From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CaKu9-0003cC-0I for qemu-devel@nongnu.org; Fri, 03 Dec 2004 16:23:53 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CaKu8-0003c0-Hs for qemu-devel@nongnu.org; Fri, 03 Dec 2004 16:23:52 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CaKu8-0003bx-Dn for qemu-devel@nongnu.org; Fri, 03 Dec 2004 16:23:52 -0500 Received: from [66.160.135.55] (helo=mail2.codesourcery.com) by monty-python.gnu.org with smtp (Exim 4.34) id 1CaKkM-0005eZ-28 for qemu-devel@nongnu.org; Fri, 03 Dec 2004 16:13:46 -0500 From: Paul Brook Subject: Re: [Qemu-devel] Qemu arm emulation Date: Fri, 3 Dec 2004 21:13:40 +0000 References: <20041203210758.GD21652@cray.fish.zetnet.co.uk> In-Reply-To: <20041203210758.GD21652@cray.fish.zetnet.co.uk> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_FcNsB3spTl0MeFN" Message-Id: <200412032113.41066.paul@codesourcery.com> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Charlie Baylis --Boundary-00=_FcNsB3spTl0MeFN Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Friday 03 December 2004 21:07, Charlie Baylis wrote: > Hi Fabrice > > I have had a look at some faults in the ARM port of Qemu. I have discovered > a couple of bugs. To avoid difficulties with my employer I can't distribute > my patch which contains the fixes, but they are fairly trivial so I am > detailing the changes required here. > > 1. The RRX operand shift on data processing instructions is incorrectly > decoded as a rotate right (ROR) of 0 bits. > RRX should have the effect of an extended rotate right of 1 bit where the > carry flag is shifted into the top bit of the result. If the S bit is set, > then the carry flag is set to the bottom bit of the source value. The attached patch fixes this. I posted it a while back, but it never got into CVS and I never chased it. Paul --Boundary-00=_FcNsB3spTl0MeFN Content-Type: text/x-diff; charset="iso-8859-1"; name="patch.qemu_rrx" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch.qemu_rrx" Index: target-arm/op.c =================================================================== RCS file: /cvsroot/qemu/qemu/target-arm/op.c,v retrieving revision 1.3 diff -u -p -r1.3 op.c --- target-arm/op.c 30 Nov 2003 19:40:08 -0000 1.3 +++ target-arm/op.c 1 Aug 2004 21:43:22 -0000 @@ -485,6 +502,11 @@ void OPPROTO op_rorl_T1_im(void) T1 = ((uint32_t)T1 >> shift) | (T1 << (32 - shift)); } +void OPPROTO op_rrxl_T1(void) +{ + T1 = ((uint32_t)T1 >> 1) | ((uint32_t)env->CF << 31); +} + /* T1 based, set C flag */ void OPPROTO op_shll_T1_im_cc(void) { @@ -512,6 +534,14 @@ void OPPROTO op_rorl_T1_im_cc(void) T1 = ((uint32_t)T1 >> shift) | (T1 << (32 - shift)); } +void OPPROTO op_rrxl_T1_cc(void) +{ + uint32_t c; + c = T1 & 1; + T1 = ((uint32_t)T1 >> 1) | ((uint32_t)env->CF << 31); + env->CF = c; +} + /* T2 based */ void OPPROTO op_shll_T2_im(void) { Index: target-arm/translate.c =================================================================== RCS file: /cvsroot/qemu/qemu/target-arm/translate.c,v retrieving revision 1.10 diff -u -p -r1.10 translate.c --- target-arm/translate.c 22 Jun 2004 10:55:49 -0000 1.10 +++ target-arm/translate.c 1 Aug 2004 21:43:22 -0000 @@ -365,6 +484,11 @@ static void disas_arm_insn(DisasContext } else { gen_shift_T1_im[shiftop](shift); } + } else if (shiftop == 3) { + if (logic_cc) + gen_op_rrxl_T1_cc(); + else + gen_op_rrxl_T1(); } } else { rs = (insn >> 8) & 0xf; --Boundary-00=_FcNsB3spTl0MeFN--