From: Peter Maydell <peter.maydell@linaro.org>
To: Liviu Ionescu <ilg@livius.net>
Cc: QEMU Developers <Qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] Better Cortex-M support?
Date: Tue, 28 Oct 2014 14:18:14 +0000 [thread overview]
Message-ID: <CAFEAcA8aTaHwuor3L+uprev8N_SiM7Ofuj3w6mvCq4PMCx9bBg@mail.gmail.com> (raw)
In-Reply-To: <DA86ED53-88D0-4C99-82C6-F0EE2C2A15D9@livius.net>
On 28 October 2014 13:54, Liviu Ionescu <ilg@livius.net> wrote:
>
>> Do you have a test binary (plus qemu command line) you
>> can send me?
>
> sure: https://dl.dropboxusercontent.com/u/78151643/minimal.elf
> exactly the same binary, with 2.1.50:
>
> ilg-mbp:build ilg$ /Users/ilg/Work/NoBackup/qemu/qemu.git/arm-softmmu/qemu-system-arm -machine lm3s6965evb -nographic -monitor null -serial null -semihosting -m 513M -kernel qemu_osx_aep_gcc_minimal_Debug/minimal.elf
> qemu: Unsupported SemiHosting SWI 0x00
> R00=00000000 R01=00000000 R02=00000000 R03=00000000
> R04=00000000 R05=00000000 R06=00000000 R07=200ffed8
> R08=00000000 R09=00000000 R10=00000000 R11=00000000
> R12=00000000 R13=200ffed8 R14=000022c5 R15=0000157c
> PSR=60000173 -ZC- T svc32
> Abort trap: 6
Thanks. I've identified what's happening here, and
it's not a bug in QEMU as such. The 'lm3s6965evb'
model is of a microcontroller with 64KB of SRAM,
so valid RAM is only from 0x20000000 to 0x20010000,
but your binary is trying to use the area beyond that
as RAM as well, and is therefore misbehaving.
(We ignore any attempt to specify RAM size via the
command line -m switch, so your '-m 513M' has no effect).
You can turn on tracing of what QEMU executes like this:
./build/x86/arm-softmmu/qemu-system-arm -machine lm3s6965evb -display
none -semihosting -kernel ~/Downloads/minimal.elf -d in_asm,cpu,exec
-singlestep
and you can see (note that the register dumps
here are always for the point *before* the insn
we've just printed, as you can tell from the values
of R15):
IN: _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
0x00001568: af00 add r7, sp, #0
Trace 0x7f4286560710 [00001568] _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
R00=00000004 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=200ffef0
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=200ffed8 R14=000022c5 R15=00001568
PSR=60000173 -ZC- T svc32
----------------
IN: _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
0x0000156a: 60f8 str r0, [r7, #12]
Trace 0x7f4286560750 [0000156a] _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
R00=00000004 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=200ffed8
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=200ffed8 R14=000022c5 R15=0000156a
PSR=60000173 -ZC- T svc32
----------------
IN: _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
0x0000156c: 60b9 str r1, [r7, #8]
Trace 0x7f42865607e0 [0000156c] _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
R00=00000004 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=200ffed8
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=200ffed8 R14=000022c5 R15=0000156c
PSR=60000173 -ZC- T svc32
----------------
IN: _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
0x0000156e: 607a str r2, [r7, #4]
Trace 0x7f4286560870 [0000156e] _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
R00=00000004 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=200ffed8
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=200ffed8 R14=000022c5 R15=0000156e
PSR=60000173 -ZC- T svc32
----------------
IN: _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
0x00001570: 68f8 ldr r0, [r7, #12]
Trace 0x7f4286560900 [00001570] _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
R00=00000004 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=200ffed8
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=200ffed8 R14=000022c5 R15=00001570
PSR=60000173 -ZC- T svc32
----------------
IN: _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
0x00001572: 68bb ldr r3, [r7, #8]
Trace 0x7f4286560990 [00001572] _ZN3hal7cortexm4diag11SemiHosting4BKPTEiPvS3_
R00=00000000 R01=00000000 R02=00000000 R03=00000000
R04=00000000 R05=00000000 R06=00000000 R07=200ffed8
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=200ffed8 R14=000022c5 R15=00001572
PSR=60000173 -ZC- T svc32
----------------
Your stack is in invalid memory, which is treated as
"writes ignored, reads as zeros". So we get the correct
r0 value on entry, but the code stores it to the
(invalid) stack and then when it tries to read it back
it gets zero, which is incorrect.
It's just a coincidence that the first thing your binary
does that relies on a working stack happens to involve
semihosting.
I suggest you relink your binary to fit in the 64K
of RAM this board has. (There's also flash at address
zero.)
thanks
-- PMM
next prev parent reply other threads:[~2014-10-28 14:18 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-28 10:43 [Qemu-devel] Better Cortex-M support? Liviu Ionescu
2014-10-28 12:22 ` Peter Maydell
2014-10-28 12:40 ` Liviu Ionescu
2014-10-28 12:45 ` Peter Maydell
2014-10-28 12:52 ` Liviu Ionescu
2014-10-28 12:57 ` Peter Maydell
2014-10-28 13:23 ` Liviu Ionescu
2014-10-28 13:45 ` Peter Maydell
2014-10-28 13:54 ` Liviu Ionescu
2014-10-28 14:18 ` Peter Maydell [this message]
2014-10-28 14:37 ` Liviu Ionescu
2014-10-28 14:40 ` Peter Maydell
2014-10-28 14:50 ` Liviu Ionescu
2014-10-28 14:59 ` Peter Maydell
2014-10-28 15:03 ` Peter Maydell
2014-10-28 15:22 ` Liviu Ionescu
2014-10-28 15:38 ` Peter Maydell
2014-10-28 16:38 ` Liviu Ionescu
2014-10-28 17:08 ` Peter Maydell
2014-10-29 7:17 ` Liviu Ionescu
2014-10-29 13:28 ` Christopher Covington
2014-10-29 14:48 ` Andreas Färber
2014-10-29 14:55 ` Peter Maydell
2014-10-29 15:11 ` Paolo Bonzini
2014-10-29 15:18 ` Liviu Ionescu
2014-10-29 15:31 ` Paolo Bonzini
2014-10-29 16:37 ` Liviu Ionescu
2014-10-29 18:13 ` Paolo Bonzini
2014-10-29 7:03 ` Liviu Ionescu
2014-10-29 10:31 ` Peter Maydell
2014-10-29 12:01 ` Liviu Ionescu
2014-11-04 12:05 ` Fabien Chouteau
2014-11-04 12:19 ` Alistair Francis
2014-11-11 21:56 ` Liviu Ionescu
2014-11-11 23:08 ` Peter Maydell
2014-11-12 12:50 ` Liviu Ionescu
2014-11-12 13:02 ` Peter Maydell
2014-11-12 13:43 ` Liviu Ionescu
2014-11-12 13:51 ` Peter Maydell
2014-11-12 14:23 ` Liviu Ionescu
2014-11-13 0:11 ` Alistair Francis
2014-11-13 7:48 ` Liviu Ionescu
2014-11-14 1:01 ` Alistair Francis
2014-11-14 7:32 ` Liviu Ionescu
2014-12-01 0:39 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA8aTaHwuor3L+uprev8N_SiM7Ofuj3w6mvCq4PMCx9bBg@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=Qemu-devel@nongnu.org \
--cc=ilg@livius.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).