Simulator TODO (roadmap-ish)
This is a raw list / brain dump of things to be done in the sim. Feel free to add your own. Not exactly a road map, but probably covers most of the active work.
Contents
Common
- Look for TODO, FIXME, and XXX comments
- Add more target tests!
Easy(ish)
Merge symbol filtering & sorting logic
- The aarch64 remove_useless_symbols handles filtering
- Need to check if this would break some of the exoctic cases like lm32 that looks up non-function symbols
The aarch64 compare_symbols & qsort call in sim_create_inferior could all be moved to the common trace code
- The aarch64 remove_useless_symbols handles filtering
- Make custom options automatic
- Do not require ports manually call sim_add_option_table in their sim_open/wherever stage
- Automatically detect forms like "^const OPTION" in source files
- See how hw-config.h generation is generated and initialized
- Might be able to split out common/ ones too
- Create helpers for reading/writing integers in a memory buffer
- Would be used by most reg fetch/store callbacks in sims (see CPU_REG_FETCH/CPU_REG_STORE)
- See gdb/findvar.c:store_unsigned_integer
- See bfin/machs.c:bfin_extract_unsigned_integer
- See common/cgen-mem.h
- Integrate tracing logic into memory/core operations in common/
- Currently each target has to instrument the reads/writes themselves
- See bfin/bfin-sim.h:PUT_MEM and how it calls tracing code
- Write a manual!
- Should be standalone and integrated into GDB's manual
- Cover the library interface (include/gdb/remote-sim.h)
- Cover the command line interface
- Have an internals section
Medium
- Generate a shared library
- Use same SONAME versioning as other bfd libraries (i.e. include the version in it)
- Hide all symbols (and build w/hidden visibility) except for the documented interface
- Add checks to make sure all symbols are namespaced, even internal ones (to avoid issues w/libsim.a)
- Convert bool types to bfd_boolean rather than int/0/1
- Handle more syscalls in common/syscall.c
- See bfin/interp.c for a lot more
- Improve multi-environment support
- See bfin/interp.c and how it switches between cb_linux_stat_map_32 and cb_libgloss_stat_map_32 manually
- Support arg/env stack pushing logic to common code
- Maybe a general "push char**" ?
bfin & cris both take care of creating a standard argv/envp/auxv stack for processes
- See bfin/interp.c:bfin_user_init for more details
- Improve support for multi-ELF loading
- When emulating userland code, there is often an ldso that needs additional loading
- Make common/nrun.c only use public APIs
- If a simple frontend has to dig into internals, then the public API is inadequate
- Requires exporting existing APIs and creating some new ones
- Add syscall type to sim-watch module
- Requires integration with callback module
- Implement catch syscall in gdb/remote-sim.c
- Needs sim-watch support (see above)
- Implement hardware-breakpoint support in gdb/remote-sim.c
- Use sim-watch module
Can support single address & ranges
- Implement virtio models
Hard
- Multitarget support
- Respect the --enable-targets option like other subdirs
- Define a callback target struct interface akin to gdb targets
- Detect targets in source automatically (rather than hardcoding symbol names/calls in common code) like gdb does
- Add test to check for non-namespaced symbols, even internal ones (to avoid issues w/libsim.a)
Target mappings (targ-vals & friends) need to be localized
- Dissolve common ntvals def file into arch specific headers
- Update the callback struct to init its callback tables via the arch data
- Working roadmap:
- Invert sim_desc structure so it's defined in common/ and arches get a STATE_ARCH_DATA callback
- Invert sim_cpu structure so it's defined in common/ and arches get a CPU_ARCH_DATA callback
- Create common/sim-main.h and dissolve arch specific sim-main.h
- Convert sim/ and common/ to automake
- Add common simarch support
- Build is in sim/ and uses xxx/Makemodule.am subdirs
- Convert one port at a time to new simarch framework
- Conversion is one way -- only support new simarch framework
- Switch over arches not using hw or igen/cgen
- Figure out device/hw model
- Figure out igen/cgen
Integrate DTC into the tree
- The hardware layout logic in common/ is already dtc-ish, but old/ad-hoc
Architecture Specific
ARM
- Migrate arm sim to use common/ framework
Delete sim_stop_reason & sim_read & sim_write
AVR
- Migrate to common memory handling
Delete sim_read & sim_write
Blackfin (bfin)
- Need to review ASTAT write behavior
- How to model RETE and IVG0 bit in IPEND ...
- Model the loop buffer ?
- This means no ifetches because they're cached
- See page 4-26 in Blackfin PRM under hardware loops
- Handle DSPID at 0xffe05000
- R0 = [SP++]; incorrectly gets traced as R0 = [P6++];
- Fix single stepping over debug assert instructions in hardware
- Exception in IVG5 causes double fault ?
- flush[0xffa00000] causes HWERR in sim but not on hardware ?
- Convert to using do_hw_attach_regs ?
- MMR reading should work better under GDB
- Need to add a big memory block at 0xffe00000 (for core mmrs), and then map all core devices under that
- Then we can handle unaligned/invalid address accesses in a single place, and it can handle padding of dummy values
- Then gdb can "mdl 0xffe00000" just fine
- BF60x UART -- check register names for internal (pre-release) names (emask vs imsk)
CEC/SIC
- CEC should handle multiple exceptions at same address
- Would need exception processing to be delayed ?
- At least needs a stack for the CEC to pop things off
- Merge dv-bfin_evt with dv-bfin_cec since the EVT regs are part of the CEC
- Insns that cause an interrupt don't seem to be processed at the right time
- Setup a glue device that generates an interrupt upon write
- When the store insn is executed, the interrupt is taken right away instead of being scheduled *after* the insn has finished executing
- Difference is that RETI needs to point to the *next* insn and not the store insn that triggered the int
- SIC int forwarding doesn't accurately reflect the hardware
- What the sim does:
- device generates an interrupt
- int is sent to SIC
- SIC logs it into its ISR
- so long as SIC's IMASK allows it, bits set in ISR generate an interrupt to the CEC
- no way to clear the SIC's ISR
- What the hardware does:
- Device monitors the interrupt level
- SIC's ISR bits are basically hardwired from each peripheral
- When the device has its interrupt cleared, the bit in the SIC's ISR is automatically cleared as well
- Possible solution:
- Have each device set up an event callback that sends out a port event
- A level of 0 means the int has been ACKed and the SIC can clear its ISR
- A level of 1 means the int is being generated still
- If the device is still generating an interrupt, it can reschedule itself again
- Have each device set up an event callback that sends out a port event
- What the sim does:
Tests
- Check AN bits with Dreg subtraction
- R0 = R1 - R2;
- Check astat bits with vector add/sub +|+
- Check acc with VIT_MAX and similar insns
CRIS
- Move env setup from open to inferior stage
D10V
- Migrate to common memory handling
Delete sim_read & sim_write
FRV
- header file dependencies revisit
- hooks cleanup
- memory accesses still test if profiling is on even in fast mode
- have semantic code use G/SET_H_FOO if not default [incl fun-access]
- have G/SET_H_FOO macros call function if fun-access
- can always use G/S_H_FOO macros
H8300
- Migrate to common memory handling
Delete sim_read & sim_write
m32c
- Rewrite m32c sim to use common/ framework
- Requires dropping of custom frontend (main.c)
M32R
- header file dependencies revisit
- hooks cleanup
- memory accesses still test if profiling is on even in fast mode
- fill nop counting done even in fast mode
- have semantic code use G/SET_H_FOO if not default [incl fun-access]
- have G/SET_H_FOO macros call function if fun-access
- can always use G/S_H_FOO macros
PowerPC (ppc)
- Migrate ppc sim to use common/ framework
- Note: This is probably extremely difficult
RL78
- Rewrite rl78 sim to use common/ framework
- Requires dropping of custom frontend (main.c)
RX
- Rewrite rx sim to use common/ framework
- Requires dropping of custom frontend (main.c)
SPARC (erc32)
- Migrate erc32 (sparc) sim to use common/ framework
- Requires dropping of custom frontend (sis.c)
- Note: This is probably very difficult
SuperH (sh)
- Migrate to common/ framework
Delete sim_stop_reason & sim_read & sim_write
Delete custom profiling (e.g. gmon.out) & tracing logic