qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] MIPS emulation


From: Thiemo Seufer
Subject: Re: [Qemu-devel] MIPS emulation
Date: Sun, 6 Jul 2008 05:52:13 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

Luke -Jr wrote:
> I've attached a log of my qemu session... it gives the same results I 
> expected 
> from manual disassembly. Does anyone have any clues as to why this works on 
> real hardware?

[snip]
> cpu_mips_handle_mmu_fault pc bfc008d8 ad 9fc00398 rw 0 mmu_idx 0 smmu 1
> cpu_mips_handle_mmu_fault address=9fc00398 ret 0 physical 1fc00398 prot 3
> cpu_mips_handle_mmu_fault pc bfc008d8 ad bfc00064 rw 0 mmu_idx 0 smmu 1
> cpu_mips_handle_mmu_fault address=bfc00064 ret 0 physical 1fc00064 prot 3
> ------------------------------------------------
> pc=0xbfc0096c HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc0096c 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
> GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
> CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
> IN: 
> 0xbfc0096c:  lhu      t0,0(a1)
> 0xbfc00970:  bne      t0,a0,0xbfc009c4
> 0xbfc00974:  nop
> 
> ---------------- 2 00000090
> cpu_mips_handle_mmu_fault pc bfc0096c ad fffe0000 rw 0 mmu_idx 0 smmu 1
> cpu_mips_handle_mmu_fault address=fffe0000 ret -2 physical b7ceca12 prot 
> 138223624
> search pc 1

Apparently it wants to read from 0xfffe0000, which is IIRC the EJTAG
address space. EJTAG debugging isn't implemented in Qemu. The address
space is reserved, therefore...

> ------------------------------------------------
> pc=0xbfc0096c HI=0x08428ec4 LO=0x08428ed4 ds 0090 bfc0096c 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
> GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
> CP0 Status  0x00400000 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
> IN: 
> 0xbfc0096c:  lhu      t0,0(a1)
> 0xbfc00970:  bne      t0,a0,0xbfc009c4
> 0xbfc00974:  nop
> 
> ---------------- 2 00000090
> do_raise_exception_err: 26 1
> do_interrupt enter: PC bfc0096c EPC 00000000 TLB load exception

... a TLB exception occurs ...

> do_interrupt: PC bfc00200 EPC bfc0096c cause 2
>     S 00400002 C 00000408 A fffe0000 D 00000000
> ------------------------------------------------
> pc=0xbfc00200 HI=0x08428ec4 LO=0x08428ed4 ds 0098 bfc0096c 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00003351 a1 fffe0000 a2 80a0f0ff a3 00000000
> GPR08: t0 9fc00398 t1 bfc0096c t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 bfc0043c s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 a0000000 k0 bfc00050 k1 bfc00020
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra bfc008fc
> CP0 Status  0x00400002 Cause   0x00000408 EPC    0xbfc0096c
>     Config0 0x80008482 Config1 0x9e190c8b LLAddr 0x00000000
> IN: 
> 0xbfc00200:  lwu      zero,984(s8)
> 0xbfc00204:  0x1ab3f00
> 0xbfc00208:  lwu      zero,2412(s8)
> 0xbfc0020c:  lwu      zero,2512(s8)
> 0xbfc00210:  lwu      zero,2684(s8)
> 0xbfc00214:  alni.ob  $f23,$f6,$f1,1
> 0xbfc00218:  lwu      zero,3404(s8)
> 0xbfc0021c:  lwu      zero,3008(s8)
> 0xbfc00220:  lwu      zero,3120(s8)
> 0xbfc00224:  lwu      zero,4124(s8)
> 0xbfc00228:  nop
> 0xbfc0022c:  ll       zero,0(zero)
> 0xbfc00230:  nop
> 0xbfc00234:  j        0xb8180004
> 0xbfc00238:  lwu      zero,3496(s8)
> 
> ---------------- 2 00000098
> do_raise_exception_err: 20 0
> do_interrupt enter: PC bfc00200 EPC bfc0096c reserved instruction exception

... which finally kills it because the firmware doesn't handle TLB
exceptions that early in the boot process (when the BEV bit is still set).


Thiemo




reply via email to

[Prev in Thread] Current Thread [Next in Thread]