From: Charlie Baylis <charlie.baylis@fish.zetnet.co.uk>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] Qemu arm emulation
Date: Fri, 3 Dec 2004 21:07:58 +0000 [thread overview]
Message-ID: <20041203210758.GD21652@cray.fish.zetnet.co.uk> (raw)
[-- Attachment #1: Type: text/plain, Size: 1439 bytes --]
Hi Fabrice
I have had a look at some faults in the ARM port of Qemu. I have discovered a
couple of bugs. To avoid difficulties with my employer I can't distribute my
patch which contains the fixes, but they are fairly trivial so I am detailing
the changes required here.
1. The RRX operand shift on data processing instructions is incorrectly decoded
as a rotate right (ROR) of 0 bits.
RRX should have the effect of an extended rotate right of 1 bit where the carry
flag is shifted into the top bit of the result. If the S bit is set, then the
carry flag is set to the bottom bit of the source value.
2. Shifter carry out for immediates
When an immediate value is generated the shifter carry out is set to bit31 of
the resulting immediate if the shift value is non zero. If the shift value
is zero, then the shifter carry out has the value of the C flag.
Therefore, the following instructions should alter the carry flag when used
with an immediate which has a non-zero shift.
ANDS BICS EORS MOVS MVNS ORRS TEQS and TSTS
(The remaining data processing instructions generate the C flag from the
calculation performed by the instruction)
Test case is attached as a C file and as assembler file. The assembler function
f will return if these bugs are fixed and loops forever otherwise. I can email
you a statically linked binary if you don't have an ARM toolchain.
Apologies for not being able to just send a patch.
Regards
Charlie
[-- Attachment #2: p.c --]
[-- Type: text/x-csrc, Size: 107 bytes --]
#include <unistd.h>
extern unsigned f();
int main(unsigned int argc, char**argv)
{
f();
return 0;
}
[-- Attachment #3: ps.s --]
[-- Type: text/plain, Size: 273 bytes --]
.file "ps.s"
.section .rodata
.align 2
.global f
f:
cmp r0, r0 @ set carry flag
mov r0, r0, rrx
cmp r0, #0x80000000
loop1: bne loop1
cmp r0, r0 @ set carry flag
tst r0, #0x04000000
loop2: bcs loop2
mov pc, lr
next reply other threads:[~2004-12-03 21:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-03 21:07 Charlie Baylis [this message]
2004-12-03 21:13 ` [Qemu-devel] Qemu arm emulation Paul Brook
2004-12-08 22:33 ` Fabrice Bellard
2004-12-08 22:48 ` Paul Brook
2005-02-04 12:30 ` Ulrich Hecht
2005-02-04 14:19 ` Paul Brook
2005-02-05 12:45 ` Ulrich Hecht
-- strict thread matches above, loose matches on Subject: below --
2005-11-30 19:48 [Qemu-devel] qemu & " Philippe BEAU
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041203210758.GD21652@cray.fish.zetnet.co.uk \
--to=charlie.baylis@fish.zetnet.co.uk \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).