From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54958)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tg@gmplib.org>) id 1Xzutl-0007dv-T1
	for qemu-devel@nongnu.org; Sat, 13 Dec 2014 17:10:56 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tg@gmplib.org>) id 1Xzutf-0006pz-OP
	for qemu-devel@nongnu.org; Sat, 13 Dec 2014 17:10:49 -0500
Received: from servus.gmplib.org ([193.10.5.126]:60241 helo=shell.gmplib.org)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tg@gmplib.org>) id 1Xzutf-0006pt-HA
	for qemu-devel@nongnu.org; Sat, 13 Dec 2014 17:10:43 -0500
References: <86lhmo303u.fsf@shell.gmplib.org>
From: tg@gmplib.org (=?utf-8?Q?Torbj=C3=B6rn?= Granlund)
Sender: tg@gmplib.org
Date: Sat, 13 Dec 2014 23:10:40 +0100
In-Reply-To: <86lhmo303u.fsf@shell.gmplib.org> (=?utf-8?Q?=22Torbj=C3=B6rn?=
	Granlund"'s message of "Wed\, 03 Dec 2014 22\:16\:37 +0100")
Message-ID: <86egs32obj.fsf@shell.gmplib.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] Bug in s390 instruction emulation
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

I wrote:

  The s390 instruction emulation makes GMP fail most of its tests.
  I have isolated one of the problems:
=20=20
  How to reproduce:
=20=20
  gcc m.c x.s
  ./a.out
=20=20
  Correct output on actual hardware:
  ffffffff
=20=20
  Incorrect output using QEMU 2.2.0 rc4:
  0
=20=20
  File m.c:
  #include <stdio.h>
  int foo();
  int main() { printf("%x\n", foo()); return 0; }
=20=20
  File x.s:
  	.text
  	.align	8
  	.globl	foo
  	.type	foo,@function
  foo:	lghi	%r2, 0
  	lghi	%r3, 1
  	slgr	%r2, %r3
  	slbgr	%r3, %r3
  	slbgr	%r2, %r2
  	br	%r14
=20=20
Turns out that all failures except 3 are due to subb borrow handling
code which (almost) never works when there is borrow-in.  A minimal fix
is quite simple:

*** /home/tege/qemu/qemu-2.2.0/target-s390x/.~/cc_helper.c.~1~	Tue Dec  9 1=
5:45:44 2014
--- /home/tege/qemu/qemu-2.2.0/target-s390x/cc_helper.c	Sat Dec 13 22:47:11=
 2014
***************
*** 182,184 ****
      /* We had borrow-in if normal subtraction isn't equal.  */
!     int borrow_in =3D ar - (a1 - a2);
      int borrow_out;
--- 182,184 ----
      /* We had borrow-in if normal subtraction isn't equal.  */
!     int borrow_in =3D (a1 - a2) - ar;
      int borrow_out;

There is at least one more instruction emulation error which I have not
yet isolated [two test failures].  And then EX is not implemented for
logical operations [one test failure].

This latter problem is adequately reported by qemu:
qemu: fatal: EXECUTE on instruction prefix 0xd400 not implemented
qemu: fatal: EXECUTE on instruction prefix 0xd600 not implemented


(I will not follow up in any way about this bug.  If you choose to
ignore the bug report, then qemu will remain slightly buggier.  If you
choose to deal with the bug in a reasonably timely manner, I'd be happy
to contribute.)


Torbj=C3=B6rn
Please encrypt, key id 0xC8601622