From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1F4lWF-0006Ap-Ra for qemu-devel@nongnu.org; Thu, 02 Feb 2006 15:57:31 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1F4lWE-0006A5-Ve for qemu-devel@nongnu.org; Thu, 02 Feb 2006 15:57:31 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F4lNB-00037r-0n for qemu-devel@nongnu.org; Thu, 02 Feb 2006 15:48:09 -0500 Received: from [65.74.133.4] (helo=mail.codesourcery.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1F4lM4-0000Bg-5A for qemu-devel@nongnu.org; Thu, 02 Feb 2006 15:47:00 -0500 From: Paul Brook Date: Thu, 2 Feb 2006 20:44:50 +0000 MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_C9m4DeQtY+GWsED" Message-Id: <200602022044.50631.paul@codesourcery.com> Subject: [Qemu-devel] [patch] Arm BKPT instruction Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --Boundary-00=_C9m4DeQtY+GWsED Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline The attached patch implements the Arm bkpt instruction. In full system emulation it causes a prefect abort (as defined by the architecture). For usermode emulation we capture it the same as SWI. Paul --Boundary-00=_C9m4DeQtY+GWsED Content-Type: text/x-diff; charset="us-ascii"; name="patch.qemu_bkpt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch.qemu_bkpt" Index: linux-user/main.c =================================================================== RCS file: /sources/qemu/qemu/linux-user/main.c,v retrieving revision 1.76 diff -u -p -r1.76 main.c --- linux-user/main.c 5 Dec 2005 21:04:24 -0000 1.76 +++ linux-user/main.c 2 Feb 2006 20:41:06 -0000 @@ -358,14 +358,27 @@ void cpu_loop(CPUARMState *env) } break; case EXCP_SWI: + case EXCP_BKPT: { /* system call */ - if (env->thumb) { - insn = lduw((void *)(env->regs[15] - 2)); - n = insn & 0xff; + if (trapnr == EXCP_BKPT) { + if (env->thumb) { + insn = lduw((void *)(env->regs[15])); + n = insn & 0xff; + env->regs[15] += 2; + } else { + insn = ldl((void *)(env->regs[15])); + n = (insn & 0xf) | ((insn >> 4) & 0xff0); + env->regs[15] += 4; + } } else { - insn = ldl((void *)(env->regs[15] - 4)); - n = insn & 0xffffff; + if (env->thumb) { + insn = lduw((void *)(env->regs[15] - 2)); + n = insn & 0xff; + } else { + insn = ldl((void *)(env->regs[15] - 4)); + n = insn & 0xffffff; + } } if (n == ARM_NR_cacheflush) { Index: target-arm/cpu.h =================================================================== RCS file: /sources/qemu/qemu/target-arm/cpu.h,v retrieving revision 1.13 diff -u -p -r1.13 cpu.h --- target-arm/cpu.h 26 Nov 2005 10:46:39 -0000 1.13 +++ target-arm/cpu.h 2 Feb 2006 20:41:06 -0000 @@ -34,6 +34,7 @@ #define EXCP_DATA_ABORT 4 #define EXCP_IRQ 5 #define EXCP_FIQ 6 +#define EXCP_BKPT 7 /* We currently assume float and double are IEEE single and double precision respectively. Index: target-arm/helper.c =================================================================== RCS file: /sources/qemu/qemu/target-arm/helper.c,v retrieving revision 1.2 diff -u -p -r1.2 helper.c --- target-arm/helper.c 18 Dec 2005 16:54:08 -0000 1.2 +++ target-arm/helper.c 2 Feb 2006 20:41:06 -0000 @@ -127,6 +127,7 @@ void do_interrupt(CPUARMState *env) offset = 0; break; case EXCP_PREFETCH_ABORT: + case EXCP_BKPT: new_mode = ARM_CPU_MODE_ABT; addr = 0x0c; mask = CPSR_A | CPSR_I; Index: target-arm/op.c =================================================================== RCS file: /sources/qemu/qemu/target-arm/op.c,v retrieving revision 1.17 diff -u -p -r1.17 op.c --- target-arm/op.c 26 Nov 2005 10:46:39 -0000 1.17 +++ target-arm/op.c 2 Feb 2006 20:41:06 -0000 @@ -885,6 +885,12 @@ void OPPROTO op_wfi(void) cpu_loop_exit(); } +void OPPROTO op_bkpt(void) +{ + env->exception_index = EXCP_BKPT; + cpu_loop_exit(); +} + /* VFP support. We follow the convention used for VFP instrunctions: Single precition routines have a "s" suffix, double precision a "d" suffix. */ Index: target-arm/translate.c =================================================================== RCS file: /sources/qemu/qemu/target-arm/translate.c,v retrieving revision 1.35 diff -u -p -r1.35 translate.c --- target-arm/translate.c 18 Dec 2005 16:55:25 -0000 1.35 +++ target-arm/translate.c 2 Feb 2006 20:41:07 -0000 @@ -1217,6 +1217,12 @@ static void disas_arm_insn(CPUState * en gen_op_addl_T0_T1_saturate(); gen_movl_reg_T0(s, rd); break; + case 7: /* bkpt */ + gen_op_movl_T0_im((long)s->pc - 4); + gen_op_movl_reg_TN[0][15](); + gen_op_bkpt(); + s->is_jmp = DISAS_JUMP; + break; case 0x8: /* signed multiply */ case 0xa: case 0xc: @@ -2183,6 +2197,13 @@ static void disas_thumb_insn(DisasContex gen_bx(s); break; + case 0xe: /* bkpt */ + gen_op_movl_T0_im((long)s->pc - 2); + gen_op_movl_reg_TN[0][15](); + gen_op_bkpt(); + s->is_jmp = DISAS_JUMP; + break; + default: goto undef; } --Boundary-00=_C9m4DeQtY+GWsED--