[OpenBIOS] SOLVED: the mystery of Solaris on SPARC32 and the missing Forth arguments

Blue Swirl blauwirbel at gmail.com
Fri Oct 29 22:36:22 CEST 2010

On Fri, Oct 29, 2010 at 8:28 PM, Mark Cave-Ayland
<mark.cave-ayland at siriusit.co.uk> wrote:
> Blue Swirl wrote:
>>> So it would be useful to have someone who understands both SPARC32 and
>>> qemu
>>> to take a look (hint, hint!) ;)
>> Trap 0x29 is TT_DATA_ACCESS, invoked on access to unassigned memory by
>> QEMU. Perhaps enabling DEBUG_UNASSIGNED in target-sparc/op_helper.c
>> may reveal something.
>> It has been suspected that QEMU may be a bit too trigger happy with
>> unassigned memory accesses. There may also be an undocumented device,
>> or Solaris just tries to access a device which does not exist on SS-5.
> Okay. With that DEBUG_UNASSIGNED enabled I get the following message as the
> trap is invoked:
> Unassigned mem write access of 4 bytes to ffffffffffff0ecc from f004127c

That seems to be a 'neverland' mapping, accessed using MMU no-fault
mode. This is very poorly documented. In QEMU the code for the mode is
in target-sparc/helper.c, functions get_physical_address() and

> Is there some kind of device map for SPARC32 somewhere so we can lookup what
> kind of device this is?

For QEMU, this kind of information is in hw/sun4m.c, otherwise there's
the Sun4m System Architecture manual.

More information about the OpenBIOS mailing list