GXemul  >  Old development news



  Stable release (0.6.0)  



    Go here for recent news.

In December 2005, I got a full-time job. This meant that development of the emulator slowed down, and, among other things, I did not have time to write news entries with as much detail as those before. Anyway, here are the old news entries:

21 Nov 2005:
Continuing on the PCI cleanup, and on various PPC related things. NetBSD/prep gets slightly further than before:
Also trying NetBSD-daily 3.0 RC1 snapshots; NetBSD/cats works fine, but NetBSD/prep from 20051117 doesn't detect disks :-( It just says ST506 about all wd disks. Not sure why yet.

20 Nov 2005:
Spent several hours trying to find out why NetBSD/prep crashes. It was because of a NULL-ptr dereference while setting up the RTC. The PReP clock detection code in NetBSD seems to be a quick hack. :-( First of all, it only accepts the RTC if it advances exactly 1 or 2 seconds between one read and the next, with a hardcoded delay in between. The other ugliness is that the FROMBCD macro, which is defined as

	#define  FROMBCD(x)      (((x) >> 4) * 10 + ((x) & 0xf))
in NetBSD's clock_subr.h is misused in the PReP code. The macro itself is fine, if x is a variable, but in the PReP code it is a function call which reads the RTC, so the two (x) values above are not necessarily from the same RTC time. Ugly. Well, I'm adding a hack for the emulator to handle it, but it isn't pretty. Hm. NetBSD code is usually much cleaner than this.

(Later) More research indicated that this is a known problem. Not the PReP NULL ptr stuff per se, but Simon Burge made a post about the double-read from device registers in 2003 (http://mail-index.netbsd.org/tech-kern/2003/05/07/0004.html). Apparently it hasn't been fixed yet. Mailed two NetBSD mailing lists about it; it seems to have trigger the right type of response. Good.

19 Nov 2005:
The ARM dyntrans code used two copies of the PC, one in ARM register 15 (32-bit only) and one in the common cpu->pc variable, and they both had to be kept in sync at all times. Changing the code to only use cpu->pc (except in a few places). Seems to work. 6 min 52 seconds for a NetBSD/cats install. Continuing on PPC emulation; fleshing out the PReP skeleton a little:

18 Nov 2005:
NetBSD/pmppc reaches userland, and starts executing a couple of syscalls... unfortunately it then bugs out and loops forever doing those syscalls.

Thinking about how to do correct SMP simulations within the dyntrans system; the obvious solution, if only special instructions are used for synchronization (e.g. LL/SC, TAS, CAS) is to run at most n instructions, say 16384, on one CPU, and if a synchronization instruction is detected at, say, instruction nr 13115, then break before that and run (up to) 13115 instructions on the next CPU, etc. This makes it easy to both run at dyntrans speed and do correct synchronization. It breaks down of course if non-synchronization instructions interfere (i.e. if CPU 0 does a LL, CPU 1 then writes to the address using a normal store, and then CPU 0 does its SC). In that case, simulating one instruction at a time from each CPU might be the only solution. :-/

Using gcc version 4 instead of 3.x reduced NetBSD/cats install time to just below 7 minutes.

17 Nov 2005:
Malta fixes: the RTC year field is apparently offset by 80 on those boards, NetBSD/evbmips detects a CPU of more reasonable speed (25 MHz instead of 225 Mhz), and thinking about how to solve similar issues for Linux. I got an email from Qiu Yu asking about Algor support. There was none before; adding an Algor skeleton mode (at least some of the first boot messages are printed). More PPC progress; a NetBSD/pmppc ramdisk kernel reaches the point where it is about to store the arguments of the first userland process on the (userland) stack.

16 Nov 2005:
Factoring out some ISA bus stuff which was common to multiple machines, and continuing on the PPC stuff (interrupts/exceptions and related things). Spent a lot of time trying to figure out how to make interrupts work in a stable manner with NetBSD/bebox, sometimes I get "wdcintr: inactive controller", which seems to be an error message also appearing on real (physical) BeBoxes according to http://mail-index.netbsd.org/port-bebox/2004/10/24/0000.html. Adding a delay on wdc interrupts "solves" the problem (in the same way as with NetBSD/hpcmips) but it is not a clean solution. Maybe NetBSD itself is buggy in this case? (There are no recent BeBox releases on NetBSD's ftp site.) :-(

15 Nov 2005:
Some PPC updates (loads/stores, memory translation stuff), NetBSD/bebox gets a bit further than before.

14 Nov 2005:
Minor ARM dyntrans tweaks; NetBSD/cats install is down to 7 min 7 seconds.

13 Nov 2005:
Minor PCI generalizations. Finally took the time to add a hack for SCSI CDROM TOCs; this enables OpenBSD to use partition 'a' (as needed by the OpenBSD 3.8 installer), and Windows NT's installer to get a bit further (I had a very strong feeling that this was the reason why it crashed). NT now complains about graphics instead, but that is to be expected:
Also fixing dev_wdc to allow Linux to detect ATAPI CDROMs. Continuing on the 21143.

11-12 Nov 2005:
Another minor dyntrans fix; reducing the just-mark-as-non-writable time from O(n) to O(1) in the generic pc_to_pointers. NetBSD/cats install time is now down to 7 min 22 seconds. Merging Cobalt and evbmips (Malta) ISA interrupt handling, and fixing some minor issues to allow Linux/malta to accept harddisk irqs:

	$ gxemul -o 'root=/dev/hda1 ro' -emalta
		-d linux_mobilepro.img vmlinux-2.4.18.malta.el-01.01.srec
	ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
	PIIX4: IDE controller on PCI bus 00 dev 49
	PIIX4: chipset revision 1
	PIIX4: not 100% native mode: will probe irqs later
	hda: linux_mobilepro.img, ATA DISK drive
	ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
	hda: 4000752 sectors (2048 MB), CHS=3969/16/63
(This was with a MobilePro filesystem, so it didn't get very far, but it reached INIT at that's what counts.) Various minor device updates. Fixing the ALI M1543/M5229 so that harddisk irqs work with Linux/CATS.

10 Nov 2005:
Some more ARM dyntrans fine-tuning; among other things, some instruction combinations (cmps followed by conditional branch within the same page) and special cases for DPIs with regform when the shifter isn't really used. NetBSD/cats install is down to 7 min 40 seconds.

9 Nov 2005:
Continuing the PCI subsystem clean-up. All old pci_*.c files have been incorporated into normal devices and/or rewritten as glue code only, so it is less of a mess than before. Also working on the DEC 21143 NIC; OpenBSD/cats, NetBSD/cats, and Linux/cats all seem to recognize it (at least the eeprom/srom stuff is emulated), but it is only a dummy device so far. The scanc instruction combination hack suddenly works again; a full NetBSD/cats install is down to 8 min 12 seconds.

6-8 Nov 2005:
Finally taking the time (again) to look into generalizing the dyntrans system; the most important issues are:

  • variable-length ISAs (at least x86, m68k, i960, avr, vax)
  • reasonable data structures for 64-bit address translation (needed for at least alpha, x86 (well, amd64), mips, sparc, hppa, sh5, ia64, power/powerpc)
  • delay slots (mips, hppa, sparc, sh in shcompact mode)
(ARM was relatively simple to implement, since it is 32-bit only, doesn't use any delay slot, and has fixed instruction length. Most other architectures are more complex.)

Hm. As it turned out, I didn't get time to actually look into the dyntrans stuff. Instead I finally took the time to begin a clean up of the PCI bus subsystem; the old design using read_register was so horrible. :-)

2-6 Nov 2005:
More optimizations and NetBSD/cats test installs. Before Nov 2, a full install took 9 min 20 seconds, or so.

    Hack/optimization:							Time:
    Treat PC-relative loads within the same page as constant "mov"	9:07
    Round-robin instead of random dyntrans TLB replacement		8:55
    Instruction combinations enabled again  (*)				8:37
    With the "cacheclean2" instruction combination enabled again	8:31
    With copyin and copyout instr comb hacks				8:22
(*) = Hahahaha, I had accidentally disabled instruction combinations some time during the last few days. :-) Oops.
Experimenting with adding ATAPI support to dev_wdc, in order to make emulated *BSD detect cdroms as cdroms, not harddisks. It seems to work well enough for a NetBSD/cats installation, but not OpenBSD/cats. Generalizing the dev_footbridge ISA interrupts to also work with Debian:
Modifying the -Y command line option to allow scaleup with certain graphic controllers (only dev_vga so far), not just scaledown.

1 Nov 2005:
NetBSD 2.1 and OpenBSD 3.8 are now available; verifying that they can be installed, updating the documentation. Fixing dev_wdc to support 128-sector PIO mode 3 transfers instead of just 1-sector PIO mode 0. (This leads to a tiny speed improvement.) Minor ARM dyntrans updates.

31 Oct 2005:
Various ARM-related updates and hacks. A Linux kernel now gets a bit further than before, and OpenBSD/zaurus, NetBSD/evbarm (iq80321) and FreeBSD/ARM (iq80321) all get further as well. (Thanks to Olivier Houchard for supplying me with FreeBSD kernels to test this with.)

29 Oct 2005: RELEASE

29 Oct 2005:
Super-quick release, not formally tested at all. :-| It is probably better to get it out the door now, anyway. Also: thanks to David Muse for noticing the ~ pckbc bug.

27-28 Oct 2005:
Reducing MODE32 tlb updates from O(n) to O(1), and a similar reduction for MODE32 physical page invalidation. This and some other minor hacks has reduced NetBSD/cats install time to 9.5 minutes. :-) Trying out a similar O(n)->O(1) reduction for 32-bit MIPS (R2K/3K), but it did not increase performance.

26 Oct 2005:
copyin() and copyout() in *BSD/ARM use loads and stores with the t-flag set; those did not use the fast translation arrays before today. After adding a bitmap which indicates if a page is (specifically) user accessible, a full NetBSD/cats install dropped from around 12.5 minutes to 10.5 minutes.

Non-emulator diary entry: Just in case anyone wanders in here and reads the diary, let me remind you of the vote for European of the Year-page at http://www.nosoftwarepatents.com/. Introducing software patents will most likely be a very bad thing for Europe (traditional Copyrights should be enough for protection of software), and if Florian Müller wins, it will be noticed by people who have the power, and hopefully they will become more informed about the issues involved.

24-25 Oct 2005:
Continuing; the latest optimizations have increased performance slightly: the real time required to do a full NetBSD/cats install (on a 2.8 GHz Xeon) was 40-60 minutes with release 0.3.6, 26 minutes with, and now dropped to be just below 18 minutes. Also tried running on a 2.0 GHz AMD (Athlon), which was a bit faster (with -mcpu=athlon instead of -mcpu=pentium4), around 3 minutes faster than the Xeon. Also adding the first reasonable "instruction combinations" hacks (the cores of NetBSD/cats' memset() and memcpy() functions), which makes things a bit faster. (Just adding the memset() instruction combination reduced the time by around half a minute. :-)

Fixing a dyntrans-related bug in dev_vga. Also changing the dyntrans low/high access notification to only be updated on writes, not reads. Hopefully it will be enough. (dev_vga in charcell mode now seems to work correctly with both dyntrans reads and dyntrans writes.)

Gathering exact instruction statistics from NetBSD/cats. After running about halfway through a full install, 20 billion instructions, the following are the parts of the kernel that are executed the most:

	Nr of times:	Address:	What it is:
	------------	--------	-----------
	1109   M	0x00162cac	the idle loop		(*)
	 354   M	0x0015f88c	inside sa1_cache_cleanD_rng()
	 101   M	0x001bcccc	inside scanc()
	  78   M	0x0015da54	inside generic_bs_wm_4()
	  55.5 M	0x0015e7ec	inside copyin()
	  48.5 M	0x0015f93c	inside sa1_cache_purgeID_rng()
	  23.5 M	0x000be1b4	somewhere in the filesystem code
	  20.8 M	0x0015d9dc	? (TODO)
	  17.8 M	0x0015e934	possibly copyout()
	  11.6 M	0x000be1c8	somewhere in the ufs code
	   5.5 M	0x001bd46c	__udivsi3
(*) = not surprising, since the install is interactive.

This does not mean that sa1_cache_cleanD_rng() is called 354 million times, or that 354 million instructions are spent there. It means that the instruction at 0x0015f88c is executed 354 M times. The core instruction sequence there is 3 instructions long, so what it means is that over a billion instructions were spent there.

22-23 Oct 2005:
Continuing; trying to do better (automated) statistics gathering. Also some other dyntrans-related updates, for example experimenting with inlining arm_pc_to_pointers()). This last hack seems to increase speed.

21 Oct 2005:
Automatically generating some of the most common ARM load/store multiple instructions. Not all such instructions can be generated, there are too many, so the first step was to run NetBSD/cats for a while to gather some statistics. The code for opcode 0xe92d4010, for example, a store multiple, becomes something like this:

	/*  stmdb sp!,{r4,lr}  */
        uint32_t orig, addr = cpu->cd.arm.r[13];		Base register = r13
        unsigned char *page;
        orig = addr; addr -= 4;					Pre-decrement
        page = cpu->cd.arm.host_store[addr >> 12];
        addr &= 0xffc;
        if (addr >= 0x8 && page != NULL) {			Inside the page? Then:
                uint32_t *p = (uint32_t *) (page + addr);
                p[0] = cpu->cd.arm.r[14];			Store r14 and r4
                p[-1] = cpu->cd.arm.r[4];
                cpu->cd.arm.r[13] = orig - 8;			Writeback
        } else
                instr(bdt_store)(cpu, ic);			Otherwise: call the generic
								store multiple function
So, if the access doesn't cross a page boundary, then the store can be done directly, without using the generic bdt_store() every time. An objdump of the resulting machine code shows that the code can be reasonably tight/short, at least on Alpha, but it remains to be seen whether this optimization is worth it. (It puts more stress on the host's caches.) The first tests (doing a full install of NetBSD/cats) do not seem to give any speed increase :-/

TODOs for this hack are:

  • [optional] alignment checks
  • storing two registers at a time on 64-bit hosts, when possible (alignment matters, and it also depends on which registers are being stored)
  • crossing a page boundary => use two pages without calling bdt_*

Non-code related: the recent licensing related stuff made me feel like checking out something much more serious, namely whether the PearPC developers have made progress with their plans to sue the company behind CherryOS. There doesn't seem to be much news as of lately, though.

20 Oct 2005: (Later)
More ARM updates (HPCarm related), and finally getting around to making dev_ram "mirrors" etc. work with dyntrans.

20 Oct 2005:
As Mr Fillot is also able to read stolen_code.html, he seems to admit more things. It's like as if he waits for me to discover the traces of GXemul in his emulator, and then he admits things up to that point, but not more. If he had been honest, he would have admitted from the start all the things he had taken from GXemul, but he didn't. Haha, I practically never get upset about anything, but that kind of people really make my blood boil. Anyway, I'm getting tired of this, and I think I'll leave it as it is.

19 Oct 2005:
This is not a diary entry about code progress, but it has made me angry enough to mention it here anyway:
A Mr Christophe Fillot seems to have developed a Cisco emulator (http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator). A first glance at the output (the example in the given URL) made me feel like this was a modified GXemul, and by looking at the source code it is clear that the PCI bus code and a number of other things have been taken from GXemul, but there is no credit or mention of where he got the code from. More info here:


Via email, Mr Fillot reluctantly admitted that he has used 4 (!) lines (plus a header file, which was from NetBSD). I am really insulted by this guy's behaviour, and at the same time quite amazed; he is at university level, and should not behave like that. I'm very upset by this; although in this case it did not go as far as with the Yoctix code theft a couple of years back.

17 Oct 2005:
Minor updates: Adding a dummy i80321 Verde controller (for XScale emulation), fixing the disassembly of the ARM ldrd instruction, adding "support" for less-than-4KB pages for ARM (by not adding them to translation tables).

12-13 Oct 2005:
Fixing a VGA cursor offset bug, and doing various minor ARM-related optimizations. Adding a slow strd ARM instruction hack (not using the fast host_store array).

11 Oct 2005: RELEASE

10-11 Oct 2005:
Preparing for a release. ARM emulation seems to be stable enough now to compile the emulator inside itself:

9 Oct 2005:
Rewriting the ARM R() function; now there are 8192 automatically generated smaller functions doing the same thing, but hopefully faster. Adding a dummy dev_lpt. Experimenting with lowering the number of TLB entries for ARM virtual translation from 64 to 32 or 16. Time required to do a full NetBSD/cats install:

	# TLB entries:	Time:		Time with no_exceptions hack:
	--------------	-----		-----------------------------
	      64	40 min 17 sec	    (not tested)
	      32	34 min 15 sec	    25 min 20 sec
	      16	33 min  5 sec	    25 min 20 sec
The second time column is with another test hack; whenever a memory access is done with NO_EXCEPTIONS set, then the TLBs will not be updated.

8 Oct 2005 (later):
The bug was not because of faulty ARM documentation after all, but it was related to those parts of the code. Fixing the RTC (dev_mc146818) to work with CATS.

8 Oct 2005: RELEASE 0.3.6

7 Oct 2005 (later):
FINALLY! Found and fixed the remaining bugs: the ARM manual says that load multiple with the S-bit set should load usermode registers, but this does not work with real-world code such as NetBSD or OpenBSD. Instead, loading into whatever the SPSR says were the saved registers (i.e. not necessarily the usermode registers) works better :-)
Both NetBSD/cats and OpenBSD/cats seem to install now (except that OpenBSD's MAKEDEV dumped core during install, so it doesn't start correctly after the install); updating the documentation to reflect this.

5-7 Oct 2005:
Continuing the bug hunt... found and fixed one memory related bug (I hadn't separated Data Aborts from Prefetch Aborts), but the interrupt related bug still remains.

30 Sep - 4 Oct 2005:
Continuing on the ARM stuff. Sporadic userland messages from OpenBSD/cats and NetBSD/cats :-), but usually it crashes before anything can be outputed. Might have to do with interrupt delivery, or the memory system. Changing the timing of interrupt related things causes it to bug out at different places, so it probably has to do with interrupts.
The Debian manual has a broken URL to a Debian/CATS kernel, but Google was able to find an older kernel at http://http.us.debian.org/debian/dists/woody/main/disks-arm/current/cats/tftpboot.img. It doesn't get very far, but at least it outputs something.

23-28 Sep 2005:
Playing around with adding some (dummy) PCI-to-ISA bridges and PCI-IDE controllers, for CATS and Netwinder (both using dev_footbridge).
Some PPC progress (more instructions, mostly). Fixing a bug in dev_vga which prevented correct scrolling (using the update-base-offset method, used by modern NetBSD and OpenBSD kernels), so now the output of OpenBSD/cats and NetBSD/cats doesn't get cut-off.

17-21 Sep 2005:
Various updates: adding an Atmel AVR (8-bit) cpu family skeleton (including a few instructions for the disassembler and for actual execution), symbols are now read from Mach-O binaries, and most importantly: ARM exception support, enough for OpenBSD/cats and NetBSD/cats to reach userland!

12-13 Sep 2005:
Andreas (avr at gnulinux.nl) noticed that IRIX doesn't have u_int64_t; the configure script has been updated to reflect this. Working on ARM register bank switching, CPSR vs SPSR issues, beginning the work on interrupt/exception support.
Continuing on ARM-related stuff in general; NetBSD/cats now boots as far as OpenBSD/cats does.

7-10 Sep 2005:
(Re)adding a dummy HPPA CPU module, and a dummy i960 module. Playing around with how to boot a Darwin CDROM (Apple Partition Tables, HFS+ (which I haven't touched yet)), and Mach-O binaries (at least some) can now be loaded. Fixing an ARM bug (sometimes the Carry flag was updated even when the S bit was not set on some DPIs); both OpenBSD/cats and NetBSD/netwinder get a bit further now:
Applying a patch from Alexander Yurchenko to make dev_wdc work better when emulating modern versions of OpenBSD. Also refreshing the wdc stuff in general (converting to devinit, etc).

4 Sep 2005:
Working on some SHcompact things (the disassembler, mostly).

2 Sep 2005:
Tried an optimization for the old i386 backend: whenever 1 emulation with 1 machine with only 1 CPU is emulated, then it is possible to output i386 code which looks like the left column, as opposed to the generic case on the right:

	movl  %eax,0x12345678                 movl  %eax,0x12345678(%esi)
The case on the right means addresses relative to the current CPU struct. I thought there would be a speed increase by not using relative addressing, but after many many tests I could still not verify any speed increase. :-/ Well, it was worth testing anyway.

30 Aug - 1 Sep 2005:
ARM and PPC updates. A Linux kernel for BeBox gets past the checksum/decompression routine:

29 Aug 2005:
GXemul is 2 years old today :-) Moving CPU related files from src/ to src/cpus/, and PROM emulation stuff from src/ to src/promemul/. Making the instruction trace for ARM look nicer; this makes it easier to track down bugs, and/or to find out how to continue developing various emulation modes. For example, NetBSD/shark crashes with an 0xf-prefixed instruction. (It is highly unlikely that such an instruction would occur naturally.) An instruction trace shows the following:

	00164d18: e59f2020   ldr  r2,[pc,#32]  <0x00164d40: ofw_client_services_handle>
	00164d1c: e1a0e00f   mov  lr,pc
	00164d20: e592f000   ldr  pc,[r2]      <ofw_client_services_handle: args.7>
	f01f4d18: f01b12e8   and(INVALID)s  r1,fp,r8, ror #5
	TODO: ARM condition code 0xf
From the trace, it is clear that this is not the case of an unimplemented instruction, but rather that the NetBSD code assumes that ofw_client_services_handle points to some kind of OpenFirmware handler (which isn't implemented yet).

27-28 Aug 2005:
More ARM updates. Finally taking the time to look into translation invalidation issues (ie. self-modifying code, etc). Hopefully this doesn't break anything.

22, 24-25 Aug 2005:
More ARM updates (more instructions, halfword/signed load/store stuff, and the system control coprocessor). OpenBSD/zaurus begins to print some boot messages:

	OpenBSD/zaurus booting ...
	initarm: Configuring system ...
	physmemory: 04 pages at 0xa0000000 -> 0xa3ffffff
	Allocating page tables
	freestart = 0xa0009000, free_pages = 03 (0x000001f7)
	IRQ stack: p0xa01d1000 v0xc01d1000
	ABT stack: p0xa01d0000 v0xc01d0000
	UND stack: p0xa01cf000 v0xc01cf000
	SVC stack: p0xa01cd000 v0xc01cd000
	Creating L1 page table at 0xa01fc000
	Mapping kernel
	Constructing L2 page tables
	freestart = 0xa061c000, free_pages = 1: (0x39e4)
	switching to new L1 page table  @0xa01fc000...
	bootstrap done.
	init subsystems: stacks vectors undefined page pmap pmap_bootstrap: 
	WARNING! wrong cache mode for primary L1 @ 0xc0200000
NetBSD/netwinder also prints some things:
	NetBSD/netwinder booting ...
	initarm: Configuring system ...
	physmemory: 16 pages at 0x00000000 -> 0x00ffffff
	init subsystems: stacks vectors undefined page
	panic: uvm_page_physload: start >= end
Dilemma: should the diary should be public or not? Making it non-public again. Adding a dummy SH cpu module. MIPS bugfixes: unaligned PC now cause an ADEL exception (at least for non-bintrans execution), and ADEL/ADES (not TLBL/TLBS) are used if userland tries to access kernel space. Thanks to Joshua Wise for making me aware of the MIPS bugs.

2 Aug 2005:
More cleanup/refactoring of the dyntrans subsystem: adding phys_page pointers to the lookup tables, for quick jumps between translated pages. Things are beginning to take shape :-) but there's lots of work left. More cleanup of the ns16550. Beginning the conversion of cpu_ppc to the new dyntrans system. I will have to figure out a nice way to support both 64-bit and 32-bit mode simultaneously, without making the code too ugly.

1 Aug 2005:
Continuing the dyntrans code refactoring/cleanup. Alec Voropay has made available a Linux kernel for Malta boards (here), but there are many issues to solve to get this working nicely. The whole PCI/interrupt/Malta stuff was just a quick hack to get NetBSD/evbmips running, and it is not suited for Linux or anything else at the moment. Fixing a memory corruption bug in dev_gt (triggered on Alpha, but not on i386). General cleanup of dev_ns16550. The old FreeBSD/MIPS binary development snapshots I got from Juli Mallett last summer seem to work again (after the bintrans bugfix yesterday).

30-31 Jul 2005:
Converting the i386 backend in a similar way as I did with the Alpha backend two days ago. There seems to be a speed increase. Real time required to install NetBSD/pmax 1.6.2:

			Before conversion:	Now:
	without -A	4 min 17 sec		4 min 7 sec
	with -A		3 min 56 sec		3 min 47 sec  :-)
Trying to hunt down the cache bug. No success yet. I guess I'll commit the code anyway, although I don't like doing it this way. Finally cleaning up the ugly MC146818 hack for Linux (necessary for Linux for SGI and Malta boards). Beginning to do some major refactoring of the dyntrans system. Doing some i386 bintrans backend updates: one bugfix and some minor performance hacks.

29 Jul 2005:
Noticing that the 1-level MIPS stuff doesn't work correctly with dynamic device accesses. So, either I'll have to figure out how to do that, or it will have to be scrapped. Long term goals, if the dynamic translation system can be generalized in a nice way, would be to rewrite the MIPS emulation (and the ugly PPC and x86 emulation hacks) to use the new system. And then incorporate binary translation into that. But this is all way into the future. Ideally, things like gathering opcode statistics, showing function call trace trees, and managing breakpoints would only need to be written once, and work for all frontends.

28 Jul 2005:
Experimenting with using a 1-level page table for ARM virtual memory emulation instead of the 2-level page table I've used before. Only minimal increase in speed. On the Xeon, the memory-fill-test reaches at least 159.5 MIPS. It uses up quite a bit of memory, but hopefully it is worth it.

Also trying to use a 1-level page table for MIPS bintrans (for the Alpha backend). Initial tests were disappointing: real-world code for R2000/R3000 (such as NetBSD/pmax) needs to clear the L1 caches in a special way, and the old 2-level translation code had a nice hack which optimized that. That hack could not be used straight away with 1-level page tables, so performance was actually decreased. But I managed to make another hack, similar to the 2-level hack for the caches. Performance didn't improve much, though. (Time to boot NetBSD/pmax is reduced from 47 to 46 seconds with alignment checks, 42 to 41 seconds without.) The code is really really ugly, and I need to make it work with the i386 backend before I feel good about this.

27 Jul 2005:
QEMU has had a new release. Maybe I should try QEMU some day. It now has some MIPS support, apparently.

26 Jul 2005:
Trying again... This time it worked, huge performance increase for artificial test code, but performance loss for real-world code :-( so I'm scrapping that code for now. Creating a web page containing Tips and tricks on how to write an emulator/simulator. Not much yet, but it is a start. Also did a test install of NetBSD/pmax 1.6.2 on the Xeon system, with the -A option (disabling alignment checks). The result: a full install takes 3 min 56 seconds. :-)

25 Jul 2005:
Adding a -A command line option to turn off alignment checks for load/stores in some cases (for translated code). There is a slight increase in performance (NetBSD/pmax boots in 42 seconds instead of 47 on my home machine), but the emulation will not be 100% correct. Spent some time trying to remove the ugly (and slow) way of updating the pc and nr of executed instructions in the old MIPS bintrans code, but failed. (I will try again later.)

22-24 Jul 2005:
Trying to hunt down a 8KB vs 4KB page size bug. Found it: I had separated userland memory emulation from normal emulation. Quick-and-dirty "solution": a special case for non-4KB userland. Hello World compiled statically for FreeBSD/Alpha runs :-)

19-21 Jul 2005:
More Alpha-related updates. Also realizing an optimization that works for both Alpha and ARM translation; doing 1*2*3*4*5 = 120 (or 60) instruction calls before looping makes the main loop work nicely with the host's branch prediction hardware, for all short loops that are 6 instructions long, or less. The ARM test now runs at 156.2 MIPS on the Xeon, resulting in 17.83 host cycles per emulated instruction. Quick notes on Alpha and ARM so far:

	32 64-bit registers, with fixed-length 32-bit instruction words.
	Special consideration: register 31 is hardwired to zero.
	Virtual memory in the emulator: 13 + 13 + 13 = 39 bits
	(Double memory mappings; one for user addresses, one for kernel
	addresses. Accesses outside this space still work, but are
	emulated much more slowly.)

	16 32-bit registers, with fixed-length 32-bit instruction words.
	Special considerations: register 15 should always mirror cpu->pc,
	all instructions have a 4-bit condition code as a prefix.
	Virtual memory in the emulator: 10 + 10 + 12 = 32 bits.
There are many similarities, especially in the main loop, and it would be nice to be able to factor out those parts of the code. How this should be done while still preserving speed in the end (i.e. not inducing overhead by for example function calls) and also keeping the code readable will be the tricky part. There are probably quite a few places in the sources where I have assumed a 4 KB page size (for translations etc); this will have to be generalized to allow for 8 KB pages as well.

15-18 Jul 2005:
More work on cpu_alpha. Random (old) photos:
(A real SGI O2, and Windows NT for MIPS crashing in the emulator.)

12-14 Jul 2005:
Adding a simple ethernet device (dev_ether), adding some info about dev_ether and dev_disk to the documentation, and doing some other minor fixes. Adding a dummy cpu_alpha again, thinking about how to refactor things that are common to cpu_alpha and cpu_arm.

1 Jul 2005:
Making a simple "dev_disk". Not tested yet, but it can be used in the testmips machine in the future, and perhaps also useful for FreeBSD/MIPS development.

30 Jun 2005: (Later)
After some minor adjustments, the fill-loop now reaches 149.27 MIPS on the Xeon (which is actually running at 2785.257 MHz). So it's 18.66 host cycles per emulated instruction.

30 Jun 2005:
The ARM stuff is becoming heavier and heavier to compile; just simple loads and stores are now 1024 functions (!). Most of these functions are really short, but there are at least 64 larger ones. Experimenting with using a single lookup table (which would take 24 MB on 64-bit hosts, half of that on 32-bit hosts) for all memory accesses. It wouldn't work with context switching though -- replacing the entire table would take forever -- so I guess I will skip that idea. Trying to generalize the bintrans stuff for device accesses to also work with the new translation system. (This might break some MIPS things.) The following short test program fills a portion of the framebuffer, byte-by-byte, with gray colors.

	inline void memset(unsigned char *a, int x, int len) {
	        while (len-- > 0)
	                *a++ = x;
	void f(void) {
	        int x=0;
	        for (;;) {
	                memset(0x12000000 + 640*3*100, x, 640*90*3);
	                x += 4;
When compiled with arm-unknown-elf-gcc and -O3, it runs in GXemul at an average of 145.6 million emulated instructions per second, on the Xeon (which is running at exactly 2785 MHz). That is 19.13 host cycles per emulated instruction. Most of these are memory accesses (which are slower than many other instructions), and have side-effects such as post-index write-back to the base register. (The framebuffer is not really turned on, that would be a lot slower.) Also, this is with virtual address translation. Turning off virtual address translation might make it even faster, but that wouldn't work when emulating NetBSD etc. For non-binary-translation, I guess this is reasonable performance.

29 Jun 2005:
Mostly working on the ARM stuff, but also did some manual tests with some PSP .pbp files. http://ps2dev.org/ has these and some other "homebrew" applications.
These programs don't work out-of-the-box with GXemul, at least not right now; a manual skip in the debugger to the correct entry point is required during startup. A dynamic linker + "BIOS"-like emulation layer would solve this, so that it works automatically.

28 Jun 2005:
I guess this is about as good time as any to say Thank You to (in no specific order) Joachim Buss, Juli Mallett, Juan RP, Alec Voropay, Göran Weinholt, Alexander Yurchenko, and everyone else who has provided me with feedback.

28 Jun 2005: RELEASE 0.3.4

27 Jun 2005:
More ARM updates. Hello World runs. All instructions are now inlined/generated for each possible condition code. Even when the condition codes are used, the code is reasonably tight. Here is the disassembly (objdump) of a "branch within the same page" compared to "branch on not equal, within a page": (Alpha assembler)

    arm_instr_b_samepage:	arm_instr_b_samepage__ne:
	ldq   a1,8(a1)		    ldl   t1,80(a0)	; Load flags.
	stq   a1,272(a0)	    srl   t1,0x1e,t1	; Check for Equal,
	ret			    blbs  t1,R		; if so then just return.
				    ldq   a1,8(a1)	; Load new arm_instr_call
				    stq   a1,272(a0)	; pointer, and set it.
				R:  ret
In case the inlined code becomes too large, the compiler (in this case, Compaq's C Compiler V6.4-005) falls back to just doing the conditional check, and then calling the "always"-conditional function. The same functions produced by gcc 3.2.2 on an i386 host:
    arm_instr_b_samepage:	arm_instr_b_samepage__ne:
	mov   0x8(%esp,1),%eax	    mov   0x4(%esp,1),%edx
	mov   0x4(%eax),%ecx	    testb $0x40,0x37(%edx)
	mov   0x4(%esp,1),%eax	    jne   R
	mov   %ecx,0xe0(%eax)	    mov   0x8(%esp,1),%eax
	ret    			    mov   0x4(%eax),%eax
				    mov   %eax,0xe0(%edx)
				R:  ret
Removing some dummy files (cpu_alpha.c, cpu_hppa.c, and cpu_sparc.c) that weren't really used. Minor updates to the documentation. Doing some releaste testing for the next release. (Quick release, yes, but it should be a lot better than 0.3.3.x.)

26 Jun 2005:
Finally! NetBSD/sgimips netboots! Writing instructions on how to netboot NetBSD/sgimips, and verifying them.
In the screenshot, the left xterm is the NetBSD/sgimips 2.0.2 client machine, and the right xterm is the NetBSD/pmax 2.0.2 nfs server. Also: Playstation Portable ".pbp" files can now be used directly; the ELF portion of the file is transparently extracted during startup. Converting some sprintf() calls to snprintf(). Adding some more instructions to the ARM disassembler (enough to disassemble Hello World, but not run it yet of course).

25 Jun 2005: (Even later)
Combining multiple instruction calls into one seems to work now. When single-stepping (or running with -i) within a page which contains such combined calls, all translations are flushed, and only one-instruction-per-call will be used. Cleaning up some IP32 interrupt things (crime/mace); disabling the PS/2 keyboard controller on IP32, so that NetBSD/sgimips boots into userland again.

25 Jun 2005: (Later)
Implementing support for branches within the same page was trivial. This resulted in a measurable performance increase for the "f: b f" loop.

	Host:		Old MIPS:	New MIPS:	Host cycles
	-----		---------	---------	per emulated
	533 MHz pca56	14.37    -->	23.3		22.90
	1.0 GHz ev7	40.00    -->	115.4		 8.67  (!)
	2.8 GHz Xeon	36.45    -->	190.6		14.69
	900 MHz Ultra	23.15    -->	43.7		20.59
I hope I didn't mess up these calculations. Every branch instruction is executed, they are not optimized away or anything like that. If these numbers are correct, there is obviously a lot of potential for optimization. :-)

25 Jun 2005:
The first two ARM instructions, using dynamic-but-not-binary translation, seem to be working. A simple "f: b f" (that is, a do-nothing loop) results in the following performance so far:

	Host:			Emulated	Host cycles	Equivalent
	-----			MIPS:		per emulated	ARM610 speed: (*)
				----		instruction:	---------
	Alpha 533 MHz pca56	14.37		 37.1		17.1 MHz
	Alpha 1.0 GHz ev7	40.00		 25.0		47.6 MHz
	Intel 80486, 50 MHz	 0.47		106.4		 0.5 MHz
	Intel Xeon, 2.8 GHz	36.45		 76.8		43.4 MHz
	143 MHz UltraSPARC	 3.73		 38.3		 4.4 MHz
	900 MHz UltraSPARC	23.15		 38.9		27.6 MHz

	(*) = ARM610, which according to http://www.heyrick.co.uk/assembler/proctype.html
	      existed as 20, 30, and 33 MHz implementations, did 0.84 instructions/cycle
Jumps are bad for performance, since they change the program flow. (The branch instruction is treated as an unknown worst-case branch, it will be faster to deal with jumps within the same translated page separately.) On the other extreme, a loop with 31 "mov" instructions followed by a branch back, gives these numbers:
	Host:			Emulated	Host cycles	Equivalent
	-----			MIPS:		per emulated	ARM610 speed:
				----		instruction:	---------
	Alpha 533 MHz pca56	 31.49		16.9		 37.5 MHz
	Alpha 1.0 GHz ev7	 56.20		17.8		 66.9 MHz
	Intel 80486, 50 MHz	  1.05		47.6		  1.3 MHz
	Intel Xeon, 2.8 GHz	126.90		22.1		151.0 MHz
	143 MHz UltraSPARC	  6.05		23.6		  7.2 MHz
	900 MHz UltraSPARC	 42.98		20.9		 51.2 MHz
No definite conclusions can be drawn from just implementing 2 instructions from the ISA, and no virtual memory or interrupts, but this is at least an indication that it is 1) slower than a good binary translator would be, and 2) faster than the more naive form of interpreting one instruction from memory at a time. A third test where the 31 mov instructions are treated as 31 nops (which means that the only thing measured is pure overhead, no action is performed), gives the following:
	Host:			Emulated	Host cycles	Equivalent
	-----			MIPS:		per emulated	ARM610 speed:
				----		instruction:	---------
	Alpha 533 MHz pca56	 33.6		15.9		 40.0 MHz
	Alpha 1.0 GHz ev7	 90.0		11.1		107.0 MHz
	Intel 80486, 50 MHz	  1.2		41.7		  1.4 MHz
	Intel Xeon, 2.8 GHz	173.6		16.1		206.7 MHz
	143 MHz UltraSPARC	  6.6		21.6		  7.9 MHz
	900 MHz UltraSPARC	 47.5		18.9		 56.5 MHz
Since a nop does nothing, does that mean that the third table lists the theoretical top performance of this kind of translation? No. "Instruction combination" isn't implemented yet. If implemented properly, it would allow higher speeds.

24 Jun 2005:
Adding a semi-dummy PSP (Playstation Portable) mode, just for fun. It is supposed to have an R4000 core (which would suggest that it is a 64-bit machine), but other sources say it is 32-bit. It has a 480 x 272 pixels framebuffer, 15 bit color, at physical address 0x04000000, but the virtual address corresponding to that address is, according to http://yun.cup.com/psppg004.html (in Japanese), 0x44000000. Really really strange. Anyway, a small Hello World program can be downloaded from http://sec.pn.to/ and converted into an ELF:

	dd if=EBOOT.PBP of=EBOOT.elf bs=1 iseek=0x3940
and then run in GXemul:
	gxemul -X -E psp EBOOT.elf
The result looks something like this:
The colors in the first screenshot are probably wrong. The second screenshot looks more reasonable. The third screenshot is of a game that can be found here: http://www.dcemu.co.uk/vbulletin/showthread.php?t=7093 (It has to be extracted with dd if=EBOOT.PBP of=EBOOT.elf bs=1 iseek=0x35c5, and there is no way to interact with the game, of course.) Also removing the -b command line option to select "old bintrans"; since there is no new bintrans yet :(, it is now selected by default. (-B can still be used to turn if off.)

23 Jun 2005:
gzipped kernels are now always transparently gunzipped when loaded. (Before today, gunziping only happened when loading kernels from ISO9660 file systems.) Also some minor documentation updates.

22 Jun 2005:
The first successful boot of NetBSD/evbmips (Malta) all the way to userland.
It is sad that NetBSD runs in 32-bit mode, even if 5Kc is a 64-bit MIPS processor. Splitting up bintrans haddr_entry pointers so that reads and writes are separated. (Unfortunately, there doesn't seem to be much of a performance increase.)

21 Jun 2005:
Adding a section to doc/configfiles.html about ethernet emulation across multiple hosts. Beginning the work on the ARM translation engine (using the dynamic-but-not-binary translation method). Not working yet, of course, but it is interesting and fun. Minor progress on the Malta emulation mode:

	pchb0: Galileo Technology GT-64120 System Controller (rev. 0x02)
	pcib0 at pci0 dev 9 function 0
	pcib0: VIA Technologies VT82C586 (Apollo VP) PCI-ISA Bridge, (rev . 0x27)
	isa0 at pcib0
	com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
	com0: console
	mcclock0 at isa0 port 0x70-0x71: mc146818 or compatible
	boot device: <unknown>
	root device: help
	use one of: ddb halt reboot
	root device: _
The VT82C586 PCI-ISA bridge is probably not correct for a Malta board, but at least it allows NetBSD to get further. Interrupts need to be implemented to detect PCI IDE, though.

20 Jun 2005:
Converting some strcpy()/strcat() calls into strlcpy()/strlcat(). More progress with the evbmips mode.

	MIPS32/64 params: cpu arch: 64
	MIPS32/64 params: TLB entries: 48
	MIPS32/64 params: Icache: line = 32, total = 4096, ways = 1
	                 sets = 128
	MIPS32/64 params: Dcache: line = 32, total = 4096, ways = 1
	                 sets = 128
	  picache_stride    = 4096
	  picache_loopcount = 1
	  pdcache_stride    = 4096
	  pdcache_loopcount = 1
	[ yamon_emul(): syscon: TODO ]
	[ malta_lcd:  NetBSD    ]
	Timer calibration: 224692288 cycles/sec [(6071130, 7972139) * 16]
	Loaded initial symtab at 0x802c1784, strtab at 0x802d2fa4, # entries 4413
	Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
	    The NetBSD Foundation, Inc.  All rights reserved.
	Copyright (c) 1982, 1986, 1989, 1991, 1993
	    The Regents of the University of California.  All rights reserved.

	NetBSD 2.0.2 (MALTA) #0: Tue Mar 22 09:42:37 UTC 2005
	32768 KB memory, 28768 KB freemainbus0 (root)
	cpu0 at mainbus0: 224.69MHz (hz cycles = 1123461, delay divisor = 112)
	cpu0: MIPS 5Kc (0x18101) Rev. 1 with software emulated floating point
	cpu0: 4KB/32B direct-mapped L1 Instruction cache, 48 TLB entries
	cpu0: 4KB/32B direct-mapped write-back L1 Data cache
	gt0 at mainbus0 addr 0x1be00000
	pci0 at gt0
	pci0: i/o space, memory space enabled
	pchb0 at pci0 dev 0 function 0
	pchb0: Galileo Technology GT-64120 System Controller (rev. 0x02)
	panic: cpu_initclocks: no clock attached
	Stopped in pid 0.1 (swapper) at netbsd:cpu_Debugger+0x4:        jr      ra
	                bdslot: nop
NetBSD/evbmips for Malta seems to use the GT PCI controller, similar to what is used in Cobalt.

17-18 Jun 2005:
Adding support for ethernet emulation across multiple emulator processes (for connecting many emulated machines). Still no progress with netbooting OpenBSD/sgi though; it dies very early on in the boot process. Mounting manually works, but that has worked before as well, so it isn't very interesting.
Also adding a dummy YAMON emulation thingy (for evbmips).

13 Jun 2005: RELEASE

9-12 Jun 2005:
Adding "testmips" IPIs, a dummy evbmips mode, and a hack which can be useful for finding NULL bugs in kernel code (TRACE_NULL_CRASHES).

4 Jun 2005: RELEASE

(Haha, that's what you get for trying to make a quick release.)

4 Jun 2005: RELEASE 0.3.3

4 Jun 2005:
Doing some simple release testing. I also found a good quick reference of ARM opcode encodings at http://armphetamine.sourceforge.net/oldinfo.html. (It might come in handy later, although it lacks info on instructions added in newer ISAs.)

3 Jun 2005:
Some things are broken right now (some arcbios things, etc), and performance is probably worse than the previous stable release, but maybe it is time for the next stable release anyway (to be in synch with my thesis). The x86 stuff is too unstable to be enabled by default in a stable release, though, so it will be turned off.

2 Jun 2005:
Adding a dummy ARM mode. Fixing the pckbc key repetition.

30-31 May 2005:
Various minor updates (documentation etc). Experimenting with dynamic-but-not-binary translation; the first test with just a lot of "add" instructions gives 168 MIPS on a 2.8 GHz Xeon, that is 16.66 cycles per emulated instruction. Or 14 instructions per emulated add, if you want to count instructions. (Emulating a "nop" this way would require 7 host instructions. It's possible to get down to 6 instructions, but that specific choice of instructions actually executes slower.) The advantage over binary translation is that there would be no need to write backends. Performance would be somewhere between binary translation and traditional interpretation.

26-29 May 2005:
More updates. (Mostly x86 stuff.) An OpenBSD/i386 bootfloppy now reaches userland. There's a problem with key repetition, and OpenBSD doesn't like the IDE harddisk images. NetBSD/i386, on the other hand, detects IDE but init dies mysteriously before it gets very far (possibly because of instruction fetch across a page boundary, where the later half causes a page fault, but the later part was actually outside the instruction). Hehe, don't we all love CISC. ;-)

25 May 2005:
The default nr of heads and sectors-per-track for harddisk images can now be overridden. (This is useful for booting some pre-made harddisk images that can be found on the Net.)

22-24 May 2005:
Continuing the cleanup. Also some more work on dev_vga; more of the registers now act as they are supposed to act. (http://wiki.duskglow.com/index.php/Documentation has been very useful for this.) A tiny 79-byte copper bars "demo" seems to work. :-)
Bochs seems to not care about individual scan lines, so it changes the entire background.

19-21 May 2005:
More x86 updates: simple paging support, updates to dev_vga. 40x25 textmode works :-) although it usually isn't such a useful feature. Memtest86 and some other things seem to get a bit further now.
The gcc bug was probably caused by some other code. Hm.

18 May 2005:
Haha, gcc 3.2.2 on i386 is buggy with -O3. The following macro works with -O2, but not with -O3:

	#define HEXPRINT(x,n) { int j; debug("{n=%i:",(n)); for (j=0; \
		j<(n); j++) debug("[%02x]",(x)[j]); debug("}"); }
It sometimes prints "{n=1:[a8]}" like it should, but sometimes it just prints "{n=1:}", ignoring the call to debug(). Using volatile int j; instead of just int j; gets rid of the symptoms, but I'm not sure why that is a solution. debug() is always an external function, and n is never zero. Hm. :-) Perhaps there are other things that bug out on i386 with -O3 too. Anyway, today was spent working on some x86 address translation things (protected-mode segmentation, but no paging yet).

17 May 2005:
Some more progress on the 16-bit x86 emulation mode. Today I had the first "success" with booting MS-DOS to a command prompt. (It's still buggy, though. Mostly keyb.com doesn't like the keyboard controller.)

16 May 2005:
Playing around with x86 real-mode interrupts. FreeDOS now boots all the way to a command prompt, and can be interacted with. :-)

14-15 May 2005:
Doing some cleanup (ARCBIOS, disk images, etc). The last two weeks of work on the x86 mode hasn't resulted in anything "really" running so far, but a few boot messages are printed by various bootfloppies. There is no interrupt support yet, only very little of the PC's BIOS functionality is emulated, and 32-bit and 64-bit modes are mostly non-implemented (for example the MMU). The debugger doesn't work well with segmented memory, and the x86 instruction decoding is extremely ugly. :-/

6-11,13-14 May 2005:
Time flies; no time yet for any cleanup, but some more work on the x86 stuff.

6 May 2005:
Adding a few more x86 instructions. Feedback from Antoni Sawicki indicates a weird bug, triggered on at least x86 hosts when trying to emulate a DECstation. Hm.

5 May 2005:
From now on, I'll try to concentrate on code clean-up and bug-hunting for a while. Some more x86 instructions now seem to work, enough to run "bootris", a bootsector Tetris (without keyboard input):

3-4 May 2005:
Adding some more x86 instructions. Also beginning to add some support for reading kernels directly from ISO images (including automatic gunziping of gzipped kernels), but it's an ugly hack.

28 Apr 2005:
It seems that compilation under OpenBSD/sgi (a 2005-04-28 snapshot) on a real SGI O2 causes gcc to crash. Removing the -fmove-all-movables compiler flag lets the compilation succeed though. The -fmove-all-movables option isn't that useful, so I'm commenting it out from now on.

27 Apr 2005: RELEASE 0.3.2

27 Apr 2005:
Not much time to work on the emulator lately. Doing some release testing for the next release.

17 Apr 2005:
Removing most of the x86 stuff; beginning a rewrite.

14-16 Apr 2005:
Adding an x86 cpu skeleton. The instruction decoding is super-ugly and flawed; I'll need to rewrite it from scratch some day. Also, the emulator in general isn't designed to work with non-RISC-style machines, so maybe in the end the x86 mode will not work at all.

13 Apr 2005:
NetBSD/cobalt can now be "installed", by placing the cobalt files on a disk image using another (emulated) machine, for example an emulated DECstation running NetBSD/pmax.

10 Apr 2005:
Some minor updates to the Playstation2 emulation mode; the harddisk controller now seems to work fine (but there is a long delay while detecting disks):
Maybe the harddisk controller worked with Playstation2 emulation before as well. (Most of the wdc and playstation2 code is over a year old by now.) I guess I just never waited for the delay to time out :-) If I'm lucky, all it takes now to get NetBSD/playstation2 to install and run is to emulate the OHCI controller and a USB keyboard. Also fixed tonight: a serious bintrans-related bug, triggered when devices and RAM were mixed within the same 4KB pages.

7 Apr 2005: RELEASE 0.3.1

7 Apr 2005:
Experimenting with some Linux/MobilePro kernels (http://pc1.peanuts.gr.jp/~kei/Hard-Float/Kernels/). Not much more than a pretty penguin to look at though; booting from a miniroot ext2fs filesystem fails. I'm not sure why. It panics/crashes after mounting root.
Also doing some testing for the next release.

3 Apr 2005:
Adding an Agenda VR3 mode. NetBSD doesn't support it yet, and it is usually quite hard to get Linux working in the emulator, but I've managed to get it to print stuff both to serial console and to the framebuffer.

2 Apr 2005:
A full NetBSD/hpcmips 2.0 install on an emulated MobilePro 770 now seems to take just below 19 minutes.

31 Mar 2005:
Adding NEC MobilePro 770 and 800 modes, similar to MobilePro 780. The 800 model has a much larger framebuffer, which makes it more useful with X. Both the 770 and 800 have framebuffers aligned at addresses that work with the (old) bintrans system; in practice, this means that scrolling on a 770 feels faster than on a 780.
Still no mouse support though, and I don't know how to place windows in twm without a mouse, so to be able to take the screenshot above I had to run X inside NetBSD/hpcmips without a window manager. It shows the emulator running NetBSD/hpcmips inside itself (on NetBSD/hpcmips, on a Linux/i386 host).

29 Mar 2005, later (around 08 am):
Adding a delay before the wdc interrupts; NetBSD/hpcmips can now be installed. :-)
A full install on a 2.8 GHz Xeon host (with old bintrans enabled) takes about 25 minutes. "startx" starts X Windows. :-)

28-29 Mar 2005:
More updates to the wdc (IDE controller), enough to read a NetBSD/hpcmips 2.0 ISO image.
I've tried to install NetBSD 2.0/hpcmips, but it bugs out in the middle of newfs (as shown in the second screenshot). (This might be a known problem, related to interrupt handling on MIPS in NetBSD: http://mail-index.netbsd.org/port-hpcmips/2004/12/30/0003.html. But the wdc code in GXemul is really really ugly, so that is more likely to be the problem.)

15 Mar 2005:
Some progress on faking the precense of PCMCIA cards. Apparently good enough to get NetBSD/hpcmips to detect a harddisk controller. (Interrupts aren't implemented, so it doesn't really work.)

14 Mar 2005:
Good news: the TUHS archive at www.es.embnet.org is up again :-)

8-12 Mar 2005:
Mostly OpenFirmware stuff, and adding a dummy HP PA-RISC cpu family skeleton. I've also added a MobilePro 780 mode (a HPCmips machine), and an ugly KIU subdevice to the VR41xx. This makes it possible to use keyboard input with NetBSD/hpcmips.

8 Mar 2005:
Sadly, the Sprite files seem to be gone from the TUHS archive again. (Or at least from embnet.org's copy of the TUHS archive.) Maybe it is just temporary, maybe not. Hopefully someone else with enough hosting space will mirror them and make them available. Sprite was not entierly Unix-ish and that makes it a refreshing thing to experiment with, even though the published harddisk image was quite limited.

5 Mar 2005:
I finally took the time to rewrite the hardcoded i386 bintrans code snippets (used to jump to translated code, etc). They are now generated at runtime, which allows the code to be compiled with GCC 2.x on i386. (The same kind of problem was triggered on releases prior to when using GCC 2.x on Alpha.) Also renaming mips64emul to GXemul, since it isn't really MIPS-only anymore.

1 Mar 2005:
Adding a simple URISC CPU emulation mode.

28 Feb 2005:
The Sprite harddisk image for DECstation seems to have moved to the following url:

26 Feb 2005:
Redesigning (parts of) the device registry stuff again :-)

23 Feb 2005:
The first NetBSD/bebox bootup messages:

	[ netbsd symbol table not valid ]
	Copyright (c) 1996, 1997, 1998
	    The NetBSD Foundation, Inc.  All rights reserved.
	Copyright (c) 1982, 1986, 1989, 1991, 1993
	    The Regents of the University of California.  All rights reserved.

	panic: uvm_pageboot_alloc: out of memory
	trap type 011300 at 0100
	Stopped in  at  0x1ffcf58:      illegal instruction 0x2ea14
	db> help
	print       examine     x           search      set         write       w
	delete      d           break       dwatch      watch       step        s
	continue    c           until       next        match       trace       call
        ps          kill        callout     reboot      show
	db> _
A Linux kernel (http://www.bebox.nu/files/linux/BeBox-scsi-980610.gz) prints a few lines as well:
	Loaded at 00003100, 0001EF37 words, cksum = 11E4762F

	Uncompressing Linux...*

	invalid compressed format

	 -- System halted
But Linux/bebox might not be worth persuing (according to http://www.bebox.nu/forums/viewtopic.php?t=64&sid=a3b66e4b64cb4f06cd99e6e41a6f8612). Apart from the PPC stuff, I also did some minor other cleanup work, and added a ns16550 to the VR41xx, which hopefully resembles the VR41xx's SIU close enough.

21-22 Feb 2005:
Doing some more test on 0.3, even though it is actually already released. Beginning the cleanup of the device framework. The first lines of boot messages from NetBSD/pmppc have begun to appear:

	console set up
	Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
	    The NetBSD Foundation, Inc.  All rights reserved.
	Copyright (c) 1982, 1986, 1989, 1991, 1993
	    The Regents of the University of California.  All rights reserved.
Not much, but it's a start. :-)

20 Feb 2005: RELEASE 0.3

20 Feb 2005:
More testing...

19 Feb 2005:
Doing preparations for the next release (updating documentation, etc.). Doing some release testing work.

18 Feb 2005:

	find . | xargs grep -i todo | wc -l        836
	find . | xargs grep -i fix  | wc -l        229
	find . | xargs grep -i ugly | wc -l         77

Perhaps it's time to clean up for the next release.

10 Feb 2005:
The problem with netbooting seems to be that many packets (but not all?) are lost, and this causes things to time out (very slowly). In my previous attempt two days ago, I only let it run for a few minutes, not for hours, so I didn't realize that this was the case.
Also, IBM's Hello World example for Linux/PPC64 seems to run now.

	$ ppc64-unknown-linux-as hello-ppc64.s -o hello-ppc64.o
	$ ppc64-unknown-linux-ld hello-ppc64.o -o hello-ppc64
	$ ./mips64emul -q -u linux/ppc64 hello-ppc64
	Hello, world!

4-8 Feb 2005:
More cleanup. Attempting to boot an OpenBSD/sgi snapshot with root on an emulated nfs server (running NetBSD/pmax):
It's not really working yet, though. And now performance got worse again.

3 Feb 2005:
Continuing the cleanup, and also made some progress on the O2's MEC (ethernet controller):

2 Feb 2005:
Now performance seems to have dropped a little, though. (9 minutes 55 seconds for booting without bintrans.) I guess it's too early to judge what the performance will be like.

1 Feb 2005:
Various updates. It seems that everything is a tiny bit faster now, probably because the redesign has put less stress on the (host's) caches. Here are times required to boot NetBSD 1.6.2/pmax on the 533 MHz pca56, without framebuffer, until the login prompt appears:

		with bintrans:    45 seconds
		w/o bintrans:     9 min 37 seconds
		with bintrans:    48 seconds
		w/o bintrans:     13 min 41 seconds
I was almost afraid for a moment that the redesign would be bad for performance, but luckily, that isn't the case.

20-31 Jan 2005:
Continuing the redesign/cleanup. Many bugfixes, etc. Among other things: Fixing the SCSI bug (which was triggered sometimes by NetBSD 2.0/pmax on Linux/i386 hosts), adding an ugly workaround for the floating-point bug which was triggered when running NetBSD/pmax 2.0 on an Alpha host, the count/compare interrupt will not be triggered now if the compare register is left untouched, beginning to add support for "configuration files" (so all options don't have to be manually entered on the command line), cleaning up the network stack, beginning to clean up to allow multiple simultaneous emulations with multiple machines in each emulation, a normally non-used part of the RTC registers is supported now (this causes Linux on DECstation to think that it is the year 2005, not 2000), began hacking on something to reply to Debian's DHCP requests (but it's not working yet), converting the dev_vga charcell memory to support direct bintrans access (similar to how dev_fb works, but write-support is turned off with dev_vga because it doesn't work with Windows NT), fixing a couple of bintrans bugs, the emulator now compiles under OpenBSD/arc 2.3 (inside itself) without crashing :-), some of the least used command line options have been changed, documentation is split into 5 parts now (not just 2), and lots of other bugsfixes and cleanups.

19 Jan 2005:
Finally! This is actually not a change in the emulator, but good news anyway: Kaj-Michael Lang noticed that the current CVS-version of linux-mips has support for keyboards now, on DECstation 5000/200, so it is possible to run Debian GNU/Linux with framebuffer/keyboard. (Possibly the result of work done in Oldenburg. Hopefully this will find its way into Debian unstable soon.) Kaj-Michael has made a kernel available here: http://home.tal.org/~milang/o2/patches/vmlinux-2.4.29-rc2-r3k-mipsel-decstation (Unfortunately, this kernel doesn't work with mips64emul's LANCE ethernet controller... seems to have something to do with 16-bit load/stores? Hm. 2.4.29 also seems to use 'declance.c' instead of 'pmadaa.c'.) Began working on a redesign/cleanup that I have had in mind for quite some time.

18 Jan 2005:
Updates based on feedback from Alexander Yurchenko, Alec Voropay, and Nils Weller, and some other minor changes.

17 Jan 2005:
Various updates: symbolic register names in the debugger, removing the dummy sgi_nasid and sgi_cpuinfo devices, a tiny dev_mp update, adding a 'put' command to the debugger (for modifying emulated memory interactively), etc. I realized that ARCBIOS function 0x100, which is used by IRIX, is not ReturnFromMain(), but some kind of other undocumented function. The count and compare registers are now 32 bits wide in all places, as they should be. (This causes, among other things, OpenBSD/sgi snapshots to not hang after 2 billion instructions. :-) Some cursor keys can now be inputed via X. Began to study how R10000 caches work.

16 Jan 2005:
Minor documentation updates. Adding an undocumented ARCBIOS call used by IRIX (seems to be a ReturnFromMain() call). Updates to the MC146818 RTC device (BCD values, and a Century field, as needed on SGI machines). Some ARCBIOS updates. Toying with OpenBSD/sgi and IP27 emulation, but realizing that it's way too early for that. Removing some nonsensical ARCS64 code. Adding a "power off" capability to the RTC, as used on IP32 (and possibly IP30 and others), and some minor IP30 updates.

15 Jan 2005:
I've encountered a really absurd bug when running an SGI IP32 PROM image in the emulator, which goes away "randomly" if 'show trace tree' is turned on at a specific time during bootup. This is not good :-/ Removing some old R10000 cache hacks that weren't used, so that the IP32 prom accepts R10000 and R12000. :-)

	> hinv
	                   System: IP32
	                Processor: 2 Mhz R12000, with FPU
	     Primary I-cache size: 32 Kbytes
	     Primary D-cache size: 32 Kbytes
	     Secondary cache size: 8 Mbytes
	              Memory size: 64 Mbytes
Earlier, only R5000 and RM5200 worked. Cache emulation is still not implemented, so the PROM routine which attempts to test the caches must be skipped manually, but the sizes are correct (read from the cop0 config register). I'm not sure why it says 2 MHz. Also some minor updates to the IP32 emulation, the debugger, and the NS16550 serial controller.

14 Jan 2005:
GCC 2.95.4 on Alpha seems to have trouble with one of the Alpha machine code stubs in the bintrans backend, so I've released a version with a work-around. (It is identical to 0.2.4 in all other ways.) This is a bit ironic. FreeBSD/Alpha is my main development platform, but I normally don't use the default old gcc version, because it always prints lots of warnings about known optimizer bugs, and both Compaq's CC and newer versions of gcc produce faster code.

13 Jan 2005: RELEASE 0.2.4

12 Jan 2005:
Doing a lot of testing for the next release. Thanks to Göran Weinholt for testing with valgrind and newer gcc versions on Debian, and to Anders Carlsson for testing on MacOS X.

7-11 Jan 2005:
Mostly bintrans related updates (bugfixes, and I've began to experiment with an UltraSPARC backend (again)). Continuing a bit on the ARCBIOS emulation layer: MSDOS partition table handling etc.
It is a bit buggy, but enough to create a few partitions.

6 Jan 2005:
Continuing the work on the bintrans subsystem. Also some VR41xx updates, so NetBSD/hpcmips gets a little bit further than before:
NetBSD/hpcmips NetBSD/hpcmips

4-5 Jan 2005:
More bintrans stuff; bugfixes and minor speed improvements since two days ago (NetBSD/pmax boots in 50 seconds, and Debian in 120 seconds).

2-3 Jan 2005:
Minor bintrans improvements (mostly for the Alpha backend). Time to boot various guest OSes up until a login prompt is reached, on my home machine:

	Ultrix 4.5		19 seconds (graphical login)
	OpenBSD/pmax 2.8-BETA	30 seconds (serial console)
	NetBSD/pmax 1.6.2	53 seconds (serial console)
	Debian 3.1		2 minutes 17 seconds (serial console)
So it's slightly faster than a few weeks ago.

22-27 Dec 2004:
Various updates to the debugger and many other things. A quick and really ugly hack allows Linux to show the framebuffer logo on an emulated hpcmips machine (BE-300). It doesn't get as far as the photos on the Linux for BE-300 homepage, though.
Linux for BE-300

21 Dec 2004:
After fixing the pageshift bug for non-4K-sized TLB entries (physical PFNs should always be shifted by 12, not by the TLB entry's virtual page shift), IRIX now boots with R10000! It also makes things work more smoothly when emulating various ARC machines. A big Thank You to Alec Voropay for noticing this bug. :-)

14-20 Dec 2004:
Various updates, among other things I've done more or less a rewrite of the single-step debugger, and began working on a 'mec' ethernet controller for SGI IP32.

13 Dec 2004:
Updating the -current documentation on how to perform a NetBSD 2.0/pmax install. I still haven't got it working with emulated X though. (Perhaps this has something to do with a switch to WSCONS in NetBSD?) Also some updates on the Debian experiments: the post-install configuration has now finished.
Debian 3.1
installed :)
There is the usual problem with Linux' lack of keyboard support, though, so it's not possible to log in with the framebuffer enabled. When booting without framebuffer, it seems that there's some problem with getting a login prompt (because serial console logins are not enabled by default). The solution is to boot in single-user mode, add a line to /etc/inittab to enable a serial console getty, and then reboot again.

Debian feels really slow in the emulator. For comparison, here are the times required to reach a login prompt when booting different guest OSes on my home machine:

	Ultrix 4.5		25 seconds (graphical login)
	OpenBSD/pmax 2.8-BETA	35 seconds (serial console)
	NetBSD/pmax 1.6.2	1 minute (serial console)
	Debian 3.1		2 minutes 45 seconds (serial console, not
				    using -DSLOWSERIALINTERRUPTS, that would
				    make it even slower)

12 Dec 2004:
I've managed to complete my first Debian GNU/Linux install. This has been a very time-consuming bug-hunt. It is possible that the Oopsing problem has to do with interrupts coming too fast from the serial controller. A workaround (which severely reduces serial console performance, but also seems to reduce the risk for Oopses) can be enabled by adding -DSLOWSERIALINTERRUPTS to CFLAGS when building the emulator. Debian doesn't seem to be very "lightweight", so you might want to go grab about 10-20 cups of coffee during an installation experiment. And this is with bintrans enabled, I wouldn't dare try an install without -b.
... continuing after
the first reboot...
(I'll have to figure out how to solve the serial interrupt stuff in a more general way later on. Perhaps there is a buffer overflow in the Linux kernel, which isn't triggered on real hardware, where interrupts are limited by the speed of the serial line, but I'm just speculating here. Why a buffer overflow? Well, the return address register, and other registers, contain values that look like ANSI escape codes when the kernel Oopses. Also, the Linux driver for this serial controller isn't finished yet (for example, it doesn't support keyboard input, only serial console), so guessing that it is a Linux serial driver bug or buffer overflow isn't such an outlandish guess.)

9 Dec 2004:
Some photos of the DECsystem 5500 I bought some time ago, and a photo of the emulator running on my home machines:
DECsystem 5500
with R215F harddisk
DECsystem 5500
DECsystem 5500
Photo of Ultrix
running tripplehead*
in mips64emul
* The leftmost screen in use is connected to a Sun Ultra1 (with a 24-bit graphics card), the middle one to the Alpha (also 24-bit graphics), and the rightmost screen is connected to an i960 X terminal from HP (running off the Alpha). The X terminal is capable of 8 bits of color, but when emulating other things that are in color, it is sometimes hard to map all of them, so 16 grayscales are used instead. Only a single emulator instance is running, using all three displays.

7-9 Dec 2004:
Various updates. The HISTORY file contains the details.

6 Dec 2004:
Moving the web homepage to gavare.se/mips64emul.

5 Dec 2004:
Various minor updates.

2-4 Dec 2004:
Various updates.
Experimenting with Windows NT for mips. It crashes because it cannot access the boot device (probably because the ARC component tree is missing "configuration data" right now).

2 Dec 2004: RELEASE 0.2.3

1 Dec 2004 (later):
There seems to be some bugs still in there. Installing OpenBSD/arc on an emulated Pica (R4000) triggers a bug just at the end of the install. I guess I'll release everything in the state it is right now anyway; the bintrans system is not enabled per default, and it seems to work with R3000 just fine.

1 Dec 2004:
The bintrans stuff seems to be relatively stable now, so there'll probably be a new release in a few days.

30 Nov 2004 (later):
Updates to both the Alpha and i386 backends. A NetBSD install takes 5 minutes 40 seconds on the ev7, time to reach the login prompt is 17 seconds. On the Xeon: 4 minutes 57 seconds (!) for a full install, 15 seconds to reach the login prompt on boot. Both the ev7 and the Xeon compiled the emulator inside emulated NetBSD in about 12 minutes, although the ev7 had been configured to use 64 MB bintrans cache instead of the default 20 MB.

30 Nov 2004:
Fixing the bug which caused Linux and OSF/1 to bug out with bintrans. Hopefully not too much drop in performance. (A full NetBSD install on the Xeon is now 5 minutes 40 seconds; on the ev7 it's 5 minutes 50 seconds.)

29 Nov 2004:
Some minor updates. Göran Weinholt was kind enough to construct an ext3 diskimage from the contents of ftp://ftp.uni-wuppertal.de/pub/linux/mips/mipsel-linux/root/mipsel-root-20011216.tgz, so now it has been verified that Redhat for mips works in the emulator.
Redhat Linux 7.1 for
mips, booting in the
Login prompt :-)
... but no actual
interaction yet :-(
Text mode login,
seems to work fine.
Linux doesn't support the 5000/200's keyboard controller yet (but it seems that the Linux people are working on it), so right now the system cannot be interacted with when running in graphical framebuffer mode. In text-mode, however, it can. A problem is that Linux doesn't like my bintrans system, so you have to run without -b, and that means that it is terribly slow.

28 Nov 2004 (later):
Some more updates to the i386 bintrans backend; a full NetBSD install finishes in 5 minutes 35 seconds! Compiling the emulator inside emulated NetBSD takes 14 minutes.

28 Nov 2004:
Making the R2000/R3000 caches work with bintrans (similar to RAM and device accesses) when in isolated mode. This gives a speedup. Full NetBSD install on the Xeon: 6 minutes 15 seconds, time to reach a login prompt is down to 15 seconds! Time to compile the emulator inside NetBSD/pmax inside the emulator: less than 18 minutes.
The emulator running
inside itself
Time to reach Ultrix' graphical login is probably down to 8 seconds or so, but this is with the X11 framebuffer forwarded via ssh and then onto my old i960 X terminal... so it might be even faster using a different setup.

27 Nov 2004:
More bintrans updates, but I have some other weird news: I am now the proud (?) owner of a DECsystem 5500. :-) There is of course a slight chance that it didn't survive the rough trip home (we had to roll it on the street, and the built-in wheels don't seem to work well with asphalt), but I'll try to plug it in. According to http://www.computer-archiv.de/comp0030.htm it was priced at 107000 DM (German Marks) when it was new. I got it for less.

26 Nov 2004:
Some more minor bintrans updates. A NetBSD install on the Xeon is down to 7 minutes 15 seconds actual time, on the ev7 it is 6 minutes 49 seconds. Fixing the bug which caused OpenBSD/arc (R4000) to bug out (it had to do with interrupts occuring in "nullified" delay slots).

25 Nov 2004:
Various updates.

24 Nov 2004:
Removing the entire load/store bintrans infrastructure, and replacing it with something new. Improved performance, but no implementation for 64-bit MIPS yet, and there seem to be bugs. Modifying the 'le' ethernet device' SRAM to work with bintranslated code. A full NetBSD/1.6.2 pmax install on the Xeon is now down to 7 minutes 45 seconds actual time (using -M16 -bD2). 23 seconds to reach the login prompt.

23 Nov 2004:
Minor updates.

22 Nov 2004:
Today, some things are slightly slower than yesterday, some things are slightly faster. Hm. It's a delicate balance. Between 9 minutes 5 seconds and 9 min 15 s for a NetBSD install on the Xeon. It varies a lot. Anyway, the bintrans backends for both Alpha and i386 seem to be stable enough to run NetBSD, Ultrix, and OpenBSD (just add -b to the command line).

21 Nov 2004:
A full NetBSD install on the ev7 is down to 9 minutes 50 seconds (9 min 15 seconds actual CPU time). On the Xeon it's 9 minutes 30 seconds for a full install, and 24 seconds to reach a login prompt. :-)

20 Nov 2004:
Some more minor bintrans updates.

	2.8 GHz Xeon host:
	    Graphical Ultrix login reached in 11 seconds.
	    Full NetBSD 1.6.2/pmax install:  13 minutes 45 seconds.
	    Time to reach a NetBSD login prompt: 26 seconds.

	1.0 GHz ev7 host:
	    Full NetBSD install: 10 minutes 10 seconds.
	    Time to reach a NetBSD login prompt: 26 seconds.
Hm. Acer Pica emulation seems to be broken now.

19 Nov 2004 (later):
Ultrix login reached in 13 seconds (on the Xeon host), after bgtz, bgez, bltz, and blez were added to the backend. Time to reach a NetBSD login prompt: 30 seconds.
The emulator running
inside itself
(in NetBSD/pmax)
The screenshot above shows the emulator running inside itself. (There is no 32-bit MIPS backend for the bintrans system, so the performance of the emulator inside the emulator is very poor.)

19 Nov 2004:
I've done a preliminary i386 bintrans backend. (It took less than 10 hours, and although not all instructions are handled yet, it gives an indication of how simple porting to a new target architecture should be.) Some numbers: on a 2.8 GHz Xeon host, a full NetBSD 1.6.2/pmax install takes 17 minutes with bintrans enabled. Time to reach a login prompt: 37 seconds. With Ultrix 4.5, the graphical login is reached in 20 seconds!

18 Nov 2004:
A full NetBSD install is now down to 11 minutes on the ev7. (Moving a few MIPS registers into Alpha registers, and caching loads/stores to one page so that lookups don't have to be done all the time.)

16-17 Nov 2004:
More bintrans stuff. Adding some support for translated code to access RAM in devices (such as framebuffers and DMA for the ASC SCSI controller). This reduces boot time of Ultrix on my home machine from 3 minutes to less than 2 minutes :-) (Actually, less than 1 minute to reach the login prompt.) A full NetBSD install on the ev7 takes 12 minutes 50 seconds; time to reach a login prompt: 33 seconds.

15 Nov 2004:
More bintrans updates. Record time for a full NetBSD install is now down to 14 minutes 5 seconds (actual CPU usage was below 14 minutes), and time to reach a login prompt when booting is down to 37 seconds.

14 Nov 2004:
Some minor improvements; Ultrix now boots to a usable desktop in exactly 3 minutes, on my home machine. I did another full NetBSD 1.6.2/pmax install, this time on a 1.0 GHz ev7, and it finished in less than 20 minutes (possibly due to the ev7 being faster than the ev68, or due to updates to the emulator). Time required when booting NetBSD to reach a login prompt: 46 seconds.

8-13 Nov 2004:
More updates. Bintrans for Alpha backends is stable enough to perform a full (cdrom) install of NetBSD 1.6.2, and to run Ultrix. Some numbers:

	Host: ev68, 1.0GHz, running Tru64 (OSF/1) V5.1
	Compiler: Compaq's cc V6.5-207, CFLAGS="-arch ev68" ./configure
	(modified to use 32 MB bintrans cache)
	Runtime flags: -M16 -b -D2 -CR4000

	Time for a full NetBSD 1.6.2/pmax install from
	a CDROM image onto a harddisk image:  26 minutes

	After the successful install, time needed to boot until a
	login prompt is reached:
	  -CR4000 -b          1 min 2 seconds
	  -CR3000 -b          1 min 8 seconds
	  -CR4000 -b -M128    1 min 1 seconds
	  -CR4000  (w/o -b)   1 min 57 seconds
And for running Ultrix:
	Host: pca56, 533 MHz, running FreeBSD 4.9
	Compiler: Compaq's cc V6.4-005, CFLAGS="-mcpu=ev5" ./configure
	(20 MB bintrans cache)
	Runtime flags: -M16 -Nb -XY2 -D2

	Boot time until a usable desktop is reached:
	  -b                  3 min 18 seconds
	  (w/o -b)            7 min 20 seconds

	When configured with --nobintrans:
	  (w/o -b)            6 min 48 seconds
It bugs out in some other cases though, such as with OpenBSD/arc, and for kernels that use the built-in counter/compare registers for clock stuff.

6-7 Nov 2004:
Continuing the redesign/rewrite of the bintrans subsystem. (Only for Alpha so far.) Only slightly better than running with the default interpreter, jumps aren't really translated yet, and load/stores only work to a single page.

4-6 Nov 2004:
Various updates. It is now possible to run with different framebuffer windows on different X11 displays (they may even be of different bit depth and endianness). Update regarding how DECstation BT459 cursors are used; transparency :-) and some other bug fixes.

3 Nov 2004: RELEASE 0.2.2

3 Nov 2004:
More testing...

    compiler, flags:       Guest OS:    Command line args:   Comments:
    -----------------      ---------    ------------------   ---------
    SunOS 5.9/sparc64      NetBSD/arc   -A2                  A full install from
    (cc -xarch=v9b)        1.6.2                             arccd.iso went fine.

    Windows 2000,          NetBSD/arc                        No problems.
    Cygwin (gcc)

Compiling on different platforms:

    NetBSD 1.6.2, Configures OK, compiles OK, runs OK.
    arc (inside

    NetBSD 1.6.2, Configures OK, compiles OK, runs OK.
    pmax (inside
Thanks to Alec Voropay for testing on Cygwin, and Göran Weinholt for testing on Linux.

2 Nov 2004:
Running configure, make, and doing a simple test with a NetBSD/pmax 2.0_BETA ramdisk kernel, on the following platforms:

    FreeBSD 4.9   Configures OK, compiles OK, runs OK. Both with Compaq's
    Alpha (pca56) CC ( and gcc 2.95.4, and also gcc 3.3.1.

    FreeBSD 5.1   Configures OK, compiles OK, runs OK.
    Alpha (ev6)   Using gcc 3.3.3.

    HP-UX B.11.11 Configures OK, compiles if -DMAP_ANON=MAP_ANONYMOUS, runs OK.
    (PA-RISC)     (I'm adding the MAP_ANONYMOUS stuff to the configure script.)
    (default cc)

    HP-UX B.11.23 Configures OK, compiles with lots of warnings, runs OK.
    (ItaniumII)   Reaches idle speed of 7.1 MIPS (on a 1.0 GHz Itanium II,
                  using HP's C compiler (B3910B A.06.00 [Aug 25 2004]).
                  With gcc 3.4.1, it reaches 5.5 MIPS.

    Linux/i386    Configures OK, compiles OK, runs OK. Reaches an idle speed
                  of 9.8 MIPS (on a 3.2 GHz Xeon, gcc 3.4.1). Also tested
                  with gcc 3.3.5.

    NetBSD 1.6,   Configures OK, compiles OK, runs OK. Reaches an idle
    i386          speed of 4.7 MIPS (1.2 GHz Pentium III, using gcc 2.95.3).

    OpenBSD 2.3,  Configures (but strtoll is missing), compiles if "typedef
    arc (inside   size_t socklen_t" is added to config.h, runs OK (but with the
    mips64emul)   same X11-library problems that NetBSD had). Using gcc 2.8.1.

    OpenBSD 3.5,  Configures OK, compiles OK, runs OK.
    sparc64       using gcc 3.3.2 (propolice).

    OSF/1 V4.0    Configures OK, compiles with some warnings, crashes when run.
                  (Interestingly, the mips64emul binary produced on V4.0 runs
                  fine on OSF/1 V5.1. :-)

    OSF/1 V5.1    Configures OK, compiles OK, runs OK. Reaches idle speed
    Compaq's CC   of 5.4 MIPS. (Host is a 1.0 GHz (dual) ev7 Alpha.)

    OSF/1 V5.1    Configures OK, compiles with minor warnings, runs OK.
    gcc 3.3       Reaches an idle speed of 6.2 MIPS. (Same machine as above.)

    SunOS 5.9     Configures and compiles ok, both with CFLAGS="" and with
    sparc64       CFLAGS="-xarch=v9b" (64-bit mode), using Sun C 5.5, and with
                  gcc 2.95.3.

1 Nov 2004: (Later)
OpenBSD/arc and Linux/Olivetti-M700 don't both work at the same time with the speed-hack stuff. So, from now on, you need to add -J for Linux, and add nothing for openbsd.

    compiler, flags:       Guest OS:    Command line args:   Comments:
    -----------------      ---------    ------------------   ---------
    FreeBSD/alpha 4.9,     OpenBSD/arc  -A2 -X -N            Full install from a CDROM
    ccc V6.4-005,          2.3                               image went fine.

    Linux/i386, Redhat?    Ultrix 4.5   -D2 -M256            Full install worked fine.
    gcc 3.2.2 20030222,

    NetBSD/i386 2.0_BETA,  OpenBSD/pmax -D2 -M8              Full network install (minus
    gcc 3.3.3 (20040520)   2.8                               X11) seems to have worked fine.

1 Nov 2004:
Some updates to the way multiple framebuffer windows are used when emulating multiple graphics cards in one machine; Ultrix running dual- or tripple-headed works better than before. There will probably be a 0.2.2 release soon.

Stuff tested so far for the 0.2.2 release:

    compiler, flags:       Guest OS:    Command line args:   Comments:
    -----------------      ---------    ------------------   ---------
    Solaris (SunOS 5.9),   Ultrix 4.2   -D2 -M128 -X         Full install and running with X seems
    cc 5.5 2004/08/10,                                       to work fine. (Also with -Z2 and -Z3.)

    OpenBSD/sparc64 3.5,   NetBSD/pmax  -N -X -D2 -M64       A full network install went fine.
    gcc 3.3.2 (propolice)  1.6.2

27, 29 Oct 2004:
Minor updates. Adding a Sony NeWS "newsmips" emulation mode skeleton (-f). Fixing a bug which I introduced a few weeks ago (the "speed-hack-jump" stuff), which prevented Linux/IP32 from booting. But now it works again, and for some strange reason (possibly related to the improved keyboard controller?), Linux now prints more than just the penguin during bootup:
with framebuffer

25 Oct 2004:
I realized that I had tried an Olivetti M700 Linux kernel on an emulated Pica, which didn't make sense. So now the Pica and M700 models are separated better. A skeleton G364 framebuffer device seems to work enough to show the penguin and some text, but scrolling isn't implemented.
Olivetti M700
(Why does the penguin have an SGI logo on it? :-)

24 Oct 2004: (Later)
Finally! I've begun writing a framework for DMA controllers for the ASC SCSI controller, and the first such controller (R4030) has been implemented. This means that OpenBSD/arc and NetBSD/arc can now be installed on an emulated Pica. :-)
OpenBSD/arc 2.3...
... done! NetBSD 1.6.2/arc
works too
Thanks to Alec Voropay for keeping me interested in Pica emulation, even though I do not have such hardware myself.

23-24 Oct 2004:
Various updates, mostly related to Acer PICA-61 interrupts and PC-style keyboard controller. Both OpenBSD/arc and NetBSD/arc now reach userland and can be interacted with for PICA-61, OpenBSD in vga console mode (using the keyboard controller), NetBSD using serial console.
OpenBSD/arc 2.3
on an emulated
Acer PICA-61...
... with userland

22 Oct 2004:
Generalizing the dev_vga text console device so that it can be used in other resolutions than just 80x25. I've changed the default for PICA to 80x30, and it seems to work with OpenBSD/arc. Also, the PICA interrupt system updates and SCSI controller updates that I've done lately seem to work better with OpenBSD/arc than with NetBSD/arc.
OpenBSD/arc 2.3
on an emulated
Acer PICA-61

19-21 Oct 2004:
Various updates.

18 Oct 2004:
Finally some more progress on getting Mach to run. Mach now gets past clock initialization, and tries to boot from disk. (It is possible to create old-style ufs partitions using OpenBSD/pmax in the emulator, using newfs -O, which Mach can read.) It tries to load /mach_servers/startup and /mach_servers/emulator from the disk, but I haven't found those files anywhere on the web yet.
Mach 3.0 MK83
almost booting
from disk

14-17 Oct 2004:
Various updates.

13 Oct 2004:
Mach/PMAX seems to ignore the bit in the SCSI INQUIRY data which tells whether the drive supports synchronous I/O or not. After some hacking, it seems that Mach can get past the SCSI disk detection, although it complains about not being able to go into synch. mode.

11-12 Oct 2004:
Various minor updates.

9-10 Oct 2004:
Finally! After quite a bit of bug hunting and trial-and-error, TCP/IP from within Ultrix now seems to work. (Ultrix doesn't use the LANCE controller as the LANCE manual says it should be used, and Ultrix sends larger ethernet packets than the actual TCP/IP data, so the ethernet packet length is not trusted any more.) Hopefully this doesn't break networking support for other guest OSes.

8 Oct 2004:
Finally! IRIX outputs its first non-error-related boot message :-) There is a bug in the emulation of R10000, so an R5000, RM5200, or RM7000 cpu has to be used, IP32 emulation is the only mode that works so far with IRIX, and the memory size has to be fixed at 64MB (because the memory controller isn't emulated). IRIX then halts because there is no root disk.

7 Oct 2004:
Minor updates.

6 Oct 2004:
Adding some (rather large) screenshots of Ultrix 4.5 running tripple-head (with three separate emulated TURBOchannel graphics cards, one for each monitor) to the screenshot page.
Ultrix 4.5
Ultrix 4.5
Ultrix 4.5

4 Oct 2004:
Various minor updates.

2 Oct 2004:
Installing Ultrix in the emulator was broken, but I found and fixed the bug rather quickly: the "fix" I implemented a few days ago for the 'sub' instruction (according to the MIPS64 manual) caused the Ultrix installer to bug out.

28-29 Sep 2004:
Minor updates (ARC and SGI stuff; the "arcdiag" program can now be interacted with for -Ax and -G22 modes).

23-28 Sep 2004:
Various updates. Karsten Merker was kind enough to test the current Debian r3k-kn02 boot.img file on a physical machine (and it gets further than in the emulator), so now I'm confident that the bug which prevents Debian from being installed is actually in the emulator.

18 Sep 2004: RELEASE 0.2.1

14-17 Sep 2004:
More updates. There will be a 0.2.1 release soon. Unfortunately, due to the code updates, 0.2.1 will perform worse than 0.2. I did a full NetBSD/pmax 1.6.2 test install from ftp.se.netbsd.org (2.8 GHz Xeon PC host), just to see how much slower it is. The install finished in 1h 15min.

1-6 Sep 2004:
Various updates.

29 Aug 2004:
mips64emul is 1 year old today :-)

26 Aug 2004:
Minor updates. Adding a cursor to the VGA text console device. Changing all old 11:22:..55:66 ethernet macs to 10:20..60, still hardcoded though.

24 Aug 2004:
Minor updates based on feedback from Alec Voropay (configure script updates for Cygwin and documentation).

22 Aug 2004:
Minor updates to the regression testing framework.

19 Aug 2004:
Minor updates. Adding an 'unassemble' debugger command.

18 Aug 2004 (later):
Adding a 'tlbdump' debugger command, and some other minor fixes.

18 Aug 2004:
Adding signal handlers to better cope with CTRL-Z and CTRL-C. Adding a simple interactive single-step debugger which is activated by CTRL-C. (Commands so far: continue, dump, help, itrace, quit, registers, step, trace, version)

12 Aug 2004:
Using fseeko(), when it is available. Other minor updates. Adding a NetGear WG602 emulation mode skeleton (-g); after a lot of trial and error, a Linux kernel (WG602_V1715.img) gets all the way to userland, but hangs there.

11 Aug 2004:
Adding the 'clz', 'clo', 'dclz', and 'dclo' special2 (MIPS32 and MIPS64) instructions. More Au1500 updates.

10 Aug 2004:
Some Au1500 updates.

6 Aug 2004:
Adding include/impactsr-bsd.h (a newer version of what was in mgras.h before, and this time with only a BSD-style license), but it is not used yet.

5 Aug 2004:
Minor updates. Adding some more CPU types/names, but they are probably bogus. Adding a MeshCube emulation mode. Just a skeleton so far, but enough to let a Linux kernel print some boot messages.

	$ mips64emul -e 0x80800000:kernel.img
	starting emulation: cpu0 pc=0xffffffff80800000 gp=0x0000000000000000

	loaded at:     80800000 808E2000
	relocated to:  81000000 810E2000
	zimage at:     810063D0 810E1EC6
	Uncompressing Linux at load address 80100000
	Now booting the kernel
	CPU revision is: 00000440
	FPU revision is: 00000500
	Primary instruction cache 32kB, physically tagged, direct mapped, linesize 32 bytes.
	Primary data cache 32kB direct mapped, linesize 32 bytes.
	Unified secondary cache 128kB direct mapped, linesize 32 bytes.
	Linux version 2.4.24mtx (br1@null) (gcc version 3.3.2) #5 Fri Mar 19 18:41:43 CET 2004
	4G Systems MTX-1 Board
	Determined physical RAM map:
	 memory: 04000000 @ 00000000 (usable)
	On node 0 totalpages: 16384
	zone(0): 16384 pages.
	zone(1): 0 pages.
	zone(2): 0 pages.
	Kernel command line:  console=ttyS0,115200 usb_ohci=base:0x10100000,len:0x100000,irq:26
	calculating r4koff... 00000000(0)
	CPU frequency 0.00 MHz
	Calibrating delay loop... 
(It's supposed to be using an AU1500 CPU, but then Linux chokes on non-implemented caches, so an R4400 will have to do for now.) Adding the 'deret' instruction.

4 Aug 2004:
Some dev_mp updates. The -y switch has to do with number of cycles, not number of instructions; variable names have been changed to reflect this.

3 Aug 2004:
A post-3.5 OpenBSD/sgimips kernel snapshot with ramdisk seems to boot fine in the emulator, all the way to userland, and can be interacted with. Adding a -y option, used to set how many (random) instructions to run from each CPU at max (useful for SMP instruction interleave experiments). Importing a 8x16 console font from FreeBSD (vt220l.816). Adding a skeleton for a 80x25 text console device (dev_vga), useful for some ARC modes. (Character output is possible, but no cursor yet.) Adding a dev_zero device (returns zeroes on read). OpenBSD/arc 2.3 can get all the way to userland with -A4 (if the wdc devices are commented out) but bugs out there, probably because of interrupt issues.
post-3.5 snapshot
VGA console
... reaching
Adding a -A5 ARC emulation mode (Microsoft-Jazz, "MIPS Magnum") which NetBSD seems to like. No interrupt specifics yet, so it hangs while waiting for SCSI.

1 Aug 2004: RELEASE 0.2

1 Aug 2004:
Fixing the 512 vs 2048 cdrom sector size bug; I hadn't implemented the mode select SCSI command. (It still isn't really implemented.) A bug which crashes the emulator is triggered when run with new NetBSD 2.0_BETA snapshots on a Linux/i386 host. I'm not sure why. UDP packets sent to the gateway (at are now forwarded to the machine that the host uses as its nameserver. Some other minor fixes.

30 Jul 2004:
Removing mgras.h, as I'm not sure a file dual-licensed this way would work. (Dual-licensing as two separate files would work though.) Preparing for the upcoming release (0.2).

26 Jul 2004:
The configure script is now more verbose. A Debian/IP22 Linux tftp boot kernel requires ARCS memory to be FreeMemory, not FreeContiguous. (This should still work with other SGI and ARC OSes.) Fix for ARCS write(), so it returns good write count and success result (0). Some hacks to the IP22 memory controller, to fake 72MB RAM in bank 0. The IP22 Debian kernel reaches userland (ramdisk) when run with -G24 -M72 -CR4400, if a special hack is done to the zs device.

25 Jul 2004:
Changing the inlined asm statement in bintrans_alpha.c into a call to a hardcoded array of bytes that do the same thing (an instruction cache invalidation). This allows the same invalidation code to be used regardless of compiler. Some other minor changes.

22 Jul 2004:
Trying to fix some more TCP related bugs.

21 Jul 2004:
Trying to fix the last-ack bug, by sending an RST after the end of a connection. (Probably not a correct fix, but seems to work?) Adding a my_fseek() function, which works like fseek() but with off_t instead of long, so that large disk images can be used on systems where long is 32 bits.

20 Jul 2004:
Finally found and fixed the ethernet/tcp bug. The hardware address is comprised of 6 bytes, where the first byte should have a zero as the lowest bit, not the last byte. (This causes NetBSD and Linux running in the emulator to accept my SYN+ACK packets.) Getting the first nameserver address from /etc/resolv.conf. (This is not used yet, but could be useful if/when I add internal DHCP support.) Working more on the TCP stuff; TCP seems to be almost working, the only immediate problem left is that the guest OS gets stuck in the closing and last-ack states, when it shouldn't. It is now possible to install NetBSD and OpenBSD via ftp. :-)

19 Jul 2004:
Trying to move out all of the instruction_trace stuff from the main cpu loop (for two reasons: a little performance gain, and to make it easier to add a GUI later on).

18 Jul 2004:
The MardiGras device works well enough to let Linux draw the SGI logo and output text.
And a bunch of other minor changes.

17 Jul 2004:
A little TCP progress; OpenBSD/pmax likes my SYN+ACK replies, and tries to send out data, but NetBSD/pmax just drops the SYN+ACK packets. Trial-and-error led me to change the 64-bit ARCS component struct again (Linux/IP30 likes it now). I'm not sure about all of the offsets yet, but some things seem to work. More 64-bit ARCS updates (memory descriptors etc). Better memory offset fix for IP30, similar to how I did it for IP22 etc. (Hopefully this doesn't break anything else.) Adding a MardiGras graphics controller skeleton for SGI-IP30 (dev_sgi_mardigras.c). Thanks to Stanislaw Skowronek for dual-licensing mgras.h. Finally rewrote get_symbol_name() to O(log n) instead of O(n) (Stanislaw's Linux kernel had so many symbols that tracing with the old get_symbol_name() was unbareably slow). Removing all of the experimental tlbmod tag optimization code (the 1-entry load/store cache), as it causes more trouble than the performance gain was worth.

16 Jul 2004:
Minor fixes to the configure script (and a few other places) to make the sources compile out-of-the-box on HP-UX (ia64 and HPPA), old OpenBSD/pmax (inside the emulator itself), and Tru64 (OSF/1) on Alpha. A couple of other minor fixes.

14 Jul 2004:
Some updates to the web homepage (a left column for main navigation, and contents on the right). Updating the documentation a little on how to experiment with a Debian Linux install kernel for DECstations. A 'mini.iso' Linux image for DECstation has different fields at offsets 0x10 and 0x14, so I'm guessing that the first is the load address and the second is the initial PC value. Hopefully this doesn't break anything. Some initial TCP hacks, but not much is working yet. Some updates for IP30: The load/store 1-entry cache didn't work too well with IP30 memory, so it's only turned on for "MMU4K" now. (This needs to be fixed some better way.) Adding a hack which allows Linux/Octane to use ARC write() and getchild() on IP30. Linux uses ARCBIOS_SPB_SIGNATURE as a 64-bit field, it was 32-bit before. Making ugly hacks to the arcbios emulation to semi-support 64-bit equivalents of 32-bit structures.

13 Jul 2004:
Trying out some minor optimizations. (Seem to work best on Alpha, on i386 they might even reduce performance.) Refreshing the UDP implementation in src/net.c a little. Sprite suddenly runs on an Alpha host (maybe it was just a fluke yesterday).

12 Jul 2004:
Working on IP/UDP fragementation issues. Incoming UDP packets from the outside world can now be broken up into fragments for the guest OS. (This allows, for example, OpenBSD/pmax to be installed via nfs.) Outgoing fragmented packets are NOT yet handled. Linux doesn't use 64-bit file offsets by default, which is needed when using large disk images (more than 2GB), so the configure script has now been modified to add neccessary compiler flags for Linux. For some reason, Sprite seems to run fine on a Linux host, but not on my Alpha, so there is a serious bug somewhere.

11 Jul 2004:
(Later.) Fix so that Sprite detects the PMAG-BA correctly. Adding some stuff about NFS via UDP to the documentation. Fixed the 'update flag' for seconds, so now Sprite doesn't crash because of timer-related issues anymore. Fixing KN02 interrupt masks a bit more, to make Sprite not crash. Sprite now runs quite well.
Sprite boot
... and
X windows!

11 Jul 2004:
I found the "bug": wget downloaded the simpleroot28.fs.gz file as read-only, and gunzip preserved those flags. Thus, OpenBSD 2.8's installer crashed as it didn't get its writes through to the disk. With that problem out of the way, I verified that the instructions in the current documentation for installing OpenBSD work, and I also tested networking. ARP + ICMP + UDP work, just as in NetBSD :-) so I was able to tftp over the 20040709 snapshot of the emulator, and compiled it under OpenBSD.

OpenBSD 2.8 has gcc 2.95.3 19991030 (prerelease), which doesn't cause any problem. However, strtoull and strtoll didn't exist on OpenBSD 2.8, it seems, so I added "-Dstrtoull=strtoul -Dstrtoll=strtol" to CFLAGS. This is an incorrect solution, but at least it got the emulator to compile.

Parts of the 1280x1024x8 PMAGB-BA graphics card has been implemented, it works (unaccelerated) in NetBSD and OpenBSD, but Ultrix does not seem to like it. Cleaned up the BT459 cursor offset stuff a bit. Trying to make the emulated mouse coordinates follow the host's mouse' coordinates (for lk201, DECstation), by "de-accelerating" the data sent to the emulated OS. Linux likes the PMAGB-BA too, and I realized that if I boot the Debian r3k-kn02 install kernel and wait for a few minutes, it runs all the way to the Language choice dialog. Running without -X but with -o 'console=ttyS03' causes it to boot in serial console mode.

11 Jul 2004:
(Early.) I've been trying to repeat the OpenBSD install from yesterday, but appart from the first initial install (which was successful), I've only been able to do one more. Several attempts have failed with a filesystem panic in the middle of install. I'm not sure why.

10 Jul 2004:
Some bits in the KN02 CSR that were supposed to be readonly weren't. That has been fixed, and this allows Linux/DECstation to get past SCSI detection. :-) Minor updates to the ASC controller, which makes Linux and OpenBSD/pmax like the controller enough to be able to access SCSI devices. OpenBSD/pmax boots from a disk image for the first time. :-) Linux detects SCSI disks, but I have no bootable Linux diskimage to test this with. Updating the doc/ to include instructions on how to install OpenBSD/pmax onto a disk image. (It is non-trivial.)

	Full install of OpenBSD/pmax 2.8 on a 2.8GHz Xeon host: about 1 hour
	Additional time to configure the system: about 30 minutes
	(Configuring included booting single user to set a root password
	and install the X11 distribution sets.)
This is really nice. All the time and energy I've put into working on the emulator is paying off.
OpenBSD 2.8/pmax OpenBSD with
X-windows :)
Naively added a PMAGB-BA (1280x1024x8) in hopes that it would basically be a PMAG-BA (1024x864x8) in higher resolution, but it didn't work that way. I'll have to look into this later. Adding a -o option, useful for selecting '-s' (single user mode) during OpenBSD install and other things. After a lot of debugging, a serious bug related to the tiny cache was found; Linux just changes the ASID and returns when switching between processes in some occasions without actually writing to the TLB, and I had forgotten to invalidate the tiny cache on such a change.

I did another full install of NetBSD 1.6.2/pmax, and it broke the record again; 39.5 minutes for a silent R4000 textmode install, and then 1min 25sec for booting until the login prompt appears. Both those numbers are all-time records.

9 Jul 2004:
(Later.) I figured out why the Debian Linux 2.4.26 kernel for DECstation suddenly stopped printing stuff to the console. It ignores the setting which tells the OS whether to use serial or graphical console, and silently assumes graphical. :-) This is the first time I see Linux running in graphical mode under DECstation emulation.
(2.4.26, from Debian)
I've also gotten Sprite to run a bit more. (Fixes to the TURBOchannel empty-slot detection. This also makes Linux/DECstation properly recognize both Lance controller and the SCSI controller.) Sprite even reaches the login prompt :-) but for some reason it doesn't like the mouse, and thus boots in serial console mode. It is also very unstable, and spuriously crashes because "Software time is ahead of hardware!", as it claims. When making the screenshot above, I didn't even have time to shutdown completely. Sometimes it crashes before reaching the login prompt. Still, this is very fascinating.

9 Jul 2004:
Incoming UDP checksums were wrong, but are now set to zero and NetBSD inside the emulator now accepts the packets (eg. nameserver responses). Host lookups and even tftp file transfers (using UDP) work now :-)
partly working :-)
Adding a section on Networking to the Technical documentation, and a preliminary NetBSD/pmax install instruction for network installs to the User documentation. Some updates to the man page.

8 Jul 2004:
Minor changes and perhaps some tiny speed improvements (at least on Alpha). The Lance chip is (apparently) supposed to set the length of received packets to len+4. (I've not found this in any documentation, but this is what NetBSD expects.) So now, ICMP echo replies work :-) UDP works in the outgoing direction, in the incoming direction, tcpdump can see the packets but they seem to be ignored anyway. (Weird.) Adding a separate virtual-address-to-host-page translation cache, 1-entry for loads, 1-entry for stores. (For now, it only works on R4000 as there are conflicts with cache usage on R3000). Changing the lower clock speed bound from 1 MHz to 1.5 MHz.

7 Jul 2004:
Removing the '-c' option again, and making it the default behaviour of the emulator to automatically adjust clock interrupts to runtime speed (as long as it is above 1 MHz). (This can be overridden by specifying a static clock rate with the -I option.) Updating the doc/ stuff a bit. Generalization of the DECstation bootblock loading, to work with Sprite/pmax. Lots of other minor modifications to make Sprite work, such as adding support for DECstation "jump table" PROM functions, in addition to the old callback functions. Sprite boots from a disk image, starting the kernel if the argument "-j vmsprite" is used, but it seems to not like the DBE exceptions caused by reading empty TURBOchannel slots. :-/ This is the output when I temporarily changed the turbochannel code to return zeroes instead of DBE exceptions:

	$ ./mips64emul -D2 -XY2 -d ds5000.bt -j vmsprite

	Performing dec disk boot  
	Size: 921296+234720+581920
	Happy Birthday!!
	8192 pages of memory
	Assuming you have one of those fancy graphics displays.
	Starting timer interrupts.
	Sprite kernel: SPRITE VERSION KS.390 (ds5000) (5 Jan 93 14:59:42)
	Available memory 33554432
	[ le: read from UNIMPLEMENTED addr 0x1c03f0 ]

	vmMemEnd = 0xc0015248 - Warning: VmRawAlloc asked for >100K
	SCSI controller "SCSI#0" in slot 5 (PMAZ-AA DEC V5.3a TCF0)
	Idling processor 0 for 5 seconds...
And then it hangs while idling.

5 Jul 2004:
Working on the 'le' device, and on a generic (device independant) networking framework. le can transmit and receive packets, and the network framework fakes ARP responses from a fake gateway machine (at a fixed ip address, Adding a '-c' command line option, which makes emulated_hz automatically adjust itself to the current number of emulated cycles per host CPU second (measured at regular intervals).

4 Jul 2004:
Working on R2000/R3000 caches. Adding a '--caches' option to the configure script. Various small optimizations. R3000 caches seem to almost work as they should. Mach/PMAX finally boots :-) It bugs out pretty early, probably because the SII controller isn't really emulated yet.
Mach/PMAX 3.0 MK83
Mach works whenever --caches is used. I've done some performance testing with --caches, --delays, both, and none, for NetBSD and Ultrix and here are the results:

	Real time required to boot NetBSD 1.6.2 and Ultrix 4.5 directly
	from a diskimage until login prompt appears:

	Compiler settings:  CC=gcc CFLAGS="-mcpu=i686" ./configure [--caches] [--delays]
	Emulator command line:
		NetBSD: -XY2 -M32 -I5000000 -D2 -N [-CR4000]
		Ultrix: -XY2 -M32 -I5000000 -D2 -N -j vmunix

		NetBSD R3000:  1min48s  (cache sizes incorrectly detected as 32KB+32KB, should have been 64I+32D)
	        NetBSD R4000:  1min43s
		Ultrix:        25s

	./configure --caches
		NetBSD R3000:  2min5s, 2min1s, 1min58s  (*)
		NetBSD R4000:  1min43s
		Ultrix:        28s

	./configure --delays
		NetBSD R3000:  2min46s, 2min43s   (incorrect cache size detection as above)
		NetBSD R4000:  1min44s
		Ultrix:        34s

	./configure --caches --delays
		NetBSD R3000:  4min19s
		NetBSD R4000:  2min40s
		Ultrix:        1min15s

	(*) = with this one, interrupt response behaviour was weird
As can be seen, --caches degrades performance a tiny bit. --delays has more of a performance penalty, especially for R3000 (I don't know exactly why), and when --caches and --delays are combined there is a large performance degradation. I've also timed a full NetBSD install again:
	-D2 -CR4000 -M32 -I6000000 -q ...  total time:  42 minutes
A slight improvement compared to the 50 minutes it took just a few days ago.

3 Jul 2004:
Modifications to the configure script so that a config.h file is created, containing things that were passed along as -Dxxx on each cc command line before. More work on instruction latency support; trying to separate the concepts of nr of cycles and nr of instructions.

2 Jul 2004:
(Even later.) Cleanup to remove compiler warnings (Compaq's cc, Solaris' cc, and gcc 3.3.3/3.3.4 in Linux), mostly by putting ULL on large numeric constants. Better support for scaledown of BT459 cursors, but still not color-averaging. Beginning the work on adding better memory latency support (instruction delays), enabled by the --delays configure option.

2 Jul 2004: RELEASE 0.1.1

2 Jul 2004:
(Later) Adding an ugly hack for CDROMs in FreeBSD; if an fread() isn't done at a 2048-byte aligned offset, it will fail. The hack tries to read at 2048-byte aligned offsets and move around buffers to make it work. (This hack is neccessary on at least FreeBSD to make installations directly from CDROMs work without bugging out.) Adding video off (screen blanking) support to BT459. Making a 0.1.1 release, containing the bugfixes and changes I've made during the last two days.

2 Jul 2004:
Minor bugfix (some new untested code for X11 keypresses was incorrect).

1 Jul 2004:
Adding support to load bootstrap code directly from a disk image, for DECstation. Both NetBSD/pmax and Ultrix can now boot straight of a disk image. No separate kernel file is needed at all. (Ultrix still needs -j vmunix, though, to boot from /vmunix instead of /netbsd.)

30 Jun 2004: RELEASE 0.1

NetBSD/pmax 1.6.2,
in mips64emul-0.1

30 Jun 2004:
Adding support for 15 and 16 bits X11 framebuffers. It should now work on 8-bit (grayscale), and 15-, 16-, and 24-bit (color) displays. There was a bug which caused some X servers to update the screen in "layers", probably caused by my usage of XYPixmap. That has been changed to ZPixmap now, which fixes the problem. Thanks to Göran Weinholt for helping me test this. The pixels in the mouse cursor (for BT459) are now colored as the emulated OS sets them, although no transparency masking is done on the edges of the cursor yet. (In plain English: the mouse cursor is no longer just a white solid square, you can actually see the mouse cursor image on the white square.)

29 Jun 2004:
(Later.) Adding -A3 (NEC RISCstation 2200) (this is similar to the 2250 model that NetBSD/arc can already boot all the way into userland and be interacted with), and -A4 (Deskstation Tyne). Some more minor fixes.

29 Jun 2004:
More minor fixes. Thanks to Juan (xtraeme) for providing me with fresh NetBSD/pmax 2.0_BETA kernels for testing.

28 Jun 2004:
Hacks for faking the existance of a second level cache (ARCBIOS and other places). An important fix for dc7085: tx interrupts should happen before rx interrupts, not the other way around as it was before. (This speeds up NetBSD boot on DECstation, and fixes a bug which Ultrix triggered on heavy keyboard input.) A couple of other minor fixes. Framebuffer fix: there was a bug which caused the rightmost/bottom pixel to sometimes not be updated, when running in scaledown mode. This is now fixed. Adding a small program which removes "zero holes" from harddisk image files.

27 Jun 2004:
I found and fixed an interrupt related bug in the BT459 ramdac device, which affected the performance of any machine using the PMAG-BA negatively (that means DECstations), so now Ultrix 4.2 boots into graphical login in about 25 seconds! Wow. For X11 bitdepths other than 8 or 24, a warning message is printed at startup. Adding a BUGS file containing a list of known bugs. I'm doing a lot of other minor fixes, optimizations, and beautifying of the code as well. I measured the time of another full NetBSD 1.6.2 install, on the same host and with the same compiler as on the 24th of June:

        Runtime flags:  -CR4000 -D2 -q -M32 -I6000000
        Total install time (NetBSD 1.6.2, silent mode): about 50 minutes
        Total time until the login prompt appears:  about 2 minutes
        (This is with -CR4000 and without -X.)
        Compiling the emulator inside itself: 1.5 hours
-fomit-frame-pointer is now enabled by default by the configure script, if the C compiler supports it. Adding a minimal man page, doc/mips64emul.1.

25 Jun 2004:
(Later) Adding a -v (verbose) command line option. If -v is not specified, the emulator goes into -q (quiet) mode just before it starts to execute MIPS code.

25 Jun 2004:
(Early) I think now is a good time for a "feature freeze", to let the code stabilize and then make some kind of first release.

24 Jun 2004:
Finally! I found and fixed the bug which caused 'ps', 'top', 'xclock', and other programs in NetBSD/pmax to behave weird. Increasing performance by a few percent by running as many instructions in a row as possible, before checking for hardware ticks. When booting from SCSI tapes on DECstation, the bootstring now contains 'tz' instead of 'rz'. Adding a second ARC machine mode, "Acer PICA-61", -A 2. Disabling the support for "instruction delays" by default (it has to be enabled manually in misc.h now, but is never used anywhere anyway). Other minor optimizations (moving around stuff in the cpu struct in misc.h, and caching cpu->pc in cpu.c). Separating the tiny translation cache into two, one for code and one for data.

Using the latest optimizations, I timed a full install of NetBSD/pmax 1.6.2.

        Host and build details: 2.8GHz Xeon PC, gcc 3.2.2 20030222,
        CFLAGS="-mcpu=i686 -fomit-frame-pointer" ./configure; make

        Runtime flags:  -D2 -qN -M32 -I6000000 -XY2

        NetBSD installation settings:  Full install, silent mode,
            from a CDROM image onto a harddisk image.

        Total install time, from starting the emulator until halt:
            1 hour 47 minutes!

        Total time from starting the emulator until the login prompt
            appears:  less than 4 minutes!  (3min 30sec once)
This is really great. Ultrix 4.2 boot time reduced similarly from 48 seconds to 34 (-I5000000 -M16 -XY2 -qjN -D2).

23 Jun 2004:
(Early in the morning.) Performing a general code cleanup (comments, fixing stuff that led to compiler warnings, ...). Disabling MIPS16 support by default, and making it a configure time option to enable it (--mips16). This gives a few percent speed increase overall. Increasing performance by assuming that instruction loads (reading from memory) will be at the same page as the last load. First by assuming that a vaddr -> paddr translation for instruction loads almost always is preserved (gaining a few percent speed), and then that a paddr -> host memblock translation also holds if the instruction is in normal RAM (which led to some more percents of speed increase). :-) This is definitely a fine night for coding... For example, the total time from starting the emulator until Ultrix 4.2 shows it graphical login dialog is 48 seconds!

22 Jun 2004:
(Late.) Trying to track down the last SCSI tape bugs. Removing all dynamic binary translation code (bintrans), starting from scratch again.

22 Jun 2004:
(Early in the morning.) Finally! After many many hours of trial and error, I got the SCSI tape stuff to work; when going past the end of a file, automagically switch to the beginning of the next.

21 Jun 2004:
Removing the Nintendo 64 emulation mode, as it is too uninteresting to support. Adding SCSI tape device support (read-only, so far, and not 100% working). Fixing a bug which caused the cursor to be corrupted if new data was written to the framebuffer, but the cursor wasn't moved.

20 Jun 2004:
Adding a program which converts SGI prom dumps from text capture to binary, and some hacks to try to make such an IP22 PROM to work better in the emulator.

18 Jun 2004:
Experimenting with the WDSC SCSI controller for IP20,22,24. NetBSD tries to send INQUIRY commands to the scsi disks, but seems to require DMA (not implemented yet) to receive the answer.

15 Jun 2004:
(Late in the evening) Adding enough SGI IP20 (Indigo) support to let NetBSD 2.0 enter userland :-) No interrupt specifics for IP20 are implemented yet, so it hangs while doing terminal output. (Textdump: screenshots/20040615-sgi-ip20.txt)

14 Jun 2004:
Modifying the memory layout for IP20,22,24,26 (RAM is now offset by 128MB, leaving room for EISA registers and such), and moving around some code chunks. This is not well tested yet, but seems to work. Moving parts of the tiny translation cache, as suggested by Juli Mallett. It seems that the speedup isn't as apparent as it was a few weeks ago, though. :-(

        mips64emul arguments:     -q -CR4000 -D2 -I2900000 -N -XY2 -M32
	Using a disk image and a generic NetBSD 1.6.2 kernel.
	Times are from startup of the emulator until NetBSD displays the
	login prompt.

	Without the translation cache:       more than 11 minutes
	With 3 translation cache entries:    9 minutes 30 seconds
	With 4     -         "       -  :    9 minutes 0 seconds

	With R3000 instead of R4000, using 4 cache entries, boot time
	dropped to 8 mintues 0 seconds.
Another speedup was achieved due to not translating addresses into symbol names unless the symbol name is actually printed. Added support for loading old big-endian (Irix) ECOFF kernels (0x60 0x01 as the first two bytes).

13 Jun 2004:
IP32 didn't work last night, because there were too many tick functions registered. That has been increased now. I've been trying out NetBSD/sgimips 2.0 beta kernels; there are some differences compared to 1.6.2, which I'm trying to solve. MACE interrupt fixes for IP32: _serial and _misc are different. Separation of IP22 (Full-house) and IP24 (Guiness).

12 Jun 2004:
Adding "dev_unreadable", which simplifies making memory areas unreadable. (NetBSD on SGI-IP22 no longer detects non-existant hpc1 and hpc2 busses.) Implementing rudimentary support for IP22 "local0" and "local1" interrupts, and "mappable" local interrupts. Some progress on the WDSC SCSI controller on IP22, enough to let NetBSD get past the disk detection and enter userland! :-) The zs (zilog serial) device now works well enough to let NetBSD/sgimips be interacted with on IP22. :-) (Though it is very ugly and hardcoded.)

11 Jun 2004:
More crime/mace progress, and some more work on pckbc. KN5800 progress: adding a XMI->BI adapter device; a disk controller is detected (but it is just a dummy so far).

10 Jun 2004:
Various minor SGI fixes (64-bit ARCS stuff, progress on the CRIME/MACE interrupt system, and some other random things).

9 Jun 2004:
Minor fixes.

8 Jun 2004:
ll/sc should now fail if any unrelated load/store occurs. Minor changes to the configure script. Adding some ifdefs around code which is not often used (the mfhi/mflo delay, and the last_used TLB experimental code); this might cause a tiny speedup.

7 Jun 2004:
Adding the dsub instruction. Some minimal progress on SGI-IP30 emulation. Applying a patch from Juli Mallett to src/file.c (I'm not sure yet if it breaks or fixes anything). Some minor fixes for SGI-IP22 (such as faked board revision numbers).

6 Jun 2004:
Adding ARCBIOS GetReadStatus() and Read(). Adding some instructions: tlt, tltu, tge, tgeu, tne.

15 May 2004:
Some more bintrans experiments.

8, 11 May 2004:
Just some small fixes: PMAG-BA cursor possition should now be correct, both for text output and the mouse cursor, and -N prints current nr of instructions per seconds (in addition to average).

7 May 2004:
Fixing PMAG-BA color for Ultrix. (Ultrix relies on interrupts coming from the TURBOchannel slot to update the palette.)
PMAG-BA with... ...correct colors.

6 May 2004:
Adding a vaddr to paddr translation cache, causing a speedup of perhaps 50%-100%, most noticeable in NetBSD userland. (For example, on a 2.8 GHz Xeon host, the time needed to boot NetBSD up until the login prompt is displayed has been reduced from 9 minutes to 4.5 minutes.)

5 May 2004:
Both CR and LF now produce the same lk201 scancode, so that pressing 'enter' works as expected in Ultrix.

4 May 2004:
Ultrix can now be successfully installed!

    OS:          Host:                                  mips64emul arguments:      Time:
    Ultrix 4.5   Linux/i386 (2.8GHz Xeon)               -qNXj -D2 -M64 -I2900000   4.5 hours
    Ultrix 4.4   FreeBSD/alpha (533MHz Alpha 21164PC)   -qj -D2 -M16 -I900000      24 hours (*)

Ultrix 4.5
... ... done!
First boot
login :-)
... DECterm :-) PMAG-AA

It's really rewarding to see that something like Ultrix is able to run in the emulator. It is still extremely slow, though, as can be seen in the Time column above. The Ultrix 4.5 install time was for an "Advanced" install, with some additional software subsets, the Ultrix 4.4 install was a "Basic" install.

The PMAG-BA vdac is apparently not correctly implemented, the screenshots above are supposed to be in 8-bit color.

(*) = after around 24 hours, there was a power failure due to a thunderstorm, but I think the install was just finished before that happened.

29 Apr - 3 May 2004:
Some Floating point coprocessor things have now been implemented. Almost everything works, but there are at least two bugs left: the xclock in NetBSD isn't rendered correctly, and 'ps axu' and 'top' loop forever.

24 Apr 2004:
Adding a BT455 vdac to the PMAG-AA emulation, and fixing the colormap stuff in the BT459 (used in PMAG-BA emulation) causing colors in Xpmax in NetBSD to be rendered correctly.

PMAG-AA with BT455
PMAG-BA with
improved BT459
Linux/playstation2 inside
NetBSD/pmax, running in
mips64emul on Linux/i386

Fancy screenshots like the ones above take a long time to produce. Running the emulator inside the emulator is really really slow, but being able to make screenshots like that is about as close to a "correctness proof" that I can get without using regression tests, so it is still worth it.

15 Apr 2004: (later)
I have now verified that a full NetBSD/pmax install can complete successfully. I could almost not believe it when X worked right away. (Well, the colors are weird, PMAG-FA isn't supported so PMAG-AA has to be used, the mouse pointer isn't shown and it behaves weird, the xclock is just a line, and keyboard input is repeated incorrectly, but at least it runs :-)

Xpmax :-) mips64emul
compiling inside
NetBSD running
inside mips64emul!
mips64emul runs
inside itself :)
mips64emul -i mips64emul -q

As can be seen above, X runs, and mips64emul compiles and runs inside itself :-) This is really really cool. And unfortunately, very very slow. Here are times as measured on a 2.8 GHz Xeon-based machine:

        Install and boot:
            3h 45min         Full installation of NetBSD/pmax from a CD-ROM image
                9min 30sec   Booting a fresh install to the login prompt

        Building mips64emul inside NetBSD inside mips64emul:
               5min 15sec    ./configure
            6h 36min         make
But it feels really wonderful to have gotten as far as I have now.

15 Apr 2004:
Finally! (#2) Found and fixed the bug; SCSI reads and writes (actually, any data in or data out) can be split up into multiple DMA transfers; this was only partially implemented before, and the part that was implemented was buggy. It works now. NetBSD/pmax and Ultrix 4.3 seems to like the SCSI stuff enough to install almost all the way.

12 Apr 2004:
Trying to find the bug. No success yet.

11 Apr 2004:
Fixing the DC7085 device so that Ultrix doesn't behave weird if both tx and rx interrupts occur at the same time. More disk image filename prefixes are now recognized; c (for CD-ROM, as before), d for disk, b for boot device, r for read-only, and 0-7 for scsi id. More advancements on the asc SCSI controller. Mounting disks works in Ultrix. Installing to disk usually crashes for various reasons, but an OSF/1 install gets relatively far (similar to the NetBSD/pmax install).

8 Apr 2004:
Fixing a bug (non-nul-terminated string) which caused X11 cursors to not display on Solaris. Unneccessary X11 redraws are skipped (removes some weird delays that existed before), and cursors are redrawn on window exposure. (The cursor functionality has been moved from dev_fb.c to x11.c.)

7 Apr 2004:
The bug is triggered by gunzip during NetBSD/pmax install.

6 Apr 2004:
FINALLY! Some real progress on the asc controller. Mounting, reading, and writing disks works in NetBSD. Reading disks seems to work a bit in Ultrix too, but it is less stable. NetBSD can almost be installed from a CDROM iso image onto a disk image now, but it bugs out during installation (perhaps due to incomplete SCSI controller, perhaps something else such as unimplemented math coprocessor). Anyway, this is really really nice. Also done today: Added a hack to allow ./configure + make to work on HP-UX B.11.00 on HPPA-RISC, gcc 3.3.2. (Does not work with HP's cc, though.)

2 Apr 2004:
Minor progress on the asc SCSI controller.

30 Mar, 1 Apr 2004:
Minor changes, documentation updates, and adding a dummy OHCI controller for the Playstation 2 emulation mode.

28 Mar 2004:
After many hours of trial-and-error testing and hacking, Linux boots (using graphical console) under Playstation 2 emulation. The Playstation 2 graphics controller has been extended to work better with NetBSD (color :-) and Linux, most of it is common code used by both OSes. (The Linux cursor support is untested, though.) Some interrupt handling enhancements on Playstation 2, needed for Linux' dma. 128-bit loads and stores (lq and sq) are allowed now (on R5900), although the top half of quadwords are not modified by other instructions. (Linux uses lq and sq.) Big-endian X Windows servers now display correct rgb color, not bgr as before.

26 Mar 2004:
Fixing a bug in the 'madd' instruction, allowing NetBSD/playstation2 to reach userland. And a simple fix which allows NetBSD timer interrupts to be triggered; NetBSD uses T_MODE_CMPE (compare), while Linux uses _OVFE (overflow). There's still no way to interact with NetBSD under PS2 emulation, as there is no OHCI USB controller (and no USB keyboard device) yet.

24 Mar 2004:
Adding a generalization hack to the SCC serial controller to work with SGI-IP19 (in addition to DECstations). Adding the 'sdc1' instruction. Some progress on various SGI emulation modes. (No actual boot message output, though.)

23 Mar 2004:
Fixes to allow SGI-IP20 and IP22 to work a bit better (aliased memory), and adding "private" firmware-like vectors to arcbios emul. An IP22 Irix kernel gets far enough to print an assertion warning (and then double panics). :-)

21 Mar 2004:
Some really minor updates.

15 Mar 2004:
Pixelstamp solid fill now supports colors other than just zero-fill. Adding a (new) regression test skeleton.

14 Mar 2004:
Adding PMAG-JA and PMAG-RO (1280x1024 x 8-bit) TURBOchannel graphics devices. They work in Ultrix, but only monochrome and no cursor, because there are no ramdacs or such yet.

10 Mar 2004:
Moving the DEC CCA stuff from src/machine.c into a separate device file (devices/dev_deccca.c). An ugly hack added to allow some more OSF/1 kernels (almost a.out, but without many of the header fields) to load.

9 Mar 2004:
Fixes/updates of dev_dec5800 and dev_ssc (and dev_decxmi) allow a KN5800 Ultrix-OSF1-ramdisk kernel to boot all the way into userland and be interacted with. :-) The bt459 cursor should now look semi-nice, but it is still a bit fake.

8 Mar 2004:
More work on the Pixelstamp framebuffer device. The px family actually consists of (at least) PMAG-CA, -DA, -EA, and -FA. The -CA, -DA, and -FA variants seem to work fine with both NetBSD and Ultrix. (Support for -EA was not compiled into any of the kernels I tried.) Using these devices instead of the non-accelerated framebuffer devices means a lot speed-wise; scrolling is almost bareable now :-) Here's how the new devices are detected with various kernels:

               PMAG-CA:   px0 at tc0 slot 0 offset 0x0: 2D, 4x1 stamp, 8 plane
               PMAG-DA:   px0 at tc0 slot 0 offset 0x0: 3D, 4x1 stamp, 8 plane, 128KB SRAM
               PMAG-FA:   px0 at tc0 slot 0 offset 0x0: 3D, 5x2 stamp, 24 plane, 128KB SRAM

        Ultrix 4.2A rev 47:
               PMAG-CA:   px0 at ibus0, pa0 (5x1 8+8+0+0)
               PMAG-DA:   px0 at ibus0, pq0 (5x1 16+16+16+0 128KB)    or (5x1 0+0+16+0 128KB)
               PMAG-FA:   px0 at ibus0, pq0 (5x2 24+24+16+16 128KB)

        Ultrix 4.2 rev 85:
               PMAG-CA:   ga0 at ibus0, ga0 ( 8 planes 4x1 stamp )
               PMAG-DA:   gq0 at ibus0, gq0 ( 8+8+16Z+0X plane 4x1 stamp )
               PMAG-FA:   gq0 at ibus0, gq0 ( 24+24+24Z+24X plane 5x2 stamp )
Not much is emulated so far, only enough to output text, clear/fill areas, and copy/scroll, and there are a couple of bugs (Ultrix in serial console mode crashes if these devices are present (!)), but overall I'm really happy about getting this far.

As can be seen from the screenshot above, an OSF/1 V1.0 installation ramdisk kernel detects and uses the PMAG-FA, but the install program doesn't think it is supported.

7 Mar 2004:
Implementing the basic functionality of a "PMAG-CA" pixelstamp accellerated TURBOchannel 8-bit 2D framebuffer device. Works with NetBSD and Ultrix, but no cursor or color support yet. Using this accelerated framebuffer device is a lot faster than the non-accelerated, especially when scrolling.

6 Mar 2004:
Combining playstation2's dmac, interrupt, and timer devices into one (ps2_stuff). Adding some R5900 instructions: mfsa, mtsa, pmfhi, pmflo, por, lq, and sq. (Most of them are just guesses, though.) Implementing my own XImage putpixel routine, which can be inlined... significantly faster than normal XPutPixel. :-)

5 Mar 2004:
Playstation 2's GIF can now copy 640x16 pixel chunks, allowing NetBSD to scroll up the framebuffer. The cursor also works better now (inverting pixels behind it). Playstation 2 bootinfo RTC data should now be passed correctly to the running kernel; NetBSD doesn't complain about the rtc being invalid anymore. A fix for DECstation's rtc (setting the year field to either 72 or 73) makes Ultrix not print a warning about invalid year.

4 Mar 2004:
Adding a simple hack to fake enough DMA functionality in the DECstation ioasic controller, to allow Ultrix to output text boot messages in -D3, -D4, and -D7 modes, and graphical framebuffer boot messages in -D4 and -D7 modes as well. Playstation 2 emulation is slowly making progress as well. R5900 'madd' specific hack (just a guess, actually) and some sifbios related hacks now lets NetBSD/playstation2 boot a little bit further, perhaps all the way into userland (but the framebuffer doesn't scroll up so it's hard to see).

3 Mar 2004:
Found the bug which caused NetBSD/playstation2 to bug out. On R5900, a coprocessor function for enabling interrupts is executed if the lowest 6 bits of the function value is 0x38, and on other CPUs ERET is executed if the lowest 5 bits are 0x18; checking the R5900 case before the general case solved this. NetBSD now runs a little bit longer than before, but it still crashes.

28 Feb 2004:
More work on the scc serial controller. -D4 emulation (3MAXPLUS) now works with both serial console and graphical (keyboard) console using NetBSD, but Ultrix and OpenBSD want DMA features that are not yet implemented. A command line option (-j) is used to select ultrixboot behaviour instead of NetBSD behaviour.

25 Feb 2004:
Ultrix/OSF1 with a ramdisk suddenly works :-) Ultrix wants boot device args to be arg number 1, while netbsd wants boot device to be number 0 and flags (such as "-a") as arg number 1. (I don't know yet how to cleanly make this work with both.) This is really nice, because now I know that Ultrix runs well enough to execute userland code.

23 Feb 2004:
Some minimal DEC KN5800 progress; Ultrix prints some boot messages, detects 16 XMI R3000 cpus, and get a NULL panic. The CPUs don't work yet, of course.

	ULTRIX V4.2 (Rev. 85) System #1: Tue Mar 19 06:12:26 EST 1991
	real mem = 8388608
	avail mem = 3198976
	using 204 buffers containing 835584 bytes of memory
	KN5800 processor - system rev 0
	cpu0 ( version 2.0, implementation 2 )
	fpu0 ( version 4.0, implementation 3 )
	DECsystem 5810 server
	xmi 0 at address 0x11800000
	x3p at xmi0 node 0
	x3p cpu at xmi0 node c0fda000
	x3p at xmi0 node 1
	x3p cpu at xmi1 node c0fda000
	x3p at xmi0 node 15
	x3p cpu at xmif node c0fda000
	warning: NULL reference, exception TLBL, pc->last=ffffffff800f52b0 <(no symbol)>
This kernel has no debug symbols, so it's kind of hard to know what the NULL reference comes from. Still, better than nothing :-)

22 Feb 2004:
I finally found and fixed the 32-bit bug which caused a Linux/SGI-IP32 kernel to only work on Alpha, not on 32-bit machines. (It was a shift-left-by-variable issue, I've had one of those bugs before. x << y, where only the lowest 5 bits of y are used on 32-bit machines, and the lowest 6 on Alpha.) I've also done some simple benchmarking to see how fast the emulator is on different machines with different compilers:

        Machine:             Compiler:                               Instructions/second:
	UltraSparc 143MHz    gcc-2.95.3/propolice -O2 -fpeephole     234352       (64-bit)
        UltraSparc 400MHz    gcc-2.95.3                              206085       (32-bit)
        UltraSparc 400MHz    gcc-2.95.3 -fpeephole -O3               497792       (32-bit)
        UltraSparc 400MHz    Sun's cc                                228866       (32-bit)
        UltraSparc 400MHz    Sun's cc -fast -xO5                     780265       (32-bit)
        UltraSparc 400MHz    Sun's cc -fast -xO5 -xarch=v9           608040       (64-bit)
        UltraSparc 900MHz    Sun's cc -fast -xO5                     1585651      (32-bit)
        Alpha 21164PC 533MHz gcc-3.4 -fpeephole -O2 -fschedule-insns 436554       (64-bit)
        Alpha 21164PC 533MHz compaq's cc -fast -O3                   505063       (64-bit)
	Alpha 21364 1000MHz  compaq's cc-V6.5-207 -fast -O4          2288500      (64-bit)
        PC AMD K6-2 450MHz   gcc-2.95.3 -O3 -fpeephole               486199       (32-bit)
        PC IntelXeon 2.8GHz  gcc-3.2.3 -O2 -fpeephole                3537089      (32-bit)
        ItaniumII 900MHz     gcc-3.2 -O3 -fpeephole                  1560530      (64-bit)
        HP-PARISC 750MHz     cc -O2                                  bugged out (?)
(This is very unscientific, though, as I didn't care about cache sizes and so on.) I let the Linux/SGI-IP32 kernel run until it paniced (no root filesystem available, and no network), so the instructions/second is the average after 32.5 million instructions. (mips64emul -CR10000 -M128 -G32 -qN)

19 Feb 2004:
I found some Linux kernels for DECstation at http://www.xs4all.nl/~vhouten/mipsel/kernels.html that seem to work in the emulator (using -D1 or -D12, and almost with -D2 and -D7 as well). It seems that Linux doesn't support graphical console, though.

18 Feb 2004:
TURBOchannel slots that are unused now return a DBE exception, instead of successful zeroes. This causes Ultrix and the DECstation PROMs to stop complaining about invalid ROMs. I also continued on the machine-dependant interrupt handling stuff.

11 Feb 2004:
Updates to the documentation. Adding a Hello world example (to let people get started with writing their own programs), and instructions on how to use PROM images from DECstations.

9 Feb 2004:
Adding some syscalls to the Ultrix userland emulation mode. Ultrix4's /bin/date and /bin/hostname run, more or less.

6 Feb 2004:
Some binary translation experiments (for Alpha).

27 Jan 2004:
Fixes for compiling under Solaris.

24 Jan 2004:
Skeleton code for userland-only emulation (syscall translation from emulated platform to the host's). So far /bin/date, /bin/hostname, and /bin/sync from NetBSD/pmax run a bit. :-)

20 Jan 2004:
Some performance enhancements, and thoughts about binary translation.

10-11 Jan 2004:
The 'gbe' SGI-IP32 graphics device works enough to display the Linux framebuffer penguin in the upper left corner :-) -p and -P addresses can now be given as symbol names, not just numeric values. Experimenting with adding a PCIIDE (dev_wdc) controller to the Cobalt emulation.

7-10 Jan 2004:
Adding a fix (partly incorrect) to daddi, to allow Linux/sgimips to boot in 64-bit mode. Fixing a sll/nop bug (rd==0 for nop, not sa==0 as before). Faking R10000 cache things so that an SGI-IP32 PROM image boots, although it takes almost forever for it to realize that there is no keyboard. Adding a doc/ directory to the source tree, containing rudimentary usage documentation.

6-7 Jan 2004:
Separating out memory.h from misc.h. Refactoring of a lot of small code fragments. The PCI bus device is now shared between Cobalt, SGI, and ARC. Support for RAM mirroring (dev_ram.c, not really tested yet). Ugly hack to select the largest of ELF string symbol tables, if there are more than one. Memory hole fix for ARCBIOS, and a fix for very large (>= 4GB) amounts of emulated RAM. TGA (DEC 21030) PCI graphics device. NetBSD/arc can boot with this card and use it as a framebuffer console. :-)

4-5 Jan 2004:
Adding a really really dummy 8250 device, so that Linux/sgimips can output console messages. Adding the dmultu instruction (although either dmult or dmultu is incorrectly implemented). Fixing a bug in unaligned load/stores of 64-bit values (a cast was needed to make 0xff into a uint64_t). Linux/sgimips in 64-bit mode works a bit more than before. Adding simple (polled) input functionality to dev_zs. Making some progress on SGI-IP22 (IP32 still works best, though). Fixing the mc146818 clock device in ARC/NEC and SGI emulation modes, the year field was not correct. Adding a fake 'pref' instruction (for MIPS ISA IV, 'lwc3' should be used in earlier ISAs).

3 Jan 2004:
Making some minor progress on SGI and Cobalt emulation.

29, 30 Dec 2003:
Adding instructions: teq, dsllv, bltzal, bltzall, bgezal, bgezall (these are not really tested yet). Adding a Nintendo 64 emulation mode (just a skeleton). Adding R4300 and R12000 to the cpu list. Fixing the 16550 serial controller device (by not supporting fifo, so in fact it emulates a 16450 instead). This causes NetBSD/sgimips to run nicely into userland, sysinst, and so on. :-) Some ARC/RD94 interrupts seem to work ok now, but i/o interrupts are still not correctly implemented. However, NetBSD/arc reaches userland and can be interacted with. :-)

28 Dec 2003:
Many minor improvements to the SGI emulation mode. Userland is reached, but mace/crime interrupt handling isn't really implemented yet, and the NS16550 device is not correctly implemented.

22 Dec 2003:
Making progress on SGI and ARC emulation. Multiple CPUs are now represented in the arcbios component tree (although they cannot be used yet). The "bug" that caused the SGI emulation to bug out was actually in the ELF loader code; if the memsz and filesz fields differ, then the filesz should obviously be used when reading from the file. :-)

20 Dec 2003:
Adding some more ARCbios stuff, so that both SGI and ARC machine emulation now works a little bit. On ARC, userland is reached (but then it just idles). On SGI, there's a bug halfway through netbsd's boot sequence. Still, this is better than nothing.

24 Nov, 4 Dec 2003:
Adding support for raw binaries, and SREC binaries.

20 Nov 2003:
Doing some more asc (SCSI controller) tests, and adding some code which forwards the host's X11 mouse events (movements and button state) to the emulated mouse device on DECstation. The mouse stuff hasn't been tested yet, though.

11 Nov 2003:
Adding support for non-24-bit visuals when using X11.

8 Nov 2003:
Adding the first MIPS16 instructions: "move y,X", "ld y,D(x)", and "daddiu S,K" (but the last one doesn't work yet). Fixing the console environment variable for DECstation 5000/200 (3MAX, machine -D2); both serial console and graphical console work now. Enough of the 'asc' controller is now implemented to let both NetBSD and Ultrix get past scsi disk detection when no disk images are used.

7 Nov 2003:
Adding a -A option, for a generic ARC-based machine. Adding some ARCBIOS stuff. Cobalt machines now use an RM5200 CPU instead of an R4000, by default. Framebuffer performance increase: when writing to the framebuffer, if the new data is equal to the old data stored in the framebuffer, then it is treated as if no write was commited at all (thus ignoring the need to recalculate the XImage). This makes scrolling and initialization (zero-filling a zero-filled screen) a bit faster. Adding some MIPS16 skeleton stuff. Adding disk image support, but there's nothing using this yet as no SCSI controller is working yet.

6 Nov 2003:
Importing mips64emul into CVS.

6 Nov 2003:
Removing the -S (symbol) option, as symbol files can now be given in any order together with other file names to be loaded. cookin (irc) tipped me about using (int64_t) (int32_t) casts instead of manually sign-extending values. Casting sometimes increases performance, sometimes decreases. It's tricky.

4 Nov 2003:
DEC MIPSMATE 5100 (KN230) interrupts are shared between devices. I've added an ugly hack to allow that to work, which makes it possible to boot NetBSD into userland with serial console.

3 Nov 2003:
I tried changing the replacement done by tlbwr to one which selects the entry which hasn't been accessed for the longest time. I booted up a NetBSD/pmax install ramdisk kernel, exited the sysinst program, ran "ls -lRa" and then "halt". These were the total number of cycles for an R2000 and an R4000 run:

	                               R2000:      R4000:
	old (decrementing) RANDOM:     79062880    70132971   (nr of cycles)
	new (smart) replacement:       78840223    69872476
The gain was small, but probably real. (I don't plan to actually have this "smart" replacement enabled by default, as it slows down the emulator too much, and also makes the emulation less correct. However, it was an interesting experiment.)
I'm also experimenting with TURBOchannel framebuffer cards. PMAG-AA (1280x1024x8) and PMAG-BA (1024x864x8) seem to work, but only in black/white mode as the BT459 VDAC device is totally non-functional.
PMAG-AA framebuffer
Both NetBSD/pmax and Ultrix can use the graphics cards as console.

1 Nov 2003:
Moving code chunks around to increase performance by a few percent. The opcode statistics option (-s) now shows opcode names, and not just numbers. :-) Fixing the bug which caused NetBSD/pmax to refuse input in serial console mode, but not in keyboard/ framebuffer mode: the osconsole environment variable wasn't set correctly. Adding a getchar() function to DEC PROM emulation. The transmitter scanner of the dc device now scans all four channels at once, for each tick, so serial output is (approximately) 4 times faster.

31 Oct 2003:
Fixing more bugs: unaligned load/store could fail because of an exception, but registers could be "half updated". This has been fixed now. (As a result, NetBSD/pmax can now run with any of r2000, r3000, r4000, r4400, or r5000.) Adding some 5K and R10000 stuff. (Note: 5K is NOT R5000. Weird.) Adding dummy serial console (scc) for MAXINE. MAXINE also works with framebuffer, but there is no color palette yet (only black and white output).

30 Oct 2003:
Fixed the bug which caused NetBSD/pmax to bug out in userland; it was the ASID matching in the TLB lookup routine which didn't reset to zero between each TLB entry, causing weird tlb modification exceptions where there should be none. This is really really nice. See above under "emulation of actual machines" for screenshots. Some other minor fixes include adding the sub instruction (not tested yet, and it doesn't do overflow stuff), sign-extending the results of multu, addi, addiu, add, addu, sub, subu, mfcZ, and adding a colorplanemask device for DECstation 3100 (although this is not actually used yet).

28 Oct 2003:
Minor fixes. Adding an SGI emulation mode (-G), and some ARCBIOS stuff, which SGIs seem to use. Adding getbitmap() to the DEC prom emulation layer, so some more -D x models become more usable. Adding a dummy 'ssc' serial console device for DECsystem 5400 emulation. Playing around with TURBOchannel stuff.

27 Oct 2003:
Playing around with the sii SCSI controller. Not much success yet, but I've managed to supress the annoying SCSI error messages from NetBSD and OpenBSD.

26 Oct 2003:
Symbols in a.out files are now read directly from the file. OpenBSD/pmax seems to be booting a bit :-) although there is no install ramdisk so it cannot get to userland.
Hardware devices may now register "tick functions" at specific cycle intervals in a more generic fashion than before. All four channels of the dc serial controller device should now work; playing around with keyboard scan code generation when using the DECstation framebuffer. Making various speed improvements to the framebuffer device.

25 Oct 2003:
Minor changes to the dc device. Still no progress on fixing the NetBSD/pmax interrupt problems. :-(

24 Oct 2003:
Adding 8-bit color palette support to the framebuffer. Connecting the pmax vdac device to the framebuffer's rgb palette. Fixing a bug in the dc driver (pmax serial controller); the NetBSD kernel debugger can now be interacted with. Making some minor speed improvements. Userland is actually reached quite easily, but the interrupt problems (or whatever they are) appear before too much time can pass.

23 Oct 2003:
Adding a quick hack which skips "while (reg --) ;" kind of loops. NetBSD/pmax suddenly reached far enough into userland to output text (!), but only once and attempts to repeat it have failed. I believe it is problems with my interrupt handling system.
A spurious success
with userland :-)
In the screenshot above, the line "Terminal type? [rcons]" is printed by userland.

20, 21 Oct 2003:
The cpu_type field of the cpu struct now contains usable values in a much better form than before. This simplifies adding of new CPU types. Fixing an interrupt related bug: pc_last was used, but for interrupts this was incorrect. Fixed now. Fixing a load/store related bug: if a load into a register was aborted due to an exception, the register was still modified. The mc146818 rtc now reads its time from the system's time() function. Fixing another exception bug: if loading an instruction caused an exception, something bogus happened as the emulator tried to execute the instruction anyway. This has been fixed now. NetBSD/pmax gets to the point where it is running user code, but it gets random exception problems before it gets too far.

18 Oct 2003:
ELF symbols are now read directly from the binaries, so there's no need to use the -S command line option. Trace (-t) output looks a bit nicer, string arguments in registers a0..a3 are shown as strings. Fixing a bug in the color framebuffer device, VFB02, for DECstation. Actually, it's all grayscales as the VDAC isn't working yet, but NetBSD uses a different font for VFB02 than it does for VFB01, so the output looks nicer:
NetBSD VFB02 test (same, but with -Y 2) Ultrix using VFB02 NetBSD/playstation2
Ultrix didn't seem to work with VFB01, but it does work with VFB02. NetBSD/pmax seems to be working with an R5000 CPU. I've also been playing around with NetBSD/playstation2. The PS2 has an R5900 cpu (and an R3000A) and some non-standard graphics and sound hardware. Some of it is implemented as coprocessors, some are normal memory mapped devices, so an emulated machine can now consist of different kinds of CPUs. Some new instructions: daddi, mov_xxx (something undocumented in the R5900), and mult_xx (a variant of the mult instruction, used by R5900). Fixing a bug in the normal mult instruction (sign-extending 32-bit values). I've managed to get a framebuffer working for Playstation 2 emulation, as can be seen above. This was not trivial. (The gouraud shaded polygons are just a test to see that color works, they are not actually playstation 2 specfic. Text output can be either transparent (like above) or white-on-black.)

15, 16, 17 Oct 2003:
Adding support for ECOFF binary images; text, data, and symbols are loaded. This is needed for ultrixboot and Ultrix kernels. The DECstation argv,argc stuff must be at 0xa0000000, not 0x80000000, or Ultrix kernels complain. Adding the R2000/R3000 'rfe' instruction. Implementing more R2K/R3K tlb specific stuff, so that NetBSD boots and uses the tlb correctly, but much of it is ugly. (Needs to be separated from the R4000 code in a much cleaner way.) DECstation bootstrings now automatically include the correct name of the kernel that is booting. Ultrix boots a bit (prints a few boot messages), but hangs while trying to detect the non-existant SCSI controller.

13-14 Oct 2003:
Making the framebuffer device more generic, so that it can be used with both HPCmips as before (emulation -F) and now also DECstation 3100 (PMAX, emulation -D 1):
DECstation 3100
framebuffer test
Scaled down 2x2 times
from original size (*)
When scaling down the framebuffer, averaging of pixel values is used so that text is at least almost-readable. The reason for such a feature is that the framebuffer on a DECstation 3100 is 1024x864 pixels, which is larger than the 1024x768 that fits comfortably on my 17" monitor. The configure script has also been updated to work with X11 on Solaris hosts.

10, 13 Oct 2003:
Adding experimental (semi-useless) -t option, to show a function call tree while a program runs. Linux/cobalt now prints a few messages, but hangs at "Calibrating delay loop..." unless an ugly hack is used (setting a word of memory to non-zero). Adding another framebuffer device (this time for the DECstation 3100), but it isn't really used yet.

9 Oct 2003:
Adding instructions: mtlo, mthi. Fixing the NetBSD/pmax bug. (I hadn't used DEC-style bootpath syntax for argv[0], only for the "bootinfo" bootpath string.) Separating device emulation sources from the rest of the source files, and writing a better configure script for the whole thing. Adding console input functionality. The NetBSD/cobalt kernel's ddb can now be interacted with.

8 Oct 2003:
Adding support for HPCmips machines: my first attempt at a framebuffer device :-)
framebuffer test
NetBSD/hpcmips is running, and seems to output pixels to the framebuffer correctly. Unfortunately, it doesn't get much further than that.

6 Oct 2003:
Adding instructions: lwl, lwr, ldl, ldr, swl, swr, sdl, sdr, break, syscall. None of those new instructions have really been tested, but might work. Fixed a "data modified on freelist" bug when running NetBSD/cobalt: setting the top bit of the index register when a tlbp instruction fails (as the R4000 manual says) isn't sufficient; I had to clear the low bits as well. Adding a 'gt' device, faking a PCI bus, for the Cobalt emulation. (Emulation of the actual devices isn't implemented yet.)

2, 4 Oct 2003:
Adding initial Cobalt machine emulation support. Playing around with simple X11 support (right now used for memory access pattern visualisation, but could possibly be used for graphical framebuffers later on). Haven't had time to figure out what the Big Bug is yet.

29, 30 Sep, 1 Oct 2003:
Some TLB stuff seems to work. Adding instructions: srlv, tlbwr, tlbr, tlbp, eret, lwc*, ldc*, swc1 and swc3. There is a bug when trying to run NetBSD (a NULL reference where there shouldn't be one). I haven't figured out yet what causes it. Adding some a.out support (for loading an old OpenBSD 2.8/pmax kernel image). Symbol listings produced by 'nm -S' can be used to show symbolic names for addresses. (-S)

25, 27, 28 Sep 2003:
Adding some more instructions: bltzl, bgezl, lh, lhu, sh, mfc*, mtc*, and dummy instructions: sync, cache. Adding some minimal DECstation PROM functionality: printf() and getsysid() callback functions. Beginning work on address translation, coproc 0 functionality (tlb stuff). Adding a mc146818 real-time clock (needed by NetBSD), and a dc7085 serial console device (also needed by NetBSD).

24 Sep 2003:
Minor updates: added instructions movz and movn (MIPS IV), some more comments to the source code, a mandelbrot renderer to mipstest.c, and fixed a bug which caused an incorrect warning when instructions after 'branch likely' instructions were nullified. (When the instruction was nullified, delay counters didn't decrease and so an incorrect warning was issued if for example a div instruction came too soon after an mfhi instruction.)

23 Sep 2003:
Minor updates: more instructions (divu, mulu, lwu, perhaps some more), and opcode usage statistics.

19 Sep 2003:
Some multi-processor changes: adding ll/lld/sc/scd instructions for atomic memory accesses in MP systems, and an 'mp' device which allows an operating systems to manage the non-bootstrap cpus.

11 Sep 2003:
Minor changes. Compiles and runs ok on 32-bit machines (but the weird bug still exists).

7 Sep 2003:
Minor changes; a -q flag to supress debug messages, and an initial framework for memory mapped devices. The only device so far, though, is a getchar/putchar console device.

3 Sep 2003:
Making a web homepage for the emulator.
Adding more instructions, fixing some bugs.

30 Aug 2003:
Simple test programs using +-*/^|&%, function calls, loops, and stuff like that work.

29 Aug 2003:
This is when the project began. :-)
Skeleton. ELF stuff. Some instructions.