>> I am emulating TI RTOS(Texas Instrument real time operating system) on a
>> cortex-M3 device. I have made boot up code work, but I am currently stuck at
>> exception handler.
>>
>> when the code return from exception handler it goes to:
>> 0x1001c90e: b401b402 strlt fp, [r1], #-0x402
>>
>> while it should be:
>> 1001c90e: B402 push {r1}
>> 1001c910: B401 push {r0}
>That looks like the guest has returned with an incorrect>XPSR bit that specifies Arm mode, rather than Thumb mode>(and the guest will take an immediate UsageFault trying to>execute the next instruction, since M profile CPUs don't>implement Arm mode).
Yes, this looks like misusing ARM mode instead of Thumb mode to me.
I just checked the local variable xpsr in function do_v7m_exception_exit()
by adding a qemu_log_mask line at the end of the function. I turn on log by
-d in_asm,guest_errors. And the xpsr = 0x1000000, which has its bit 24 set to 1.
And bit 24 is the indicator of Thumb state according to ARM info center. So it
should be correct, or am I getting something wrong?
And yes, the execution flow will go to UsageFault after the Arm instruction.
>> I notice the TI RTOS return from an exception with PC with bit 0 set. But it
>> should not be an issue of current qemu.
>Which version of QEMU are you using? For v7M doing an exception
>return to a PC with bit 0 set is UNPREDICTABLE and this is
>always a bug in your guest code. QEMU will (in more recent
>versions) ignore the set bit, as M3 hardware does. It will
>also print a warning if you pass QEMU the option "-d guest_errors".
>Older QEMU versions would attempt to start execution at the
>odd address, but we can see from the disassembly that that
>hasn't happened in your case.
I am using version 2.11.50 which I forked 2 months ago from the master branch.
Yes, I can see the UNPREDICTABLE log in my log. And I have checked that part of code.
It seems that you have updated that behavior in a patch last year by setting
env->regs[15] &= ~1U when it happens.
>However, the PC value doesn't affect whether we think the code
>is in Arm or Thumb mode -- that is determined by the XPSR
>value we pop off the stack, and specifically the XPSR.T bit.
>You should look at what your guest code has set up as the
>XPSR value.
As i mentioned above, I have checked the xpsr in do_v7m_exception_exit().
(at /qemu/target/arm/helper.c) Or shall I check another place?
I am looking forward to your reply!
Thank you,
Ruide Zhang