Hi Solomon, Cc'ing the qemu-arm@ list.
On 14/6/25 06:51, r...@wjsota.com wrote:
Hi! Is `qemu-aarch64 -cpu neoverse-n1` supposed to emulate the `retaa` instruction? I have a binary called `main_pac` compiled from https://learn.arm.com/learning-paths/servers-and-cloud-computing/pac/example/ . The compiling command is `aarch64-linux-gnu-gcc -march=armv8.5-a -fPIC -pedantic -Wall -Wextra -ggdb3 -O0 -mbranch-protection=standard -fno-stack-protector -fPIE -static main.c -o main_pac`. The binary includes the `paciasp` and `retaa` instructions associated with ARM PAC. ``` (gdb) disas main Dump of assembler code for function main: 0x0000000000400858 <+0>: paciasp 0x000000000040085c <+4>: stp x29, x30, [sp, #-32]! […] 0x0000000000400898 <+64>: ldp x29, x30, [sp], #32 0x000000000040089c <+68>: retaa End of assembler dump. (gdb) quit ``` When emulated using `qemu-aarch64 -cpu neoverse-n1` , the program completes without issues. ``` user@dell-op7020:~/learning/arm_learning_path_pac$ qemu-aarch64 -cpu neoverse-n1 main_pac test Hello World! user@dell-op7020:~/learning/arm_learning_path_pac$ ``` This is the case for two versions I tested: - v9.2.1 (Debian 1:9.2.1+ds-1ubuntu5) - v10.0.50 (v10.0.0-1610-gd9ce74873a) The expected behavior is for an Illegal Instruction exception to occur. Citing the Arm A-profile A64 Instruction Set Architect Version 2025-03, the `retaa` instruction should return an Undefined Instruction error when the PAC feature is not implemented. ``` if !IsFeatureImplemented(FEAT_PAuth) then EndOfDecode(Decode_UNDEF); ``` The same binary was run on AWS’s t4g.nano running Neoverse N1. It got the illegal instruction exception, as expected ``` Core was generated by `./main_pac test'. Program terminated with signal SIGILL, Illegal instruction. #0 0x00000000004007d4 in func1 (s=0xffffe2446636 "test") at main.c:9 9 } (gdb) x/i $pc => 0x4007d4 <func1+36>: retaa (gdb) quit ``` Is the emulation of Neoverse N1 behavior correct? Thank you Cheers, Solomon
