[Qemu-devel] [PATCH] fix ARMv7 MOV R15, xxx operation

[Riihimaki Juha]

The behavior of several ARM mode commands where the destination  
register is R15 has changed in ARMv7 to mimic the behavior of the BX  
instruction. While this calls for a little bit wider fix in the code,  
this patch fixes the issue for the special case of MOV instruction.

Signed-off-by: Juha Riihimäki <address@hidden>
---

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 3cef021..7d9a934 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -6201,17 +6212,24 @@ static void disas_arm_insn(CPUState * env,  
DisasContext *s)
                 gen_op_logic_T0_cc();
             break;
         case 0x0d:
-            if (logic_cc && rd == 15) {
-                /* MOVS r15, ... is used for exception return.  */
-                if (IS_USER(s))
-                    goto illegal_op;
-                gen_op_movl_T0_T1();
-                gen_exception_return(s);
-            } else {
-                gen_movl_reg_T1(s, rd);
-                if (logic_cc)
-                    gen_op_logic_T1_cc();
+            if (rd == 15) {
+                if (logic_cc) {
+                    /* MOVS r15, ... is used for exception return.  */
+                    if (IS_USER(s))
+                        goto illegal_op;
+                    gen_op_movl_T0_T1();
+                    gen_exception_return(s);
+                    break;
+                } else if (ENABLE_ARCH_7) {
+                    tmp = new_tmp();
+                    tcg_gen_mov_i32(tmp, cpu_T[1]);
+                    gen_bx(s, tmp);
+                    break;
+                }
             }
+            gen_movl_reg_T1(s, rd);
+            if (logic_cc)
+                gen_op_logic_T1_cc();
             break;
         case 0x0e:
             gen_op_bicl_T0_T1();