From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KEbHZ-0001Ke-64 for qemu-devel@nongnu.org; Thu, 03 Jul 2008 22:44:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KEbHY-0001KF-Eg for qemu-devel@nongnu.org; Thu, 03 Jul 2008 22:44:20 -0400 Received: from [199.232.76.173] (port=39514 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KEbHY-0001KC-Ap for qemu-devel@nongnu.org; Thu, 03 Jul 2008 22:44:20 -0400 Received: from relay01.mx.bawue.net ([193.7.176.67]:33932) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KEbHX-0008V7-PF for qemu-devel@nongnu.org; Thu, 03 Jul 2008 22:44:20 -0400 Received: from lagash (88-104-39-16.dynamic.dsl.as9105.com [88.104.39.16]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by relay01.mx.bawue.net (Postfix) with ESMTP id 9A37C48916 for ; Fri, 4 Jul 2008 04:44:18 +0200 (CEST) Received: from ths by lagash with local (Exim 4.69) (envelope-from ) id 1KEbHV-0004W9-Qu for qemu-devel@nongnu.org; Fri, 04 Jul 2008 03:44:17 +0100 Date: Fri, 4 Jul 2008 03:44:17 +0100 From: Thiemo Seufer Subject: Re: [Qemu-devel] MIPS emulation Message-ID: <20080704024417.GP7007@networkno.de> References: <200806271350.40937.luke@dashjr.org> <200806280901.11619.luke@dashjr.org> <20080628193924.GE15737@networkno.de> <200807032102.50356.luke@dashjr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200807032102.50356.luke@dashjr.org> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Luke -Jr wrote: > On Saturday 28 June 2008, Thiemo Seufer wrote: > > Luke -Jr wrote: > > > On Friday 27 June 2008, Luke -Jr wrote: > > > > Is it possible to just emulate a MIPS CPU without any kind of ELF > > > > loader/BIOS/boot process, ideally letting me watch/debug the > > > > instruction flow and registers? > > > > > > In particular, I get this log output when I try to boot a flash image: > > > > > > cpu_mips_handle_mmu_fault pc bfc00000 ad bfc00000 rw 2 mmu_idx 0 smmu 1 > > > cpu_mips_handle_mmu_fault address=bfc00000 ret 0 physical 1fc00000 prot 3 > > > do_raise_exception_err: 15 0 > > > do_interrupt enter: PC bfc00000 EPC 00000000 instruction bus error > > > exception do_interrupt: PC bfc00380 EPC bfc00000 cause 6 > > > S 00400006 C 00000418 A 00000000 D 00000000 > > > do_raise_exception_err: 15 0 > > > do_interrupt enter: PC bfc00380 EPC bfc00000 instruction bus error > > > exception do_interrupt: PC bfc00380 EPC bfc00000 cause 6 > > > S 00400006 C 00000418 A 00000000 D 00000000 > > > > An "instruction bus error" means Qemu wasn't able to fetch an instruction > > from address 0xbfc00000, which should correspond to the very begin of > > your flash image. This looks like your Qemu build is broken for some > > reason. Did you build with gcc4, per chance? > > Just tried and got this same thing with a vanilla checkout of trunk compiled > with GCC 3.4.6... Well, the -pflash option works well enough for me to execute the first instructions of a YAMON or redboot image. I figure you'll have to chase this down yourself with the help of gdb. (The IBE is triggered by the do_unassigned_access call in exec-all.h:get_phys_addr_code.) Thiemo