From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GLjKH-0005sF-1j for qemu-devel@nongnu.org; Fri, 08 Sep 2006 12:35:33 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GLjKF-0005s3-5l for qemu-devel@nongnu.org; Fri, 08 Sep 2006 12:35:31 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GLjKF-0005s0-2J for qemu-devel@nongnu.org; Fri, 08 Sep 2006 12:35:31 -0400 Received: from [64.233.162.193] (helo=nz-out-0102.google.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1GLjKs-0007oo-3U for qemu-devel@nongnu.org; Fri, 08 Sep 2006 12:36:10 -0400 Received: by nz-out-0102.google.com with SMTP id n29so378251nzf for ; Fri, 08 Sep 2006 09:35:29 -0700 (PDT) Message-ID: <45019BD1.4000205@gmail.com> Date: Fri, 08 Sep 2006 18:35:29 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: Dirk Behme Subject: [Qemu-devel] MIPS little endian user space emulation Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, anybody with success using little endian MIPS user space emulation qemu-mipsel? I try to run a simple hello world example using recent QEMU snapshot. It crashes with "qemu: unhandled CPU exception 0x1a - aborting". For more details see below. Doing the same with ARM compiler and qemu-arm does work btw. Seems to me that it gets a wrong jump address via gp in t9: 0x401fa00c: lw t9,-32600(gp) ... 0x401fa01c: jalr t9 Any ideas? Many thanks Dirk hello_world> cat hello_world.c #include int main(void) { printf("Hello world\n"); return 0; } hello_world> mipsel-linux-gcc hello_world.c -o hello_world hello_world> file hello_world hello_world: ELF 32-bit LSB MIPS-I executable, MIPS, version 1 (SYSV), for GNU/Linux 2.4.3, dynamically linked (uses shared libs), not stripped hello_world> ./qemu-mipsel -L /usr/mips/mipsel-linux/mipsel-linux -d out_asm,in_asm,op,int,exec,cpu hello_world qemu: unhandled CPU exception 0x1a - aborting pc=0x00012a2c HI=0x00000000 LO=0x00000000 ds 0003 00000000 0 GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008 GPR04: a0 00017864 a1 0001730c a2 000000a1 a3 00016500 GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff GPR12: t4 70000053 t5 401f3c00 t6 401f3f00 t7 00000063 GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000 GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000 GPR24: t8 6ffffdff t9 00012a2c k0 00000000 k1 00000000 GPR28: gp 40257020 sp 401f3be8 s8 00000000 ra 401fa024 CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000 Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000 CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0 FT0: w:00000000 d:0000000000000000 fd:0 fs:5.75452 FT1: w:00000000 d:0000000000000000 fd:0 fs:5.75452 FT2: w:00000000 d:0000000000000000 fd:0 fs:5.75452 f00: w:00000000 d:0000000000000000 fd:0 fs:5.75452 ... f30: w:00000000 d:0000000000000000 fd:0 fs:5.75452 qemu: uncaught target signal 6 (Aborted) - exiting Exctract of end of log file: ... ------------------------------------------------ pc=0x401f9c28 HI=0x00000000 LO=0x00000000 ds 0003 00000000 0 GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000008 GPR04: a0 00000008 a1 401f617c a2 401f3c38 a3 401f6000 GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063 GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000 GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000 GPR24: t8 6ffffdff t9 6ffffe66 k0 00000000 k1 00000000 GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 6ffffeff CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000 Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000 CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0 FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 IN: 0x401f9c28: lw v0,60(a2) 0x401f9c2c: nop 0x401f9c30: bnez v0,0x401fa000 0x401f9c34: nop OP: 0x0000: load_gpr_T0_gpr6 0x0001: set_T1 0x3c 0x0002: add 0x0003: lw_raw 0x0004: store_T0_gpr_gpr2 0x0005: load_gpr_T0_gpr2 0x0006: reset_T1 0x0007: ne 0x0008: set_bcond 0x0009: jnz_T2 0x0 0x000a: goto_tb1 0x000b: save_pc 0x401f9c38 0x000c: set_T0 0x800cd4a1 0x000d: exit_tb 0x000e: save_pc 0x401fa000 0x000f: set_T0 0x0 0x0010: exit_tb 0x0011: reset_T0 0x0012: exit_tb 0x0013: end ---------------- 2 00000003 OUT: [size=80] 0x810cd980: mov 0x18(%ebp),%ebx 0x810cd983: mov $0x3c,%esi 0x810cd988: add %esi,%ebx 0x810cd98a: mov (%ebx),%ebx 0x810cd98c: mov %ebx,0x8(%ebp) 0x810cd98f: mov 0x8(%ebp),%ebx 0x810cd992: xor %esi,%esi 0x810cd994: cmp %esi,%ebx 0x810cd996: setne %al 0x810cd999: xor %ebx,%ebx 0x810cd99b: mov %al,%bl 0x810cd99d: mov %ebx,%edi 0x810cd99f: test %edi,%edi 0x810cd9a1: je 0x810cd9a8 0x810cd9a3: jmp 0x810cd9bd 0x810cd9a8: jmp 0x83151d34 0x810cd9ad: movl $0x401f9c38,0x80(%ebp) 0x810cd9b7: mov $0x800cd4a1,%ebx 0x810cd9bc: ret 0x810cd9bd: movl $0x401fa000,0x80(%ebp) 0x810cd9c7: mov $0x0,%ebx 0x810cd9cc: ret 0x810cd9cd: xor %ebx,%ebx 0x810cd9cf: ret ------------------------------------------------ pc=0x401fa000 HI=0x00000000 LO=0x00000000 ds 0003 00000000 0 GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008 GPR04: a0 00000008 a1 401f617c a2 401f3c38 a3 401f6000 GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063 GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000 GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000 GPR24: t8 6ffffdff t9 6ffffe66 k0 00000000 k1 00000000 GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 6ffffeff CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000 Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000 CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0 FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 IN: 0x401fa000: lw a0,-32692(gp) 0x401fa004: lw a1,-32692(gp) 0x401fa008: lw a3,-32692(gp) 0x401fa00c: lw t9,-32600(gp) 0x401fa010: addiu a0,a0,30820 0x401fa014: addiu a1,a1,29452 0x401fa018: addiu a3,a3,25856 0x401fa01c: jalr t9 0x401fa020: li a2,161 OP: 0x0000: load_gpr_T0_gpr28 0x0001: set_T1 0xffff804c 0x0002: add 0x0003: lw_raw 0x0004: store_T0_gpr_gpr4 0x0005: load_gpr_T0_gpr28 0x0006: set_T1 0xffff804c 0x0007: add 0x0008: lw_raw 0x0009: store_T0_gpr_gpr5 0x000a: load_gpr_T0_gpr28 0x000b: set_T1 0xffff804c 0x000c: add 0x000d: lw_raw 0x000e: store_T0_gpr_gpr7 0x000f: load_gpr_T0_gpr28 0x0010: set_T1 0xffff80a8 0x0011: add 0x0012: lw_raw 0x0013: store_T0_gpr_gpr25 0x0014: load_gpr_T0_gpr4 0x0015: set_T1 0x7864 0x0016: add 0x0017: store_T0_gpr_gpr4 0x0018: load_gpr_T0_gpr5 0x0019: set_T1 0x730c 0x001a: add 0x001b: store_T0_gpr_gpr5 0x001c: load_gpr_T0_gpr7 0x001d: set_T1 0x6500 0x001e: add 0x001f: store_T0_gpr_gpr7 0x0020: load_gpr_T2_gpr25 0x0021: set_T0 0x401fa024 0x0022: store_T0_gpr_gpr31 0x0023: reset_T0 0x0024: set_T1 0xa1 0x0025: add 0x0026: store_T0_gpr_gpr6 0x0027: breg 0x0028: reset_T0 0x0029: exit_tb 0x002a: end ---------------- 2 00000003 OUT: [size=131] 0x810cd9d0: mov 0x70(%ebp),%ebx 0x810cd9d3: mov $0xffff804c,%esi 0x810cd9d8: add %esi,%ebx 0x810cd9da: mov (%ebx),%ebx 0x810cd9dc: mov %ebx,0x10(%ebp) 0x810cd9df: mov 0x70(%ebp),%ebx 0x810cd9e2: mov $0xffff804c,%esi 0x810cd9e7: add %esi,%ebx 0x810cd9e9: mov (%ebx),%ebx 0x810cd9eb: mov %ebx,0x14(%ebp) 0x810cd9ee: mov 0x70(%ebp),%ebx 0x810cd9f1: mov $0xffff804c,%esi 0x810cd9f6: add %esi,%ebx 0x810cd9f8: mov (%ebx),%ebx 0x810cd9fa: mov %ebx,0x1c(%ebp) 0x810cd9fd: mov 0x70(%ebp),%ebx 0x810cda00: mov $0xffff80a8,%esi 0x810cda05: add %esi,%ebx 0x810cda07: mov (%ebx),%ebx 0x810cda09: mov %ebx,0x64(%ebp) 0x810cda0c: mov 0x10(%ebp),%ebx 0x810cda0f: mov $0x7864,%esi 0x810cda14: add %esi,%ebx 0x810cda16: mov %ebx,0x10(%ebp) 0x810cda19: mov 0x14(%ebp),%ebx 0x810cda1c: mov $0x730c,%esi 0x810cda21: add %esi,%ebx 0x810cda23: mov %ebx,0x14(%ebp) 0x810cda26: mov 0x1c(%ebp),%ebx 0x810cda29: mov $0x6500,%esi 0x810cda2e: add %esi,%ebx 0x810cda30: mov %ebx,0x1c(%ebp) 0x810cda33: mov 0x64(%ebp),%edi 0x810cda36: mov $0x401fa024,%ebx 0x810cda3b: mov %ebx,0x7c(%ebp) 0x810cda3e: xor %ebx,%ebx 0x810cda40: mov $0xa1,%esi 0x810cda45: add %esi,%ebx 0x810cda47: mov %ebx,0x18(%ebp) 0x810cda4a: mov %edi,0x80(%ebp) 0x810cda50: xor %ebx,%ebx 0x810cda52: ret ------------------------------------------------ pc=0x00012a2c HI=0x00000000 LO=0x00000000 ds 0003 00000000 0 GPR00: r0 00000000 at 00000000 v0 401f60d4 v1 00000008 GPR04: a0 00017864 a1 0001730c a2 000000a1 a3 00016500 GPR08: t0 90000000 t1 401f6000 t2 40000000 t3 6fffffff GPR12: t4 70000053 t5 401f3c20 t6 401f3f20 t7 00000063 GPR16: s0 6fffff72 s1 00000000 s2 00000000 s3 00000000 GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000 GPR24: t8 6ffffdff t9 00012a2c k0 00000000 k1 00000000 GPR28: gp 40257020 sp 401f3c08 s8 00000000 ra 401fa024 CP0 Status 0x30400014 Cause 0x00000000 EPC 0x00000000 Config0 0x80000082 Config1 0x1e190c8b LLAddr 0x00000000 CP1 FCR0 0x00000110 FCR31 0x00000000 SR.FR 0 FT0: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 FT1: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 FT2: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f00: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f02: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f04: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f06: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f08: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f10: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f12: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f14: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f16: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f18: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f20: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f22: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f24: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f26: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f28: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 f30: w:00000000 d:0000000000000000 fd:0 fs:-8.6795e-299 cpu_mips_handle_mmu_fault pc 00012a2c ad 00012a2c rw 0 is_user 1 smmu 0 do_raise_exception_err: 26 1