From b5a066ba30f5af8e3bc0576f7be2f50f7928099f Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sat, 16 Mar 2013 14:32:13 -0400 Subject: [PATCH 01/12] document set_segment_register and related function --- cpux86-ta.js | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index 563075e..020998e 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4077,11 +4077,11 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } cpu.tr.selector = selector; } - function Fe(register, selector) { - var descriptor_low4bytes, descriptor_high4bytes, cpl_var, he, He, descriptor_table, Rb; + function set_protected_mode_segment_register(register, selector) { + var descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, descriptor_table, selector_index; cpl_var = cpu.cpl; - if ((selector & 0xfffc) == 0) { - if (register == 2) + if ((selector & 0xfffc) == 0) { //null selector + if (register == 2) //(SS == null) => #GP(0) abort_with_error_code(13, 0); set_segment_vars(register, selector, 0, 0, 0); } else { @@ -4089,27 +4089,27 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { descriptor_table = cpu.ldt; else descriptor_table = cpu.gdt; - Rb = selector & ~7; - if ((Rb + 7) > descriptor_table.limit) + selector_index = selector & ~7; + if ((selector_index + 7) > descriptor_table.limit) abort_with_error_code(13, selector & 0xfffc); - mem8_loc = (descriptor_table.base + Rb) & -1; + mem8_loc = (descriptor_table.base + selector_index) & -1; descriptor_low4bytes = ld32_mem8_kernel_read(); mem8_loc += 4; descriptor_high4bytes = ld32_mem8_kernel_read(); if (!(descriptor_high4bytes & (1 << 12))) abort_with_error_code(13, selector & 0xfffc); - He = selector & 3; - he = (descriptor_high4bytes >> 13) & 3; + rpl = selector & 3; + dpl = (descriptor_high4bytes >> 13) & 3; if (register == 2) { if ((descriptor_high4bytes & (1 << 11)) || !(descriptor_high4bytes & (1 << 9))) abort_with_error_code(13, selector & 0xfffc); - if (He != cpl_var || he != cpl_var) + if (rpl != cpl_var || dpl != cpl_var) abort_with_error_code(13, selector & 0xfffc); } else { if ((descriptor_high4bytes & ((1 << 11) | (1 << 9))) == (1 << 11)) abort_with_error_code(13, selector & 0xfffc); if (!(descriptor_high4bytes & (1 << 11)) || !(descriptor_high4bytes & (1 << 10))) { - if (he < cpl_var || he < He) + if (dpl < cpl_var || dpl < rpl) abort_with_error_code(13, selector & 0xfffc); } } @@ -4126,18 +4126,18 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { set_segment_vars(register, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); } } - function Ie(register, selector) { + function set_segment_register(register, selector) { var descriptor_table; selector &= 0xffff; - if (!(cpu.cr0 & (1 << 0))) { + if (!(cpu.cr0 & (1 << 0))) { //CR0.PE (0 == real mode) descriptor_table = cpu.segs[register]; descriptor_table.selector = selector; descriptor_table.base = selector << 4; - } else if (cpu.eflags & 0x00020000) { + } else if (cpu.eflags & 0x00020000) { //EFLAGS.VM (1 == v86 mode) init_segment_vars_with_selector(register, selector); - } else { - Fe(register, selector); - } + } else { //protected mode + set_protected_mode_segment_register(register, selector); + } } function do_JMPF_virtual_mode(Ke, Le) { eip = Le, physmem8_ptr = initial_mem_ptr = 0; @@ -5156,7 +5156,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { x = ld_32bits_mem8_read(); mem8_loc += 4; y = ld_16bits_mem8_read(); - Ie(Sb, y); + set_segment_register(Sb, y); regs[(mem8 >> 3) & 7] = x; } function op_16_load_far_pointer16(Sb) { @@ -5168,7 +5168,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { x = ld_16bits_mem8_read(); mem8_loc += 2; y = ld_16bits_mem8_read(); - Ie(Sb, y); + set_segment_register(Sb, y); set_lower_word_in_register((mem8 >> 3) & 7, x); } function stringOp_INSB() { @@ -6238,7 +6238,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { mem8_loc = segment_translation(mem8); x = ld_16bits_mem8_read(); } - Ie(reg_idx1, x); + set_segment_register(reg_idx1, x); break EXEC_LOOP; case 0x8c://MOV Sw Mw Move mem8 = phys_mem8[physmem8_ptr++]; @@ -7084,7 +7084,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { case 0x07://POP SS:[rSP] ES Pop a Value from the Stack case 0x17://POP SS:[rSP] SS Pop a Value from the Stack case 0x1f://POP SS:[rSP] DS Pop a Value from the Stack - Ie(OPbyte >> 3, pop_dword_from_stack_read() & 0xffff); + set_segment_register(OPbyte >> 3, pop_dword_from_stack_read() & 0xffff); pop_dword_from_stack_incr_ptr(); break EXEC_LOOP; case 0x8d://LEA M Gvqp Load Effective Address @@ -8291,7 +8291,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { break EXEC_LOOP; case 0xa1://POP SS:[rSP] FS Pop a Value from the Stack case 0xa9://POP SS:[rSP] GS Pop a Value from the Stack - Ie((OPbyte >> 3) & 7, pop_dword_from_stack_read() & 0xffff); + set_segment_register((OPbyte >> 3) & 7, pop_dword_from_stack_read() & 0xffff); pop_dword_from_stack_incr_ptr(); break EXEC_LOOP; case 0xc8://BSWAP Zvqp Byte Swap @@ -8929,7 +8929,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { case 0x107://POP SS:[rSP] ES Pop a Value from the Stack case 0x117://POP SS:[rSP] SS Pop a Value from the Stack case 0x11f://POP SS:[rSP] DS Pop a Value from the Stack - Ie((OPbyte >> 3) & 3, pop_word_from_stack_read()); + set_segment_register((OPbyte >> 3) & 3, pop_word_from_stack_read()); pop_word_from_stack_incr_ptr(); break EXEC_LOOP; case 0x18d://LEA M Gvqp Load Effective Address @@ -9361,7 +9361,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { break EXEC_LOOP; case 0x1a1://POP SS:[rSP] FS Pop a Value from the Stack case 0x1a9://POP SS:[rSP] GS Pop a Value from the Stack - Ie((OPbyte >> 3) & 7, pop_word_from_stack_read()); + set_segment_register((OPbyte >> 3) & 7, pop_word_from_stack_read()); pop_word_from_stack_incr_ptr(); break EXEC_LOOP; case 0x1b2://LSS Mptp SS Load Far Pointer From a348bf5ffdc9e22d7b07123c40679db2635d2db5 Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sat, 16 Mar 2013 16:14:10 -0400 Subject: [PATCH 02/12] document dpl/rpl references --- cpux86-ta.js | 130 +++++++++++++++++++++++++-------------------------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index 020998e..ba890e1 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -3758,9 +3758,9 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { abort_with_error_code(13, intno * 8 + 2); break; } - he = (descriptor_high4bytes >> 13) & 3; + dpl = (descriptor_high4bytes >> 13) & 3; cpl_var = cpu.cpl; - if (ne && he < cpl_var) + if (ne && dpl < cpl_var) abort_with_error_code(13, intno * 8 + 2); if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, intno * 8 + 2); @@ -3775,18 +3775,18 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { descriptor_high4bytes = e[1]; if (!(descriptor_high4bytes & (1 << 12)) || !(descriptor_high4bytes & ((1 << 11)))) abort_with_error_code(13, selector & 0xfffc); - he = (descriptor_high4bytes >> 13) & 3; - if (he > cpl_var) + dpl = (descriptor_high4bytes >> 13) & 3; + if (dpl > cpl_var) abort_with_error_code(13, selector & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, selector & 0xfffc); - if (!(descriptor_high4bytes & (1 << 10)) && he < cpl_var) { - e = load_from_TR(he); + if (!(descriptor_high4bytes & (1 << 10)) && dpl < cpl_var) { + e = load_from_TR(dpl); ke = e[0]; le = e[1]; if ((ke & 0xfffc) == 0) abort_with_error_code(10, ke & 0xfffc); - if ((ke & 3) != he) + if ((ke & 3) != dpl) abort_with_error_code(10, ke & 0xfffc); e = load_from_descriptor_table(ke); if (!e) @@ -3794,7 +3794,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { we = e[0]; xe = e[1]; re = (xe >> 13) & 3; - if (re != he) + if (re != dpl) abort_with_error_code(10, ke & 0xfffc); if (!(xe & (1 << 12)) || (xe & (1 << 11)) || !(xe & (1 << 9))) abort_with_error_code(10, ke & 0xfffc); @@ -3803,14 +3803,14 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { ue = 1; SS_mask = SS_mask_from_flags(xe); qe = calculate_descriptor_base(we, xe); - } else if ((descriptor_high4bytes & (1 << 10)) || he == cpl_var) { + } else if ((descriptor_high4bytes & (1 << 10)) || dpl == cpl_var) { if (cpu.eflags & 0x00020000) abort_with_error_code(13, selector & 0xfffc); ue = 0; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); qe = cpu.segs[2].base; le = regs[4]; - he = cpl_var; + dpl = cpl_var; } else { abort_with_error_code(13, selector & 0xfffc); ue = 0; @@ -3941,13 +3941,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { set_segment_vars(4, 0, 0, 0, 0); set_segment_vars(5, 0, 0, 0, 0); } - ke = (ke & ~3) | he; + ke = (ke & ~3) | dpl; set_segment_vars(2, ke, qe, calculate_descriptor_limit(we, xe), xe); } regs[4] = (regs[4] & ~SS_mask) | ((le) & SS_mask); - selector = (selector & ~3) | he; + selector = (selector & ~3) | dpl; set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); - change_permission_level(he); + change_permission_level(dpl); eip = ve, physmem8_ptr = initial_mem_ptr = 0; if ((ie & 1) == 0) { cpu.eflags &= ~0x00000200; @@ -4146,7 +4146,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { init_segment_local_vars(); } function do_JMPF(Ke, Le) { - var Ne, ie, descriptor_low4bytes, descriptor_high4bytes, cpl_var, he, He, limit, e; + var Ne, ie, descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, limit, e; if ((Ke & 0xfffc) == 0) abort_with_error_code(13, 0); e = load_from_descriptor_table(Ke); @@ -4158,15 +4158,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (descriptor_high4bytes & (1 << 12)) { if (!(descriptor_high4bytes & (1 << 11))) abort_with_error_code(13, Ke & 0xfffc); - he = (descriptor_high4bytes >> 13) & 3; + dpl = (descriptor_high4bytes >> 13) & 3; if (descriptor_high4bytes & (1 << 10)) { - if (he > cpl_var) + if (dpl > cpl_var) abort_with_error_code(13, Ke & 0xfffc); } else { - He = Ke & 3; - if (He > cpl_var) + rpl = Ke & 3; + if (rpl > cpl_var) abort_with_error_code(13, Ke & 0xfffc); - if (he != cpl_var) + if (dpl != cpl_var) abort_with_error_code(13, Ke & 0xfffc); } if (!(descriptor_high4bytes & (1 << 15))) @@ -4190,13 +4190,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { /* used only in do_return_paged_mode */ function Pe(register, cpl_var) { - var he, descriptor_high4bytes; + var dpl, descriptor_high4bytes; if ((register == 4 || register == 5) && (cpu.segs[register].selector & 0xfffc) == 0) return; descriptor_high4bytes = cpu.segs[register].flags; - he = (descriptor_high4bytes >> 13) & 3; + dpl = (descriptor_high4bytes >> 13) & 3; if (!(descriptor_high4bytes & (1 << 11)) || !(descriptor_high4bytes & (1 << 10))) { - if (he < cpl_var) { + if (dpl < cpl_var) { set_segment_vars(register, 0, 0, 0, 0); } } @@ -4236,7 +4236,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } function op_CALLF_paged_mode(je, Ke, Le, oe) { var ue, i, e; - var descriptor_low4bytes, descriptor_high4bytes, cpl_var, he, He, selector, ve, Se; + var descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, selector, ve, Se; var ke, we, xe, Te, ie, re, SS_mask; var x, limit, Ue; var qe, Ve, We; @@ -4252,15 +4252,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (descriptor_high4bytes & (1 << 12)) { if (!(descriptor_high4bytes & (1 << 11))) abort_with_error_code(13, Ke & 0xfffc); - he = (descriptor_high4bytes >> 13) & 3; + dpl = (descriptor_high4bytes >> 13) & 3; if (descriptor_high4bytes & (1 << 10)) { - if (he > cpl_var) + if (dpl > cpl_var) abort_with_error_code(13, Ke & 0xfffc); } else { - He = Ke & 3; - if (He > cpl_var) + rpl = Ke & 3; + if (rpl > cpl_var) abort_with_error_code(13, Ke & 0xfffc); - if (he != cpl_var) + if (dpl != cpl_var) abort_with_error_code(13, Ke & 0xfffc); } if (!(descriptor_high4bytes & (1 << 15))) @@ -4301,8 +4301,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } else { ie = (descriptor_high4bytes >> 8) & 0x1f; - he = (descriptor_high4bytes >> 13) & 3; - He = Ke & 3; + dpl = (descriptor_high4bytes >> 13) & 3; + rpl = Ke & 3; switch (ie) { case 1: case 9: @@ -4317,7 +4317,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { break; } je = ie >> 3; - if (he < cpl_var || he < He) + if (dpl < cpl_var || dpl < rpl) abort_with_error_code(13, Ke & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, Ke & 0xfffc); @@ -4333,18 +4333,18 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { descriptor_high4bytes = e[1]; if (!(descriptor_high4bytes & (1 << 12)) || !(descriptor_high4bytes & ((1 << 11)))) abort_with_error_code(13, selector & 0xfffc); - he = (descriptor_high4bytes >> 13) & 3; - if (he > cpl_var) + dpl = (descriptor_high4bytes >> 13) & 3; + if (dpl > cpl_var) abort_with_error_code(13, selector & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, selector & 0xfffc); - if (!(descriptor_high4bytes & (1 << 10)) && he < cpl_var) { - e = load_from_TR(he); + if (!(descriptor_high4bytes & (1 << 10)) && dpl < cpl_var) { + e = load_from_TR(dpl); ke = e[0]; Te = e[1]; if ((ke & 0xfffc) == 0) abort_with_error_code(10, ke & 0xfffc); - if ((ke & 3) != he) + if ((ke & 3) != dpl) abort_with_error_code(10, ke & 0xfffc); e = load_from_descriptor_table(ke); if (!e) @@ -4352,7 +4352,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { we = e[0]; xe = e[1]; re = (xe >> 13) & 3; - if (re != he) + if (re != dpl) abort_with_error_code(10, ke & 0xfffc); if (!(xe & (1 << 12)) || (xe & (1 << 11)) || !(xe & (1 << 9))) abort_with_error_code(10, ke & 0xfffc); @@ -4432,12 +4432,12 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } if (ue) { - ke = (ke & ~3) | he; + ke = (ke & ~3) | dpl; set_segment_vars(2, ke, qe, calculate_descriptor_limit(we, xe), xe); } - selector = (selector & ~3) | he; + selector = (selector & ~3) | dpl; set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); - change_permission_level(he); + change_permission_level(dpl); regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); eip = ve, physmem8_ptr = initial_mem_ptr = 0; } @@ -4507,7 +4507,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { var Ke, df, gf; var hf, jf, kf, lf; var e, descriptor_low4bytes, descriptor_high4bytes, we, xe; - var cpl_var, he, He, ef, iopl; + var cpl_var, dpl, rpl, ef, iopl; var qe, Te, Le, wd, SS_mask; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); Te = regs[4]; @@ -4602,21 +4602,21 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (!(descriptor_high4bytes & (1 << 12)) || !(descriptor_high4bytes & (1 << 11))) abort_with_error_code(13, Ke & 0xfffc); cpl_var = cpu.cpl; - He = Ke & 3; - if (He < cpl_var) + rpl = Ke & 3; + if (rpl < cpl_var) abort_with_error_code(13, Ke & 0xfffc); - he = (descriptor_high4bytes >> 13) & 3; + dpl = (descriptor_high4bytes >> 13) & 3; if (descriptor_high4bytes & (1 << 10)) { - if (he > He) + if (dpl > rpl) abort_with_error_code(13, Ke & 0xfffc); } else { - if (he != He) + if (dpl != rpl) abort_with_error_code(13, Ke & 0xfffc); } if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, Ke & 0xfffc); Te = (Te + cf) & -1; - if (He == cpl_var) { + if (rpl == cpl_var) { set_segment_vars(1, Ke, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); } else { if (je == 1) { @@ -4646,7 +4646,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if ((gf & 0xfffc) == 0) { abort_with_error_code(13, 0); } else { - if ((gf & 3) != He) + if ((gf & 3) != rpl) abort_with_error_code(13, gf & 0xfffc); e = load_from_descriptor_table(gf); if (!e) @@ -4655,21 +4655,21 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { xe = e[1]; if (!(xe & (1 << 12)) || (xe & (1 << 11)) || !(xe & (1 << 9))) abort_with_error_code(13, gf & 0xfffc); - he = (xe >> 13) & 3; - if (he != He) + dpl = (xe >> 13) & 3; + if (dpl != rpl) abort_with_error_code(13, gf & 0xfffc); if (!(xe & (1 << 15))) abort_with_error_code(11, gf & 0xfffc); set_segment_vars(2, gf, calculate_descriptor_base(we, xe), calculate_descriptor_limit(we, xe), xe); } set_segment_vars(1, Ke, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); - change_permission_level(He); + change_permission_level(rpl); Te = wd; SS_mask = SS_mask_from_flags(xe); - Pe(0, He); - Pe(3, He); - Pe(4, He); - Pe(5, He); + Pe(0, rpl); + Pe(3, rpl); + Pe(4, rpl); + Pe(5, rpl); Te = (Te + cf) & -1; } regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); @@ -4713,7 +4713,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { //utility function for op_LAR_LSL function of(selector, pf) { - var e, descriptor_low4bytes, descriptor_high4bytes, He, he, cpl_var, ie; + var e, descriptor_low4bytes, descriptor_high4bytes, rpl, he, cpl_var, ie; if ((selector & 0xfffc) == 0) return null; e = load_from_descriptor_table(selector); @@ -4721,13 +4721,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { return null; descriptor_low4bytes = e[0]; descriptor_high4bytes = e[1]; - He = selector & 3; - he = (descriptor_high4bytes >> 13) & 3; + rpl = selector & 3; + dpl = (descriptor_high4bytes >> 13) & 3; cpl_var = cpu.cpl; if (descriptor_high4bytes & (1 << 12)) { if ((descriptor_high4bytes & (1 << 11)) && (descriptor_high4bytes & (1 << 10))) { } else { - if (he < cpl_var || he < He) + if (dpl < cpl_var || dpl < rpl) return null; } } else { @@ -4748,7 +4748,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { default: return null; } - if (he < cpl_var || he < He) + if (he < cpl_var || he < rpl) return null; } if (pf) { @@ -4786,7 +4786,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { //utility function for op_VERR_VERW function rf(selector, ud) { - var e, descriptor_low4bytes, descriptor_high4bytes, He, he, cpl_var; + var e, descriptor_low4bytes, descriptor_high4bytes, rpl, dpl, cpl_var; if ((selector & 0xfffc) == 0) return 0; e = load_from_descriptor_table(selector); @@ -4796,8 +4796,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { descriptor_high4bytes = e[1]; if (!(descriptor_high4bytes & (1 << 12))) return 0; - He = selector & 3; - he = (descriptor_high4bytes >> 13) & 3; + rpl = selector & 3; + dpl = (descriptor_high4bytes >> 13) & 3; cpl_var = cpu.cpl; if (descriptor_high4bytes & (1 << 11)) { if (ud) { @@ -4806,12 +4806,12 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (!(descriptor_high4bytes & (1 << 9))) return 1; if (!(descriptor_high4bytes & (1 << 10))) { - if (he < cpl_var || he < He) + if (dpl < cpl_var || dpl < rpl) return 0; } } } else { - if (he < cpl_var || he < He) + if (dpl < cpl_var || dpl < rpl) return 0; if (ud && !(descriptor_high4bytes & (1 << 9))) return 0; From a981e71f0f3802167e85a6b3444e91dfacfac793 Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Mon, 18 Mar 2013 10:58:14 -0400 Subject: [PATCH 03/12] Document TR/descriptor type references --- cpux86-ta.js | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index ba890e1..f18085b 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -3694,13 +3694,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { /* used only in CALLF, and InterruptF in paged mode */ function load_from_TR(he) { - var ie, Rb, je, ke, le; + var tr_type, Rb, je, ke, le; if (!(cpu.tr.flags & (1 << 15))) cpu_abort("invalid tss"); //task state segment - ie = (cpu.tr.flags >> 8) & 0xf; - if ((ie & 7) != 1) + tr_type = (cpu.tr.flags >> 8) & 0xf; + if ((tr_type & 7) != 1) cpu_abort("invalid tss type"); - je = ie >> 3; + je = tr_type >> 3; Rb = (he * 4 + 2) << je; if (Rb + (4 << je) - 1 > cpu.tr.limit) abort_with_error_code(10, cpu.tr.selector & 0xfffc); @@ -3716,7 +3716,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { return [ke, le]; } function do_interrupt_paged_mode(intno, ne, error_code, oe, pe) { - var descriptor_table, qe, ie, he, selector, re, cpl_var; + var descriptor_table, qe, descriptor_type, he, selector, re, cpl_var; var te, ue, je; var e, descriptor_low4bytes, descriptor_high4bytes, ve, ke, le, we, xe; var ye, SS_mask; @@ -3745,8 +3745,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { descriptor_low4bytes = ld32_mem8_kernel_read(); mem8_loc += 4; descriptor_high4bytes = ld32_mem8_kernel_read(); - ie = (descriptor_high4bytes >> 8) & 0x1f; - switch (ie) { + descriptor_type = (descriptor_high4bytes >> 8) & 0x1f; + switch (descriptor_type) { case 5: case 7: case 6: @@ -3818,7 +3818,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { qe = 0; le = 0; } - je = ie >> 3; + je = descriptor_type >> 3; if (je == 1) { if (ue) { if (cpu.eflags & 0x00020000) { @@ -3949,7 +3949,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); change_permission_level(dpl); eip = ve, physmem8_ptr = initial_mem_ptr = 0; - if ((ie & 1) == 0) { + if ((descriptor_type & 1) == 0) { cpu.eflags &= ~0x00000200; } cpu.eflags &= ~(0x00000100 | 0x00020000 | 0x00010000 | 0x00004000); @@ -4048,7 +4048,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { cpu.ldt.selector = selector; } function op_LTR(selector) { - var descriptor_table, descriptor_low4bytes, descriptor_high4bytes, Rb, ie, De; + var descriptor_table, descriptor_low4bytes, descriptor_high4bytes, Rb, descriptor_type, De; selector &= 0xffff; if ((selector & 0xfffc) == 0) { cpu.tr.base = 0; @@ -4066,8 +4066,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { descriptor_low4bytes = ld32_mem8_kernel_read(); mem8_loc += 4; descriptor_high4bytes = ld32_mem8_kernel_read(); - ie = (descriptor_high4bytes >> 8) & 0xf; - if ((descriptor_high4bytes & (1 << 12)) || (ie != 1 && ie != 9)) + descriptor_type = (descriptor_high4bytes >> 8) & 0xf; + if ((descriptor_high4bytes & (1 << 12)) || (descriptor_type != 1 && descriptor_type != 9)) abort_with_error_code(13, selector & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, selector & 0xfffc); @@ -4237,7 +4237,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { function op_CALLF_paged_mode(je, Ke, Le, oe) { var ue, i, e; var descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, selector, ve, Se; - var ke, we, xe, Te, ie, re, SS_mask; + var ke, we, xe, Te, descriptor_type, re, SS_mask; var x, limit, Ue; var qe, Ve, We; if ((Ke & 0xfffc) == 0) @@ -4300,10 +4300,10 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { eip = Le, physmem8_ptr = initial_mem_ptr = 0; } } else { - ie = (descriptor_high4bytes >> 8) & 0x1f; + descriptor_type = (descriptor_high4bytes >> 8) & 0x1f; dpl = (descriptor_high4bytes >> 13) & 3; rpl = Ke & 3; - switch (ie) { + switch (descriptor_type) { case 1: case 9: case 5: @@ -4316,7 +4316,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { abort_with_error_code(13, Ke & 0xfffc); break; } - je = ie >> 3; + je = descriptor_type >> 3; if (dpl < cpl_var || dpl < rpl) abort_with_error_code(13, Ke & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) @@ -4712,8 +4712,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } //utility function for op_LAR_LSL - function of(selector, pf) { - var e, descriptor_low4bytes, descriptor_high4bytes, rpl, he, cpl_var, ie; + function of(selector, is_lsl) { + var e, descriptor_low4bytes, descriptor_high4bytes, rpl, dpl, cpl_var, descriptor_type; if ((selector & 0xfffc) == 0) return null; e = load_from_descriptor_table(selector); @@ -4731,8 +4731,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { return null; } } else { - ie = (descriptor_high4bytes >> 8) & 0xf; - switch (ie) { + descriptor_type = (descriptor_high4bytes >> 8) & 0xf; + switch (descriptor_type) { case 1: case 2: case 3: From d8853553624bdd92a0db64084165641499f96756 Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Mon, 18 Mar 2013 10:59:04 -0400 Subject: [PATCH 04/12] document lsl/lar boolean --- cpux86-ta.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index f18085b..cf9536c 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4742,22 +4742,22 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { case 4: case 5: case 12: - if (pf) + if (is_lsl) return null; break; default: return null; } - if (he < cpl_var || he < rpl) + if (dpl < cpl_var || dpl < rpl) return null; } - if (pf) { + if (is_lsl) { return calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes); } else { return descriptor_high4bytes & 0x00f0ff00; } } - function op_LAR_LSL(je, pf) { + function op_LAR_LSL(je, is_lsl) { var x, mem8, reg_idx1, selector; if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) abort(6); @@ -4769,7 +4769,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { mem8_loc = segment_translation(mem8); selector = ld_16bits_mem8_read(); } - x = of(selector, pf); + x = of(selector, is_lsl); _src = get_conditional_flags(); if (x === null) { _src &= ~0x0040; From c1e000252f76d80e2eaa5e659414afb607027eff Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sat, 16 Mar 2013 17:15:29 -0400 Subject: [PATCH 05/12] document 32/16bit var --- cpux86-ta.js | 66 ++++++++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index cf9536c..72ee092 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -3694,18 +3694,18 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { /* used only in CALLF, and InterruptF in paged mode */ function load_from_TR(he) { - var tr_type, Rb, je, ke, le; + var tr_type, Rb, is_32_bit, ke, le; if (!(cpu.tr.flags & (1 << 15))) cpu_abort("invalid tss"); //task state segment tr_type = (cpu.tr.flags >> 8) & 0xf; if ((tr_type & 7) != 1) cpu_abort("invalid tss type"); - je = tr_type >> 3; - Rb = (he * 4 + 2) << je; - if (Rb + (4 << je) - 1 > cpu.tr.limit) + is_32_bit = tr_type >> 3; + Rb = (he * 4 + 2) << is_32_bit; + if (Rb + (4 << is_32_bit) - 1 > cpu.tr.limit) abort_with_error_code(10, cpu.tr.selector & 0xfffc); mem8_loc = (cpu.tr.base + Rb) & -1; - if (je == 0) { + if (is_32_bit == 0) { le = ld16_mem8_kernel_read(); mem8_loc += 2; } else { @@ -3717,7 +3717,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } function do_interrupt_paged_mode(intno, ne, error_code, oe, pe) { var descriptor_table, qe, descriptor_type, he, selector, re, cpl_var; - var te, ue, je; + var te, ue, is_32_bit; var e, descriptor_low4bytes, descriptor_high4bytes, ve, ke, le, we, xe; var ye, SS_mask; te = 0; @@ -3818,8 +3818,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { qe = 0; le = 0; } - je = descriptor_type >> 3; - if (je == 1) { + is_32_bit = descriptor_type >> 3; + if (is_32_bit == 1) { if (ue) { if (cpu.eflags & 0x00020000) { { @@ -4202,10 +4202,10 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } - function op_CALLF_not_paged_mode(je, Ke, Le, oe) { + function op_CALLF_not_paged_mode(is_32_bit, Ke, Le, oe) { var le; le = regs[4]; - if (je) { + if (is_32_bit) { { le = (le - 4) >> 0; mem8_loc = ((le & SS_mask) + SS_base) >> 0; @@ -4234,7 +4234,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { cpu.segs[1].base = (Ke << 4); init_segment_local_vars(); } - function op_CALLF_paged_mode(je, Ke, Le, oe) { + function op_CALLF_paged_mode(is_32_bit, Ke, Le, oe) { var ue, i, e; var descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, selector, ve, Se; var ke, we, xe, Te, descriptor_type, re, SS_mask; @@ -4269,7 +4269,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = We; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); qe = cpu.segs[2].base; - if (je) { + if (is_32_bit) { { Te = (Te - 4) & -1; mem8_loc = (qe + (Te & SS_mask)) & -1; @@ -4316,7 +4316,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { abort_with_error_code(13, Ke & 0xfffc); break; } - je = descriptor_type >> 3; + is_32_bit = descriptor_type >> 3; if (dpl < cpl_var || dpl < rpl) abort_with_error_code(13, Ke & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) @@ -4362,7 +4362,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Ve = cpu.segs[2].base; SS_mask = SS_mask_from_flags(xe); qe = calculate_descriptor_base(we, xe); - if (je) { + if (is_32_bit) { { Te = (Te - 4) & -1; mem8_loc = (qe + (Te & SS_mask)) & -1; @@ -4408,7 +4408,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { qe = cpu.segs[2].base; ue = 0; } - if (je) { + if (is_32_bit) { { Te = (Te - 4) & -1; mem8_loc = (qe + (Te & SS_mask)) & -1; @@ -4442,19 +4442,19 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { eip = ve, physmem8_ptr = initial_mem_ptr = 0; } } - function op_CALLF(je, Ke, Le, oe) { + function op_CALLF(is_32_bit, Ke, Le, oe) { if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) { - op_CALLF_not_paged_mode(je, Ke, Le, oe); + op_CALLF_not_paged_mode(is_32_bit, Ke, Le, oe); } else { - op_CALLF_paged_mode(je, Ke, Le, oe); + op_CALLF_paged_mode(is_32_bit, Ke, Le, oe); } } - function do_return_not_paged_mode(je, bf, cf) { + function do_return_not_paged_mode(is_32_bit, bf, cf) { var Te, Ke, Le, df, SS_mask, qe, ef; SS_mask = 0xffff; Te = regs[4]; qe = cpu.segs[2].base; - if (je == 1) { + if (is_32_bit == 1) { { mem8_loc = (qe + (Te & SS_mask)) & -1; Le = ld32_mem8_kernel_read(); @@ -4497,13 +4497,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { ef = 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00010000 | 0x00004000; else ef = 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00003000 | 0x00010000 | 0x00004000; - if (je == 0) + if (is_32_bit == 0) ef &= 0xffff; set_FLAGS(df, ef); } init_segment_local_vars(); } - function do_return_paged_mode(je, bf, cf) { + function do_return_paged_mode(is_32_bit, bf, cf) { var Ke, df, gf; var hf, jf, kf, lf; var e, descriptor_low4bytes, descriptor_high4bytes, we, xe; @@ -4513,7 +4513,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = regs[4]; qe = cpu.segs[2].base; df = 0; - if (je == 1) { + if (is_32_bit == 1) { { mem8_loc = (qe + (Te & SS_mask)) & -1; Le = ld32_mem8_kernel_read(); @@ -4619,7 +4619,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (rpl == cpl_var) { set_segment_vars(1, Ke, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); } else { - if (je == 1) { + if (is_32_bit == 1) { { mem8_loc = (qe + (Te & SS_mask)) & -1; wd = ld32_mem8_kernel_read(); @@ -4681,12 +4681,12 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { iopl = (cpu.eflags >> 12) & 3; if (cpl_var <= iopl) ef |= 0x00000200; - if (je == 0) + if (is_32_bit == 0) ef &= 0xffff; set_FLAGS(df, ef); } } - function op_IRET(je) { + function op_IRET(is_32_bit) { var iopl; if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) { if (cpu.eflags & 0x00020000) { @@ -4694,20 +4694,20 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (iopl != 3) abort(13); } - do_return_not_paged_mode(je, 1, 0); + do_return_not_paged_mode(is_32_bit, 1, 0); } else { if (cpu.eflags & 0x00004000) { throw "unsupported task gate"; } else { - do_return_paged_mode(je, 1, 0); + do_return_paged_mode(is_32_bit, 1, 0); } } } - function op_RETF(je, cf) { + function op_RETF(is_32_bit, cf) { if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) { - do_return_not_paged_mode(je, 0, cf); + do_return_not_paged_mode(is_32_bit, 0, cf); } else { - do_return_paged_mode(je, 0, cf); + do_return_paged_mode(is_32_bit, 0, cf); } } @@ -4757,7 +4757,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { return descriptor_high4bytes & 0x00f0ff00; } } - function op_LAR_LSL(je, is_lsl) { + function op_LAR_LSL(is_32_bit, is_lsl) { var x, mem8, reg_idx1, selector; if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) abort(6); @@ -4775,7 +4775,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { _src &= ~0x0040; } else { _src |= 0x0040; - if (je) + if (is_32_bit) regs[reg_idx1] = x; else set_lower_word_in_register(reg_idx1, x); From 3c8cf4e15b6be7bbefc470111e6178780aced0df Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sat, 16 Mar 2013 17:22:34 -0400 Subject: [PATCH 06/12] document lar/lsl descriptor checking --- cpux86-ta.js | 1 + 1 file changed, 1 insertion(+) diff --git a/cpux86-ta.js b/cpux86-ta.js index 72ee092..ee13236 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4732,6 +4732,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } else { descriptor_type = (descriptor_high4bytes >> 8) & 0xf; + //Valid descriptors fall through this switch. Invalid descriptors return null switch (descriptor_type) { case 1: case 2: From 0f204c47b4bb3575ad9950638a43d67bc45837cd Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sat, 16 Mar 2013 18:18:05 -0400 Subject: [PATCH 07/12] document selector var --- cpux86-ta.js | 126 +++++++++++++++++++++++++-------------------------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index ee13236..8955000 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4139,52 +4139,52 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { set_protected_mode_segment_register(register, selector); } } - function do_JMPF_virtual_mode(Ke, Le) { + function do_JMPF_virtual_mode(selector, Le) { eip = Le, physmem8_ptr = initial_mem_ptr = 0; - cpu.segs[1].selector = Ke; - cpu.segs[1].base = (Ke << 4); + cpu.segs[1].selector = selector; + cpu.segs[1].base = (selector << 4); init_segment_local_vars(); } - function do_JMPF(Ke, Le) { + function do_JMPF(selector, Le) { var Ne, ie, descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, limit, e; - if ((Ke & 0xfffc) == 0) + if ((selector & 0xfffc) == 0) abort_with_error_code(13, 0); - e = load_from_descriptor_table(Ke); + e = load_from_descriptor_table(selector); if (!e) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); descriptor_low4bytes = e[0]; descriptor_high4bytes = e[1]; cpl_var = cpu.cpl; if (descriptor_high4bytes & (1 << 12)) { if (!(descriptor_high4bytes & (1 << 11))) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); dpl = (descriptor_high4bytes >> 13) & 3; if (descriptor_high4bytes & (1 << 10)) { if (dpl > cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); } else { - rpl = Ke & 3; + rpl = selector & 3; if (rpl > cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); if (dpl != cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); } if (!(descriptor_high4bytes & (1 << 15))) - abort_with_error_code(11, Ke & 0xfffc); + abort_with_error_code(11, selector & 0xfffc); limit = calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes); if ((Le >>> 0) > (limit >>> 0)) - abort_with_error_code(13, Ke & 0xfffc); - set_segment_vars(1, (Ke & 0xfffc) | cpl_var, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), limit, descriptor_high4bytes); + abort_with_error_code(13, selector & 0xfffc); + set_segment_vars(1, (selector & 0xfffc) | cpl_var, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), limit, descriptor_high4bytes); eip = Le, physmem8_ptr = initial_mem_ptr = 0; } else { cpu_abort("unsupported jump to call or task gate"); } } - function op_JMPF(Ke, Le) { + function op_JMPF(selector, Le) { if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) { - do_JMPF_virtual_mode(Ke, Le); + do_JMPF_virtual_mode(selector, Le); } else { - do_JMPF(Ke, Le); + do_JMPF(selector, Le); } } @@ -4202,7 +4202,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } - function op_CALLF_not_paged_mode(is_32_bit, Ke, Le, oe) { + function op_CALLF_not_paged_mode(is_32_bit, selector, Le, oe) { var le; le = regs[4]; if (is_32_bit) { @@ -4230,41 +4230,41 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } regs[4] = (regs[4] & ~SS_mask) | ((le) & SS_mask); eip = Le, physmem8_ptr = initial_mem_ptr = 0; - cpu.segs[1].selector = Ke; - cpu.segs[1].base = (Ke << 4); + cpu.segs[1].selector = selector; + cpu.segs[1].base = (selector << 4); init_segment_local_vars(); } - function op_CALLF_paged_mode(is_32_bit, Ke, Le, oe) { + function op_CALLF_paged_mode(is_32_bit, selector, Le, oe) { var ue, i, e; var descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, selector, ve, Se; var ke, we, xe, Te, descriptor_type, re, SS_mask; var x, limit, Ue; var qe, Ve, We; - if ((Ke & 0xfffc) == 0) + if ((selector & 0xfffc) == 0) abort_with_error_code(13, 0); - e = load_from_descriptor_table(Ke); + e = load_from_descriptor_table(selector); if (!e) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); descriptor_low4bytes = e[0]; descriptor_high4bytes = e[1]; cpl_var = cpu.cpl; We = regs[4]; if (descriptor_high4bytes & (1 << 12)) { if (!(descriptor_high4bytes & (1 << 11))) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); dpl = (descriptor_high4bytes >> 13) & 3; if (descriptor_high4bytes & (1 << 10)) { if (dpl > cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); } else { - rpl = Ke & 3; + rpl = selector & 3; if (rpl > cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); if (dpl != cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); } if (!(descriptor_high4bytes & (1 << 15))) - abort_with_error_code(11, Ke & 0xfffc); + abort_with_error_code(11, selector & 0xfffc); { Te = We; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); @@ -4294,15 +4294,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } limit = calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes); if (Le > limit) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); - set_segment_vars(1, (Ke & 0xfffc) | cpl_var, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), limit, descriptor_high4bytes); + set_segment_vars(1, (selector & 0xfffc) | cpl_var, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), limit, descriptor_high4bytes); eip = Le, physmem8_ptr = initial_mem_ptr = 0; } } else { descriptor_type = (descriptor_high4bytes >> 8) & 0x1f; dpl = (descriptor_high4bytes >> 13) & 3; - rpl = Ke & 3; + rpl = selector & 3; switch (descriptor_type) { case 1: case 9: @@ -4313,14 +4313,14 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { case 12: break; default: - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); break; } is_32_bit = descriptor_type >> 3; if (dpl < cpl_var || dpl < rpl) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); if (!(descriptor_high4bytes & (1 << 15))) - abort_with_error_code(11, Ke & 0xfffc); + abort_with_error_code(11, selector & 0xfffc); selector = descriptor_low4bytes >> 16; ve = (descriptor_high4bytes & 0xffff0000) | (descriptor_low4bytes & 0x0000ffff); Se = descriptor_high4bytes & 0x1f; @@ -4442,15 +4442,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { eip = ve, physmem8_ptr = initial_mem_ptr = 0; } } - function op_CALLF(is_32_bit, Ke, Le, oe) { + function op_CALLF(is_32_bit, selector, Le, oe) { if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) { - op_CALLF_not_paged_mode(is_32_bit, Ke, Le, oe); + op_CALLF_not_paged_mode(is_32_bit, selector, Le, oe); } else { - op_CALLF_paged_mode(is_32_bit, Ke, Le, oe); + op_CALLF_paged_mode(is_32_bit, selector, Le, oe); } } function do_return_not_paged_mode(is_32_bit, bf, cf) { - var Te, Ke, Le, df, SS_mask, qe, ef; + var Te, selector, Le, df, SS_mask, qe, ef; SS_mask = 0xffff; Te = regs[4]; qe = cpu.segs[2].base; @@ -4462,10 +4462,10 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } { mem8_loc = (qe + (Te & SS_mask)) & -1; - Ke = ld32_mem8_kernel_read(); + selector = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } - Ke &= 0xffff; + selector &= 0xffff; if (bf) { mem8_loc = (qe + (Te & SS_mask)) & -1; df = ld32_mem8_kernel_read(); @@ -4479,7 +4479,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } { mem8_loc = (qe + (Te & SS_mask)) & -1; - Ke = ld16_mem8_kernel_read(); + selector = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } if (bf) { @@ -4489,8 +4489,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } regs[4] = (regs[4] & ~SS_mask) | ((Te + cf) & SS_mask); - cpu.segs[1].selector = Ke; - cpu.segs[1].base = (Ke << 4); + cpu.segs[1].selector = selector; + cpu.segs[1].base = (selector << 4); eip = Le, physmem8_ptr = initial_mem_ptr = 0; if (bf) { if (cpu.eflags & 0x00020000) @@ -4504,7 +4504,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { init_segment_local_vars(); } function do_return_paged_mode(is_32_bit, bf, cf) { - var Ke, df, gf; + var selector, df, gf; var hf, jf, kf, lf; var e, descriptor_low4bytes, descriptor_high4bytes, we, xe; var cpl_var, dpl, rpl, ef, iopl; @@ -4521,10 +4521,10 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } { mem8_loc = (qe + (Te & SS_mask)) & -1; - Ke = ld32_mem8_kernel_read(); + selector = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } - Ke &= 0xffff; + selector &= 0xffff; if (bf) { { mem8_loc = (qe + (Te & SS_mask)) & -1; @@ -4563,7 +4563,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = (Te + 4) & -1; } set_FLAGS(df, 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00003000 | 0x00020000 | 0x00004000 | 0x00080000 | 0x00100000); - init_segment_vars_with_selector(1, Ke & 0xffff); + init_segment_vars_with_selector(1, selector & 0xffff); change_permission_level(3); init_segment_vars_with_selector(2, gf & 0xffff); init_segment_vars_with_selector(0, hf & 0xffff); @@ -4583,7 +4583,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } { mem8_loc = (qe + (Te & SS_mask)) & -1; - Ke = ld16_mem8_kernel_read(); + selector = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } if (bf) { @@ -4592,32 +4592,32 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = (Te + 2) & -1; } } - if ((Ke & 0xfffc) == 0) - abort_with_error_code(13, Ke & 0xfffc); - e = load_from_descriptor_table(Ke); + if ((selector & 0xfffc) == 0) + abort_with_error_code(13, selector & 0xfffc); + e = load_from_descriptor_table(selector); if (!e) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); descriptor_low4bytes = e[0]; descriptor_high4bytes = e[1]; if (!(descriptor_high4bytes & (1 << 12)) || !(descriptor_high4bytes & (1 << 11))) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); cpl_var = cpu.cpl; - rpl = Ke & 3; + rpl = selector & 3; if (rpl < cpl_var) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); dpl = (descriptor_high4bytes >> 13) & 3; if (descriptor_high4bytes & (1 << 10)) { if (dpl > rpl) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); } else { if (dpl != rpl) - abort_with_error_code(13, Ke & 0xfffc); + abort_with_error_code(13, selector & 0xfffc); } if (!(descriptor_high4bytes & (1 << 15))) - abort_with_error_code(11, Ke & 0xfffc); + abort_with_error_code(11, selector & 0xfffc); Te = (Te + cf) & -1; if (rpl == cpl_var) { - set_segment_vars(1, Ke, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); + set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); } else { if (is_32_bit == 1) { { @@ -4662,7 +4662,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { abort_with_error_code(11, gf & 0xfffc); set_segment_vars(2, gf, calculate_descriptor_base(we, xe), calculate_descriptor_limit(we, xe), xe); } - set_segment_vars(1, Ke, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); + set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); change_permission_level(rpl); Te = wd; SS_mask = SS_mask_from_flags(xe); From a4370befbd8e62dc0cdce22a4e77e5871181b4b9 Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sun, 17 Mar 2013 13:25:04 -0400 Subject: [PATCH 08/12] Change comment to match naming convention in Intel manual --- cpux86-ta.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index 8955000..b5bf11d 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -139,7 +139,7 @@ function CPU_X86() { this.cycle_count = 0; this.hard_irq = 0; this.hard_intno = -1; - this.cpl = 0; //cpu privilege level + this.cpl = 0; //current privilege level /* Control Registers From f1e5201126a089ac3493677267a54396a1712009 Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sun, 17 Mar 2013 13:33:17 -0400 Subject: [PATCH 09/12] document stack accesses in do_return_paged_mode and do_return_not_paged --- cpux86-ta.js | 54 ++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index b5bf11d..c914397 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4449,15 +4449,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { op_CALLF_paged_mode(is_32_bit, selector, Le, oe); } } - function do_return_not_paged_mode(is_32_bit, bf, cf) { - var Te, selector, Le, df, SS_mask, qe, ef; + function do_return_not_paged_mode(is_32_bit, is_iret, cf) { + var Te, selector, stack_eip, stack_eflags, SS_mask, qe, ef; SS_mask = 0xffff; Te = regs[4]; qe = cpu.segs[2].base; if (is_32_bit == 1) { { mem8_loc = (qe + (Te & SS_mask)) & -1; - Le = ld32_mem8_kernel_read(); + stack_eip = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } { @@ -4466,15 +4466,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = (Te + 4) & -1; } selector &= 0xffff; - if (bf) { + if (is_iret) { mem8_loc = (qe + (Te & SS_mask)) & -1; - df = ld32_mem8_kernel_read(); + stack_eflags = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } } else { { mem8_loc = (qe + (Te & SS_mask)) & -1; - Le = ld16_mem8_kernel_read(); + stack_eip = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } { @@ -4482,41 +4482,41 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { selector = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } - if (bf) { + if (is_iret) { mem8_loc = (qe + (Te & SS_mask)) & -1; - df = ld16_mem8_kernel_read(); + stack_eflags = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } } regs[4] = (regs[4] & ~SS_mask) | ((Te + cf) & SS_mask); cpu.segs[1].selector = selector; cpu.segs[1].base = (selector << 4); - eip = Le, physmem8_ptr = initial_mem_ptr = 0; - if (bf) { + eip = stack_eip, physmem8_ptr = initial_mem_ptr = 0; + if (is_iret) { if (cpu.eflags & 0x00020000) ef = 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00010000 | 0x00004000; else ef = 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00003000 | 0x00010000 | 0x00004000; if (is_32_bit == 0) ef &= 0xffff; - set_FLAGS(df, ef); + set_FLAGS(stack_eflags, ef); } init_segment_local_vars(); } - function do_return_paged_mode(is_32_bit, bf, cf) { - var selector, df, gf; + function do_return_paged_mode(is_32_bit, is_iret, cf) { + var selector, stack_eflags, gf; var hf, jf, kf, lf; var e, descriptor_low4bytes, descriptor_high4bytes, we, xe; var cpl_var, dpl, rpl, ef, iopl; - var qe, Te, Le, wd, SS_mask; + var qe, Te, stack_eip, wd, SS_mask; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); Te = regs[4]; qe = cpu.segs[2].base; - df = 0; + stack_eflags = 0; if (is_32_bit == 1) { { mem8_loc = (qe + (Te & SS_mask)) & -1; - Le = ld32_mem8_kernel_read(); + stack_eip = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } { @@ -4525,13 +4525,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = (Te + 4) & -1; } selector &= 0xffff; - if (bf) { + if (is_iret) { { mem8_loc = (qe + (Te & SS_mask)) & -1; - df = ld32_mem8_kernel_read(); + stack_eflags = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } - if (df & 0x00020000) { + if (stack_eflags & 0x00020000) { { mem8_loc = (qe + (Te & SS_mask)) & -1; wd = ld32_mem8_kernel_read(); @@ -4562,7 +4562,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { lf = ld32_mem8_kernel_read(); Te = (Te + 4) & -1; } - set_FLAGS(df, 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00003000 | 0x00020000 | 0x00004000 | 0x00080000 | 0x00100000); + set_FLAGS(stack_eflags, 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00003000 | 0x00020000 | 0x00004000 | 0x00080000 | 0x00100000); init_segment_vars_with_selector(1, selector & 0xffff); change_permission_level(3); init_segment_vars_with_selector(2, gf & 0xffff); @@ -4570,7 +4570,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { init_segment_vars_with_selector(3, jf & 0xffff); init_segment_vars_with_selector(4, kf & 0xffff); init_segment_vars_with_selector(5, lf & 0xffff); - eip = Le & 0xffff, physmem8_ptr = initial_mem_ptr = 0; + eip = stack_eip & 0xffff, physmem8_ptr = initial_mem_ptr = 0; regs[4] = (regs[4] & ~SS_mask) | ((wd) & SS_mask); return; } @@ -4578,7 +4578,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } else { { mem8_loc = (qe + (Te & SS_mask)) & -1; - Le = ld16_mem8_kernel_read(); + stack_eip= ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } { @@ -4586,9 +4586,9 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { selector = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } - if (bf) { + if (is_iret) { mem8_loc = (qe + (Te & SS_mask)) & -1; - df = ld16_mem8_kernel_read(); + stack_eflags = ld16_mem8_kernel_read(); Te = (Te + 2) & -1; } } @@ -4673,8 +4673,8 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = (Te + cf) & -1; } regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); - eip = Le, physmem8_ptr = initial_mem_ptr = 0; - if (bf) { + eip = stack_eip, physmem8_ptr = initial_mem_ptr = 0; + if (is_iret) { ef = 0x00000100 | 0x00040000 | 0x00200000 | 0x00010000 | 0x00004000; if (cpl_var == 0) ef |= 0x00003000; @@ -4683,7 +4683,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { ef |= 0x00000200; if (is_32_bit == 0) ef &= 0xffff; - set_FLAGS(df, ef); + set_FLAGS(stack_eflags, ef); } } function op_IRET(is_32_bit) { From c6a5989cf7d79156a97254146c14cf3b62dec4db Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sun, 17 Mar 2013 13:36:52 -0400 Subject: [PATCH 10/12] document immediate field in RETF --- cpux86-ta.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index c914397..84c5e94 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4449,7 +4449,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { op_CALLF_paged_mode(is_32_bit, selector, Le, oe); } } - function do_return_not_paged_mode(is_32_bit, is_iret, cf) { + function do_return_not_paged_mode(is_32_bit, is_iret, imm16) { var Te, selector, stack_eip, stack_eflags, SS_mask, qe, ef; SS_mask = 0xffff; Te = regs[4]; @@ -4488,7 +4488,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Te = (Te + 2) & -1; } } - regs[4] = (regs[4] & ~SS_mask) | ((Te + cf) & SS_mask); + regs[4] = (regs[4] & ~SS_mask) | ((Te + imm16) & SS_mask); cpu.segs[1].selector = selector; cpu.segs[1].base = (selector << 4); eip = stack_eip, physmem8_ptr = initial_mem_ptr = 0; @@ -4503,7 +4503,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } init_segment_local_vars(); } - function do_return_paged_mode(is_32_bit, is_iret, cf) { + function do_return_paged_mode(is_32_bit, is_iret, imm16) { var selector, stack_eflags, gf; var hf, jf, kf, lf; var e, descriptor_low4bytes, descriptor_high4bytes, we, xe; @@ -4615,7 +4615,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, selector & 0xfffc); - Te = (Te + cf) & -1; + Te = (Te + imm16) & -1; if (rpl == cpl_var) { set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); } else { @@ -4670,7 +4670,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { Pe(3, rpl); Pe(4, rpl); Pe(5, rpl); - Te = (Te + cf) & -1; + Te = (Te + imm16) & -1; } regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); eip = stack_eip, physmem8_ptr = initial_mem_ptr = 0; @@ -4703,11 +4703,11 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } } - function op_RETF(is_32_bit, cf) { + function op_RETF(is_32_bit, imm16) { if (!(cpu.cr0 & (1 << 0)) || (cpu.eflags & 0x00020000)) { - do_return_not_paged_mode(is_32_bit, 0, cf); + do_return_not_paged_mode(is_32_bit, 0, imm16); } else { - do_return_paged_mode(is_32_bit, 0, cf); + do_return_paged_mode(is_32_bit, 0, imm16); } } @@ -7477,7 +7477,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } break EXEC_LOOP; case 0xca://RETF Iw Return from procedure - y = (ld16_mem8_direct() << 16) >> 16; + y = (ld16_mem8_direct() << 16) >> 16; //16 bit immediate field op_RETF((((CS_flags >> 8) & 1) ^ 1), y); { if (cpu.hard_irq != 0 && (cpu.eflags & 0x00000200)) From c7f1fbc25da832350031bd51aef90b85d8000d3b Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Sun, 17 Mar 2013 13:41:00 -0400 Subject: [PATCH 11/12] document stack pointer usage --- cpux86-ta.js | 174 +++++++++++++++++++++++++-------------------------- 1 file changed, 87 insertions(+), 87 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index 84c5e94..93d59dd 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4237,7 +4237,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { function op_CALLF_paged_mode(is_32_bit, selector, Le, oe) { var ue, i, e; var descriptor_low4bytes, descriptor_high4bytes, cpl_var, dpl, rpl, selector, ve, Se; - var ke, we, xe, Te, descriptor_type, re, SS_mask; + var ke, we, xe, esp, descriptor_type, re, SS_mask; var x, limit, Ue; var qe, Ve, We; if ((selector & 0xfffc) == 0) @@ -4266,36 +4266,36 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, selector & 0xfffc); { - Te = We; + esp = We; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); qe = cpu.segs[2].base; if (is_32_bit) { { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(cpu.segs[1].selector); } { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(oe); } } else { { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(cpu.segs[1].selector); } { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(oe); } } limit = calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes); if (Le > limit) abort_with_error_code(13, selector & 0xfffc); - regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); + regs[4] = (regs[4] & ~SS_mask) | ((esp) & SS_mask); set_segment_vars(1, (selector & 0xfffc) | cpl_var, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), limit, descriptor_high4bytes); eip = Le, physmem8_ptr = initial_mem_ptr = 0; } @@ -4341,7 +4341,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { if (!(descriptor_high4bytes & (1 << 10)) && dpl < cpl_var) { e = load_from_TR(dpl); ke = e[0]; - Te = e[1]; + esp = e[1]; if ((ke & 0xfffc) == 0) abort_with_error_code(10, ke & 0xfffc); if ((ke & 3) != dpl) @@ -4364,70 +4364,70 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { qe = calculate_descriptor_base(we, xe); if (is_32_bit) { { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(cpu.segs[2].selector); } { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(We); } for (i = Se - 1; i >= 0; i--) { x = Xe(Ve + ((We + i * 4) & Ue)); { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(x); } } } else { { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(cpu.segs[2].selector); } { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(We); } for (i = Se - 1; i >= 0; i--) { x = Ye(Ve + ((We + i * 2) & Ue)); { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(x); } } } ue = 1; } else { - Te = We; + esp = We; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); qe = cpu.segs[2].base; ue = 0; } if (is_32_bit) { { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(cpu.segs[1].selector); } { - Te = (Te - 4) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 4) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st32_mem8_kernel_write(oe); } } else { { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(cpu.segs[1].selector); } { - Te = (Te - 2) & -1; - mem8_loc = (qe + (Te & SS_mask)) & -1; + esp = (esp - 2) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; st16_mem8_kernel_write(oe); } } @@ -4438,7 +4438,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { selector = (selector & ~3) | dpl; set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); change_permission_level(dpl); - regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); + regs[4] = (regs[4] & ~SS_mask) | ((esp) & SS_mask); eip = ve, physmem8_ptr = initial_mem_ptr = 0; } } @@ -4450,45 +4450,45 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } function do_return_not_paged_mode(is_32_bit, is_iret, imm16) { - var Te, selector, stack_eip, stack_eflags, SS_mask, qe, ef; + var esp, selector, stack_eip, stack_eflags, SS_mask, qe, ef; SS_mask = 0xffff; - Te = regs[4]; + esp = regs[4]; qe = cpu.segs[2].base; if (is_32_bit == 1) { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eip = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; selector = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } selector &= 0xffff; if (is_iret) { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eflags = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } } else { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eip = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; selector = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } if (is_iret) { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eflags = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } } - regs[4] = (regs[4] & ~SS_mask) | ((Te + imm16) & SS_mask); + regs[4] = (regs[4] & ~SS_mask) | ((esp + imm16) & SS_mask); cpu.segs[1].selector = selector; cpu.segs[1].base = (selector << 4); eip = stack_eip, physmem8_ptr = initial_mem_ptr = 0; @@ -4508,59 +4508,59 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { var hf, jf, kf, lf; var e, descriptor_low4bytes, descriptor_high4bytes, we, xe; var cpl_var, dpl, rpl, ef, iopl; - var qe, Te, stack_eip, wd, SS_mask; + var qe, esp, stack_eip, wd, SS_mask; SS_mask = SS_mask_from_flags(cpu.segs[2].flags); - Te = regs[4]; + esp = regs[4]; qe = cpu.segs[2].base; stack_eflags = 0; if (is_32_bit == 1) { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eip = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; selector = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } selector &= 0xffff; if (is_iret) { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eflags = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } if (stack_eflags & 0x00020000) { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; wd = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; gf = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; hf = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; jf = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; kf = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; lf = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } set_FLAGS(stack_eflags, 0x00000100 | 0x00040000 | 0x00200000 | 0x00000200 | 0x00003000 | 0x00020000 | 0x00004000 | 0x00080000 | 0x00100000); init_segment_vars_with_selector(1, selector & 0xffff); @@ -4577,19 +4577,19 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } } else { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eip= ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; selector = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } if (is_iret) { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; stack_eflags = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } } if ((selector & 0xfffc) == 0) @@ -4615,32 +4615,32 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } if (!(descriptor_high4bytes & (1 << 15))) abort_with_error_code(11, selector & 0xfffc); - Te = (Te + imm16) & -1; + esp = (esp + imm16) & -1; if (rpl == cpl_var) { set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); } else { if (is_32_bit == 1) { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; wd = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; gf = ld32_mem8_kernel_read(); - Te = (Te + 4) & -1; + esp = (esp + 4) & -1; } gf &= 0xffff; } else { { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; wd = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } { - mem8_loc = (qe + (Te & SS_mask)) & -1; + mem8_loc = (qe + (esp & SS_mask)) & -1; gf = ld16_mem8_kernel_read(); - Te = (Te + 2) & -1; + esp = (esp + 2) & -1; } } if ((gf & 0xfffc) == 0) { @@ -4664,15 +4664,15 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } set_segment_vars(1, selector, calculate_descriptor_base(descriptor_low4bytes, descriptor_high4bytes), calculate_descriptor_limit(descriptor_low4bytes, descriptor_high4bytes), descriptor_high4bytes); change_permission_level(rpl); - Te = wd; + esp = wd; SS_mask = SS_mask_from_flags(xe); Pe(0, rpl); Pe(3, rpl); Pe(4, rpl); Pe(5, rpl); - Te = (Te + imm16) & -1; + esp = (esp + imm16) & -1; } - regs[4] = (regs[4] & ~SS_mask) | ((Te) & SS_mask); + regs[4] = (regs[4] & ~SS_mask) | ((esp) & SS_mask); eip = stack_eip, physmem8_ptr = initial_mem_ptr = 0; if (is_iret) { ef = 0x00000100 | 0x00040000 | 0x00200000 | 0x00010000 | 0x00004000; From 84b86f442bc5254ee68690c55e228ac8086d3ce4 Mon Sep 17 00:00:00 2001 From: Dan Luu Date: Mon, 18 Mar 2013 10:45:03 -0400 Subject: [PATCH 12/12] document paged mode return stack references --- cpux86-ta.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpux86-ta.js b/cpux86-ta.js index 93d59dd..1443f26 100644 --- a/cpux86-ta.js +++ b/cpux86-ta.js @@ -4521,7 +4521,7 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { } { mem8_loc = (qe + (esp & SS_mask)) & -1; - selector = ld32_mem8_kernel_read(); + selector = ld32_mem8_kernel_read(); //CS selector esp = (esp + 4) & -1; } selector &= 0xffff; @@ -4531,12 +4531,13 @@ CPU_X86.prototype.exec_internal = function(N_cycles, interrupt) { stack_eflags = ld32_mem8_kernel_read(); esp = (esp + 4) & -1; } - if (stack_eflags & 0x00020000) { + if (stack_eflags & 0x00020000) { //eflags.VM (return to v86 mode) { mem8_loc = (qe + (esp & SS_mask)) & -1; wd = ld32_mem8_kernel_read(); esp = (esp + 4) & -1; } + //pop segment selectors from stack { mem8_loc = (qe + (esp & SS_mask)) & -1; gf = ld32_mem8_kernel_read();