log write to custom registers with out of bounds addresses

[jotd]

I've tried to write an address in fastmem into audio register and nothing appeared in the log.

Code:

    lea $7F000000,A0
    move.l  A0,$DFF0A0

Is it possible to get a logged "wrong write" to a custom register pointer?


If I try to play some sound data which is in fast memory, it won't work, but it's difficult to track it down.

[Toni Wilen]

It can't be logged by default because any program that only works with chip ram only would flood the log but logging 10-30 first errors should be fine.

[jotd]

Toni, first my example is bad because this register isn't a pointer, but I meant: "log writes to custom chip address where a pointer to chip is required but a fastmem/illegal address is supplied instead".

The test is fairly easy: 0 < ptr < chipsize is ok, others aren't. Of course, you can overtake chipmem by writing an address close to chip max and a big length too. That would be the icing on the cake.

Currently whdload has those features but need MMU and sometimes there are corner cases (Self-modifying code + JIT : no MMU).

It would be cool even if the debugger stopped on those writes, like memory watches.

Why am I asking this?

Well I've done some "chipmem only" => "fastmem" hacks for some games:

- Chaos Engine CD32
- Ultimate Body Blows
- Beneath a steel sky

Those hacks allow to relocate code in fastmem for programs which lazily used one big MEMF_CHIP segment (CD32 versions...). If you ignore this chip flag, since the game relies on that, you potentially get gfx & sfx buffers in fast memory now.

I remember relocating all data pointers back to chipmem (using disassembly and a script) but you can miss some. And it's easy when you have executable (with reloc information) but not when the code isn't really relocatable (like Red Zone for instance, that I'm planning to move to fastmem for a while, a 3D game running only on chipmem, whaaaaaat???)

[Toni Wilen]

$dff0a0 surely is a DMA pointer register?

The point of my reply is that there should not be any situations where by default every frame adds one or more log messages continuously. It must only happen in some very abnormal situation. Running chip ram only program with fast ram is not abnormal enough.

Anyway, following features added:

- log message when CPU or copper writes to DMA pointer high word and value is outside of Chip RAM space. Stops logging after 100 messages. Note that this can log false positives if program writes garbage to non-active DMA pointer (even KS 1.3 does it at boot to dff084..)
- if memwatch points are enabled and new log mode is enabled ("w l"), any DMA read or write outside of chip ram gets logged. DMA pointer register, memory address, last value written (CPU/Copper) to register and last PC or Copper pointer when last written are included. I don't think there is much use to break to debugger automatically in this situation because it is already too late..

[jotd]

that's just awesome is it available right now?

[Toni Wilen]

The usual url: http://www.winuae.net/files/b/winuae.7z

I also added custom register unaligned word access and byte access logging. Filters out usual $dff006.b and $dff002.b which are too commonly used.

EDIT: I can also add other similar validations if needed.

EDIT2: Fixed xDAT vs xPT checks.

[jotd]

Awesome as always. thanks a lot.

[Toni Wilen]

Update:

- non-existing (non-existing or registers that are for example AGA only but config is not AGA) custom registers are logged. (TODO: check if undefined bits are set?)
- writing to read-only register or reading from write-only logged.
- last written value fixed.
- if copper does invalid access, include correct copper list address.

All above logging options are now enabled with "w l", including previous "log 100 first only".

[jotd]

yeah! with "w l" I get an invalid memory issue, which probably explains the trashed sound.

Code:

57-617 [6316 000-220]: DMA DAT 00ca, PT 00c0 accessed invalid memory 0ff46fc2. Init: 00000ff4, PC/COP=0ff467a6

code:
      0FF467A6 2d7a ff44 00c0           MOVE.L (PC,$ff44) == $0ff466ec [0ff46faa],(A6,$00c0) == $00dff0c0

Awesome!

[Toni Wilen]

Nice.

More validation added: log message if writing to existing write-only custom register and written value has one or more unused bits set (dmacon, ddfstrt/stop if OCS/ECS difference and so on..).

Unfortunately this can causes false positives, for example move.w #$7fff,$dff096 technically has unused bits set.

[jotd]

This will help to fix a lot of strange issues in games. I can write a script to filter out uninsteresting things from the log.

[Toni Wilen]

Added CIA checks: mirror CIA access, unused register 11, non-byte access, invalid (both or neither CIA is selected).
Custom register check new feature: mirror custom register accesses are reported.

[ross]

Nice additions for debugging!

Thanks.