[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bo
|
From: |
Kenneth Salerno |
|
Subject: |
Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it reads bootfile.exe now) |
|
Date: |
Mon, 4 Apr 2011 13:28:14 -0700 (PDT) |
--- On Sun, 4/3/11, Kenneth Salerno <address@hidden> wrote:
> From: Kenneth Salerno <address@hidden>
> Subject: Re: [Qemu-devel] Help Debugging AIX boot on qemu-system-ppc (it
> reads bootfile.exe now)
> To: "malc" <address@hidden>
> Cc: address@hidden
> Date: Sunday, April 3, 2011, 6:52 PM
> --- On Sun, 4/3/11, Kenneth Salerno
> <address@hidden>
> wrote:
>
> > From: Kenneth Salerno <address@hidden>
> > Subject: Re: [Qemu-devel] Help Debugging AIX boot on
> qemu-system-ppc (it reads bootfile.exe now)
> > To: "malc" <address@hidden>
> > Cc: address@hidden
> > Date: Sunday, April 3, 2011, 11:29 AM
> > --- On Sun, 4/3/11, malc <address@hidden>
> > wrote:
> >
> > > From: malc <address@hidden>
> > > Subject: Re: [Qemu-devel] Help Debugging AIX boot
> on
> > qemu-system-ppc (it reads bootfile.exe now)
> > > To: "Kenneth Salerno" <address@hidden>
> > > Cc: address@hidden
> > > Date: Sunday, April 3, 2011, 12:13 AM
> > > On Sat, 2 Apr 2011, Kenneth Salerno
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > I have been using QEMU for a few years and
> > > periodically tested AIX V6.1 with qemu-system-ppc
> and
> > read
> > > the various threads in the mailing list knowing
> not
> > to
> > > expect it to work just yet. However, with
> OpenBIOS
> > v1.0 I
> > > was surprised to find how far it gets now. Please
> see
> > below
> > > and I would appreciate any advice on how to
> debug
> > further:
> > > >
> > > > >>
> > >
> >
> =============================================================
> > > > >> OpenBIOS 1.0 [Jan 30 2011 08:46]
> > > > >> Configuration device id QEMU
> version 1
> > > machine id 2
> > > > >> CPUs: 1
> > > > >> Memory: 2047M
> > > > >> UUID:
> > 17202d0a-45f8-4159-a8e1-78b866f50aa7
> > > > >> CPU type PowerPC,750
> > > > Welcome to OpenBIOS v1.0 built on Jan 30
> 2011
> > 08:46
> > > > Trying cd:,\\:tbxi...
> > > > Trying cd:,\ppc\bootinfo.txt...
> > > >
> > > >
> > > >
> > > >
> > >
> >
> -------------------------------------------------------------------------------
> > > >
>
> > > Welcome to AIX.
> > > > boot
> image
> > > timestamp: 00:39 35/2D
> > > > The current time
> and
> > date:
> > > 23:00:50 04/02/2011
> > > > processor count: 1; memory
> size:
> > > 2047MB; kernel size: 2293829
> > > > boot device:
> > > cd:\ppc\chrp\bootfile.exe
> > > >
> > > > qemu>
> > > > info cpus
> > > > * CPU #0: nip=0xfff0fcdc thread_id=2527
> > > >
> > > > info registers
> > > > NIP fff0fcec LR fff0fcc4 CTR fff11558
> XER
> > > 20000000
> > > > MSR 00003032 HID0 00000000 HF 00002000 idx
> 1
> > > > TB 00000000 1542797983 DECR 2752169338
> > > > GPR00 000000007fb9f0d0 000000007fcf7790
> > > 0000000000000000 000000007fba29e4
> > > > GPR04 00000000fffb403c 0000000000044200
> > > 00000000fff02464 0000000000044200
> > > > GPR08 0000000000000000 000000007fba29e4
> > > 000000000000000c 0000000000000820
> > > > GPR12 00000000000088ac 0000000000000000
> > > 00000000fff305f5 00000000fff30dac
> > > > GPR16 00000000fff2f14e 0000000004000000
> > > 00000000fffb36c4 00000000fffb3ec4
> > > > GPR20 00000000000030ec 00000000fff2ef4a
> > > 00000000fff2ef38 00000000fff2eeb8
> > > > GPR24 00000000fff2ef40 00000000fffb3628
> > > 0000000000044204 00000000fffffff8
> > > > GPR28 0000000000000036 00000000fffb0000
> > > 00000000fffb0000 000000007fb9f0d8
> > > > CR 48000084 [ G L - - - - L
> G
> > ]
> > > RES ffffffff
> > > > FPR00 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR04 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR08 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR12 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR16 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR20 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR24 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPR28 0000000000000000 0000000000000000
> > > 0000000000000000 0000000000000000
> > > > FPSCR 00000000
> > > > SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
> > > >
> > > > x/20i $pc-10
> > >
> > > Unless i'm missing something, what follows does
> not
> > make
> > > any
> > > sense (and for a good reason: 10 is not multiple
> of 4
> > > (opcode size on
> > > ppc))
> >
> > (qemu) x/20i $pc-4
> > x/20i $pc-4
> > 0xfff0fcd8: b
> > 0xfff0fce0
> > 0xfff0fcdc: mr r3,r9
> > 0xfff0fce0: lwz r9,0(r3)
> > 0xfff0fce4: cmpwi cr7,r9,0
> > 0xfff0fce8: beq- cr7,0xfff0fcfc
> > 0xfff0fcec: lwz r10,4(r9)
> > 0xfff0fcf0: lwz r11,-4(r31)
> > 0xfff0fcf4: cmplw cr7,r10,r11
> > 0xfff0fcf8: blt+ cr7,0xfff0fcdc
> > 0xfff0fcfc: stw r9,-8(r31)
> > 0xfff0fd00: stw r0,0(r3)
> > 0xfff0fd04: addi r11,r1,16
> > 0xfff0fd08: b
> > 0xfff25e80
> > 0xfff0fd0c: stwu r1,-32(r1)
> > 0xfff0fd10: mflr r0
> > 0xfff0fd14: stmw r29,20(r1)
> > 0xfff0fd18: mr. r30,r3
> > 0xfff0fd1c: stw r0,36(r1)
> > 0xfff0fd20: mr r29,r4
> > 0xfff0fd24: bne+ 0xfff0fd38
> >
> > (qemu) info registers
> > info registers
> > NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> > 20000000
> > MSR 00003032 HID0 00000000 HF 00002000 idx 1
> > TB 00000000 2208586352 DECR 2086380980
> > GPR00 000000007fb9f0a0 000000007fcf7790
> 0000000000000000
> > 000000007fba29b4
> > GPR04 00000000fffb403c 0000000000044200
> 00000000fff02464
> > 0000000000044200
> > GPR08 0000000000000000 000000007fba29b4
> 000000000000000c
> > 0000000000000820
> > GPR12 00000000000088ac 0000000000000000
> 00000000fff305f5
> > 00000000fff30dac
> > GPR16 00000000fff2f14e 0000000004000000
> 00000000fffb36c4
> > 00000000fffb3ec4
> > GPR20 00000000000030ec 00000000fff2ef4a
> 00000000fff2ef38
> > 00000000fff2eeb8
> > GPR24 00000000fff2ef40 00000000fffb3628
> 0000000000044204
> > 00000000fffffff8
> > GPR28 0000000000000036 00000000fffb0000
> 00000000fffb0000
> > 000000007fb9f0a8
> > CR 48000084 [ G L - - -
> > - L G ]
> > RES ffffffff
> > FPR00 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR04 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR08 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR12 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR16 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR20 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR24 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPR28 0000000000000000 0000000000000000
> 0000000000000000
> > 0000000000000000
> > FPSCR 00000000
> > SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
> >
> > OUT: [size=256]
> > 0x40576b60: mov 0x100(%r14),%ebp
> > 0x40576b67: mov 0x4(%r14),%ebx
> > 0x40576b6b: lea -0x10(%rbx),%r12d
> > 0x40576b6f: mov %ebp,(%r14)
> > 0x40576b72: mov $0x20,%ebp
> > 0x40576b77: mov %ebp,0x260(%r14)
> > 0x40576b7e: mov %r12d,%esi
> > 0x40576b81: mov %r12d,%edi
> > 0x40576b84: shr $0x7,%esi
> > 0x40576b87: and $0xfffff003,%edi
> > 0x40576b8d: and $0x1fe0,%esi
> > 0x40576b93: lea
> > 0x228c(%r14,%rsi,1),%rsi
> > 0x40576b9b: cmp (%rsi),%edi
> > 0x40576b9d: mov %r12d,%edi
> > 0x40576ba0: jne 0x40576bae
> > 0x40576ba2: add 0xc(%rsi),%rdi
> > 0x40576ba6: mov %ebx,%esi
> > 0x40576ba8: bswap %esi
> > 0x40576baa: mov %esi,(%rdi)
> > 0x40576bac: jmp 0x40576bba
> > 0x40576bae: mov %ebx,%esi
> > 0x40576bb0: mov $0x1,%edx
> > 0x40576bb5: callq 0x57f0f5
> > 0x40576bba: lea 0x14(%r12),%ebp
> > 0x40576bbf: mov (%r14),%ebx
> > 0x40576bc2: mov %r12d,0x4(%r14)
> > 0x40576bc6: mov %ebp,%esi
> > 0x40576bc8: mov %ebp,%edi
> > 0x40576bca: shr $0x7,%esi
> > 0x40576bcd: and $0xfffff003,%edi
> > 0x40576bd3: and $0x1fe0,%esi
> > 0x40576bd9: lea
> > 0x228c(%r14,%rsi,1),%rsi
> > 0x40576be1: cmp (%rsi),%edi
> > 0x40576be3: mov %ebp,%edi
> > 0x40576be5: jne 0x40576bf3
> > 0x40576be7: add 0xc(%rsi),%rdi
> > 0x40576beb: mov %ebx,%esi
> > 0x40576bed: bswap %esi
> > 0x40576bef: mov %esi,(%rdi)
> > 0x40576bf1: jmp 0x40576bff
> > 0x40576bf3: mov %ebx,%esi
> > 0x40576bf5: mov $0x1,%edx
> > 0x40576bfa: callq 0x57f0f5
> > 0x40576bff: mov 0xc(%r14),%ebp
> > 0x40576c03: lea 0x18(%rbp),%ebx
> > 0x40576c06: mov %ebx,%esi
> > 0x40576c08: mov %ebx,%edi
> > 0x40576c0a: shr $0x7,%esi
> > 0x40576c0d: and $0xfffff003,%edi
> > 0x40576c13: and $0x1fe0,%esi
> > 0x40576c19: lea
> > 0x2288(%r14,%rsi,1),%rsi
> > 0x40576c21: cmp (%rsi),%edi
> > 0x40576c23: mov %ebx,%edi
> > 0x40576c25: jne 0x40576c31
> > 0x40576c27: add 0x10(%rsi),%rdi
> > 0x40576c2b: mov (%rdi),%ebp
> > 0x40576c2d: bswap %ebp
> > 0x40576c2f: jmp 0x40576c3d
> > 0x40576c31: mov $0x1,%esi
> > 0x40576c36: callq 0x57ecde
> > 0x40576c3b: mov %eax,%ebp
> > 0x40576c3d: mov %ebp,0xc(%r14)
> > 0x40576c41: mov $0xfff084ac,%ebp
> > 0x40576c46: mov %ebp,0x25c(%r14)
> > 0x40576c4d: mov $0xfff1156c,%ebp
> > 0x40576c52: mov %ebp,0x100(%r14)
> > 0x40576c59: xor %eax,%eax
> > 0x40576c5b: jmpq 0x11c0a4e
> >
> > >
> > > > 0xfff0fcd2: fnmadd. f31,f24,f4,f18
> > > > 0xfff0fcd6: .long 0xfff84800
> > > > 0xfff0fcda: .long 0x87d23
> > > > 0xfff0fcde: bla 0xff788120
> > > > 0xfff0fce2: .long 0x2f89
> > > > 0xfff0fce6: .long 0x419e
> > > > 0xfff0fcea: .long 0x148149
> > > > 0xfff0fcee: .long 0x4817f
> > > > 0xfff0fcf2: .long 0xfffc7f8a
> > > > 0xfff0fcf6: rlmi r0,r2,r8,6,14
> > > > 0xfff0fcfa: fnmadd. f31,f4,f4,f18
> > > > 0xfff0fcfe: .long 0xfff89003
> > > > 0xfff0fd02: .long 0x3961
> > > > 0xfff0fd06: .long 0x104801
> > > > 0xfff0fd0a: ori r24,r11,37921
> > > > 0xfff0fd0e: .long 0xffe07c08
> > > > 0xfff0fd12: .long 0x2a6bfa1
> > > > 0xfff0fd16: .long 0x147c7e
> > > > 0xfff0fd1a: .long 0x1b799001
> > > > 0xfff0fd1e: .long 0x247c9d
> > > >
> > > > last entry from out_asm:
> > > > OUT: [size=256]
> > > > 0x4157ae90: mov 0x100(%r14),%ebp
> > > > 0x4157ae97: mov 0x4(%r14),%ebx
> > > > 0x4157ae9b: lea -0x10(%rbx),%r12d
> > > > 0x4157ae9f: mov %ebp,(%r14)
> > > > 0x4157aea2: mov $0x20,%ebp
> > > > 0x4157aea7: mov %ebp,0x260(%r14)
> > > > 0x4157aeae: mov %r12d,%esi
> > > > 0x4157aeb1: mov %r12d,%edi
> > > > 0x4157aeb4: shr $0x7,%esi
> > > > 0x4157aeb7: and $0xfffff003,%edi
> > > > 0x4157aebd: and $0x1fe0,%esi
> > > > 0x4157aec3: lea
> > > 0x228c(%r14,%rsi,1),%rsi
> > > > 0x4157aecb: cmp (%rsi),%edi
> > > > 0x4157aecd: mov %r12d,%edi
> > > > 0x4157aed0: jne 0x4157aede
> > > > 0x4157aed2: add 0xc(%rsi),%rdi
> > > > 0x4157aed6: mov %ebx,%esi
> > > > 0x4157aed8: bswap %esi
> > > > 0x4157aeda: mov %esi,(%rdi)
> > > > 0x4157aedc: jmp 0x4157aeea
> > > > 0x4157aede: mov %ebx,%esi
> > > > 0x4157aee0: mov $0x1,%edx
> > > > 0x4157aee5: callq 0x57f0f5
> > > > 0x4157aeea: lea 0x14(%r12),%ebp
> > > > 0x4157aeef: mov (%r14),%ebx
> > > > 0x4157aef2: mov %r12d,0x4(%r14)
> > > > 0x4157aef6: mov %ebp,%esi
> > > > 0x4157aef8: mov %ebp,%edi
> > > > 0x4157aefa: shr $0x7,%esi
> > > > 0x4157aefd: and $0xfffff003,%edi
> > > > 0x4157af03: and $0x1fe0,%esi
> > > > 0x4157af09: lea
> > > 0x228c(%r14,%rsi,1),%rsi
> > > > 0x4157af11: cmp (%rsi),%edi
> > > > 0x4157af13: mov %ebp,%edi
> > > > 0x4157af15: jne 0x4157af23
> > > > 0x4157af17: add 0xc(%rsi),%rdi
> > > > 0x4157af1b: mov %ebx,%esi
> > > > 0x4157af1d: bswap %esi
> > > > 0x4157af1f: mov %esi,(%rdi)
> > > > 0x4157af21: jmp 0x4157af2f
> > > > 0x4157af23: mov %ebx,%esi
> > > > 0x4157af25: mov $0x1,%edx
> > > > 0x4157af2a: callq 0x57f0f5
> > > > 0x4157af2f: mov 0xc(%r14),%ebp
> > > > 0x4157af33: lea 0x18(%rbp),%ebx
> > > > 0x4157af36: mov %ebx,%esi
> > > > 0x4157af38: mov %ebx,%edi
> > > > 0x4157af3a: shr $0x7,%esi
> > > > 0x4157af3d: and $0xfffff003,%edi
> > > > 0x4157af43: and $0x1fe0,%esi
> > > > 0x4157af49: lea
> > > 0x2288(%r14,%rsi,1),%rsi
> > > > 0x4157af51: cmp (%rsi),%edi
> > > > 0x4157af53: mov %ebx,%edi
> > > > 0x4157af55: jne 0x4157af61
> > > > 0x4157af57: add 0x10(%rsi),%rdi
> > > > 0x4157af5b: mov (%rdi),%ebp
> > > > 0x4157af5d: bswap %ebp
> > > > 0x4157af5f: jmp 0x4157af6d
> > > > 0x4157af61: mov $0x1,%esi
> > > > 0x4157af66: callq 0x57ecde
> > > > 0x4157af6b: mov %eax,%ebp
> > > > 0x4157af6d: mov %ebp,0xc(%r14)
> > > > 0x4157af71: mov $0xfff084ac,%ebp
> > > > 0x4157af76: mov %ebp,0x25c(%r14)
> > > > 0x4157af7d: mov $0xfff1156c,%ebp
> > > > 0x4157af82: mov %ebp,0x100(%r14)
> > > > 0x4157af89: xor %eax,%eax
> > > > 0x4157af8b: jmpq 0x11babee
> > > >
> > > > Thank you,
> > > > Ken
> > > >
> > >
> > > --
> > > mailto:address@hidden
> >
>
> I am posting new debug info here to give the complete
> picture:
>
> ===========================================
> gdb
> ===========================================
> cpu_ppc_exec (env1=0x11e4a10) at
> /home/kens/iso/aix/qemu/cpu-exec.c:446
> 446
> if
> (env->pending_interrupts == 0)
> 448
> next_tb
> = 0;
> 557
> if
> (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
> 564
> if (unlikely(env->exit_request))
> {
> 565
> env->exit_request
> = 0;
> 566
>
> env->exception_index = EXCP_INTERRUPT;
> 567
> cpu_loop_exit();
> cpu_loop_exit () at /home/kens/iso/aix/qemu/cpu-exec.c:59
> 59 {
> 60 env->current_tb =
> NULL;
> 61
> longjmp(env->jmp_env, 1);
> longjmp (env=0x11f3ce8, val=1) at
> ../nptl/sysdeps/pthread/pt-longjmp.c:26
> 26 {
> 27 __libc_longjmp (env, val);
> __libc_siglongjmp (env=0x11f3ce8, val=1) at longjmp.c:30
> 30 {
> 32 _longjmp_unwind (env, val);
> _longjmp_unwind (env=0x11f3ce8, val=1)
> at
> ../nptl/sysdeps/unix/sysv/linux/jmp-unwind.c:32
> 32 if
> (__libc_pthread_functions_init)
> 33 PTHFCT_CALL
> (ptr___pthread_cleanup_upto, (env->__jmpbuf,
> __pthread_cleanup_upto (target=0x11f3ce8,
> targetframe=0x7fffffffda68
> "\030_o\366\377\177") at pt-cleanup.c:27
> 27 {
> 28 struct pthread *self =
> THREAD_SELF;
> 27 {
> 34 uintptr_t adj = (uintptr_t)
> self->stackblock + self->stackblock_size;
> 37 for (cbuf = THREAD_GETMEM
> (self, cleanup);
> 61 THREAD_SETMEM (self, cleanup,
> cbuf);
> 62 }
> __libc_siglongjmp (env=0x11f3ce8, val=1) at longjmp.c:34
> 34 if (env[0].__mask_was_saved)
> 40 __longjmp (env[0].__jmpbuf,
> val ?: 1);
> __longjmp () at ../sysdeps/x86_64/__longjmp.S:29
> 29 movq
> (JB_RSP*8)(%rdi),%r8
> 30 movq
> (JB_RBP*8)(%rdi),%r9
> 31 movq
> (JB_PC*8)(%rdi),%rdx
> 33
> PTR_DEMANGLE (%r8)
> 34
> PTR_DEMANGLE (%r9)
> 35
> PTR_DEMANGLE (%rdx)
> __longjmp () at ../sysdeps/x86_64/__longjmp.S:47
> 47 movq
> (JB_RBX*8)(%rdi),%rbx
> 48 movq
> (JB_R12*8)(%rdi),%r12
> 49 movq
> (JB_R13*8)(%rdi),%r13
> 50 movq
> (JB_R14*8)(%rdi),%r14
> 51 movq
> (JB_R15*8)(%rdi),%r15
> 53 mov
> %esi, %eax
> 54 movq
> %r8,%rsp
> 55 movq
> %r9,%rbp
> 56 jmpq
> *%rdx
> cpu_ppc_exec (env1=0x11e4a10) at
> /home/kens/iso/aix/qemu/cpu-exec.c:659
> 659 } /* for(;;) */
> 285 if
> (setjmp(env->jmp_env) == 0) {
>
> ===========================================
> (qemu) info cpus
> ===========================================
> info cpus
> * CPU #0: nip=0xfff0fcec thread_id=3237
>
> ===========================================
> (qemu) info registers
> ===========================================
> info registers
> NIP fff0fcec LR fff0fcc4 CTR fff11558 XER
> 20000000
> MSR 00003032 HID0 00000000 HF 00002000 idx 1
> TB 00000000 2180099446 DECR 2114867875
> GPR00 000000007fb9f0a0 000000007fcf7790 0000000000000000
> 000000007fba29b4
> GPR04 00000000fffb403c 0000000000044200 00000000fff02464
> 0000000000044200
> GPR08 0000000000000000 000000007fba29b4 000000000000000c
> 0000000000000820
> GPR12 00000000000088ac 0000000000000000 00000000fff305f5
> 00000000fff30dac
> GPR16 00000000fff2f14e 0000000004000000 00000000fffb36c4
> 00000000fffb3ec4
> GPR20 00000000000030ec 00000000fff2ef4a 00000000fff2ef38
> 00000000fff2eeb8
> GPR24 00000000fff2ef40 00000000fffb3628 0000000000044204
> 00000000fffffff8
> GPR28 0000000000000036 00000000fffb0000 00000000fffb0000
> 000000007fb9f0a8
> CR 48000084 [ G L - - -
> - L G ]
> RES ffffffff
> FPR00 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR04 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR08 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR12 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR16 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR20 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR24 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPR28 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> FPSCR 00000000
> SRR0 000042c0 SRR1 00003032 SDR1 7fd00000
>
> ===========================================
> (qemu) x/20i $pc-4
> ===========================================
> x/20i $pc-4
> 0xfff0fce8: beq- cr7,0xfff0fcfc
> 0xfff0fcec: lwz r10,4(r9)
> 0xfff0fcf0: lwz r11,-4(r31)
> 0xfff0fcf4: cmplw cr7,r10,r11
> 0xfff0fcf8: blt+ cr7,0xfff0fcdc
> 0xfff0fcfc: stw r9,-8(r31)
> 0xfff0fd00: stw r0,0(r3)
> 0xfff0fd04: addi r11,r1,16
> 0xfff0fd08: b
> 0xfff25e80
> 0xfff0fd0c: stwu r1,-32(r1)
> 0xfff0fd10: mflr r0
> 0xfff0fd14: stmw r29,20(r1)
> 0xfff0fd18: mr. r30,r3
> 0xfff0fd1c: stw r0,36(r1)
> 0xfff0fd20: mr r29,r4
> 0xfff0fd24: bne+ 0xfff0fd38
> 0xfff0fd28: mr r3,r4
> 0xfff0fd2c: bl 0xfff0848c
> 0xfff0fd30: mr r31,r3
> 0xfff0fd34: b
> 0xfff0fd84
>
> ===========================================
> last entries from in_asm,op,op_opt,out_asm:
> ===========================================
> IN:
> 0xfff11558: mflr r0
> 0xfff1155c: stwu r1,-16(r1)
> 0xfff11560: stw r0,20(r1)
> 0xfff11564: lwz r3,24(r3)
> 0xfff11568: bl 0xfff084ac
>
> OP:
> ---- 0xfff11558
> mov_i32 r0,lr
>
> ---- 0xfff1155c
> movi_i32 access_type,$0x20
> movi_i32 tmp1,$0xfffffff0
> add_i32 tmp0,r1,tmp1
> qemu_st32 r1,tmp0,$0x1
> mov_i32 r1,tmp0
>
> ---- 0xfff11560
> movi_i32 tmp1,$0x14
> add_i32 tmp0,r1,tmp1
> qemu_st32 r0,tmp0,$0x1
>
> ---- 0xfff11564
> movi_i32 tmp1,$0x18
> add_i32 tmp0,r3,tmp1
> qemu_ld32 r3,tmp0,$0x1
>
> ---- 0xfff11568
> movi_i32 lr,$0xfff1156c
> movi_i32 nip,$0xfff084ac
> exit_tb $0x0
>
> OP after liveness analysis:
> ---- 0xfff11558
> mov_i32 r0,lr
>
> ---- 0xfff1155c
> movi_i32 access_type,$0x20
> movi_i32 tmp1,$0xfffffff0
> add_i32 tmp0,r1,tmp1
> qemu_st32 r1,tmp0,$0x1
> mov_i32 r1,tmp0
>
> ---- 0xfff11560
> movi_i32 tmp1,$0x14
> add_i32 tmp0,r1,tmp1
> qemu_st32 r0,tmp0,$0x1
>
> ---- 0xfff11564
> movi_i32 tmp1,$0x18
> add_i32 tmp0,r3,tmp1
> qemu_ld32 r3,tmp0,$0x1
>
> ---- 0xfff11568
> movi_i32 lr,$0xfff1156c
> movi_i32 nip,$0xfff084ac
> exit_tb $0x0
> end
>
> OUT: [size=256]
> 0x400e7b60: mov 0x100(%r14),%ebp
> 0x400e7b67: mov 0x4(%r14),%ebx
> 0x400e7b6b: lea -0x10(%rbx),%r12d
> 0x400e7b6f: mov %ebp,(%r14)
> 0x400e7b72: mov $0x20,%ebp
> 0x400e7b77: mov %ebp,0x260(%r14)
> 0x400e7b7e: mov %r12d,%esi
> 0x400e7b81: mov %r12d,%edi
> 0x400e7b84: shr $0x7,%esi
> 0x400e7b87: and $0xfffff003,%edi
> 0x400e7b8d: and $0x1fe0,%esi
> 0x400e7b93: lea
> 0x228c(%r14,%rsi,1),%rsi
> 0x400e7b9b: cmp (%rsi),%edi
> 0x400e7b9d: mov %r12d,%edi
> 0x400e7ba0: jne 0x400e7bae
> 0x400e7ba2: add 0xc(%rsi),%rdi
> 0x400e7ba6: mov %ebx,%esi
> 0x400e7ba8: bswap %esi
> 0x400e7baa: mov %esi,(%rdi)
> 0x400e7bac: jmp 0x400e7bba
> 0x400e7bae: mov %ebx,%esi
> 0x400e7bb0: mov $0x1,%edx
> 0x400e7bb5: callq 0x57f0f5
> 0x400e7bba: lea 0x14(%r12),%ebp
> 0x400e7bbf: mov (%r14),%ebx
> 0x400e7bc2: mov %r12d,0x4(%r14)
> 0x400e7bc6: mov %ebp,%esi
> 0x400e7bc8: mov %ebp,%edi
> 0x400e7bca: shr $0x7,%esi
> 0x400e7bcd: and $0xfffff003,%edi
> 0x400e7bd3: and $0x1fe0,%esi
> 0x400e7bd9: lea
> 0x228c(%r14,%rsi,1),%rsi
> 0x400e7be1: cmp (%rsi),%edi
> 0x400e7be3: mov %ebp,%edi
> 0x400e7be5: jne 0x400e7bf3
> 0x400e7be7: add 0xc(%rsi),%rdi
> 0x400e7beb: mov %ebx,%esi
> 0x400e7bed: bswap %esi
> 0x400e7bef: mov %esi,(%rdi)
> 0x400e7bf1: jmp 0x400e7bff
> 0x400e7bf3: mov %ebx,%esi
> 0x400e7bf5: mov $0x1,%edx
> 0x400e7bfa: callq 0x57f0f5
> 0x400e7bff: mov 0xc(%r14),%ebp
> 0x400e7c03: lea 0x18(%rbp),%ebx
> 0x400e7c06: mov %ebx,%esi
> 0x400e7c08: mov %ebx,%edi
> 0x400e7c0a: shr $0x7,%esi
> 0x400e7c0d: and $0xfffff003,%edi
> 0x400e7c13: and $0x1fe0,%esi
> 0x400e7c19: lea
> 0x2288(%r14,%rsi,1),%rsi
> 0x400e7c21: cmp (%rsi),%edi
> 0x400e7c23: mov %ebx,%edi
> 0x400e7c25: jne 0x400e7c31
> 0x400e7c27: add 0x10(%rsi),%rdi
> 0x400e7c2b: mov (%rdi),%ebp
> 0x400e7c2d: bswap %ebp
> 0x400e7c2f: jmp 0x400e7c3d
> 0x400e7c31: mov $0x1,%esi
> 0x400e7c36: callq 0x57ecde
> 0x400e7c3b: mov %eax,%ebp
> 0x400e7c3d: mov %ebp,0xc(%r14)
> 0x400e7c41: mov $0xfff084ac,%ebp
> 0x400e7c46: mov %ebp,0x25c(%r14)
> 0x400e7c4d: mov $0xfff1156c,%ebp
> 0x400e7c52: mov %ebp,0x100(%r14)
> 0x400e7c59: xor %eax,%eax
> 0x400e7c5b: jmpq 0x11c0a4e
>
> Again, if there are any suggestions how I can continue to
> debug this situatation where execution stops after starting
> to read bootfile.exe, I would appreciate it. I am willing to
> run any test or generate any output anyone suggests to get a
> better idea of where and why it is hung up.
>
> Thank you,
> Ken
>
--- On Mon, 04 Apr 2011 08:59:37 -0400, Brian Wheeler wrote:
> Out of curiosity, what command line did you use for this?
./qemu/ppc-softmmu/qemu-system-ppc \
-net none \
-m 2047 \
-nographic \
-bios ./qemu/pc-bios/openbios-ppc \
-hda aix.img \
-cdrom ibmvios.iso \
-boot d \
-rtc base=localtime,clock=host \
-uuid xx...
-monitor tcp:127.0.0.1:9979,server,nowait \
-serial tcp:127.0.0.1:9980,server,nowait \
-d in_asm,out_asm,op,op_opt