09 October 2018, 10:50 | #1 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,865
|
SMC detection
I have just tried to use the WinUAE debugger to find some SMC and it doesn't appear to work for me. I made some simple test code and the debugger didn't break with "smc 1". I have used the following code for testing (using a standard 68000/A500 config):
Code:
START lea SMC(pc),a0 .LMB btst #6,$bfe001 bne.b .LMB move.w #$4e71,(a0) ;rts tst.w d0 clr.w d1 SMC rts rts What am I missing here? |
09 October 2018, 12:55 | #2 |
This cat is no more
Join Date: Dec 2004
Location: FRANCE
Age: 52
Posts: 8,410
|
I remember having such problems. But have you turned off JIT? because with JIT it's guaranteed that it DOESN'T work.
My whdload setup as some magical winuae start/stop command to turn on/off JIT & turn off/on MMU when running whload. that would be super-cool if it worked, because whdload protectSMC is fairly limited, and there are a lot of SMC games out there... |
09 October 2018, 12:58 | #3 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,865
|
JIT is of course turned off (68000/A500 config as mentioned). When doing WHDLoad stuff I always have JIT turned off as well. It would indeed be nice if the SMC detection worked, could save quite a bit of time.
|
09 October 2018, 13:05 | #4 |
move.w #$4489,$dff07e
Join Date: Sep 2005
Location: Norfolk, UK
Age: 43
Posts: 2,351
|
I think oldskool debuggers used to put ILLEGAL (or something) to trap breakpointed code through a vector. I wonder if UAE is doing something similar (with some clever slight-of-hand-magic so the Amiga can't see the value) rather than watching the PC - and you lose the magic when you SMC.
But I'm just guessing and quite possibly talking sausages |
09 October 2018, 19:20 | #5 |
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 49
Posts: 26,587
|
Memwatch point handling changed many releases ago and it affected smc (and few other debugger options).
You need to add "dummy" memwatch range, for example "w 0 0 80000 none" if code is in chip ram. (I guess some shortcut to add all ram regions would be nice to have..) "More compatible" CPU option also must be ticked. |
09 October 2018, 20:19 | #6 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,865
|
That does indeed work, thanks! And yes, a shortcut to add all the ram regions would be incredibly useful indeed.
Last edited by StingRay; 09 October 2018 at 20:25. Reason: typo |
09 October 2018, 20:52 | #7 |
This cat is no more
Join Date: Dec 2004
Location: FRANCE
Age: 52
Posts: 8,410
|
Some day I'll have to read the WinUAE reference manual, well, better read Toni's mind
|
14 October 2018, 16:37 | #8 |
Rock Lobster
Join Date: Nov 2012
Location: Macclesfield
Age: 50
Posts: 40
|
I've tried looking and failed to find any info/notes about memwatch changes, so what happened with it?
I ask as my usual method of triggering a breakpoint in my code is to add "clr.w $80000" at the point I want to break, then use "w1 80000" in the debugger. This has worked fine until I tried it today, so I started installing older versions of winua and found that it stopped working as of version 3.6.0 The "More Compatible" option is ticked in my config, although it's greyed out. Do I need to type something different in the debugger now? |
14 October 2018, 17:30 | #9 |
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 49
Posts: 26,587
|
w has always needed size parameter (w <num> <address> <length> [optional stuff]>. It probably was accidental side effect if it worked without it previously.
|
14 October 2018, 17:48 | #10 | |
Rock Lobster
Join Date: Nov 2012
Location: Macclesfield
Age: 50
Posts: 40
|
Quote:
However, I should have mentioned that I'm using the GUI debugger, and I've just been reading the "UAE debugger updates" thread and noticed your "Don't mention anything about GUI." comment. Does this mean the GUI debugger is now effectively dead? EDIT: I just tried "w0 80000" and it works. |
|
14 October 2018, 20:54 | #11 |
This cat is no more
Join Date: Dec 2004
Location: FRANCE
Age: 52
Posts: 8,410
|
I noticed that if you don't have watchpoint 0 active then the others don't work.
Also the trainer feature (C command) doesn't work anymore (deep trainer works). And yes, the GUI version is not maintained anymore. I got used to the text mode, with proper colors & quick edit mode it's good enough |
16 October 2018, 19:41 | #12 |
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 49
Posts: 26,587
|
Memwatch checking was optimized and it accidentally required that first slot is in use. Fixed.
|
06 January 2019, 23:18 | #13 |
This cat is no more
Join Date: Dec 2004
Location: FRANCE
Age: 52
Posts: 8,410
|
It works but a little too well. In fact, it seems to "prefetch" the next instruction.
Code:
>g SMC at 00011118 - 0001111A (2) from 00011094 Cycles: 9767 Chip, 156272 CPU. (V=152 H=213 -> V=195 H=219) D0 00000000 D1 0000F800 D2 0007F800 D3 0000FFFF D4 00000000 D5 FFFF0000 D6 00000FF8 D7 00000009 A0 000536C0 A1 00063296 A2 00030AB2 A3 00072536 A4 00031A6A A5 0003142A A6 00000000 A7 000005A4 USP 0007FC00 ISP 000005A4 SFC 00000005 DFC 00000005 CACR 80008000 TC 00008000 ITT0 00000000 ITT1 00000000 DTT0 00000000 DTT1 00000000 VBR 483F6000 MSP 0007F800 MMUS 00000000 URP 483EA000 SRP 483EA000 T=00 S=1 M=0 X=0 N=0 Z=0 V=0 C=0 IMASK=3 STP=0 00011100 23c8 00df f04c MOVE.L A0,$00dff04c 00011106 23c8 00df f054 MOVE.L A0,$00dff054 Next PC: 0001110c >d $11094 00011094 23c5 0001 1116 MOVE.L D5,$00011116 [ffff0000] 0001109A 5489 ADDA.L #$02,A1 >d $11114 00011114 4e75 RTS 00011116 ffff ILLEGAL 00011118 0000 48a7 OR.B #$a7,D0 0001111C f000 0640 [ MMUOP030 D0,#$0640 ] Also, be aware that you need to reduce WinUAE memory (I've set 2mb chip & 4mb fast) or the PC freezes when entering "SMC 1". Strange, as the memory watched is always 0->80000. |
07 January 2019, 16:57 | #14 |
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 49
Posts: 26,587
|
It detects any instruction fetch access which includes prefetches, it does not (and can't) know if CPU "uses" the fetched opcode word.
68000 + more compatible mode has extra checks to detect some branch-like instructions (mainly RTS/RTD/RTE/RTR and BRA.B). It possible to add same support for 68020+ more compatible. If more compatible is off, it should also disable prefetch emulation. Memory size shouldn't make any difference as long as all memory is inside first 16M (24-bit addressing). |
09 November 2022, 22:03 | #15 |
This cat is no more
Join Date: Dec 2004
Location: FRANCE
Age: 52
Posts: 8,410
|
But if I disable "more compatible", I don't have any hits at all when there's blatant SMC. It disables false alarms but also true alarms...
Besides, even if caches are flushed between modification and execution, smc is detected. So this is still useful (specially without breakpoint so you can post-process the output with a python script afterwards and group hits, filter, check source code at the same time to remove false alarms... and all) with those issues... Last edited by jotd; 09 November 2022 at 22:10. |
10 November 2022, 21:20 | #16 | ||
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 49
Posts: 26,587
|
Quote:
It would require changes to CPU cores to detect between opcode was prefetched vs opcode was prefetched and it was actually used later. This won't happen. Sorry. Quote:
|
||
11 November 2022, 00:50 | #17 |
This cat is no more
Join Date: Dec 2004
Location: FRANCE
Age: 52
Posts: 8,410
|
Ok I understand! either you get prefecth+memory banks or you get direct memory access and no memory watches.
it's already very good if cache flush cancels the false alarms. I can deal with the other false alarms with a config file / post processing. Thanks |
12 November 2022, 13:23 | #18 |
Registered User
Join Date: Feb 2017
Location: Denmark
Posts: 1,281
|
Think I've spotted a minor issue with the detection code. If the modification isn't aligned with the prefect fetch size (2 for 68000, 4 for 020+) it's not caught. E.g.
Code:
00024fa8 33fc 4e71 0002 50b2 move.w #$4e71,$000250b2 ... Check probably needs to be something like: Code:
- hitpc = smc_table[addr].addr; + hitpc = 0xffffffff; + for (i = 0; i < size && hitpc == 0xffffffff && addr + i < smc_size; i++) + hitpc = smc_table[addr + i].addr; if (hitpc == 0xffffffff) return; |
12 November 2022, 14:29 | #19 |
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 49
Posts: 26,587
|
It was not (at least originally) meant for 68020+. 68000 is 16-bit only.
|
12 November 2022, 17:47 | #20 | |
Moderator
Join Date: Sep 2004
Location: France
Age: 51
Posts: 4,277
|
Quote:
thank you for the information |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Collision Detection | sandruzzo | Coders. General | 5 | 10 June 2016 12:50 |
Joypad detection | TuKo | support.WinUAE | 6 | 14 March 2015 15:12 |
Better gamepad detection | Maren | request.UAE Wishlist | 8 | 25 November 2009 18:03 |
M.I.D.I. in detection bug | GROSDAMS | support.WinUAE | 2 | 13 September 2008 01:05 |
HRTMon configuration options and SMC detector | jotd | request.UAE Wishlist | 1 | 23 October 2006 22:38 |
|
|