I've just implemented proper support for 16-bit and 32-bit BIU. Now the SuperSoft/Landmark BIOS(from minuszerodegrees) halts during the protected mode test(passing all other tests, except before display is filled it still gives audio tones signifying hardware problems not showed on screen. Those are probably the faulty error codes being reported(which shouldn't be errors at all)). The Protected mode test keeps reporting a high/low tone infinitely(instead of high/low, low etc...).

The message on the start is:
6 high/low, low(cannot initialize monitor).
6 high/low, 2 low(unknown according to manual, maybe see above).
screen enabled
5 high low, 8 low(cannot initialize monitor).
starts running logic tests(U74 CPU registers and logic), passing all tests until protected mode CPU test
Protected mode gives infinite high low tests, no passed or any error code is displayed.

Anyone can see what's going wrong with the protected mode emulation? Mainly look at Protected mode basics and maybe Paging.

Anyone can see what's going wrong? Jepael?

Edit: The AT BIOS crashes on this now. It reports POST codes up until 1E, 1F, 20, then resets completely, starting at 01, 02 and then(in 02) H(A)LTs permanently. So it detects memory in protected mode, then crashes after resetting(whether intentional or not. No triple fault is generated, so it should be intentional).

Edit: The CMOS is cleared and memory reduced to 4MB(to prevent the cause of corrupted CMOS and too much memory). The problem with it resetting up until it reaches POST code 02h still persists?

After running the 80186 test suite again, I've found at least one problem with the flags handling: The Auxiliary flag isn't correctly updated? The emulation sets it when it's supposed to be cleared, according to the result file? This at least happens with the GRP2 SHL/SHR opcodes?

8086 opcodes

general flag calculations

Edit: Looking at Dosbox's Auxiliary/Adjust flags:
- SHL/SHR/SAR always set with non-zero shift, cleared otherwise.
- NEG sets when result low 4 bits not zero, cleared otherwise(essentially negated zero flag for low 4 bits).
- INC sets when result low 4 bits is zero, cleared otherwise.
- DEC sets when result low 4 bits is 1111b(0xF), cleared otherwise.

All other instructions use a simple source XOR dest XOR result AND 10h operation to get the Auxiliary flag?

Is that behaviour correct?

It seems still some problems occur with the shift/rotate instructions. Anyone can see what's going wrong?

8086+ 8/16-bit version:

1byte op_grp2_8(byte cnt, byte varshift) {
2	//word d,
3	INLINEREGISTER word s, shift, oldCF, msb;
4	word backup;
5	//if (cnt>0x8) return(oper1b); //NEC V20/V30+ limits shift count
6	s = oper1b;
7	oldCF = FLAG_CF;
8	if (EMULATED_CPU >= CPU_NECV30) cnt &= 0x1F; //Clear the upper 3 bits to become a NEC V20/V30+!
9	switch (thereg) {
10	case 0: //ROL r/m8
11		for (shift = 1; shift <= cnt; shift++) {
12			if (s & 0x80) FLAGW_CF(1); else FLAGW_CF(0);
13			s = s << 1;
14			s = s | FLAG_CF;
15		}
16		if (cnt==1) FLAGW_OF(FLAG_CF ^ ((s >> 7) & 1));
17		break;
18
19	case 1: //ROR r/m8
20		for (shift = 1; shift <= cnt; shift++) {
21			FLAGW_CF(s & 1);
22			s = (s >> 1) | (FLAG_CF << 7);
23		}
24		if (cnt==1) FLAGW_OF((s >> 7) ^ ((s >> 6) & 1));
25		break;
26
27	case 2: //RCL r/m8
28		for (shift = 1; shift <= cnt; shift++) {
29			oldCF = FLAG_CF;
30			if (s & 0x80) FLAGW_CF(1); else FLAGW_CF(0);
31			s = s << 1;
32			s = s | oldCF;
33		}
34		if (cnt==1) FLAGW_OF(FLAG_CF ^ ((s >> 7) & 1));
35		break;
36
37	case 3: //RCR r/m8
38		for (shift = 1; shift <= cnt; shift++) {
39			oldCF = FLAG_CF;
40			FLAGW_CF(s & 1);
41			s = (s >> 1) | (oldCF << 7);
42		}
43		if (cnt==1) FLAGW_OF((s >> 7) ^ ((s >> 6) & 1));
44		break;
45
46	case 4: case 6: //SHL r/m8
47		//FLAGW_AF(0);
48		for (shift = 1; shift <= cnt; shift++) {
49			if (s & 0x80) FLAGW_CF(1); else FLAGW_CF(0);
50			//if (s & 0x8) FLAGW_AF(1); //Auxiliary carry?
51			s = (s << 1) & 0xFF;
52		}
53		if (cnt==1) FLAGW_OF((FLAG_CF ^ (s >> 7)));
54		flag_szp8((uint8_t)(s&0xFF)); break;
55
56	case 5: //SHR r/m8
57		if (cnt == 1) FLAGW_OF((s & 0x80) ? 1 : 0); else FLAGW_OF(0);
58		//FLAGW_AF(0);
59		for (shift = 1; shift <= cnt; shift++) {
60			FLAGW_CF(s & 1);

61			backup = s; //Save backup!
62			s = s >> 1;
63			//if (((backup^s)&0x10)) FLAGW_AF(1); //Auxiliary carry?
64		}
65		flag_szp8((uint8_t)(s & 0xFF)); break;
66
67	case 7: //SAR r/m8
68		msb = s & 0x80;
69		//FLAGW_AF(0);
70		for (shift = 1; shift <= cnt; shift++) {
71			FLAGW_CF(s & 1);
72			backup = s; //Save backup!
73			s = (s >> 1) | msb;
74			//if (((backup^s)&0x10)) FLAGW_AF(1); //Auxiliary carry?
75		}
76		byte tempSF;
77		tempSF = FLAG_SF; //Save the SF!
78		/*flag_szp8((uint8_t)(s & 0xFF));*/
79		//http://www.electronics.dit.ie/staff/tscarff/8086_instruction_set/8086_instruction_set.html#SAR says only C and O flags!
80		if (!cnt) //Nothing done?
81		{
82			FLAGW_SF(tempSF); //We don't update when nothing's done!
83		}
84		else if (cnt==1) //Overflow is cleared on all 1-bit shifts!
85		{
86			flag_s8(s); //Affect sign as well!
87			FLAGW_OF(0); //Cleared!
88		}
89		else if (cnt) //Anything shifted at all?
90		{
91			flag_s8(s); //Affect sign as well!
92		}
93		if ((EMULATED_CPU>=CPU_NECV30) && cnt) //NECV20+ affected?
94		{
95			flag_p8(s); //Affect parity as well!
96		}
97		break;
98	}
99	op_grp2_cycles(cnt, varshift);
100	return(s & 0xFF);
101}
102
103word op_grp2_16(byte cnt, byte varshift) {
104	//uint32_t d,
105	INLINEREGISTER uint_32 s, shift, oldCF, msb;
106	//if (cnt>0x10) return(oper1); //NEC V20/V30+ limits shift count
107	if (EMULATED_CPU >= CPU_NECV30) cnt &= 0x1F; //Clear the upper 3 bits to become a NEC V20/V30+!
108	word backup;
109	s = oper1;
110	oldCF = FLAG_CF;
111	switch (thereg) {
112	case 0: //ROL r/m16
113		for (shift = 1; shift <= cnt; shift++) {
114			if (s & 0x8000) FLAGW_CF(1); else FLAGW_CF(0);
115			s = s << 1;
116			s = s | FLAG_CF;
117		}
118		if (cnt==1) FLAGW_OF(FLAG_CF ^ ((s >> 15) & 1));
119		break;
120
121	case 1: //ROR r/m16
122		for (shift = 1; shift <= cnt; shift++) {
123			FLAGW_CF(s & 1);
124			s = (s >> 1) | (FLAG_CF << 15);
125		}
126		if (cnt==1) FLAGW_OF((s >> 15) ^ ((s >> 14) & 1));
127		break;
128
129	case 2: //RCL r/m16
130		for (shift = 1; shift <= cnt; shift++) {
131			oldCF = FLAG_CF;
132			if (s & 0x8000) FLAGW_CF(1); else FLAGW_CF(0);
133			s = s << 1;
134			s = s | oldCF;
135			//oldCF = ((s&0x8000)>>15)&1; //Save FLAG_CF!
136			//s = (s<<1)+FLAG_CF;
137			//FLAG_CF = oldCF;
138		}
139		if (cnt==1) FLAGW_OF(FLAG_CF ^ ((s >> 15) & 1));
140		break;
141
142	case 3: //RCR r/m16
143		if (cnt==1) FLAGW_OF(((s >> 15) & 1) ^ FLAG_CF);
144		for (shift = 1; shift <= cnt; shift++) {
145			oldCF = FLAG_CF;
146			FLAGW_CF(s & 1);
147			s = (s >> 1) | (oldCF << 15);
148			//oldCF = s&1;
149			//s = (s<<1)+(FLAG_CF<<16);
150			//FLAG_CF = oldCF;
151		}
152		if (cnt==1) FLAGW_OF((s >> 15) ^ ((s >> 14) & 1));
153		break;
154
155	case 4: case 6: //SHL r/m16
156		//FLAGW_AF(0);
157		for (shift = 1; shift <= cnt; shift++) {
158			if (s & 0x8000) FLAGW_CF(1); else FLAGW_CF(0);
159			//if (s & 0x8) FLAGW_AF(1); //Auxiliary carry?
160			s = (s << 1) & 0xFFFF;
161		}
162		if ((cnt) && (FLAG_CF == (s >> 15))) FLAGW_OF(0); else FLAGW_OF(1);
163		flag_szp16(s); break;
164
165	case 5: //SHR r/m16
166		if (cnt) FLAGW_OF((s & 0x8000) ? 1 : 0);
167		//FLAGW_AF(0);
168		for (shift = 1; shift <= cnt; shift++) {
169			FLAGW_CF(s & 1);
170			backup = s; //Save backup!
171			s = s >> 1;
172			//if (((backup^s)&0x10)) FLAGW_AF(1); //Auxiliary carry?
173		}
174		flag_szp16(s); break;
175
176	case 7: //SAR r/m16
177		msb = s & 0x8000; //Read the MSB!
178		//FLAGW_AF(0);
179		for (shift = 1; shift <= cnt; shift++) {
180			FLAGW_CF(s & 1);
181			backup = s; //Save backup!
182			s = (s >> 1) | msb;
183			//if (((backup^s)&0x10)) FLAGW_AF(1); //Auxiliary carry?
184		}
185		byte tempSF;
186		tempSF = FLAG_SF; //Save the SF!
187		/*flag_szp16(s);*/
188		//http://www.electronics.dit.ie/staff/tscarff/8086_instruction_set/8086_instruction_set.html#SAR says only C and O flags!
189		if (!cnt) //Nothing done?
190		{
191			FLAGW_SF(tempSF); //We don't update when nothing's done!
192		}
193		else if (cnt==1) //Overflow is cleared on all 1-bit shifts!
194		{
195			flag_s16(s); //Affect sign as well!
196			FLAGW_OF(0); //Cleared!
197		}
198		else if (cnt) //Anything shifted at all?
199		{
200			flag_s16(s); //Affect sign as well!
201		}
202		if ((EMULATED_CPU>=CPU_NECV30) && cnt) //NECV20+ affected?
203		{
204			flag_p16(s); //Affect parity as well!
205			flag_s16(s); //Affect sign as well!
206		}
207		break;
208	}
209	op_grp2_cycles(cnt, varshift|4);
210	return(s & 0xFFFF);
211}

32-bit version of the 16-bit version:

1uint_32 op_grp2_32(byte cnt, byte varshift) {
2	//uint32_t d,
3	INLINEREGISTER uint_32 s, shift, oldCF, msb;
4	//if (cnt>0x10) return(oper1d); //NEC V20/V30+ limits shift count
5	if (EMULATED_CPU >= CPU_NECV30) cnt &= 0x1F; //Clear the upper 3 bits to become a NEC V20/V30+!
6	s = oper1d;
7	oldCF = FLAG_CF;
8	switch (thereg) {
9	case 0: //ROL r/m32
10		for (shift = 1; shift <= cnt; shift++) {
11			if (s & 0x80000000) FLAGW_CF(1); else FLAGW_CF(0);
12			s = s << 1;
13			s = s | FLAG_CF;
14		}
15		if (cnt==1) FLAGW_OF(FLAG_CF ^ ((s >> 31) & 1));
16		break;
17
18	case 1: //ROR r/m32
19		for (shift = 1; shift <= cnt; shift++) {
20			FLAGW_CF(s & 1);
21			s = (s >> 1) | (FLAG_CF << 31);
22		}
23		if (cnt==1) FLAGW_OF((s >> 31) ^ ((s >> 30) & 1));
24		break;
25
26	case 2: //RCL r/m32
27		for (shift = 1; shift <= cnt; shift++) {
28			oldCF = FLAG_CF;
29			if (s & 0x80000000) FLAGW_CF(1); else FLAGW_CF(0);
30			s = s << 1;
31			s = s | oldCF;
32			//oldCF = ((s&0x8000)>>15)&1; //Save FLAG_CF!
33			//s = (s<<1)+FLAG_CF;
34			//FLAG_CF = oldCF;
35		}
36		if (cnt==1) FLAGW_OF(FLAG_CF ^ ((s >> 31) & 1));
37		break;
38
39	case 3: //RCR r/m32
40		if (cnt==1) FLAGW_OF(((s >> 31) & 1) ^ FLAG_CF);
41		for (shift = 1; shift <= cnt; shift++) {
42			oldCF = FLAG_CF;
43			FLAGW_CF(s & 1);
44			s = (s >> 1) | (oldCF << 31);
45			//oldCF = s&1;
46			//s = (s<<1)+(FLAG_CF<<32);
47			//FLAG_CF = oldCF;
48		}
49		if (cnt==1) FLAGW_OF((s >> 31) ^ ((s >> 30) & 1));
50		break;
51
52	case 4: case 6: //SHL r/m32
53		//FLAGW_AF(0);
54		for (shift = 1; shift <= cnt; shift++) {
55			if (s & 0x80000000) FLAGW_CF(1); else FLAGW_CF(0);
56			s = (s << 1) & 0xFFFFFFFF;
57			//FLAGW_AF(1); //Auxiliary carry?
58		}
59		if ((cnt==1) && (FLAG_CF == (s >> 31))) FLAGW_OF(0); else FLAGW_OF(1);
60		flag_szp32(s); break;

61
62	case 5: //SHR r/m32
63		if (cnt==1) FLAGW_OF((s & 0x80000000) ? 1 : 0);
64		//FLAGW_AF(0);
65		for (shift = 1; shift <= cnt; shift++) {
66			FLAGW_CF(s & 1);
67			s = s >> 1;
68			//FLAGW_AF(1); //Auxiliary carry?
69		}
70		flag_szp32(s); break;
71
72	case 7: //SAR r/m32
73		msb = s & 0x80000000; //Read the MSB!
74		//FLAGW_AF(0);
75		for (shift = 1; shift <= cnt; shift++) {
76			FLAGW_CF(s & 1);
77			s = (s >> 1) | msb;
78			//FLAGW_AF(1); //Auxiliary carry?
79		}
80		byte tempSF;
81		tempSF = FLAG_SF; //Save the SF!
82		/*flag_szp32(s);*/
83		//http://www.electronics.dit.ie/staff/tscarff/8086_instruction_set/8086_instruction_set.html#SAR says only C and O flags!
84		if (!cnt) //Nothing done?
85		{
86			FLAGW_SF(tempSF); //We don't update when nothing's done!
87		}
88		else if (cnt==1) //Overflow is cleared on all 1-bit shifts!
89		{
90			flag_s32(s); //Affect sign as well!
91			FLAGW_OF(0); //Cleared!
92		}
93		else if (cnt) //Anything shifted at all?
94		{
95			flag_s32(s); //Affect sign as well!
96		}
97		if ((EMULATED_CPU>=CPU_NECV30) && cnt) //NECV20+ affected?
98		{
99			flag_p32(s); //Affect parity as well!
100			flag_s32(s); //Affect sign as well!
101		}
102		break;
103	}
104	op_grp2_cycles32(cnt, varshift|4);
105	return(s & 0xFFFFFFFF);
106}

- SHL/SHR/SAR always set with non-zero shift, cleared otherwise.

Yes.

- NEG sets when result low 4 bits not zero, cleared otherwise(essentially negated zero flag for low 4 bits).

The flags result is equivalent to performing "0 SUB value".

- INC sets when result low 4 bits is zero, cleared otherwise.

The flags result is equivalent to performing "value ADD 1", but clearing CF afterwards.

- DEC sets when result low 4 bits is 1111b(0xF), cleared otherwise.

The flags result is equivalent to performing "value sub 1", but clearing CF afterwards.

My code currently doesn't clear CF afterwards with INC/DEC instructions, but instead sets it to the value before the INC/DEC executed(i.e. it's unchanged during execution of the instruction, neither cleared nor set). I've removed the manual 0xF(dec) and 0x0(inc) checks on the low 4 bits, because this is already handled by the ADD/SUB flags calculation it's using.

Is that correct behaviour?

Strangely enough, when I make SHL/SHR/SAR set the Auxiliary carry flag to 1(and clear it when nothing's shifted) with non-zero shifts, the testsuite errors out for some reason, saying the flags result is incorrect? It's the EPC 80186 testsuite I'm using.

Is there a difference between ADD and SUB instructions calculating the Auxiliary carry flag? Or are both supposed to use ((src XOR dest XOR result) AND 0x10), so source xor dest xor result, then take bit 4 as the Auxiliary carry flag?

One difference between the 80286 and 80386 cores currently, is that the 80386 (all 32-bit instructions and new instructions) core still use the old way of directly handling memory and I/O accesses. So they won't run through the BIU to handle all memory accesses, causing incorrect timing when using them. All 80286- instructions should be handled correctly(although there's errors somewhere, causing the IBM AT BIOS to crash when performing the very first CPU reset(directly after detecting extended memory and resetting the CPU, performing stage 01h and 02h(BIOS Diagnostic card output) then hanging at stage 02h for some reason.

The 80386 on XT(emulating the Inboard 386/PC hardware) emulation iNBRDPC.SYS errors out saying all extended memory(3072K, as it has 4MB memory installed, with 640K(correct) base memory) is bad for some reason?

It's emulating a 80386SX to be exact.

I've fixed some of the bugs in the 80286/80386 emulation. The trouble starts when using task switching/interrupts in the test BIOS(Diagnostics from Supersoft/Landmark).

It eventually returns to an available task, then executes IRET, which fails due to an #GP fault because all return addresses(normal interrupt return, nothing above the low 8 bits in the EFLAGS being set) from the stack seem to contain invalid data(all 0x55AA values at SS:SP, which is 20h:600h. The same applies to all other values read from the stack(IP, CS, FLAGS).

Can anyone see what's going wrong during task switching? Look at https://bitbucket.org/superfury/unipcemu/src/ … ion.c?at=master segmentWritten, protectedmodeInterrupt, as well as CPU_IRET in https://bitbucket.org/superfury/unipcemu/src/ … pts.c?at=master

What happens during call instructions after a task switch by a call to a task gate/TSS? Is anything pushed on the new stack?

Checking the documentation again, I might have found the problem: it was storing SS:(E)SP during leaving an outgoing task, but reentering it through a different privilege level task was causing it to load the current privilege level(SS0-2:(E)SP0-2) instead, which will change state incorrectly. This has now been fixed.

Edit: It seems at some point, it wants to return somewhere, but the state is somehow invalid? It's faulting(which it shouldn't) at task 0x58's IRET instruction(returning to 55AA:55AA with FLAGS 55AA on the stack, stack address being 0020:0600 before the POP(16-bit stack, due to being a 80286). The task switching itself has been fixed, but it somehow wants to return to some caller that's apparently not there?

The first task(the main task) seems to be at linear address 0x486 in memory. This seems to be task 0x0068 when initialized. It switches the second task using a CALL instruction. It switches to task 0x0048, marking task 0x0068 idle. Then it sets the Nested Task flag(to indicate it's to return to task 0x0068). That task eventually jumps to task 0x0058(located at linear address 0x42F), leaving task 0x0068 idle, with no way to return to task 0x0048(if I'm not mistaken), except by a knowingly JMP.

https://www.dropbox.com/s/7i71ktnchxqqkc6/deb … invalid.7z?dl=0

Strangely enough, I see no trace of any POPF instruction to change this behaviour, so could it be that it's supposed to have something stored when switching to task 0x0058? Anyone can see what's going wrong(warning: it's a 5GB big text file).