[Bug 1663287] Re: Illegal delay slot code causes abort on mips64

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1663287] Re: Illegal delay slot code causes abort on mips64

From:	Philippe Mathieu-Daudé
Subject:	[Bug 1663287] Re: Illegal delay slot code causes abort on mips64
Date:	Mon, 06 Apr 2020 23:17:48 -0000

Hi Brian,

You try to execute a CP1 instruction in a delay slot,
which triggers a Reserved Instruction exception.
Per the ISA the processor operation is UNPREDICTABLE in such case.

What is the behavior on real hardware?
An assertion() seems appropriate.

Your compiler might be buggy, or you are not compiling for the correct CPU
(or you are not using the correct QEMU cpu).

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287

Title:
  Illegal delay slot code causes abort on mips64

Status in QEMU:
  New

Bug description:
  During some randomised testing of an experimental MIPS implementation
  I found an instruction sequence that also causes aborts on mainline
  qemu's MIPS support.  The problem is triggered by an MSA branch
  instruction appearing in a delay slot when emulating a processor
  without MSA support.

  For example, with the current repository HEAD
  (f073cd3a2bf1054135271b837c58a7da650dd84b) configured for
  mips64-softmmu, if I run the attached binary using

      mips64-softmmu/qemu-system-mips64 -bios ../abort2.bin -machine
  mipssim -nographic

  it will report

      unknown branch 0x13000
      Aborted (core dumped)

  The binary contains the following two instructions:

      00200008 jr at
      47081e61 bz.b       w8,0xffffffffbfc0798c

  The jr sets up a jump, and hflags is set accordingly in
  gen_compute_branch (in target/mips/translate.c).  When processing the
  bz.b, check_insn generates an exception because the instruction isn't
  support, but gen_msa_branch skips the usual delay slot check for the
  same reason, and sets more bits in hflags, leading to an abort in
  gen_branch because the hflags are now invalid.

  I suspect the best fix is to remove the instruction set condition from
  the delay slot check in gen_msa_branch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1663287/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1663287] Re: Illegal delay slot code causes abort on mips64, martin short, 2020/04/06
- [Bug 1663287] Re: Illegal delay slot code causes abort on mips64, Philippe Mathieu-Daudé <=
- [Bug 1663287] Re: Illegal delay slot code causes abort on mips64, martin short, 2020/04/07
- [Bug 1663287] Re: Illegal delay slot code causes abort on mips64, Peter Maydell, 2020/04/07
- [Bug 1663287] Re: Illegal delay slot code causes abort on mips64, martin short, 2020/04/07
- [Bug 1663287] Re: Illegal delay slot code causes abort on mips64, Brian Campbell, 2020/04/07

Prev by Date: [Bug 1871250] [NEW] Failed to create HAX VM
Next by Date: [RFC PATCH-for-5.0?] target/mips/translate: Report exception in delay slot as UNPREDICTABLE
Previous by thread: [Bug 1663287] Re: Illegal delay slot code causes abort on mips64
Next by thread: [Bug 1663287] Re: Illegal delay slot code causes abort on mips64
Index(es):
- Date
- Thread