[Qemu-devel] qemu-mips strange jump !!!

[Qemu-devel] qemu-mips strange jump !!!

[Alessandro Montano]

This is my first post, so sorry for any error ...
I'm developing a DVB-S emulator based on qemu-mips.
I'm adding all the device, once a time, but I notice a strange problem 
that crashes my emulator.

It seems to do  bad jumps!

In brief ... I run this command
*./bin/-qemu-system-mips -L . mips_bios.bin -d int,exec,op,in_asm
*and it genereates this log


IN:
0x80071fc4:  lui    at,0x8007
0x80071fc8:  lw    a1,0xC094(at)
0x80071fcc:  lui    a0,0x8007
0x80071fd0:  addiu    a0,a0,0xD060
0x80071fd4:  jal    0x8006d76c  <-  this is the right address
0x80071fd8:  nop

OP:
0x0000: set_T0 0x80070000
0x0001: store_T0_gpr_gpr1
0x0002: load_gpr_T0_gpr1
0x0003: set_T1 0xffffc094
0x0004: addr_add
0x0005: lw_kernel
0x0006: store_T0_gpr_gpr5
0x0007: set_T0 0x80070000
0x0008: store_T0_gpr_gpr4
0x0009: set_T1 0xffffd060
0x000a: add
0x000b: store_T0_gpr_gpr4
0x000c: set_T0 0x80071fdc
0x000d: store_T0_gpr_gpr31
0x000e: save_pc 0x8006d76c  <-  this is the right address
0x000f: reset_T0
0x0010: exit_tb
0x0011: end

IN:
0x8006d968:  andi    t9,t9,0xdf  <-  but this is a wrong jump !!!
0x8006d96c:  j    0x8006d90c
0x8006d970:  ori    t9,t9,0x20

OP:
0x0000: load_gpr_T0_gpr25
0x0001: set_T1 0xdf
0x0002: and
0x0003: store_T0_gpr_gpr25
0x0004: set_T1 0x20
0x0005: or
0x0006: store_T0_gpr_gpr25
0x0007: goto_tb0 0x757878
0x0008: save_pc 0x8006d90c
0x0009: set_T0 0x757878
0x000a: exit_tb
0x000b


The mips instruction

0x80071fd4:  jal    0x8006D76C

is correctly translated to

0x0008: save_pc 0x8006d90c

but then the execution-flow jumps to

0x8006d968:  andi    t9,t9,0xdf

I don't think it is correct!

Thanks for any suggestion.
---
AlexIT

Re: [Qemu-devel] qemu-mips strange jump !!!

[Laurent Desnogues]

On Fri, Dec 26, 2008 at 7:36 PM, Alessandro Montano <alex@exit.it> wrote:
> This is my first post, so sorry for any error ...
> I'm developing a DVB-S emulator based on qemu-mips.
> I'm adding all the device, once a time, but I notice a strange problem that
> crashes my emulator.
>
> It seems to do  bad jumps!
>
> In brief ... I run this command
> *./bin/-qemu-system-mips -L . mips_bios.bin -d int,exec,op,in_asm
> *and it genereates this log
>
> IN:
> 0x80071fc4:  lui    at,0x8007
> 0x80071fc8:  lw    a1,0xC094(at)
> 0x80071fcc:  lui    a0,0x8007
> 0x80071fd0:  addiu    a0,a0,0xD060
> 0x80071fd4:  jal    0x8006d76c  <-  this is the right address
> 0x80071fd8:  nop
[...]
> IN:
> 0x8006d968:  andi    t9,t9,0xdf  <-  but this is a wrong jump !!!
> 0x8006d96c:  j    0x8006d90c
> 0x8006d970:  ori    t9,t9,0x20

You can't rely on logs to see the flow of a program. What may
happen in the logs you're showing is that the code @0x8006d76c
may have been previously translated and so it isn't shown in the
logs.

I don't think what you're showing us is the real problem :)


Laurent

Re: [Qemu-devel] qemu-mips strange jump !!!

[andrzej zaborowski]

2008/12/27 Laurent Desnogues <laurent.desnogues@gmail.com>:
> On Fri, Dec 26, 2008 at 7:36 PM, Alessandro Montano <alex@exit.it> wrote:
>> This is my first post, so sorry for any error ...
>> I'm developing a DVB-S emulator based on qemu-mips.
>> I'm adding all the device, once a time, but I notice a strange problem that
>> crashes my emulator.
>>
>> It seems to do  bad jumps!
>>
>> In brief ... I run this command
>> *./bin/-qemu-system-mips -L . mips_bios.bin -d int,exec,op,in_asm
>> *and it genereates this log
>>
>> IN:
>> 0x80071fc4:  lui    at,0x8007
>> 0x80071fc8:  lw    a1,0xC094(at)
>> 0x80071fcc:  lui    a0,0x8007
>> 0x80071fd0:  addiu    a0,a0,0xD060
>> 0x80071fd4:  jal    0x8006d76c  <-  this is the right address
>> 0x80071fd8:  nop
> [...]
>> IN:
>> 0x8006d968:  andi    t9,t9,0xdf  <-  but this is a wrong jump !!!
>> 0x8006d96c:  j    0x8006d90c
>> 0x8006d970:  ori    t9,t9,0x20
>
> You can't rely on logs to see the flow of a program.

Not with "in_asm" alone, but "exec" should show the flow of execution,
except DEBUG_EXEC is undefined by default.  Maybe this should generate
a runtime warning.

Cheers

Re: [Qemu-devel] qemu-mips strange jump !!!

[andrzej zaborowski]

2008/12/27 andrzej zaborowski <balrogg@gmail.com>:
> 2008/12/27 Laurent Desnogues <laurent.desnogues@gmail.com>:
>> On Fri, Dec 26, 2008 at 7:36 PM, Alessandro Montano <alex@exit.it> wrote:
>>> This is my first post, so sorry for any error ...
>>> I'm developing a DVB-S emulator based on qemu-mips.
>>> I'm adding all the device, once a time, but I notice a strange problem that
>>> crashes my emulator.
>>>
>>> It seems to do  bad jumps!
>>>
>>> In brief ... I run this command
>>> *./bin/-qemu-system-mips -L . mips_bios.bin -d int,exec,op,in_asm
>>> *and it genereates this log
>>>
>>> IN:
>>> 0x80071fc4:  lui    at,0x8007
>>> 0x80071fc8:  lw    a1,0xC094(at)
>>> 0x80071fcc:  lui    a0,0x8007
>>> 0x80071fd0:  addiu    a0,a0,0xD060
>>> 0x80071fd4:  jal    0x8006d76c  <-  this is the right address
>>> 0x80071fd8:  nop
>> [...]
>>> IN:
>>> 0x8006d968:  andi    t9,t9,0xdf  <-  but this is a wrong jump !!!
>>> 0x8006d96c:  j    0x8006d90c
>>> 0x8006d970:  ori    t9,t9,0x20
>>
>> You can't rely on logs to see the flow of a program.
>
> Not with "in_asm" alone, but "exec" should show the flow of execution,
> except DEBUG_EXEC is undefined by default.

Actually no, Laurent pointed out that even this will not show what I
would expect when TBs are chained.

Cheers