[Qemu-devel] sh4: more patches

[Qemu-devel] sh4: more patches

[Magnus Damm]

[-- Attachment #1: Type: text/plain, Size: 1153 bytes --]

Hi everyone,

Here comes a few more patches for the sh4 emulator. The should be
applied on top of the patches that I posted a few weeks ago:

http://www.mail-archive.com/qemu-devel@nongnu.org/msg10830.html

Good news is that the user space emulator is in a much better shape
now - with all the patches applied I'm successfully running a static
busybox binary compiled for sh4 using qemu-sh4.

The method used to locate emulation bugs may be of value for other
fellow qemu hackers. I've written a small gdb script that single steps
in an endless loop dumping registers between each instruction. Then
I've used this script on both real target hardware (using gdbserver)
and using the gdbstub provided by qemu. Finally the traces have been
compared. I have more patches for this if anyone is interested...

The patches attached in this email contain the following fixes:

- sh4: Emulate more fpu opcodes
- sh4: Swap word order when accessing double floats
- sh4: Document FPSCR usage
- sh4: Ignore PR flag in FPSCR when performing fmov
- sh4: Use DREG() instead of XREG() wherever possible

Could someone please comment or commit? =)

Thank you!

/ magnus

[-- Attachment #2: qemu-cvs_20070611-sh4-fpu-ops.patch --]
[-- Type: application/octet-stream, Size: 6622 bytes --]

sh4: Emulate more fpu opcodes

This patch adds more fpu opcodes to the sh4 emulator. Exceptions are not
supported yet though and flag emulation needs further work.

Signed-off-by: Magnus Damm <damm@igel.co.jp>
---

 cpu.h       |    1 
 op.c        |   93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 translate.c |   90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 183 insertions(+), 1 deletion(-)

--- 0002/target-sh4/cpu.h
+++ work/target-sh4/cpu.h	2007-06-11 12:37:41.000000000 +0900
@@ -99,6 +99,7 @@ typedef struct CPUSH4State {
     /* temporary float registers */
     float32 ft0, ft1;
     float64 dt0, dt1;
+    float_status fp_status;
 
     /* Those belong to the specific unit (SH7750) but are handled here */
     uint32_t mmucr;		/* MMU control register */
--- 0001/target-sh4/op.c
+++ work/target-sh4/op.c	2007-06-11 12:40:13.000000000 +0900
@@ -509,6 +509,9 @@ void OPPROTO op_##store##_##target##_T0 
 void OPPROTO op_lds_T0_fpscr(void)
 {
     env->fpscr = T0 & 0x003fffff;
+    env->fp_status.float_rounding_mode = T0 & 0x01 ? 
+      float_round_to_zero : float_round_nearest_even;
+
     RETURN();
 }
 
@@ -705,6 +708,18 @@ void OPPROTO op_fmov_drN_DT0(void)
     RETURN();
 }
 
+void OPPROTO op_fmov_frN_FT1(void)
+{
+    FT1 = *(float32 *)&env->fregs[PARAM1];
+    RETURN();
+}
+
+void OPPROTO op_fmov_drN_DT1(void)
+{
+    DT1 = *(float64 *)&env->fregs[PARAM1];
+    RETURN();
+}
+
 void OPPROTO op_fmov_FT0_frN(void)
 {
     *(float32 *)&env->fregs[PARAM1] = FT0;
@@ -717,6 +732,84 @@ void OPPROTO op_fmov_DT0_drN(void)
     RETURN();
 }
 
+void OPPROTO op_fadd_FT(void)
+{
+    FT0 = float32_add(FT0, FT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fadd_DT(void)
+{
+    DT0 = float64_add(DT0, DT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fsub_FT(void)
+{
+    FT0 = float32_sub(FT0, FT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fsub_DT(void)
+{
+    DT0 = float64_sub(DT0, DT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fmul_FT(void)
+{
+    FT0 = float32_mul(FT0, FT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fmul_DT(void)
+{
+    DT0 = float64_mul(DT0, DT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fdiv_FT(void)
+{
+    FT0 = float32_div(FT0, FT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fdiv_DT(void)
+{
+    DT0 = float64_div(DT0, DT1, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_float_FT(void)
+{
+    FT0 = int32_to_float32(env->fpul, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_float_DT(void)
+{
+    DT0 = int32_to_float64(env->fpul, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_ftrc_FT(void)
+{
+    env->fpul = float32_to_int32_round_to_zero(FT0, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_ftrc_DT(void)
+{
+    env->fpul = float64_to_int32_round_to_zero(DT0, &env->fp_status);
+    RETURN();
+}
+
+void OPPROTO op_fmov_T0_frN(void)
+{
+    *(unsigned int *)&env->fregs[PARAM1] = T0;
+    RETURN();
+}
+
 void OPPROTO op_dec1_rN(void)
 {
     env->gregs[PARAM1] -= 1;
--- 0003/target-sh4/translate.c
+++ work/target-sh4/translate.c	2007-06-11 12:37:45.000000000 +0900
@@ -131,7 +131,13 @@ void cpu_sh4_reset(CPUSH4State * env)
 #endif
     env->vbr = 0;
     env->pc = 0xA0000000;
-    env->fpscr = 0x00040001;
+#if defined(CONFIG_USER_ONLY)
+    env->fpscr = FPSCR_PR; /* value for userspace according to the kernel */
+    env->fp_status.float_rounding_mode = float_round_nearest_even; /* ?! */
+#else
+    env->fpscr = 0x00040001; /* CPU reset value according to SH4 manual */
+    env->fp_status.float_rounding_mode = float_round_to_zero;
+#endif
     env->mmucr = 0;
 }
 
@@ -238,6 +244,7 @@ static void gen_delayed_conditional_jump
 #define FREG(x) (ctx->fpscr & FPSCR_FR ? (x) ^ 0x10 : (x))
 #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
 #define XREG(x) (ctx->fpscr & FPSCR_FR ? XHACK(x) ^ 0x10 : XHACK(x))
+#define DREG(x) FREG(x) /* Assumes lsb of (x) is always 0 */
 
 #define CHECK_NOT_DELAY_SLOT \
   if (ctx->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) \
@@ -768,6 +775,49 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_stfl_FT0_T1(ctx);
 	}
 	return;
+    case 0xf000:		/* fadd Rm,Rn */
+    case 0xf001:		/* fsub Rm,Rn */
+    case 0xf002:		/* fmul Rm,Rn */
+    case 0xf003:		/* fdiv Rm,Rn */
+    case 0xf004:		/* fcmp/eq Rm,Rn */
+    case 0xf005:		/* fcmp/gt Rm,Rn */
+	if (ctx->fpscr & FPSCR_PR) {
+	    if (ctx->opcode & 0x0110)
+		break; /* illegal instruction */
+	    gen_op_fmov_drN_DT1(DREG(B7_4));
+	    gen_op_fmov_drN_DT0(DREG(B11_8));
+	}
+	else {
+	    gen_op_fmov_frN_FT1(FREG(B7_4));
+	    gen_op_fmov_frN_FT0(FREG(B11_8));
+	}
+
+	switch (ctx->opcode & 0xf00f) {
+	case 0xf000:		/* fadd Rm,Rn */
+	    ctx->fpscr & FPSCR_PR ? gen_op_fadd_DT() : gen_op_fadd_FT();
+	    break;
+	case 0xf001:		/* fsub Rm,Rn */
+	    ctx->fpscr & FPSCR_PR ? gen_op_fsub_DT() : gen_op_fsub_FT();
+	    break;
+	case 0xf002:		/* fmul Rm,Rn */
+	    ctx->fpscr & FPSCR_PR ? gen_op_fmul_DT() : gen_op_fmul_FT();
+	    break;
+	case 0xf003:		/* fdiv Rm,Rn */
+	    ctx->fpscr & FPSCR_PR ? gen_op_fdiv_DT() : gen_op_fdiv_FT();
+	    break;
+	case 0xf004:		/* fcmp/eq Rm,Rn */
+	    return;
+	case 0xf005:		/* fcmp/gt Rm,Rn */
+	    return;
+	}
+
+	if (ctx->fpscr & FPSCR_PR) {
+	    gen_op_fmov_DT0_drN(DREG(B11_8));
+	}
+	else {
+	    gen_op_fmov_FT0_frN(FREG(B11_8));
+	}
+	return;
     }
 
     switch (ctx->opcode & 0xff00) {
@@ -1079,6 +1129,44 @@ void decode_opc(DisasContext * ctx)
 	gen_op_fmov_frN_FT0(FREG(B11_8));
 	gen_op_movl_FT0_fpul();
 	return;
+    case 0xf02d:		/* float FPUL,FRn/DRn */
+	if (ctx->fpscr & FPSCR_PR) {
+	    if (ctx->opcode & 0x0100)
+		break; /* illegal instruction */
+	    gen_op_float_DT();
+	    gen_op_fmov_DT0_drN(DREG(B11_8));
+	}
+	else {
+	    gen_op_float_FT();
+	    gen_op_fmov_FT0_frN(FREG(B11_8));
+	}
+	return;
+    case 0xf03d:		/* ftrc FRm/DRm,FPUL */
+	if (ctx->fpscr & FPSCR_PR) {
+	    if (ctx->opcode & 0x0100)
+		break; /* illegal instruction */
+	    gen_op_fmov_drN_DT0(DREG(B11_8));
+	    gen_op_ftrc_DT();
+	}
+	else {
+	    gen_op_fmov_frN_FT0(FREG(B11_8));
+	    gen_op_ftrc_FT();
+	}
+	return;
+    case 0xf08d:		/* fldi0 FRn */
+	if (!(ctx->fpscr & FPSCR_PR)) {
+	    gen_op_movl_imm_T0(0);
+	    gen_op_fmov_T0_frN(FREG(B11_8));
+	    return;
+	}
+	break;
+    case 0xf09d:		/* fldi1 FRn */
+	if (!(ctx->fpscr & FPSCR_PR)) {
+	    gen_op_movl_imm_T0(0x3f800000);
+	    gen_op_fmov_T0_frN(FREG(B11_8));
+	    return;
+	}
+	break;
     }
 
     fprintf(stderr, "unknown instruction 0x%04x at pc 0x%08x\n",

[-- Attachment #3: qemu-cvs_20070611-sh4-fpu-word-order.patch --]
[-- Type: application/octet-stream, Size: 1472 bytes --]

sh4: Swap word order when accessing double floats

This patch makes sure that double floats get their word order correct when
accessing the FPU register pair as a double.

Signed-off-by: Magnus Damm <damm@igel.co.jp>
---

 cpu-all.h       |   12 ++++++++++++
 target-sh4/op.c |    6 +++---
 2 files changed, 15 insertions(+), 3 deletions(-)

--- 0001/cpu-all.h
+++ work/cpu-all.h	2007-06-11 12:42:32.000000000 +0900
@@ -135,6 +135,18 @@ typedef union {
     uint64_t ll;
 } CPU_DoubleU;
 
+static inline float64 word_swap(float64 d)
+{
+    CPU_DoubleU u;
+    uint32_t i;
+
+    u.d = d;
+    i = u.l.lower;
+    u.l.lower = u.l.upper;
+    u.l.upper = i;
+    return u.d;
+}
+
 /* CPU memory access without any memory or io remapping */
 
 /*
--- 0004/target-sh4/op.c
+++ work/target-sh4/op.c	2007-06-11 12:42:32.000000000 +0900
@@ -704,7 +704,7 @@ void OPPROTO op_fmov_frN_FT0(void)
 
 void OPPROTO op_fmov_drN_DT0(void)
 {
-    DT0 = *(float64 *)&env->fregs[PARAM1];
+    DT0 = word_swap(ldfq_le_p(&env->fregs[PARAM1]));
     RETURN();
 }
 
@@ -716,7 +716,7 @@ void OPPROTO op_fmov_frN_FT1(void)
 
 void OPPROTO op_fmov_drN_DT1(void)
 {
-    DT1 = *(float64 *)&env->fregs[PARAM1];
+    DT1 = word_swap(ldfq_le_p(&env->fregs[PARAM1]));
     RETURN();
 }
 
@@ -728,7 +728,7 @@ void OPPROTO op_fmov_FT0_frN(void)
 
 void OPPROTO op_fmov_DT0_drN(void)
 {
-    *(float64 *)&env->fregs[PARAM1] = DT0;
+    stfq_le_p(&env->fregs[PARAM1], word_swap(DT0));
     RETURN();
 }
 

[-- Attachment #4: qemu-cvs_20070507-sh4-fpu-fpscr-comments.patch --]
[-- Type: application/octet-stream, Size: 5180 bytes --]

sh4: Document FPSCR usage

This patch extends per opcode comments to include FPSCR usage. These comments
are useful when implementing proper fpu exception handling in the future. This
patch contains no logic changes.

Signed-off-by: Magnus Damm <damm@igel.co.jp>
---

 translate.c |   38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

--- 0003/target-sh4/translate.c
+++ work/target-sh4/translate.c	2007-05-07 17:29:32.000000000 +0900
@@ -642,7 +642,7 @@ void decode_opc(DisasContext * ctx)
 	gen_op_movl_rN_T0(REG(B7_4));
 	gen_op_xor_T0_rN(REG(B11_8));
 	return;
-    case 0xf00c:		/* fmov {F,D,X}Rm,{F,D,X}Rn */
+    case 0xf00c: /* fmov {F,D,X}Rm,{F,D,X}Rn - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_fmov_drN_DT0(XREG(B7_4));
 	    gen_op_fmov_DT0_drN(XREG(B11_8));
@@ -656,7 +656,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_fmov_FT0_frN(FREG(B11_8));
 	}
 	return;
-    case 0xf00a:		/* fmov {F,D,X}Rm,@Rn */
+    case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_fmov_drN_DT0(XREG(B7_4));
 	    gen_op_movl_rN_T1(REG(B11_8));
@@ -673,7 +673,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_stfl_FT0_T1(ctx);
 	}
 	return;
-    case 0xf008:		/* fmov @Rm,{F,D,X}Rn */
+    case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_ldfq_T0_DT0(ctx);
@@ -690,7 +690,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_fmov_FT0_frN(FREG(B11_8));
 	}
 	return;
-    case 0xf009:		/* fmov @Rm+,{F,D,X}Rn */
+    case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_ldfq_T0_DT0(ctx);
@@ -710,7 +710,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_inc4_rN(REG(B7_4));
 	}
 	return;
-    case 0xf00b:		/* fmov {F,D,X}Rm,@-Rn */
+    case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_dec8_rN(REG(B11_8));
 	    gen_op_fmov_drN_DT0(XREG(B7_4));
@@ -730,7 +730,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_stfl_FT0_T1(ctx);
 	}
 	return;
-    case 0xf006:		/* fmov @(R0,Rm),{F,D,X}Rm */
+    case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_add_rN_T0(REG(0));
@@ -750,7 +750,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_fmov_FT0_frN(FREG(B11_8));
 	}
 	return;
-    case 0xf007:		/* fmov {F,D,X}Rn,@(R0,Rn) */
+    case 0xf007: /* fmov {F,D,X}Rn,@(R0,Rn) - FPSCR: Nothing */
 	if (ctx->fpscr & FPSCR_PR) {
 	    gen_op_fmov_drN_DT0(XREG(B7_4));
 	    gen_op_movl_rN_T1(REG(B11_8));
@@ -770,12 +770,12 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_stfl_FT0_T1(ctx);
 	}
 	return;
-    case 0xf000:		/* fadd Rm,Rn */
-    case 0xf001:		/* fsub Rm,Rn */
-    case 0xf002:		/* fmul Rm,Rn */
-    case 0xf003:		/* fdiv Rm,Rn */
-    case 0xf004:		/* fcmp/eq Rm,Rn */
-    case 0xf005:		/* fcmp/gt Rm,Rn */
+    case 0xf000: /* fadd Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
+    case 0xf001: /* fsub Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
+    case 0xf002: /* fmul Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
+    case 0xf003: /* fdiv Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
+    case 0xf004: /* fcmp/eq Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
+    case 0xf005: /* fcmp/gt Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
 	if (ctx->fpscr & FPSCR_PR) {
 	    if (ctx->opcode & 0x0110)
 		break; /* illegal instruction */
@@ -1116,15 +1116,15 @@ void decode_opc(DisasContext * ctx)
     case 0x401b:		/* tas.b @Rn */
 	gen_op_tasb_rN(REG(B11_8));
 	return;
-    case 0xf00d:		/* fsts FPUL,FRn */
+    case 0xf00d: /* fsts FPUL,FRn - FPSCR: Nothing */
 	gen_op_movl_fpul_FT0();
 	gen_op_fmov_FT0_frN(FREG(B11_8));
 	return;
-    case 0xf01d:		/* flds FRm.FPUL */
+    case 0xf01d: /* flds FRm,FPUL - FPSCR: Nothing */
 	gen_op_fmov_frN_FT0(FREG(B11_8));
 	gen_op_movl_FT0_fpul();
 	return;
-    case 0xf02d:		/* float FPUL,FRn/DRn */
+    case 0xf02d: /* float FPUL,FRn/DRn - FPSCR: R[PR,Enable.I]/W[Cause,Flag] */
 	if (ctx->fpscr & FPSCR_PR) {
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
@@ -1136,7 +1136,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_fmov_FT0_frN(FREG(B11_8));
 	}
 	return;
-    case 0xf03d:		/* ftrc FRm/DRm,FPUL */
+    case 0xf03d: /* ftrc FRm/DRm,FPUL - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
 	if (ctx->fpscr & FPSCR_PR) {
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
@@ -1148,7 +1148,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_ftrc_FT();
 	}
 	return;
-    case 0xf08d:		/* fldi0 FRn */
+    case 0xf08d: /* fldi0 FRn - FPSCR: R[PR] */
 	if (!(ctx->fpscr & FPSCR_PR)) {
 	    gen_op_movl_imm_T0(0);
 	    gen_op_movl_T0_FT0();
@@ -1156,7 +1156,7 @@ void decode_opc(DisasContext * ctx)
 	    return;
 	}
 	break;
-    case 0xf09d:		/* fldi1 FRn */
+    case 0xf09d: /* fldi1 FRn - FPSCR: R[PR] */
 	if (!(ctx->fpscr & FPSCR_PR)) {
 	    gen_op_movl_imm_T0(0x3f800000);
 	    gen_op_movl_T0_FT0();

[-- Attachment #5: qemu-cvs_20070622-sh4-fpu-fmov-ignore-fpscr-pr.patch --]
[-- Type: application/octet-stream, Size: 3694 bytes --]

sh4: Ignore PR flag in FPSCR when performing fmov

This patch makes sure qemu behaves like a real 7751 target and ignores the PR
flag in FPSCR when performing fmov operations.

Signed-off-by: Magnus Damm <damm@igel.co.jp>
---

 translate.c |   45 +++++++--------------------------------------
 1 file changed, 7 insertions(+), 38 deletions(-)

--- 0009/target-sh4/translate.c
+++ work/target-sh4/translate.c	2007-06-22 16:12:51.000000000 +0900
@@ -648,10 +648,7 @@ void decode_opc(DisasContext * ctx)
 	gen_op_xor_T0_rN(REG(B11_8));
 	return;
     case 0xf00c: /* fmov {F,D,X}Rm,{F,D,X}Rn - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0110)
 		break; /* illegal instruction */
 	    gen_op_fmov_drN_DT0(XREG(B7_4));
@@ -662,11 +659,7 @@ void decode_opc(DisasContext * ctx)
 	}
 	return;
     case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
-	    gen_op_movl_rN_T1(REG(B11_8));
-	    gen_op_stfq_DT0_T1(ctx);
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0010)
 		break; /* illegal instruction */
 	    gen_op_fmov_drN_DT0(XREG(B7_4));
@@ -679,11 +672,7 @@ void decode_opc(DisasContext * ctx)
 	}
 	return;
     case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_movl_rN_T0(REG(B7_4));
-	    gen_op_ldfq_T0_DT0(ctx);
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
 	    gen_op_movl_rN_T0(REG(B7_4));
@@ -696,12 +685,7 @@ void decode_opc(DisasContext * ctx)
 	}
 	return;
     case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_movl_rN_T0(REG(B7_4));
-	    gen_op_ldfq_T0_DT0(ctx);
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
-	    gen_op_inc8_rN(REG(B7_4));
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
 	    gen_op_movl_rN_T0(REG(B7_4));
@@ -716,12 +700,7 @@ void decode_opc(DisasContext * ctx)
 	}
 	return;
     case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_dec8_rN(REG(B11_8));
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
-	    gen_op_movl_rN_T1(REG(B11_8));
-	    gen_op_stfq_DT0_T1(ctx);
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
 	    gen_op_dec8_rN(REG(B11_8));
@@ -736,12 +715,7 @@ void decode_opc(DisasContext * ctx)
 	}
 	return;
     case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_movl_rN_T0(REG(B7_4));
-	    gen_op_add_rN_T0(REG(0));
-	    gen_op_ldfq_T0_DT0(ctx);
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
 	    gen_op_movl_rN_T0(REG(B7_4));
@@ -756,12 +730,7 @@ void decode_opc(DisasContext * ctx)
 	}
 	return;
     case 0xf007: /* fmov {F,D,X}Rn,@(R0,Rn) - FPSCR: Nothing */
-	if (ctx->fpscr & FPSCR_PR) {
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
-	    gen_op_movl_rN_T1(REG(B11_8));
-	    gen_op_add_rN_T1(REG(0));
-	    gen_op_stfq_DT0_T1(ctx);
-	} else if (ctx->fpscr & FPSCR_SZ) {
+	if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0010)
 		break; /* illegal instruction */
 	    gen_op_fmov_drN_DT0(XREG(B7_4));

[-- Attachment #6: qemu-cvs_20070508-sh4-dreg-fixes.patch --]
[-- Type: application/octet-stream, Size: 2702 bytes --]

sh4: Use DREG() instead of XREG() wherever possible

Replace XREG() with DREG() if the lowest register bits are known to be zero.

Signed-off-by: Magnus Damm <damm@igel.co.jp>
---

 translate.c |   16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

--- 0006/target-sh4/translate.c
+++ work/target-sh4/translate.c	2007-05-08 13:19:40.000000000 +0900
@@ -649,8 +649,8 @@ void decode_opc(DisasContext * ctx)
 	} else if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0110)
 		break; /* illegal instruction */
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
+	    gen_op_fmov_drN_DT0(DREG(B7_4));
+	    gen_op_fmov_DT0_drN(DREG(B11_8));
 	} else {
 	    gen_op_fmov_frN_FT0(FREG(B7_4));
 	    gen_op_fmov_FT0_frN(FREG(B11_8));
@@ -664,7 +664,7 @@ void decode_opc(DisasContext * ctx)
 	} else if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0010)
 		break; /* illegal instruction */
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
+	    gen_op_fmov_drN_DT0(DREG(B7_4));
 	    gen_op_movl_rN_T1(REG(B11_8));
 	    gen_op_stfq_DT0_T1(ctx);
 	} else {
@@ -683,7 +683,7 @@ void decode_opc(DisasContext * ctx)
 		break; /* illegal instruction */
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_ldfq_T0_DT0(ctx);
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
+	    gen_op_fmov_DT0_drN(DREG(B11_8));
 	} else {
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_ldfl_T0_FT0(ctx);
@@ -701,7 +701,7 @@ void decode_opc(DisasContext * ctx)
 		break; /* illegal instruction */
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_ldfq_T0_DT0(ctx);
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
+	    gen_op_fmov_DT0_drN(DREG(B11_8));
 	    gen_op_inc8_rN(REG(B7_4));
 	} else {
 	    gen_op_movl_rN_T0(REG(B7_4));
@@ -720,7 +720,7 @@ void decode_opc(DisasContext * ctx)
 	    if (ctx->opcode & 0x0100)
 		break; /* illegal instruction */
 	    gen_op_dec8_rN(REG(B11_8));
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
+	    gen_op_fmov_drN_DT0(DREG(B7_4));
 	    gen_op_movl_rN_T1(REG(B11_8));
 	    gen_op_stfq_DT0_T1(ctx);
 	} else {
@@ -742,7 +742,7 @@ void decode_opc(DisasContext * ctx)
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_add_rN_T0(REG(0));
 	    gen_op_ldfq_T0_DT0(ctx);
-	    gen_op_fmov_DT0_drN(XREG(B11_8));
+	    gen_op_fmov_DT0_drN(DREG(B11_8));
 	} else {
 	    gen_op_movl_rN_T0(REG(B7_4));
 	    gen_op_add_rN_T0(REG(0));
@@ -759,7 +759,7 @@ void decode_opc(DisasContext * ctx)
 	} else if (ctx->fpscr & FPSCR_SZ) {
 	    if (ctx->opcode & 0x0010)
 		break; /* illegal instruction */
-	    gen_op_fmov_drN_DT0(XREG(B7_4));
+	    gen_op_fmov_drN_DT0(DREG(B7_4));
 	    gen_op_movl_rN_T1(REG(B11_8));
 	    gen_op_add_rN_T1(REG(0));
 	    gen_op_stfq_DT0_T1(ctx);

Re: [Qemu-devel] sh4: more patches

[Thiemo Seufer]

Magnus Damm wrote:
> Hi everyone,
> 
> Here comes a few more patches for the sh4 emulator. The should be
> applied on top of the patches that I posted a few weeks ago:
> 
> http://www.mail-archive.com/qemu-devel@nongnu.org/msg10830.html
> 
> Good news is that the user space emulator is in a much better shape
> now - with all the patches applied I'm successfully running a static
> busybox binary compiled for sh4 using qemu-sh4.
> 
> The method used to locate emulation bugs may be of value for other
> fellow qemu hackers. I've written a small gdb script that single steps
> in an endless loop dumping registers between each instruction. Then
> I've used this script on both real target hardware (using gdbserver)
> and using the gdbstub provided by qemu. Finally the traces have been
> compared. I have more patches for this if anyone is interested...
> 
> The patches attached in this email contain the following fixes:
> 
> - sh4: Emulate more fpu opcodes
> - sh4: Swap word order when accessing double floats

Doesn't this one also depend on the host endianness?


Thiemo

Re: [Qemu-devel] sh4: more patches

[Magnus Damm]

[-- Attachment #1: Type: text/plain, Size: 475 bytes --]

Hi Thiemo,

Thanks for the review and commit help!

On 6/22/07, Thiemo Seufer <ths@networkno.de> wrote:
> Magnus Damm wrote:
> > The patches attached in this email contain the following fixes:
> >
> > - sh4: Swap word order when accessing double floats
>
> Doesn't this one also depend on the host endianness?

Yeah, correct. Thanks for pointing that out. The attached patch should
solve things in a better and more host endian neutral way. Please
commit.

Thanks!

/ magnus

[-- Attachment #2: qemu-cvs_20070625-sh4-fpu-double-word-order.patch --]
[-- Type: application/octet-stream, Size: 2127 bytes --]

sh4: Fix word order when accessing double floats

This patch makes sure that double floats get their word order correct when
accessing the FPU register pair as a double.

Signed-off-by: Magnus Damm <damm@igel.co.jp>
---

 cpu.h |    2 +-
 op.c  |   24 ++++++++++++++++++------
 2 files changed, 19 insertions(+), 7 deletions(-)

--- 0001/target-sh4/cpu.h
+++ work/target-sh4/cpu.h	2007-06-25 14:43:47.000000000 +0900
@@ -80,7 +80,7 @@ typedef struct tlb_t {
 typedef struct CPUSH4State {
     uint32_t flags;		/* general execution flags */
     uint32_t gregs[24];		/* general registers */
-    uint32_t fregs[32];		/* floating point registers */
+    float32 fregs[32];		/* floating point registers */
     uint32_t sr;		/* status register */
     uint32_t ssr;		/* saved status register */
     uint32_t spc;		/* saved program counter */
--- 0001/target-sh4/op.c
+++ work/target-sh4/op.c	2007-06-25 15:28:12.000000000 +0900
@@ -698,37 +698,49 @@ void OPPROTO op_movl_imm_rN(void)
 
 void OPPROTO op_fmov_frN_FT0(void)
 {
-    FT0 = *(float32 *)&env->fregs[PARAM1];
+    FT0 = env->fregs[PARAM1];
     RETURN();
 }
 
 void OPPROTO op_fmov_drN_DT0(void)
 {
-    DT0 = *(float64 *)&env->fregs[PARAM1];
+    CPU_DoubleU d;
+
+    d.l.upper = *(uint32_t *)&env->fregs[PARAM1];
+    d.l.lower = *(uint32_t *)&env->fregs[PARAM1 + 1];
+    DT0 = d.d;
     RETURN();
 }
 
 void OPPROTO op_fmov_frN_FT1(void)
 {
-    FT1 = *(float32 *)&env->fregs[PARAM1];
+    FT1 = env->fregs[PARAM1];
     RETURN();
 }
 
 void OPPROTO op_fmov_drN_DT1(void)
 {
-    DT1 = *(float64 *)&env->fregs[PARAM1];
+    CPU_DoubleU d;
+
+    d.l.upper = *(uint32_t *)&env->fregs[PARAM1];
+    d.l.lower = *(uint32_t *)&env->fregs[PARAM1 + 1];
+    DT1 = d.d;
     RETURN();
 }
 
 void OPPROTO op_fmov_FT0_frN(void)
 {
-    *(float32 *)&env->fregs[PARAM1] = FT0;
+    env->fregs[PARAM1] = FT0;
     RETURN();
 }
 
 void OPPROTO op_fmov_DT0_drN(void)
 {
-    *(float64 *)&env->fregs[PARAM1] = DT0;
+    CPU_DoubleU d;
+
+    d.d = DT0;
+    *(uint32_t *)&env->fregs[PARAM1] = d.l.upper;
+    *(uint32_t *)&env->fregs[PARAM1 + 1] = d.l.lower;
     RETURN();
 }
 

Re: [Qemu-devel] sh4: more patches

[Thiemo Seufer]

Magnus Damm wrote:
> Hi Thiemo,
> 
> Thanks for the review and commit help!
> 
> On 6/22/07, Thiemo Seufer <ths@networkno.de> wrote:
> >Magnus Damm wrote:
> >> The patches attached in this email contain the following fixes:
> >>
> >> - sh4: Swap word order when accessing double floats
> >
> >Doesn't this one also depend on the host endianness?
> 
> Yeah, correct. Thanks for pointing that out. The attached patch should
> solve things in a better and more host endian neutral way. Please
> commit.

Can you also provide a regression test like some of the other targets
have? It would be very useful to detect breakage.


Thiemo

Re: [Qemu-devel] sh4: more patches

[Blue Swirl]

On 6/22/07, Magnus Damm <magnus.damm@gmail.com> wrote:
> The method used to locate emulation bugs may be of value for other
> fellow qemu hackers. I've written a small gdb script that single steps
> in an endless loop dumping registers between each instruction. Then
> I've used this script on both real target hardware (using gdbserver)
> and using the gdbstub provided by qemu. Finally the traces have been
> compared. I have more patches for this if anyone is interested...

I'm interested in the scripts, those could be helpful to get Sparc64
bugs exterminated.

Re: [Qemu-devel] sh4: more patches

[Magnus Damm]

[-- Attachment #1: Type: text/plain, Size: 377 bytes --]

On 6/25/07, Thiemo Seufer <ths@networkno.de> wrote:
> Can you also provide a regression test like some of the other targets
> have? It would be very useful to detect breakage.

Sure, what about the attached hello-sh4 test patch?

And while at it I've attached two minor patches for fixing trapa
single stepping and enabling of sh4-linux-user in ./configure.

Thanks!

/ magnus

[-- Attachment #2: qemu-cvs_20070704-sh4-hello-test.patch --]
[-- Type: application/octet-stream, Size: 1180 bytes --]

sh4: add syscall test program

This patch adds the hello-sh4 test program to qemu. The implementation is
very similar to hello-i386.

Signed-off-by: Magnus Damm <damm@igel.co.jp>

--- /dev/null
+++ work/tests/hello-sh4.c	2007-07-04 11:27:26.000000000 +0900
@@ -0,0 +1,33 @@
+/*
+* sh4 linux syscall example
+*
+* sh4-unknown-linux-gnu-gcc -nostdlib -static -o hello-sh4 hello-sh4.c
+*/
+
+#define __NR_exit                 1
+#define __NR_write                4
+
+void exit(int status)
+{
+  register long __sc0 __asm__ ("r3") = __NR_exit;
+  register long __sc4 __asm__ ("r4") = (long) status;
+  __asm__ __volatile__ ("trapa    #0x11" : "=z" (__sc0)	: "0" (__sc0),
+			"r" (__sc4) : "memory");
+  while(1);
+}
+
+void write(int fd, const char * buf, int len)
+{
+  register long __sc0 __asm__ ("r3") = __NR_write;
+  register long __sc4 __asm__ ("r4") = (long) fd;
+  register long __sc5 __asm__ ("r5") = (long) buf;
+  register long __sc6 __asm__ ("r6") = (long) len;
+  __asm__ __volatile__ ("trapa    #0x13" : "=z" (__sc0)	: "0" (__sc0), 
+			"r" (__sc4), "r" (__sc5), "r" (__sc6) : "memory");
+}
+
+void _start(void)
+{
+    write(1, "Hello World\n", 12);
+    exit(0);
+}

[-- Attachment #3: qemu-cvs_20070608-sh4-trapa-single-step.patch --]
[-- Type: application/octet-stream, Size: 536 bytes --]

sh4: fix trapa single step

This patch fixes trapa single step so we can single step syscalls.

Signed-off-by: Magnus Damm <damm@igel.co.jp>

--- 0001/linux-user/main.c
+++ work/linux-user/main.c	2007-06-08 13:17:40.000000000 +0900
@@ -1453,6 +1453,10 @@ void cpu_loop (CPUState *env)
                              0);
             env->gregs[0] = ret;
             env->pc += 2;
+
+	    if (env->singlestep_enabled) 
+	      env->interrupt_request |= CPU_INTERRUPT_DEBUG;
+
             break;
         case EXCP_DEBUG:
             {

[-- Attachment #4: qemu-cvs_20070625-configure-enable-sh4-linux-user.patch --]
[-- Type: application/octet-stream, Size: 837 bytes --]

sh4: add sh4-linux-user to configure

This patch adds sh4-linux-user to the list of emulated user space cpus.

Signed-off-by: Magnus Damm <damm@igel.co.jp>

--- 0003/configure
+++ work/configure	2007-06-25 18:40:31.000000000 +0900
@@ -480,7 +480,7 @@ if test -z "$target_list" ; then
     fi
 # the following are Linux specific
     if [ "$linux_user" = "yes" ] ; then
-        target_list="i386-linux-user arm-linux-user armeb-linux-user sparc-linux-user ppc-linux-user mips-linux-user mipsel-linux-user m68k-linux-user alpha-linux-user $target_list"
+        target_list="i386-linux-user arm-linux-user armeb-linux-user sparc-linux-user ppc-linux-user mips-linux-user mipsel-linux-user m68k-linux-user alpha-linux-user sh4-linux-user $target_list"
     fi
 # the following are Darwin specific
     if [ "$darwin_user" = "yes" ] ; then

Re: [Qemu-devel] sh4: more patches

[Magnus Damm]

[-- Attachment #1: Type: text/plain, Size: 2048 bytes --]

On 6/26/07, Blue Swirl <blauwirbel@gmail.com> wrote:
> On 6/22/07, Magnus Damm <magnus.damm@gmail.com> wrote:
> > The method used to locate emulation bugs may be of value for other
> > fellow qemu hackers. I've written a small gdb script that single steps
> > in an endless loop dumping registers between each instruction. Then
> > I've used this script on both real target hardware (using gdbserver)
> > and using the gdbstub provided by qemu. Finally the traces have been
> > compared. I have more patches for this if anyone is interested...
>
> I'm interested in the scripts, those could be helpful to get Sparc64
> bugs exterminated.

Ok, to begin with I've attached two patches needed for this to work on
sh4. They are in quite hairy shape and not ready for upstream merge. I
don't plan on submitting them upstream any time in the future - they
are just useful for debugging. Anyway, I suspect you need to implement
something similar for sparc64 as well.

Together with the patches I've attached two gdb scripts.

This is how I generate a trace on the target system:

1. Boot up a recent Linux kernel on your target hardware.
2. Bring up your network interfaces.
3. Disable vma randomization and maybe vdso as well using:
  # echo 0 > /proc/sys/vm/vdso_enabled
  # echo 0 > /proc/sys/kernel/randomize_va_space
4. Start your test program on the target using gdbserver and "env -i":
  # env -i ./gdbserver localhost:1234 test-static-sh4
5. Start cross-gdb on your host and pass the target script:
  $ ./gdb -x gdb-script-target > trace-target
6. Wait until gdb exits, ignore error message

Then I do the same thing on the host using qemu-sh4:

1. Make sure vma randomization is disabled on the host:
  # echo 0 > /proc/sys/kernel/randomize_va_space
2. Start your test program using qemu-sh4 and "env -i"
  $ env -i /path/to/qemu-sh4 -g 1234 test-static-sh4
3. Start cross-gdb on your host and pass the host script:
  $ ./gdb -x gdb-script > trace
4. Wait until gdb exits, ignore error message

Then just diff the two traces! Have fun!

/ magnus

[-- Attachment #2: qemu-cvs_20070703-sh4-behave-as-gdbserver.patch --]
[-- Type: application/octet-stream, Size: 1111 bytes --]

sh4: behave as gdbserver

This patch modifies the sh4 user space emulator to behave like gdbserver.
Gdbserver steps over delay slots and does not output banked registers.

Signed-off-by: Magnus Damm <damm@igel.co.jp>

--- 0001/gdbstub.c
+++ work/gdbstub.c	2007-07-03 17:54:05.000000000 +0900
@@ -685,8 +685,10 @@ static int cpu_gdb_read_registers(CPUSta
       SAVE(env->fregs[i + ((env->fpscr & FPSCR_FR) ? 16 : 0)]);
   SAVE (env->ssr);
   SAVE (env->spc);
+#ifndef CONFIG_USER_ONLY /* behave like gdbserver */
   for (i = 0; i < 8; i++) SAVE(env->gregs[i]);
   for (i = 0; i < 8; i++) SAVE(env->gregs[i + 16]);
+#endif
   return ((uint8_t *)ptr - mem_buf);
 }
 
--- 0001/target-sh4/translate.c
+++ work/target-sh4/translate.c	2007-07-03 17:58:04.000000000 +0900
@@ -1215,7 +1215,8 @@ gen_intermediate_code_internal(CPUState 
 	ctx.pc += 2;
 	if ((ctx.pc & (TARGET_PAGE_SIZE - 1)) == 0)
 	    break;
-	if (env->singlestep_enabled)
+	if (env->singlestep_enabled && /* gdbserver steps over delay slots */
+	    !(ctx.flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)))
 	    break;
 #ifdef SH4_SINGLE_STEP
 	break;

[-- Attachment #3: qemu-cvs_20070607-sh4-stack-placement-elf-auxv.patch --]
[-- Type: application/octet-stream, Size: 4697 bytes --]

sh4: position stack as real hardware and update auxv entries

This patch makes the sh4 user space emulator for linux behave like
the linux environment on my target device. The main part of the patch
reorders and updates the auxv entries to match the target kernel. A small
but important change is the hardcoded stack placement. The value used is
identical to the sh4 target placement and it happens to work well on i386
hosts. The host and target kernels probably need tuning for this to work
properly - disable vma randomization in /proc/sys/kernel/randomize_va_space
The sh4 target may need disabled vdso as well in /proc/sys/vm/vdso_enabled

Signed-off-by: Magnus Damm <damm@igel.co.jp>

--- 0001/elf.h
+++ work/elf.h	2007-06-07 12:00:43.000000000 +0900
@@ -204,6 +204,7 @@ typedef int64_t  Elf64_Sxword;
 #define AT_PLATFORM 15  /* string identifying CPU for optimizations */
 #define AT_HWCAP  16    /* arch dependent hints at CPU capabilities */
 #define AT_CLKTCK 17	/* frequency at which times() increments */
+#define AT_SECURE 23    /* secure mode boolean */
 
 typedef struct dynamic{
   Elf32_Sword d_tag;
--- 0008/linux-user/elfload.c
+++ work/linux-user/elfload.c	2007-06-07 15:25:34.000000000 +0900
@@ -331,6 +331,9 @@ static inline void init_thread(struct ta
 #define USE_ELF_CORE_DUMP
 #define ELF_EXEC_PAGESIZE        4096
 
+#define ELF_HWCAP 0x21
+#define ELF_CLKTCK 0x64
+
 #endif
 
 #ifdef TARGET_M68K
@@ -391,6 +394,10 @@ static inline void init_thread(struct ta
 #define ELF_HWCAP 0
 #endif
 
+#ifndef ELF_CLKTCK
+#define ELF_CLKTCK 0
+#endif
+
 #include "elf.h"
 
 struct exec
@@ -446,7 +453,7 @@ struct exec
 #define INTERPRETER_AOUT 1
 #define INTERPRETER_ELF 2
 
-#define DLINFO_ITEMS 12
+#define DLINFO_ITEMS 13
 
 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
 {
@@ -577,7 +584,11 @@ unsigned long setup_arg_pages(target_ulo
     size = x86_stack_size;
     if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE)
         size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
+#ifdef TARGET_SH4 /* sh4: use same base address as real kernel */
+    error = target_mmap(0x7c000000 - size,
+#else
     error = target_mmap(0, 
+#endif
                         size + qemu_host_page_size,
                         PROT_READ | PROT_WRITE,
                         MAP_PRIVATE | MAP_ANONYMOUS,
@@ -700,23 +711,7 @@ static unsigned long create_elf_tables(t
             sp -= n; tputl(sp, val); \
             sp -= n; tputl(sp, id); \
           } while(0)
-        NEW_AUX_ENT (AT_NULL, 0);
 
-        /* There must be exactly DLINFO_ITEMS entries here.  */
-        NEW_AUX_ENT(AT_PHDR, (target_ulong)(load_addr + exec->e_phoff));
-        NEW_AUX_ENT(AT_PHENT, (target_ulong)(sizeof (struct elf_phdr)));
-        NEW_AUX_ENT(AT_PHNUM, (target_ulong)(exec->e_phnum));
-        NEW_AUX_ENT(AT_PAGESZ, (target_ulong)(TARGET_PAGE_SIZE));
-        NEW_AUX_ENT(AT_BASE, (target_ulong)(interp_load_addr));
-        NEW_AUX_ENT(AT_FLAGS, (target_ulong)0);
-        NEW_AUX_ENT(AT_ENTRY, load_bias + exec->e_entry);
-        NEW_AUX_ENT(AT_UID, (target_ulong) getuid());
-        NEW_AUX_ENT(AT_EUID, (target_ulong) geteuid());
-        NEW_AUX_ENT(AT_GID, (target_ulong) getgid());
-        NEW_AUX_ENT(AT_EGID, (target_ulong) getegid());
-        NEW_AUX_ENT(AT_HWCAP, (target_ulong) ELF_HWCAP);
-        if (k_platform)
-            NEW_AUX_ENT(AT_PLATFORM, u_platform);
 #ifdef ARCH_DLINFO
 	/* 
 	 * ARCH_DLINFO must come last so platform specific code can enforce
@@ -724,6 +719,26 @@ static unsigned long create_elf_tables(t
 	 */
         ARCH_DLINFO;
 #endif
+
+        /* There must be exactly DLINFO_ITEMS entries here.  */
+
+        if (k_platform)
+            NEW_AUX_ENT(AT_PLATFORM, u_platform);
+        NEW_AUX_ENT(AT_SECURE, (target_ulong) 0);
+        NEW_AUX_ENT(AT_EGID, (target_ulong) 0 /* getegid() */);
+        NEW_AUX_ENT(AT_GID, (target_ulong) 0 /* getgid() */);
+        NEW_AUX_ENT(AT_EUID, (target_ulong) 0 /* geteuid() */);
+        NEW_AUX_ENT(AT_UID, (target_ulong) 0/* getuid() */);
+        NEW_AUX_ENT(AT_ENTRY, load_bias + exec->e_entry);
+        NEW_AUX_ENT(AT_FLAGS, (target_ulong)0);
+        NEW_AUX_ENT(AT_BASE, (target_ulong)(interp_load_addr));
+        NEW_AUX_ENT(AT_PHNUM, (target_ulong)(exec->e_phnum));
+        NEW_AUX_ENT(AT_PHENT, (target_ulong)(sizeof (struct elf_phdr)));
+        NEW_AUX_ENT(AT_PHDR, (target_ulong)(load_addr + exec->e_phoff));
+        NEW_AUX_ENT(AT_CLKTCK, (target_ulong) ELF_CLKTCK);
+        NEW_AUX_ENT(AT_PAGESZ, (target_ulong)(TARGET_PAGE_SIZE));
+        NEW_AUX_ENT(AT_HWCAP, (target_ulong) ELF_HWCAP);
+
 #undef NEW_AUX_ENT
 
         sp = loader_build_argptr(envc, argc, sp, p, !ibcs);

[-- Attachment #4: gdb-script --]
[-- Type: application/octet-stream, Size: 181 bytes --]

set architecture sh4
target remote localhost:1234
x/4096bx ($r15 & ~0xfff)
while (1>0)
 echo all-registers:\n
 info all-registers
 echo current instruction:
 x/i $pc
 stepi
end
quit

[-- Attachment #5: gdb-script-target --]
[-- Type: application/octet-stream, Size: 307 bytes --]

set architecture sh4
target remote 192.168.99.5:1234
#this register setting requires gdb-6.4 with ST patches - vanilla gdb-6.6 does not work
set $mach=0
set $macl=0
set $gbr=0
x/4096bx ($r15 & ~0xfff)
while (1>0)
 echo all-registers:\n
 info all-registers
 echo current instruction:
 x/i $pc
 stepi
end
quit

Re: [Qemu-devel] sh4: more patches

[Blue Swirl]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On 7/4/07, Magnus Damm <magnus.damm@gmail.com> wrote:
> Ok, to begin with I've attached two patches needed for this to work on
> sh4. They are in quite hairy shape and not ready for upstream merge. I
> don't plan on submitting them upstream any time in the future - they
> are just useful for debugging. Anyway, I suspect you need to implement
> something similar for sparc64 as well.

Stepping to delay slot seems to work on sparc, maybe by accident.

> Together with the patches I've attached two gdb scripts.

Thanks. I didn't use gdbserver or cross-gdb, but both are native
gdb64s. Also, as I first produced 500 megs of memset and memcpy loop
dumps, I started the debugging after a known line (b unix.c:641) and
compressed the dump by xoring the interesting registers together.

Many thanks again, I already found one bug!

[-- Attachment #2: gdb-script.s64 --]
[-- Type: application/octet-stream, Size: 153 bytes --]

info target
b unix.c:641
r
while (1>0)
 x/i $pc
 p/x $g1^$g2^$g3^$g4^$g5^$g6^$g7^$i0^$i1^$i2^$i3^$i4^$i5^$l0^$l1^$l2^$l3^$l4^$l5^$l6^$l7
 stepi
end
quit

[-- Attachment #3: gdb-script.s64.qemu --]
[-- Type: application/octet-stream, Size: 181 bytes --]

target remote 10.0.0.2:1234
info target
b unix.c:641
c
while (1>0)
 x/i $pc
 p/x $g1^$g2^$g3^$g4^$g5^$g6^$g7^$i0^$i1^$i2^$i3^$i4^$i5^$l0^$l1^$l2^$l3^$l4^$l5^$l6^$l7
 stepi
end
quit

Re: [Qemu-devel] sh4: more patches

[Paul Mundt]

On Wed, Jul 04, 2007 at 01:19:07PM +0900, Magnus Damm wrote:
> On 6/25/07, Thiemo Seufer <ths@networkno.de> wrote:
> >Can you also provide a regression test like some of the other targets
> >have? It would be very useful to detect breakage.
> 
> Sure, what about the attached hello-sh4 test patch?
> 
> And while at it I've attached two minor patches for fixing trapa
> single stepping and enabling of sh4-linux-user in ./configure.
> 
These don't seem to have been applied yet, is there something holding
these up?