$Id: TODO,v 1.343 2006/08/14 18:46:30 debug Exp $

Hm. This file is in random order, and not all parts of it are up-to-date.


Implementation:
	x)  ARM "wait"-like instruction.
	x)  CLOCK FRAMEWORK!
	x)  Mouse support for NetBSD/pmax 4.x!
	x)  See netwinder_reset() in NetBSD; the current "an internal error
	    occured" message after reboot/halt is too ugly.
	x)  64-bit ranges in src/cpus/memory_mips_v2p.c
	x)  Revert the dyntrans page template experiment? Hm.
	x)  Refactor the cpu type detection/initialization/listing.
		Macro, which can be used as long as the cpu definitions
		contain a 'name'?
	x)  Testmachine includes:
		+ dev_fb block fill and copy
		+ dev_fb draw characters (from the built-in font)?
		+ dev_fb input device? mouse pointer coordinates and buttons
			(allow changes in these to cause interrupts as well?)
		+ Redefine the halt() function so that it stops "sometimes
		  soon", i.e. usage in demo code should be:
			for (;;) {
				halt();
			}
	x)  Continue on SPARC emulation
		+ Enable it in the configure script as soon as it can
		  run all the demo programs.
	x)  Continue on Alpha emulation  (virtual memory, etc). Cleanup.
	x)  Nicer MIPS status bits in register dumps.
	x)  Alignment exceptions (MIPS, PPC, ARM?, ...)
	x)  Rewrite the networking stack; make OpenBSD work better as a guest
	    OS, fix the performance problems, make Linux work with DHCP, etc.
	    Support VDE (vde.sf.net)? Allow SLIP connections, possibly PPP,
	    in addition to ethernet?
	x)  Implement more ethernet NICs.
	x)  IOP (I2O) device?

Documentation:
	x)  "Install netbsd/pmax first" => only use the install kernel?
	x)  Rewrite the section about experimental devices, after the
	    framebuffer acceleration has been implemented, and demos
	    written. (Symbolic names instead of numbers; example
	    use cases, etc. Mention demo files that use the various
	    features?)
	x)  "a very simple linear framebuffer device (for graphics output)"
	    under "which machines does gxemul emulate" ==> better
	    description?
	x)  Better description on how to set up a cross compiler?
	    Example for MIPS64.

Long-term design:
	x)  Instruction combination collisions? How to avoid easily...
	x)  Think about how to do both SHmedia and SHcompact in a reasonable
	    way!
	o)  Actually use the settings object, better debugger stuff, etc!
	o)  Debugger command for enabling/disabling instruction statistics
	    during runtime.   machine.statistics = on|off
	x)  MAINBUS REDESIGN!
	x)  PCI redesign... I need to read up on how PCI actually works :)
	x)  Clock framework! Go through all clock devices, make sure they
	    return correct data, and run at correct speeds!
	x)  Dyntrans with valgrind-inspired memory checker. (In memory_rw,
	    it would be reasonably simple to add; in each individual fast
	    load/store routine = a lot more work, and it would become
	    kludgy very fast.)
	x)  Dyntrans with SMP... lots of work to be done here.
	x)  Dyntrans with cache emulation... lots of work here as well.
	x)  Reimplement the config file parser from scratch.

-------------------------------------------------------------------------------

Simple Valgrind-like checks?
	o)  Mark every address with bits which tell whether or not the address
	    has been written to.
	o)  What should happen when programs are loaded?  Text/data, bss (zero
	    filled). But stack space and heap is uninitialized.
	o)  Uninitialized local variables:
		A load from a place on the stack which has not previously
		been stored to => warning. Increasing the stack pointer using
		any available means should reset the memory to uninitialized.
	o)  If calls to malloc() and free() can be intercepted:
		o)  Access to a memory area after free() => warning.
		o)  Memory returned by malloc() is marked as not-initialized.
		o)  Non-passive, but good to have: Change the argument
		    given to malloc, to return a slightly larger memory
		    area, i.e.  margin_before + size + margin_after,
		    and return the pointer  + margin_before.
		    Any access to the margin_before or _after space results
		    in warnings. (free() must be modified to free the
		    actually allocated address.)

SMP:
	o)  dev_mp doesn't work well with dyntrans yet
	o)  In general, IPIs, CAS, LL/SC etc must be made to work with dyntrans

MIPS:
	+)  Some more work on opcodes.
		x) The "wait" instruction. How to implement this functionality?
			(SMP, non-MIPS, interrupt correctness, host idling, ...)
		x) MIPS64 revision 2.
			o)  Find out which actual CPUs implement the rev2 ISA!
		x) _MAYBE_ TX79 and R5900 actually differ in their
		   opcodes? Check this carefully!
	o)  Dyntrans: Count register updates are probably not 100% correct yet.
	o)  Refactor code for performance and readability/maintainability.
	o)  DROTR32 and similar MIPS64 rev 2 instructions, which have
	    a rotation bit which differs from previous ISAs.
	o)  EI and DI instructions for MIPS64/32 rev 2. NOTE: These are
	    _NOT_ the same as for R5900!
	o)  (Re)implement 128-bit loads/stores for R5900.
	o)  R4000 and others:
		x)  watchhi/watchlo exceptions, and other exception
		    handling details
	o)  R10000 and others:  (R12000, R14000 ?)
		x)  memory space, exceptions, ...
		x)  use cop0 framemask for tlb lookups
		    (http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi/hdwr/bks/SGI_Developer/books/R10K_UM/sgi_html/t5.Ver.2.0.book_284.html)

Dyntrans:
	x)  Redesign/rethink the delay slot mechanism used for e.g. MIPS,
		so that it caches a translation (that is, an instruction
		word and the instr_call it was translated to the last
		time), so that it doesn't need to do slow
		to_be_translated for each end of page?
	x)  Program Counter statistics:
		Per machine? What about SMP? All data to the same file?
		A debugger command should be possible to use to enable/
		disable statistics gathering.
		Configuration file option!
	x)  Common fatal_abort() function, which drops into the debugger
		without continuing.
	x)  INVALIDATION should cause translations in _all_ cpus to be
	    invalidated, e.g. on a write to a write-protected page
	    (containing code)
	x)  16-bit encodings? (MIPS16, ARM Thumb, SH3, ...)
	x)  Lots of other stuff: see src/cpus/README_DYNTRANS
	x)  true recompilation backend? think carefully about this,
	    experiment in a separate project (not in GXemul)
		o) First test would be to just implement a simple
		   instruction such as MIPS' addiu or lui, on AMD64
		   hosts...
	x)  Idle loop detection? (Depends on target.) Could be turned
	    into usleep(1) or similar on the host... except when doing
	    e.g. SMP emulation. Then it becomes trickier.

Transputer:
	x)  Implement support for Helios binaries.
	x)  Stack and register contents at startup?
	x)  Figure out how to boot an entire Helios distribution.
	x)  Implement all instructions. :)

Alpha:
	o)  Virtual memory (tlbs etc)
	o)  Get {NetBSD,OpenBSD,Linux}/alpha booting. :)

SPARC:
	o)  Load/stores to alternate address spaces!
	o)  Save/restore register windows etc!
	o)  Finish the subcc and addcc flag computation code.
	o)  Add more registers (floating point, control regs etc)
	o)  Disassemly of some more instructions?
	o)  Are sll etc 32-bit sign-extending or zero-extending?
	o)  Finish the GDB register stuff.
	o)  SPARC v8, v7 etc?

Debugger:
	o)  How does SMP debugging work? Does it simply use "threads"?
		What if the guest OS (running on an emulated SMP machine)
		has a usertask running, with userland threads?
	o)  Try to make the debugger more modular and, if possible, reentrant!
	o)  Remove the emul command? (But show network info if showing
		machines?)
	o)  Generalize the expression evaluator. (debugger_expr.c?)
		settable variables	("show nr of instructions on average")
		emul[x]			defaults to current emul
		machine[x]		defaults to current machine
		cpu[x]			defaults to currently focused cpu
		registers		cpu arch dependent (#-prefix)
		symbols			@-prefix
		numeric constants	decimal, hex, and octal ($-prefix)
		boolean			yes,no, true,false
		operators (+ - * / % & | ^ !)
		parentheses for grouping subexpressions
		NOTE: the change from % to # for register prefix!
		examples:
				emul[0].machine[2].cpu[0].pc
				machine[test2].cpu[1].ra = main
				settings.show_trace_tree = yes

		Settings:
			o)  Remove a setting.
			o)  Read/write a setting given a name. (Read as
			    string and/or int64_t simultaneously?)
			o)  Warnings when exiting the emulator, if the
			    settings have not been removed exactly in
			    the same way as they were added? This would
			    improve code cleanliness in the long term.
			    (I.e. require a corresponding _destroy()
			    function for all _new functions... machine_
			    cpu_ etc.)

		Help command should have subsections! One for "expressions",
		mirrored in the documentation, but the internal help should
		be the one that should be considered correct.
	o)  see src/debugger.c for more

POWER/PowerPC:
	x)  PPC optimizations; instr combs
	x)  64-bit stuff: either Linux on G5, or perhaps some hobbyist
		version of AIX? (if there exists such a thing)
	x)  find and fix the bug which causes NetBSD/macppc to fail after
	    an install!
	x)  macppc: adb controller; keyboard (for framebuffer mode)
	x)  make OpenBSD/macppc work (PCI controller stuff)

Algor:
	PCI interrupts... needed or stuff like the tlp NIC?

ARM:
	o)  try to get netbsd/evbarm 3.x running (iq80321)
	o)  make the xscale counter registers (ccnt) work
	o)  make the ata controller usable for FreeBSD!
	o)  zaurus for openbsd...
	o)  debian/cats crashes because of unimplemented coproc stuff.
	    fix this?

Cache simulation:
	o)  Command line flags for:
		o)  CPU endianness?
		o)  Cache sizes? (multiple levels)
	o)  Separate from the CPU concept, so that multi-core CPUs sharing
	    e.g. a L2 cache can be simulated (?)
	o)  Instruction cache emulation is easiest (if separate from the
	    data cache); similar hack as the S;I; hack in cpu_dyntrans.c.
	    NOTE: if the architecture has a delay slot, then an instruction
	    slot can actually be executed as 2 instructions.
	o)  Data cache emulation = harder; each arch's load/store routines
	    must include support? running one instruction at a time and
	    having a cpu-dependant lookup function for each instruction
	    is another option (easier to implement, but very very slow).

Documentation:
	o)  machines, cpus, devices.
	o)  Automagic documentation generation:
		x)  REMEMBER that several machines/devices can be in
			the same source file!
	o)  Try to rewrite the install instructions for those machines
	    that use 3MAX into using CATS? (To remove the need to a raw
	    ffs partition using up all of the disk image.)

More generic out_of_memory error reporting, and check everywhere!
	Causes:	OpenBSD has low default limits for normal users.
		Host is 32-bit? (32-bit hosts are limited to 4 GB or less
		of userspace memory.)
		You are actually low on RAM. (As trivial as this might sound,
		Unix systems usually allow processes to allocate virtual
		memory beyond the amount of RAM in the machine.)

Breakpoints: 32-bit vs 64-bit sign extension for MIPS, warnings, etc.
	Use the debugger's symbolic name stuff. (which will have to be
	extended soon to support stuff like  "2*x + symbol + y" etc. cool
	stuff)

The Device subsystem:
	x)  allow devices to be moved and/or changed in size (down to a
	    minimum size, etc, or up to a max size)
	x)  keep track of interrupts and busses? actually, allowing any device
	    to be a bus might be a nice idea.
	x)  turn interrupt controllers into devices? :-)
	x)  refactor various clocks/nvram/cmos into one device?

Clocks:
	x)  General framework for automagic clock adjustment for _all_
	    kinds of clocks and timers. (Which should be possible to turn
	    off, of course, like the way DECstation emulation works now.)

PCI:
	x)  last write was ffffffff ==> fix this, it should be used
	    together with a mask to get the correct bits. also, not ALL
	    bits are size bits! (lowest 4 vs lowest 2?)
	x)  add support for address fixups
	x)  generalize the interrupt routing stuff (lines etc). this should
	    be per machine? or per bus, that's better
	x)  add a "pcn" NIC (AMD PCnet32 Lance 79c970 (PCI 1022:2000)),
	    could be useful for several machine modes (Malta, Algor, evbarm,
	    hp700?, macppc, etc.)

Network layer:
	o)  DHCP (for Debian and BSD installers :-)
	o)  increase performance
	o)  don't rely on NetBSD-ish usage
	o)  Multiple networks per emulation, and let different
	    NICs in machines connect to different networks.
	o)  many other issues: see src/net.c

Busses:
	o)  Redesign the entire "mainbus" concept!
	o)  Busses should be placed in a hierarchical tree!
	o)  Easily configurable interrupt routing in SMP systems.
	o)  Specific clock/bus speeds, cpu speeds etc.
	o)  Synchronization over network? or at least in dyntrans within
	    one emulated machine
	o)  dev->bus: TurboChannel, PCMCIA, ADB?

Config file parser:
	o)  Rewrite it from scratch!
	o)  Usage of any expression available through the debugger
	o)  Support for running debugger commands (like the -c
	    command line option)

Floating point layer:
	o)  make it common enough to be used by _all_ emulation modes
	o)  implement more stuff
	o)  non-IEEE modes (i.e. x86)?

Userland emulation:
	x)  Lots of stuff; freebsd and netbsd (and linux?) syscalls.
	x)  Dynamic linking? Hm.

Sound:
	x)  generic sound framework
	x)  add one or more sound cards as devices

ASC SCSI controller:
	x)  NetBSD/arc 2.0 uses the ASC controller in a way which GXemul
	    cannot yet handle. (NetBSD 1.6.2 works ok.) (Possibly a problem
	    in NetBSD itself, http://mail-index.netbsd.org/source-changes/
	    2005/11/06/0024.html suggests that.)

Caches / memory hierarchies: (this is mostly MIPS-specific)
	o)  src/memory*.c: Implement correct cache emulation for
	    all CPU types. (currently only R2000/R3000 is implemented)
	    (per CPU, multiple levels should be possible, associativity etc!)
	o)  R2000/R3000 isn't _100%_ correct, just almost correct :)
	o)  Move the -S (fill mem with random) functionality into the
	    memory.c subsystem, not machine.c or wherever it is now
	o)  ECC stuff, simulation of memory errors?  (Machine dependent)
	o)  More than 4GB of emulated RAM, when run on a 32-bit host?
	    (using manual swap-out of blocks to disk, ugly)
	o)  A global command line option should be used to turn
	    cache emulation on or off. When off, caches should be
	    faked like they are right now. When on, caches and
	    memory latencies should be emulated as correctly as
	    possible.

File/disk/symbol handling:
	o)  Remove some of the complexity in file format guessing, for
		Ultrix kernels that are actually disk images?
	o)  Better handling of tape files
	o)  Read function argument count and types from binaries? (ELF?)
	o)  Better demangling of C++ names. Note: GNU's C++ differs from e.g.
	    Microsoft's C++, so multiple schemes must be possible. See
	    URL at top of src/symbol_demangle.c for more info.

Userland ABI emulation:
	o)  see src/useremul.c

Terminal/console:
	o)  allow emulated serial ports to be connected to the outside
	    world in a more generic way, or even to other emulated
	    machines(?)

Save state of the whole emulated machine, to be able to load it back
	in later?  (Memory, all device's states, all registers and
	so on.  Like taking a snapshot. (SimOS seems to do this,
	according to its website.))

Better framebuffer and X-windows functionality:
	o)  -Yx sometimes causes crashes.
	o)  Simple device access to framebuffer_blockcopyfill() etc,
	    and text output (using the built-in fonts), for dev_fb.
	o)  CLEAN UP the ugly event code
	o)  Mouse clicks can be "missed" in the current system; this is
	    not good. They should be put on a stack of some kind.
	o)  More 2D and 3D framebuffer acceleration.
	o)  Non-resizable windows?  Or choose scaledown depending
		on size (and center the image, with a black border).
	o)  Different scaledown on different windows?
	o)  Switch scaledown during runtime? (Ala CTRL-ALT-plus/minus)
	o)  Bug reported by Elijah Rutschman on MacOS with weird
	    keys (F5 = cursor down?).
	o)  Keyboard and mouse events:
		x)  Do this for more machines than just DECstation
		x)  more X11 cursor keycodes
		x)  Keys like CTRL, ALT, SHIFT do not get through
		    by themselves (these are necessary for example
		    to change the font of an xterm in X in the
		    emulator)
	o)  Generalize the framebuffer stuff by moving _ALL_ X11
		specific code to src/x11.c!

Statistics:  (this could be interesting)
	o)  Save to file and show graphics. It should be possible to
	    run gxemul after a simulation to just show the graphics,
	    or convert to a .ppm or .tga or similar.
	o)  memory accesses (to measure cache efficiency and
		page coloring efficiency)
	o)  nr of simultaneous ASIDs in use in the TLB, for MIPS
	o)  percentage of time spent in different "states", such as
	    running userland code, kernel code, or idling (for CPUs
	    that have such an instruction, or whenever the PC is
	    inside a specific idle-function (address range)).
	    Possible additional state (for example on R3000): caches
	    disabled.
	o)  position of read/write on (SCSI) disks

