Re: [Qemu-devel] [PATCH] target-arm: modifying pc in tcg code for load/store multiple

[Ildar Isaev]

> On 19 February 2015 at 21:26,  <address@hidden> wrote:
> > From: Ildar Isaev <address@hidden>
> >
> > pc wasn't modified in tcg code for load/store multiple,
> > causing translation block to be executed in infinite loop forever
> >
> > Signed-off-by: Ildar Isaev <address@hidden>
> 
> It would be helpful if you gave an example of guest
> code which we mishandle. Do you have a test case?
> 

A bit clumsy, but something like that. Qemu never gets to the code past stmda.

-bash-4.1$ cat add.s


        .text
        mov   r0, #5         
        mov   r1, #4
        add   r2, r1, r0
        stmda sp, {r1, r2, r5, sp, lr, pc}^
        mov   r0, #26
        mov   r1, #30


-bash-4.1$ arm-linux-gnueabihf-as -o add.o add.s

-bash-4.1$ arm-linux-gnueabihf-ld -Ttext=0x80000000 -o add.elf add.o

-bash-4.1$ arm-linux-gnueabihf-objcopy -O binary add.elf add.bin

-bash-4.1$ dd if=/dev/zero of=test.bin bs=4096 count=4096

-bash-4.1$ dd if=add.bin of=test.bin bs=4096 conv=notrunc

-bash-4.1$ qemu-system-arm -M connex -pflash test.bin -nographic -serial 
/dev/null

QEMU 2.2.0 monitor - type 'help' for more information
(qemu) info registers
R00=00000005 R01=00000004 R02=00000009 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=00000000
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=00000000 R14=00000000 R15=00000000
PSR=00000013 ---- A svc32
FPSCR: 00000000
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) cont
(qemu) info registers
R00=00000005 R01=00000004 R02=00000009 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=00000000
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=00000000 R14=00000000 R15=00000000
PSR=00000013 ---- A svc32

add.s
Description: Binary data