From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=52883 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Ov10i-0002aX-8W
	for Qemu-devel@nongnu.org; Mon, 13 Sep 2010 00:51:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <stu.grossman@gmail.com>) id 1Ov10h-0001Tp-3t
	for Qemu-devel@nongnu.org; Mon, 13 Sep 2010 00:51:20 -0400
Received: from mail-ew0-f45.google.com ([209.85.215.45]:39213)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <stu.grossman@gmail.com>) id 1Ov10g-0001Te-NJ
	for Qemu-devel@nongnu.org; Mon, 13 Sep 2010 00:51:19 -0400
Received: by ewy27 with SMTP id 27so2920936ewy.4
	for <Qemu-devel@nongnu.org>; Sun, 12 Sep 2010 21:51:17 -0700 (PDT)
MIME-Version: 1.0
Date: Sun, 12 Sep 2010 21:51:16 -0700
Message-ID: <AANLkTi=JANf-9_bGExXhSJ6DBdhdP7pcTQR0ObspMvxw@mail.gmail.com>
From: Stu Grossman <stu.grossman@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] PowerPC code generation and the program counter
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Qemu-devel@nongnu.org

I've been using qemu-12.4 to trace accesses to non-existent addresses, but =
I've
found that the PC is incorrect when cpu_abort() is called from within the
unassigned memory helper routines (unassigned_mem_read[bwl] and
unassigned_mem_write[bwl]). =A0Even nearby instructions (plus or minus 10
instructions or so) don't match the type of load or store being done, so th=
is
isn't a PC being current_instr+4 kind of thing.

I ended up modifying the GEN_LD* and GEN_ST* macros (in target-ppc/translat=
e.c)
to call gen_update_nip(ctx, ctx->nip - 4). =A0This fixed the above problem,=
 which
has helped enormously.

Since I'm not a qemu expert, I was wondering about several things:

	1) Was it really necessary to add gen_update_nip to the load and store
	   instructions in order to get the correct PC? =A0Could the correct PC
	   have been derived some other way, without a runtime cost for all
	   basic loads and stores?
	2) As the current code lacks that fix, the basic load and store
	   instructions will save an incorrect PC if an exception occurs. =A0If
	   so, how come nobody noticed this before? =A0I think that exceptions
	   would have srr0 pointing at the last instruction which called
	   gen_update_nip. =A0So when the target returns from a data exception,
	   it might re-execute some instructions. =A0Possibly harmless, but could
	   lead to subtle bugs...

	Thanks, Stu

Here's the patch if anybody is interested:

*** translate.c~        Sat Sep 11 23:43:25 2010
--- translate.c Sun Sep 12 20:49:53 2010
***************
*** 2549,2554 ****
--- 2549,2555 ----
  {
         \
      TCGv EA;
         \
      gen_set_access_type(ctx, ACCESS_INT);
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      EA =3D tcg_temp_new();
         \
      gen_addr_imm_index(ctx, EA, 0);
         \
      gen_qemu_##ldop(ctx, cpu_gpr[rD(ctx->opcode)], EA);
         \
***************
*** 2564,2569 ****
--- 2565,2571 ----
          gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
         \
          return;
         \
      }
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      if (type =3D=3D PPC_64B)
         \
***************
*** 2584,2589 ****
--- 2586,2592 ----
          gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
         \
          return;
         \
      }
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      gen_addr_reg_index(ctx, EA);
         \
***************
*** 2596,2601 ****
--- 2599,2605 ----
  static void glue(gen_, name##x)(DisasContext *ctx)
         \
  {
         \
      TCGv EA;
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      gen_addr_reg_index(ctx, EA);
         \
***************
*** 2693,2698 ****
--- 2697,2703 ----
  static void glue(gen_, name)(DisasContext *ctx)
                 \
  {
         \
      TCGv EA;
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      gen_addr_imm_index(ctx, EA, 0);
         \
***************
*** 2708,2713 ****
--- 2713,2719 ----
          gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
         \
          return;
         \
      }
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      if (type =3D=3D PPC_64B)
         \
***************
*** 2727,2732 ****
--- 2733,2739 ----
          gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
         \
          return;
         \
      }
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      gen_addr_reg_index(ctx, EA);
         \
***************
*** 2739,2744 ****
--- 2746,2752 ----
  static void glue(gen_, name##x)(DisasContext *ctx)
                 \
  {
         \
      TCGv EA;
         \
+     gen_update_nip(ctx, ctx->nip - 4);
               \
      gen_set_access_type(ctx, ACCESS_INT);
         \
      EA =3D tcg_temp_new();
         \
      gen_addr_reg_index(ctx, EA);
         \