On 4/1/24 09:50, Gautam Bhat wrote:
Hi,
Some background: I am trying to write a CPU emulator for MSP430 with
Qemu. I am loading the MSP430 program as follows using the generic
device loader:
/qemu-system-msp430 -machine msp430-launchpad -device
loader,file=simple_test -d in_asm,out_asm
I have implemented somewhat the TranslatorOps callbacks and my sample
output with some prints is as follows:
===msp430_tr_disas_log:204===
OUT: [size=51]
-- guest addr 0x00000000000007fa + tb prologue
0x7fff6403fe00: 8b 5d f0 movl -0x10(%rbp), %ebx
0x7fff6403fe03: 85 db testl %ebx, %ebx
0x7fff6403fe05: 0f 8c 1c 00 00 00 jl 0x7fff6403fe27
0x7fff6403fe0b: c6 45 f4 01 movb $1, -0xc(%rbp)
0x7fff6403fe0f: e9 00 00 00 00 jmp 0x7fff6403fe14
0x7fff6403fe14: c7 45 00 fc 07 00 00 movl $0x7fc, (%rbp)
0x7fff6403fe1b: 48 8d 05 1e ff ff ff leaq -0xe2(%rip), %rax
0x7fff6403fe22: e9 f1 01 fc ff jmp 0x7fff64000018
0x7fff6403fe27: 48 8d 05 15 ff ff ff leaq -0xeb(%rip), %rax
0x7fff6403fe2e: e9 e5 01 fc ff jmp 0x7fff64000018
===gen_intermediate_code:251===
===msp430_tr_init_disas_context:84===
===msp430_tr_tb_start:99===
===msp430_tr_insn_start:107===
===msp430_tr_translate_insn:122===
CTX Dump State
==============
pc_first 2044
pc_next 2044
is_jmp 0
max_insns 1
num_insns 1
TB flags: 1
TB cflags: 4278190081
TB CS base: 0
TB PC: 2044
==============
Opcode: 0
is_jmp: 1
DISAS_TOO_MANY ===msp430_tr_tb_stop:170===
I was trying to find out where exactly in the Qemu code does it read
the target instructions from the file loaded (I could trace it to
load_elf(...) loading the FW file)
Yes, the contents of the file are loaded within load_elf().
and call my TranslatorOps
callbacks. I get the above output continuously in a loop. Also when
the device generic loader is used, should I set the program counter to
a specific value?
The boot process must cooperate somehow.
When using loader, you must link the image such that it loads at the pc reset address
defined by the architecture manual.
r~
