From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=48749 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PuTTp-00089r-1M
	for qemu-devel@nongnu.org; Tue, 01 Mar 2011 12:35:26 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1PuTTm-0005vv-Ed
	for qemu-devel@nongnu.org; Tue, 01 Mar 2011 12:35:24 -0500
Received: from mnementh.archaic.org.uk ([81.2.115.146]:47581)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1PuTTm-0005vM-17
	for qemu-devel@nongnu.org; Tue, 01 Mar 2011 12:35:22 -0500
From: Peter Maydell <peter.maydell@linaro.org>
Date: Tue,  1 Mar 2011 17:35:19 +0000
Message-Id: <1299000919-31368-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH] target-arm: Handle VMOV between two core and
	VFP single regs
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: patches@linaro.org

Fix two bugs in the translation of the instructions VMOV sa,sb,rx,ry and
VMOV rx,ry,sa,sb (which copy between a pair of ARM core registers and a
pair of VFP single precision registers):

 * An incorrect condition meant these instruction patterns were being
   treated as load/store multiple, which resulted in the generation
   of bad code and a runtime segfault
 * The order of the core register pair was reversed so the values would
   go to the wrong registers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/translate.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index dbd958b..0111a61 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -3232,7 +3232,7 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
         break;
     case 0xc:
     case 0xd:
-        if (dp && (insn & 0x03e00000) == 0x00400000) {
+        if ((insn & 0x03e00000) == 0x00400000) {
             /* two-register transfer */
             rn = (insn >> 16) & 0xf;
             rd = (insn >> 12) & 0xf;
@@ -3254,10 +3254,10 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
                 } else {
                     gen_mov_F0_vreg(0, rm);
                     tmp = gen_vfp_mrs();
-                    store_reg(s, rn, tmp);
+                    store_reg(s, rd, tmp);
                     gen_mov_F0_vreg(0, rm + 1);
                     tmp = gen_vfp_mrs();
-                    store_reg(s, rd, tmp);
+                    store_reg(s, rn, tmp);
                 }
             } else {
                 /* arm->vfp */
@@ -3269,10 +3269,10 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
                     gen_vfp_msr(tmp);
                     gen_mov_vreg_F0(0, rm * 2 + 1);
                 } else {
-                    tmp = load_reg(s, rn);
+                    tmp = load_reg(s, rd);
                     gen_vfp_msr(tmp);
                     gen_mov_vreg_F0(0, rm);
-                    tmp = load_reg(s, rd);
+                    tmp = load_reg(s, rn);
                     gen_vfp_msr(tmp);
                     gen_mov_vreg_F0(0, rm + 1);
                 }
-- 
1.7.1