night hacking sessions...

          The reason the breakpoint failed is that the OBP breakpointing code can't quite deal with branch-branch combinations (a branch in the delay slot of another branch). The state transitions in that case just get too weird to think about - and the uses for such a combination are quite rare, this example being one of the very few.

          Mitch Bradley (OBP author)

          code spacel@ ( adr asi -- byte )
          sp scr pop \ adr in scr

          tos 2 tos sll \ asi*4 in tos

          here 4 + call \ Address of call instruction in spc
          5 /l* sc1 move \ Distance to jump table - 5 instructions
          spc sc1 sc1 add \ Absolute address of jump table
          sc1 tos %g0 jmpl \ Jump to the instruction

          never if \ Skip past table in delay slot

          scr %g0 00 tos lda
          scr %g0 01 tos lda
          scr %g0 02 tos lda
          scr %g0 03 tos lda
          scr %g0 04 tos lda
          scr %g0 05 tos lda
          scr %g0 06 tos lda
          scr %g0 07 tos lda
          scr %g0 08 tos lda
          scr %g0 09 tos lda
          scr %g0 0a tos lda
          scr %g0 0b tos lda
          scr %g0 0c tos lda
          scr %g0 0d tos lda
          scr %g0 0e tos lda
          scr %g0 0f tos lda
          scr %g0 10 tos lda
          scr %g0 11 tos lda
          scr %g0 12 tos lda
          scr %g0 13 tos lda
          scr %g0 14 tos lda
          scr %g0 15 tos lda
          scr %g0 16 tos lda
          scr %g0 17 tos lda
          scr %g0 18 tos lda
          scr %g0 19 tos lda
          scr %g0 1a tos lda
          scr %g0 1b tos lda
          scr %g0 1c tos lda
          scr %g0 1d tos lda
          scr %g0 1e tos lda
          scr %g0 1f tos lda
          scr %g0 20 tos lda
          scr %g0 21 tos lda
          scr %g0 22 tos lda
          scr %g0 23 tos lda
          scr %g0 24 tos lda
          scr %g0 25 tos lda
          scr %g0 26 tos lda
          scr %g0 27 tos lda
          scr %g0 28 tos lda
          scr %g0 29 tos lda
          scr %g0 2a tos lda
          scr %g0 2b tos lda
          scr %g0 2c tos lda
          scr %g0 2d tos lda
          scr %g0 2e tos lda
          scr %g0 2f tos lda
          scr %g0 30 tos lda
          scr %g0 31 tos lda
          scr %g0 32 tos lda
          scr %g0 33 tos lda
          scr %g0 34 tos lda
          scr %g0 35 tos lda
          scr %g0 36 tos lda
          scr %g0 37 tos lda
          scr %g0 38 tos lda
          scr %g0 39 tos lda
          scr %g0 3a tos lda
          scr %g0 3b tos lda
          scr %g0 3c tos lda
          scr %g0 3d tos lda
          scr %g0 3e tos lda
          scr %g0 3f tos lda
          scr %g0 40 tos lda
          scr %g0 41 tos lda
          scr %g0 42 tos lda
          scr %g0 43 tos lda
          scr %g0 44 tos lda
          scr %g0 45 tos lda
          scr %g0 46 tos lda
          scr %g0 47 tos lda
          scr %g0 48 tos lda
          scr %g0 49 tos lda
          scr %g0 4a tos lda
          scr %g0 4b tos lda
          scr %g0 4c tos lda
          • 2. Re: sun4m OBP/assembler help needed
            Wow! It's great to see the OBP author here!

            Meanwhile I identified that qemu-sparc didn't properly handle a jump in a delay slot of a branch. The bug is fixed in qemu since ~ 1 month.

            The trick with the executing one instruction and jumping out is really nice, indeed. It's good to see the code from the old good times when developers still used every feature of a hardware to make the code to be more perfect.

            And you are also totally right that this feature is rarely used otherwise. The delay slot bug in qemu wasn't noticed for years, because compilers just don't generate such code.