29 Commits

Author SHA1 Message Date
Elliot Nunn
933bd48f01 Auto-generate per-file function lists 2018-06-30 16:07:38 +08:00
DBJ314
9fd3316452 Partially reverse console logging 2018-06-28 22:24:31 +08:00
DBJ314
f20a0216aa Look at a bunch of Task code 2018-06-28 22:24:25 +08:00
DBJ314
3e05ffda22 Understand NK entry point better 2018-06-28 22:08:28 +08:00
DBJ314
1b520d48ae Document syscall -3 2018-06-28 22:08:15 +08:00
Elliot Nunn
5f395530ab Clarify some MPCalls
The old "KC" names have been fixed.
2018-06-19 15:06:13 +08:00
Elliot Nunn
0470029cac Clarify exceptions 2018-06-19 15:06:03 +08:00
Elliot Nunn
6c199998f0 Lots of work on Address Spaces 2018-04-27 21:52:08 +08:00
Elliot Nunn
b725df3cf7 Correct alignment of NKScreenConsole.s (256b)
Information gleaned from the disassembly of NK 02.27
2018-04-22 21:23:54 +08:00
Elliot Nunn
9a85c31a22 Disassemble remaining dead code 2018-04-22 21:08:44 +08:00
Elliot Nunn
3302c1ba99 Identify all accesses to the Primary System Area
Whenever a field was added to the end of the Primary System Area (PSA)
record, the offsets of all other fields would change. When reversing NK
version 02.27, I noticed that 32 bytes had been added to the end of the
PSA between 02.27 and 02.28. To build a byte-perfect 02.27, all
references to PSA fields must therefore use the record definition in
NKPublic.s instead of a numeric offset.

In this commit, all PSA references are identified by field name (_FFF if
the field has not yet been reversed).
2018-04-22 19:00:29 +08:00
Elliot Nunn
dd4e2ef845 Reverse PPC-68k context switching (incomplete) 2018-04-15 17:00:11 +08:00
Elliot Nunn
4c0e5221f1 Remove unnecessary static branch hints
These + and - characters in a branch mnemonic can cause the assembler to
produce conditional branch instructions with that hint the branch
predictor. The default for forward branches is -, and for backward
branches is +. If a mnemonic is issued with the opposite sign, then bit
10 of the instruction (the LSB of the BO field) is set.

My long-retired "ppcdisasm" script inserted these hints unconditionally,
despite 98% of them not being required. The code is much cleaner now.

I read in some old MPW release notes that PPCAsm and PPCLink together
exhibit a quirk when linking conditional branches to imported symbols.
PPCAsm always assembles these conditional branches as if they were
forward branches (that is, a + hint will always set the hint bit, and a
- hint will never). I hoped to use this property to divine whether the
NanoKernel was linked from one or many assembly files, but I was
frustrated by the lack of conditional branches between files.
2018-04-15 16:52:14 +08:00
Elliot Nunn
e2e519b863 Remove junk from old disassembler 2018-03-31 16:19:41 +08:00
Elliot Nunn
123c1e4bee Work on the scheduler and interrupt handling code 2018-03-30 10:27:12 +08:00
Elliot Nunn
f1df639613 Reverse part of the kernel state-save code 2018-03-30 10:25:32 +08:00
Elliot Nunn
fb06fc2b80 Reverse the NanoKernel pool allocator 2018-03-30 09:56:08 +08:00
Elliot Nunn
c7d4cdd367 Reverse power management functions
This is part of the work to get the mini running well. The
kcPowerDispatch and kcCacheDispatch entry points were explored. The dead
code implementing a Timer "Heartbeat" was also used to label some
structures better.
2018-03-17 20:24:02 +08:00
Elliot Nunn
7bee860e40 Reverse the CPU plugin mechanism
CPU plugins are code fragment resources that allow the NanoKernel to
perform CPU-specific functions, such as starting or stopping a processor
core or getting core temperature. They live in the Apple CPU Plugins
file. The Power Manager selects a plugin at boot (or doesn't), prepares
and holds it in memory, and registers it with the NanoKernel using
MPRegisterCpuPlugin(). The NanoKernel can then call any of the plugin's
entry points synchronously using its SIGP() function, which is also
exposed via the MPCpuPlugin() call. The plugin return path is tricky,
but involved the ReturnFromInterrupt trap instruction in the emulator
ROM code.

The CPU plugin calling convention is described in the SIGP comments. CPU
plugins operate in the blue address space, but with interrupts disabled
and supervisor mode on.

This code was reversed to get the Mac mini working. It is not clear how
the Power Manager determines CPU temperature when there are no CPU
registers to do this.
2018-03-09 20:30:37 +08:00
Elliot Nunn
a323be3c8b Reverse some VM functions (Daniel)
VeryPopularFunction (now GetPARPageInfo) takes a page number in the PAR
and returns a bunch of info on it. The flags of the PTE are copied into
cr5-cr7 of the condition register so that VMCalls can easily make
decisions off of them. I had already figured out the bit flags of the
PTEs Mac OS 9 uses when I reversed PagingFunc1. The definitions are in
the end of the 'Area Definitions.txt' file I sent you a while ago.

If you see a  ' bltl cr5, VMDoSomethingWithTLB' (now RemovePageFromTLB)
followed by a ' bltl cr5, major_0x09b40' (now RemovePTEFromHTAB), you
know that the function is manipulating pages directly. RemovePageFromTLB
clears a page from the TLB if it follows a VeryPopularFunction call.
RemovePTEFromHTAB takes a page that is resident in the HTAB and removes
its HTAB entry. cr5_lt is bit 20 (mask 0x800), which my notes tell me is
set when the PTE is in the HTAB. Altogether, the sequence translates to
'if the page is in the HTAB, flush it from the TLB and delete its HTAB
entry'. VMExchangePages uses this (twice) to make sure there are no race
conditions when it is swapping the data in the pages.

I still don't have proof, but I am very very strongly convinced that
KDP.FlatPageListPointer is always equal to the PAR's PageMapArrayPtr.

On an unrelated note, KCMapPage seems to always panic when called on an
area where the PageMapArrayPtr is 2d. I have absolutely no idea why this
happens, but it is bad news for MPMapper because the threshold for
2-dimensionality is around 1 MB. I would have to make 512 separate
CreateArea calls to map all the memory without the NK panicking. I will
have to look into this.
2018-02-18 11:17:23 +08:00
Elliot Nunn
9722f8ba5e Start to reverse the legacy VM subsystem 2018-02-18 01:24:21 +08:00
Elliot Nunn
7fdc813d8f Reverse userspace sync primitives
Namely queues, semaphores, critical regions, event groups and
"notifications". The MP calls implementing these services have been
named after their MPLibrary wrapper functions. This convention will be
followed in the future (no more NKCreateEvent).
2018-02-18 01:24:20 +08:00
Elliot Nunn
f0696e5ceb Fix a mistake with the coherence group structure
There is a global linked list of all coherence groups. Coherence groups
and CPUs have a one-to-many relationship.
2018-02-18 01:24:20 +08:00
Elliot Nunn
73c3eece94 Insert calls to known linked-list macros
The presence of InitList, InsertAsNext, InsertAsPrev and RemoveFromList
calls should make some hitherto unexplored code easier to read.
2018-02-18 01:24:19 +08:00
Elliot Nunn
4d5929ffd8 Reverse Area-related MP calls
- MPCreateArea
- MPCreateAliasArea
- MPSetAreaBackingProvider
- MPSetAreaAccess (only renamed from KC...)
2018-02-18 01:24:19 +08:00
Elliot Nunn
423b809e87 Update Area struct
Most Area fields and flags now have meaningful names, thanks largely to
Daniel's reversal work.
2018-02-18 01:24:19 +08:00
Elliot Nunn
fba585b5e3 Use new _AssertAndRelease macro
This is the usual way to release a lock. Most MP calls employ it
indirectly, through their return path.
2018-02-18 01:24:19 +08:00
Elliot Nunn
b27256fbb6 Reverse Event Group MP calls 2018-02-18 01:24:18 +08:00
Elliot Nunn
c5c5b784cb Initial commit 2018-02-18 01:24:10 +08:00