Thanks for your work on this emulator, I've been using the CPU emulation to help find bugs in an x86 emulator I've been writing. In the process I've noticed a few issues in PCjs so I'm reporting them here.
fnXCHGrw in x86func.js has a typo for the [E]BP case - it refers to this.regEBX rather than regEBP.loadDesc8 in segx86.js assigns fIDT only if (sizeGate > 0) but it's possible to hit a usage without it being assigned (in the !(acc & X86.DESC.ACC.PRESENT) case).- Again in
loadDesc8 the member this.addrIOPMLimit is assigned using the value of this.limit but I believe it should be using the local variable limit.
Things that I'm not entirely sure about the correct behaviour:
- "MOV segment to r/m16 (opcode 0x8c)", my reading of the Intel spec says that when writing to memory the write should always be 16 bit. PCjs doesn't implement this - but I haven't actually tested real hardware.
- IRET "Return to outer privilege level": The Intel pseudo code suggests that a 16 bit IRET will cause a 16 bit stack pointer to be read but the whole ESP register will be overwritten (i.e. top bits zeroed). This isn't the behaviour I've seen on real hardware or the other emulators I've tested. It also seems like broken behaviour. So PCjs seems to be "spec compliant" but is probably wrong.
- There's a test suite 80186_tests which requires behaviour which differs from PCjs in places (my notes say that
AAD in particular is different). I haven't myself confirmed whether the test suite is correct but you might be interested in it.
- I've hit a large number of places where flag behaviour is different but these are areas where the Intel spec says the flags are undefined, so not bugs but you might find issues with the above 80186_tests due to flag differences.
Once again thanks for providing this emulator - it has helped me track down many tricky bugs in my emulator and the code is nicely modular and readable so I was able to run it synchronised with my emulator and compare the execution.
Thanks for your work on this emulator, I've been using the CPU emulation to help find bugs in an x86 emulator I've been writing. In the process I've noticed a few issues in PCjs so I'm reporting them here.
fnXCHGrwinx86func.jshas a typo for the[E]BPcase - it refers tothis.regEBXrather thanregEBP.loadDesc8insegx86.jsassignsfIDTonly if(sizeGate > 0)but it's possible to hit a usage without it being assigned (in the!(acc & X86.DESC.ACC.PRESENT)case).loadDesc8the memberthis.addrIOPMLimitis assigned using the value ofthis.limitbut I believe it should be using the local variablelimit.Things that I'm not entirely sure about the correct behaviour:
AADin particular is different). I haven't myself confirmed whether the test suite is correct but you might be interested in it.Once again thanks for providing this emulator - it has helped me track down many tricky bugs in my emulator and the code is nicely modular and readable so I was able to run it synchronised with my emulator and compare the execution.