VOGONS


Compaq Deskpro 386 CPU emulation issues?

Topic actions

Reply 140 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

I'm trying to find out the entry address of CS:IP when running the DOTT.EXE(Day of the Tentacle). I've looked at the exe file through a hex editor, but I can't seem to make any sense of the address that's stored? According to https://github.com/libyal/libexe/blob/m ... t.asciidoc , offset 20(hex offset 14h) should contain an value relative to the start of the file, which is AC 19 16 12, so that means it's loading at *:19AC? Is that the address I should point UniPCemu to for debugging this app?

I notice that the command line somehow seems to be ignored? Anything put on the command line is ignored, always printing the information and then crashing on a NULL load?

It does say

Unknown flag: 'by 0
'

Anyone knows anything about this?

Finally, it ends with:

run-time error R6001
- null pointer assignment

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 141 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Strange that the test386.asm testsuite tests and validates so many instructions(except 80-83, 00-3F and 0F00-0F01 ranges) in real and protected mode, but still UniPCemu fails pretty much all protected-mode software in one way or another? EMM386, as well as unreal mode seems to wotk without visible problems, but DOTT, Windows 3.0(all 286+ protected mode software I know of atm), Jazz Jackrabbit, Windows 95 setup, Doom, Microsoft Flight Simulator 5.1 all crash in one way or another, either returning to the command line(DOTT does that as well as ignoring it's parametersOhelp is printed on the screen) before crashing on a NULL pointer load), not working properly(MSFS5.1 missing output on screen) or hanging the CPU in one way or another(all other cases). Windows 95 setup is even observed jumping to junk memory, executing 0000h instructions forever!

Edit: Although CheckIt Diagnostics runs out of EMS memory when running the EMS memory check using EMM386.EXE(From MS-DOS 6.22).
The EMS test suite from the Lo-tech EMS 2MB board checks the EMS RAM out correctly, oddly enough. So it's probably some error executing CheckIt! Diagnostics?

Edit: The new breakpoint functionality for breaking on reaching an IP(ignoring CS for said address) seems to work. Each time I execute the tentacle.exe file, the debugger triggers on said address:D So that's at least a starting point for the executable.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 142 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

I've managed to make a little(common log format) log detailing what happens when I execute tentacle.exe without any parameters:

Filename
debugger_DOTTfailingtorun_UniPCemu_20180529_1555.7z
File size
2.5 MiB
Downloads
96 downloads
File comment
TENTACLE.EXE running without parameters.
File license
Fair use/fair dealing exception

Can anyone see what's going wrong there?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 143 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just managed to fix the IBM AT Diagnostics disks to check out the CMOS correctly. There was a problem with setting any date in BCD format earlier than 19th century. I've modified it to now enable the binary format both when selecting a century earlier than the minimal date it's able to handle(1970/1/1 00:00 to be exact). When it detects a program is trying to set a date earlier than 1970, it will automatically patch to and from 1970-2069 and set it to binary mode. Binary mode is also enabled when a non-BCD value is loaded into the century byte.

Binary century mode simply disables updating of the century byte, to keep it's contents unchanging, allowing for normal data storage in the century byte without it being overwritten when time is updated based on emulated/real time.

This seems to fix the CMOS checks the diagnostics disk does to verify the CMOS RAM.

Edit: After the time is asked, it somehow still ends up back at said error when setting the time(directly after entering a new date to initialize the clock)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 144 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just managed to fix some bugs that were producing doubled ModR/M displacement instead of only adding the displacement once. Now stuff like Pinball Illusions continues onward(Pinball Illusions crashes after the intro, while not changing the video after displaying the horizontal stretching effect during the intro(sound continues though))?

Edit: Odd that even with those changes, Micrsoft Flight Simulator 5.1 still doesn't give any output?

Edit: The Windows 95 setup now crashes on a 8E8F1400 MOV CS instruction, which is invalid from 80186 onwards?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 145 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just found some more bugs in the ModR/M calculations and checks. 16-bit memory writes through the BIU were using the ModR/M object instead of the offset(strange that the whole thing runs somewhat correctly in that case at all). The same problem applies to 16-bit and 32-bit memory access checks(the parameter object being loaded into the offset instead of the offset within the parameter object). Odd that the compilers didn't see that bug.
The same problem also applies to direct access to ModR/M referenced memory(used with protected-mode only instructions).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 146 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Now trying to boot Windows 3.0 in 80386 extended mode(no command line parameters on 80386 CPU). I see it page faulting to 0028:80005EE4 some times, then it's back at the command prompt?

Edit: I see the page fault handler looking at bit 1 of something, then jump somewhere, exchange some registers and execute a INT 20h, which faults and returns to the MS-DOS prompt?
Edit: It seems to fault on address 0x06F4011E? It's faulting on a "MOVZX EAX, dword [ESI]" instruction?

Edit: I seem to get a double Page fault when executing a INT 0x20 from the Page Fault handler of Windows 3.0?

Filename
debugger.log
File size
30.29 KiB
Downloads
94 downloads
File comment
INT 0x20 reached during Page fault handler?
File license
Fair use/fair dealing exception

Anyone?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 147 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmm.... According to Ralf Brown's interrupt list, that final INT 20h that's executed might be a kernel VxD call? But since UniPCemu doesn't directly support breakpoints breaking past 2 dwords after the current instruction, I'll need to set another breakpoint immediately past the call, so 10 bytes after the EIP of INT 20h that's called by the page fault handler, if I understand correctly?

Of course a simple memory dump would make clear what service is called(Although I'll need to use the Paging TLB cache from within Visual Studio to find out it's physical address, since RAM dumps using UniPCemu are physical RAM dumps of emulated RAM after all, although I'll need to take the RAM remapping used by UniPCemu into account).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 148 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Currently the Page faults happen at the following locations(all being caused by non-present NULL PTE/PDE):
0028:802000BD, error code 0. Cause: Linear address 06f4011e. Page fault handler at 0028(32-bit mode flat descriptor):80005EE4. Cause Opcode: 0FB706h MOVZX instruction.
0028:80007FDC, error code 0. Cause: Linear address 0782002f. Page fault handler at 0028(32-bit mode flat descriptor):80005EE4. Cause Opcode: 32-bit 830B08h OR instruction.

It then returns to the MS-DOS prompt?

Filename
debugger_Windows3.0_faultingtwice_exittoMSDOS5prompt.7z
File size
1.3 MiB
Downloads
89 downloads
File comment
Common emulator log from the first page fault until reaching the MS-DOS prompt(visible on the screen and usable).
File license
Fair use/fair dealing exception

Edit: It seems to look for bit 2 of a byte that's at the address 2Eh bytes above the bottom of the stack, but the stack of the fault(Page fault after all) only contains 10h bytes pushed by the interrupt handler(the kernel is the cause of the page fault after all)?

Edit: Currently using https://defuse.ca/online-x86-assembler.htm to help me disassemble the instructions UniPCemu fetches to verify them. Originally used ODA, but that website seems to keep giving 500 errors?

Can you tell me something about this, crazyc? It seems to return to real mode, even though it's a protected-mode kernel???

Edit: Hmmm.... Some problems seem to have arisen booting Minix somewhere after the commit of 2018/05/29 15:55... Guess it's checking time to find out said bug(booting Minix 2.0.4 until it crashes, at which point the causative commit should have been found)...

Edit: In essence, a few big changes have been made since then: fixing stack problems with privilege level switch using RETF/IRET to lower privilege level(as well as fixing hardware to time properly in small ammounts, e.g. CD-ROM emulation problems) at commit 2016/06/05 13:42, REP fix at 2018/06/07 11:43, small updates until 2018/06/10 19:23, start of modr/m fixes and 8086 undefined opcodes at 2018/06/11 14:50, then the 32-bit ModR/M and relative JUMP/SET fixes in the most recent commits.

Edit: The privilege level switch commit checks out.
Edit: Still running until the REP(Z/NZ) fix. All that's left until the start of the ModR/M fixes are the RETF/IRET conditional clearing(when invalid at the lower privilege level) of the segment registers, the CMOS fixes and the saving of the CMOS when entering the Settings menu, at which point it's back to the last ModR/M fixes.
Edit: Whoops. The checks used when returning to a lower privilege level using RETF/IRET were clearing/zeroing the segment register when the present bit was set(so with valid segments instead of invalid segments) or the system bit was set(thus a valid code/data segment), instead of cleared. Thus clearing the segment registers even when not supposed to. 😖

Edit: Having fixed the privilege lowering RETF/IRET bug, Minix boots again 😁

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 149 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

That latest RETF/IRET bugfix combined with the fix of EBP as an index defaulting to DS somehow hangs Pinball Illusions now?

Edit: The cause seems to have been incorrect audio card configuration when starting the game.

Now I'm getting a GP(0) due to MOVSW with the code segment descriptor in ES, which is illegal? What could be the cause?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 150 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

With the latest fixes, top-down data segment limits are now also checked against a max offset of 0xFFFF(FFFF), depending on the D/B-bit in the descriptor. Also, offsets are now wrapped to 16/32-bits for the base offset(from modr/m and immediate addresses, as well as (e)sp values), then after wrapping have up to 0(byte), 1(word) or 3(dword) added for each byte in the access to result in a 17/33-bit number which is then checked against the limit normally(as 64-bit numbers, since no 33-bit numbers exist in c). Thus a word at address 0xFFFF/0xFFFFFFFF(depending on address size) or dword at 0xFFFD+/0xFFFFFFFD+ will now check for accesses to 0x10000+ or 0x100000000+, thus properly faulting according to 80286+ specifications(wrapping after the protection phase during execution is still to 32-bits or 16-bits, depending on address size). So accessing a word at base 16-bit offset 10000+ will properly wrap to offset 0(the same with 32-bits base offset 100000000+).

So the specification and the wrap is now properly being applied(always wrapping after the check phase, though, during execution of the actual memory reads/writes).

Somehow Windows 3.0 triple faults on it's very first INT 0x20 VxD driver call during a page fault handling on a non-present page?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 151 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Now, the Compaq BIOS tells me the setup hasn't run yet(in other words: uninitialized settings), even though GSETUP already configured the system?

POST codes:

00:00:17:90.02526: POST Code: 00 Initialize flags, MSW,IDTLIN 
00:00:17:90.02998: POST Code: 01 I/O ROM error
00:00:17:91.09900: POST Code: 02 System memory board failure
00:00:17:92.00108: POST Code: 03 No response from 8042
00:00:17:92.00260: POST Code: 04 Look for ROM at E000
00:00:17:92.00496: POST Code: 05 Look for ROM at C800
00:00:17:92.00684: POST Code: 06 Normal CMOS reset code
00:00:17:92.00844: Shutdown status: 00
00:00:17:92.01012: POST Code: 08 Initialize 8259,80287
00:00:17:92.01732: POST Code: 09 Reset code in CMOS byte
00:00:17:92.02072: POST Code: 0F Warm boot
00:00:17:92.02380: POST Code: 10 PPI disabled, test 8254 PIT's 0 and 1
00:00:17:92.02704: POST Code: 11 Initialize (blast) VDU controller
00:00:17:92.05676: POST Code: 12 System option error
00:00:18:07.03020: POST Code: 13 Time and date not set
00:00:18:07.06502: POST Code: 14 Memory size error
00:00:18:07.06758: POST Code: 15 Check battery power
00:00:18:07.07042: POST Code: 17 Clear CMOS Diags.
00:00:18:07.07268: POST Code: 18 Test base memory (First 128K)
00:00:18:07.07468: POST Code: 40 Save RESETWD value
00:00:18:07.07810: POST Code: 2F Write to diagnostic byte
00:00:18:07.08108: POST Code: 41 Printer error
00:00:18:07.08588: POST Code: 42 Monochrome adapter failure
00:00:18:78.06892: POST Code: 43 Reset parity checks
00:00:18:78.07236: POST Code: 44 Start verify of 128K RAM test
00:00:19:59.08304: POST Code: 45 Check for parity errors
00:00:21:08.04210: POST Code: 43 Reset parity checks
00:00:21:08.04538: POST Code: 44 Start verify of 128K RAM test
00:00:21:88.00854: POST Code: 45 Check for parity errors
00:00:22:67.03528: POST Code: 46 NO RAM errors
00:00:22:67.03830: POST Code: 19 Initialize base memory
00:00:22:67.04034: POST Code: 30 Clear first 128K bytes of RAM
00:00:23:24.07340: POST Code: 31 Load interrupt vectors 70-77
00:00:23:24.07834: POST Code: 32 Load interrupt vectors 00-1F
00:00:23:24.08736: POST Code: 33 Keyboard controller error
00:00:23:24.08944: POST Code: 34 Keyboard or system unit error
00:00:23:25.01376: POST Code: 36 Check battery power
00:00:23:25.01592: POST Code: 38 Check for Serial ports
00:00:23:25.01950: POST Code: 39 Check for parallel printer ports
00:00:23:25.02488: POST Code: 3A Initialize port and comm time-outs
00:00:23:25.02846: POST Code: 3B Flush keyboard buffer
00:00:23:25.03514: POST Code: 52 Start VDU ROM search
00:00:23:71.06652: POST Code: 53 Vector to VDU option ROM's
00:03:03:20.05792: POST Code: 8C Got result, check it
00:03:03:20.06480: POST Code: 1A Initialize VDU adapters
00:03:03:20.06784: POST Code: 50 Check for dual frequency in CMOS
00:03:03:20.07008: POST Code: 51 Display adapter failure
00:03:03:20.07440: POST Code: 52 Start VDU ROM search
00:03:03:81.06704: POST Code: 1B The system ROM
00:03:04:62.04656: POST Code: 1C CMOS checksum
00:03:04:62.05056: POST Code: 90 Start of CMOS test
00:03:04:62.05264: Shutdown status: 00
00:03:04:62.05552: Shutdown status: AA
00:03:04:62.05824: Shutdown status: 55
00:03:04:62.06160: Shutdown status: 01
00:03:04:62.06432: Shutdown status: 02
00:03:04:62.06704: Shutdown status: 04
00:03:04:62.06960: Shutdown status: 08
00:03:04:62.07216: Shutdown status: 10
00:03:04:62.07520: Shutdown status: 20
Show last 104 lines
00:03:04:62.07792: Shutdown status: 40
00:03:04:62.08064: Shutdown status: 80
00:03:04:62.08336: Shutdown status: FF
00:03:04:62.08640: Shutdown status: 00
00:03:04:62.09056: POST Code: 91 CMOS seems to be OK
00:03:04:62.09296: POST Code: 1D DMA controller/page registers
00:03:04:62.09632: POST Code: 93 Start of DMA controller test
00:03:04:63.01104: POST Code: 94 Page registers seem to be OK
00:03:04:65.05120: POST Code: 95 DMA controller is OK
00:03:04:65.05680: POST Code: 96 8237 initialization is complete
00:03:04:65.05936: POST Code: 2D Test timer 2
00:03:04:65.06160: POST Code: 0D Test #2 8254 PIT counter 0
00:03:04:65.06560: POST Code: 0E Test #2 8254 PIT counter 2
00:03:04:65.06960: POST Code: 1E Test keyboard controller
00:03:04:65.07312: POST Code: 80 Start of 8042 test
00:03:04:67.06688: POST Code: 81 Do 8042 self test
00:03:04:70.06640: POST Code: 82 Check result received
00:03:04:70.06992: POST Code: 84 OK 8042, Init mode=5D
00:03:04:72.06544: POST Code: 1F Test 286 protected mode
00:03:04:72.06912: POST Code: 75 Start protected mode test
00:03:04:72.07280: POST Code: 76 Prepare to enter protected mode
00:03:04:80.06912: POST Code: 77 Test software exceptions
00:03:04:80.07344: POST Code: 78 Prepare to return to real mode
00:03:04:84.06224: Shutdown status: 06
00:03:04:87.06896: POST Code: 00 Initialize flags, MSW,IDTLIN
00:03:04:87.07376: POST Code: 07Completes EGA ROM replacement
00:03:04:87.07600: Shutdown status: 00
00:03:04:87.07824: POST Code: 08 Initialize 8259,80287
00:03:04:87.08768: POST Code: 09 Reset code in CMOS byte
00:03:04:87.09168: POST Code: 79 Back in real mode-successful
00:03:04:87.09648: POST Code: 7B Exit protected mode
00:03:04:87.09968: POST Code: 20 Test real and extended memory
00:03:04:88.00304: POST Code: 60 Start of memory tests
00:03:04:88.00576: POST Code: 61 Diskette controller failure
00:03:04:94.02432: POST Code: 18 Test base memory (First 128K)
00:03:04:94.03216: POST Code: 62 Diskette boot recorder error
00:03:04:95.04496: POST Code: 63 Get CMOS size
00:03:04:95.06768: POST Code: 70 Display XXXXXKB OK
00:03:04:95.08096: POST Code: 71 Test each RAM segment
00:03:07:11.00128: POST Code: 73 Exit MEMTEST
00:03:07:11.00864: POST Code: 6D Initialize KB OK string
00:03:07:11.01184: POST Code: 6E Determine size to test
00:03:07:11.01520: POST Code: 6F Start MEMTEST
00:03:07:11.01872: POST Code: 70 Display XXXXXKB OK
00:03:07:11.03264: POST Code: 71 Test each RAM segment
00:03:16:03.02000: POST Code: 73 Exit MEMTEST
00:03:16:03.02544: POST Code: 65 Ext. FDC failed got to internal F
00:03:16:03.03264: POST Code: 6D Initialize KB OK string
00:03:16:03.03616: POST Code: 6E Determine size to test
00:03:16:03.03984: POST Code: 6F Start MEMTEST
00:03:16:03.04352: POST Code: 70 Display XXXXXKB OK
00:03:16:03.05760: POST Code: 71 Test each RAM segment
00:04:13:78.03184: POST Code: 73 Exit MEMTEST
00:04:13:78.04000: POST Code: 70 Display XXXXXKB OK
00:04:13:78.05408: POST Code: 71 Test each RAM segment
00:04:18:43.01168: POST Code: 73 Exit MEMTEST
00:04:18:43.02784: POST Code: 72 Coprocessor detection
00:04:18:53.05440: POST Code: 66 Save size memory (base, ext)
00:04:18:53.06320: POST Code: 67 128K-option installed CMOS bit
00:04:18:53.06672: Shutdown status: 02
00:04:18:53.06992: POST Code: 68 Prepare to return to real mode
00:04:18:61.05680: POST Code: 00 Initialize flags, MSW,IDTLIN
00:04:18:61.06224: POST Code: 07Completes EGA ROM replacement
00:04:18:61.06496: Shutdown status: 00
00:04:18:61.06736: POST Code: 08 Initialize 8259,80287
00:04:18:61.07760: POST Code: 09 Reset code in CMOS byte
00:04:18:61.08144: POST Code: 69 Back in real mode-successful
00:04:18:62.03040: POST Code: 6C End of memory test
00:04:18:62.03568: POST Code: D0 Entry to clear memory routine
00:04:18:62.03984: POST Code: D1 Ready to go to protected mode
00:04:18:68.09424: POST Code: D2 Ready to clear extended memory
00:04:31:36.01408: POST Code: 7F Copy system ROM to high RAM
00:04:32:55.03056: POST Code: D3 Ready to reset back to real mode
00:04:32:55.03664: POST Code: D4 Back in real mode
00:04:34:43.01456: POST Code: 7D Entered cache controller test
00:04:34:43.01968: POST Code: 7E Programming memory cache
00:04:34:43.02384: POST Code: 21 Memory error
00:04:36:18.01056: POST Code: 23 Memory address error
00:04:36:18.01472: POST Code: 8B Test keyboard interface
00:04:36:20.01216: POST Code: 8C Got result, check it
00:04:36:20.01632: POST Code: 86 Start test, reset keyboard
00:04:36:26.01088: POST Code: 87 Got acknowledge, read result
00:04:53:54.08768: POST Code: 88 Got result, check it
00:04:53:54.09504: POST Code: 89 Test for stuck keys
00:04:53:84.05248: POST Code: 8D End of test, no errors
00:04:53:84.05568: POST Code: 22 Initialize 287 coprocessor
00:04:53:86.02496: POST Code: 24 Reset A20, set default CPU speed
00:04:53:89.07216: POST Code: 25 Memory error
00:04:53:89.08272: POST Code: A0 Start of diskette tests
00:04:53:89.08624: POST Code: A1 FDC reset active (3F2h Bit 2)
00:04:56:65.02640: POST Code: A2 FDC reset inactive (3F2h Bit 2)
00:04:59:40.08352: POST Code: A3 FDC motor on
00:05:13:19.05232: POST Code: A6 FDC passed reset
00:05:13:19.05712: POST Code: A8 Start to determine drive type
00:06:10:63.01136: POST Code: AF Diskette tests complete
00:06:10:63.02416: POST Code: 26 Keyboard error
00:06:10:63.02832: POST Code: B0 Start of fixed drive tests
00:06:10:63.03280: POST Code: B1 Combo board not found-exit
00:06:10:63.03600: POST Code: B8 Fixed drive tests complete
00:06:10:63.03856: POST Code: 27 Initialize parallel printer
00:06:10:63.04112: POST Code: 28 Perform search for optional ROM's
00:06:10:65.09168: POST Code: 29 Test valid system configuration
00:06:43:31.06384: POST Code: 8C Got result, check it

Anyone can tell me what's the problem? The messages after each code are added by means of a simple translation file(ROM/POSTCODES.COMPAQ.TXT). I've taken the translations from the combined Compaq and Compaq and Compaq 386 tables on http://ryan.servehttp.com/tech/hardware/bios/compaqbios.htm .

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 152 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Yay:/ With the latest bugfixes, now Windows 95 setup preparing to copy files(before copying the final windows files before reboot) gives a INI parse(r) error?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 153 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just fixed a 80286+ BIU bug causing the EU to hang when the BIU faults on invalid offsets only(first byte being prefetched, which is supposed to fault on the EU, but it might lock it up again and again, because the EU wants to request a data transfer (Windows 3.0 IRET popping CS), but the BIU keeps running empty prefetch cyvles(because it's faulting) every other cycle with the RETF taking 2 cycles, while the BIU interleaves those with ot's empty unfinishing prefetches, thus never becoming ready from a EU POV:
- T1 Prefetch starts 'memory cycle'(nothing done on actual I/O because it's faulty.
- T2 RETF tries to request and fails. Starts waiting two cycles. Prefetch finishes.
- T1 No BIU requests. Prefetch starts again and starts memory cycle. Still ticking EU(1 cycle left).
- T2 BIU finishes memory cycle after failed request from EU because of it being before ticking the BIU, which terminates the 'memory cycle'.
Etc.

In other words, I see PIQ prefetch(T1 cycle, EU busy with the 2nd of the EU cycles by RETF request), EU request failing(T2 cycle), Prefetch terminates(T2 cycle). That repeats infinitely.
The prefetch buffers infinitely in this case because of the memory fault(segment limit check), thus keeping the EU waiting forever.

Of course, the solution was simple: Only start the bus transfer cycles(T1&T2) with active bus when not faulting on all prefetched data(at least one of the four fetches does apply a T1-TW-T2-T1 transition, otherwise, keep T1 cycles accordingly(processing any requests from the EU when requested)). PIQ segmentation/paging faults are simply handled as NOPs when nothing is prefetched(anything between 1/2/4 bytes can be prefetched, depending on EIP/physical address alignment).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 154 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Yay! With the latest improvements(also improved task switching just now), it now throws a #GP(0018) because the Landmark/Supersoft AT Diagnostics BIOS is trying to load a code descriptor into the SS register(which of course is illegal to perform on any x86 CPU)... I smell a code bug somewhere(it's running opcode 8E, which is a MOV segreg,reg instruction)...

Edit: Something's very wrong here? Why is it loading a CODE SEGMENT DESCRIPTOR into SS?

Filename
debugger.log
File size
2.52 MiB
Downloads
42 downloads
File comment
Protected mode of the Landmark/Supersoft AT diagnostics BIOS running on UniPCemu.
File license
Fair use/fair dealing exception

That's something very illegal on a x86 CPU, no matter what?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 155 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Looking at the very task that's running, it looks fine when it sets up it's tasks and performs basic tests on them. But then it starts the first task, which starts executing some very strange instructions at linear address F0000 and up? First two INC BX instructions, followed by OUTSW to a strange port? Then it executes two OUTSW instructions, conditional jumps, some odd CMOS I/O(although valid, looks out of context), followed by an odd loop waiting for some 8042 bits toggling, then eventually at 0018:0111, it loads the code segment into AX, then AX into DS(valid) and SS???

Anyone can see what's going wrong? Jepael? Vladstamate?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 156 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Having fixed task switching issues(16-bit TSS was read incorrectly, IRET task switches having been improved, no task switching to busy tasks(reversed for IRET), the Supersoft/Landmark AT BIOS finally passes the Protected mode diagnostics! 😁

So that means that task switching is now also working properly. I saw, during debugging, the tasks being switched to/from the 0x58 and 0x48 descriptor in the main loop, finally IRET from 0x48 to 0x68. So now 16-bit multitasking works 100%! 😁

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 157 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried TES: Arena. It seems to run fine, except no sound is output(Configured for defaults, except IRQ5 instead of 7(which UniPCemu uses))?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 158 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

One odd thing I notice: Simcity 2000, TES: Arena as well as Doom seem to perform at below 1FPS, even though the emulation is running at 20% realtime speed(3MIPS, so Dosbox's default speed)?

Edit: Just tried installing Daggerfall from the Elder Scrolls Anthology edition. It immediately triple faults upon running install.exe?
Edit: It seems to crash on 0128:8AA, executing LTR (task 0x23), which seemingly is incorrect? HIMEM.SYS and EMM386.EXE are both loaded. That one is seemingly incorrect, then double and triple faulting the CPU?
Edit: Found the bug: It was trying to load RPL 3, which the descriptor loading part was interpreting as the LDT bit was set(bit 2). But instead of checking the LDT bit (for task register loads only), it was checking bit 1(the high bit of the RPL bits, thus faulting on LTR loading a value with privilege levels 2/3 instead of the correct bit).
Edit: Having fixed that problem, now the Daggerfall installer runs correctly it seems.
Edit: Daggerfall itself seems to run as well, at least up until the main menu.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 159 of 163, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just improved the PIC to be a bit more accurate handling the IRR register with parallel interrupt lines, now only raising/lowering it when all the interrupt lines that have raised an interrupt have been lowered. So now the IRR should report and cause interrupts in a more reliable way(instead of dropping any parallel pending interrupts when the interrupt is acnowledged by the normal priority resolver(still using the 0,1,2,8-15,3-7 order for resolving said interrupts). So it should no longer drop parallel interrupts incorrectly on the XT machines. Although the AT and up don't currently have any parallel interrupt lines used(since there's plenty for all hardware).

There are a few shared IRQs(IRQ2/5/9, depending on hardware), now mentioned on the emulator's documentation.

Currently:
- ATA/ATAPI(on XT only) and Soundblaster share IRQ5 with the Parallel port.
- VGA and MPU-401 share IRQ2(XT) and IRQ9(AT and up).

Could that cause immediate booting problems with Windows 95/3.X?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io