port-mac68k: mrg sucks, or how apple changes roms

Subject: mrg sucks, or how apple changes roms
To: pm <port-mac68k@NetBSD.ORG>
From: Olivier GALIBERT <Olivier.Galibert@mines.u-nancy.fr>
List: port-mac68k
Date: 12/17/1995 12:29:14
Porting MacBSD to the 630 is fun... you find interesting things about
how apple patches roms... and why mrg won't probably work very much
longer :-/

My target in the Egret_Init function. Heh, here is the LCIII version :

000147c4 move.l a0,00000de0
000147c8 movea.l a0,a2
000147ca move.w sr,-(sp)
000147cc ori.w #700,sr
000147d0 lea 38(a2),a0
000147d4 move.l a0,30(a2)
000147d8 bsr.w 00014bb4
000147dc lea 00014912,a0
000147e0 move.l a0,0000019a
000147e4 lea 00014be2,a0
000147e8 move.l a0,28(a2)
000147ec movea.l 000001d4,a1
000147f0 bclr #4,1600(a1)
000147f6 move.b #ffffff84,1c00(a1)
000147fc move.w (sp)+,sr
000147fe rts

(patching opbjdump to have motorola-like output was fun, too ;-).
The routine at 14bb4 is not a problem.. Today.

Now, look at the 630 version :

000147c8 move.l a0,00000de0
000147cc movea.l a0,a2
000147ce move.w sr,-(sp)
000147d0 ori.w #700,sr
000147d4 lea 38(a2),a0
000147d8 move.l a0,30(a2)
000147dc bsr.w 00014bb8
000147e0 bsr.l 00014eea
000147e6 nop
000147e8 move.l a0,0000019a
000147ec move.l a1,28(a2)
000147f0 movea.l 000001d4,a1
000147f4 bclr #4,1600(a1)
000147fa move.b #ffffff84,1c00(a1)
00014800 move.w (sp)+,sr
00014802 rts

Fun thing : how the bsr have been included at 147e0 (by bashing two lea and
adding a nop - can't they recompile ? And don't tell me about absolute
adresses, since the base adress *is* different).

Not so fun thing : The new routine at 14eea :
00014eea movem.l d0-d2/a2,-(sp)
00014eee bsr.s 00014ed0
00014ef0 bne.s 00014f04
00014ef2 lea 00014804,a0
00014ef6 move.l #92,d0
00014efc dc.w a247
00014efe lea 00014916,a0
00014f02 bra.s 00014f60
00014f04 lea 00094abc,a0
00014f0a lea 00014f04(pc,a0.l),a0
00014f0e move.l #92,d0
00014f14 dc.w a247
00014f16 lea 00094cbc,a0
00014f1c lea 00014f16(pc,a0.l),a0
00014f20 move.l a0,0000019a
00014f24 clr.b 64(a2)
00014f28 clr.w (a2)
00014f2a suba.w #14,sp
00014f2e movea.l sp,a0
00014f30 move.w #107,(a0)
00014f34 clr.w 2(a0)
00014f38 lea 66(a2),a1
00014f3c move.l a1,8(a0)
00014f40 move.w #100,6(a0)
00014f46 clr.l 10(a0)
00014f4a dc.w a092
00014f4c lea 14(sp),sp
00014f50 move.b #1,64(a2)
00014f56 lea 00094c7c,a0
00014f5c lea 00014f56(pc,a0.l),a0
00014f60 lea 0009507e,a1
00014f66 lea 00014f60(pc,a1.l),a1
00014f6a movem.l (sp)+,d0-d2/a2
00014f6e rts

a247 is SetTrapAddress SysImmediate, a092 is EgretDispatch. None of these
two calls are not implemented for now in mrg. At first glance we could
ignore SetTrapAddress and implement the dispatch, but the dispatch *is*
the patched address. So I wonder... what the hell should I do with such
code ?

Anyway, if apple do some other hacks like that, I can predict imminent
death of mrg concept...

  Sarayan

PS: Since a *lot* of people is asking me about how doing a cross-compiling
    env, I'm going to write a file about my experience. So don't be upset
    if I don't answer individually, thanks :-)