I haven't done low-level development for a long time... but I can try to dig with some help. How can I help? Do you have real IBM hardware that your version of AIX can be installed? I was wondering what was the path of the cdrom drive on a real IBM computer looked like. I'm asking because the main problem stopping Mac OS X from booting on the Beige G3 target was because of a wrong path. Maybe an incorrect path in OpenBIOS might be the cause. Posting the device tree of real IBM hardware might help locate issues.
Trying to load: -s verbose from: /vdevice/address@hidden/address@hidden:\ppc\chrp\bootfile.exe ... qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffffffffffffc
Given the fact we see the really high address value trying to be accessed could indicate an address calculation issue. I don't have AIX, so I can't be certain. Given all the addressing modes of the Power processor, this could definitely be a problem. I've seen global variables fail to hold a value because of the addressing mode of the CPU when accessing that code.
Would you be able to debug QEMU (by single stepping thru code) until you reach the error message about executing code outside of RAM or ROM? If you need help interfacing GDB with QEMU, let me know. It would help if we knew where exactly QEMU fails. Remember to compile QEMU with --enable-debug before debugging. This will make QEMU really slow, but easier to trace. |