simeonpilgrim / nikon-firmware-tools Goto Github PK

Tools used during the reversing of the Nikon firmware

C# 11.85% Shell 0.02% Max 0.98% Assembly 0.02% Java 55.41% C 26.33% HTML 0.87% C++ 2.81% Makefile 0.05% Perl 0.63% Batchfile 0.25% Lex 0.41% Python 0.22% CSS 0.02% JavaScript 0.13%

nikon-firmware-tools's People

Contributors

Stargazers

Watchers

nikon-firmware-tools's Issues

Emulator - FR80 timers use a wrong frequency

reload timers for FR80 are based on PCLK. This is set by clock divider in 
Register 0x48A. It is at the moment not used, so reload timer is based on 
incorrect frequency.

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:54

Emulator - If P51 is not HI upon boot, exception is thrown

Offending instruction : F263DB48 sw      r2, 0x1A68(r3)          ; 0x000000C1
(on or before PC=0xBFC126EC)
...
Caused by: java.lang.RuntimeException: KEY interrupt is not implemented
        at com.nikonhacker.emu.peripherials.keyCircuit.tx.TxKey.setKWUPST(TxKey.java:90)
(...)

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:37

Emulator - FR80 screen scaling is bad working

I noted that scaling of FR80 LCD by changing window size is working weird:

1) display ratio 4:3 is not maintained. So at the moment you can scale to 
160:240 that is absolutely bad picture. Display ratio must be maintained by all 
scaling operation

2) I suggest do not scale smaller as 320:240. Because window has scroll bars, 
you can always see it if you make window smaller.

Original issue reported on code.google.com by [email protected] on 21 Aug 2013 at 2:55

Emulator - Add a "delete" button to the Interrupt Controller frame's Status tab

In Interrupt controller panel there is only possibility to generate interrupt, 
but not to remove it. Because on FR now all interrupts are level-triggered, 
they stay forever until removed.

Original issue reported on code.google.com by vicnevicne on 10 Jul 2013 at 9:45

Emulator - TX memory window is not updated after stop on breakpoint

What steps will reproduce the problem?
1. Load both firmware; put TX breakpoint at BFC4769C and do "debug" in "sync 
mode"
2. After stop on breakpoint open memory window; goto to address ffff7120 and 
see 00 02 and all 00 till 16 bytes
3. do "debug" again; after stop on breakpoint old content is shown in TX memory 
window

What is the expected output? 
00 04 00 00 00 00 FF and all 00 till 16 bytes

What do you see instead?
00 02 and all 00 till 16 bytes


What version of the product are you using? 2.38
Please provide any additional information below:
If you close TX memory window and open again; goto to address ffff7120 then you 
see correct content.

Original issue reported on code.google.com by [email protected] on 6 Jul 2013 at 10:13

Emulator - Timer on TX side are runing too fast

the first problem I found is incorrect Timers frequency. So I have here a 
timeout timer base on input capture. It should make an interrupt by counting 
2500 @ 5MHz = after 500us. But it is making interrupt about 5000 TX cycles 
after 
start @ 80MHz = 62us. The input capture TBTRDCAP register correct before value 
0x0003C1EA, after 0x3CBAE, meaning difference is 2500 "counts". 
I use of course synchronous timers , so they are at the moment 8x times faster 
as expected.

Original issue reported on code.google.com by [email protected] on 14 Jul 2013 at 11:39

Emulator - TX19A exceptions generation is not implemented (need for floating-point)

TX19A exceptions should be generated like bad address, etc. Specially necessary 
is "Co-processor unusable exception", because it triggers setting flags that 
are responsible for saving/restoring FPU registers. Otherwise, floating-point 
calculations may not work correctly if one task using math switches to another 
one, also using FPU.

Original issue reported on code.google.com by [email protected] on 10 Jul 2013 at 12:55

Emulator - *.sh files on MacOS do not find emulator .jar

What steps will reproduce the problem?
FriedChicken reported problem on MacOS:
I had already installed Java SE Runtime Environment 7 and went through the 
steps in the link but I get this response in the Terminal and nothing happens:

Starting emulator UI
Exception in thread "main" java.lang.NoClassDefFoundError: 
com/nikonhacker/gui/EmulatorUI
Caused by: java.lang.ClassNotFoundException: com.nikonhacker.gui.EmulatorUI
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
logout
[Process completed]

MacOS, I suppose EMulator 2.37

Original issue reported on code.google.com by [email protected] on 7 Jul 2013 at 12:10

Emulator - Java exception often in "Sync mode" and one processor do not run

What steps will reproduce the problem?
1. Load both firmwares; put breakpoint on TX BFC4769C location; do "debug"
2. After breakpoint appears open TX Memory editor; goto address ffff7120
2. Do "debug"; appears Java exception (not always):
Exception in thread "AWT-EventQueue-0" java.lang.IllegalArgumentException: 
Comparison method violates its general contra
ct!
        at java.util.TimSort.mergeLo(TimSort.java:747)
        at java.util.TimSort.mergeAt(TimSort.java:483)
        at java.util.TimSort.mergeCollapse(TimSort.java:410)
        at java.util.TimSort.sort(TimSort.java:214)
        at java.util.TimSort.sort(TimSort.java:173)
        at java.util.Arrays.sort(Arrays.java:659)
        at java.util.Collections.sort(Collections.java:217)
        at javax.swing.SortingFocusTraversalPolicy.enumerateAndSortCycle(SortingFocusTraversalPolicy.java:136)
        at javax.swing.SortingFocusTraversalPolicy.getFocusTraversalCycle(SortingFocusTraversalPolicy.java:110)
        at javax.swing.SortingFocusTraversalPolicy.getComponentAfter(SortingFocusTraversalPolicy.java:280)
        at javax.swing.LayoutFocusTraversalPolicy.getComponentAfter(LayoutFocusTraversalPolicy.java:106)
        at java.awt.Component.getNextFocusCandidate(Component.java:7860)
        at java.awt.Component.transferFocus(Component.java:7828)
        at java.awt.Component.disable(Component.java:1517)
        at javax.swing.JComponent.disable(JComponent.java:3635)
        at java.awt.Component.enable(Component.java:1495)
        at java.awt.Component.setEnabled(Component.java:1458)
        at javax.swing.JComponent.setEnabled(JComponent.java:2677)
        at javax.swing.AbstractButton.setEnabled(AbstractButton.java:2087)
        at com.nikonhacker.gui.EmulatorUI.updateState(EmulatorUI.java:2916)
        at com.nikonhacker.gui.EmulatorUI.prepareEmulation(EmulatorUI.java:3038)
        at com.nikonhacker.gui.EmulatorUI.startEmulator(EmulatorUI.java:3017)
        at com.nikonhacker.gui.EmulatorUI.actionPerformed(EmulatorUI.java:1184)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2018)
        at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2341)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
        at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252)
        at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:289)
        at java.awt.Component.processMouseEvent(Component.java:6505)
        at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
        at java.awt.Component.processEvent(Component.java:6270)
        at java.awt.Container.processEvent(Container.java:2229)
        at java.awt.Component.dispatchEventImpl(Component.java:4861)
        at java.awt.Container.dispatchEventImpl(Container.java:2287)
        at java.awt.Component.dispatchEvent(Component.java:4687)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4832)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4492)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422)
        at java.awt.Container.dispatchEventImpl(Container.java:2273)
        at java.awt.Window.dispatchEventImpl(Window.java:2719)
        at java.awt.Component.dispatchEvent(Component.java:4687)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:729)
        at java.awt.EventQueue.access$200(EventQueue.java:103)
        at java.awt.EventQueue$3.run(EventQueue.java:688)
        at java.awt.EventQueue$3.run(EventQueue.java:686)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
        at java.awt.EventQueue$4.run(EventQueue.java:702)
        at java.awt.EventQueue$4.run(EventQueue.java:700)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:699)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)

FR runs (yellow color), but TX not (grey color).

What is the expected output? TX Firm should run (yellow color)

What do you see instead?


What version of the product are you using? Emulator 2.38

Original issue reported on code.google.com by [email protected] on 6 Jul 2013 at 9:59

Emulator - Crash when TX19 call stack window is open

Exception in thread "AWT-EventQueue-0" java.util.ConcurrentModificationException
    at java.util.LinkedList$ListItr.checkForComodification(LinkedList.java:953)
    at java.util.LinkedList$ListItr.next(LinkedList.java:886)
    at com.nikonhacker.gui.component.callStack.CallStackFrame.updateList(CallStackFrame.java:162)
    at com.nikonhacker.gui.component.callStack.CallStackFrame.access$600(CallStackFrame.java:28)
    at com.nikonhacker.gui.component.callStack.CallStackFrame$6.actionPerformed(CallStackFrame.java:131)
    at javax.swing.Timer.fireActionPerformed(Timer.java:312)
    at javax.swing.Timer$DoPostEvent.run(Timer.java:244)
    at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:251)
    at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:721)
    at java.awt.EventQueue.access$200(EventQueue.java:103)
    at java.awt.EventQueue$3.run(EventQueue.java:682)
    at java.awt.EventQueue$3.run(EventQueue.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:691)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
    at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)

Original issue reported on code.google.com by vicnevicne on 16 Jul 2013 at 11:27

Emulator - Make MasterClock expose an API to know the total elapsed time

So that it can be used in status bar and RTC

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:18

Emulator - Dtx disassembler should print a warning if wrong instruction sequence is detected

We had a problem that changes in Firm A lead to crash. The following code 
sequence:
BFCAXXXX 1A5F8009               jal     sub_Xyz_
BFCAXXXX F04E4EB1                ori    r6, 0x7051

is not allowed according to TX19A documentation. Disassembler Dtx can place a 
warning at this place, for example like:
BFCAXXXX 1A5F8009               jal     sub_Xyz_
BFCAXXXX F04E4EB1                ori    r6, 0x7051  ; !!! EXTENDED instruction 
is not allowed in delay-slot

Then it is easy to find in text editor afterwards, looking for !!! and problem 
is also seen in emulator in source window.

Original issue reported on code.google.com by [email protected] on 12 Jul 2013 at 12:32

Emulator - Use separate shortcut keys for FR80 and TX19 debugging

run/debug/stop/step should use different key combinations for each chip

Original issue reported on code.google.com by vicnevicne on 2 Jul 2013 at 12:24

Emulator - Growing Prefs file

The preference file is much too big and adding a breakpoint leads to a huge 
size increase.

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:15

Emulator - Implement gear registers to dynamically change TX19 frequency

Fsys is most of the time 40 MHz selected by gear register 

0x11 written to 0xFF001902 (@0xBFC13F24) SYSCR1 fperiph = fc (80MHz), T0 = 
fperiph/4 also 20MHz
...
0x00000001 written to 0xFF00190C (@0xBFC13F38) PLL=on
...
0x04 written to 0xFF001903 (@0xBFC17F84) SYSCR0 gear=fc/2 FSYS=40MHz

For example Task0xD changes Gear before calculation to 0, meaning runing to 
80MHz max Fsys CPU frequency, afterwards it is changed back to 4, meaning 40MHz

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:21

Emulator - Add action to delete breakpoint from right click menu in source window

Similar to "Toggle", we should have "Delete".
"Toggle" should become "Create" or "Disable" according to context.

Original issue reported on code.google.com by vicnevicne on 8 Aug 2013 at 4:09

Emulator - Show real emulated time in status bar

Use MasterClock getElapsedTime() API

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:28

Emulator - build.bat fix

You have to change line :

for /F "tokens=5 delims==<> " %%i in ('findstr "\"app-version\"" build.xml') do 
set app-version=%%~i

to

for /F "tokens=5 delims==<>/ " %%i in ('findstr "\"app-version\"" build.xml') 
do set app-version=%%~i

Original issue reported on code.google.com by vicnevicne on 1 Jul 2013 at 2:02

Emulator - Why no setValue(1) upon start

Why initially no call is done of setValue(1) for Key30 ?

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:50

Emulator - Show display X,Y in "FR80 Screen emulator" window

It would be nice to see LCD display coordinates X,Y if cursor is moving inside 
LCD area. That helps identify which areas are drawn by what.

Original issue reported on code.google.com by [email protected] on 21 Aug 2013 at 2:44

[deleted issue]

[deleted issue]

Emulator - crash when debugging

Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
        at javax.swing.text.PlainView.updateMetrics(PlainView.java:205)
        at javax.swing.text.PlainView.getPreferredSpan(PlainView.java:228)
        at javax.swing.text.FieldView.getPreferredSpan(FieldView.java:235)
        at javax.swing.text.FieldView.adjustAllocation(FieldView.java:82)
        at javax.swing.text.FieldView.adjustPaintRegion(FieldView.java:195)
        at javax.swing.text.PlainView.paint(PlainView.java:251)
        at javax.swing.text.FieldView.paint(FieldView.java:188)
        at javax.swing.plaf.basic.BasicTextUI$RootView.paint(BasicTextUI.java:1434)
        at javax.swing.plaf.basic.BasicTextUI.paintSafely(BasicTextUI.java:737)
        at javax.swing.plaf.basic.BasicTextUI.paint(BasicTextUI.java:881)
        at javax.swing.plaf.basic.BasicTextUI.update(BasicTextUI.java:860)
        at javax.swing.JComponent.paintComponent(JComponent.java:778)
        at javax.swing.JComponent.paint(JComponent.java:1054)
        at javax.swing.JComponent.paintToOffscreen(JComponent.java:5221)
        at javax.swing.RepaintManager$PaintManager.paintDoubleBuffered(RepaintManager.java:1512)
        at javax.swing.RepaintManager$PaintManager.paint(RepaintManager.java:1443)
        at javax.swing.BufferStrategyPaintManager.paint(BufferStrategyPaintManager.java:311)
        at javax.swing.RepaintManager.paint(RepaintManager.java:1236)
        at javax.swing.JComponent._paintImmediately(JComponent.java:5169)
        at javax.swing.JComponent.paintImmediately(JComponent.java:4980)
        at javax.swing.RepaintManager$3.run(RepaintManager.java:796)
        at javax.swing.RepaintManager$3.run(RepaintManager.java:784)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
        at javax.swing.RepaintManager.paintDirtyRegions(RepaintManager.java:784)
        at javax.swing.RepaintManager.paintDirtyRegions(RepaintManager.java:757)
        at javax.swing.RepaintManager.prePaintDirtyRegions(RepaintManager.java:706)
        at javax.swing.RepaintManager.access$1000(RepaintManager.java:62)
        at javax.swing.RepaintManager$ProcessingRunnable.run(RepaintManager.java:1651)
        at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:251)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:727)
        at java.awt.EventQueue.access$200(EventQueue.java:103)
        at java.awt.EventQueue$3.run(EventQueue.java:688)
        at java.awt.EventQueue$3.run(EventQueue.java:686)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:697)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)

Original issue reported on code.google.com by vicnevicne on 7 Jul 2013 at 10:10

Emulator - not possible to open TX19/FR80 iTRON objectes window

1) Disassemble firmware. 
2) Stop somewhere during execution and stop somewhere.
3) Try Trace -> "TX19 iTRON objects" or "TX19 iTRON objects". Nothing happens.

Windows with OS objects should be shown.

Original issue reported on code.google.com by [email protected] on 22 Jul 2013 at 1:33

Emulator - Restore indication of triggered breakpoint in status bar

When sync play is active, the CPU that hits a breakpoint does only mention 
"Emulation complete" in status bar. The name of the breakpoint hit should be 
displayed as it was before.

Original issue reported on code.google.com by vicnevicne on 9 Aug 2013 at 3:04

Emulator - Profile and optimize emulation speed in multi-CPU mode

e.g.  we could dedicate one thread to the master clock and one thread to each 
chip, and use inter-thread communication to make sure everything remains in 
sync, but that will be even more complex

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:45

Emulator - Prevent running in sync if one of the firmwares is not loaded

if I load only B firm, and start, and "keep sync" is selected, then a lot of 
java exceptions come and nothing works. Just do not allow to start with "keep 
synch" on and one of firmware image is not loaded.

Original issue reported on code.google.com by vicnevicne on 2 Jul 2013 at 12:20

Emulator - call stack is empty

Call stack shows nothing except current current PC value

Original issue reported on code.google.com by vicnevicne on 7 Jul 2013 at 9:48

Emulator - change TX RealTimeClock class to show correct emulated time

Use Masterclock "getElapstedTime()" api

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:26

Emulator - Syntax highlighting brings Java Null pointer exception

I noted always Null Exception in following conditions:
- something was selected in source window and is "green"
- I use "step" and it makes "CALL ..." 
- source screen is updated to location of called function and Null Exception 
appears, perhaps because highlighted word is not present in new assembler 
listing or position is wrong.

So may be if new function must be displayed in "Source" window then clear the 
list of highlighted words ?

Original issue reported on code.google.com by [email protected] on 23 Aug 2013 at 12:41

Emulator - Checking interrupt request should be made on byte

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


Please use labels and text to provide additional information.

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:51

Emulator - Step action requires several clicks for one instruction to be executed.

Using "step TX" from menu, takes me to do it several times, 3-4 until this last 
command is executed. This is extremely slow

Original issue reported on code.google.com by vicnevicne on 7 Jul 2013 at 10:00

Emulator - Clearing content of custom logger window is not possible

It would be nice to have a possibility to clear custom logger window content, 
without closing it. Because after closing and open again, one must retype all 
addresses that is much work.

Original issue reported on code.google.com by [email protected] on 15 Jul 2013 at 7:40

Emulator - Several Custom loggers

Add a way to log access to several memory areas at the same time.

Original issue reported on code.google.com by vicnevicne on 1 Jul 2013 at 10:09

Emulator - Highlighting word in "source window" may lead to 0Hz and CPUs hang

Sometimes I select accidentally (I do not want, but it happen) in Source 
windows(disassembler) a word (like loc_40eee_) and it is highlighted. But I do 
not know how to unhighlight it. So I "step" code further and it often happen:
Exception in thread "Thread-71" java.lang.Error: Error: could not match input
        at com.nikonhacker.gui.component.sourceCode.syntaxHighlighter.AssemblerFrTokenMaker.zzScanError(AssemblerFrToken
Maker.java:811)
        at com.nikonhacker.gui.component.sourceCode.syntaxHighlighter.AssemblerFrTokenMaker.yylex(AssemblerFrTokenMaker.
java:989)
        at com.nikonhacker.gui.component.sourceCode.syntaxHighlighter.AssemblerFrTokenMaker.getTokenList(AssemblerFrToke
nMaker.java:612)
        at org.fife.ui.rsyntaxtextarea.RSyntaxDocument.getTokenListForLine(RSyntaxDocument.java:377)
        at org.fife.ui.rsyntaxtextarea.SyntaxView.modelToView(SyntaxView.java:427)
        at javax.swing.plaf.basic.BasicTextUI$RootView.modelToView(BasicTextUI.java:1509)
        at javax.swing.plaf.basic.BasicTextUI.modelToView(BasicTextUI.java:1047)
        at javax.swing.plaf.basic.BasicTextUI.modelToView(BasicTextUI.java:1022)
        at javax.swing.text.JTextComponent.modelToView(JTextComponent.java:1428)
        at org.fife.ui.rtextarea.RTextAreaBase.possiblyUpdateCurrentLineHighlightLocation(RTextAreaBase.java:746)
        at org.fife.ui.rtextarea.RTextArea.fireCaretUpdate(RTextArea.java:574)
        at org.fife.ui.rsyntaxtextarea.RSyntaxTextArea.fireCaretUpdate(RSyntaxTextArea.java:741)
        at javax.swing.text.JTextComponent$MutableCaretEvent.fire(JTextComponent.java:4417)
        at javax.swing.text.JTextComponent$MutableCaretEvent.stateChanged(JTextComponent.java:4439)
        at javax.swing.text.DefaultCaret.fireStateChanged(DefaultCaret.java:798)
        at javax.swing.text.DefaultCaret.changeCaretPosition(DefaultCaret.java:1273)
        at javax.swing.text.DefaultCaret.handleSetDot(DefaultCaret.java:1169)
        at javax.swing.text.DefaultCaret$DefaultFilterBypass.setDot(DefaultCaret.java:1912)
        at javax.swing.text.NavigationFilter.setDot(NavigationFilter.java:64)
        at org.fife.ui.rtextarea.ConfigurableCaret$FoldAwareNavigationFilter.setDot(ConfigurableCaret.java:709)
        at javax.swing.text.DefaultCaret.setDot(DefaultCaret.java:1147)
        at javax.swing.text.DefaultCaret.setDot(DefaultCaret.java:1047)
        at javax.swing.text.JTextComponent.setCaretPosition(JTextComponent.java:1680)
        at com.nikonhacker.gui.component.sourceCode.SourceCodeFrame.reachAndHighlightPc(SourceCodeFrame.java:340)
        at com.nikonhacker.gui.component.sourceCode.SourceCodeFrame.onEmulatorStop(SourceCodeFrame.java:371)
        at com.nikonhacker.gui.EmulatorUI.signalEmulatorStopped(EmulatorUI.java:3048)
        at com.nikonhacker.gui.EmulatorUI.access$1000(EmulatorUI.java:120)
        at com.nikonhacker.gui.EmulatorUI$13.onNormalExit(EmulatorUI.java:2080)
        at com.nikonhacker.emu.MasterClock.run(MasterClock.java:144)
        at java.lang.Thread.run(Thread.java:722)

Afterwards, both CPUs show green status, 0Hz and are not actually running. I 
can't pause anymore - doesn't work. I can't do "run" or "debug" because it is 
grayed.
So the only solution is to close emulator and open again.

Original issue reported on code.google.com by [email protected] on 13 Jul 2013 at 5:07

Emulator - Implement TX19 registers IMCGA-IMCGF, IMCG10-IMCG11

These registers produce much log noise.

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:27

Emulator - Allow interrupt withdrawal on break trigger

Emulator can trigger now interrupt on breakpoint. But also nice to have a 
possibility to clear interrupt on breakpoint

Original issue reported on code.google.com by vicnevicne on 10 Jul 2013 at 9:46

Emulator - Timers should be incremented by the MasterClock and not by CPU cycles

Now that we have a MasterClock, probably it should run the timers directly.

WARNING though : if one CPU is paused, its timers should be paused too...

Requires more thought...

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:23

Emulator - Java Exception upon reset

I got very often with latest source from hg problem that I can't stop/reset 
FR80 side
To reproduce:
1) load FR80 firm
2) create custom logger open with 0x510-0x513
3) one breakpoints set at 0x00040F3C
4) do "debug" 3 times
5) try stop/reset FR emulator - Java exception comes and it doesn't work.
Result:
        Checking Java version...
        Java version 1.7.0_21 is OK.
        Starting emulator UI...
        Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
        at com.nikonhacker.gui.EmulatorUI.stopEmulator(EmulatorUI.java:3090)
        at com.nikonhacker.gui.EmulatorUI.actionPerformed(EmulatorUI.java:1197)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2018)
        at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2341)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
        at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
        at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833)
        at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877)
        at java.awt.Component.processMouseEvent(Component.java:6505)
        at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
        at java.awt.Component.processEvent(Component.java:6270)
        at java.awt.Container.processEvent(Container.java:2229)
        at java.awt.Component.dispatchEventImpl(Component.java:4861)
        at java.awt.Container.dispatchEventImpl(Container.java:2287)
        at java.awt.Component.dispatchEvent(Component.java:4687)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4832)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4492)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422)
        at java.awt.Container.dispatchEventImpl(Container.java:2273)
        at java.awt.Window.dispatchEventImpl(Window.java:2719)
        at java.awt.Component.dispatchEvent(Component.java:4687)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:729)
        at java.awt.EventQueue.access$200(EventQueue.java:103)
        at java.awt.EventQueue$3.run(EventQueue.java:688)
        at java.awt.EventQueue$3.run(EventQueue.java:686)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
        at java.awt.EventQueue$4.run(EventQueue.java:702)
        at java.awt.EventQueue$4.run(EventQueue.java:700)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:699)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 8:01

Emulator - Wrong FR80 logger behaviour

I did custom FR80 logger and see:
Starting listener for FR80 range 0x00000400 - 0x000004FF
...
read from 0x00000446 : 0x16 (@0x001D9116)
...
read from 0x00000446 : 0x16 (@0x001D911E)
...

But the code is 

001D9112  9B2D 0000      LDI:20  #0x20000,R13
loc_1d9116_:
001D9116  A5CD           ADD2    #-0x04,R13
001D9118  006C           LD      @(R13,R6),R12
001D911A  FDFD           BGT:D   loc_1d9116_              ; (loop)
001D911C  104C            ST     R12,@(R13,R4)
loc_1d911e_:
001D911E  9F80 00D0 0000 LDI:32  #0x00D00000,R0

This could not be, because these instructions (@0x001D9116 and @0x001D911E) are 
not accessing memory at all. It seems there was a timer interrupt, and it was 
accessed in interrupt. But logger logs not address in interrupt routine, but 
address of place where interrupt happend

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:53

Emulator - Implement divider for clock on FR80

Rhere is no ClockControl I/O Register DIVR2 0x48A in Timer implementation in 
Emulator FR80 side at the moment (see MB19660 datasheet Chapter 5.4.3). There 
is a divder 1/2 written to it for PCLK - that is timer base frequency. At the 
moment it is ignored. So FR80 timers should not be based on FR80 frequency.
--
00040104  9B00 0488      LDI:20  #0x00488,R0
00040108  C0F1           LDI:8   #0x0F,R1
0004010A  1601           STB     R1,@R0          ; 0x00000488
0004010C  9B00 0489      LDI:20  #0x00489,R0
00040110  C0F1           LDI:8   #0x0F,R1
00040112  1601           STB     R1,@R0          ; 0x00000489
00040114  9B00 048A      LDI:20  #0x0048A,R0
00040118  C1F1           LDI:8   #0x1F,R1
0004011A  1601           STB     R1,@R0          ; 0x0000048A

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:47

Emulator - add timing value in the custom log

Use elapsed time in ps from MasterClock

Original issue reported on code.google.com by vicnevicne on 18 Jul 2013 at 9:01

Emulator - Java heap exausted effects (~1GB)

After disassembling FR and TX code and start debugging, I get after some time 
java memory usage close to 975MB. Afterwards strange effects appear:
- debugging is very slow
- in disassembler was label name missing (empty jal, this do not happen 
directly after fresh start):
BFC471C8 F0806111 btnez   loc_bfc472ee_              ; (skip)
BFC471CC 1A3F1DB7 jal     
BFC471D0 6500      nop    
BFC471D2 6D01     li      r5, 0x01
BFC471D4 1A1F4AA3 jal     sys_chg_pri

So I have found that in startEmulator.bat heap for java is limited with 
-Xmx1024m to 1GB. So this seems be a reason for this.

May be we should increase heap or look for memory leaks.

Original issue reported on code.google.com by [email protected] on 12 Jul 2013 at 1:43

Emulator - Java exception after stop of emulaotr at breakpoint

Once in a while Java exception after stop of emulator on breakpoint:
Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
        at org.fife.ui.rsyntaxtextarea.TokenMakerBase.addToken(TokenMakerBase.java:134)
        at org.fife.ui.rsyntaxtextarea.modes.PlainTextTokenMaker.addToken(PlainTextTokenMaker.java:282)
        at org.fife.ui.rsyntaxtextarea.modes.PlainTextTokenMaker.yylex(PlainTextTokenMaker.java:622)
        at org.fife.ui.rsyntaxtextarea.modes.PlainTextTokenMaker.getTokenList(PlainTextTokenMaker.java:348)
        at org.fife.ui.rsyntaxtextarea.RSyntaxDocument.getTokenListForLine(RSyntaxDocument.java:377)
        at org.fife.ui.rsyntaxtextarea.SyntaxView.modelToView(SyntaxView.java:427)
        at javax.swing.plaf.basic.BasicTextUI$RootView.modelToView(BasicTextUI.java:1509)
        at javax.swing.plaf.basic.BasicTextUI.modelToView(BasicTextUI.java:1047)
        at javax.swing.plaf.basic.BasicTextUI.modelToView(BasicTextUI.java:1022)
        at javax.swing.text.JTextComponent.modelToView(JTextComponent.java:1428)
        at org.fife.ui.rtextarea.RTextAreaBase.possiblyUpdateCurrentLineHighlightLocation(RTextAreaBase.java:746)
        at org.fife.ui.rtextarea.RTextArea.fireCaretUpdate(RTextArea.java:574)
        at org.fife.ui.rsyntaxtextarea.RSyntaxTextArea.fireCaretUpdate(RSyntaxTextArea.java:741)
        at javax.swing.text.JTextComponent$MutableCaretEvent.fire(JTextComponent.java:4417)
        at javax.swing.text.JTextComponent$MutableCaretEvent.stateChanged(JTextComponent.java:4439)
        at javax.swing.text.DefaultCaret.fireStateChanged(DefaultCaret.java:798)
        at javax.swing.text.DefaultCaret.changeCaretPosition(DefaultCaret.java:1273)
        at javax.swing.text.DefaultCaret.handleSetDot(DefaultCaret.java:1169)
        at javax.swing.text.DefaultCaret$DefaultFilterBypass.setDot(DefaultCaret.java:1912)
        at javax.swing.text.NavigationFilter.setDot(NavigationFilter.java:64)
        at org.fife.ui.rtextarea.ConfigurableCaret$FoldAwareNavigationFilter.setDot(ConfigurableCaret.java:709)
        at javax.swing.text.DefaultCaret.setDot(DefaultCaret.java:1147)
        at javax.swing.text.DefaultCaret.setDot(DefaultCaret.java:1047)
        at javax.swing.text.JTextComponent.setCaretPosition(JTextComponent.java:1680)
        at com.nikonhacker.gui.component.sourceCode.SourceCodeFrame.exploreAddress(SourceCodeFrame.java:187)
        at com.nikonhacker.gui.component.sourceCode.SourceCodeFrame.reachAndHighlightPc(SourceCodeFrame.java:335)
        at com.nikonhacker.gui.component.sourceCode.SourceCodeFrame.onEmulatorStop(SourceCodeFrame.java:371)
        at com.nikonhacker.gui.EmulatorUI.signalEmulatorStopped(EmulatorUI.java:3044)
        at com.nikonhacker.gui.EmulatorUI.access$1000(EmulatorUI.java:119)
        at com.nikonhacker.gui.EmulatorUI$13.onNormalExit(EmulatorUI.java:2079)
        at com.nikonhacker.emu.MasterClock.run(MasterClock.java:144)
        at java.lang.Thread.run(Thread.java:722)
Emulator still working afterwards.

Original issue reported on code.google.com by [email protected] on 7 Jul 2013 at 1:44

Attachments:

addTokenException.JPG

Emulator - FPU coprocessor bug

commands lwc1/ctc1 change the same registers of FPU coprocessor as swc1/cfc1. 
In fact it is wrong.

*ctc1/cfc1 allow access to control registers of FPU. Disassembled must look 
like: 

cfc1    r5, $20
...
ctc1    r5, $20

Note failing "f". At the moment it shows $f20 that is wrong. 

EDIT: In fact $20 is also wrong, because MIPS defines FPU control registers 
only 0 and 31. So decoding instruction ctc1 and cfc1 seems do not decode 
register numbers correctly.

*lwc1/swc1 allow access to regular registers of FPU. Disassembled should look 
like: 

lwc1   $f31,r5
...
swc1    $f31,r5

This is correct.

Now about emulation logic. The meaning is: register $f20 is accessing not the 
same value as control register $20. I see the emulator accessing at the moment 
in both cases $f20, or ? In this case it is wrong emulation. 

It must be:

swc1  $f0,r5    ; saves content of FPU register (or memory) "$f0" to r5.
cfc1  r5, $0      ; saves content of FPU control register "$0" to r5.

And in both cases r5 value is different, because different registers.

And FPU part is still not working correctly on TX19 side.

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:58

Emulator - FR80 timers working sometimes too slowly in 2.43beta4

Following piece of FR code:
001A8A4E  8BE4           MOV     R14,R4
001A8A50  A5C4           ADD2    #-0x04,R4
001A8A52  C125           LDI:8   #0x12,R5
001A8A54  C016           LDI:8   #0x01,R6
001A8A56  C027           LDI:8   #0x02,R7
001A8A58  C04D           LDI:8   #0x04,R13
001A8A5A  9F8C FFFF FF56 LDI:32  #0xFFFFFF56,R12
001A8A60  1F40           INT     #0x40; R12=sys_twai_flg(flag_id=0x12, 
wai_pattern=0x1, wait_flag_mode=0x2, timeout=0x4)
001A8A62  9FA0           NOP     
001A8A64  144D           ST      R13,@R4

should sleep for 4ms. It works at first time, but afterwards all next sleeps 
are 5ms !? May it has something to do with Master Clock selection?

Steps to reproduce:
1) load both firmware 
2) add custom logger for addresses 0xB0-0xBF or put appropriate breakpoints
3) start firmware
4) first time this piece of code is executed, it is correctly 4ms timeout
5) second time it is 5ms instead of 4ms.

Must be always 4ms.

Original issue reported on code.google.com by [email protected] on 25 Aug 2013 at 1:12

Attachments:

frtimeoutproblem.PNG

Emulator - Should print more information on Java UI Exception if possible without performance impact

So, if it is possible without performance impact, can you add custom handler 
for such exceptions and print more debug info in case of exception ?

So much info, as you need to identify the source UI element, so we have a 
chance you identify it easily and fix based on this info. I mean those 
AWT-Queue-whatsoever exceptions that are listed in other issues. 

At the moment, you ask info about opened windows, etc, but it can be not enough 
and must wait until exception come again and again.

This is not very efficient at the moment.

Original issue reported on code.google.com by [email protected] on 8 Jul 2013 at 1:12

Emulator - Missing serial RX interrupt on TX19 side

Emulator 2.40
1) load both firmwares
2) put a trick to bypass Task0xD
3) start both firmware. 
After some time serial communication on HSC0 TX side stops.ere is a log of last 
sequence on TX side:

    0x00 written to 0xFF001803 (@0xBFC4817E)
    0x00 written to 0xFF001803 (@0xBFC4817E)
    read from 0xFF00180F : 0x17 (@0xBFC48196)
    0x17 written to 0xFF00180F (@0xBFC48196) ; HSC0CNF
    read from 0xFF001806 : 0x62 (@0xBFC4819A)
    0x72 written to 0xFF001806 (@0xBFC4819A) ; HSC0MOD1 start transmission
    read from 0xFF00180D : 0x00 (@0xBFC4819E) ; <- reception was disabled
    >>>>>>>>>>>>>>>>>>>> if there is a timer interrupt here, no reception will be done >>>>>>>>>>>>>>>>>>>>>>
    0x20 written to 0xFF00180D (@0xBFC4819E) ; enable reception
So the problem seems to be be clear: TX starts transmission with disabled 
reception and first the next code enables RX. So if timer interrupt or any 
other interrupt comes in between, TX serial device transmits without reception. 
So the delay must be changed in Emulator (if I understand correct it is only 1 
clock cycle?):

    public void setMod1(int mod1) {
        ...
        // Check if TXE was just enabled.
        if (currentTxEnabled && !previousTxEnabled) {
            // Signal if there are values waiting
            if (getNbTxValuesWaiting() > 0) {
                // Insert delay of a few CPU cycles.
                emulator.addCycleCounterListener(this);
            }
        }
    }

I suggest here in Emulator TX serial code to wait for one of following events 
to appear:
a) RX gets also enabled
b) longer delay time, for example at least 1-2us of emulated time.

Original issue reported on code.google.com by [email protected] on 18 Jul 2013 at 5:41

Emulator - Exception if starting TX19 while FR80 is running (or the reverse)

1) load both firmwares
2) "keep in sync" is not checked
3) start first TX19; everything ok
4) start FR80; I get immediately:
--
java.lang.NullPointerException
        at com.nikonhacker.emu.FrEmulator.onClockTick(FrEmulator.java:89)
        at com.nikonhacker.emu.FrEmulator.onClockTick(FrEmulator.java:27)
        at com.nikonhacker.emu.MasterClock.run(MasterClock.java:137)
        at java.lang.Thread.run(Thread.java:722)
null
FrCPUState : pc=0x00040008, rvalid=0b-1, reg=R0=0x50000000
R1=0x00000001
R2=0x00000000
R3=0x00000000
R4=0x00000000
R5=0x00000000
R6=0x00000000
R7=0x00000000
R8=0x00000000
R9=0x00000000
R10=0x00000000
R11=0x00000000
R12=0x00000000
R13=0x00000000
R14=0x00000000
R15=0x00000000
TBR=0x000FFC00
RP=0x00000000
SSP=0x00000000
USP=0x00000000
MDH=0x00000000
MDL=0x00000000
D6=0x00000000
D7=0x00000000
D8=0x00000000
D9=0x00000000
D10=0x00000000
D11=0x00000000
D12=0x00000000
D13=0x00000000
D14=0x00000000
D15=0x00000000
CR0=0x00000000
CR1=0x00000000
CR2=0x00000000
CR3=0x00000000
CR4=0x00000000
CR5=0x00000000
CR6=0x00000000
CR7=0x00000000
CR8=0x00000000
CR9=0x00000000
CR10=0x00000000
CR11=0x00000000
CR12=0x00000000
CR13=0x00000000
CR14=0x00000000
CR15=0x00000000
PS=0x00000000
CCR=0x00000000&#93;}
Offending instruction :  1501           UNK
(on or before PC=0x00040008)
com.nikonhacker.emu.EmulationException: java.lang.NullPointerException
        at com.nikonhacker.emu.FrEmulator.onClockTick(FrEmulator.java:204
        at com.nikonhacker.emu.FrEmulator.onClockTick(FrEmulator.java:27)
        at com.nikonhacker.emu.MasterClock.run(MasterClock.java:137)
        at java.lang.Thread.run(Thread.java:722)
Caused by: java.lang.NullPointerException
        at com.nikonhacker.emu.FrEmulator.onClockTick(FrEmulator.java:89)
        ... 3 more

Original issue reported on code.google.com by vicnevicne on 27 Jun 2013 at 7:43

Emulator - Add a way to export/import break triggers

To share break triggers, it should be possible to export selected triggers, and 
to import them at the end of one's list

Original issue reported on code.google.com by vicnevicne on 19 Aug 2013 at 6:08

Emulator - Implement clock gear on FR80

FR80 microcontroller clocks should run according to registers.

Original issue reported on code.google.com by vicnevicne on 17 Jul 2013 at 9:25

Merged into: #6

simeonpilgrim / nikon-firmware-tools Goto Github PK

nikon-firmware-tools's People

Contributors

Stargazers

Watchers

Forkers

nikon-firmware-tools's Issues

Recommend Projects

Recommend Topics

Recommend Org