From: Artyom Tarasenko <atar4qemu@googlemail.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] Re: sparc32 FPU SP Invalid CEXC Test
Date: Thu, 15 Apr 2010 22:53:30 +0200 [thread overview]
Message-ID: <l2qfb8d4f71004151353h293983f2gfaf789871519591f@mail.gmail.com> (raw)
In-Reply-To: <j2wf43fc5581004151048h67d81fe8r6aa486fa7da083dd@mail.gmail.com>
2010/4/15 Blue Swirl <blauwirbel@gmail.com>:
> On 4/15/10, Artyom Tarasenko <atar4qemu@googlemail.com> wrote:
>> 2010/4/15 Artyom Tarasenko <atar4qemu@googlemail.com>:
>>
>> > One of LX's tests crashes pretty hard, causing qemu abort.
>> > I've tried to look how does the execution flow works with -d in_asm.
>> > Does the address in the log show the guest's PC register?
>>
>>
>> It's probably sort of a "timing" issue.
>>
>> Can we check exceptions not just on jumps, but also on floating poit
>> operations which may cause a trap?
>> These traps are supposed to be syncronous.
>
> Yes, the bug is that PC and NPC are not saved before executing FPU
> instructions. Please try this patch.
The patch gets it a couple of tests further:
FPU SP Invalid CEXC Test
FPU SP Overflow CEXC Test
FPU SP Divide-by-0 CEXC Test
FPU SP Inexact CEXC Test
FPU SP Trap Priority > Test Unassigned mem write access of 4 bytes to
000000008421f000 from 700030f8
FPU SP Trap Priority < Test
ERROR : Unexpected Synchronous Trap Taken, Trap Type = 00000008,
PSR = 414010c4, PC = 70003190, TBR = 00000080
STATUS : Entering scope loop .... Press <A> key to Abort!qemu:
fatal: Trap 0x03 while interrupts disabled, Error state
pc: 0000217c npc: 00003170
General Registers:
%g0-7: 00000000 00003170 00000055 00000001 00000002 00000000 00000000 00000000
Current Register Window:
%o0-7: 00000000 00000999 00000000 00000000 00000000 00000000 0001fba0 7000971c
%l0-7: 0002fff8 00000000 00000000 00000000 00000000 ffffffff 00000000 00000000
%i0-7: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Floating Point Registers:
%f00: 000000002.890625 000000025.000000 000000000.000000 000000000.000000
%f04: 000000002.890625 000000000.000000 000000002.890625 000000000.000000
%f08: 000000003.390625 000000000.000000 000000002.250000 000000000.000000
%f12: 000000002.890625 000000000.000000 000000002.312500 000000000.000000
%f16: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
%f20: 000000002.718750 000000000.000000 000000002.562500 000000000.000000
%f24: 000000002.890625 000000000.000000 000000002.968750 000000000.000000
%f28: 000000002.312500 000000000.000000 000000002.890625 000000000.000000
psr: 41000000 (icc: ---- SPE: ---) wim: 00000002
fsr: 0f884002 y: 00000000
Aborted
The code:
0x70003174: sethi %hi(0x41c80000), %l3
0x70003178: add %l4, 2, %l5
0x7000317c: st %l3, [ %l4 ]
0x70003180: ld [ %l4 ], %f1
0x70003184: clr [ %l4 ]
0x70003188: ld [ %l4 ], %f2
0x7000318c: mov 7, %g5
0x70003190: fdivs %f1, %f2, %f3
0x70003194: st %f3, [ %l5 ]
0x70003198: nop
Is it a test for MMU trap inside of fpu trap?
qemu.log:
0x70003190: fdivs %f1, %f2, %f3
--------------
IN:
0x00000080: sethi %hi(0x1c00), %l4
0x00000084: or %l4, 0x324, %l4 ! 0x1f24
0x00000088: jmp %l4
0x0000008c: rd %psr, %l0
--------------
IN:
0x00001f24: rd %tbr, %l3
0x00001f28: srl %l3, 4, %l3
0x00001f2c: and %l3, 0xff, %l3
0x00001f30: cmp %l3, %g5
0x00001f34: bne,a 0x2044
--------------
IN:
0x00001f38: nop
--------------
IN:
0x00002044: sethi %hi(0x10001000), %l5
0x00002048: or %l5, 4, %l5 ! 0x10001004
0x0000204c: lda [ %l5 ] #ASI_M_BYPASS, %l7
0x00002050: sethi %hi(0x10001000), %l4
0x00002054: lda [ %l4 ] #ASI_M_BYPASS, %l6
0x00002058: sethi %hi(0x80000000), %l5
0x0000205c: btst %l6, %l5
0x00002060: be 0x20bc
0x00002064: nop
--------------
IN:
0x000020bc: mov 0x400, %l5 ! 0x400
0x000020c0: lda [ %l5 ] #ASI_M_MMUREGS, %l7
0x000020c4: nop
0x000020c8: mov 0x300, %l4 ! 0x300
0x000020cc: lda [ %l4 ] #ASI_M_MMUREGS, %l6
0x000020d0: sethi %hi(0x7c00), %l5
0x000020d4: or %l5, 0x1c, %l5 ! 0x7c1c
0x000020d8: btst %l6, %l5
0x000020dc: be 0x2134
0x000020e0: nop
--------------
IN:
0x00002134: sethi %hi(0x8400), %i0
The "Trap Priority >" test (which passed) also produced some
interesting qemu.log:
0x700030f4: fdivs %f1, %f2, %f3
0x700030f8: st %f3, [ %l6 ]
0x700030fc: nop
0x70003100: cmp %g0, %g5
0x70003104: bne,a 0x70003a1c
--------------
IN:
0x00000080: sethi %hi(0x1c00), %l4
############## Here, double trap?!
--------------
IN:
0x00000080: sethi %hi(0x1c00), %l4
--------------
IN:
0x00000084: or %l4, 0x324, %l4 ! 0x1f24
0x00000088: jmp %l4
0x0000008c: rd %psr, %l0
--------------
IN:
0x00001f24: rd %tbr, %l3
0x00001f28: srl %l3, 4, %l3
0x00001f2c: and %l3, 0xff, %l3
0x00001f30: cmp %l3, %g5
--
Regards,
Artyom Tarasenko
solaris/sparc under qemu blog: http://tyom.blogspot.com/
next prev parent reply other threads:[~2010-04-15 21:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-15 16:58 [Qemu-devel] sparc32 FPU SP Invalid CEXC Test Artyom Tarasenko
2010-04-15 17:39 ` [Qemu-devel] " Artyom Tarasenko
2010-04-15 17:48 ` Blue Swirl
2010-04-15 20:53 ` Artyom Tarasenko [this message]
2010-04-16 14:37 ` Artyom Tarasenko
2010-04-20 23:28 ` Artyom Tarasenko
2010-04-21 18:11 ` Blue Swirl
2010-04-21 21:14 ` Artyom Tarasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=l2qfb8d4f71004151353h293983f2gfaf789871519591f@mail.gmail.com \
--to=atar4qemu@googlemail.com \
--cc=blauwirbel@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).