Started 1 yr 5 mo ago
Took 12 min

Success Build #25 (May 20, 2018 12:50:32 PM)

Build Artifacts
magiclantern-startup-log.2018May20.100D101.zip1.77 MB view
magiclantern-startup-log.2018May20.1100D105.zip1.70 MB view
magiclantern-startup-log.2018May20.500D111.zip1.80 MB view
magiclantern-startup-log.2018May20.50D109.zip1.79 MB view
magiclantern-startup-log.2018May20.550D109.zip1.81 MB view
magiclantern-startup-log.2018May20.5D2212.zip1.81 MB view
magiclantern-startup-log.2018May20.5D3113.zip1.81 MB view
magiclantern-startup-log.2018May20.5D3123.zip1.81 MB view
magiclantern-startup-log.2018May20.600D102.zip1.80 MB view
magiclantern-startup-log.2018May20.60D111.zip1.81 MB view
magiclantern-startup-log.2018May20.650D104.zip1.80 MB view
magiclantern-startup-log.2018May20.6D116.zip1.81 MB view
magiclantern-startup-log.2018May20.700D115.zip1.77 MB view
magiclantern-startup-log.2018May20.70D112.zip1.76 MB view
magiclantern-startup-log.2018May20.7D203.zip1.81 MB view
Changes
  1. Merged qemu into dm-spy-experiments (detail / bitbucket)
  2. Merged io_trace into dm-spy-experiments (pull request #900)

    MMIO tracing backend (detail / bitbucket)
  3. boot-hack: fix booting on 550D/600D
    (broken in 5c77453) (detail / bitbucket)
  4. QEMU: fix printing callstack from GDB scripts
    (broken in 1834cd8) (detail / bitbucket)
  5. GDB scripts: workaround for a crash occuring with 5D
    (possibly GDB bug; can't explain why it works) (detail / bitbucket)
  6. qemu-frsp: fix compiling on lua_fix codebase
    (1200D and soon all others) (detail / bitbucket)
  7. QEMU: updated expected test results for 1200D 1.0.2
    (no stubs changed in debugmsg.gdb) (detail / bitbucket)
  8. QEMU: removed bogus/unused BGMT_ISO (detail / bitbucket)
  9. QEMU: fix Q button code for 1200D

    - https://www.magiclantern.fm/forum/index.php?topic=12627.msg200889#msg200889
    - assuming the same applies to 1300D; unsure about 600D/1100D (detail / bitbucket)
  10. QEMU: fix compiling on 32-bit x86 hosts

    Caveat: -d romcpy not working on x86 (requires int128_t) (detail / bitbucket)
  11. QEMU README: initial notes on DIGIC 7 (detail / bitbucket)
  12. QEMU: initial support for DIGIC 7 EOS (200D, 77D, 6D2)
    - added ROMID; updated MemDiv, XDMAC, SDIO
    - emulation starts many tasks, talks to MPU, initializes SD, creates the DCIM directory on the virtual card
    - fails with ERROR WaitPU1 TimeOut
    - dumpf does not save any logs (figure out why)
    - note: M5 ROM should now be loaded as ROM0 (detail / bitbucket)
  13. QEMU logging: initial support for DIGIC 7
    (CPU0 only; exception vectors at nonzero address) (detail / bitbucket)
  14. QEMU tests: ROM dumper needs larger timeout on slower computers; undo unwanted changes from cb93334 (detail / bitbucket)
  15. QEMU tests: fix expected results for restore after format after updating SD image (detail / bitbucket)
  16. QEMU tests: reworked ROM dump test to wait as much or as little as each camera needs
    (fixme: 70D waits for some CFDMA messages that are for some other device) (detail / bitbucket)
  17. QEMU: usleep patching no longer required on M3 (detail / bitbucket)
  18. QEMU: updated ROM dump tests to check SFDATA.BIN too
    (currently only applies to DIGIC 6) (detail / bitbucket)
  19. QEMU: updated SD image with latest display test
    (changeset 9b37638) (detail / bitbucket)
  20. QEMU: experimental UTimer emulation
    - these look pretty much like regular timers (same offsets), but behave like HPTimers!
    - UTimer patches from DIGIC 6 no longer needed!
    - fine-tuned HPTimer messages (detail / bitbucket)
  21. QEMU: fix logging of MMIO registers from the same range as MREQ
    (eos_handle_mreq also receives a few other registers, unknown yet) (detail / bitbucket)
  22. QEMU: specify actual RAM size for each model, rather than using generic values
    (emulating with larger size usually works, but doesn't catch some edge cases) (detail / bitbucket)
  23. QEMU: reordered model definitions in model_list.c
    (grouped by DIGIC version and similarity) (detail / bitbucket)
  24. QEMU: renamed IO_MEM_START/SIZE to MMIO_ADDR/SIZE for consistency;
    added MMIO_ADDR to model_list.c (possibly needed for future models) (detail / bitbucket)
  25. QEMU: removed unused entries; moved ML helpers to a different GPIO range.

    Old range was not accessible on certain models, such as PowerShots and DIGIC 7.
    Old GPIOs are still accepted (debugging existing code from experimental branches is still possible without merging latest qemu). (detail / bitbucket)
  26. QEMU logging: -d romcpy now output a shell script for extracting the copied blocks (detail / bitbucket)
  27. QEMU: memfd patch to fix compilation with glibc 2.27
    https://patchwork.openembedded.org/patch/147682/ (detail / bitbucket)
  28. QEMU installer: minor updates
    - option to "make clean" before renaming the old folder (to save disk space)
    - exit if QEMU fails to compile
    - check for a valid DISPLAY (important for WSL)
    - updated help links (detail / bitbucket)
  29. QEMU: updated CPU definition for DIGIC 7; renamed for older models and reverted the HIVECS property back to false (detail / bitbucket)
  30. QEMU tests: updated checksums for EOS M/M2 screenshots displaying date/time
    (fix commit 8c575ef99b7f) (detail / bitbucket)
  31. QEMU tests: updated checksum for a screenshot affected by transparency - commit 5b274e3
    (Canon quirk - it's not even a LiveView screenshot) (detail / bitbucket)
  32. annotate_mpu_log.py: allow incomplete mpu_send/recv lines
    (such as the ones from 80D logs) (detail / bitbucket)
  33. MPU spells: documented some AF-related properties (detail / bitbucket)
  34. GDB scripts: also identify and name PTP handlers (detail / bitbucket)
  35. GDB scripts: identify named functions during execution and export as IDC

    Named functions identified from: task_create, register_func, register_interrupt, CreateStateObject
    Tested on 5D3 1.1.3, EOSM2 1.0.3 and 80D 1.0.2 (missing stubs added). (detail / bitbucket)
  36. QEMU: check whether the ROM contents are mirrored (whether dumped size is larger than actual ROM size)

    ```
    [EOS] loading './50D/ROM0.BIN' to 0xF0000000-0xF0FFFFFF
    [EOS] mirrored data; unique 0x400000 bytes repeated 0x4 times
    [EOS] loading './50D/ROM1.BIN' to 0xF8000000-0xF8FFFFFF
    [EOS] mirrored data; unique 0x800000 bytes repeated 0x2 times
    ```

    https://www.magiclantern.fm/forum/index.php?topic=2864.msg199837#msg199837 (detail / bitbucket)
  37. QEMU: SRM_SetBusy/ClearBusy emulation for 5D3/6D/70D (detail / bitbucket)
  38. annotate_mpu_log.py: mark unknown MPU messages with ???

    (this ensures all MPU messages are displayed to the terminal, including unknown ones) (detail / bitbucket)
  39. dryos.h: enable ML DebugMsg calls when using CONFIG_DEBUG_INTERCEPT
    (so it would include ML version messages without further tweaking) (detail / bitbucket)
  40. Menu: QEMU hack 90f702c no longer needed for EOS M/M2
    (keeping changes to gui.h and button_codes.h) (detail / bitbucket)
  41. run_canon_fw.sh: fix printing GDB command line on systems where process name is limited to 15 chars;
    only look at processes started by the same parent as this script (to avoid false positives)
    to be tested on Mac and WSL (detail / bitbucket)
  42. QEMU: EOS M and M2 appear to handle the Q/SET button just like 100D
    https://www.magiclantern.fm/forum/index.php?topic=21765.msg198769#msg198769 (detail / bitbucket)
  43. QEMU: enabled MPU properties for EOS M (no more issues after LiveView emulation) (detail / bitbucket)
  44. QEMU: allow any argument for PROP_LEO_LENSID (EOSM); documented PROP_LEO_LENS*

    Should fix emulation with ROMs saved with a different lens (apparently lens ID goes into ROM - property 0xC000004)
    https://www.magiclantern.fm/forum/index.php?topic=9741.msg198847#msg198847 (detail / bitbucket)
  45. QEMU: send PROP_LV_LENS message at initialization (5D3 1.1.3; 1.2.3 commented; the message is model-specific)

    Useful for LiveView emulation (display focal length, focus distance etc)
    Message sent in a different place (not as in the logs), as it interferes with our (broken) LiveView emulation (detail / bitbucket)
  46. QEMU: experimental bitmap transparency support
    (doesn't match the hardware exactly, but it's better than nothing) (detail / bitbucket)
  47. QEMU: experimental movie mode switch (V key)
    Some cameras have dedicated movie mode on the dial, others use a switch and can record video in any mode dial position. (detail / bitbucket)
  48. QEMU: key mapping for Zoom In / Zoom Out (they don't do anything interesing yet);
    allow defining different keybindings on the same physical key (5D3/6D: only one zoom button, unlike most others)
    cleaned up zoom button handling on 5D3 and 6D (unpress zoom out should not be sent from keyboard, for example) (detail / bitbucket)
  49. QEMU: fix copy/paste error in HPTimer emulation
    (no side effects) (detail / bitbucket)
  50. QEMU tests: large timeouts appear to help in some tricky cases
    (such as mode switches, which may be slower than usual) (detail / bitbucket)
  51. QEMU: updated GUI tests for LiveView.

    EOS M/M2: no more reason to start with the date/time dialog.
    Still some color palette issues; usually can be worked around by switching to other video mode and back.
    Minor call trace differences for 650D and 700D (missed from previous commit) (detail / bitbucket)
  52. QEMU: LiveView works!!! (GUI elements only, no image)
    Credits go to Greg for the first PoC https://www.magiclantern.fm/forum/index.php?topic=2864.msg179867#msg179867

    Tests not yet updated, just to check whether the implementation is really without side effects outside LV.
    Only one screenshot changed - on EOS M (that screenshot was already in LiveView).
    Note: 70D uses more EDMAC connections; increased number from 48 to 64. (detail / bitbucket)
  53. MPU spells: identified some more properties while looking into the EOSM shutter bug
    https://www.magiclantern.fm/forum/index.php?topic=21728.0 (detail / bitbucket)
  54. QEMU: validate calls to eos_trigger_int
    allow missing UART RX/TX interrupt and just print a warning
    (affected: Eeko and EOS M5; fix not obvious) (detail / bitbucket)
  55. QEMU: removed unnecessary assertion in interrupt controller
    (triggered very rarely under "normal" conditions, but happens very often with io_trace) (detail / bitbucket)
  56. QEMU tests: run the GDB test for 10 seconds
    (these logs will be used for building the interrupt map) (detail / bitbucket)
  57. QEMU: fix alignment of MMIO messages before starting tasks (-d io) (detail / bitbucket)
  58. QEMU: fix HPTimer handling of periodic triggers
    (VxWorks models use a HPTimer as heartbeat, unlike DryOS)

    No visible differences on the UI, but heartbeat is now triggering on all VxWorks models.

    Minor emulation differences on 60D, 600D, 650D, 700D, 100D, EOSM, 6D (besides VxWorks models). (detail / bitbucket)
  59. GDB scripts: EOSM.202 stubs for logging properties
    (related: af43d85) (detail / bitbucket)
  60. annotate_mpu_log.py: fix handling logs with Windows newlines
    https://www.magiclantern.fm/forum/index.php?topic=21728.msg198330#msg198330 (detail / bitbucket)
  61. QEMU: delay EDMAC reads by one timer step (apparently reads are supposed to finish after writes)

    Change required to pass the memory benchmark on 5D3 and 6D.
    700D gives the same error if writes are delayed.

    Minor changes to call/return trace on 60D, 600D, 1200D and 1300D (no visible effects). (detail / bitbucket)
  62. QEMU tests: updated EOSM2 call/return trace for latest SFDATA.BIN from dfort
    (previously, SFDATA.BIN for 100D was assumed; no visible changes) (detail / bitbucket)
  63. QEMU: declared silent control events for 5D3
    (not used; only for annotations) (detail / bitbucket)
  64. MPU spells: found PROP_LV_APERTURE and PROP_SILENT_CONTROL_STATUS (detail / bitbucket)
  65. QEMU: declared internal zoom in/out events for 5D3
    (they are sent by the MPU during GUI mode switches) (detail / bitbucket)
  66. QEMU: fix LV button code for 5D3 (detail / bitbucket)
  67. annotate_mpu_log.py: more output options (to stdout, to file, auto rename) (detail / bitbucket)
  68. MPU spells: script to annotate logs with mpu_send/recv events
    (known MPU messages moved to known_spells.py) (detail / bitbucket)
  69. Makefile: fix "make install_qemu CONFIG_QEMU=y" for minimal targets (detail / bitbucket)
  70. QEMU: workaround to emulate io_trace
    (without it, many MMIO events are missed, apparently because of QEMU's TLB cache) (detail / bitbucket)
  71. NotifyBox: log messages to QEMU console (detail / bitbucket)
  72. GDB scripts: replaced *(int*)(x) with MEM(x)
    (for consistency with other ML code, and maybe slightly easier to read) (detail / bitbucket)
  73. QEMU: experimental Q button emulation for 100D
    (not 100% sure about it, but seems to emulate the long Q/SET press correctly) (detail / bitbucket)
  74. io_trace: updated comments about TCM usage (detail / bitbucket)
  75. dm-spy: fix incorrect address in messages from DebugMsg
    (broken after calling io_trace_log_flush before reading LR) (detail / bitbucket)
  76. io_trace: moved the stack in some unused area in the TCM; documented TCM usage
    the stack configured for Data Abort by Canon bootloader may overwrite IRQ handler table - on 5D3 we were just lucky
    (todo: make sure it's really unused on all models, using some automated test) (detail / bitbucket)
  77. io_trace: removed uncacheable jumps and clean the cache without affecting the cache hacks
    (patch from g3gg0; updated some comments) (detail / bitbucket)
  78. io_trace: run the trapped instruction from uncacheable memory
    (no more need to clear the caches -> no more interference with cache hacks!)

    0x000b0e74:  e92d4000      push {lr}
    0x000b0e78:  e38ff101      orr pc, pc, #1073741824 ; 0x40000000
    0x400b0e80:  e5810004      str r0, [r1, #4]            ; [0xC0222004] <- 0x10
    0x400b0e84:  e3cff101      bic pc, pc, #1073741824 ; 0x40000000
    0x000b0e8c:  e8bd4000      pop {lr} (detail / bitbucket)
  79. io_trace: workaround to prevent crash on instructions that modify LR
    fixme: run the instruction in the original mode (IRQ, user, supervisor etc)
    http://www.magiclantern.fm/forum/index.php?topic=2388.msg196991#msg196991 (detail / bitbucket)
  80. io_trace: identify lost data (if index wraps around); use larger buffer
    todo: branch-less saturated arithmetic for buffer_index (detail / bitbucket)
  81. io_trace: added timestamp, interrupt ID, nicer output
    starts to resemble the output of '-d io' from QEMU
    for some reason it doesn't crash any more, but I'm not sure what I did to fix it :)
    EDMAC and JPCORE also working, even from startup (detail / bitbucket)
  82. io_trace: helper to define memory regions without having to look up their sizes;
    some examples of peripherals that could be successfully logged (detail / bitbucket)
  83. io_trace: config option for Makefile.user
    enable with CONFIG_MMIO_TRACE=y, to be used with either CONFIG_DEBUG_INTERCEPT=y or CONFIG_DEBUG_INTERCEPT_STARTUP=y
    note: EDMAC logging works with the former, range 0xC0F0001F doesn't crash (just an example)
    guess: LCLK must be active when starting logging? (detail / bitbucket)
  84. io_trace: interrupt hooks apparently not needed
    it seems to log even more registers without them
    e.g. C02200BC: ~100 before, ~1000 after (5D3, regular startup sequence) (detail / bitbucket)
  85. io_trace: simplified install/uninstall code (detail / bitbucket)
  86. io_trace: proof of concept working, can log GPIO and SIO
    many other memory regions are crashing (EDMAC, etc) (detail / bitbucket)
  87. io_trace: custom stack probably not needed (detail / bitbucket)
  88. io_trace: cache sync required before reconfiguring the protection region?
    (it no longer crashes on camera after this change) (detail / bitbucket)
  89. io_trace: refactored to use static variables/functions;
    removed io_trace_ prefix from local symbols to reduce noise in variable names;
    use uint32_t instead of unsigned int (detail / bitbucket)
  90. io_trace: whitespace (detail / bitbucket)
  91. io_trace: able to trap a few accesses in the MMIO region
    todo:
    - log the value read from the MMIO register (ideally without re-reading that register)
    - once some access is made, re-enable the memory protection for the next instruction
      (currently it's only enabled at the next interrupt, which misses most of the action)
    - works in QEMU, crashes on camera (detail / bitbucket)
  92. io_trace: started from mem_prot code, not working yet
    (renamed mem_prot_* to io_trace_*, removed GUI code, added hooks to dm-spy)

    Goal: log all MMIO register accesses (in particular, reads) alongside other debug messages (detail / bitbucket)
  93. run_ml_all_cams.sh: fix QEMU_DIR once more (detail / bitbucket)
  94. run_ml_all_cams.sh: fix QEMU_DIR (detail / bitbucket)
  95. Menu: hack to allow browsing ML menu on EOSM and EOSM2
    (requires CONFIG_QEMU=y) (detail / bitbucket)
  96. Merged makefile-updates into qemu
    (also updated README regarding "make install_qemu" on modules) (detail / bitbucket)
  97. QEMU: moved default installation directory to qemu-eos
    Rationale: user is likely to have another qemu directory, unrelated to ML (such as the vanilla qemu repo)
    Can be changed by setting QEMU_DIR, e.g. "export QEMU_DIR=qemu" before running install.sh will install QEMU in the old path
    To be thoroughly tested. (detail / bitbucket)
  98. QEMU: trim HTML logs to 10000 lines if higher
    (very slow to render; also, at these sizes, browsing/grepping plain text is way faster) (detail / bitbucket)
  99. GDB scripts: logging hook for prop_deliver (detail / bitbucket)
  100. GDB scripts: logging hooks for CreateStateObject
    useful to find all state objects created during the emulation
    http://www.magiclantern.fm/forum/index.php?topic=17969.msg196010#msg196010 (detail / bitbucket)
  101. QEMU installer: fine-tuned prompt when reinstalling (detail / bitbucket)
  102. QEMU: fix Q button handling on 550D, 600D, 1100D (to be tested) (detail / bitbucket)
  103. QEMU readme: table of contents; minor typos (detail / bitbucket)
  104. QEMU readme: GPIO section update (detail / bitbucket)
  105. dump_srec.py: updated to decode lens firmware updates (*.lfu)
    http://www.magiclantern.fm/forum/index.php?topic=20969 (detail / bitbucket)
  106. QEMU readme: misc updates (formatting, rephrasing); GPIO section (detail / bitbucket)
  107. QEMU installer: make it clear the script expects user input when it's asking whether to compile QEMU (detail / bitbucket)
  108. eject removes the disk image completely while unmount doesn't remove the disk image from /dev. (detail / bitbucket)
  109. reworked description of the peripherals (detail / bitbucket)
  110. QEMU install: fix mistakes (detail / bitbucket)
  111. QEMU readme: typos, formatting (detail / bitbucket)
  112. QEMU readme: note for Bitbucket not always rendering the RST
    (reloading the page usually works; apparently it doesn't need javascript, so what's going on?) (detail / bitbucket)
  113. QEMU readme: some basic concepts related to how the DIGIC hardware works
    (some parts adapted from https://jsandler18.github.io/ ) (detail / bitbucket)
  114. QEMU readme: misc notes
    - tip to save SD images as qcow2 (they take less disk space)
    - instrumentation tools
    - history updates
    - minor formatting fixes (detail / bitbucket)
  115. QEMU: use 600D MPU messages for 1300D
    fixes toggling drive mode, http://www.magiclantern.fm/forum/index.php?topic=17969.msg196013#msg196013 (detail / bitbucket)
  116. GDB scripts: hide warnings about undefined task addresses when running with patches.gdb
    (when running with debugmsg.gdb, full context info is printed) (detail / bitbucket)
  117. GDB scripts: fix address in log_result
    (LR is no longer valid, as we are no longer at the beginning of a function call) (detail / bitbucket)
  118. QEMU install.sh: recent git no longer accepts empty identities
    http://www.magiclantern.fm/forum/index.php?topic=20214.msg195892#msg195892 (detail / bitbucket)
  119. QEMU scripts: removed hardcoded references to ../magic-lantern
    and documented how the directories can be customized (detail / bitbucket)
  120. QEMU readme: documented directory structure (detail / bitbucket)
  121. QEMU logging: cleaned up hacks around memory logging options
    (logging tools may require any memory logging backends, but in the logs, only those items specifically requested by user will be printed) (detail / bitbucket)
  122. run_canon_fw.sh: hide osascript messages on Mac
    (when trying to bring the QEMU window in foreground, but there isn't any) (detail / bitbucket)
  123. QEMU install: keep the 64-bit gdb warning prompt on Mac and WSL (to be tested) (detail / bitbucket)
  124. QEMU install: attempt to fix warnings about 64-bit gdb on Mac and WSL (to be tested)
    the script should print warnings about them, but accept them as valid (detail / bitbucket)
  125. QEMU install: fix path issue after compilation (detail / bitbucket)
  126. QEMU install: fix warning about lsb_release on Mac or other systems without it (detail / bitbucket)
  127. QEMU install: attempt to fix warnings about 64-bit GDB on Mac (to be tested) (detail / bitbucket)
  128. QEMU install: fine-tuned QEMU compilation, to be tested
    (error handling, display the next steps after compilation finished) (detail / bitbucket)
  129. QEMU install: on WSL and Mac, try the latest 64-bit toolchain (to be tested)
    Linux installation still uses the 32-bit one (older version)
    TODO: attempt to compile a 32-bit GDB for Mac
    Reworded warnings, as a 32-bit GDB is now only needed for development;
    it's no longer mandatory for running the examples, since http://www.magiclantern.fm/forum/index.php?topic=2864.msg190823#msg190823 (detail / bitbucket)
  130. QEMU: simplified SFDMA mapping by removing model-specific redirection
    (they are fairly consistent across all models) (detail / bitbucket)
  131. QEMU tests: 40D call trace still not fully deterministic (CF uses some status polling, not just DMA)
    re-applying workaround (only check the "basic" call trace, without function arguments and extra info) (detail / bitbucket)
  132. QEMU: documented SD detect registers on recent DIGIC 5 models
    (non-functional) (detail / bitbucket)
  133. QEMU: refactored CFDMA/UartDMA handling to remove model-specific redirections
    enabled UartDMA on all models (including VxWorks), but it's not working yet
    70D: IFE DMA handling moved from SDDMA to CFDMA (minor, no noticeable side effects other than breaking the tests) (detail / bitbucket)
  134. QEMU: fix 5D3 CF emulation
    (disabled by default; can be enabled from mpu_spells/5D3.h) (detail / bitbucket)
  135. QEMU: documented property groups ("complex" MPU messages)
    including GDB logging hooks to find them (detail / bitbucket)
  136. QEMU tests: relaxed shutdown checks
    (some false positives caused by non-deterministic emulation)
    (note: menu tests are executed non-determinstically, unlike the call trace, so each run is different) (detail / bitbucket)
  137. QEMU: attempt to get deterministic execution on CF models when using -icount
    operations are slowed down to avoid timing variations
    default behavior (without -icount) is not affected
    on main firmware, the call/return trace test is now deterministic on all models!
    fixme: CF emulation in PIO mode is still non-deterministic (detail / bitbucket)
  138. GDB scripts: generic logging hooks (detail / bitbucket)
  139. QEMU readme: example of identifying the location of an assertion using gdb and -d callstack; minor updates (detail / bitbucket)
  140. QEMU: updated 750D/760D GDB scripts and tests; file I/O works!
    (using 750D SFDATA.BIN) (detail / bitbucket)
  141. Merged in t3r4n/magic-lantern/qemu (pull request #894) (detail / bitbucket)
  142. QEMU: fix some MPU spells
    (typos caught by automated checking) (detail / bitbucket)
  143. Added the serial flash line for 750D and 760D into model_list. See https://www.magiclantern.fm/forum/index.php?topic=17627.msg195357#msg195357 (detail / bitbucket)
  144. QEMU readme: minor link updates (detail / bitbucket)
  145. QEMU readme: moved developer and reverse engineering notes to a new file
    (reason: bitbucket seems to have trouble rendering large files) (detail / bitbucket)
  146. QEMU readme, GDB scripts: info on debugging symbols; more symbol-file choices in comments
    (depending on what you are debugging - regular ML, reboot shim or Canon firmware) (detail / bitbucket)
  147. QEMU readme, GDB scripts: recommend '-ex quit' after patches.gdb, but not after debugmsg.gdb

    reason: when running with patches.gdb, you may not want to type "quit" after stopping the emulation
    however, this trick removes the ability to use interactive breakpoints in GDB (it would quit as soon as reaching one), so don't recommend it for debugmsg.gdb (detail / bitbucket)
  148. QEMU readme: fix typos; minor updates (detail / bitbucket)
  149. QEMU: fix serial flash DMA on DIGIC 6 (tested on 80D, 5D4 and 750D with PR #894);
    refactored serial flash to use its own DMA (not shared with SD) (detail / bitbucket)
  150. QEMU: updated 80D test results for actual serial flash contents
    http://www.magiclantern.fm/forum/index.php?topic=17360.msg195519#msg195519 (detail / bitbucket)
  151. QEMU readme: formatting (detail / bitbucket)
  152. QEMU readme: GDB scripting examples, including callstack (detail / bitbucket)
  153. QEMU readme: use em-dashes instead of simple dashes (detail / bitbucket)
  154. QEMU: changed I/O logging behavior
    - "-d io" implies "-d nochain -singlestep" (this prints correct PC values, but emulation is slower)
    - "-d io_quick" to get the old behavior (faster, with incorrect PC values)
    - "-d io_log" to print mmio_log entries for dm-spy-experiments
    - "-d nochain" always implies "-singlestep" (easier to enable this mode on other kind of logs that may need it)
    - updated README (detail / bitbucket)
  155. QEMU readme: moved the "Incorrect firmware version" section to Hacking
    (it's no longer an issue for regular users) (detail / bitbucket)
  156. QEMU readme: started to document the steps needed to emulate Canon GUI (detail / bitbucket)
  157. QEMU readme: minor updates, corrections (detail / bitbucket)
  158. QEMU tests: updated after changing the SD image
    - format screenshots slightly different at free space (before only)
    - call/return traces are also different (different layout on the SD image) (detail / bitbucket)
  159. QEMU: updated sd.img.xz with latest portable display test
    (main change: fix identification of firmware version - 7889972) (detail / bitbucket)
  160. GDB scripts: fix assert handling on EOS M10 (detail / bitbucket)
  161. QEMU: moved 7D2 patches to GDB scripts;
    initial GDB script for 7D2 slave (detail / bitbucket)
  162. QEMU: defined FPGA memory regions for 5D2 and 50D
    (just to prevent some warnings; nothing changed in functionality) (detail / bitbucket)
  163. QEMU tests: run all cleanups on CTRL-C
    (stop all background tasks, make sure QEMU is no longer running, remove temporary files...) (detail / bitbucket)
  164. QEMU: enabled serial flash emulation on 5D4
    (emulation on main firmware doesn't go that far, but can be tested from bootloader menu) (detail / bitbucket)
  165. QEMU: refactored serial flash CS handling to reduce duplicate code
    (moved CS register and tested value to model_list.c) (detail / bitbucket)
  166. QEMU tests: reworked menu tests (including format)
    - use vncexpect whenever the md5 of the next screen is known (reduces timing sensitivity and also faster overall)
    - no more wait hacks required for format tests
    - use a single vncdotool command whenever possible (faster)
    - removed duplicate code (function for sending a menu sequence)
    - fine-tuned progress indicator (detail / bitbucket)
  167. MPU spells: allow changing various Canon properties that require confirmation from the MPU:
    ISO, shutter, aperture, EC, FEC, metering, drive, AF mode, picture style, WB, ExpSim, ALO, HTP, MLU
    all but WB were broken if changed from ML menu/scripts; they are working now (fixme: not included in tests)
    some of them were working from Canon UI before this patch (picture style, WB, ExpSim, metering and drive mode)
    WB was working before, but uses confirmation in logs; updated for consistency

    could not test on: 5D2, 40D, 50D, 550D, 650D, 700D, EOSM2
    not working: EOSM (breaks previous tests => disabled) (detail / bitbucket)
  168. QEMU: experimental mode dial emulation
    works on most models to some extent, except 40D, could not test on 550D, 650D, 70D, EOSM2 (detail / bitbucket)
  169. MPU spells: comment out possible mode switches
    not required for the GUI, but will interfere later with the mode switching feature
    affected models: 6D (call/return trace changed), 70D, 700D (no side effects noticed) (detail / bitbucket)
  170. Merged in t3r4n/magic-lantern/qemu_installer (pull request #893)

    Further automation in install script to compile directly at the end. (detail / bitbucket)
  171. QEMU: more MPU properties identified by brute-forcing (detail / bitbucket)
  172. QEMU: formatting fixes in extract_init_spells.py / known_spells.h (detail / bitbucket)
  173. QEMU: added property IDs to known MPU spells
    also alternate names as comments (detail / bitbucket)
  174. QEMU: identified more MPU spells, corrected a few others
    - experimentally (playing around in menus)
    - brute-forcing MPU messages to identify properties
    - cross-checked names and IDs in startup logs and ROM strings
    - still, it's impossible not to find a few incorrect ones (detail / bitbucket)
  175. QEMU: experiment - brute-force MPU messages to find out their meaning (detail / bitbucket)
  176. GDB scripts: hooks for logging properties (prop_request_change, MPU property functions)
    (example for 5D3.113 and 550D.109; useful for identifying properties) (detail / bitbucket)
  177. qemu-util: fix compilation in bootloader context;
    sample boot messages in reboot.c, e.g. printing firmware signature or RESTARTSTART address
    (only present in the output binary when compiling with CONFIG_QEMU=y) (detail / bitbucket)
  178. GDB scripts: disable serial flash version check patch on EOS M2
    not really needed (the error message seems harmless and doesn't prevent GUI emulation)
    but changed ML firmware signature checking
    and won't be needed after getting a serial flash dump from a real camera anyway (detail / bitbucket)
  179. QEMU install.sh: further Ubuntu/WSL cleanups (minor) (detail / bitbucket)
  180. QEMU install.sh: fine-tuned messages and date format when renaming an older installation (detail / bitbucket)
  181. Merged in t3r4n/magic-lantern/qemu_install_improvement (pull request #892)

    Option to rename or delete existing QEMU directory during installation (detail / bitbucket)
  182. QEMU install.sh: WSL fixes
    - checking for Ubuntu (uname -a does not report Ubuntu)
    - hide 32-bit toolchain options (detail / bitbucket)
  183. run_canon_fw.sh: Mac fixes
    - use is_mounted (lsof checks are enough)
    - typo in osascript when trying to bring QEMU window to front (detail / bitbucket)
  184. run_canon_fw.sh: fine-tuned checking of whether SD/CF image is in use
    - use lsof to detect whether another process opened the SD/CF image for writing
    - only allow multiple instances of QEMU if using -snapshot (read-only access to SD/CF image)
    - check all results returned by losetup (note: lsof does not show whether the image is mounted)
    - use alternate methods (grepping mount output) if losetup is not available
    - to be tested/refined on Mac and Windows 10 WSL (detail / bitbucket)
  185. QEMU: RTC workaround to bring back 400D GUI
    (broken in 0d654a0, not covered by tests as it's very slow) (detail / bitbucket)
  186. QEMU: 40D GUI working!
    - MPU RX register was read 8 bits at a time (other models so far used 16-bit reads)
    - using 50D MPU spells
    - button codes found with extract_button_codes.py, from existing ML port
    - HotPlug: external monitor, USB, Toe, erase switch
    - CFDMA: new channel, protocol tweaks, enabled interrupts
    - Powersave workaround (GUI locked up after some seconds of inactivity, similar to 1300D) (detail / bitbucket)
  187. QEMU: fix USB CONNECT on 450D/1000D
    (incidentally, this also fixes the card format dialog on these cameras - likely UILock issue) (detail / bitbucket)
  188. QEMU: 1300D GUI works!
    - this camera uses a different DryOS timer (totally unexpected!)
    - removed JPCORE patch (firmware expects this to be initialized properly)
    - generic MPU spells; button codes from 1100D
    - powersave workaround (without it, GUI would lock up after a few seconds of inactivity)
    - no patches required! (detail / bitbucket)
  189. QEMU: cleaned up serial flash handling on models that don't use one
    previously, they were called on unrelated SIO/SDIO channels, with little or no side effects,
    other than breaking a few function call trace tests (detail / bitbucket)
  190. QEMU: updated 80D tests for 1.0.2; DCIM test also works! (detail / bitbucket)
  191. QEMU: 80D file I/O support from main firmware
    (experimental, tested with "dumpf" in the serial console) (detail / bitbucket)
  192. QEMU: enable card support on generic MPU spells
    (experimental, some models work better than others) (detail / bitbucket)
  193. GDB scripts: some experimental 80D patches, to be fixed in the emulation (detail / bitbucket)
  194. GDB scripts: log state object transitions
    (stubs for 550D and 80D) (detail / bitbucket)
  195. GDB scripts: 80D logging hooks for semaphores and message queues
    (disabled by default; also updated assert_log for 1.0.2) (detail / bitbucket)
  196. QEMU: RomRead DMA is actually XDMAC
    (up to 4 channels; 80D only uses 2) (detail / bitbucket)
  197. QEMU: experimental MPU support for 80D, 750D and 760D
    seems to work with generic spells - at least the emulation goes further
    also minor refactoring / comments on MPU registers for earlier models
    also enabled for 5D4 just to avoid a crash - emulation doesn't reach mpu_send yet, but it calls InitializeIntercom (detail / bitbucket)
  198. QEMU tests: do not start if compilation fails
    (small nitpick that could result in false test results) (detail / bitbucket)
  199. QEMU: updated tests after b75e1342711a
    (context info is now correctly printed when returning from msg_queue_receive, take_semaphore etc) (detail / bitbucket)
  200. QEMU: generic MPU spells compatible with most EOS models (experimental) (detail / bitbucket)
  201. QEMU logging: fix losing track of called functions when DryOS tasks are switched outside interrupts
    see the assertion error on 5D4 callstack consistency test (after 442b691)
    to be tested; there was a similar error was on 80D, non-deterministic
    (encountered when running with -d debugmsg,callstack,tail with all patches enabled) (detail / bitbucket)
  202. QEMU: MPU status doesn't seem to matter much; simplified to prepare for DIGIC 6 compatibility
    todo: cross-check with actual hardware (detail / bitbucket)
  203. QEMU: shared memory initialization for DIGIC 6 (MEMDIV messages)
    to try: SHM_SHOW_INFO / SHM_SHOW_DIST_INFO on serial console (only 80D, 750D and 760D reach this far)
    ( sleep 3; echo "akashimorino";
      sleep 1; echo "SHM_SHOW_INFO";
      sleep 1; echo "SHM_SHOW_DIST_INFO";
    ) | ./run_canon_fw.sh 80D -serial stdio (detail / bitbucket)
  204. QEMU: refactored serial flash SIO handler with io_log (detail / bitbucket)
  205. QEMU: refactored serial flash connections to avoid hardcoding camera model names
    fixme: D3 models and 1300D still hardwired to serial flash handlers to pass the tests (detail / bitbucket)
  206. QEMU: experimental serial flash support for 80D
    using SFDATA.BIN from 70D, patched at 0x10004 from 09 8B C1 20 to 00 00 01 20
    meaning: size of 70D's property block at 0x10000 is 0x12BC98 (data is shifted by 4 bytes)
    but 80D expects a maximum size of 0x12000 in FE47BF40 ("Liar Valid Packages!!" if the size check fails)
    so we trim the property block at the expected size of 0x12000
    this will lose a few properties, but at least the emulation goes further (no SF dumper for D6 yet)
    other 8MB SFDATA.BIN patched in the same way should also work (700D, 650D, EOSM, 6D),
    but their data block at 0x10000 is larger, so more properties will be probably lost (not tested) (detail / bitbucket)
  207. QEMU: RomRead DMA for DIGIC 6, used for initializing property blocks
    (very similar to regular DMA, slightly different register offsets) (detail / bitbucket)
  208. QEMU: slow down UART input to work around race conditions
    (not exactly clean, but at least DryShell tests are now passing on all models) (detail / bitbucket)
  209. QEMU: fixed UART on DIGIC 6 (DryShell works!)
    fixme: tests are failing, but typing on the UI works fine
    note: DIGIC 4/5 emulation changed a bit (0xC0270000 was misinterpreted before) (detail / bitbucket)
  210. QEMU: found out why DIGIC 6 models were getting stuck at startup!
    The firmware was reading the memory layout from CP15 registers;
    most of them were emulated well in QEMU, except ATCM and BTCM, which were implemented as NOP.
    They are still NOP in current QEMU git.

    Patching the memory regions loop is no longer required!
    (keeping empty 80D patch for future use) (detail / bitbucket)
  211. MPU spells: some names could not be identified (fixed) (detail / bitbucket)
  212. QEMU tests: call mtools_setup.sh rather than duplicating its work
    (fixes some tests failing if mtools is configured to use lowercase by default) (detail / bitbucket)
  213. run_canon_fw.sh: on Mac, bring QEMU window to foreground
    (by default, the window is opened behind the terminal, so one may not even notice it) (detail / bitbucket)
  214. run_canon_fw.sh: print camera name in QEMU window title (detail / bitbucket)
  215. run_canon_fw.sh: only clear the terminal if running in interactive mode
    https://serverfault.com/questions/146745/how-can-i-check-in-bash-if-a-shell-is-running-in-interactive-mode (detail / bitbucket)
  216. QEMU logging: always log unmapped memory regions (detail / bitbucket)
  217. GDB scripts: fix text alignment with "native" logging options (minor) (detail / bitbucket)
  218. QEMU install.sh: fix null byte warning when parsing model list
    (bash 4.4 and newer? http://www.magiclantern.fm/forum/index.php?topic=2864.msg193118#msg193118 ) (detail / bitbucket)
  219. QEMU install: print fewer help details after installation; link to the online documentation (detail / bitbucket)
  220. QEMU readme: formatting, typos (detail / bitbucket)
  221. QEMU readme: more info regarding custom SD/CF images (detail / bitbucket)
  222. QEMU readme: more ways to install ML to the virtual SD/CF images (detail / bitbucket)
  223. QEMU readme: note about "make install_qemu" not available in all branches (detail / bitbucket)
  224. QEMU readme: note about models using a serial flash (detail / bitbucket)
  225. QEMU README: minor updates to 050a3cc (detail / bitbucket)
  226. Merged unified into qemu (detail / bitbucket)

Started by user Alex

Revision: 9dff88575e9676331ecf2b839e6c44d5feb3948c