From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:34058)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1Sx8MP-0002RX-DS
	for qemu-devel@nongnu.org; Thu, 02 Aug 2012 23:15:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1Sx8MO-0000CU-5j
	for qemu-devel@nongnu.org; Thu, 02 Aug 2012 23:15:33 -0400
Received: from indium.canonical.com ([91.189.90.7]:49286)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1Sx8MN-0000CQ-W2
	for qemu-devel@nongnu.org; Thu, 02 Aug 2012 23:15:32 -0400
Received: from loganberry.canonical.com ([91.189.90.37])
	by indium.canonical.com with esmtp (Exim 4.71 #1 (Debian))
	id 1Sx8MN-0004mq-Hk
	for <qemu-devel@nongnu.org>; Fri, 03 Aug 2012 03:15:31 +0000
Received: from loganberry.canonical.com (localhost [127.0.0.1])
	by loganberry.canonical.com (Postfix) with ESMTP id 7F8CB2E807D
	for <qemu-devel@nongnu.org>; Fri,  3 Aug 2012 03:15:31 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 03 Aug 2012 03:08:50 -0000
From: Samuel Bronson <naesten@gmail.com>
Sender: bounces@canonical.com
References: <20120801101347.11507.55032.malonedeb@wampee.canonical.com>
Message-Id: <20120803030850.32082.79110.launchpad@wampee.canonical.com>
Errors-To: bounces@canonical.com
Subject: [Qemu-devel] [Bug 1031698] Re: Missing PPC TRACE exception on a
	branch
Reply-To: Bug 1031698 <1031698@bugs.launchpad.net>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

** Tags added: ppc

-- =

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1031698

Title:
  Missing PPC TRACE exception on a branch

Status in QEMU:
  New

Bug description:
  I am using qemu-1.1.1-1 to emulate a PPC PREP machine on intel host
  linux ubuntu 11-10

  In the following example, i will show that the POWERPC TRACE exception
  at vector 0xD00 is not taken when executing a specific kind of branch.

  =

  I have the following stand-alone assembly source code for powerpc in file=
 SE_TEST.s

  =

  	.text
  	.global	_start

  =

  _start:

  /* copy vector handler at address 0xD00 */
  	addis	3,0,(0xD00)@ha
  	addi 	3,3,(0xD00)@l
  	addis	4,0,(vector_handler)@ha
  	addi 	4,4,(vector_handler)@l
  	addi	3,3,-4
  	addi	4,4,-4
  	lwzu	7,4(4)
  	stwu	7,4(3)
  	lwzu	7,4(4)
  	stwu	7,4(3)
  	lwzu	7,4(4)
  	stwu	7,4(3)
  	lwzu	7,4(4)
  	stwu	7,4(3)

  =

  /* set branch address in SRR0 register */	=

  	addis	3,0,(branch)@ha
  	addi 	3,3,(branch)@l
  	mtspr	26,3

  /* Read MSR */
  /* Set SE bit and clear IP bit then set value in SSR1 */
  	 		=

  	mfmsr	4
  	ori	4,4,0x0400
  	andi.	4,4,0xFFBF
  	mtspr	27,4
  /* Set CR condition to execute not taken branch after rfi */	=

  	addi	5,0,0
  	cmpi	0,5,0
  	rfi
  	nop
  	nop
  	nop
  	=

  branch:	=

  	bne     down       <- branch where the error is.
  branch_plus_1:	=

  	nop
  branch_plus_2:	=

  	nop
  down:	nop
  	nop
  	nop
  	nop

  vector_handler:	=

  	mfspr	6,26
  	nop
  	nop
  	nop
  	=


  It compiles with powerpc-eabi-gcc SE_TEST.s -o SE_TEST.elf

  =

  Then I run Qemu with the command : "./qemu-system-ppc -M prep -s -S"

  Then i run a cross gdb with the command: "powerpc-eabi-gdb --nx"

  On gdb prompt i execute the following gdb command :

  file SE_TEST.elf
  target remote :1234
  load SE_TEST.elf
  set $pc =3D_start
  b *0xD08
  c

  echo "srr0 value in trace handler  "
  p/x $r6
  echo "address of branch_plus_1   "
  p/x &branch_plus_1
  echo "address of branch_plus_2   "
  p/x &branch_plus_2

  The gdb command windows display the result:

  (gdb) so co
  0xfffffffc in ?? ()
  Loading section .init, size 0x24 lma 0x1800074
  Loading section .text, size 0x26c lma 0x1800098
  Loading section .fini, size 0x20 lma 0x1800304
  Loading section .eh_frame, size 0x8 lma 0x1810324
  Loading section .ctors, size 0x8 lma 0x181032c
  Loading section .dtors, size 0x8 lma 0x1810334
  Loading section .jcr, size 0x4 lma 0x181033c
  Loading section .data, size 0x4 lma 0x1810340
  Start address 0x1800200, load size 720
  Transfer rate: 5760 bits in <1 sec, 90 bytes/write.
  Breakpoint 1 at 0xd08

  Breakpoint 1, 0x00000d08 in ?? ()
  "srr0 value in trace handler  "$1 =3D 0x1800274
  "address of branch_plus_1   "$2 =3D 0x1800270
  "address of branch_plus_2   "$3 =3D 0x1800274

  =

  In trace exception handler, the SRR0 register value should be the value o=
f address just following the branch id 0x1800270.
  But it is not the case, the SRR0 value is the address of the next next in=
struction after the branch instruction.

  It seems that the singlestep exception was not taken after executing
  the "bne down" instruction but was taken after executing the first
  following nop instruction.

  I have make some other test with other kind of branch, the behaviour
  is correct and only for a conditionnal branch when it is not taken
  with issue appears.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1031698/+subscriptions