Nikon Emulator

All things embedded

Nikon Emulator

Postby Vicne » Tue Jan 03, 2012 5:53 pm

Edit: The latest version (NikonEmulator v2.49) is available here (requires Java 1.7). More info and help about the emulator is available on this wiki page.
(Obsolete versions, including the last FrEmulator v1.98 compatible with Java 1.6, are archived here)

Hi, all,
I think it's time to share the tool I'm working on for the last few weeks: a Fujitsu Fr processor Emulator.

Basically, what it does is load the firmware (after decoding it first if needed) and run it, behaving exactly like the processor would. Currently, only two components are correctly emulated: the Processor and the Memory space.
The emulator can be paused, resumed, or restarted, and the delay between instructions can be selected.
A few windows are available for debugging:
- CPU State: shows all CPU internal registers. Once the emulator is paused, values can also be modified for testing.
- Memory Hex Viewer. Once the emulator is paused, values can also be modified for testing.
- Real-time disassembly.
- Screen emulator: should present what would be on the screen (currently black unfortunately, see next post) Edit: fixed in 1.52
- Visual memory activity viewer. A few words about it: each pixel in the first big black square represents the "pages" (64k pixels x 64k bytes/page). The R/G/B components are incremented each time a byte is resp. Stored/Loaded/Executed in the given page. The big red line is the result of the "clear memory" routine. The yellow (= Red+Green) on the left around 0x68000800 is the stack which is constantly read and written. If you want to zoom into a given page, just click on the corresponding "page pixel". A smaller black square appears, with the same logic, except that this time, each pixel is one byte. If you zoom on the "screen area", you see it almost black because each byte has been written only once, so the RGB is (1,0,0). In the stack area, however, the same line can be seen even when zooming in because the program reads and writes the same addresses all the time.

Of course, this is based on many software components I didn't write myself (see About box for more information), the most important being Dfr for the disassembly, and its port to C# by Simeon.

Well, speaking of languages, as you guess by the look and feel of the application, this is 100% java. The good thing is it is portable and easy to understand. The bad thing is that it is not the fastest language (you could be surprised, but in any case, I'm not looking for speed).

Another bad aspect that I'm aware of is that Java hasn't been cited until now in this project... Sorry, I don't intend to exclude anyone or start a language war of course, but Java is the language I'm using everyday and I can code at least 5 times faster in Java than .Net, and probably 20 times faster than in any other language.

I hope this tool can help us understand things a bit further, and if we can emulate other components, it could also be used as a testbed to validate modifications without any risk (no bricks policy ;-))

The binary and source distributions are attached below.
Usage is straightforward if you have a Java Virtual Machine installed (and java.exe is in your path): unzip the binary and run the batch file (for Windows), or just run the equivalent command on other platforms.
(by the way, other executable parts are also included, such as the full Dfr disassembler (Java port), Unit tests for all FR instructions, and so on).

Hope you'll have as much fun using it as I did writing it. Any comment is welcome of course.

Vicne

PS: I chose to distribute it under GPL. Simeon, maybe we could host it on Google code if you like
Attachments
FrEmulator-1.0-src.zip
Source distribution (obsolete - see http://code.google.com/p/nikon-firmware-tools/downloads/list for latest version)
(766.38 KiB) Downloaded 401 times
FrEmulator-1.0.zip
Binary version (obsolete - see top of post for latest version)
(766.53 KiB) Downloaded 422 times
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Fujitsu Fr Emulator

Postby Vicne » Tue Jan 03, 2012 5:57 pm

So, what does the code do ?

Well, unfortunately, after a few seconds, it gets stuck in a neverending loop (hence the screen emulator component remaining black), which is the following code:
Code: Select all
  1.  

  2. 0x001FE576  9F8C 001D 953C               LDI:32  #0x001D953C,R12

  3. 0x001FE57C  9F1C                         CALL:D  @R12          ; 0x001D953C

  4. 0x001FE57E  C014                          LDI:8  #0x01,R4

  5.         0x001D953C  CABC                         LDI:8   #0xAB,R12

  6.         0x001D953E  978C                         EXTSB   R12

  7.         0x001D9540  1F40                         INT     #0x40

  8.                 ; calling interrupt 0x40

  9.                 ; ...

  10.         0x001D9542  9720                         RET    

  11. 0x001FE580  9F8C 4006 0010               LDI:32  #0x40060010,R1

  12. 0x001FE586  05C0                         LDUH    @R12,R0          ; 0x40060010

  13. 0x001FE588  9B01 1000                    LDI:20  #0x01000,R1

  14. 0x001FE58C  8210                         AND     R1,R0

  15. 0x001FE58E  E2F3                         BEQ     0x001FE576

  16.  


In other words, interrupt 40 is called repeatedly until value 0x00001000 is found at address 0x40060010, which never happens by itself of course.

So I guess we are waiting for a handshake from another component...

Any idea ?

Best regards,
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Fujitsu Fr Emulator

Postby Simeon » Tue Jan 03, 2012 6:54 pm

I also don't wish to start a language war.. but... Java.... :naughty:

Kidding.
Simeon
Core Developer
 
Posts: 2093
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 395 times

Re: Fujitsu Fr Emulator

Postby Simeon » Tue Jan 03, 2012 6:59 pm

This sounds really cool, I was thinking about something like this... but don't do it... I was also thinking about how to deal with the read/write steps between CPU's..

So great work.
Simeon
Core Developer
 
Posts: 2093
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 395 times

Re: Fujitsu Fr Emulator

Postby max » Tue Jan 03, 2012 8:44 pm

Wow, I'm impressed, fantastic stuff!

Vicne wrote:So, what does the code do ?
In other words, interrupt 40 is called repeatedly until value 0x00001000 is found at address 0x40060010, which never happens by itself of course.


Sounds like a polling loop to me. I'm guessing that 0x40060010 is another system that it's waiting to wake up. Just force it and continue or jump over that instruction.

Sounds like it's time to figure out the interrupt table and I/O ports!

-m
max
Site Admin
 
Posts: 367
Joined: Sat Nov 26, 2011 2:40 pm
Been thanked: 105 times

Re: Fujitsu Fr Emulator

Postby Vicne » Wed Jan 04, 2012 1:20 am

Strange. Just tried the Emulator on a slower machine and it doesn't seem to refresh correctly when delay is set to 0...
Just tell me if you see the same behaviour.

Vicne
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Fujitsu Fr Emulator

Postby Vicne » Wed Jan 04, 2012 1:23 am

Simeon wrote:I also don't wish to start a language war.. but... Java.... :naughty:
Kidding.


;-)

Feel free to backport it. :doh:

:grin:
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Fujitsu Fr Emulator

Postby Vicne » Wed Jan 04, 2012 2:45 am

max wrote:Sounds like a polling loop to me. I'm guessing that 0x40060010 is another system that it's waiting to wake up. Just force it and continue or jump over that instruction.


Yes. I really wanted to release the emulator and had just finished the memory editing feature before building a "release" version, so I didn't try yet.

Another research direction I have in mind is to try to identify the memory areas by checking what gets written to or read from them, via the - yet unused - RangeCheckerMemoryActivityListener stub class...

Vicne
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Fujitsu Fr Emulator

Postby Simeon » Wed Jan 04, 2012 3:45 am

Vicne wrote:Feel free to backport it. :doh:


Physical challenge!
Simeon
Core Developer
 
Posts: 2093
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 395 times

Re: Fujitsu Fr Emulator

Postby max » Wed Jan 04, 2012 8:43 am

Vicne wrote:Strange. Just tried the Emulator on a slower machine and it doesn't seem to refresh correctly when delay is set to 0...
Just tell me if you see the same behaviour.

Vicne


when i tried it last night I was getting stuck early on at a single PC but it didn't seem to be a loop -- just stopped. can't check right now. :beer:
max
Site Admin
 
Posts: 367
Joined: Sat Nov 26, 2011 2:40 pm
Been thanked: 105 times

Next

Return to Firmware

Who is online

Users browsing this forum: Yahoo [Bot] and 5 guests