From: wangji <hoan@wanadoo.fr>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] MIPS little endian user space emulation
Date: Sun, 10 Sep 2006 00:13:42 +0200 [thread overview]
Message-ID: <200609100013.42650.hoan@wanadoo.fr> (raw)
In-Reply-To: <45019BD1.4000205@gmail.com>
Khi Thứ sáu 08 Tháng chín 2006 6:35 chiều, Dirk Behme viết:
> Hi,
>
> anybody with success using little endian MIPS user space
> emulation qemu-mipsel? I try to run a simple hello world
> example using recent QEMU snapshot. It crashes with "qemu:
> unhandled CPU exception 0x1a - aborting". For more details
> see below. Doing the same with ARM compiler and qemu-arm
> does work btw.
>
> Seems to me that it gets a wrong jump address via gp in t9:
>
> 0x401fa00c: lw t9,-32600(gp)
> ...
> 0x401fa01c: jalr t9
>
> Any ideas?
>
> Many thanks
>
> Dirk
>
> hello_world> cat hello_world.c
> #include <stdio.h>
>
> int main(void) {
>
> printf("Hello world\n");
>
> return 0;
> }
> hello_world> mipsel-linux-gcc hello_world.c -o hello_world
> hello_world> file hello_world
> hello_world: ELF 32-bit LSB MIPS-I executable, MIPS, version
> 1 (SYSV), for GNU/Linux 2.4.3, dynamically linked (uses
> shared libs), not stripped
> hello_world> ./qemu-mipsel -L
> /usr/mips/mipsel-linux/mipsel-linux -d
> out_asm,in_asm,op,int,exec,cpu hello_world
> qemu: unhandled CPU exception 0x1a - aborting
> pc=0x00012a2c HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
> GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008
> GPR04: a0 00017864 a1 0001730c a2 000000a1 a3 00016500
> GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
> GPR12: t4 70000053 t5 401f3c00 t6 401f3f00 t7 00000063
> GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 6ffffdff t9 00012a2c k0 00000000 k1 00000000
> GPR28: gp 40257020 sp 401f3be8 s8 00000000 ra 401fa024
> CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000
> Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
> CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0
> FT0: w:00000000 d:0000000000000000 fd:0 fs:5.75452
> FT1: w:00000000 d:0000000000000000 fd:0 fs:5.75452
> FT2: w:00000000 d:0000000000000000 fd:0 fs:5.75452
> f00: w:00000000 d:0000000000000000 fd:0 fs:5.75452
> ...
> f30: w:00000000 d:0000000000000000 fd:0 fs:5.75452
> qemu: uncaught target signal 6 (Aborted) - exiting
>
> Exctract of end of log file:
>
> ...
> ------------------------------------------------
> pc=0x401f9c28 HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000008
> GPR04: a0 00000008 a1 401f617c a2 401f3c38 a3 401f6000
> GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
> GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063
> GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 6ffffdff t9 6ffffe66 k0 00000000 k1 00000000
> GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 6ffffeff
> CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000
> Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
> CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0
> FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> IN:
> 0x401f9c28: lw v0,60(a2)
> 0x401f9c2c: nop
> 0x401f9c30: bnez v0,0x401fa000
> 0x401f9c34: nop
>
> OP:
> 0x0000: load_gpr_T0_gpr6
> 0x0001: set_T1 0x3c
> 0x0002: add
> 0x0003: lw_raw
> 0x0004: store_T0_gpr_gpr2
> 0x0005: load_gpr_T0_gpr2
> 0x0006: reset_T1
> 0x0007: ne
> 0x0008: set_bcond
> 0x0009: jnz_T2 0x0
> 0x000a: goto_tb1
> 0x000b: save_pc 0x401f9c38
> 0x000c: set_T0 0x800cd4a1
> 0x000d: exit_tb
> 0x000e: save_pc 0x401fa000
> 0x000f: set_T0 0x0
> 0x0010: exit_tb
> 0x0011: reset_T0
> 0x0012: exit_tb
> 0x0013: end
>
> ---------------- 2 00000003
> OUT: [size=80]
> 0x810cd980: mov 0x18(%ebp),%ebx
> 0x810cd983: mov $0x3c,%esi
> 0x810cd988: add %esi,%ebx
> 0x810cd98a: mov (%ebx),%ebx
> 0x810cd98c: mov %ebx,0x8(%ebp)
> 0x810cd98f: mov 0x8(%ebp),%ebx
> 0x810cd992: xor %esi,%esi
> 0x810cd994: cmp %esi,%ebx
> 0x810cd996: setne %al
> 0x810cd999: xor %ebx,%ebx
> 0x810cd99b: mov %al,%bl
> 0x810cd99d: mov %ebx,%edi
> 0x810cd99f: test %edi,%edi
> 0x810cd9a1: je 0x810cd9a8
> 0x810cd9a3: jmp 0x810cd9bd
> 0x810cd9a8: jmp 0x83151d34
> 0x810cd9ad: movl $0x401f9c38,0x80(%ebp)
> 0x810cd9b7: mov $0x800cd4a1,%ebx
> 0x810cd9bc: ret
> 0x810cd9bd: movl $0x401fa000,0x80(%ebp)
> 0x810cd9c7: mov $0x0,%ebx
> 0x810cd9cc: ret
> 0x810cd9cd: xor %ebx,%ebx
> 0x810cd9cf: ret
>
> ------------------------------------------------
> pc=0x401fa000 HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
> GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008
> GPR04: a0 00000008 a1 401f617c a2 401f3c38 a3 401f6000
> GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
> GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063
> GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 6ffffdff t9 6ffffe66 k0 00000000 k1 00000000
> GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 6ffffeff
> CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000
> Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
> CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0
> FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> IN:
> 0x401fa000: lw a0,-32692(gp)
> 0x401fa004: lw a1,-32692(gp)
> 0x401fa008: lw a3,-32692(gp)
> 0x401fa00c: lw t9,-32600(gp)
> 0x401fa010: addiu a0,a0,30820
> 0x401fa014: addiu a1,a1,29452
> 0x401fa018: addiu a3,a3,25856
> 0x401fa01c: jalr t9
> 0x401fa020: li a2,161
>
> OP:
> 0x0000: load_gpr_T0_gpr28
> 0x0001: set_T1 0xffff804c
> 0x0002: add
> 0x0003: lw_raw
> 0x0004: store_T0_gpr_gpr4
> 0x0005: load_gpr_T0_gpr28
> 0x0006: set_T1 0xffff804c
> 0x0007: add
> 0x0008: lw_raw
> 0x0009: store_T0_gpr_gpr5
> 0x000a: load_gpr_T0_gpr28
> 0x000b: set_T1 0xffff804c
> 0x000c: add
> 0x000d: lw_raw
> 0x000e: store_T0_gpr_gpr7
> 0x000f: load_gpr_T0_gpr28
> 0x0010: set_T1 0xffff80a8
> 0x0011: add
> 0x0012: lw_raw
> 0x0013: store_T0_gpr_gpr25
> 0x0014: load_gpr_T0_gpr4
> 0x0015: set_T1 0x7864
> 0x0016: add
> 0x0017: store_T0_gpr_gpr4
> 0x0018: load_gpr_T0_gpr5
> 0x0019: set_T1 0x730c
> 0x001a: add
> 0x001b: store_T0_gpr_gpr5
> 0x001c: load_gpr_T0_gpr7
> 0x001d: set_T1 0x6500
> 0x001e: add
> 0x001f: store_T0_gpr_gpr7
> 0x0020: load_gpr_T2_gpr25
> 0x0021: set_T0 0x401fa024
> 0x0022: store_T0_gpr_gpr31
> 0x0023: reset_T0
> 0x0024: set_T1 0xa1
> 0x0025: add
> 0x0026: store_T0_gpr_gpr6
> 0x0027: breg
> 0x0028: reset_T0
> 0x0029: exit_tb
> 0x002a: end
>
> ---------------- 2 00000003
> OUT: [size=131]
> 0x810cd9d0: mov 0x70(%ebp),%ebx
> 0x810cd9d3: mov $0xffff804c,%esi
> 0x810cd9d8: add %esi,%ebx
> 0x810cd9da: mov (%ebx),%ebx
> 0x810cd9dc: mov %ebx,0x10(%ebp)
> 0x810cd9df: mov 0x70(%ebp),%ebx
> 0x810cd9e2: mov $0xffff804c,%esi
> 0x810cd9e7: add %esi,%ebx
> 0x810cd9e9: mov (%ebx),%ebx
> 0x810cd9eb: mov %ebx,0x14(%ebp)
> 0x810cd9ee: mov 0x70(%ebp),%ebx
> 0x810cd9f1: mov $0xffff804c,%esi
> 0x810cd9f6: add %esi,%ebx
> 0x810cd9f8: mov (%ebx),%ebx
> 0x810cd9fa: mov %ebx,0x1c(%ebp)
> 0x810cd9fd: mov 0x70(%ebp),%ebx
> 0x810cda00: mov $0xffff80a8,%esi
> 0x810cda05: add %esi,%ebx
> 0x810cda07: mov (%ebx),%ebx
> 0x810cda09: mov %ebx,0x64(%ebp)
> 0x810cda0c: mov 0x10(%ebp),%ebx
> 0x810cda0f: mov $0x7864,%esi
> 0x810cda14: add %esi,%ebx
> 0x810cda16: mov %ebx,0x10(%ebp)
> 0x810cda19: mov 0x14(%ebp),%ebx
> 0x810cda1c: mov $0x730c,%esi
> 0x810cda21: add %esi,%ebx
> 0x810cda23: mov %ebx,0x14(%ebp)
> 0x810cda26: mov 0x1c(%ebp),%ebx
> 0x810cda29: mov $0x6500,%esi
> 0x810cda2e: add %esi,%ebx
> 0x810cda30: mov %ebx,0x1c(%ebp)
> 0x810cda33: mov 0x64(%ebp),%edi
> 0x810cda36: mov $0x401fa024,%ebx
> 0x810cda3b: mov %ebx,0x7c(%ebp)
> 0x810cda3e: xor %ebx,%ebx
> 0x810cda40: mov $0xa1,%esi
> 0x810cda45: add %esi,%ebx
> 0x810cda47: mov %ebx,0x18(%ebp)
> 0x810cda4a: mov %edi,0x80(%ebp)
> 0x810cda50: xor %ebx,%ebx
> 0x810cda52: ret
>
> ------------------------------------------------
> pc=0x00012a2c HI=0x00000000 LO=0x00000000 ds 0003 00000000 0
> GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008
> GPR04: a0 00017864 a1 0001730c a2 000000a1 a3 00016500
> GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff
> GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063
> GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 6ffffdff t9 00012a2c k0 00000000 k1 00000000
> GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 401fa024
> CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000
> Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000
> CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0
> FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299
> cpu_mips_handle_mmu_fault pc 00012a2c ad 00012a2c rw 0
> is_user 1 smmu 0
> do_raise_exception_err: 26 1
>
>
>
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
yes,I got similar error,but if I "static" compile then everything looks ok !
[sbox-mipselglibc: ~] > gcc /scratchbox/packages/hello.c -ohello -static
[sbox-mipselglibc: ~] > qemu-mipsel hello
hello world
wangji@laixa:/scratchbox/users/wangji/targets/mipselglibc/bin$ file busybox
busybox: ELF 32-bit LSB MIPS-I executable, MIPS, version 1 (SYSV), for
GNU/Linux 2.4.3, statically linked, stripped
wangji@laixa:/scratchbox/users/wangji/targets/mipselglibc/bin$ qemu-mipsel
busybox
BusyBox v1.00 (2006.08.27-10:16+0000) multi-call binary
Usage: busybox [function] [arguments]...
----cut here --
qemu-0.82 ,crosstool-0.38 from my latest livecdToolkit
http://mirror.opf.slu.cz/scratchbox/iso/ScratchboxMultiCpu-2.3.iso
next prev parent reply other threads:[~2006-09-09 6:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-08 16:35 [Qemu-devel] MIPS little endian user space emulation Dirk Behme
2006-09-08 20:33 ` Stefan Weil
2006-09-09 7:41 ` Dirk Behme
2006-09-09 18:00 ` Stefan Weil
2006-09-10 10:24 ` wangji
2006-09-09 22:13 ` wangji [this message]
2006-09-09 7:16 ` Dirk Behme
2006-09-10 2:34 ` wangji
2006-09-10 8:49 ` wangji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200609100013.42650.hoan@wanadoo.fr \
--to=hoan@wanadoo.fr \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).