From: "Alex Bennée" <alex.bennee@linaro.org>
To: "Станислав Юдин" <CityAceE@reext.ru>
Cc: qemu-devel@nongnu.org
Subject: Re: Disassembler disagrees with translator over instruction decoding
Date: Mon, 11 Sep 2023 12:20:56 +0100 [thread overview]
Message-ID: <8734zlosqd.fsf@linaro.org> (raw)
In-Reply-To: <afa1c81a-3077-45f9-83e7-d6b87b0fcf80@reext.ru>
Станислав Юдин <CityAceE@reext.ru> writes:
> Hello,
>
> I've just got this message, when I dubugging my code:
>
> Disassembler disagrees with translator over instruction decoding
> Please report this to qemu-devel@nongnu.org
>
> *
>
> Binary code is in the attachment.
The binary seems to reconfigure itself as it executes as I can't find
the instructions in the objdump. However via gdbstub we get to:
(gdb) x/4i $pc
=> 0x60011ab8: pop {r0, r1, r2, r3, r4, r5, r6, pc}
0x60011aba: push {lr}
0x60011abc: mov.w r11, #4
0x60011ac0: ldrb.w r7, [r0, r10]
(gdb) x/10i 0x60010168
0x60010168: ldrb r6, [r0, r1]
0x6001016a: addw r7, pc, #6
0x6001016e: ldr.w pc, [r7]
0x60010172: lsls r2, r6, #21
0x60010174: str r1, [r0, #0]
0x60010176: lsls r2, r7, #21
0x60010178: str r1, [r0, #0]
0x6001017a: lsls r6, r3, #22
0x6001017c: str r1, [r0, #0]
0x6001017e: lsls r6, r5, #22
(gdb) hbreak *0x6001016e
Hardware assisted breakpoint 2 at 0x6001016e
(gdb) c
Continuing.
Breakpoint 2, 0x6001016e in ?? ()
(gdb) i
0x60010572 in ?? ()
=> 0x60010572: streq pc, [r4, #-421] @ 0xfffffe5b
0x60010576: ldmiblt r7, {r0, r12, sp, lr, pc}^
0x6001057a: tsteq r1, r1, lsl #2 @ <UNPREDICTABLE>
(gdb) x/5i $pc
=> 0x60010572: streq pc, [r4, #-421] @ 0xfffffe5b
0x60010576: ldmiblt r7, {r0, r12, sp, lr, pc}^
0x6001057a: tsteq r1, r1, lsl #2 @ <UNPREDICTABLE>
0x6001057e: smlabteq r0, r0, r2, pc @ <UNPREDICTABLE>
0x60010582: blt 0x61da66a2
(gdb) x/10w $pc
0x60010572: 0x0504f1a5 0xb9d7f001 0x0101f101 0x0100f2c0
0x60010582: 0xba765846 0x0300f2c0 0x0436bfe1 0x31024333
0x60010592: 0x0100f2c0 0x050af1a5
(gdb)
Which seems to agree with the disassembler from the console:
(qemu) x/5i 0x60010572
0x60010572: 0504f1a5 streq pc, [r4, #-0x1a5]
0x60010576: b9d7f001 ldmiblt r7, {r0, ip, sp, lr, pc} ^
0x6001057a: 0101f101 mrseq pc, apsr
0x6001057e: 0100f2c0 smlabteq r0, r0, r2, pc
0x60010582: ba765846 blt #0x61da66a2
>
> It launches by this command:
>
> "c:\Program Files\qemu\qemu-system-arm.exe" -M vexpress-a9 -serial stdio -m 512M -kernel speciarmlist.bin -d
> in_asm
>
>
> qemu-system-arm.exe -version
> QEMU emulator version 8.0.94 (v8.1.0-rc4-12032-g74a4cbee04)
> Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2023-09-11 11:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-09 15:22 Disassembler disagrees with translator over instruction decoding Станислав Юдин
2023-09-11 11:20 ` Alex Bennée [this message]
2023-09-11 12:16 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8734zlosqd.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=CityAceE@reext.ru \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).