Re: [Qemu-devel] Misbehavior of qemu ppc tcg/translation?

[Baojun Wang <wangbj@gmail.com>]

Sorry, I think my example have some problem, because the instruction
after the `bl' would also be executed, I think the reason why on a
real machine (e500v2) doesn't PROGRAM is because of the SPE
instruction:

efdabs 0 0 0 1 0 0 rD rA /// 0 1 0 1 1 1 0 0 1 0 0 EFX efdabs
efdadd 0 0 0 1 0 0 rD rA rB 0 1 0 1 1 1 0 0 0 0 0 EFX efdadd
efdcfs 0 0 0 1 0 0 rD 0 0 0 0 0 rB 0 1 0 1 1 1 0 1 1 1 1 EFX efdcfs
efdcfsf 0 0 0 1 0 0 rD /// rB 0 1 0 1 1 1 1 0 0 1 1 EFX efdcfsf
efdcfsi 0 0 0 1 0 0 rD /// rB 0 1 0 1 1 1 1 0 0 0 1 EFX efdcfsi
efdcfuf 0 0 0 1 0 0 rD /// rB 0 1 0 1 1 1 1 0 0 1 0 EFX efdcfuf
efdcfui 0 0 0 1 0 0 rD /// rB 0 1 0 1 1 1 1 0 0 0 0 EFX efdcfui
efdcmpeq 0 0 0 1 0 0 crfD / / rA rB 0 1 0 1 1 1 0 1 1 1 0 EFX efdcmpeq


opcode(0x10001234) ==> opcode = 4
which will be the above instructions on e500.

I have changed my program, not it looks like:
.data

msg:
        .string "hello, world!\n"
        len = . - msg

.text

        .global _my_cont
_my_cont:
        li 0, 1
        li 3, 0
        sc

        .global _my_write
_my_write:
        stwu 1, -16(1)
        mflr 6
        lwz 4, 0(6)
        lwz 5, 4(6)
        lwz 7, 8(6)
        stw 6, 0(1)
        stw 7, 4(1)
        sc
        lwz 6, 0(1)
        lwz 7, 8(6)
        mtlr 7
        addi 1, 1, 16
        blr

        .global _start
_start:
        li 0, 4
        li 3, 1
        bl _my_write
        .long msg
        .long len
        .long _my_cont

On both qemu & real machine, the code runs fine. I ran into infinite
PROGRAM exception incidentally (NEED further confirm) in ppc-softmmu,
which is more or less simular with the above example because of:

(arch/powerpc/kernel/head_booke.h)
#define EXC_XFER_TEMPLATE(hdlr, trap, msr, copyee, tfer, ret)	\
	li	r10,trap;					\
	stw	r10,_TRAP(r11);					\
	lis	r10,msr@h;					\
	ori	r10,r10,msr@l;					\
	copyee(r10, r9);					\
	bl	tfer;		 				\
	.long	hdlr;						\
	.long	ret

Anyway, Thank you very much!

  Best Regards,
Wang Baojun


On Thu, Jul 16, 2009 at 12:34 AM, Blue Swirl<blauwirbel@gmail.com> wrote:
> On 7/15/09, Baojun Wang <wangbj@gmail.com> wrote:
>> hi, list:
>>
>>   I hope the following example is self-explained, in the assembler
>>  code, we can use instruction like (instruction-as-data?):
>>
>>                 100000b4:       10 00 12 34     .long 0x10001234
>>
>>   but the ppc translator set the exception flag and raise a PROGRAM
>>  exception later, however on real machine, if the above instruction is
>>  never ran, then everything should be OK. Thus the ppc translator raise
>>  the exception too early? (I think it should only raise the PROGRAM
>>  exception until tcg really trying to exec the instruction, but not on
>>  translation time)
>
> Would the attached patch fix the problem?
>