[Qemu-devel] Qemu arm emulation

[Charlie Baylis]

Hi Fabrice

I have had a look at some faults in the ARM port of Qemu. I have discovered a
couple of bugs. To avoid difficulties with my employer I can't distribute my
patch which contains the fixes, but they are fairly trivial so I am detailing
the changes required here.

1. The RRX operand shift on data processing instructions is incorrectly decoded
as a rotate right (ROR) of 0 bits.
RRX should have the effect of an extended rotate right of 1 bit where the carry
flag is shifted into the top bit of the result. If the S bit is set, then the
carry flag is set to the bottom bit of the source value.

2. Shifter carry out for immediates
When an immediate value is generated the shifter carry out is set to bit31 of
the resulting immediate if the shift value is non zero. If the shift value
is zero, then the shifter carry out has the value of the C flag.

Therefore, the following instructions should alter the carry flag when used
with an immediate which has a non-zero shift. 
ANDS BICS EORS MOVS MVNS ORRS TEQS and TSTS
(The remaining data processing instructions generate the C flag from the
calculation performed by the instruction)

Test case is attached as a C file and as assembler file. The assembler function
f will return if these bugs are fixed and loops forever otherwise. I can email
you a statically linked binary if you don't have an ARM toolchain.


Apologies for not being able to just send a patch.

Regards
Charlie

p.c
Description: Text Data

ps.s
Description: Text document