Musings on cycle accurate 8088 emulator \ VOGONS

Musings on cycle accurate 8088 emulator

Topic actions

First post, by vladstamate

Posted on 2016-03-17, 16:36

vladstamate Offline

Rank Oldbie

Rank: Oldbie
Posts: 967
Joined: 2015-08-23, 01:43

Started a separate thread as the first one diverged from the initial question. I wanted to give an update where I am. This is a log of the first 4 instructions in the BIOS.

JMP 0xf000:0xe05b
MOV AX, 0x40
MOV DS, AX
MOV WORD [0x472], 0x0

it took me a while to get here because I am building a system that allows me to possibly expand it later to other CPUs. So I built a very simple stack based scripting language (very simple!) that controls the emulation of the 3 main units: EU, EA and BIU. To see how this works, lets look at a line from the log below

1Cycle 12 T4	 0xffff2 	 0xe0 	     >P 	[ 0xe0 xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  }

This means we are in cycle 12 (type T4) and we are reading from bus at memory address 0xffff2 and we just read value 0xe0. We put that into the prefetch buffer (>P) which looks like this [ 0xe0 xxxx xxxx xxxx ] (xxxx means empty prefetch slot). The state of the EU is "waiting for data" and the stack based script I am executing for this instruction has the following steps: imm, execute and delay. It gets more interesting at cycle 52 where after EU executes the decoding of the rmmode it added few more steps in the script to be: { ea read imm execute delay } .

This system allows me to describe all instructions and properly execute them as the 8088 would do.

Sure there are some differences right now with the real 8088, such as the prefetch is locked halfway though the JMP not at the end and maybe the prefetch is read 1 cycle later after being filled in than what I do, but those are details that I can fix later as long as my system is sound and solid.

Oh and I do not think this is too slow, it sounds complicated but actually the code is quite simple.

1<SYSTEM HARD RESET>
2Cycle  1 T1	         	     	        	[ xxxx xxxx xxxx xxxx ]	                  	 {  decode  } 
3Cycle  2 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	                  	 {  decode  } 
4Cycle  3 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	                  	 {  decode  } 
5Cycle  4 T4	 0xffff0 	 0xea 	  >P <P 	[ xxxx xxxx xxxx xxxx ]	   new opcode 0xea	 {  imm  execute  delay  } 
6Cycle  5 T1	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
7Cycle  6 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
8Cycle  7 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
9Cycle  8 T4	 0xffff1 	 0x5b 	     >P 	[ 0x5b xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
10Cycle  9 T1	         	     	     <P 	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
11Cycle 10 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
12Cycle 11 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
13Cycle 12 T4	 0xffff2 	 0xe0 	     >P 	[ 0xe0 xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
14Cycle 13 T1	         	     	     <P 	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
15Cycle 14 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
16Cycle 15 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
17Cycle 16 T4	 0xffff3 	 0x 0 	     >P 	[ 0x00 xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
18Cycle 17 T1	         	     	     <P 	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
19Cycle 18 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
20Cycle 19 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
21Cycle 20 T4	 0xffff4 	 0xf0 	     >P 	[ 0xf0 xxxx xxxx xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
22Cycle 21 T1	         	     	     <P 	[ xxxx xxxx xxxx xxxx ]	                  	 {  execute  delay  } 
23Cycle 22 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	                  	 {  delay  } 
24Cycle 23 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	        executing 	 {  delay  } 
25Cycle 24 T4	 0xfe05b 	 0xb8 	     >P 	[ 0xb8 xxxx xxxx xxxx ]	        executing 	 {  delay  } 
26Cycle 25 T1	         	     	        	[ 0xb8 xxxx xxxx xxxx ]	        executing 	 {  delay  } 
27Cycle 26 T2	         	     	        	[ 0xb8 xxxx xxxx xxxx ]	        executing 	 {  delay  } 
28Cycle 27 T3	         	     	        	[ 0xb8 xxxx xxxx xxxx ]	        executing 	 {  delay  } 
29Cycle 28 T4	 0xfe05c 	 0x40 	     >P 	[ 0xb8 0x40 xxxx xxxx ]	        executing 	 {  delay  } 
30Cycle 29 T1	         	     	        	[ 0xb8 0x40 xxxx xxxx ]	        executing 	 {  delay  } 
31Cycle 30 T2	         	     	        	[ 0xb8 0x40 xxxx xxxx ]	        executing 	 {  delay  } 
32Cycle 31 T3	         	     	        	[ 0xb8 0x40 xxxx xxxx ]	        executing 	 {  delay  } 
33Cycle 32 T4	 0xfe05d 	 0x 0 	     >P 	[ 0xb8 0x40 0x00 xxxx ]	        executing 	 {  delay  } 
34Cycle 33 T1	         	     	        	[ 0xb8 0x40 0x00 xxxx ]	        executing 	 {  delay  } 
35Cycle 34 T2	         	     	        	[ 0xb8 0x40 0x00 xxxx ]	        executing 	 {  delay  } 
36Cycle 35 T3	         	     	        	[ 0xb8 0x40 0x00 xxxx ]	        executing 	 {  delay  } 
37Cycle 36 T4	 0xfe05e 	 0x8e 	     >P 	[ 0xb8 0x40 0x00 0x8e ]	        executing 	 {  delay  } 
38Cycle 37 T1	         	     	        	[ 0xb8 0x40 0x00 0x8e ]	        executing 	 {  delay  } 
39Cycle 38 T2	         	     	        	[ 0xb8 0x40 0x00 0x8e ]	        executing 	 {  decode  } 
40Cycle 39 T3	         	     	     <P 	[ 0x40 0x00 0x8e xxxx ]	   new opcode 0xb8	 {  imm  execute  delay  } 
41Cycle 40 T4	 0xfe05f 	 0xd8 	  <P >P 	[ 0x00 0x8e 0xd8 xxxx ]	 waiting for data 	 {  imm  execute  delay  } 
42Cycle 41 T1	         	     	     <P 	[ 0x8e 0xd8 xxxx xxxx ]	                  	 {  execute  delay  } 
43Cycle 42 T2	         	     	        	[ 0x8e 0xd8 xxxx xxxx ]	                  	 {  delay  } 
44Cycle 43 T3	         	     	        	[ 0x8e 0xd8 xxxx xxxx ]	        executing 	 {  delay  } 
45Cycle 44 T4	 0xfe060 	 0xc7 	     >P 	[ 0x8e 0xd8 0xc7 xxxx ]	        executing 	 {  delay  } 
46Cycle 45 T1	         	     	        	[ 0x8e 0xd8 0xc7 xxxx ]	        executing 	 {  delay  } 
47Cycle 46 T2	         	     	        	[ 0x8e 0xd8 0xc7 xxxx ]	        executing 	 {  decode  } 
48Cycle 47 T3	         	     	     <P 	[ 0xd8 0xc7 xxxx xxxx ]	   new opcode 0x8e	 {  rmmode  execute  delay  } 
49Cycle 48 T4	 0xfe061 	 0x 6 	  >P <P 	[ 0xc7 0x06 xxxx xxxx ]	 decode rmmode 0xd8	 {  execute  delay  } 
50Cycle 49 T1	         	     	        	[ 0xc7 0x06 xxxx xxxx ]	                  	 {  delay  } 
51Cycle 50 T2	         	     	        	[ 0xc7 0x06 xxxx xxxx ]	        executing 	 {  delay  } 
52Cycle 51 T3	         	     	        	[ 0xc7 0x06 xxxx xxxx ]	        executing 	 {  decode  } 
53Cycle 52 T4	 0xfe062 	 0x72 	  >P <P 	[ 0x06 0x72 xxxx xxxx ]	   new opcode 0xc7	 {  rmmode  imm  execute  delay  } 
54Cycle 53 T1	         	     	     <P 	[ 0x72 xxxx xxxx xxxx ]	 decode rmmode 0x6	 {  ea  read  imm  execute  delay  } 
55Cycle 54 T2	         	     	     <P 	[ xxxx xxxx xxxx xxxx ]	 EA waiting for data  EA calculation 	 {  ea  read  imm  execute  delay  } 
56Cycle 55 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	 EA waiting for data  EA calculation 	 {  ea  read  imm  execute  delay  } 
57Cycle 56 T4	 0xfe063 	 0x 0 	     >P 	[ 0x00 xxxx xxxx xxxx ]	 EA waiting for data  EA calculation 	 {  ea  read  imm  execute  delay  } 
58Cycle 57 T1	         	     	     <P 	[ xxxx xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  } 
59Cycle 58 T2	         	     	        	[ xxxx xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  } 
60Cycle 59 T3	         	     	        	[ xxxx xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  }

…Show last 18 lines

61Cycle 60 T4	 0xfe064 	 0x 0 	     >P 	[ 0x00 xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  } 
62Cycle 61 T1	         	     	        	[ 0x00 xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  } 
63Cycle 62 T2	         	     	        	[ 0x00 xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  } 
64Cycle 63 T3	         	     	        	[ 0x00 xxxx xxxx xxxx ]	   EA calculation 	 {  ea  read  imm  execute  delay  } 
65Cycle 64 T4	 0xfe065 	 0x 0 	     >P 	[ 0x00 0x00 xxxx xxxx ]	                  	 {  read  imm  execute  delay  } 
66Cycle 65 T1	         	     	        	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
67Cycle 66 T2	         	     	        	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
68Cycle 67 T3	         	     	        	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
69Cycle 68 T4	 0x00472 	 0x 0 	     <M 	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
70Cycle 69 T1	         	     	        	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
71Cycle 70 T2	         	     	        	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
72Cycle 71 T3	         	     	        	[ 0x00 0x00 xxxx xxxx ]	 waiting for data 	 {  read  imm  execute  delay  } 
73Cycle 72 T4	 0x00473 	 0x 0 	     <M 	[ 0x00 0x00 xxxx xxxx ]	                  	 {  imm  execute  delay  } 
74Cycle 73 T1	         	     	        	[ 0x00 0x00 xxxx xxxx ]	                  	 {  execute  delay  } 
75Cycle 74 T2	         	     	        	[ 0x00 0x00 xxxx xxxx ]	                  	 {  delay  } 
76Cycle 75 T3	         	     	        	[ 0x00 0x00 xxxx xxxx ]	        executing 	 {  delay  } 
77Cycle 76 T4	 0xfe066 	 0xfa 	     >P 	[ 0x00 0x00 0xfa xxxx ]	        executing 	 {  decode  }

YouTube channel: https://www.youtube.com/channel/UC7HbC_nq8t1S9l7qGYL0mTA
Collection: http://www.digiloguemuseum.com/index.html
Emulator: https://sites.google.com/site/capex86/
Raytracer: https://sites.google.com/site/opaqueraytracer/

Reply 1 of 6, by reenigne

Posted on 2016-03-17, 16:57

reenigne Offline

Rank Oldbie

Rank: Oldbie
Posts: 649
Joined: 2006-11-30, 05:13
Location: Cornwall, UK

Sounds good. One question, though: what is the EA unit? If you're talking about effective address calculations (as in instructions that use the mod/rm byte) I don't think that's a separate thing to the EU. EA calculations are synchronous inside the EU so it's all one unit. BIU and EU run independently to each other (except when the EU turns off prefetching to execute its own bus operations, or when the EU grabs a byte from the prefetch queue) so need to be separate units but the 8088 only has two independent units.

If that's just your way of breaking down the code and isn't supposed to reflect the internal architecture of the CPU, then fair enough.

Reply 2 of 6, by vladstamate

Posted on 2016-03-17, 17:03

vladstamate Offline

Rank Oldbie

Rank: Oldbie
Posts: 967
Joined: 2015-08-23, 01:43

Yes that is correct, it is just my own code separation. The CPU loop looks like this:

1	for(int i=0; i<times; i++)
2	{
3		// tick the bus part of the CPU
4		m_pProcessor->m_pBIU->tick();
5		
6		// tick the execution unit
7		m_pProcessor->execution_unit_tick();
8		
9		m_pProcessor->m_kPrefetchBuffer.print();
10		
11		PRINT_CYCLES_LINE;
12	}

As you can see, like you said only BIU and EU are real units. EA is just for my code separation and it does run part of EU emulation.

Reply 3 of 6, by Scali

Posted on 2016-03-18, 08:12

Scali Offline

Rank l33t

Rank: l33t
Posts: 4873
Joined: 2014-12-13, 14:24

I think the most important thing here is that you're making an emulator that actually tries to emulate the whole CPU, rather than just interpreting instructions.
It may take a while to get the timing 100% correct, but with the right design and just using the timings as they are known today, you're probably already 95% there, and you can add small tweaks to the code as and when more specific cases become known.

What is important though, which is not clear to me at this point, is that the other devices that make use of the bus, should also hook into the emulation at a cycle-exact level (this also includes the FPU). They need to be able to add waitstates to the CPU when they access the bus.

http://scalibq.wordpress.com/just-keeping-it- … ro-programming/

Reply 4 of 6, by vladstamate

Posted on 2016-05-03, 14:41

vladstamate Offline

Rank Oldbie

Rank: Oldbie
Posts: 967
Joined: 2015-08-23, 01:43

An update on this. I am still working on it, although life has been keeping me busy so I had to slow down a bit. I can now execute the first 1 second (more or less 4.7mil cycles) after power on. It is going well, and it will go faster soon as most of the time is taken by effectively writing new instruction execution code.

Reply 5 of 6, by vladstamate

Posted on 2016-07-04, 17:28

vladstamate Offline

Rank Oldbie

Rank: Oldbie
Posts: 967
Joined: 2015-08-23, 01:43

VICTORY!! Well partial but still something worth reporting. I now have the entire PC/Turbo XT BIOS booting (and the beginning of MSDOS) on the cycle accurate 8088 implementation I have. I am sure I am off a cycle here or there but the entire CPU pipeline is correctly emulated (including ALL BUS operations of course, and memory wait states). CGA is not cycle accurate, that is my next effort. There are also a few instructions not emulated yet simply because nothing executed them.

I am trying to clean up the code and figure out how to put it up so that people can have a look.

Reply 6 of 6, by vladstamate

Posted on 2016-07-17, 19:54

vladstamate Offline

Rank Oldbie

Rank: Oldbie
Posts: 967
Joined: 2015-08-23, 01:43

Now I got DOS booting too. This is a screenshot of the emulator running DOS 5.0 with the launcher.

Go to top of page Go to top of page

Back to PC Emulation