INC and DEC do not change the carry flag. It's one of the odder features of the x86 instruction set, but definitely not a bug.
Have you actually verified that reverting the carry flag changes fixes the issue? If you haven't then you're jumping to conclusions blaming that commit. You still haven't identified what the crash actually was, and where it was, which are fairly fundamental things to establish if you want to help fix this bug. A disassembly around the crash address would make it so much easier to figure out what the issue is.
Windows NT Versions BSoD on PCem
-
SarahWalker
- Site Admin
- Posts: 2054
- Joined: Thu 24 Apr, 2014 4:18 pm
Re: Windows NT Versions BSoD on PCem
- TomWalker: I am actually leaning towards the carry revision having nothing to do with it. All I know is, the emulator mysteriously crashes under Windows 2000, and DOS DEBUG shows some hex digits incorrectly (D instead of E, B instead of C, etc.), implying an arithmetic or logic error somewhere. And the latter happens on both recompiler and interpreter. I am at a complete loss right now as to what's even going on.
Edit: Now I'm going to roll back PCem revision by revision until it no longer screws up DEBUG.EXE output. This should at least pinpoint what actually causes part of the problem. Yes, I still suspect the two bugs are related.
Edit #2: Seems I was right with by pointing at revision 196 (the carry-related revision). In revision 195, DOS DEBUG.EXE shows all the digits correctly. In revision 196, the output is bugged up. Which means the carry-related revision indeed introduced a bug.
Now the questions are two:
1. Is this bug related to Windows 2000 causing PCem to crash?
2. What instruction exactly is bugged out?
Having a list of all instructions affected by revision 196 would be nice as then I could simply put all of them into a .COM file and run it through DOS DEBUG.EXE and see exactly the output starts differing between the two revisions.
And I think this bug should be fixed first, because then we would also get the answer to question 1. Since if fixing the bug does not fix the crash, the two are unrelated. If it does, the two are related.
Edit: Now I'm going to roll back PCem revision by revision until it no longer screws up DEBUG.EXE output. This should at least pinpoint what actually causes part of the problem. Yes, I still suspect the two bugs are related.
Edit #2: Seems I was right with by pointing at revision 196 (the carry-related revision). In revision 195, DOS DEBUG.EXE shows all the digits correctly. In revision 196, the output is bugged up. Which means the carry-related revision indeed introduced a bug.
Now the questions are two:
1. Is this bug related to Windows 2000 causing PCem to crash?
2. What instruction exactly is bugged out?
Having a list of all instructions affected by revision 196 would be nice as then I could simply put all of them into a .COM file and run it through DOS DEBUG.EXE and see exactly the output starts differing between the two revisions.
And I think this bug should be fixed first, because then we would also get the answer to question 1. Since if fixing the bug does not fix the crash, the two are unrelated. If it does, the two are related.
-
SarahWalker
- Site Admin
- Posts: 2054
- Joined: Thu 24 Apr, 2014 4:18 pm
Re: Windows NT Versions BSoD on PCem
Yep, bug in carry flag for DAA/DAS. Fixed in rev 206. I would be amazed though if this had anything to do with the Windows 2000 crash; Win2k is a little unlikely to be using BCD maths.
Re: Windows NT Versions BSoD on PCem
You were right, after applying revision 206, Windows 2000 still causes PCem to crash. Time to find a way to make GDB work then. Thing is, I'm at a complete loss for what to do. I've been Googling for a solution for some time now, to no avail.
Edit: I tried attaching with GDB to PCem's PID. The second I do that, PCem crashes, and GDB reports an unknown target exception.
Edit #2: At this point I suspect GDB simply doesn't work properly on Windows 10 Build 9901. I might try another debugger.
Edit #3: Worked under IDA 6.1 (getting 6.5 because it supports MINGW GCC symbols). Upon crash, it said: 40CC1F: The instruction at 0x40CC1F referenced memory at 0x8358401C. The memory could not be read -> 8358401C (exc.code c0000005, tid 184). So for some reason, PCem attempts to read memory it cannot read.
Edit #4: Disassembly around the crash address:
40CC1F is the point at which the crash occurs.
Edit: I tried attaching with GDB to PCem's PID. The second I do that, PCem crashes, and GDB reports an unknown target exception.
Edit #2: At this point I suspect GDB simply doesn't work properly on Windows 10 Build 9901. I might try another debugger.
Edit #3: Worked under IDA 6.1 (getting 6.5 because it supports MINGW GCC symbols). Upon crash, it said: 40CC1F: The instruction at 0x40CC1F referenced memory at 0x8358401C. The memory could not be read -> 8358401C (exc.code c0000005, tid 184). So for some reason, PCem attempts to read memory it cannot read.
Edit #4: Disassembly around the crash address:
Code: Select all
.text:0040CBCB ; ---------------------------------------------------------------------------
.text:0040CBCC align 10h
.text:0040CBD0
.text:0040CBD0 ; =============== S U B R O U T I N E =======================================
.text:0040CBD0
.text:0040CBD0 ; Attributes: static
.text:0040CBD0
.text:0040CBD0 ; uint32_t __usercall fastreadl<eax>(uint32_t a<eax>)
.text:0040CBD0 _fastreadl proc near ; CODE XREF: _fetch_ea_32_long+DEp
.text:0040CBD0 ; _fetch_ea_32_long+1A4p ...
.text:0040CBD0
.text:0040CBD0 a= dword ptr -2Ch
.text:0040CBD0 addr= dword ptr -28h
.text:0040CBD0
.text:0040CBD0 a = eax ; uint32_t
.text:0040CBD0 push ebp
.text:0040CBD1 push edi
.text:0040CBD2 push esi
.text:0040CBD3 push ebx
.text:0040CBD4 mov ebx, a
.text:0040CBD6 and a, 0FFFh
.text:0040CBDB a = ebx ; uint32_t
.text:0040CBDB sub esp, 1Ch
.text:0040CBDE cmp eax, 0FFCh
.text:0040CBE3 ja short loc_40CC30
.text:0040CBE5 mov esi, a
.text:0040CBE7 mov eax, ds:_pccache2
.text:0040CBEC shr esi, 0Ch
.text:0040CBEF cmp esi, ds:_pccache
.text:0040CBF5 jz short loc_40CC1F
.text:0040CBF7 mov [esp+2Ch+a], a ; a
.text:0040CBFA call _getpccache
.text:0040CBFF mov ecx, ds:_abrt
.text:0040CC05 mov edx, eax
.text:0040CC07 t = eax ; uint8_t *
.text:0040CC07 xor t, t
.text:0040CC09 t = edx ; uint8_t *
.text:0040CC09 test ecx, ecx
.text:0040CC0B jnz loc_40CC9F
.text:0040CC11 mov ds:_pccache2, t
.text:0040CC17 mov eax, t
.text:0040CC19 mov ds:_pccache, esi
.text:0040CC1F
.text:0040CC1F loc_40CC1F: ; CODE XREF: _fastreadl+25j
.text:0040CC1F mov eax, [eax+a]
.text:0040CC22 add esp, 1Ch
.text:0040CC25 pop a
.text:0040CC26 pop esi
.text:0040CC27 pop edi
.text:0040CC28 pop ebp
.text:0040CC29 retn
.text:0040CC29 ; ---------------------------------------------------------------------------
.text:0040CC2A a = ebx ; uint32_t
.text:0040CC2A align 10h
.text:0040CC30
.text:0040CC30 loc_40CC30: ; CODE XREF: _fastreadl+13j
.text:0040CC30 mov edx, ds:_readlookup2
.text:0040CC36 mov eax, a
.text:0040CC38 shr eax, 0Ch
.text:0040CC3B mov eax, [edx+eax*4]
.text:0040CC3E cmp eax, 0FFFFFFFFh
.text:0040CC41 jz short loc_40CCA7
.text:0040CC43 movzx edi, byte ptr [eax+a]
.text:0040CC47
.text:0040CC47 loc_40CC47: ; CODE XREF: _fastreadl+F0j
.text:0040CC47 val = edi ; uint32_t
.text:0040CC47 lea eax, [a+1]
.text:0040CC4A mov ecx, eax
.text:0040CC4C shr ecx, 0Ch
.text:0040CC4F mov esi, [edx+ecx*4]
.text:0040CC52 cmp esi, 0FFFFFFFFh
.text:0040CC55 jz short loc_40CCC2
.text:0040CC57 movzx eax, byte ptr [esi+a+1]
.text:0040CC5C shl eax, 8
.text:0040CC5F
.text:0040CC5F loc_40CC5F: ; CODE XREF: _fastreadl+10Ej
.text:0040CC5F or eax, val
.text:0040CC61 lea val, [a+2]
.text:0040CC64 mov ebp, eax
.text:0040CC66 val = eax ; uint32_t
.text:0040CC66 mov val, edi
.text:0040CC68 val = ebp ; uint32_t
.text:0040CC68 shr eax, 0Ch
.text:0040CC6B mov esi, [edx+eax*4]
.text:0040CC6E cmp esi, 0FFFFFFFFh
.text:0040CC71 jz loc_40CD00
.text:0040CC77 movzx ecx, byte ptr [esi+a+2]
.text:0040CC7C shl ecx, 10h
.text:0040CC7F
.text:0040CC7F loc_40CC7F: ; CODE XREF: _fastreadl+14Cj
.text:0040CC7F lea esi, [a+3]
.text:0040CC82 mov edi, val
.text:0040CC84 mov eax, esi
.text:0040CC86 or edi, ecx
.text:0040CC88 val = edi ; uint32_t
.text:0040CC88 shr eax, 0Ch
.text:0040CC8B mov edx, [edx+eax*4]
.text:0040CC8E cmp edx, 0FFFFFFFFh
.text:0040CC91 jz short loc_40CCE3
.text:0040CC93 movzx edx, byte ptr [edx+a+3]
.text:0040CC98 shl edx, 18h
.text:0040CC9B
.text:0040CC9B loc_40CC9B: ; CODE XREF: _fastreadl+128j
.text:0040CC9B mov eax, edi
.text:0040CC9D or eax, edx
.text:0040CC9F
.text:0040CC9F loc_40CC9F: ; CODE XREF: _fastreadl+3Bj
.text:0040CC9F add esp, 1Ch
.text:0040CCA2 pop a
.text:0040CCA3 pop esi
.text:0040CCA4 pop edi
.text:0040CCA5 pop ebp
.text:0040CCA6 retn
.text:0040CCA7 ; ---------------------------------------------------------------------------
.text:0040CCA7
.text:0040CCA7 loc_40CCA7: ; CODE XREF: _fastreadl+71j
.text:0040CCA7 a = ebx ; uint32_t ; addr
.text:0040CCA7 mov [esp+2Ch+addr], a
.text:0040CCAB mov [esp+2Ch+a], 0 ; seg
.text:0040CCB2 call _readmemb386l
.text:0040CCB7 mov edx, ds:_readlookup2
.text:0040CCBD movzx edi, al
.text:0040CCC0 jmp short loc_40CC47
.text:0040CCC2 ; ---------------------------------------------------------------------------
.text:0040CCC2
.text:0040CCC2 loc_40CCC2: ; CODE XREF: _fastreadl+85j
.text:0040CCC2 val = edi ; uint32_t ; addr
.text:0040CCC2 mov [esp+2Ch+addr], eax
.text:0040CCC6 mov [esp+2Ch+a], 0 ; seg
.text:0040CCCD call _readmemb386l
.text:0040CCD2 mov edx, ds:_readlookup2
.text:0040CCD8 movzx eax, al
.text:0040CCDB shl eax, 8
.text:0040CCDE jmp loc_40CC5F
.text:0040CCE3 ; ---------------------------------------------------------------------------
.text:0040CCE3
.text:0040CCE3 loc_40CCE3: ; CODE XREF: _fastreadl+C1j
.text:0040CCE3 mov [esp+2Ch+addr], esi ; addr
.text:0040CCE7 mov [esp+2Ch+a], 0 ; seg
.text:0040CCEE call _readmemb386l
.text:0040CCF3 mov edx, eax
.text:0040CCF5 shl edx, 18h
.text:0040CCF8 jmp short loc_40CC9B
.text:0040CCF8 ; ---------------------------------------------------------------------------
.text:0040CCFA val = ebp ; uint32_t
.text:0040CCFA align 10h
.text:0040CD00
.text:0040CD00 loc_40CD00: ; CODE XREF: _fastreadl+A1j
.text:0040CD00 mov [esp+2Ch+addr], edi ; addr
.text:0040CD04 mov [esp+2Ch+a], 0 ; seg
.text:0040CD0B call _readmemb386l
.text:0040CD10 mov edx, ds:_readlookup2
.text:0040CD16 movzx ecx, al
.text:0040CD19 shl ecx, 10h
.text:0040CD1C jmp loc_40CC7F
.text:0040CD1C _fastreadl endp
.text:0040CD1C
.text:0040CD21 ; ---------------------------------------------------------------------------
.text:0040CD21 jmp short _opDEC_ESI
.text:0040CD21 ; ---------------------------------------------------------------------------
.text:0040CD23 align 10h-
SarahWalker
- Site Admin
- Posts: 2054
- Joined: Thu 24 Apr, 2014 4:18 pm
Re: Windows NT Versions BSoD on PCem
Try rev 207.
Re: Windows NT Versions BSoD on PCem
The crash is gone now, thank you!
Re: Windows NT Versions BSoD on PCem
Windows 2000 Crashes on anything less then the highest Intel Socket 7 possible OR Socket 8. You pretty much need Socket 8 or an equal.SarahWalker wrote: ↑Tue 10 Feb, 2015 1:53 pm Is RTM the final released Windows 2000 or is it some kind of beta? If the latter then I'm not going to spend too much time on it.
As I said though, Windows 2000 works okay for me, with pretty much the same configuration you're both using.