From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MR6UR-0003yd-GY for qemu-devel@nongnu.org; Wed, 15 Jul 2009 11:33:51 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MR6UM-0003rZ-KO for qemu-devel@nongnu.org; Wed, 15 Jul 2009 11:33:51 -0400 Received: from [199.232.76.173] (port=42802 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MR6UM-0003rJ-BE for qemu-devel@nongnu.org; Wed, 15 Jul 2009 11:33:46 -0400 Received: from mail-pz0-f196.google.com ([209.85.222.196]:58812) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MR6UL-0000CY-QP for qemu-devel@nongnu.org; Wed, 15 Jul 2009 11:33:46 -0400 Received: by pzk34 with SMTP id 34so1563633pzk.4 for ; Wed, 15 Jul 2009 08:33:43 -0700 (PDT) MIME-Version: 1.0 Date: Wed, 15 Jul 2009 23:33:43 +0800 Message-ID: <3cdfa5bc0907150833w4bf27bfj283242a7e0b5eb9a@mail.gmail.com> From: Baojun Wang Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Misbehavior of qemu ppc tcg/translation? List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org hi, list: I hope the following example is self-explained, in the assembler code, we can use instruction like (instruction-as-data?): 100000b4: 10 00 12 34 .long 0x10001234 but the ppc translator set the exception flag and raise a PROGRAM exception later, however on real machine, if the above instruction is never ran, then everything should be OK. Thus the ppc translator raise the exception too early? (I think it should only raise the PROGRAM exception until tcg really trying to exec the instruction, but not on translation time) Thanks, Wang Baojun $ qemu-ppc -L emu-ppc ./hello hello, world! invalid/unsupported opcode: 04 - 1a - 08 (10001234) 100000b4 0 Invalid instruction NIP 100000b8 LR 100000b4 CTR 00000000 XER 00000000 MSR 00006040 HID0 00000000 HF 00006000 idx 0 TB 00000000 00000000 GPR00 0000000000000004 000000004007f588 0000000000000000 000000000000000f GPR04 00000000100100c4 000000000000000f 0000000000000000 0000000000000000 GPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000 CR 00000000 [ - - - - - - - - ] RES ffffffff FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPSCR 00000000 Segmentation fault on a real machine: $ ./hello hello, world! $ powerpc-unknown-linux-gnu-objdump -d hello hello: file format elf32-powerpc Disassembly of section .text: 10000094 <_raw_write>: 10000094: 44 00 00 02 sc 10000098: 4e 80 00 20 blr 1000009c <_start>: 1000009c: 38 00 00 04 li r0,4 100000a0: 38 60 00 01 li r3,1 100000a4: 3c 80 10 01 lis r4,4097 100000a8: 38 84 00 c4 addi r4,r4,196 100000ac: 38 a0 00 0f li r5,15 100000b0: 4b ff ff e5 bl 10000094 <_raw_write> 100000b4: 10 00 12 34 .long 0x10001234 100000b8: 38 00 00 01 li r0,1 100000bc: 38 60 00 00 li r3,0 100000c0: 44 00 00 02 sc