[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were
From: |
Oleksiy Bondarenko |
Subject: |
[Qemu-devel] [Bug 944645] [NEW] ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering exception |
Date: |
Fri, 02 Mar 2012 09:20:42 -0000 |
Public bug reported:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f <<---
it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f
<<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
** Affects: qemu
Importance: Undecided
Status: New
** Tags: arm cortexm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/944645
Title:
ARM: CORTEX M, ICI/IT bits in XPSR were not cleared then entering
exception
Status in QEMU:
New
Bug description:
I have this error.
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
R00=e000ed04 R01=3f5e392e R02=000000ff R03=0000007e
R04=20007038 R05=20003e30 R06=00000000 R07=00000003
R08=00000000 R09=00012874 R10=10101010 R11=11111111
R12=00000000 R13=200031d0 R14=fffffffd R15=10000000
PSR=40000153 -Z-- A svc32
I tried to figure out this situation. I have found that this happens
then interrupt happens during execution of __eabi_fmul instruction
somewhere in the middle of this block
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
purticulary then tcg where tring split this to 2 parts like this:
IN:
0x004212d4: 22ff movs r2, #255
0x004212d6: ea12 5cd0 ands.w ip, r2, r0, lsr #23
0x004212da: bf1d ittte ne
0x004212dc: ea12 53d1 andsne.w r3, r2, r1, lsr #23
0x004212e0: 4594 cmpne ip, r2
IN:
0x004212e2: 4293 cmpne r3, r2
0x004212e4: e02b beq.n 0x42133e
and the next interrupt handler prologue seem uses conditional
instructions:
IN:
0x00409170: b580 push {r7, lr}
0x00409172: 485d ldrne r0, [pc, #372] (0x4092e8)
0x00409174: 6800 ldrne r0, [r0, #0]
0x00409176: 0700 lsleq r0, r0, #28
0x00409178: d530 bpl.n 0x4091dc
If we will look in v7m reference manual
in ExceptionTaken() stated:
EPSR.IT<7:0> = 0x0; // IT/ICI bits cleared
after I added 1 code line it looks it does not happen anymore.
v7m_push(env, xpsr);
+ xpsr_write(env, 0, CPSR_IT);
I did some interrupt logs with and without modification:
without:
before enter at pc=424534 sp=2000642c osp=200031c8 type=28 xpsr=41000028
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f
<<--- it bits where not cleared
on fault at pc=4091dc sp=200031d0 osp=20003df8 type=2f xpsr=4100002f
qemu: fatal: Trying to execute code outside RAM or ROM at 0x10000000
with:
before enter at pc=424534 sp=2000642c osp=200031c8 type=e xpsr=4100000e
before enter at pc=4212e0 sp=20003e18 osp=200031c8 type=2f xpsr=4500182f
<<--- fault situation passed
before enter at pc=424534 sp=20003d80 osp=200031c8 type=e xpsr=4100000e
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/944645/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |