qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] target-mips: apply workaround for TCG optimizat

From: Aurelien Jarno
Subject: Re: [Qemu-devel] [PATCH] target-mips: apply workaround for TCG optimizations for MFC1
Date: Wed, 15 Jul 2015 11:59:13 +0200
User-agent: Mutt/1.5.23 (2014-03-12) 
On 2015-07-15 10:46, Richard Henderson wrote:
> On 07/14/2015 05:38 PM, Leon Alrae wrote:
> >There seems to be an issue when trying to keep a pointer in bottom 32-bits
> >of a 64-bit floating point register. Load and store instructions accessing
> >this address for some reason use the whole 64-bit content of floating point
> >register rather than truncated 32-bit value. The following load uses
> >incorrect address which leads to a crash if upper 32 bits of $f0 isn't 0:
> >
> >0x00400c60:  mfc1       t8,$f0
> >0x00400c64:  lw t9,0(t8)
> >
> >It can be reproduced with the following linux userland program when running
> >on a MIPS32 with CP0.Status.FR=1 (by default mips32r5-generic and
> >mips32r6-generic CPUs have this bit set in linux-user).
> >
> >int main(int argc, char *argv[])
> >{
> >     int tmp = 0x11111111;
> >     /* Set f0 */
> >     __asm__ ("mtc1  %0, $f0\n"
> >              "mthc1 %1, $f0\n"
> >              : : "r" (&tmp), "r" (tmp));
> >     /* At this point $f0: w:76fff040 d:1111111176fff040 */
> >     __asm__ ("mfc1 $t8, $f0\n"
> >              "lw   $t9, 0($t8)\n"); /* <--- crash! */
> >     return 0;
> >}
> 
> What compilation options, exactly?  I'm having trouble reproducing.
> Alternately, perhaps you can send me a binary.

Please find attached the corresponding static binary. You should run it
with:

  qemu-mipsel -cpu mips32r5-generic ./mfc1

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
address@hidden                 http://www.aurel32.net

Attachment: mfc1
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]