[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Bug in PPC TCG for rlwimi ?
|
From: |
Tom Musta |
|
Subject: |
[Qemu-devel] Bug in PPC TCG for rlwimi ? |
|
Date: |
Tue, 13 May 2014 15:56:42 -0500 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
I am chasing a bug in ppc64-linux-user when hosted on PPC 64.
I believe I have narrowed the problem to QEMU's emulation of an rlwimi
instruction
in ld64.so. The in/out asm and register dump are below. And so is the ppc
translation source.
The inbound contents of r4 is 0x24. The expected value of r4 after "rlwimi
r4,r4,8,16,23"
is 0x2424 but is zero. What looks strange to me in the out_asm is the "lwz
r14,32(r27)"
instruction, which appears to be generated from the
"tcg_gen_trun_i64_i32(t2,cpu_gpr[rS(ctx->opcode)])"
statement. If it is going to load only 4 bytes, shouldn't it be at offset 32+4
?
I have not yet been able to connect the dots between the QEMU source and the
emitted (TCG)
code.
Here is the main piece of the rlwimi translation code (target-ppc/translate.c):
target_ulong mask;
TCGv t1;
TCGv t0 = tcg_temp_new();
#if defined(TARGET_PPC64)
TCGv_i32 t2 = tcg_temp_new_i32();
tcg_gen_trunc_i64_i32(t2, cpu_gpr[rS(ctx->opcode)]);
tcg_gen_rotli_i32(t2, t2, sh);
tcg_gen_extu_i32_i64(t0, t2);
tcg_temp_free_i32(t2);
#else
tcg_gen_rotli_i32(t0, cpu_gpr[rS(ctx->opcode)], sh);
#endif
#if defined(TARGET_PPC64)
mb += 32;
me += 32;
#endif
mask = MASK(mb, me);
t1 = tcg_temp_new();
tcg_gen_andi_tl(t0, t0, mask);
tcg_gen_andi_tl(t1, cpu_gpr[rA(ctx->opcode)], ~mask);
tcg_gen_or_tl(cpu_gpr[rA(ctx->opcode)], t0, t1);
tcg_temp_free(t0);
tcg_temp_free(t1);
And here is the input/output asm from
IN:
0x00000fffa7fc2ae4: rlwimi r4,r4,8,16,23
OUT: [size=136]
0x603638c0: lwz r14,-4(r27)
0x603638c4: cmpwi cr7,r14,0
0x603638c8: bne- cr7,0x60363934
0x603638cc: lwz r14,32(r27) # this looks strange
0x603638d0: mr r15,r14
0x603638d4: rotlwi r15,r15,8
0x603638d8: andi. r15,r15,65280
0x603638dc: lis r0,-1
0x603638e0: ori r0,r0,255
0x603638e4: and r14,r14,r0
0x603638e8: or r14,r15,r14
0x603638ec: std r14,32(r27)
0x603638f0: .long 0x0
0x603638f4: .long 0x0
0x603638f8: .long 0x0
0x603638fc: .long 0x0
0x60363900: .long 0x0
0x60363904: .long 0x0
0x60363908: .long 0x0
0x6036390c: li r14,4095
0x60363910: rldicr r14,r14,32,31
0x60363914: oris r14,r14,43004
0x60363918: ori r14,r14,10984
0x6036391c: std r14,696(r27)
0x60363920: li r3,4095
0x60363924: rldicr r3,r3,32,31
0x60363928: oris r3,r3,43021
0x6036392c: ori r3,r3,56368
0x60363930: b 0x6231d668
0x60363934: li r3,4095
0x60363938: rldicr r3,r3,32,31
0x6036393c: oris r3,r3,43021
0x60363940: ori r3,r3,56371
0x60363944: b 0x6231d668
NIP 00000fffa7fc2ae4 LR 00000fffa7fb5af0 CTR 0000000000000007 XER
0000000000000000
MSR 8000000002806000 HID0 0000000000000000 HF 0000000002806000 idx 0
TB 00000000 00000000
GPR00 00000000100002d9 0000004000a0e070 00000fffa7fe8ae8 00000000100002d9
GPR04 0000000000000024 0000000000000000 0000000000000000 0000000000000000
GPR08 0000000000000000 0000000010010978 000000007fffffff 0000000000000001
GPR12 0000000034000042 0000000000000000 fffffffffffffffd 0000004000a0e0e0
GPR16 0000004000a0e0e0 00000fffa7fe2a58 0000000000000001 0000004000a0e0e0
GPR20 0000004000a0e0e0 0000000000000001 0000000000000000 0000004000a0e130
GPR24 0000004000a0e128 0000004000a0e138 0000004000a0e120 00000000100002d8
GPR28 00000fffa7fe2a58 0000000000000000 0000000010010938 0000004000a0e0b0
CR 34002042 [ EO G - - E - G E ] RES ffffffffffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 0000000000000000
IN:
0x00000fffa7fc2ae8: li r11,-1
OUT: [size=108]
0x60363950: lwz r14,-4(r27)
0x60363954: cmpwi cr7,r14,0
0x60363958: bne- cr7,0x603639a8
0x6036395c: li r14,-1
0x60363960: std r14,88(r27)
0x60363964: .long 0x0
0x60363968: .long 0x0
0x6036396c: .long 0x0
0x60363970: .long 0x0
0x60363974: .long 0x0
0x60363978: .long 0x0
0x6036397c: .long 0x0
0x60363980: li r14,4095
0x60363984: rldicr r14,r14,32,31
0x60363988: oris r14,r14,43004
0x6036398c: ori r14,r14,10988
0x60363990: std r14,696(r27)
0x60363994: li r3,4095
0x60363998: rldicr r3,r3,32,31
0x6036399c: oris r3,r3,43021
0x603639a0: ori r3,r3,56488
0x603639a4: b 0x6231d668
0x603639a8: li r3,4095
0x603639ac: rldicr r3,r3,32,31
0x603639b0: oris r3,r3,43021
0x603639b4: ori r3,r3,56491
0x603639b8: b 0x6231d668
NIP 00000fffa7fc2ae8 LR 00000fffa7fb5af0 CTR 0000000000000007 XER
0000000000000000
MSR 8000000002806000 HID0 0000000000000000 HF 0000000002806000 idx 0
TB 00000000 00000000
GPR00 00000000100002d9 0000004000a0e070 00000fffa7fe8ae8 00000000100002d9
GPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR08 0000000000000000 0000000010010978 000000007fffffff 0000000000000001
GPR12 0000000034000042 0000000000000000 fffffffffffffffd 0000004000a0e0e0
GPR16 0000004000a0e0e0 00000fffa7fe2a58 0000000000000001 0000004000a0e0e0
GPR20 0000004000a0e0e0 0000000000000001 0000000000000000 0000004000a0e130
GPR24 0000004000a0e128 0000004000a0e138 0000004000a0e120 00000000100002d8
GPR28 00000fffa7fe2a58 0000000000000000 0000000010010938 0000004000a0e0b0
- [Qemu-devel] Bug in PPC TCG for rlwimi ?,
Tom Musta <=