qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] qemu/target-mips op.c translate.c

From: Stefan Weil
Subject: Re: [Qemu-devel] qemu/target-mips op.c translate.c
Date: Sat, 19 May 2007 12:47:53 +0200
User-agent: IceDove 1.5.0.10 (X11/20070329) 
Here is an analysis of the FPU problem:

1. Linux FPU emulation writes code on user stack
2. this code raises address error exception (caused by lw zero,1(zero))
more operations follow ...
3. Syscall 4119 (sigreturn) is written on user stack (same location as
above)
4. this code should raise syscall exception, but raises address error
exception

Step 4 is wrong: QEMU logs the correct code, but executes code from step 2.
See extract from qemu.log below. It was modified to log tlb_flush_page, too.

Stefan

tlb_flush_page: 7fab0590
tlb_flush_page: 80110154
cpu_mips_handle_mmu_fault pc 7fab0598 ad 7fab0598 rw 2 is_user 1 smmu 1
cpu_mips_handle_mmu_fault address=7fab0598 ret 0 physical 0fb42598 prot 3
------------------------------------------------
pc=0x7fab0598 HI=0x00000000 LO=0x00000038 ds 0001 8012f5d4 1
GPR00: r0 00000000 at 7fab07c0 v0 00770000 v1 00d38fd4
GPR04: a0 00882a98 a1 00000001 a2 00000000 a3 00000000
GPR08: t0 008648e0 t1 008648c8 t2 0088194c t3 00882a98
GPR12: t4 00000001 t5 00000001 t6 ffffffff t7 008648c8
GPR16: s0 0087bc20 s1 0087bc20 s2 0087bcc4 s3 7fab0868
GPR20: s4 0086cdf0 s5 00750000 s6 0087d018 s7 0087bc9c
GPR24: t8 00000000 t9 005cbe44 k0 7fab05a8 k1 8da0bfe0
GPR28: gp 00839740 sp 7fab05a8 s8 00000050 ra 00642ef8
CP0 Status  0x0000a411 Cause   0x1080002c EPC    0x7fab0598
    Config0 0x80008481 Config1 0x9e190c8a LLAddr 0x00000001
IN:
0x7fab0598:  addiu    s4,sp,132
0x7fab059c:  lw    zero,1(zero)
0x7fab05a0:  tne    zero,zero,0x2f4
0x7fab05a4:  0x5cc048

OP:
0x0000: load_gpr_T0_gpr29
0x0001: set_T1 0x84
0x0002: add
0x0003: store_T0_gpr_gpr20
0x0004: set_T0 0x1
0x0005: lw_user
0x0006: save_pc 0x7fab05a4
0x0007: raise_exception 0x12
0x0008: interrupt_restart
0x0009: reset_T0
0x000a: exit_tb
0x000b: end

---------------- 3 00000001
search pc 1
------------------------------------------------
pc=0x7fab0598 HI=0x00000000 LO=0x00000038 ds 0001 8012f5d4 1
GPR00: r0 00000000 at 7fab07c0 v0 00770000 v1 00d38fd4
GPR04: a0 00882a98 a1 00000001 a2 00000000 a3 00000000
GPR08: t0 008648e0 t1 008648c8 t2 0088194c t3 00882a98
GPR12: t4 00000001 t5 00000001 t6 ffffffff t7 008648c8
GPR16: s0 0087bc20 s1 0087bc20 s2 0087bcc4 s3 7fab0868
GPR20: s4 7fab062c s5 00750000 s6 0087d018 s7 0087bc9c
GPR24: t8 00000000 t9 005cbe44 k0 7fab05a8 k1 8da0bfe0
GPR28: gp 00839740 sp 7fab05a8 s8 00000050 ra 00642ef8
CP0 Status  0x0000a411 Cause   0x1080002c EPC    0x7fab0598
    Config0 0x80008481 Config1 0x9e190c8a LLAddr 0x00000001
IN:
0x7fab0598:  addiu    s4,sp,132
0x7fab059c:  lw    zero,1(zero)
0x7fab05a0:  tne    zero,zero,0x2f4
0x7fab05a4:  0x5cc048

OP:
0x0000: load_gpr_T0_gpr29
0x0001: set_T1 0x84
0x0002: add
0x0003: store_T0_gpr_gpr20
0x0004: set_T0 0x1
0x0005: lw_user
0x0006: save_pc 0x7fab05a4
0x0007: raise_exception 0x12
0x0008: interrupt_restart
0x0009: reset_T0
0x000a: exit_tb
0x000b: end

---------------- 3 00000001
do_raise_exception_err: 10 0
do_interrupt enter: PC 7fab059c EPC 7fab0598 cause -1 excp 10
do_interrupt: PC 80000180 EPC 7fab059c cause 4 excp 10

...

tlb_flush_page: 7fab0590
tlb_flush_page: 80110154
cpu_mips_handle_mmu_fault pc 80106e68 ad 7fab05a8 rw 1 is_user 0 smmu 1
cpu_mips_handle_mmu_fault address=7fab05a8 ret 0 physical 0fb425a8 prot 3
dump_sc 00000001 at 8fe90d44 (8fe90d44)
dump_sc 00000200 at 8da0a008 (8da0a008)
dump_sc 00000000 at 8da0a008 (8da0a008)
cpu_mips_handle_mmu_fault pc 80102000 ad 80102000 rw 2 is_user 0 smmu 1
cpu_mips_handle_mmu_fault address=80102000 ret 0 physical 00102000 prot 1
cpu_mips_handle_mmu_fault pc 2ad0f2c4 ad 7fab0584 rw 1 is_user 1 smmu 1
cpu_mips_handle_mmu_fault address=7fab0584 ret 0 physical 0fb42584 prot 3
search pc 1
------------------------------------------------
pc=0x7fab0598 HI=0x0000007f LO=0x003e5651 ds 0001 80177030 1
GPR00: r0 00000000 at 7fab07f8 v0 2ad59060 v1 2ad59ec8
GPR04: a0 00000000 a1 7fab0568 a2 7fab05a0 a3 00000001
GPR08: t0 fffffff8 t1 00000000 t2 6f727461 t3 fffffff4
GPR12: t4 00000000 t5 fffffffe t6 00000001 t7 0083e47c
GPR16: s0 7fab0838 s1 2ad59054 s2 2ad59060 s3 ffffffff
GPR20: s4 7fab060c s5 2ad59050 s6 00905690 s7 0071ab98
GPR24: t8 00000000 t9 2ad0f2c4 k0 7fab0820 k1 8da0bfe0
GPR28: gp 2ad61b50 sp 7fab0588 s8 0071e3bc ra 7fab0598
CP0 Status  0x0000a411 Cause   0x10800020 EPC    0x2ad0f2c4
    Config0 0x80008481 Config1 0x9e190c8a LLAddr 0x00000001
IN:
0x7fab0598:  li    v0,4119
0x7fab059c:  syscall

OP:
0x0000: reset_T0
0x0001: set_T1 0x1017
0x0002: add
0x0003: store_T0_gpr_gpr2
0x0004: save_pc 0x7fab059c
0x0005: raise_exception 0xf
0x0006: interrupt_restart
0x0007: reset_T0
0x0008: exit_tb
0x0009: end

---------------- 3 00000001
do_raise_exception_err: 10 0
do_interrupt enter: PC 7fab059c EPC 2ad0f2c4 cause -1 excp 10
do_interrupt: PC 80000180 EPC 7fab059c cause 4 excp 10
    S 0000a413 C 10800010 A 00000001 D 00000000


Thiemo Seufer schrieb:
> Stefan Weil wrote:
>> This change still does not fix the problems with
>> self-modifying code in Linux FPU emulation.
>>
>> Linux FPU emulation calls mips_dsemul which calls flush_cache_sigtramp
>> which is local_r4k_flush_cache_sigtramp for MIPS 4KEc. So I had expected
>> that the new code would fix the problems with FPU emulation.
>>
>> But programs like aptitude crash (caused by FPU emulation)
>> even with latest QEMU CVS.
>
> Indeed, it fixes gdb breakpoints, though. (Which means I believe by
> now Paul was right with his analysis of the FPU problem.)
>
>
> Thiemo
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]