[Qemu-devel] sparc32 "bneg,a" bug?

[Qemu-devel] sparc32 "bneg,a" bug?

[Artyom Tarasenko]

Can it be that bneg,a branches unconditionally, or annuls unconditionally?

   0xf0071520:  subcc  %g3, %g2, %g3
=> 0xf0071524:  bneg,a   0xf007152c
   0xf0071528:  clr  %g3
   0xf007152c:  st  %g3, [ %i0 + 0x58 ]
(gdb) info registers g3 psr
g3             0x18     24
psr            0x4000ae7        [ #0 #1 #2 ET PS S #9 #11 #26 ]
(gdb) nexti
0xf007152c in ?? ()

 0xf0071528 is supposed to be executed. Or it a gdb stub bug?

-- 
Regards,
Artyom Tarasenko

solaris/sparc under qemu blog: http://tyom.blogspot.com/

[Qemu-devel] Re: sparc32 "bneg,a" bug?

[Blue Swirl]

On Sun, Nov 7, 2010 at 5:22 PM, Artyom Tarasenko <atar4qemu@gmail.com> wrote:
> Can it be that bneg,a branches unconditionally, or annuls unconditionally?
>
>   0xf0071520:  subcc  %g3, %g2, %g3
> => 0xf0071524:  bneg,a   0xf007152c
>   0xf0071528:  clr  %g3
>   0xf007152c:  st  %g3, [ %i0 + 0x58 ]
> (gdb) info registers g3 psr
> g3             0x18     24
> psr            0x4000ae7        [ #0 #1 #2 ET PS S #9 #11 #26 ]
> (gdb) nexti
> 0xf007152c in ?? ()
>
>  0xf0071528 is supposed to be executed. Or it a gdb stub bug?

It should not be executed. Since N flag is not set and this is an
ICC-conditional branch, the delay instruction is annulled. See V8
manual B.21, page 120.

The following program produces the same results natively and with QEMU:
$ cat bneg.c
#include <stdio.h>

long f(long val)
{
    long ret;

    asm("tst %1\n\t"
        "clr %0\n\t"
        "bneg,a 1f\n\t"
        "or %0, 1, %0\n\t"
        "or %0, 2, %0\n\t"
        "or %0, 4, %0\n\t"
        "1: \n\t"
        : "=r" (ret) : "r" (val));
    return ret;
}

int main(int argc, const char **argv)
{
    long x;

    x = -1;
    printf("f(0x%lx) = 0x%lx\n", x, f(x));
    x = 0;
    printf("f(0x%lx) = 0x%lx\n", x, f(x));

    return 0;
}
$ gcc -o bneg bneg.c
$ ./bneg
f(0xffffffff) = 0x1
f(0x0) = 0x6
$ qemu-sparc32plus ./bneg
f(0xffffffff) = 0x1
f(0x0) = 0x6

[Qemu-devel] Re: sparc32 "bneg,a" bug?

[Artyom Tarasenko]

On Sun, Nov 7, 2010 at 9:32 PM, Blue Swirl <blauwirbel@gmail.com> wrote:
> On Sun, Nov 7, 2010 at 5:22 PM, Artyom Tarasenko <atar4qemu@gmail.com> wrote:
>> Can it be that bneg,a branches unconditionally, or annuls unconditionally?
>>
>>   0xf0071520:  subcc  %g3, %g2, %g3
>> => 0xf0071524:  bneg,a   0xf007152c
>>   0xf0071528:  clr  %g3
>>   0xf007152c:  st  %g3, [ %i0 + 0x58 ]
>> (gdb) info registers g3 psr
>> g3             0x18     24
>> psr            0x4000ae7        [ #0 #1 #2 ET PS S #9 #11 #26 ]
>> (gdb) nexti
>> 0xf007152c in ?? ()
>>
>>  0xf0071528 is supposed to be executed. Or it a gdb stub bug?
>
> It should not be executed. Since N flag is not set and this is an
> ICC-conditional branch, the delay instruction is annulled. See V8
> manual B.21, page 120.

Ops. Sorry for the noise. I missed that  the annul bit has a different
effect on
conditional branches than it does on unconditional ones.
Thanks for the clarification!

> The following program produces the same results natively and with QEMU:
> $ cat bneg.c
> #include <stdio.h>
>
> long f(long val)
> {
>    long ret;
>
>    asm("tst %1\n\t"
>        "clr %0\n\t"
>        "bneg,a 1f\n\t"
>        "or %0, 1, %0\n\t"
>        "or %0, 2, %0\n\t"
>        "or %0, 4, %0\n\t"
>        "1: \n\t"
>        : "=r" (ret) : "r" (val));
>    return ret;
> }
>
> int main(int argc, const char **argv)
> {
>    long x;
>
>    x = -1;
>    printf("f(0x%lx) = 0x%lx\n", x, f(x));
>    x = 0;
>    printf("f(0x%lx) = 0x%lx\n", x, f(x));
>
>    return 0;
> }
> $ gcc -o bneg bneg.c
> $ ./bneg
> f(0xffffffff) = 0x1
> f(0x0) = 0x6
> $ qemu-sparc32plus ./bneg
> f(0xffffffff) = 0x1
> f(0x0) = 0x6
>



-- 
Regards,
Artyom Tarasenko

solaris/sparc under qemu blog: http://tyom.blogspot.com/