[Qemu-devel] MIPS little endian user space emulation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dirk Behme <dirk.behme@googlemail.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] MIPS little endian user space emulation
Date: Fri, 08 Sep 2006 18:35:29 +0200	[thread overview]
Message-ID: <45019BD1.4000205@gmail.com> (raw)

Hi,

anybody with success using little endian MIPS user space 
emulation qemu-mipsel? I try to run a simple hello world 
example using recent QEMU snapshot. It crashes with "qemu: 
unhandled CPU exception 0x1a - aborting". For more details 
see below. Doing the same with ARM compiler and qemu-arm 
does work btw.

Seems to me that it gets a wrong jump address via gp in t9:

0x401fa00c:  lw t9,-32600(gp)
...
0x401fa01c:  jalr       t9

Any ideas?

Many thanks

Dirk

hello_world> cat hello_world.c
#include <stdio.h>

int main(void) {

   printf("Hello world\n");

   return 0;
}
hello_world> mipsel-linux-gcc hello_world.c -o hello_world
hello_world> file hello_world
hello_world: ELF 32-bit LSB MIPS-I executable, MIPS, version 
1 (SYSV), for GNU/Linux 2.4.3, dynamically linked (uses 
shared libs), not stripped
hello_world> ./qemu-mipsel -L 
/usr/mips/mipsel-linux/mipsel-linux -d 
out_asm,in_asm,op,int,exec,cpu hello_world
qemu: unhandled CPU exception 0x1a - aborting
pc=0x00012a2c HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008
GPR04: a0 00017864 a1 0001730c a2 000000a1 a3 00016500
GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
GPR12: t4 70000053 t5 401f3c00 t6 401f3f00 t7 00000063
GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 6ffffdff t9 00012a2c k0 00000000 k1 00000000
GPR28: gp 40257020 sp 401f3be8 s8 00000000 ra 401fa024
CP0 Status  0x30400014 Cause   0x00000000 EPC    0x00000000
     Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
CP1 FCR0 0x00000110  FCR31 0x00000000  SR.FR 0
FT0: w:00000000 d:0000000000000000 fd:0 fs:5.75452
FT1: w:00000000 d:0000000000000000 fd:0 fs:5.75452
FT2: w:00000000 d:0000000000000000 fd:0 fs:5.75452
f00: w:00000000 d:0000000000000000 fd:0 fs:5.75452
...
f30: w:00000000 d:0000000000000000 fd:0 fs:5.75452
qemu: uncaught target signal 6 (Aborted) - exiting

Exctract of end of log file:

...
------------------------------------------------
pc=0x401f9c28 HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000008
GPR04: a0 00000008 a1 401f617c a2 401f3c38 a3 401f6000
GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063
GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 6ffffdff t9 6ffffe66 k0 00000000 k1 00000000
GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 6ffffeff
CP0 Status  0x30400014 Cause   0x00000000 EPC    0x00000000
     Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
CP1 FCR0 0x00000110  FCR31 0x00000000  SR.FR 0
FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
IN:
0x401f9c28:  lw v0,60(a2)
0x401f9c2c:  nop
0x401f9c30:  bnez       v0,0x401fa000
0x401f9c34:  nop

OP:
0x0000: load_gpr_T0_gpr6
0x0001: set_T1 0x3c
0x0002: add
0x0003: lw_raw
0x0004: store_T0_gpr_gpr2
0x0005: load_gpr_T0_gpr2
0x0006: reset_T1
0x0007: ne
0x0008: set_bcond
0x0009: jnz_T2 0x0
0x000a: goto_tb1
0x000b: save_pc 0x401f9c38
0x000c: set_T0 0x800cd4a1
0x000d: exit_tb
0x000e: save_pc 0x401fa000
0x000f: set_T0 0x0
0x0010: exit_tb
0x0011: reset_T0
0x0012: exit_tb
0x0013: end

---------------- 2 00000003
OUT: [size=80]
0x810cd980:  mov    0x18(%ebp),%ebx
0x810cd983:  mov    $0x3c,%esi
0x810cd988:  add    %esi,%ebx
0x810cd98a:  mov    (%ebx),%ebx
0x810cd98c:  mov    %ebx,0x8(%ebp)
0x810cd98f:  mov    0x8(%ebp),%ebx
0x810cd992:  xor    %esi,%esi
0x810cd994:  cmp    %esi,%ebx
0x810cd996:  setne  %al
0x810cd999:  xor    %ebx,%ebx
0x810cd99b:  mov    %al,%bl
0x810cd99d:  mov    %ebx,%edi
0x810cd99f:  test   %edi,%edi
0x810cd9a1:  je     0x810cd9a8
0x810cd9a3:  jmp    0x810cd9bd
0x810cd9a8:  jmp    0x83151d34
0x810cd9ad:  movl   $0x401f9c38,0x80(%ebp)
0x810cd9b7:  mov    $0x800cd4a1,%ebx
0x810cd9bc:  ret
0x810cd9bd:  movl   $0x401fa000,0x80(%ebp)
0x810cd9c7:  mov    $0x0,%ebx
0x810cd9cc:  ret
0x810cd9cd:  xor    %ebx,%ebx
0x810cd9cf:  ret

------------------------------------------------
pc=0x401fa000 HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008
GPR04: a0 00000008 a1 401f617c a2 401f3c38 a3 401f6000
GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063
GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 6ffffdff t9 6ffffe66 k0 00000000 k1 00000000
GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 6ffffeff
CP0 Status  0x30400014 Cause   0x00000000 EPC    0x00000000
     Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
CP1 FCR0 0x00000110  FCR31 0x00000000  SR.FR 0
FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
IN:
0x401fa000:  lw a0,-32692(gp)
0x401fa004:  lw a1,-32692(gp)
0x401fa008:  lw a3,-32692(gp)
0x401fa00c:  lw t9,-32600(gp)
0x401fa010:  addiu      a0,a0,30820
0x401fa014:  addiu      a1,a1,29452
0x401fa018:  addiu      a3,a3,25856
0x401fa01c:  jalr       t9
0x401fa020:  li a2,161

OP:
0x0000: load_gpr_T0_gpr28
0x0001: set_T1 0xffff804c
0x0002: add
0x0003: lw_raw
0x0004: store_T0_gpr_gpr4
0x0005: load_gpr_T0_gpr28
0x0006: set_T1 0xffff804c
0x0007: add
0x0008: lw_raw
0x0009: store_T0_gpr_gpr5
0x000a: load_gpr_T0_gpr28
0x000b: set_T1 0xffff804c
0x000c: add
0x000d: lw_raw
0x000e: store_T0_gpr_gpr7
0x000f: load_gpr_T0_gpr28
0x0010: set_T1 0xffff80a8
0x0011: add
0x0012: lw_raw
0x0013: store_T0_gpr_gpr25
0x0014: load_gpr_T0_gpr4
0x0015: set_T1 0x7864
0x0016: add
0x0017: store_T0_gpr_gpr4
0x0018: load_gpr_T0_gpr5
0x0019: set_T1 0x730c
0x001a: add
0x001b: store_T0_gpr_gpr5
0x001c: load_gpr_T0_gpr7
0x001d: set_T1 0x6500
0x001e: add
0x001f: store_T0_gpr_gpr7
0x0020: load_gpr_T2_gpr25
0x0021: set_T0 0x401fa024
0x0022: store_T0_gpr_gpr31
0x0023: reset_T0
0x0024: set_T1 0xa1
0x0025: add
0x0026: store_T0_gpr_gpr6
0x0027: breg
0x0028: reset_T0
0x0029: exit_tb
0x002a: end

---------------- 2 00000003
OUT: [size=131]
0x810cd9d0:  mov    0x70(%ebp),%ebx
0x810cd9d3:  mov    $0xffff804c,%esi
0x810cd9d8:  add    %esi,%ebx
0x810cd9da:  mov    (%ebx),%ebx
0x810cd9dc:  mov    %ebx,0x10(%ebp)
0x810cd9df:  mov    0x70(%ebp),%ebx
0x810cd9e2:  mov    $0xffff804c,%esi
0x810cd9e7:  add    %esi,%ebx
0x810cd9e9:  mov    (%ebx),%ebx
0x810cd9eb:  mov    %ebx,0x14(%ebp)
0x810cd9ee:  mov    0x70(%ebp),%ebx
0x810cd9f1:  mov    $0xffff804c,%esi
0x810cd9f6:  add    %esi,%ebx
0x810cd9f8:  mov    (%ebx),%ebx
0x810cd9fa:  mov    %ebx,0x1c(%ebp)
0x810cd9fd:  mov    0x70(%ebp),%ebx
0x810cda00:  mov    $0xffff80a8,%esi
0x810cda05:  add    %esi,%ebx
0x810cda07:  mov    (%ebx),%ebx
0x810cda09:  mov    %ebx,0x64(%ebp)
0x810cda0c:  mov    0x10(%ebp),%ebx
0x810cda0f:  mov    $0x7864,%esi
0x810cda14:  add    %esi,%ebx
0x810cda16:  mov    %ebx,0x10(%ebp)
0x810cda19:  mov    0x14(%ebp),%ebx
0x810cda1c:  mov    $0x730c,%esi
0x810cda21:  add    %esi,%ebx
0x810cda23:  mov    %ebx,0x14(%ebp)
0x810cda26:  mov    0x1c(%ebp),%ebx
0x810cda29:  mov    $0x6500,%esi
0x810cda2e:  add    %esi,%ebx
0x810cda30:  mov    %ebx,0x1c(%ebp)
0x810cda33:  mov    0x64(%ebp),%edi
0x810cda36:  mov    $0x401fa024,%ebx
0x810cda3b:  mov    %ebx,0x7c(%ebp)
0x810cda3e:  xor    %ebx,%ebx
0x810cda40:  mov    $0xa1,%esi
0x810cda45:  add    %esi,%ebx
0x810cda47:  mov    %ebx,0x18(%ebp)
0x810cda4a:  mov    %edi,0x80(%ebp)
0x810cda50:  xor    %ebx,%ebx
0x810cda52:  ret

------------------------------------------------
pc=0x00012a2c HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008
GPR04: a0 00017864 a1 0001730c a2 000000a1 a3 00016500
GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063
GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 6ffffdff t9 00012a2c k0 00000000 k1 00000000
GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 401fa024
CP0 Status  0x30400014 Cause   0x00000000 EPC    0x00000000
     Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
CP1 FCR0 0x00000110  FCR31 0x00000000  SR.FR 0
FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
cpu_mips_handle_mmu_fault pc 00012a2c ad 00012a2c rw 0 
is_user 1 smmu 0
do_raise_exception_err: 26 1

next             reply	other threads:[~2006-09-08 16:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-08 16:35 Dirk Behme [this message]
2006-09-08 20:33 ` [Qemu-devel] MIPS little endian user space emulation Stefan Weil
2006-09-09  7:41   ` Dirk Behme
2006-09-09 18:00     ` Stefan Weil
2006-09-10 10:24       ` wangji
2006-09-09 22:13 ` wangji
2006-09-09  7:16   ` Dirk Behme
2006-09-10  2:34     ` wangji
2006-09-10  8:49     ` wangji

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45019BD1.4000205@gmail.com \
    --to=dirk.behme@googlemail.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.