Re: [Qemu-devel] Qemu arm emulation

[Paul Brook <paul@codesourcery.com>]

[-- Attachment #1: Type: text/plain, Size: 794 bytes --]

On Friday 03 December 2004 21:07, Charlie Baylis wrote:
> Hi Fabrice
>
> I have had a look at some faults in the ARM port of Qemu. I have discovered
> a couple of bugs. To avoid difficulties with my employer I can't distribute
> my patch which contains the fixes, but they are fairly trivial so I am
> detailing the changes required here.
>
> 1. The RRX operand shift on data processing instructions is incorrectly
> decoded as a rotate right (ROR) of 0 bits.
> RRX should have the effect of an extended rotate right of 1 bit where the
> carry flag is shifted into the top bit of the result. If the S bit is set,
> then the carry flag is set to the bottom bit of the source value.

The attached patch fixes this.

I posted it a while back, but it never got into CVS and I never chased it.
Paul

[-- Attachment #2: patch.qemu_rrx --]
[-- Type: text/x-diff, Size: 1658 bytes --]

Index: target-arm/op.c
===================================================================
RCS file: /cvsroot/qemu/qemu/target-arm/op.c,v
retrieving revision 1.3
diff -u -p -r1.3 op.c
--- target-arm/op.c	30 Nov 2003 19:40:08 -0000	1.3
+++ target-arm/op.c	1 Aug 2004 21:43:22 -0000
@@ -485,6 +502,11 @@ void OPPROTO op_rorl_T1_im(void)
     T1 = ((uint32_t)T1 >> shift) | (T1 << (32 - shift));
 }
 
+void OPPROTO op_rrxl_T1(void)
+{
+    T1 = ((uint32_t)T1 >> 1) | ((uint32_t)env->CF << 31);
+}
+
 /* T1 based, set C flag */
 void OPPROTO op_shll_T1_im_cc(void)
 {
@@ -512,6 +534,14 @@ void OPPROTO op_rorl_T1_im_cc(void)
     T1 = ((uint32_t)T1 >> shift) | (T1 << (32 - shift));
 }
 
+void OPPROTO op_rrxl_T1_cc(void)
+{
+    uint32_t c;
+    c = T1 & 1;
+    T1 = ((uint32_t)T1 >> 1) | ((uint32_t)env->CF << 31);
+    env->CF = c;
+}
+
 /* T2 based */
 void OPPROTO op_shll_T2_im(void)
 {
Index: target-arm/translate.c
===================================================================
RCS file: /cvsroot/qemu/qemu/target-arm/translate.c,v
retrieving revision 1.10
diff -u -p -r1.10 translate.c
--- target-arm/translate.c	22 Jun 2004 10:55:49 -0000	1.10
+++ target-arm/translate.c	1 Aug 2004 21:43:22 -0000
@@ -365,6 +484,11 @@ static void disas_arm_insn(DisasContext 
                     } else {
                         gen_shift_T1_im[shiftop](shift);
                     }
+                } else if (shiftop == 3) {
+                    if (logic_cc)
+                        gen_op_rrxl_T1_cc();
+                    else
+                        gen_op_rrxl_T1();
                 }
             } else {
                 rs = (insn >> 8) & 0xf;