From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Hklpz-0002Va-0x for qemu-devel@nongnu.org; Sun, 06 May 2007 14:52:03 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Hklpx-0002TE-RR for qemu-devel@nongnu.org; Sun, 06 May 2007 14:52:02 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Hklpx-0002Sq-KG for qemu-devel@nongnu.org; Sun, 06 May 2007 14:52:01 -0400 Received: from jade.aracnet.com ([216.99.193.136]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Hklj4-0002PY-0R for qemu-devel@nongnu.org; Sun, 06 May 2007 14:44:54 -0400 Received: from [192.168.0.4] (216-99-213-225.dsl.aracnet.com [216.99.213.225]) (authenticated bits=0) by jade.aracnet.com (8.13.6/8.12.8) with ESMTP id l46Iipe3026708 for ; Sun, 6 May 2007 11:44:51 -0700 Message-ID: <463E2234.3040508@BitWagon.com> Date: Sun, 06 May 2007 11:45:08 -0700 From: John Reiser MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] bug: qemu-0.9.0 emulating mipsel (32-bit R3000) on amd64 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, qemu-0.9.0 compiled and running on Debian 2.6.18-4-amd64, [compiled by gcc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)], emulating Debian 2.6.18-4-qemu mipsel (32-bit MIPS R3000 little endian), errs when gdb 6.4.90-debian (running on the emulated mipsel) single-steps the user-mode instruction: lw a2,-44(s7) After single-stepping the 'lw', then register a2 contains garbage instead of the memory contents at address -44(s7). This is reproducible every time (and the bad value is the same.) Also, executing the 'lw' by some means other than single stepping (such as by setting a breakpoint _beyond_ the 'lw' and continuing) apparently works correctly. Here is the gdb console log: ----- 0x001060e4 in ?? () 0x1060e4: lw a2,-44(s7) (gdb) p $a2 $3 = 0x0 (gdb) x/x $s7-44 0x105458: 0x00120000 (gdb) g # step one instruction and show next instruction warning: GDB can't find the start of the function at 0x1060e8. warning: GDB can't find the start of the function at 0x1060e8. 0x001060e8 in ?? () 0x1060e8: addiu sp,sp,-32 (gdb) p $a2 $4 = 0x5000d ----- where 'g' is a single-step macro for gdb: define g stepi x/i $pc end I have posted the user-mode executable (28KB) at http://bitwagon.com/ftp/date.qemu-0.9.0.bug The complete gdb session is eight (8) instructions: ----- (gdb) set output-radix 16 (gdb) run Program received signal SIGTRAP, Trace/breakpoint trap. 0x00105478 in ?? () # the entry point (gdb) x/i $pc 0x105478: break (gdb) set $pc+=4 # skip over the 'break' at entry (gdb) x/i $pc 0x10547c: bal 0x10617c # use 'g' or 'stepi' 5 times 0x105480: addiu s7,ra,0 # delay slot; executed but not stopped 0x10617c: lw s5,-48(s7) # this 'lw' executes correctly 0x106180: bal 0x1060e0 0x106184: move s6,ra # delay slot 0x1060e0: addiu s5,s5,-92 0x1060e4: lw a2,-44(s7) # bug: register a2 gets bad value 0x1060e8: addiu sp,sp,-32 (gdb) p $a2 $1 = 0x5000d # (Even after allowing for 1-cycle load delay.) (gdb) x/x $s7-44 0x105458: 0x00120000 # value that should be in register a2, but is not ----- The emulated Debian system was installed using the directions at http://www.aurel32.net/info/debian_mips_qemu.php and the actual installed kernel and initrd was: http://people.debian.org/~ths/d-i/mipsel/images/20070503-02:00/qemu/netboot/initrd.gz http://people.debian.org/~ths/d-i/mipsel/images/20070503-02:00/qemu/netboot/vmlinux-2.6.18-4-qemu After installation, then the emulation is invoked by: qemu-system-mipsel -kernel vmlinux-2.6.18-4-qemu -initrd initrd.gz \ -hda hda.img -append "root=/dev/hda1 console=ttyS0" -nographic \ -net nic -net tap The gdb transcript was copy+paste from an xterm running ssh into the emulated system. ["apt-get install ssh" on the emulated system.] Please suggest how to find and fix this bug? (It's hard to remember to avoid single-stepping 'lw'.) -- John Reiser, jreiser@BitWagon.com